Kernel Panic

[arrowscript]

I login on root to restart the network and the system crashed.
What I did:
- Login with root on ttyC0
- Tell dhcp that I wanted dns to localhost:

# echo "supersede domain-name-servers 127.0.0.1;" >> /etc/dhclient.conf

- Then restarted the net:

# sh /etc/netstart

After that the system crashed. Here's the log:

panic: pod_do_get: mcl9k free list modified: page 0xff0038f8; item addr 
0xff0038f90218; ofset 0x0= 0921ff7e91d5d342f
Stopped at Debugger+0x9: leave
TID PID UID PRFLAGS PFLAGS CPU COMMAND
debugger() at debugger+0x9
panic() at panic+0xfe
pool_do_get() at pool_do_get+0x2ee
pool_get() at pool_get+0xb5
m_clget() at m_clget+0x51
re_newbug() at re_newbug+0x34
re_rx_list_fill() at re_rx_list_fill+0x3a
re_rxeof() at re_rxeof+0x334
re_intr() at re_intr+0x189
intr_handler() at intr_handler+0x28
Xintr_ioapic_edge22() at Xintr_ioapic_edge22+0xc9
--- interrupt ---
acpicpu_idle() at acpicpu_idle+0x209
cpu_idle_cycle() at cpu_idle_cycle+0x10
end trace frame: 0x0, count:2



I forced the reboot and had to manually run fsck_ffs(8) on /dev/sd0k (my 
/home/). After that the system booted just fine.
Here's the dmesg, if you need more informations let me know:


OpenBSD 5.9 (GENERIC) #1761: Fri Feb 26 01:15:04 MST 2016
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC
real mem = 8443473920 (8052MB)
avail mem = 8183418880 (7804MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xe98e0 (93 entries)
bios0: vendor American Megatrends Inc. version "1601" date 11/27/2013
bios0: ASUSTeK COMPUTER INC. P8H61-M LX2 R2.0
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT MCFG HPET SSDT DMAR SSDT SSDT
acpi0: wakeup devices P0P1(S4) PXSX(S4) RP01(S4) PXSX(S4) RP02(S4) PEGP(S4) 
PEG0(S4) PEG1(S4) PEG2(S4) PEG3(S4) PXSX(S4) RP04(S4) PXSX(S4) RP03(S4) 
PS2K(S4) PS2M(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz, 3200.55 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 100MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1, IBE
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
acpimcfg0 at acpi0 addr 0xf800, bus 0-63
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (P0P1)
acpiprt2 at acpi0: bus 2 (RP01)
acpiprt3 at acpi0: bus -1 (RP02)
acpiprt4 at acpi0: bus 1 (PEG0)
acpiprt5 at acpi0: bus -1 (PEG1)
acpiprt6 at acpi0: bus -1 (PEG2)
acpiprt7 at acpi0: bus -1 (PEG3)
acpiprt8 at acpi0: bus 5 (RP04)
acpiprt9 at acpi0: bus 3 (RP03)
acpiprt10 at acpi0: bus 4 (PXSX)
acpiec0 at acpi0: not present
acpicpu0 at acpi0: C3(350@80 mwait.1@0x20), C2(500@59 mwait.1@0x10), C1(1000@1 
mwait.1), PSS
acpipwrres0 at acpi0: FN00, resource for FAN0
acpipwrres1 at acpi0: FN01, resource for FAN1
acpipwrres2 at acpi0: FN02, resource for FAN2
acpipwrres3 at acpi0: FN03, resource for FAN3
acpipwrres4 at acpi0: FN04, resource for FAN4
acpitz0 at acpi0: critical temperature is 106 degC
acpitz1 at acpi0: critical temperature is 106 degC
acpibat0 at acpi0: BAT0 not present
acpibat1 at acpi0: BAT1 not present
acpibat2 at acpi0: BAT2 not present
acpibtn0 at acpi0: PWRB
acpibtn1 at acpi0: LID0
acpivideo0 at acpi0: GFX0
acpivout0 at acpivideo0: DD02
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel Core 3G Host" rev 0x09
ppb0 at pci0 dev 1 function 0 "Intel Core 3G PCIE" rev 0x09: msi
pci1 at ppb0 bus 1
inteldrm0 at pci0 dev 2 function 0 "Intel HD Graphics 2500" rev 0x09
drm0 at inteldrm0
inteldrm0: msi
inteldrm0: 1920x1080
wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation)
wsdisplay0: screen 1-5 added (std, vt100 emulation)
"Intel 6 Series MEI" rev 0x04 at pci0 dev 22 function 0 not configured
ehci0 at pci0 dev 26 function 0 "Intel 6 Series USB" rev 0x05: apic 2 int 23
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
azalia0 at pci0 dev 27 function 0 "Intel 6 Series HD Audio" rev 0x05: msi
azalia0: codecs: VIA/0x0397
audio0 at azalia0
ppb1 at pci0 dev 28 function 0 "Intel 6 Series PCIE" rev 0xb5: msi
pci2 at ppb1 bus 2
ppb2 at pci0 dev 28 function 2 "Intel 82801BA Hub-to-PCI" rev 0xb5: msi
pci3 at ppb2 bus 3
ppb3 at pci3 dev 0 function 0 "ASMedia ASM1083/1085 PCIE-PCI" rev 0x03
pci4 at ppb3 bus 4
ppb4 at pci0 dev 28 function 3 "Intel 6 Series PCIE" rev 0xb5: msi
pci5 at 

