root access after failed fsck

Some minutes ago I had a energy blackout here in my city. I was running OpenBSD. When I booted after energy came back, the system did the usual fsck. But this time something went wrong and he just escaped to root, without asking for any passphrase. The system did a question like "point the

Re: root access after failed fsck

As in all BSD's I know of, edit /etc/ttys (as root) and change console to be insecure (it defaults to "secure"). This way you'll be asked for a password when in single user mode. This is no security issue, it is how single user mode "operates" and it's configurable. George. PS. Be sure you

Re: How does isakmpd determine which config stanza to use?

Am 19.02.2016 15:31 schrieb Christopher Sean Hilton: * Am I right to assume that when connecting to isakmpd the soekris box will match to the "Remote router" stanza because it's trying to build a tunnel from "srcid <-> dstid" or is isakmpd using the "local <-> peer" to choose

Re: OpenBSD 5.8 ikev2 road warrior setup with various clients

Since, as it seems, this list is not the appropriate place for asking ikev2 related questions, could anybody please direct me as to where such a place would be (mailing list, irc, etc.)? Thanks again! On 17/02/2016 11:57 πμ, George Mamalakis wrote: On 16/02/2016 11:59 πμ, George Mamalakis

Re: root access after failed fsck

On 2016-02-20, arrowscr...@mail.com wrote: > Some minutes ago I had a energy blackout here in my city. I was running > OpenBSD. > When I booted after energy came back, the system did the usual fsck. > But this time something went wrong and he just escaped to root, without

Re: root access after failed fsck

Wow, that's new to me. Thanks. Anyway, I still think that this "password rescue" should not be allowed by default. I know operating systems can do very little to prevent physical problems like side-channel attacks, but this is not the case, and this does not mean that the OS should not make it

Re: Firefox W^X isn't a part of Pwn2Own contest

Do you also sandbox the browser with some sort of remote desktop, or run under a separate X session? AFAIK X allows any program to meddle with any other program under the same display. No, I don't. Setup is easy. In the easiest scenario just create user, add to /etc/sudoers line which lets you

Re: root access after failed fsck

On 2016-02-20, arrowscr...@mail.com wrote: > Wow, that's new to me. Thanks. > Anyway, I still think that this "password rescue" should not be allowed by > default. > Also, the page 14.21 from faq say "I forgot my passphrase! Sorry. This is > real encryption, there's > not

Re: dhcrelay: send_packet: No buffer space available

On 2016-02-18, Kapetanakis Giannis wrote: > On 12/02/16 18:56, Stuart Henderson wrote: >> On 2016-02-12, Kapetanakis Giannis wrote: >>> Hi, >>> >>> I have a carped firewall which is using dhcrelay to forward dhcp >>> requests to another

Re: root access after failed fsck

On 20/02/2016 12:52 μμ, arrowscr...@mail.com wrote: Wow, that's new to me. Thanks. Anyway, I still think that this "password rescue" should not be allowed by default. I know operating systems can do very little to prevent physical problems like side-channel attacks, but this is not the case,

Re: dhcrelay: send_packet: No buffer space available

On 20/02/16 13:52, Stuart Henderson wrote: Are the carp interfaces "up" (i.e. master) when you see these messages? Yes always. On both firewalls I have net.inet.carp.log=3 and I haven't logged any carp up/down - MASTER/BACKUP transition messages. On the other hand, on backup firewall I

OpenBSD softraid can do scrub, hotspare, hotswap? How do rebuild + those 3 really done? (Absence of docs and howtos - ultimate Q!)

Hi, This email is an attempt to get some knowledge on how softraid works. There's basically zero docs on these topics out here (all docs are about how to set it up first & subsequent times in non-failure cases). If you would be able to respond in "HOWTO form" would be awesome, then at least

..And: Will softraid support !=512byte sectors anytime soon? (SSD:s frequently have 4KB or 16KB)

http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/bioctl.8?query=bioctl=i386 says "CAVEATS Only devices with 512-byte sectors are supported." Is any update upcoming? While it's 512-byte only, what does that mean for write wear amplification and access speeds on SSD:s with 4KB or

Re: OpenBSD softraid can do scrub, hotspare, hotswap? How do rebuild + those 3 really done? (Absence of docs and howtos - ultimate Q!)

ti...@openmailbox.org (Tinker), 2016.02.20 (Sat) 15:29 (CET): > This email is an attempt to get some knowledge on how softraid works. So many of your questions are answered if you start with bioctl(8)[1], and continue with softraid(4)[2]. Maybe bio(4)[3] helps, too. What's there is usually

Re: OpenBSD softraid can do scrub, hotspare, hotswap? How do rebuild + those 3 really done? (Absence of docs and howtos - ultimate Q!)

