Re: Security and PAX
On Jun 16, 2015 7:42 PM, Christos Zoulas chris...@zoulas.com wrote: On Jun 16, 7:54pm, rhin...@epost.ch (rhin...@epost.ch) wrote: -- Subject: Re: Security and PAX | On Mon, Jun 15, 2015 at 09:59:34AM -0400, Christos Zoulas wrote: | On Jun 15, 9:15am, rhin...@epost.ch (rhin...@epost.ch) wrote: | -- Subject: Re: Security and PAX | | | I will send you this info soon. Should I recompile Userland programs and libs | | with the parameter -fpic. If I remember well, it was the library | | libtermcap (from userland) which cannot be linked and the error | | message suggested to compile it with -fpic. | | Ah, for this link all the archive libraries into the binary you need to create | libfoo_pic.a for each one of them like you have for libc... It is not hard | to do, but we don't do it by default because people don't need it and it | takes more time and space. | | The needed libraries are already in NetBSD and I could use them. | Hoewever, I get a new error message when I try to do manually | the link command: | -- | virtualisation# cc -static -Wl,-I/libexec/ld.elf_so -Wl,-pie -o zsh main.o `cat stamp-modobjs` -lc_pic -ltermcap_pic -lrt_pic -lm_pic | ld: /usr/lib/libc.a(errx.o): relocation R_X86_64_32 against `.text' can not be used when making a shared object; recompile with -fPIC | /usr/lib/libc.a: could not read symbols: Bad value | -- | | I don't understand well the meaning of R_X86_64_32 since I compile | in 64 bits (what mean 32?) as you can see in the static version of the executable: This means that you are picking up some code that it is not PIC; the 32 here means 32 bit offsets. The order of the libraries is wrong, you need to put -lc_pic last because the others depend on symbols from it. There is a way to cheat by repeating all the libraries twice :-) --start-group libs --end-group is the cleaner way to say they have interdependencies... Justin
Re: NPF on domU - more clarity required
On Sun, Dec 28, 2014 at 2:40 AM, Greg Troxel g...@ir.bbn.com wrote: John Nemeth jnem...@cue.bc.ca writes: On Dec 27, 10:56am, Greg Troxel wrote: One option would be to turn /boot into something that works like pvgrub. This shouldn't actually be that hard. This is something that I added to the project list a while ago: http://wiki.netbsd.org/projects/project/xenboot/ Of course, this would require convincing the VPS operator to use it. True, but convincing someone to write it and use it is far harder... I think just extending the ufs code in pygrub to understand changes since Solaris might be relatively straightforward. http://xenbits.xensource.com/hg/xen-unstable.hg/file/bca284f67702/tools/libfsimage/ufs/fsys_ufs.c (There are also plans that pygrub should run on NetBSD rump kernel, at which point using the actual NetBSD ffs driver might be possible, but thats away off). Justin
Re: System fully writable right after install
On Thu, Nov 20, 2014 at 10:24 AM, Ottavio Caruso ottavio2006-net...@yahoo.com wrote: Hello, just performed a fresh install of a Netbsd 6.1 patch (amd64) from the releng repos. The installl was very smooth (I had tried a Nebsd-7 install but I encountered fatal errors). The last time I installed 6.1.2 I remember the system booting read only in single mode. I had to remount / rw and edit rc.conf and restart. To my surprise I didn't have to do anything, the system is already rw and I haven't even touched rc.conf. I am using wireless and didn't have to configure anything. During installation it detected wireless settings automatically and installed pkgsrc. As it is a fresh installation, has anything changed in the 6-1 installer? Can you file an issue for the 7.0 errors, it should be stable now without regressions. I don't remember 6.1 ever starting in single user mode - perhaps there was an issue with something last time when you installed it which is now fixed? The intention is that it should be ready to go... Justin
Re: aio co-op with socket kqueue on Netbsd
On Wed, Sep 3, 2014 at 3:38 PM, LeiMing lmfor...@gmail.com wrote: Using signals is not going to perform very well, I would not do that... For the lack of implementation of realtime signals, maybe settimer api can be used to handle client's timeout. It's not realtime signals so kqueue can monitor it. Could you tell me whether use kqueue on signals will still have that bad effect on performance? If not, how do unix programmers usually implement timeout? For timers you can use kqueue directly eg https://wiki.netbsd.org/tutorials/kqueue_tutorial/#index5h2 - you do not need to get kqueue to pick up a signal. Justin
Re: NetBSD on VMware ESXi
On Fri, Jul 4, 2014 at 11:30 AM, 三輪晋( Miwa Susumu ) miwa...@gmail.com wrote: hi. Can I use NetBSD as a guest OS on VMWare ESXi? NetBSD is not included in the document. VMware Guest Operating System Installation Guide http://partnerweb.vmware.com/GOSIG/home.html I using the NetBSD if VMWare Player. Are you using the NetBSD on VMWare ESXi someone? It should just work, but I haven't used it. Try following the FreeBSD guide as that is probably the closest. If there are issues you can try changing what emulated hardware devices are used. Justin
Re: specs for a netbsd build system?