6.0 lyrics

[arrowscript]

I'm impressed. Great job on the music and artwork, I'm sure the
cyberpunk community screaming right now. It's a great contemporary
remake of a classic work that marked a generation.  Congrats for
everyone that worked on this.

Re: where is the image of openbsd arm ?

[arrowscript]

Too much noise folks.
Hardware discussion does not belong to misc@. Please try go to other mailing 
list, maybe people in openbsd-arm will like this hardware related discussion, 
but not here. Thanks.

Re: OpenBSD on SBC?

[arrowscript]

There's some reports of Minnowboard Max working with OpenBSD:
http://web.archive.org/web/20150705061723/http://countersiege.com/2015/02/22/minnowboard_max_openbsd.html

Re: Impossibility of cryptographic verification of downloads

[arrowscript]

>Anything else, that has PGP keys and such.  Good luck!

It's curious you say this Theo, since OpenSSH already uses PGP to
sign the releases... no?  Web of Trust wouldn't minimize the
probablity of corrupted packages?  What makes you think that the
main server (openbsd.org) cannot not be pwned?  Just asking because
I don't really understand the crypto theory behind it all, but I
didn't read any elaborated argument besides a big "NO" from openbsd
community about use of TLS and PGP for packages.

Re: Suggestion: new webpage for openbsd.org

[arrowscript]

>Is this thread to be taking serious?

That's exactly my thought, Mihai. I think this thread fall
under the "Poe's Law":
https://en.wikipedia.org/wiki/Poe%27s_law

>lists () wrant ! com wrote:
>As most development is done on mobile phones these days

This doesn't mean the only sane operating system these days 
need to get inside this mobile madness too. What's the next step 
here? Put all the content under javascript? Use CloudFlare? 
Oh, get Open Sans from Google servers, sure.
Nice css from html5doctor.com , by the way.
If someone are going to implement it, at least remove the reset.css
and the google font. Serious, that's disgusting. Could also put the css
inline with 

Re: Suggestion: new webpage for openbsd.org

[arrowscript]

>I think it's more important to have good mobile support than
perfect console browser support.

I agree with Kamil, this is not a community for Iphone hipsters.
Stop trying to push your user centered design bullshit. Also, no
requests for outside servers should be done, and your template uses
google font.
Many people here use text-based browsers daily. There's many reasons
to do that: speed, security, don't require Xenocara, etc.

Re: TLS now supported on openbsd.org?

[arrowscript]

>So
>is their an agenda or just many idiots who see TLS=security and don't
>see lack of secure cookie usage and XSS vulnerabilities (now protected
>by SSL everywhere) meaning a site is likely exploitable in other ways!!

You guys should seriously check "Nirvana fallacy".

Re: TLS now supported on openbsd.org?

[arrowscript]

Just in case someone don't know, there's a non root-required client
for Let's Encrypt:
https://github.com/diafygi/letsencrypt-nosudo

There's some perl scripts too, so you don't have to download python.
Also, after you generate and sign the certificate, you don't have
to keep the script.

apache-httpd-openbsd?

