Re: PPPoE mtu overwrites/ignores

2021-04-25 Thread Todd C . Miller
Note that pppoe caches the MTU value of the parent device (em0 in
this case) so if you increased the MTU of em0 after pppoe0 has been
configured it probably didn't have an effect.  You can tell this
is what happened by ifconfig failing with an invalid argument error.

You can also check your kernel messages (dmesg) to see if there is
an error like "No valid PPP-Max-Payload tag received in PADO".  If
you see this, then the ISP or telco's equipment probably doesn't
support RFC 4638 and you can't do baby jumbos with pppoe.

 - todd

Re: Bufferbloat, FQ-CoDel, and performance

2021-02-23 Thread Todd C . Miller
On Tue, 23 Feb 2021 11:29:00 +0100, Stefan Sperling wrote:

> I've noticed a similar effect on a slower link (VDSL with 50 down/ 10 up).
> In this case the VDSL modem presents an Ethernet switch, so there is no
> pppoe or vlan involved in the box that runs pf.
> As soon as I enable this example given in pf.conf(5):
>queue outq on em0 bandwidth 9M max 9M flows 1024 qlimit 1024 \
>  default
> I see only about 2 or 3 Mbit/s max upload during tcpbench.
> Which is indeed quite a hit compared to 10M.

That's odd.  I haven't had any problems with a VDSL connection with
100 down / 11 up.  My config is very similar to yours:

queue outq on em2 flows 1024 bandwidth 10M max 10M qlimit 1024 default

where em2 the underlying interface used by pppoe0.  Without queueing
I have major problems when utilizing the upstream bandwidth, probably
due to dropped ACKs.

 - todd

Re: Shared memory segments are note removed after process exit

2021-02-05 Thread Todd C . Miller
On Sat, 06 Feb 2021 01:43:09 +, Chris Narkiewicz wrote:

> When I check ipcs, I see a lot of shm segments:
> # ipcs | grep _x11 | grep wc -l
> 137
> Both processes are dead at this stage, so I'm not sure why those shm
> segments are not collected?

This is expected behavior.  Shared memory segments are not garbage
collected when a process exits (or when the last reference to them
is removed).  They need to be explicitly removed, either by one of
the processes that is using them or manually using ipcrm(1).

 - todd

Re: Best way to increase openfiles-max and -cur for NGINX/PHP?

2021-01-16 Thread Todd C . Miller
On Sat, 16 Jan 2021 18:05:57 +0100, Unicorn wrote:

> 2021/01/16 13:40:45 [alert] 68769#0: *1 socket() failed (24: Too many
> open files) while connecting to upstream, client:,
> server: cloud.mydomainhere.tld, request: "GET /core/preview?blah=1
> HTTP/2.0", upstream: "fastcgi://", host:
> "cloud.mydomainhere.tld"

Error 24 is EMFILE, too many open files for the process (not the system).

> I am running a Nextcloud server with NGINX and PHP 7.3. Since OpenBSD
> Is quite conservative with open file limits by default, I assume that
> NGINX/PHP is running into this limit.
> I have already significantly increased 'kern.maxfiles' in sysctl.conf,
> but the problem persists after a reboot, leading me to believe that it
> is a login.conf limit that I am running into.

That would only work if you were getting error 23, ENFILE which is
the system limit.

> Both PHP and NGINX are running as user 'www', which does not have a
> login class. Since I have not been in this situation before and
> struggled to find a pointer online, I'd be thankful if you could tell
> me the "recommended" or "best practice" way of doing this. 

The recommended way to increase a limit is to add a new login class
with the same name as the daemon.  For example:


This will be used automatically by the rc.d startup script.  See
the rc.d man page for more details.

 - todd

Re: M2 SSD in a PCI-E adapter

2021-01-08 Thread Todd C . Miller
On Fri, 08 Jan 2021 16:19:02 +0100, Jan Stary wrote:

> I know the disk itself works: this is the disk plugged into
> an M.2 slot in a Dell Latitude E5570 (full dmesg below):
> sd0 at scsibus1 targ 0 lun 0:  naa.5001b448b85325
> 30
> sd0: 238475MB, 512 bytes/sector, 488397168 sectors, thin

That is not an NVME SSD, it is an M.2 SATA SSD.  You need a different

 - todd

Re: adding user to a group

2021-01-08 Thread Todd C . Miller
On Fri, 08 Jan 2021 16:21:08 +0100, Rudolf Sykora wrote:

> I tried to add myself to the "dialer" group:
> #usermod -G dialer ruda
> But when I write
> $groups
> in a terminal I still do not see the new group. Not even if I open a new logi
> n
> shell (by writing "ksh -l"). However, when I log in in a text console
> (ctrl-alt-1), I see the new group there.

Yes, group membership it set at login time.  Running ksh as a login
shell is not the same as actually logging in with a new session.

> What is it that I have to do to have the membership updated, i.e., how
> can I open e.g. a terminal in the running environment that would see my
> new groups?

You need to login in again.  Logging in via ssh, a virtual console,
X11 or running su will set the groups list.  Setting groups is a
privileged operation so simply starting a new shell or opening a
new xterm is not sufficient.

 - todd

Re: Dissing Misks

2020-12-22 Thread Todd C . Miller
On Tue, 22 Dec 2020 17:30:08 -0700, Duncan Patton a Campbell wrote:

> I've added two identical 4TB disks to my system to set up a duald RAID.  
> When I boot, they come up as 
> sd2 at scsibus1 targ 2 lun 0:  naa.50014ee268199
> 5d6
> sd2: 3815447MB, 512 bytes/sector, 7814037168 sectors
> and 
> wd0 at pciide1 channel 0 drive 0: 
> wd0: 16-sector PIO, LBA48, 3815447MB, 7814037168 sectors
> One of these things is not like the other, and I've not located 
> how this distinction is made at boot time.  

You should check your BIOS settings and make sure all the SATA
channels are configured to use AHCI and not legacy ATA.

 - todd

Re: httpd location statement

2020-12-11 Thread Todd C . Miller
On Fri, 11 Dec 2020 09:54:43 +0200, Alexey Vatchenko wrote:

> Sorry, still don’t understand how captures can help in this case.
> In my understanding, it lacks "OR” to avoid duplicating identical
> location blocks.

Sorry, I misremembered.  You are correct that lua patterns don't
support alternation.

 - todd

Re: httpd location statement

2020-12-10 Thread Todd C . Miller
On Thu, 10 Dec 2020 19:24:20 +0200, Alexey Vatchenko wrote:

> I’m migrating from ancient server with OpenBSD’s apache1 to 6.8 OpenBSD’s htt
> pd.
> In my configuration I use Handler for .html, .htm, .css, .js and 4 more exten
> sions.
> I’ve found a way to configure it for one extension and it works great!
> location “*.html” {
> fastcgi {
> socket “/run/slowcgi.sock”
> param SCRIPT_FILENAME “/path/to/"
> }
> }

Can't you just use lua-style patterns with "location match ..."?
See the CAPTURES section in pattern(7) for details.

 - todd

Re: gcc: error trying to exec 'cc1': execvp: no such file or directory

2020-11-19 Thread Todd C . Miller
On Thu, 19 Nov 2020 22:07:33 +, Roderick wrote:

> g++, gcc and gcov in /bin are from Apr 13, 2019. The rest are from
> Oct 5, 2020.

That explains your problem.  The upgrade would have removed any
obsolete /usr/lib/gcc-lib/amd64-unknown-openbsd* directory which
the old gcc binaries require.

There should now be a /usr/lib/gcc-lib/amd64-unknown-openbsd6.8
directory for use by the updated gcc/g++ but for some reason you
don't have those updated gcc binaries.  Perhaps you ran out of space
in /usr or some other problem prevented the sysupgrade from finishing.

Nick's advice is good.  There are obsolete file removal instructions
in the Upgrade Guide, e.g.

Once you have the obsolete files removed, do a manual upgrade from
the 6.8 bsd.rd and it should fix things.