On 2016-02-20 22:23, Marcus MERIGHI wrote: ti...@openmailbox.org (Tinker), 2016.02.20 (Sat) 15:29 (CET): This email is an attempt to get some knowledge on how softraid works. So many of your questions are answered if you start with bioctl(8)[1], and continue with softraid(4)[2]. Maybe

Re: root access after failed fsck

Sat, 20 Feb 2016 11:52:32 +0100 arrowscr...@mail.com > Wow, that's new to me. Thanks. Yep, the FAQ is pretty new and shiny. FAQ8 general questions. FAQ10 system management. A must read for half the questions you may have in general use. The entire FAQ is the first thing to query before the

stubborn athn

I have an Atheros AR5418 mini-PCI card in my laptop, which I think came from an eBay seller in China. It used to work under OpenBSD, but that may have been back about 5.2 or 4.7. Now I'm using 5.7. It works now in Kismet under OpenBSD, but an ifconfig scan comes up not finding anything. If I

Re: OpenBSD softraid can do scrub, hotspare, hotswap? How do rebuild + those 3 really done? (Absence of docs and howtos - ultimate Q!)

ti...@openmailbox.org (Tinker), 2016.02.20 (Sat) 16:43 (CET): > On 2016-02-20 22:23, Marcus MERIGHI wrote: > >ti...@openmailbox.org (Tinker), 2016.02.20 (Sat) 15:29 (CET): > >>This email is an attempt to get some knowledge on how softraid works. > > > >So many of your questions are answered if you

Re: OpenBSD softraid can do scrub, hotspare, hotswap? How do rebuild + those 3 really done? (Absence of docs and howtos - ultimate Q!)

scrub is IIRC not supported by any softraid yet. Rebuild by all which support redundancy. Marcus recommendation to read man pages can just be highlighted here. Otherwise just read the code for ultimate reference of what is or is not done.

XFCE / activating greyed-out power button / anyone help?

I'm on 5.9-stable, got XFCE on here and just wondering about getting the power and shutdown buttons working as they are greyed out for root and non-root. Here's the old instructions for when 'sudo' was the standard: %users ALL = NOPASSWD:/usr/local/lib/xfce4/session/xfsm-shutdown-helper Then add

Re: OpenBSD softraid can do scrub, hotspare, hotswap? How do rebuild + those 3 really done? (Absence of docs and howtos - ultimate Q!)

On 20 February 2016 at 10:29, Karel Gardas wrote: > scrub is IIRC not supported by any softraid yet. Rebuild by all which > support redundancy. Marcus recommendation to read man pages can just > be highlighted here. Otherwise just read the code for ultimate > reference of what

Reached some limit with sockets?

In a server (OpenBSD amd64 5.7) with many concurrent perl programs that have to open a lot of SSH connections, I get many errors like this: connect() on closed socket GEN136 at /usr/local/libdata/perl5/site_perl/Net/SSH/Perl.pm line 216. Maybe at some point no more sockets can be opened

Re: OpenBSD softraid can do scrub, hotspare, hotswap? How do rebuild + those 3 really done? (Absence of docs and howtos - ultimate Q!)

Marcus, Holy moly, that is beautiful. So glad to understand better what's in the box. Also please note that I'm not trying to suggest to implement lots of crap, am perfectly clear that high security is correlated with low complexity. On 2016-02-21 00:29, Marcus MERIGHI wrote:

Re: OpenBSD softraid can do scrub, hotspare, hotswap? How do rebuild + those 3 really done? (Absence of docs and howtos - ultimate Q!)