[arrowscript]

try pkg_add 
http://ftp.openbsd.org/pub/OpenBSD/snapshots/packages/amd64/apache-httpd-2.4.20p1.tgz

TLS now supported on openbsd.org?

[arrowscript]

It's great to see OpenBSD Project supporting Let's Encrypt.  I don't
know if you folks still configuring it, but there's some points
that I noticed: 
- I don't know in modern browsers, but Links 2.12 say that the 
certificate is not valid. It's just old browsers, or firefox also
have this same problem? 
- The RSA is 4096 bits. If I remember correctly, reyk@ said once 
that 4096 is overkill. Any specific reason to use 4096 instead of
2048? 
- Do you plan to support ftp.openbsd.org? Would be great to 
download packages with more security

Re: non-wintel hardware choices

[arrowscript]

Why is ARM not mentioned?
patrick@ seems to be doing a great job on this port. Bitrig is also a thing.
i.MX6 processor seem well supported and could easily run desktop stuff like HD 
videos. I think ODROID-C1 run already, no? It's just $35 last time I checked. 
Sabrelite is the standard for i.MX6, though.

Re: systrace removed? Why?

[arrowscript]

I know about the pledge(2) development, but systrace and pledge are not 
mutually exclusive. Pledge need to be used inline, where systrace can be used 
as a command line tool. 
If you remove it, many scripts that use systrace for privilege reduction will 
broke.
Of course, you can put it on packages, but if you follow this logic, shouldn't 
other tools be also removed and be on packages? banner(1) for example, is kind 
useless. The cpan(1) pkg manager from perl also could be in packages. Same with 
sqlite3, I think. Or telnet, since almost no one uses it anymore. Etc.

systrace removed? Why?

[arrowscript]

Why?

Re: Firefox Crashes; slow xfce

[arrowscript]

I think the problem is with firefox itself.
tedu@ wrote a post about this:
http://www.tedunangst.com/flak/post/firefox-vs-rthreads

Since the code is so bloated, no one will ever waste time trying to fix all the 
issues. Just switch to some other browser, there's plenty of options.
I'm using Links 2.12 on -stable and it works fine for my needs. But there's 
also Xombrero if you need javascript support.

Re: Firefox Crashes; slow xfce

[arrowscript]

Try to raise your aperture driver level to give your gpu more privileges:

# sysctl machdep.allowaperture=2

You can read more about the other levels on man pages (type "man xf86").

Re: can't upgrade using the last snapshot

[arrowscript]

I have network connectivity and DNS seems Ok. The build is 1459828632, from Apr 
5.
And now the system is broken (panic):

Stopped at debugger+0x9: leave
debugger() at debugger+0x9
panic() at panic+0xfe
setroot() at setroot+0xa59
diskconf() at diskconf+0xe3
main() at main+0x538


Sorry, but I can't keep this. I need to have something (at least) working, and 
snapshots are not. I'll just switch to stable.

can't upgrade using the last snapshot

[arrowscript]

The snapshot can't find the mirror. It prints: "no address associated with this 
name".
I have tried many mirrors (inclusing the mother, ftp.openbsd.org), none work 
for me.

I has been a hard time to work with snapshots since last month... many bugs.
I'm using snapshots to help reporting bugs, of course, so I know that this kind 
of situation will happen some times. But, I can't crash the system everytime I 
do a new upgrade... I think it's time to just use stable.

Re: libc issues on last snapshot

[arrowscript]

Solved for me on build 1459134312. Thanks.

Re: libc issues on last snapshot

[arrowscript]

Same problem with build 1458662970.
Anyone experiencing this same problem? I need to know if this is a
hardware problem or if this have something to do with a build fail.

libc issues on last snapshot

[arrowscript]

I did three installations, using install59.fs. In all of them I had problems 
with libc.
The two first I could not boot due to "can't load library libc.so.85.o".
The other I could not install packages because "library c.84.2 not found".
The build is 1458628644 - Tue Mar 22 06:37:24 UTC 2016.
I used a flash device with install59.fs from ftp.openbsd.org. SHA256 checked.