 - todd

Re: uvn_flush: WARNING: changes to page may be lost

2020-11-11 Thread Todd C . Miller
On Wed, 11 Nov 2020 10:20:41 +0100, Jan Stary wrote:

> This is current/amd64 on an APU2 (dmesg below).
> It seems that after every sysupgrade,
> there is a storm of messages like these:
>   uvn_flush: obj=0x0, offset=0x7c2.  error during pageout.
>   uvn_flush: WARNING: changes to page may be lost!
> They appear right after the booting sequence is finished,
> and never appear again. This does not happen after a regular
> reboot, only after sysupgrade's reboot. The logs of the last
> three occasions follow.

This happens when /usr/libexec/reorder_kernel runs and your /usr
is full.  If you have upgraded the system multiple times there is
probably cruft in /usr you can remove such as old shared libraries
and obsolete binaries.

Your removal of /usr/X11R6 probably is what "fixes" it after

 - todd

Re: Set environment variable for non-interactive shell

2020-11-06 Thread Todd C . Miller
Typically, this kind of thing is done in /etc/login.conf.

 - todd

Re: filters in OpenBSD in printing

2020-10-20 Thread Todd C . Miller
On Mon, 19 Oct 2020 21:19:26 -0600, "Raymond, David" wrote:

> I tried putting a filter that drives an HP Deskjet printer (works with
> lprng on linux) as an output filter in printcap and it didn't work.
> Would it be more proper to put it as an input filter?  I am still on
> version 6.7 of the OS.  (I saw a recent post indicating that changes
> were made to the lpr system in 6.8.)

Yes, an input filter should work.  I used to have an HP printer
years ago and I used the following printcap entries.  Maybe it will
give your a starting point.  There is some info at on using foomatic-rip
with BSD lpd, which appears to be what I based this on.

psc2410|psc2400|psc 2410|HP PSC 2410:\

# See
printer|lp|ps|PostScript|HP PSC 2410 (PostScript):\

Re: time_t

2020-10-05 Thread Todd C . Miller
On Mon, 05 Oct 2020 15:16:24 -, Roderick wrote:

> The result of time() has type time_t and we know what kind of number
> goes there: seconds since 0 hours, 0 minutes, 0 seconds, January 1,
> 1970, Coordinated Universal Time.

32-bit time_t rolls over at 03:14:07 on Tuesday, 19 January 2038.

> In my FreeBSD running on a 64 bit processor this type is: int (__32_t).
> It considers this size enough for above information.

Are you sure about that?  FreeBSD declares __time_t to be __int64_t
on amd64.  On FreeBSD/amd64 __int64_t is defined as a long.

> In my OpenBSD running on a 32 bit processor this type is: long long
> (__64_t).

Correct.  OpenBSD uses long long for int64_t on all architectures
for consistency.  Other OSes use long for int64_t on 64-bit systems.

> None of both has an unsigned type, although time moves forward
> (more or less fast!!!).

time_t must be signed in order to represent times in the past.

> Is there a reason for this discrepancy? Is there no standard for the
> size of time_t?

The POSIX standard does not really specify the size of time_t.  Most
(all?) 64-bit system use a 64-bit time_t.  Some 32-bit systems use
a 64-bit time_t too, in order to support times after 2038.  OpenBSD
is one of them.

> And what does mean the types with __? I find it so confusing. :)

It is to avoid namespace pollution.  The underlying types need to
be visible to other header files but unless you pull in the
specific header file they are not visible in the main namespace.

You can't really print a time_t via printf(3) without a cast.  On
OpenBSD we generally print it with %lld and cast the argument to
long long.

 - todd

Re: Must disable /usr/libexec/security on backup disks

2020-09-14 Thread Todd C . Miller
On Mon, 14 Sep 2020 13:40:03 +0200, Ingo Schwarze wrote:

> I think that is an interesting idea.  That would be the patch below.
> Given that the function find_special_files() looks for SUID, SGID,
> and device files, i suggest this logic: skip a mount point if any
> of the following is true:
>  - it does not have the "local" mount option
>  - or it has both the "nodev" and the "nosuid" mount options
> I don't think explicitly matching the parentheses is needed.
> The code below is simpler and possibly even more robust.

I like it.  The other idea I had was to simply declare that mounts
under a certain directory (such as /mnt) would not be checked, but
I think this is a more elegant approach.

 - todd

Re: Must disable /usr/libexec/security on backup disks

2020-09-13 Thread Todd C . Miller
On Sun, 13 Sep 2020 09:17:02 -, Rupert Gallagher wrote:

> Since /usr/libexec/security runs blindly on every attached storage media, it 
> also runs on mounted tape and backup data volumes.

It might be best to only check file systems listed in /etc/fstab
that don't have noauto in the options field.

 - todd

Re: Troubleshooting rsync

2020-09-06 Thread Todd C . Miller
On Fri, 04 Sep 2020 22:57:03 -0700, Greg Thomas wrote:

> Hey all, I'm trying to use WSL on Windows 10 to backup to my OpenBSD server
> running 6.7 release.  It looks like Debian on WSL is using rsync version
> 3.1.2.  I tried both the rsync package and openrsync on OpenBSD with the
> same results.Basically rsync never exits and when I use four Vs for
> verbosity the last line is 'client_run waiting on..."   rsync locally works
> fine.

Are you using WSL 1 or WSL 2?  If possible, I'd suggest testing with WSL 2.
You can convert between WSL 1 and 2 pretty easily.

 - todd

Re: Can I boot without GPU ("headless")?

2020-08-31 Thread Todd C . Miller
On Mon, 31 Aug 2020 15:49:24 +0200, Zeljko Jovanovic wrote:

> But wasn't the conclusion of this discussion that you can just buy
> one, connect it to computer only for booting, and then disconnect
> it and use on another one?

He needs to be able to enter the encryption key at boot time.
Opening up the case and temporarily installing the motherboard
serial cable doesn't seem like a good solution.

> Somebody mentioned serial ports not being "hot-plugable". This is
> not a concern here, as the serial port is built into chipset and
> remains there - you are just moving the connector.
> The connector/adapter you need is something like this: 
> , but as somebody
> else wrote, the pinout is only informally "standardized", so it is
> best to check it in advance.

You can also find these cheaply direct from china.  I saw ones for
$2.35US/each shipped at AliExpress, cheaper options probably exist.
You do need to be mindful of the distance from the pins on the
motherboard to the slot you are using, some of those cables are
quite short.

> Alternatively, instead of buying it, you can find such bracket
> (usually with one DB-9 and one DB-25 port) on old (very old!) PCs.
> I found mine many years ago in some old 486 waiting to be recycled.

Yes, this was fairly common in pre-ATX machines.  I have a few
harvested from old machines before I recycled them.

 - todd

Re: mfs reported full, but empty

2020-08-19 Thread Todd C . Miller
On Wed, 19 Aug 2020 23:47:57 +0200, Vincent wrote:

> After several days, I have to reboot my machine because of mfs full. This is 
> not the first time.
> I have few mfs on this machine, but I observe that this is always a full 
> filesystem on /tmp after +40 days of uptime. 
> But on other mfs, I have very low filesystem activity. 

It is possible for a process to have a file open that doesn't have
a directory entry.  This can happen when a process opens a file,
unlinks it, and continues to write to it.

You can use the fstat utility to see what processes have files open
on a file system.  E.g.

 $ fstat -f /tmp

This won't tell you how big those unlinked files are, but it will
give you a list of suspects.  You can restart them and see which
one releases the space.

 - todd

Re: Tunefs(8)

2020-08-10 Thread Todd C . Miller
On Mon, 10 Aug 2020 16:05:12 -, Rupert Gallagher wrote:

> Omit the last line of the manual, because there is no need for it.

It's a play on the old joke:

What's the difference between a piano and a fish?
You can tune a piano, but you can't tuna fish!

No one would dare remove the line in tunefs(8) due to the curse
listed in the man page source:

.\" Take this out and a Unix Demon will dog your steps from now until
.\" the time_t's wrap around.
You can tune a file system, but you can't tune a fish.