On 2016-02-21 01:29, Karel Gardas wrote: scrub is IIRC not supported by any softraid yet. But there's "patrol"! "bioctl -t start mysoftraid" Rebuild by all which support redundancy. Yey! Clarified by Marcus & looking forward to his clarification Marcus recommendation to read man pages

Re: OpenBSD softraid can do scrub, hotspare, hotswap? How do rebuild + those 3 really done? (Absence of docs and howtos - ultimate Q!)

On Sat, Feb 20, 2016 at 9:23 PM, Tinker wrote: > > On 2016-02-21 01:29, Karel Gardas wrote: >> >> scrub is IIRC not supported by any softraid yet. > > > But there's "patrol"! > > "bioctl -t start mysoftraid" bioctl also supports hardware raid cards besides softraid, so

Re: XFCE / activating greyed-out power button / anyone help?

Hi. On 02/20/16 16:20, Nick wrote: I'm on 5.9-stable, > 5.9 isn't released yet, maybe you wanted to say 5.8-stable or 5.9-current? got XFCE on here and just wondering about getting the power and shutdown buttons working as they are greyed out for root and non-root. Here's the old

Re: OpenBSD softraid can do scrub, hotspare, hotswap? How do rebuild + those 3 really done? (Absence of docs and howtos - ultimate Q!)

On 20 February 2016 at 12:23, Tinker wrote: > > On 2016-02-21 01:29, Karel Gardas wrote: >> >> scrub is IIRC not supported by any softraid yet. > > > But there's "patrol"! > > "bioctl -t start mysoftraid" [...] > On 2016-02-21 02:44, Constantine A. Murenin wrote: >> >> On

Re: OpenBSD softraid can do scrub, hotspare, hotswap? How do rebuild + those 3 really done? (Absence of docs and howtos - ultimate Q!)

On Sat, Feb 20, 2016 at 8:44 PM, Constantine A. Murenin wrote: > > Scrub cannot possibly be supported due to the design of the softraid: > > http://mdoc.su/o/softraid.4 > > The RAID 1 discipline does not initialize the mirror upon creation. This > is by design because

Re: OpenBSD softraid can do scrub, hotspare, hotswap? How do rebuild + those 3 really done? (Absence of docs and howtos - ultimate Q!)

On 2016-02-21 05:05, Karel Gardas wrote: The RAID 1 discipline does not initialize the mirror upon creation. This is by design because all sectors that are read are written first. There is no point in wasting a lot of time syncing random data. I'm afraid the claim "all sectors that are read

Re: OpenBSD softraid can do scrub, hotspare, hotswap? How do rebuild + those 3 really done? (Absence of docs and howtos - ultimate Q!)

On 20 February 2016 at 14:29, Tinker wrote: [..] > On 2016-02-21 04:39, Constantine A. Murenin wrote: [..] >> When you do http://mdoc.su/o/newfs.8, it does not write to every >> sector of the underlying partition; thus you cannot expect all sectors >> to be the same. > > >

Re: XFCE / activating greyed-out power button / anyone help?

Right enough, meant to say 5.8 stable! Thanks a lot for your advice, I now have everything set up the way I want it - thanks! ..really gotta remember to read the pkg_readme's next time! ha Regards Hi. On 02/20/16 16:20, Nick wrote: > I'm on 5.9-stable, > 5.9 isn't released

Re: Reached some limit with sockets?

Sat, 20 Feb 2016 20:06:57 +0100 Federico Giannici > In a server (OpenBSD amd64 5.7) with many concurrent perl programs that > have to open a lot of SSH connections, I get many errors like this: Have you tried connection sharing with ssh(1) yet? Does the Net:SSH give you

Re: PPPoE / isakmpd race

On Wed, Feb 17, 2016 at 1:38 AM, Stuart Henderson wrote: > > A more generic (but more complicated) approach would be to use ifstated > to wait until the interface is up before running isakmpd. Stu, Thanks a bunch for this suggestion. This turned out to be the ticket!

Re: Building AMI for AWS EC2

Hi Guys, Any updates on this? I am toying with AWS in the case one of my lab's projects has to be moved to thier infrastructure. I just played creating network gateway/firewall using Colin Percival's FreeBSD. Works OK but having OpenBSD latest PF, relayd, httpd, and other goodies sure would be