Maybe a hardware problem? Other systems boot normally (debian live, for 
example).
This is a old dmesg from the same machine, since I can't boot from openbsd:


OpenBSD 5.9-beta (GENERIC.MP) #1864: Mon Jan 25 19:11:29 MST 2016
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 16481857536 (15718MB)
avail mem = 15978151936 (15237MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xe98e0 (94 entries)
bios0: vendor American Megatrends Inc. version "1601" date 11/27/2013
bios0: ASUSTeK COMPUTER INC. P8H61-M LX2 R2.0
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT MCFG SSDT BGRT SSDT SSDT DMAR
acpi0: wakeup devices P0P1(S4) PXSX(S4) RP01(S4) PXSX(S4) RP02(S4) PEGP(S4) 
PEG0(S4) \
PEG1(S4) PEG2(S4) PEG3(S4) PXSX(S4) RP04(S4) PXSX(S4) RP03(S4) PS2K(S4) 
PS2M(S4) \
[...] acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz, 3200.43 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,D
 \
S,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2
 \
,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDR
 \
AND,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 100MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz, 3200.03 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,D
 \
S,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2
 \
,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDR
 \
AND,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz, 3200.02 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,D
 \
S,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2
 \
,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDR
 \
AND,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz, 3200.02 MHz
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,D
 \
S,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2
 \
,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDR
 \
AND,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 0, core 3, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
acpimcfg0 at acpi0 addr 0xf800, bus 0-63
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (P0P1)
acpiprt2 at acpi0: bus 2 (RP01)
acpiprt3 at acpi0: bus -1 (RP02)
acpiprt4 at acpi0: bus 1 (PEG0)
acpiprt5 at acpi0: bus -1 (PEG1)
acpiprt6 at acpi0: bus -1 (PEG2)
acpiprt7 at acpi0: bus -1 (PEG3)
acpiprt8 at acpi0: bus 5 (RP04)
acpiprt9 at acpi0: bus 3 (RP03)
acpiprt10 at acpi0: bus 4 (PXSX)
acpiec0 at acpi0: not present
acpicpu0 at acpi0: C1(1000@1 mwait.1), PSS
acpicpu1 at acpi0: C1(1000@1 mwait.1), PSS
acpicpu2 at acpi0: C1(1000@1 mwait.1), PSS
acpicpu3 at acpi0: C1(1000@1 mwait.1), PSS
acpipwrres0 at acpi0: FN00, resource for FAN0
acpipwrres1 at acpi0: FN01, resource for FAN1
acpipwrres2 at acpi0: FN02, resource for FAN2
acpipwrres3 at acpi0: FN03, resource for FAN3
acpipwrres4 at acpi0: FN04, resource for FAN4
acpitz0 at acpi0: critical temperature is 106 degC
acpitz1 at acpi0: critical temperature is 106 degC
acpibat0 at acpi0: BAT0 not present
acpibat1 at acpi0: BAT1 not present
acpibat2 at acpi0: BAT2 not present
acpibtn0 at acpi0: PWRB
acpibtn1 at acpi0: LID0
acpivideo0 at acpi0: GFX0
acpivout0 at acpivideo0: DD02
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel Core 3G Host" rev 0x09
ppb0 at pci0 dev 1 function 0 "Intel Core 3G PCIE" rev 0x09: msi
pci1 at ppb0 bus 1
inteldrm0 at pci0 dev 2 

Re: some problems with disks

[arrowscript]

Thanks for the help Jiri and dan.

Shoudn't full disk encryption be a option on installer?

[arrowscript]

I'm using softraid_crypto for full disk encryption for about one year
now. I used this on a low end Core2Duo and noticed absolutely *no*
performance hit. I also use this on a newer platform and, again, no
performance problems. It's stable too, no issues on booting.
I know some high intensive servers/routers and old machines with old hard
drivers can have serious performance decrease due to this, but this
could be at least a option on installer, I think.
The developers have any arguments against this? Why not? I think this is
a great security improvement, specially for a notebook user.

some problems with disks

[arrowscript]

I'm having some problems with disks. Probably because I still don't
understand enough of how BSD manage them:

1. I was going to install -current on a USB flash drive. I did the
install media using install59.fs and booted. I scape from installer to
shell because I wanted to wipe the drive using dd(1) and to create a
RAID partition (for FDE). I could not find the disk on /dev/, however.
The system print on screen that the disk is located at "sd5" interface
("dmesg | grep sd" confirm this), but I cound not find it using "disklabel
/dev/sd5". The only interfaces there was sd0 and wd0, none was my disk.
How can I find it? The ./install script can find the sd5 normally, but I
can't find it manually.