 - todd

Re: Rsync is too slow

2020-07-30 Thread Todd C . Miller
On Thu, 30 Jul 2020 13:37:39 -0700, Chris Cappuccio wrote:

> Rupert Gallagher [] wrote:
> > No, I am not using USB.
> your dmesg didn't make it to the list because you are attaching a text file
> and attachments are not allowed on misc.

Actually, these days they are allowed.  I didn't have any problem
reading the attached dmesg.

 - todd

Re: ksh very slow compared to bash when running ghostscript's ./configure script

2020-07-22 Thread Todd C . Miller
On Wed, 22 Jul 2020 18:38:42 +0200, Theo Buehler wrote:

> Likely glob. Many glob implementations were found to suffer from
> complexity issues:
> The glob(3) in libc was fixed
> 9
> but ksh's builtin glog still has the issue.

At the very least we should collapse consecutive stars.  This is a
separate issue from making gmatch() iterative.

 - todd

Index: bin/ksh/misc.c
RCS file: /cvs/src/bin/ksh/misc.c,v
retrieving revision 1.74
diff -u -p -u -r1.74 misc.c
--- bin/ksh/misc.c  7 Jul 2020 10:33:58 -   1.74
+++ bin/ksh/misc.c  22 Jul 2020 19:08:20 -
@@ -615,6 +615,9 @@ do_gmatch(const unsigned char *s, const 
case '*':
+   /* collapse consecutive stars */
+   while (ISMAGIC(p[0]) && p[1] == '*')
+   p += 2;
if (p == pe)
return 1;

Re: OpenSMTPd stops after connection errors

2020-07-17 Thread Todd C . Miller
Yes, smtpd should not die in this case.  Can you share the nmap
command and script you are running?  I tried the following and it
worked as expected:

nmap -sV -Pn -p 25,587 --version-intensity 8 --script ssl-enum-ciphers \

The server did not exit and nmap returned the list of ciphers as
expected.  The log message:

smtpd: process pony socket closed

makes it sound like the smtpd pony express process crashed.

 - todd

Re: awk segfaults on RS regexp

2020-07-13 Thread Todd C . Miller
On Mon, 13 Jul 2020 13:02:44 +0200, Jan Stary wrote:

> This is current/amd64.
> On UTF input, awk segfaults when using a multi-character RS:
> $ cat /tmp/in
> č
> $ hexdump -C /tmp/in
>   c4 8d 0a|...|
> 0003
> $ cat /tmp/in | awk '{print$1}'
> č
> $ cat /tmp/in | awk -v RS=x '{print$1}'
> č
> $ cat /tmp/in | awk -v RS=xy '{print$1}'
> Segmentation fault (core dumped)

Nice catch.  The actual bug is caused by using a signed char as an
index into an array, resulting in a negative index.  Once debugged,
the fix is simple.

 - todd

diff --git a/b.c b/b.c
index c167b50..f7fbc0e 100644
--- a/b.c
+++ b/b.c
@@ -684,7 +684,7 @@ bool fnematch(fa *pfa, FILE *f, char **pbuf, int *pbufsize, 
int quantum)
FATAL("stream '%.30s...' too 
long", buf);
buf[k++] = (c = getc(f)) != EOF ? c : 0;
-   c = buf[j];
+   c = (unsigned char)buf[j];
/* assert(c < NCHARS); */
if ((ns = pfa->gototab[s][c]) != 0)

Re: ls -R bug?

2020-07-04 Thread Todd C . Miller
On Sat, 04 Jul 2020 20:59:08 +0200, Richard Ipsum wrote:

> Output of ls -R between OpenBSD and GNU coreutils seems to differ,
> OpenBSD ls -R will apparently list "hidden" directories like .git,
> whereas GNU coreutils will not, is this expected behaviour or a bug?

I think this is actually a bug.  Historic behavior is to not descend
into directories that begin with a '.'.  Our existing ls code looks
like it is written to support that behavior but is missing one

 - todd

Index: bin/ls/ls.c
RCS file: /cvs/src/bin/ls/ls.c,v
retrieving revision 1.51
diff -u -p -u -r1.51 ls.c
--- bin/ls/ls.c 13 Sep 2018 15:23:32 -  1.51
+++ bin/ls/ls.c 4 Jul 2020 20:13:39 -
@@ -369,8 +369,11 @@ traverse(int argc, char *argv[], int opt
switch (p->fts_info) {
case FTS_D:
if (p->fts_name[0] == '.' &&
-   p->fts_level != FTS_ROOTLEVEL && !f_listdot)
+   p->fts_level != FTS_ROOTLEVEL && !f_listdot) {
+   if (fts_set(ftsp, p, FTS_SKIP))
+   err(1, "%s", p->fts_path);
+   }
 * If already output something, put out a newline as

Re: OpenBSD Readonly File System

2020-06-13 Thread Todd C . Miller
On Sat, 13 Jun 2020 12:12:05 -0400, Nick Holland wrote:

> On 2020-06-11 12:07, Strahil Nikolov wrote:
> > I always thought that 'sync' mount option  is enough  to avoid
> > corruption of the FS. Am I just "fooling" myself  ?
> As "sync" is the default...yes, I think you are.

Actually, by default only metadata is written synchronously.  The
"sync" mount option causes data to be written synchronously too.
Of course, the disk *itself* has a cache so even with synchronous
writes you can't be sure the data has actually made it to the platter.

So yes, I agree that sync mounts are not really enough to help here.
You are probably correct that softdep is better for this kind of
thing since it does a better job of keeping the filesystem in a
consistent state, at the cost of missing data when there is an
unclean shutdown.  In theory, the on-device cache can still cause
issues when you lose power though.

 - todd

Re: Potential awk bug?

2020-06-08 Thread Todd C . Miller
On Sun, 07 Jun 2020 17:02:03 -0700, Jordan Geoghegan wrote:

> Thanks for the quick response. I certainly wasn't expecting to find an 
> ancient bug like this. Should I be reporting this bug upstream, or are 
> you planning on upstreaming a diff?

I've created a pull request to fix this upstream:

 - todd

Re: Potential awk bug?

2020-06-07 Thread Todd C . Miller
On Sat, 06 Jun 2020 18:16:39 -0900, Philip Guenther wrote:

> Todd, are we up to date with upstream, or is this latent there too?

We are not up to date but upstream (
exhibits the same bug.

 - todd

Re: late pppoe address

2020-06-06 Thread Todd C . Miller
On Sat, 06 Jun 2020 19:14:28 +0200, Jan Stary wrote:

> Is the aim to let the ISP know that the iface is down,
> so that it gets set up afresh on boot, as opposed to
> waiting for some PPP keep-alive timeout?

Basically.  It is to work around an issue where the pppoe ethernet
interface goes down during reboot before the pppoe disconnect message
can be sent to the ISP.

I'm not sure it is needed anymore, though I still have it in my own
rc.shutdown file.

 - todd

Re: timegm()

2020-04-23 Thread Todd C . Miller
On Wed, 22 Apr 2020 21:21:28 -0600, "Todd C. Miller" wrote:

> That's fine with me.  Those interfaces appeared in SunOS 4.0 according
> to tzcode (which is where we got them from).  They did *not* originate
> in NetBSD.  I've verified that they were present in SunOS 4.1.3U1,
> though that code appears to be derived from tzcode too.

Bit Savers has scans of the SunOS 4.0 print manuals which includes
a hard-copy of the man pages.  Here you can see that timegm() and
timelocal() were present in SunOS in 1987:

However, they are not present in SunOS 3.5.  You can see the list
of library functions from intro(3) which includes gmtime(3) and
localtime(3) but not their inverses:

So I think it is safe to say that those interfaces originated in
SunOS 4.0 and not an earlier version.

 - todd

Re: timegm()

2020-04-22 Thread Todd C . Miller
On Thu, 23 Apr 2020 04:21:42 +0200, Ingo Schwarze wrote:

> Calling timelocal(3) deprecated makes sense to me because it is
> nothing but a trivial wrapper around mktime(3), and the latter
> is standardized, while timelocal(3) is not.
> But i don't quite see why timegm(3) should be marked as deprecated:
> sure it was never standardized, but i don't see a better portable
> way to achieve the same.
> Consequently, i suggest dropping millert's deprecation notice
> from timegm(3) and instead adding the missing STANDARDS and
> HISTORY sections.