On Sun, Jun 22, 2014 at 8:54 AM, Mayuresh Kathe mayur...@kathe.in wrote: hello, looks like my current machine is dying, hence all the problems with even installing netbsd 6.1.4 on it. i would be going for a new machine, primarily with the intent of custom building netbsd for a particular tinkering project. i have no idea about what kind of hardware would be required for performing an entire netbsd build within acceptable time-frames, say 1 hour (without x win). I am not exactly sure how long a full build takes on my various machines, of that order. The biggest improvement is to do incremental builds, or if it suits what you are doing to use rump kernel (10 minute full build). may i please get advice on rough specifications for the same? stuff like; 1. preferable processor (intel! amd!), 2. processing power (clock rate, number of cores, cache, etc), Basically you get roughly what you pay for here, but in a non linear way, so paying twice as much might give you say a 20% speed up. Cores help, but my 4 core fast machine (Xeon 3.5GHz) is a bit faster than my 8 core slower machine (Atom 2.4GHz) in compiling overall. 3. memory (size and type), Builds do not need all that much memory, you wont see much benefit over say 4GB. The more cores you have the more memory you will need as you can do more parallel builds. 4. hard disk (space and type), SSDs do give a performance increase, and are much cheaper now, especially if you do not need that much space. i have a budget of around us$600. Not sure what things cost in US... but I usually recommend spending a reasonably balanced amount on the different components.
Re: lua in kernel!
On Wed, Jun 18, 2014 at 12:06 PM, Mayuresh Kathe mayur...@kathe.in wrote: hello, while i was drawn to netbsd because of the upcoming lua support in the kernel and userland, i am quite lost about the probable use cases for real-world scenarios. prima-face, it feels quite strange to have a scriptable kernel and have that capability extended through out the userland. i have been googling (via lynx) and haven't found anything which would suggest possible use cases for the lua-in-kernel effort. might be because my google skills are poor. can someone with access to such a document please share the details? Currently the best sources I am aware of are Marc Balmer's talks, eg https://archive.fosdem.org/2013/schedule/event/lua_in_the_netbsd_kernel/attachments/slides/278/export/events/attachments/lua_in_the_netbsd_kernel/slides/278/kernel_mode_lua.pdf (I think there is a video somewhere too) There were also some discussions on the NetBSD lists too. But I think we need to put together a better document, examples and actual code. The current working code is for defining line disciplines. I also have a userspace project for programming NetBSD via Lua https://github.com/justincormack/ljsyscall which is being used in various ways, eg for testing the NetBSD Linux compatibility layers and programming rump kernels. also, if the lua-in-kernel effort does succeed, would there be some mechanism to turn it off while doing a customized build? can't figure how useful such a feature might be in a production environment like web-app hosting or even an embedded system. Yes all the Lua support is optional, and will remain that way. Justin
Re: Create a file with history in sh
On Wed, Jun 18, 2014 at 2:14 PM, Rocky Hotas rockyho...@post.com wrote: Sent: Wednesday, June 18, 2014 at 2:51 PM From: Greg Troxel g...@ir.bbn.com To: Rocky Hotas rockyho...@post.com Cc: netbsd-users@netbsd.org Subject: Re: Create a file with history in sh I've redirected followups to netbsd-users. tech-userlevel is for arguing about complicated bugs or proposed changes ;-) Ok :) and sorry for the mistake. I suggest keeping root as /bin/sh for avoiding problems, but best practice is to use the actual root account sparingly anyway. (sudo -E will give you a uid 0 version of your own shell, sourcing dotfiles.) /bin/sh in NetBSD is intentionally minimalist: Thank you for your advices. If this is the right place (or tell me if it is better to continue this discussion privately), I would have three questions: - why /bin/sh is intentionally minimalist? Which are its main purposes? It is mainly a standards compliant shell for running shell scripts, not primarily as an interactive shell, and as a minimal interactive shell if the system is in a minimal state (eg in the installer, or if something fails), or on very small systems. NetBSD tries to have a minimal install that is very small that you then build on. - why do you suggest /bin/sh as default shell for root? It is always going to be there as it is part of the base system. bash (say) might not be, say if you mess up pkgsrc and break it, then you need /bin/sh to recover the situation as root. - do you suggest to seldom use the root account in order to prevent some system damages, like in the other *nix systems, or for other reasons? Yes, it is just the principle of least privilege, only use root when you need to. Justin
Re: NetBSD+Xen with short-lived throw-away guests
On 5 Mar 2014 14:59, Stephen Borrill net...@precedence.co.uk wrote: On Wed, 5 Mar 2014, Stephan wrote: What we need is something like Citrix Provisioning Services. Yes - but even Linux is not longer supported as guest by PVS. XenServer 6.2 has clone-on-boot (designed for MCS as opposed to PVS*) which would be a good option. The problem is the inflexibility of NetBSD's storage backends compared to the blktap stuff used by Linux. jmcneill@ was working on VHD support for vnd which he then spun out into userland by implementing a libvdisk, but this work was never finished. This would allow much more flexible storage backends (such as the VHD chains as used by XenServer or qcow). OTOH, LVM snapshots would be useful, but NetBSD doesn't support that either. * - feel free to ignore all these TLAs if you aren't into Citrix stuff. -- Another model is the extended loop device from OprnVZ http://openvz.org/Ploop/Why which looks quite a nice framework. Justin
Re: Randomness [was: Re: WARNING pseudorandom rekeying]
On Wed, Jan 15, 2014 at 8:47 AM, Fredrik Pettai pet...@nordu.net wrote: While at the topic randomness, would be good if NetBSD could implement an ioctl like Linux RNDADDENTROPY? This helps to increase the randomness by importing inserting from other random sources, like the YubiHSM etc. It does, RNDADDDATA. However you might want to write a driver, as the ioctl does not add to the entropy count (because userspace is untrusted). Justin
Re: ktr_header
On Wed, Dec 11, 2013 at 9:18 PM, Justin Cormack jus...@specialbusservice.com wrote: When /usr/include/sys/ktrace.h says of struct ktr_header int ktr_len;/* length of record minus length of old header */ What is the length of the old header? It doesnt seem to be defined anywhere, and on 64 bit architectures it might be the ktr_header length but on 32 bit it doesn't seem to be. OK I think I got confused, old header == ktr_header apparently. Justin