2. I gave up of the FDE idea temporarily and I just did the install
normally. No problem to install, but the speed of the system was too
slow... at the point that it was basically unusable (>4 hours to install
10 packages and ~4 minutes to startx).
The device, a USB flash drive, have about 10MB/s write speed. It's kinda
slow, but I don't think this was the cause of the slowliness. I checked
the signature of the snapshot and the installed sets had no problem with
SHA256 too, so it's not a problem with corrupted snapshot.

3. When procceding to wipe the disk on my desktop (openbsd -current too)
I cound not do this. This time I could find sd5 using disklabel, but:

# dd if=/dev/arandom of=/dev/sd5 bs=4096

/: write failed, filesystem is full
dd: /dev/sd5: No space left on device


The same happen on rsd5. When trying to wipe just one partition:

# dd if=/dev/arandom of=/dev/rsd5c
Operation not permitted

The message show after just some seconds (the disk has 7.2GB) and the
partitions still there, so I know that dd did not work. 
I thought it was something to do with my kern.securelevel, but when to
down from 2 -> 1 got the same permission problem: 

# sysctl kern.securelevel=1
sysctl: kern.securelevel: Operationg not permitted

dmesg:

penBSD 5.9-beta (GENERIC.MP) #1864: Mon Jan 25 19:11:29 MST 2016
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 16481857536 (15718MB)
avail mem = 15978151936 (15237MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xe98e0 (94 entries)
bios0: vendor American Megatrends Inc. version "1601" date 11/27/2013
bios0: ASUSTeK COMPUTER INC. P8H61-M LX2 R2.0
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT MCFG SSDT BGRT SSDT SSDT DMAR
acpi0: wakeup devices P0P1(S4) PXSX(S4) RP01(S4) PXSX(S4) RP02(S4)
PEGP(S4) PEG0(S4) PEG1(S4) PEG2(S4) PEG3(S4) PXSX(S4) RP04(S4) PXSX(S4)
RP03(S4) PS2K(S4) PS2M(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz, 3200.47 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 100MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz, 3200.03 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz, 3200.03 MHz
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz, 3200.03 MHz
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 0, core 3, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, 

Re: e-commerce framework suggestion? medoc?

[arrowscript]

So, I'll probably use Ubercart. Thanks everyone.
The "Django" software seems good too 'Mariano', I'll read more on that.

About the laws and regulations 'Dave', I will need to see that. Here in my 
country we have all these regulations too. Thanks for the advice.

e-commerce framework suggestion? medoc?

[arrowscript]

I'm currently deciding to do a "e-commerce" website. I noticed that OpenBSD 
Store use a software from medoc.com. 
If not medoc, do you guys have any other suggestion for e-commerce framework? 
It have to be open source, because I can't pay a service now (and I woudn't 
trust them anyway). The idea is to be secure as possible (I know it's difficult 
with all this sql/php madness).
I'll, of course, use httpd(8) on -stable.

Regards.

Re: root access after failed fsck

[arrowscript]

Wow, that's new to me. Thanks.
Anyway, I still think that this "password rescue" should not be allowed by 
default.
I know operating systems can do very little to prevent physical problems like 
side-channel attacks,
but this is not the case, and this does not mean that the OS should not make it 
harder the attacks even
if someone have physical access. There's systems, from what I remember (HP 
servers, I think), that
allow remote control based on firmware. One could use this escape "feature" to 
get your root,
without physical access. Same for hosts services.
Also, the page 14.21 from faq say "I forgot my passphrase! Sorry. This is real 
encryption, there's
not a back door or magic unlocking tool." why exactly the root should be 
different? If one lost his
passphrase, it's his fault. I thought the philosophy was "secure by default", 
even if this make the
"computer difficult to manage properly".

root access after failed fsck

[arrowscript]