That's fine with me.  Those interfaces appeared in SunOS 4.0 according
to tzcode (which is where we got them from).  They did *not* originate
in NetBSD.  I've verified that they were present in SunOS 4.1.3U1,
though that code appears to be derived from tzcode too.

I would suggest that the HISTORY section be updated accordingly if
you feel the need to document their origin.

If you look at the 4.4BSD ctime.c you'll see that Keith actually
removed timegm() after updating it from tzcode.

D 5.16 89/03/16 20:34:41 bostic 22 21
remove offtime, timegm, timeoff

D 5.15 89/03/12 16:32:29 bostic 21 20
latest Olson/Harris time package

The reason they were marked as deprecated is that tzcode has a
comment that "These functions may well disappear in future releases
of the time conversion package".  However, that hasn't happened in
at least 30 years so it seems likely that they are here to stay...

Note that we also provide timeoff() but don't document it.

 - todd

Re: chattr on OpenBSD???

2020-04-17 Thread Todd C . Miller
On Fri, 17 Apr 2020 15:27:33 -0600, "Raymond, David" wrote:

> Hmm... Why would I want e2fsprogs on OpenBSD???  Oh, I see,
> libreoffice drags it in.  One more thing I wish I could dispense with.

A bunch of ports pull it in for its uuid code.

 - todd

Re: chattr on OpenBSD???

2020-04-17 Thread Todd C . Miller
On Fri, 17 Apr 2020 09:11:15 -0600, "Raymond, David" wrote:

> I noticed that chattr exists on OpenBSD.  The man page says it applies
> to Linux file systems (ext* etc).  Two questions:
> 1. Does this also apply to OpenBSD's fast file system?  (The man page
> would suggest not.)


> 2. If not, is it of any use on OpenBSD?

Not unless you are using one of the Linux ext* file systems on
OpenBSD.  For native OpenBSD file systems you can use the BSD
chflags(8) command.

 - todd

Re: Compiler warning in ctype.h

2020-03-05 Thread Todd C . Miller
On Thu, 05 Mar 2020 16:07:48 +0100, Thomas de Grivel wrote:

> Actually I see the same problem on 6.6-stable :
> including readline/readline.h produces warnings.
> Any -Werror hope some day ?

You still haven't bothered to include:

1) the compiler you are using
2) the compiler flags to reproduce the problem
3) a sample program to reproduce the problem

The _l parameter in those inline functions already has the __unused__
attribute set which is supposed to suppress those warnings.

I can't reproduce this using clang (base or ports) or gcc (base or
ports) using -Wall, -Wextra and -Wunused-parameter.  But since you
haven't provided any details, we just have to guess at what you are

 - todd


2020-01-21 Thread Todd C . Miller
On Mon, 20 Jan 2020 22:42:51 -0700, peterwkc wrote:

> /etc/hostname.pppoe0
> pppoedev fxp0 authproto pap authname "" authkey "" up
> dest
> !/sbin/route add default -ifp pppoe0
> Not able to get a connection. What wrong with it?

Try using authproto chap instead of pap and see if that makes a

I doubt there are many ISPs still using PAP with PPPoE due to its
weaknesses so we may want to update the example in the manual page.

 - todd

Re: mailing outage?

2020-01-14 Thread Todd C . Miller
On Tue, 14 Jan 2020 15:11:30 +0100, Jan Stary wrote:

> Just to make sure: was there a downtime
> this morning (Central Auropen time)?

Yes, there was.  It is back now, as you can see :-)

 - todd

Re: [sh] Single quote in comment withing subshell buggy

2019-12-14 Thread Todd C . Miller
On Sat, 14 Dec 2019 09:03:26 +, wrote:

> This is certainly not the best way to do this but it does the job:
> In particular it just reeks of kludge, which I'm not happy with
> because according to the comment two-dozen lines up it's already a
> kludge. The loop is lifted from the beginning of the same function,
> where regular comments are skipped.

That's not too awful.  The $( ... ) parsing code in our ksh is
not the greatest.

 - todd

Re: What's up with bluhms perf tests?

2019-12-09 Thread Todd C . Miller
On Mon, 09 Dec 2019 15:33:24 +0100, Tommy Nevtelen wrote:

> I can see that there is a big drop in the throughput graphs, is 
> something wrong with the data or was there a change that set performance 
> = false?

That was probably the following commit:

which has since been reverted:

 - todd

Re: Misc i386 questions

2019-10-15 Thread Todd C . Miller
On Tue, 15 Oct 2019 10:37:41 -0600, Todd C. Miller wrote:

> There's your problem.  The bha driver is no longer supported by
> OpenBSD.  You should use SATA or IDE as the disk type in VMWare.

Alternately, you should be able to switch the VM to use the mpi
driver by editing the .vmx file for your VM (after shutting down
the VM first).  Just change the lines like:

scsi0.virtualDev = "buslogic"


scsi0.virtualDev = "lsilogic"

VMWare doesn't even support the buslogic driver on 64-bit guests
these days.  New VMs created by VMWare fusion use lsilogic by

 - todd

Re: Misc i386 questions

2019-10-15 Thread Todd C . Miller
On Tue, 15 Oct 2019 00:34:38 -0700, Sean Kamath wrote:

> On the 6.0 installation, using 'SCSI', I get:
> bha3 at pci0 dev 16 function 0 "BusLogic MultiMaster" rev 0x01: apic 1 int 17
> , BusLogic 9xxC SCSI
> bha3: model BT-958, firmware 5.07B
> bha3: sync, parity
> scsibus2 at bha3: 8 targets, initiator 7
> sd0 at scsibus2 targ 0 lun 0:  SCSI2 0/direct
>  fixed
> sd0: 8192MB, 512 bytes/sector, 16777216 sectors

There's your problem.  The bha driver is no longer supported by
OpenBSD.  You should use SATA or IDE as the disk type in VMWare.

 - todd

Re: support new

2019-08-29 Thread Todd C . Miller
On Thu, 29 Aug 2019 11:43:40 +0200, Ingo Schwarze wrote:

> It would no doubt be nice to have a support.html entry for Turkey,
> but i'm not convinced i want to add a person who is not even able
> to send properly formatted email.

The original message was html and got reformatted to text.  That
doesn't always produce the nicest results.

If they were to re-send as plain text that would probably help.

 - todd

Re: dkim on openbsd mailing lists.

2019-08-18 Thread Todd C . Miller
The mailing list server may modify the subject and from headers
(depending on user configuration) and often does modify the message

That is why DKIM headers are removed.

 - todd

Re: question about man starttls and linking to cert.pem

2019-08-11 Thread Todd C . Miller
On Sun, 11 Aug 2019 16:03:39 +0200, Gilles Chehade wrote:

> It's interesting to have instruction for generating self-signed cert but
> most people will want a cert that others will validate so it makes sense
> to at least extend the man page (in another diff) in my opinion.

And if we do that we should also at least mention MTA-STS.

 - todd

Re: question about man starttls and linking to cert.pem

2019-08-11 Thread Todd C . Miller
On Sat, 10 Aug 2019 22:22:05 -0400, "Ted Unangst" wrote:

> That entire section seems dumb and outdated. I would prefer we
> simply not give any advice here. Users can figure out what they
> need to do. Installing the public cert needs to be done on many
> other machines, not just the one where its generated.

Fine with me.  I wonder if we shouldn't also mention acme-client
here too.  Something for another diff...

 - todd

Re: GPS hardware and TTYs

2019-07-23 Thread Todd C . Miller
On Tue, 23 Jul 2019 13:42:28 -0600, Scott Seekamp wrote:

> I tested by: 
> - unplugging the sensor 
> - changing /etc/ttys 
> - kill -HUP 1 
> - plugging sensor in and waiting 30 seconds 
> - check sysctl output for data 

You need to run "ttyflags ttyU0" instead of sending a HUP to init.
If the cua device works I would expect that setting the local flag
in /etc/ttys for ttyU0 would be sufficient.

 - todd

Re: X1 Thinkpad Tablet Freeze on Boot

2019-07-15 Thread Todd C . Miller
On Mon, 15 Jul 2019 14:02:22 -, Charlie Burnett wrote:

>  Ah- I'm just now seeing the note about the screen going black after the
> kernel loads into memory, and doing some more digging shows the same kind
> of issue when CSM isn't enabled. Unfortunately they had said that CSM
> wasn't supported with the tablet...
> p/4472630
> Any ideas where to go from here? Either way I appreciate the advice. At
> least I know where to start looking!

Sorry, I don't know why UEFI booting on OpenBSD would require CSM.

 - todd

Re: X1 Thinkpad Tablet Freeze on Boot

2019-07-15 Thread Todd C . Miller
You probably need to make some changes to the bios settings, if you
haven't already done so.  Try disabling "secure boot" and enabling
"CSM Support" and see if that makes a difference.

Some of the info at may
also be applicable.

 - todd

Re: Oddity re. order of ifconfig commands

2019-07-14 Thread Todd C . Miller
On Sun, 14 Jul 2019 12:35:32 +0300, wrote:

> I have two laptops, both on the same wifi network, one with linux and one wit
> h openbsd.
> I also string a cable between their ethernet ports for maximum speed which I 
> bring up manually at each and because I'm too lazy to automate it, that's 10.
> 100.200.2/24 on linux and on openbsd.
> With the other side working fine (I'd detached my openbsd laptop to take it o
> ut and reattached it later) I attempted to bring up the ethernet but got the 
> commands wrong, and this ensued:
> drogo# pkill -f re0

I'm assuming this is to kill off any dhclient for re0?

> drogo# ifconfig re0 # oops forgot up
> drogo# ping
> PING ( 56 data bytes
> ping: sendmsg: Host is down
> ping: wrote 64 chars, ret=-1

I'm not sure what you are tying to do here.  You haven't configured
re0 with an IP address.  I suspect you really wanted to run "dhclient
re0" instead.

 - todd

Re: 4GB RAM too little for Firefox?

2019-07-08 Thread Todd C . Miller
On Mon, 08 Jul 2019 15:59:54 -0400, Allan Streib wrote:

> It does behave like the file is opened and then unlinked. Sorry for my
> term "ghost" file I couldn't quite find the right words for what I was
> seeing.

You can use the fstat command to find these files (even if unlinked)
as well as the ID of the process that has them open.  For example:

fstat -f /tmp

 - todd

Re: [6.5] minidlna error: accept(http): Too many open files

2019-04-28 Thread Todd C . Miller
On Sun, 28 Apr 2019 22:35:36 +0200, "Stephane HUC \"PengouinBSD\"" wrote:

> After upgrading OpenBSD from 6.4 to 6.5, I've problem to use minidlna.
> It fill the /var/log/minidlna/minidlna.log with severals errors
> messages, as:
> [2019/04/25 15:26:29] monitor_kqueue.c:226: error:
> open(/home/z2/Music/xyz) [Too many open files]
> (...)
> [2019/04/25 20:15:05] minidlna.c:165: error: accept(http): Too many
> open files

It seems that minidlna now tries to keep every directory open to
tell when there is a modification.  My suggestion is to disable
inotify in /etc/minidlna.conf.  E.g.

# set this to no to disable kqueue monitoring to automatically discover new 
# note: the default is yes

That fixed the problem for me.

 - todd

Re: authentication methods: how do they work?

2019-03-26 Thread Todd C . Miller
On Tue, 26 Mar 2019 11:11:35 -0400, Daniel Jakots wrote:

> On Tue, 26 Mar 2019 10:01:59 -0400, Boris Epstein
>  wrote:
> > Hello listmates,
> > 
> > Let's say I have the following configured in my /etc/login.conf
> > 
> > auth-defaults:auth=password,skey,yubikey
> > 
> > Would that mean either password, or skey, or Yubikey, or should they
> > all be satisifed?
> Either. Then you can pick which is used when you run the software, for
> instance with sudo it's the -a flag.

Also, for programs that take a username, you can usually append the
auth method after the username, separted with a colon.  For example,
for ssh you can do things like:

ssh myname:skey@somehost

 - todd

Re: After upgrade to -current on sparc64 unable to su

2019-03-23 Thread Todd C . Miller
I just committed a fix for this, the next snapshot should include it.

 - todd

Module name:src
Changes by: 2019/03/23 11:03:00

Modified files:
lib/libc/gen   : login_cap.c auth_subr.c

Log message:
Remove useless secure_path(3) calls.
There is no point in checking permissions of files in root-owned
directories.  If it even was a problem, secure_path(3) suffers from
unsolvable TOCTOU issues.  OK deraadt@

Re: Is there a fix for stock vi's bug-for-bug compatible ESC-equals-return feature?

2019-02-20 Thread Todd C . Miller
On Mon, 18 Feb 2019 09:04:36 +0100, ropers wrote:

> While this feature/bug is counter-intuitive (IMHO), I presume nvi acts
> this way so as to be bug-for-bug compatible with original vi. (That's
> my guess. I haven't actually confirmed this.)

You can install the traditional-vi port and compare the behavior
with nvi.  I did a quick test and the behavior seems to be consistent.

 - todd

Re: what would a POP3s daemon best look like?

2018-11-04 Thread Todd C. Miller
On Sun, 04 Nov 2018 12:26:27 +0100, Walter Alejandro Iglesias wrote:

> I've been assuming that running pop3d(8) from ports, listening in 995
> only and with 110 port firewalled my passwords aren't traveling in plain
> text.  Am I assuming right?

Port 995 is pop3 protocol over TLS/SSL so that should be safe enough.

 - todd

Re: what would a POP3s daemon best look like?

2018-10-30 Thread Todd C. Miller
On Tue, 30 Oct 2018 09:32:45 -0600, "Todd C. Miller" wrote:

> I don't think there is much interest in having a pop3 daemon in
> base due to the use of plain-text passwords but if you want to check
> out a copy the old one, you can do it like this:
> cvs get -rOPENBSD_5_4 src/usr.sbin/popa3d
> The DESIGN file in that directory describes the security model.

You can also find the upsteam sources for it at

 - todd

Re: what would a POP3s daemon best look like?

2018-10-30 Thread Todd C. Miller
I don't think there is much interest in having a pop3 daemon in
base due to the use of plain-text passwords but if you want to check
out a copy the old one, you can do it like this:

cvs get -rOPENBSD_5_4 src/usr.sbin/popa3d

The DESIGN file in that directory describes the security model.

 - todd

Re: network problem with latest snapshots

2018-10-05 Thread Todd C. Miller
On Fri, 05 Oct 2018 01:45:22 -0300, Thanos Tsouanas wrote:

> I was hoping it could have been some "bad timing" with the snapshots
> back then but the problem is still there with the latest snapshot:
> this ethernet card cannot work under -current, but works fine under
> 6.3, and used to work under -current up to july-august (I'm sorry I
> can't be more exact).

There's only one commit to if_bge.c around that time period, revision
1.387.  Are you able to build and test a kernel with that change
backed out?

 - todd

Module name:src
Changes by: 2018/05/16 23:17:45

Modified files:
sys/dev/pci: if_bge.c

Log message:
Fix iLO/IPMI remote access problem.  At least for bge(4) network port
which is shared with IPMI on HPE DL20 Gen9, its link state became down
a while or never became active again.

diff from FreeBSD through Naoki Fukaumi.

ok mpi dlg

Re: checking source with pvs-studio

2018-10-03 Thread Todd C. Miller
On Wed, 03 Oct 2018 18:07:00 +0100, Tom Smyth wrote:

> I was thinking ... it might be possible to examine
> a copy of the code out of band on a different OS system ...
> and deal with the bugs that are flagged
> as part of the normal OpenBSD development process,

It is possible to generate pre-processed versions of the source for
analysis on another system (Linux, macOS, etc).  It's not something
that fits in well to how OpenBSD development works but it is possible.