Some minutes ago I had a energy blackout here in my city. I was running 
OpenBSD. 
When I booted after energy came back, the system did the usual fsck. 
But this time something went wrong and he just escaped to root, without asking 
for any passphrase.
The system did a question like "point the path to sh", and I just typed 
"/bin/sh" and he gained access to root.
I think this is a serious security problem folks. I have softraid_crypto, so no 
problem for me, but one could (probably) induce this failure to access root 
when no FDE configured and he have physical access (or remove, who know with 
all these Intel AMT microcodes).
The /var/log/ have none logs about it, all I can show is the dmesg (if you need 
more information, just ask):

OpenBSD 5.9-beta (GENERIC.MP) #1864: Mon Jan 25 19:11:29 MST 2016
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 16481857536 (15718MB)
avail mem = 15978151936 (15237MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xe98e0 (94 entries)
bios0: vendor American Megatrends Inc. version "1601" date 11/27/2013
bios0: ASUSTeK COMPUTER INC. P8H61-M LX2 R2.0
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT MCFG SSDT BGRT SSDT SSDT DMAR
acpi0: wakeup devices P0P1(S4) PXSX(S4) RP01(S4) PXSX(S4) RP02(S4) PEGP(S4) 
PEG0(S4) PEG1(S4) PEG2(S4) PEG3(S4) PXSX(S4) RP04(S4) PXSX(S4) RP03(S4) 
PS2K(S4) PS2M(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz, 3200.43 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 100MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz, 3200.03 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz, 3200.02 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz, 3200.02 MHz
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 0, core 3, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
acpimcfg0 at acpi0 addr 0xf800, bus 0-63
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (P0P1)
acpiprt2 at acpi0: bus 2 (RP01)
acpiprt3 at acpi0: bus -1 (RP02)
acpiprt4 at acpi0: bus 1 (PEG0)
acpiprt5 at acpi0: bus -1 (PEG1)
acpiprt6 at acpi0: bus -1 (PEG2)
acpiprt7 at acpi0: bus -1 (PEG3)
acpiprt8 at acpi0: bus 5 (RP04)
acpiprt9 at acpi0: bus 3 (RP03)
acpiprt10 at acpi0: bus 4 (PXSX)
acpiec0 at acpi0: not present
acpicpu0 at acpi0: C1(1000@1 mwait.1), PSS
acpicpu1 at acpi0: C1(1000@1 mwait.1), PSS
acpicpu2 at acpi0: C1(1000@1 mwait.1), PSS
acpicpu3 at acpi0: C1(1000@1 mwait.1), PSS
acpipwrres0 at acpi0: FN00, resource for FAN0
acpipwrres1 at acpi0: FN01, resource for FAN1
acpipwrres2 at acpi0: FN02, resource for FAN2
acpipwrres3 at acpi0: FN03, resource for FAN3
acpipwrres4 at acpi0: FN04, resource for FAN4
acpitz0 at acpi0: critical temperature is 106 degC
acpitz1 at acpi0: critical temperature is 106 degC
acpibat0 at acpi0: BAT0 not present
acpibat1 at acpi0: BAT1 not present
acpibat2 at acpi0: BAT2 not present
acpibtn0 at acpi0: PWRB
acpibtn1 at acpi0: LID0
acpivideo0 at acpi0: GFX0
acpivout0 at acpivideo0: DD02
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel Core 3G Host" rev 0x09
ppb0 at pci0 

Re: No more proxy on ftp(1)?

[arrowscript]

Thank you for your help Stuart. I'll just use curl for now. Actually use 
torsocks seems a bad practice for any situation, I should just set a 
transparent proxy (but the pf.conf from torproject.org does not work, I'll need 
to write is myself some day).
Thanks again.

No more proxy on ftp(1)?

[arrowscript]

Hi,
I just did the upgrade to 5.9 -current and found that socks connections don't 
work for ftp(1) and, of course, the perl scripts using it (pkg_add). Is this a 
expected behaviour?
I'm using the "torsocks" wrapper to force socks to localhost:9050.

This have something to do with new pledge privsep?

Re: No more proxy on ftp(1)?

[arrowscript]

Thanks.
Yes, it does core dump on "Abort trap".
Any idea on how I can force ftp(1) to socks5? The man page  say nothing about 
proxy other than http or ftp, and I have not set a transparent proxy yet...

Good to know that pledge is doing his job. So far, no other problem with the 
transition between 5.8 to 5.9.