> if the license is not permissible then I suppose my suggestion
> was entirely academic :/

I don't see us being able to use anything that uses per-developer
seat licensing.

> PS awesome talk in euroBSD Con :)

Wrong Todd :-)

 - todd

Re: checking source with pvs-studio

2018-10-03 Thread Todd C. Miller
On Wed, 03 Oct 2018 17:42:16 +0100, Tom Smyth wrote:

> ...  is it just 750 for a License ?
> If one were to donate a License ? would that work for the project ?

No, it would not.  Their licensing model simply won't work for us.
Even if it did, it's not like we could run it natively on OpenBSD.

 - todd

Re: checking source with pvs-studio

2018-10-03 Thread Todd C. Miller
On Wed, 03 Oct 2018 10:20:45 +0200, Ingo Schwarze wrote:

> Which is of course trivial to do - you write a script to do a
> checkout, run "sed -i", run the tool, collect the the results,
> and delete the checkout.  So the harassment by the author is not
> even effective for his intended purpose.

The license explicitly prohibits this kinds of behavior, though of
course there's no way for them to tell.  If someone really wanted
to use it, a trial license does not have this kind of restriction
though it only lasts for a week IIRC.

I think it's clear that we're not going to be using pvs-studio which
is a bit of a shame since it does catch real bugs.  The way Coverity
deals with open source projects is easier for us to deal with.

 - todd

Re: Problem building GCC 8.2.0 amd64-to-i386 cross-compiler

2018-09-25 Thread Todd C. Miller
On Mon, 24 Sep 2018 23:43:20 -0400, Katherine Rohl wrote:

> I need to build a GCC cross-compiler targeting i386-pc-elf. I'm running 
> into problems with the build on OpenBSD 6.3.
> I've already successfully built a binutils-2.31.1 for i386-pc-elf.
> Trying to use the GCC 4.9.4 package (as GCC 4.2 is too old to build GCC 
> 8), my configure is:
> CC=egcc CXX=eg++ ../gcc-8.2.0/configure --prefix=/usr/local/gcc-i386 
> --target=i386-pc-elf --with-gmp=/usr/local

You might need to disable PIE when building gcc.  Try setting
"CFLAGS=-fno-pie -g -O2" and "LDFLAGS=-nopie" when running configure
and see if that helps.

 - todd

Re: want.html reachable from homepage?

2018-08-28 Thread Todd C. Miller
On Tue, 28 Aug 2018 22:00:11 +0200, =?UTF-8?Q?Martin_Schr=C3=B6der?= wrote:

> is there a clickpath from to want.html?

There is a link to it at the bottom of
(reachable via "Reporting Problems" on the main page) as well as
the first page of the FAQ under "Supporting the project".

 - todd

Re: newaliases vs makemap

2018-07-21 Thread Todd C. Miller
On Thu, 19 Jul 2018 15:13:57 -0600, Theo de Raadt wrote:

> An interface was copied from sendmail because that is what everyone
> knows.  Therefore a program has to exist, which works exactly like
> everyone already knows.  Therefore it must not have glitches and
> behaviours which cause confusion.  Since the entire reason this
> interface was added was *to ease the learning curve and avoid
> confusion*.

I committed changes to the newaliases manual yesterday that should
clarify the situation.

 - todd

Re: newaliases vs makemap

2018-07-16 Thread Todd C. Miller
On Mon, 16 Jul 2018 09:11:50 -0700, Scott Vanderbilt wrote:

> BTW, newaliases seg faults for me with latest couple of snapshots 
> (amd64). No message other than "segmentation fault". Just submitted a PR 
> with sendbug.

Already fixed in -current by:

Module name:src
Changes by: morti...@cvs.openbsd.org2018/07/02 19:34:43

Modified files:
usr.sbin/smtpd : config.c makemap.c
usr.sbin/smtpd/smtpctl: Makefile

Log message:
unbreak newaliases.
ok millert@

Re: newaliases vs makemap

2018-07-16 Thread Todd C. Miller
On Sun, 15 Jul 2018 17:59:58 -0700, Scott Vanderbilt wrote:

> In /etc/mail/aliases, there is the following note:
> # >>  The program "newaliases" must be run after
> # >> NOTE >>  this file is updated for any changes to
> # >>  show through to smtpd.

That is correct.

> Yet the man page for newaliases(8) says:
> Note: this utility is provided for sendmail compatibility. The 
> preferred way of rebuilding the database is withmakemap(8) 
> :

This is bad advices that should be removed.  It is only true if
using db files for aliases.  When using a flat file for aliases,
you should use newaliases, which will notify smtpd that the file
has changed.

> Taking the note in the man page at face value, I would expect that the 
> note in /etc/mail/aliases is now out-of-date, is it not? Or am I 
> overlooking something?

It is the other way around.

 - todd

Re: how to know the progressive state of dd

2018-06-25 Thread Todd C. Miller
As someone else mentioned you would use pkill on OpenBSD.

However, you will also need to use SIGINFO, not SIGUSR1, to get
dd's status.  BSD systems have traditionally used SIGINFO for this
purpose.  Linux lacks SIGINFO so there is no consistent signal for
this kind of a thing there.

 - todd

Re: sgtty.h

2018-06-11 Thread Todd C. Miller
On Mon, 11 Jun 2018 17:05:02 +0200, Pau wrote:

> I am trying to compile a very old piece of software, supermongo, on -current.
> The first complain I get from gmake is that
> get1char.c:26:14: fatal error: 'sgtty.h' file not found
> #include 
>  ^
> 1 error generated.
> *** Error 1 in devices (Makefile:5 'get1char.o')

You will need to update the code to use POSIX termios instead of
sgtty.h.  This is probably not too difficult, though you are probably
better off looking at what the code is trying to accomplish (e.g.
reading a single character) than trying to do a strict conversion.

 - todd

Re: Viewport for -- readability on phones

2018-05-17 Thread Todd C. Miller
On Fri, 18 May 2018 02:47:29 +0200, Ingo Schwarze wrote:

> I must say i never particularly liked that line in the CSS file.
> It always felt like fiddling with details that it might be better
> not to touch, given that display devices running browsers differ
> more than terminal emulators.  And here we are with a suspicion
> that it actually causes accessibility issues, even if the suspicion
> is still unconfirmed...
> Depending on the feedback i get here with respect to how
> now looks, i shall consider deleting the offending line for good.
> In general, i like the idea of making things better by *removing*
> harmful tweaks rather than adding new goo...

For what it's worth I removed that line from mandoc.css when I
switched the sudo online manuals to mandoc.

My vote is to remove it here too.

 - todd

Re: mail and newaliases do not work 6.1 and 6.2 for me

2018-05-01 Thread Todd C. Miller
On Tue, 01 May 2018 13:09:27 -0600, "Todd C. Miller" wrote:

> You need to restart smptd if you are using a file-based table for
> aliases.  If you use a db instead of file you don't need to restart.

Actually, you don't need to restart smtpd for file-based tables if
you run newaliases instead of makemap.  The newaliases command will
notify smtpd about the change and smtpd will reload the aliases

You can also notify smtpd about table files by running "smtpctl
update table table-name" which is handy for tables other than

 - todd

Re: mail and newaliases do not work 6.1 and 6.2 for me

2018-05-01 Thread Todd C. Miller
On Tue, 01 May 2018 21:04:19 +0300, Ivo Chutkin wrote:

> Restarting smtpd did it.
> I did not know I have to restart smtpd in order to get it working after 
> change in alias.

You need to restart smptd if you are using a file-based table for
aliases.  If you use a db instead of file you don't need to restart.

For small aliases files that don't change often, file is more
efficient since it is kept in-memory.  For larger alias file that
change more often, db may be preferable.

 - todd

Re: 4-ports router under $150

2018-04-11 Thread Todd C. Miller
On Wed, 11 Apr 2018 10:49:54 +0300, lilit-aibolit wrote:

> Hi, I've been looking for more then one year to get something similar 
> until I found this:
> wo-usb-and-four-lan-laptop-overwatch-Computer/32794678352.html?spm
> I already got and tested it and it work fine.

Can you access the BIOS from the serial port or only via VGA?

 - todd

Re: unbound reload crashes the server

2018-03-22 Thread Todd C. Miller
On Thu, 22 Mar 2018 16:02:56 -0500, Edgar Pettijohn wrote:

> It is chroot'd to /var/unbound so it looks for /etc/unbound.conf from 
> that false root.  At least that is my best guess. What is in 
> /etc/rc.conf.local?
> I have the following:
> unbound_flags=-c /var/unbound/etc/unbound.conf
> I'm not sure why I specified the config file, but it may well have been 
> because of the same problem you are having.

That should not be needed, /etc/rc.d/unbound already sets daemon_flags
to "-c /var/unbound/etc/unbound.conf"

If /var/unbound/etc/unbound.conf is not readable by the _unbound
user it would explain the problem.  I was able to reproduce it by
making /var/unbound/etc/unbound.conf owned by root and mode 0600.

 - todd

Re: OpenSMTPd maillist "compatible" manager Majordomo or what?

2018-03-20 Thread Todd C. Miller
On Tue, 20 Mar 2018 09:32:09 -0400, Allan Streib wrote:

> Does mlmmj provide self-service-via-email? I could not quite tell from
> their online man pages.
> E.g. as a subscriber to a list, can I send an email to something like
> to unsubscribe?

Yes.  The documentation is a bit sparse unfortunately.

 - todd

Re: Loop problem in sending mail to root

2018-03-05 Thread Todd C. Miller
The answer is probably in your /etc/mail/aliases file.  Do you have
an entry for root in there?  If so, it needs to point to a different
user.  An entry like the following would cause the error:

root: root

For sendmail, an entry like this would cause the mail to be delivered
locally for the user.  With smtpd it results in a mail loop.

 - todd

Re: at/batch(1) and ssh-agent(1) environment variables

2018-01-31 Thread Todd C. Miller
On Wed, 31 Jan 2018 11:39:23 +0100, Erwin Geerdink wrote:

> at/batch(1) appears to not retain SSH_AUTH_SOCK and SSH_AGENT_PID
> environment variables when commands are executed. According to the man
> page: 
> "(...) The working directory, the environment (except for the variables
> TERM, TERMCAP, DISPLAY, and _), and the umask are retained from the
> time of invocation.  An at or batch command invoked from a su(1) shell
> will retain the current user ID."
> Why are those variables not preserved?

Because at/batch jobs are by their very nature non-interactive so
it doesn't make sense to preserve environment variables that are
specific to an interactive login.

If you wish to preserve those variables, you can do so explicitly.
For example:

env" | at now

 - todd

Re: OpenBSD: signal handling and strange behaviour.

2018-01-30 Thread Todd C. Miller
There are known clock/timer issues with OpenBSD under KVM due to
what appear to be bugs in KVM.

There is some info in the following thread:

I'm afraid you are on a wild goose chase.  The behavior you are
seeing is not what you'd see on bare metal or on a different
virtualizatoin platform.

 - todd

Re: Writing "ones" instead of "zeroes" when wiping disk

2018-01-11 Thread Todd C. Miller
On Thu, 11 Jan 2018 22:09:32 -0500, "trondd" wrote:

> A 1 is too narrow to fully cover the original data.

You need to use an 8 to wipe out all seven segments.

 - todd

Re: Performance issues as KVM guest?

2018-01-11 Thread Todd C. Miller
This sounds like the same issue as was described here:

 - todd

Re: Code Storing point

2017-12-27 Thread Todd C. Miller
On Thu, 28 Dec 2017 01:57:31 +0300, "jin" wrote:

> My company wrote an authentication software and dev. teams decided to close
> code to others. A customer requested to see codes under one certain
> condition. They demand to see our codes if our company fall into problems
> that cause to lose the company. My point of view this looks like some kind
> of quarantee.
> Have you ever heard anything like this ?
> Is there any software storing point{, company, people, bank or anything
> else} some codes until certain events occour and then let people to see
> codes ?

This is called "source code escrow" and is not uncommon for non-open
code.  See

We had to use an escrow service at one of the companies I worked
for in the past.  I don't recall which one.

You should be able to search on the term "source code escrow" and
find companies that provide this service.

 - todd

Re: something wrong with softraid

2017-12-20 Thread Todd C. Miller
There should be no /dev/rsd4, the correct device nodes are /dev/rsd4a
through /dev/rsd4p.  As you've shown, the /dev/rsd4 file you have
is not a device node anyway, it is a regular file.

You might want to take a look at its contents to try to understand
what created it but it should be safe to just remove it.  Most
likely the file was created via a typo at some point.

 - todd

Re: gtar: ambiguous package

2017-10-09 Thread Todd C. Miller
On Mon, 09 Oct 2017 17:24:53 +0200, Max Power wrote:

> Hi guys, and wishes for the new release, Thank You Theo.
> Installing gtar ask me:
> Ambiguos: choose package for gtar
> a  0:
>  1: gtar-1.28p1
>  2: gtar-1.28p1-static
> Your choice:
> Ok, but differece between 'normal' and 'static'...? 

Packages with the -static suffix are statically linked and do not
depend on shared libraries.  This means that the binary is not
affected by changes in the shared libraries, which can be handy for
development.  It is also consistent with the OpenBSD tar/pax which
is also statically linked.

Chances are it won't make a difference to you and the non-static
package will be a bit smaller.

 - todd

 - todd

Re: Excited for 6.2 - C'mon and release this bad boy!

2017-10-06 Thread Todd C. Miller
On Fri, 06 Oct 2017 16:34:24 +0100, Rui Ribeiro wrote:

> Sorry, have not been able to use the installation image in the last few
> days. The 6.2 directory started popping last week without it existing, and
> even 2-3 days ago the installation was not working yet even trying to point
> to the new directory.

The 6.2 directory will only contain packages for now.  Packages are
the largest part of the release and they get distributed first so
the mirrors have extra time to fetch them.

 - todd

Re: What is the correct debugger used for debugging program built with clang++?

2017-10-05 Thread Todd C. Miller
The gdb in base is very old.  To debug programs compiled with clang
you should use egdb from ports.

 - todd

Re: sudoreplay in sudo 1.8.21 on 6.2-snapshot

2017-09-02 Thread Todd C. Miller
This is fixed in sudo 1.8.21p1.  It's in ports now but you'll need
to wait a bit for a prebuild package, though you can of course
build your own.

 - todd

Re: sudoreplay in sudo 1.8.21 on 6.2-snapshot

2017-09-01 Thread Todd C. Miller
The sudoreplay event loop was rewritten in 1.8.21.  The bug only
occurs when logging input as well as output.  I've reproduced this
now and will debug it later today.

 - todd

Re: how to know the state of the dd's progression

2017-08-09 Thread Todd C. Miller
dd will display progress when it receives SIGINFO, usually bound
to the Control-T keypress.

 - todd

Re: fsck_ffs: cannot alloc 131427074 bytes for lncntp

2017-07-26 Thread Todd C. Miller
On Wed, 26 Jul 2017 17:24:14 +0200, Jon S wrote:

> Problem solved/workaround: running fsck /dev/... worked. The problem seemd
> to be with running fsck_ffs /dev/...

That is because the fsck front-end will increase the resource limits
before executing fsck_ffs.  You should never invoke fsck_fstype

 - todd

Re: bgp-spamd added

2017-06-04 Thread Todd C. Miller
On Sun, 04 Jun 2017 12:09:51 -0500, Edgar Pettijohn wrote:

> Did a little more digging. Looks like the list is on the 
> SORBS Spam list.

I have delisted it.

 - todd

Re: majordomo errata

2017-05-24 Thread Todd C. Miller
On Wed, 24 May 2017 16:59:23 -0400, Choose a display name wrote:

> The first sentence of the "Unsubscribing from Mailing Lists" section
> of majordomo's response to "help" command contains a typo.
> >Your original intro message should contains the exact command
> It should contain, not "contains".

I've fixed that in the majordomo help file.

> Also, according to the message lists owners' addresses must be of
> the form:
> >
> >This is the address of the person or persons who maintain the
> >mailing list.
> But, at least when you subscribe to the @misc you receive a message
> from the

Either or
will work.  I've modified the help file to use the form since that's what we use.

 - todd

Re: 6.1: /usr/local/bin/node: W^X binary outside wxallowed mountpoint

2017-04-25 Thread Todd C. Miller
On Tue, 25 Apr 2017 16:49:36 +0200, Maxim Bourmistrov wrote:

> Any work around for this one?
> Mount with wxallowed not working.

Two things are required:

1) The binary must be on a file system mounted with the wxallowed

2) The binary must have the OPENBSD_WXNEED type in the ELF header.

You can check for #2 by running "readelf -l /usr/local/bin/node".
The output should include a section similar to the following.
If you don't see OPENBSD_WXNEED in there, that is the problem
and you probably need to update your packages to the 6.1 versions.

Program Headers:
  Type   Offset VirtAddr   PhysAddr
 FileSizMemSiz  Flags  Align
  PHDR   0x0040 0x0040 0x0040
 0x0348 0x0348  R E8
  INTERP 0x00af82be 0x00bf82be 0x00bf82be
 0x0013 0x0013  R  1
  [Requesting program interpreter: /usr/libexec/]
  LOAD   0x 0x 0x
 0x00af82be 0x00af82be  R E10
  LOAD   0x00af82be 0x00bf82be 0x00bf82be
 0x00bfe59a 0x00bfe59a  R  10
  LOAD   0x016f6910 0x018f6910 0x018f6910
 0x000a5af0 0x000b6e00  RW 10
  DYNAMIC0x0177dda8 0x0197dda8 0x0197dda8
 0x01b0 0x01b0  RW 8
  NOTE   0x00af82d4 0x00bf82d4 0x00bf82d4
 0x0018 0x0018  R  4
  GNU_EH_FRAME   0x01533634 0x01633634 0x01633634
 0x00049dac 0x00049dac  R  4
 0x 0xE8
  OPENBSD_RANDOM 0x016f6910 0x018f6910 0x018f6910
 0x0008 0x0008  RW 8
  GNU_RELRO  0x016f6910 0x018f6910 0x018f6910
 0x0008f6f0 0x0008f6f0  R  1

Re: OpenBSD 6.1, boot can't find kernel anymore

2017-04-24 Thread Todd C. Miller
You need to post your /var/run/dmesg.boot if you want someone to
help you debug this.

 - todd

Re: ftpsesame package

2017-04-12 Thread Todd C. Miller
On Wed, 12 Apr 2017 21:27:49 +0200, Olivier Regnier wrote:

> "ftpsesame chroots to "/var/empty" and changes to user "proxy" to drop 
> privileges. It does keep a file descriptor to both bpf 
> (4) and pf 
> (4) so it is 
> still very powerful."

The "proxy" user was removed, that is almost certainly the problem.
The port needs a patch to use "_ftp_proxy" instead.

 - todd

Re: getifaddrs()

2017-04-04 Thread Todd C. Miller
On Tue, 04 Apr 2017 09:21:45 -0500, Edgar Pettijohn wrote:

> This is somewhat a continuation of my previous question about max 
> interfaces.  I wanted to know how much space I needed for a buffer using 
> ioctl(). Then I discovered getifaddrs()

Good, you want to use getifaddrs() and not the old ioctl() method.

> But ifconfig only shows one of each interface. Why is getifaddrs() 
> giving me 4 lo0 and 2 iwn0?

I think you'll find the clue in the value of the sa_family field
of the ifa_addr field.

 - todd

Re: Just to understand, ARM64 has SMP and ARM32 does not? &, OpenBSD design fine with ARM's weak mem coherency?

2017-02-26 Thread Todd C. Miller
On Sun, 26 Feb 2017 03:56:33 +, Tinker wrote:

> Did I get it right, that ARM64 has SMP (as of the patches this week), 
> but ARM32 does not have SMP and will not get it too?

As Peter says, someone has to step up andf do the work for ARM32
SMP.  That said, it probably doesn't make sense to work on that
until ARM64 SMP is stable.  A port of the ARM64 pmap to ARM32 would
be easier than trying to implement SMP on the existing ARM32 pmap.

 - todd

Re: Problem with "xargs -0"

2017-01-16 Thread Todd C. Miller
We just need to increment count in the NUL case, nothing more.

 - todd

Index: usr.bin/xargs/xargs.c
RCS file: /cvs/src/usr.bin/xargs/xargs.c,v
retrieving revision 1.31
diff -u -p -u -r1.31 xargs.c
--- usr.bin/xargs/xargs.c   9 Dec 2015 19:29:49 -   1.31
+++ usr.bin/xargs/xargs.c   16 Jan 2017 16:08:23 -
@@ -278,8 +278,10 @@ parse_input(int argc, char *argv[])
goto arg1;
case '\0':
-   if (zflag)
+   if (zflag) {
+   count++;
goto arg2;
+   }
goto addch;
case '\n':
hasblank = 1;

Re: Problem with "xargs -0"

2017-01-16 Thread Todd C. Miller
On Mon, 16 Jan 2017 17:05:30 +0100, Martin Ziemer wrote:

> As I said in the other mail: The -I separates at new LINES (in the
> Code it sets the Parameter -L to 1, so it starts a new entry on every
> non empty line.

I'm sorry but that is a documentation error if anything.  When
using -0 a "line" is delimited by a NUL, not a newline.

 - todd

Re: Problem with "xargs -0"

2017-01-16 Thread Todd C. Miller
On Mon, 16 Jan 2017 16:51:16 +0100, Andreas Kusalananda =?iso-8859-1?B?S+Ro5HJp
?= wrote:

> Well, the manual also says, about "-0":
> Change xargs to expect NUL (‘\0’) characters as separators, instead
> of spaces and newlines.
> Note the "instead of".

It is definitely a bug.  The following diff fixes the problem you
see but causes xargs regress failures.

 - todd

Index: usr.bin/xargs/xargs.c
RCS file: /cvs/src/usr.bin/xargs/xargs.c,v
retrieving revision 1.31
diff -u -p -u -r1.31 xargs.c
--- usr.bin/xargs/xargs.c   9 Dec 2015 19:29:49 -   1.31
+++ usr.bin/xargs/xargs.c   16 Jan 2017 16:03:01 -
@@ -278,8 +278,12 @@ parse_input(int argc, char *argv[])
goto arg1;
case '\0':
-   if (zflag)
+   if (zflag) {
+   hasblank = 1;
+   if (hadblank == 0)
+   count++;
goto arg2;
+   }
goto addch;
case '\n':
hasblank = 1;

Re: Problem with "xargs -0"

2017-01-16 Thread Todd C. Miller
On Mon, 16 Jan 2017 12:19:31 +0100, Andreas Kusalananda =?iso-8859-1?B?S+Ro5HJp
?= wrote:

> However, when I use nul-termination instead:
> $ printf 'hello\00world\00' | xargs -0 -I arg printf '>%s<\n' "arg"
> >hello world<

This appears to be a bug with the -I handling.  Without -I it
works as expected:

$ printf 'hello\00world\00' | xargs -0 printf '>%s<\n'

 - todd

Re: maybe move texinfo from base in the ports?

2017-01-05 Thread Todd C. Miller
On Thu, 05 Jan 2017 21:18:45 +0300, =?UTF-8?B?0JDQvdC00YDQtdC5INCR0L7Qu9C60L7Qv
dGB0LrQuNC5?= wrote:

> remove this obsolete directory, please...

How is it obsolete?  The keynote binary is still built from there,
it's just that the source files all live in the libkeynote directory.

 - todd

Re: usermod: Invalid password: `*'

2017-01-05 Thread Todd C. Miller
This works in -current.  I've verified that it works with rev 1.112
of user.c but OpenBSD 6.0 has user.c rev 1.111.

 - todd

  1   2   3   >