> On Tue, Oct 30, 2018 at 10:32:37PM -0700, Ori Bernstein wrote:
>> On Tue, 30 Oct 2018 22:29:01 -0700, Mike Larkin wrote:
>>
>> > > -if (disk->base->clustersz != disk->clustersz) {
>> > > -log_warn("%s: all disks must share clustersize",
>> > > +
On Tue, Oct 30, 2018 at 10:32:37PM -0700, Ori Bernstein wrote:
> On Tue, 30 Oct 2018 22:29:01 -0700, Mike Larkin wrote:
>
> > > - if (disk->base->clustersz != disk->clustersz) {
> > > - log_warn("%s: all disks must share clustersize",
> > > + fatal("%s:
On Tue, 30 Oct 2018 22:29:01 -0700, Mike Larkin wrote:
> > - if (disk->base->clustersz != disk->clustersz) {
> > - log_warn("%s: all disks must share clustersize",
> > + fatal("%s: could not open %s", basepath, __func__);
>
> is this right?
>
> > +
On Tue, Oct 30, 2018 at 10:01:08PM -0700, Ori Bernstein wrote:
> On Sun, 28 Oct 2018 00:58:57 +0200, Reyk Floeter wrote:
>
> > Most of these are fatal and log_debug. Keep the __func__ there! But we___ll
> > remove it from other logging functions where it was never intended to be
> > used and
On Tue, Oct 30, 2018 at 09:17:19PM -0700, Greg Steuck wrote:
> My syzkaller machine running a recent snapshot just crashed. The value
> 0x415efd243b54d319 passed into uvm_map_deallocate looks quite fishy to me.
>
Known issue. And the parameters in the list aren't right (there needs to be
On Sun, 28 Oct 2018 00:58:57 +0200, Reyk Floeter wrote:
> Most of these are fatal and log_debug. Keep the __func__ there! But we___ll
> remove it from other logging functions where it was never intended to be
> used and potentially reword the warnings nicely.
>
> Reyk
>
Alright, updated
On Sat, Oct 27, 2018 at 12:31:48PM +0200, Mark Kettenis wrote:
> > Date: Sat, 27 Oct 2018 17:16:57 +1100
> > From: Jonathan Gray
> >
> > On Fri, Oct 26, 2018 at 09:47:51PM +0200, Mark Kettenis wrote:
> > > Diff below adds support to uvm to create wtite-combining mappings and
> > > uses this to
My syzkaller machine running a recent snapshot just crashed. The value
0x415efd243b54d319 passed into uvm_map_deallocate looks quite fishy to me.
Some hopefully useful info below.
ddb{4}> trace
Sebastian Benoit wrote:
> Florian Obser(flor...@openbsd.org) on 2018.10.30 18:32:15 +0100:
> > On Tue, Oct 30, 2018 at 10:54:10AM -0600, Theo de Raadt wrote:
> > > Remi Locherer wrote:
> > >
> > > > On Tue, Oct 30, 2018 at 03:20:35PM +, Ricardo Mestre wrote:
> > > > > Hi,
> > > > >
> > >
On Tue, Oct 30, 2018 at 08:43:01PM +0100, Klemens Nanni wrote:
> Prompted by a question on the internet, the following diff removes the
> useless virtual ethernet interface from
> "Option 4 - VMs as real hosts on the same network" where guests are
> bridged directly into the host network.
>
>
>From my point of view, and my sole opinion, the process running as root
from a long standing daemon, and which is not under a chroot, should not have
the hability to write and/or create files (even better if it cannot even
read). But we should reach a consensus once again, and if
Florian Obser(flor...@openbsd.org) on 2018.10.30 18:32:15 +0100:
> On Tue, Oct 30, 2018 at 10:54:10AM -0600, Theo de Raadt wrote:
> > Remi Locherer wrote:
> >
> > > On Tue, Oct 30, 2018 at 03:20:35PM +, Ricardo Mestre wrote:
> > > > Hi,
> > > >
> > > > After all files are opened ripd(8) can
On Tue, Oct 30, 2018 at 02:24:46PM -0600, Todd C. Miller wrote:
> I really dislike the side-effect in filteruser(), see below.
> > +static int
> > +filteruser(char buf[])
> > +{
> > + char *bufp = buf;
> > + uid_t *uidp;
> > +
> > + if (bufp[0] == '-') {
> > + bufp++[0] = ' ';
>
On Tue, 30 Oct 2018 21:09:29 +0100, Klemens Nanni wrote:
> This introduces filteruser() and filterpid(), where the first one can
> now easily be extended to support matching numeric UIDs. The latter one
> is now used by the `highlight` command as well.
I really dislike the side-effect in
Hello -
ftp, ntpd, and telnet set IPTOS_LOWDELAY/IPTOS_THROUGHPUT for IPv4
sockets. Should we do it for IPv6 as well? I used
IPTOS_DCSP_AF21/IPTOS_DSCP_CS1 to match the values ssh uses by default.
Thoughts?
Index: usr.bin/ftp/ftp.c
Another approach to merging code from options and interactive commands.
This introduces filteruser() and filterpid(), where the first one can
now easily be extended to support matching numeric UIDs. The latter one
is now used by the `highlight` command as well.
Feedback? OK?
Index: top.c
Prompted by a question on the internet, the following diff removes the
useless virtual ethernet interface from
"Option 4 - VMs as real hosts on the same network" where guests are
bridged directly into the host network.
vether(4) serves no purpose in this setup, the egress interface can/will
be
On Tue, Oct 30, 2018 at 10:54:10AM -0600, Theo de Raadt wrote:
> Remi Locherer wrote:
>
> > On Tue, Oct 30, 2018 at 03:20:35PM +, Ricardo Mestre wrote:
> > > Hi,
> > >
> > > After all files are opened ripd(8) can have the fs access disabled just
> > > before
> > > each process main loop.
clearly an oversight due to looking at too many daemons at the same
time. since the only thing ripd needs to do is unlink the socket I think
we can remove control_cleanup, even though I'd rather do this
introducing pledge, but for now it's a great compromise.
OK?
Index: control.c
Remi Locherer wrote:
> On Tue, Oct 30, 2018 at 10:54:10AM -0600, Theo de Raadt wrote:
> > Remi Locherer wrote:
> >
> > > On Tue, Oct 30, 2018 at 03:20:35PM +, Ricardo Mestre wrote:
> > > > Hi,
> > > >
> > > > After all files are opened ripd(8) can have the fs access disabled just
> > > >
On Tue, Oct 30, 2018 at 10:54:10AM -0600, Theo de Raadt wrote:
> Remi Locherer wrote:
>
> > On Tue, Oct 30, 2018 at 03:20:35PM +, Ricardo Mestre wrote:
> > > Hi,
> > >
> > > After all files are opened ripd(8) can have the fs access disabled just
> > > before
> > > each process main loop.
Remi Locherer wrote:
> On Tue, Oct 30, 2018 at 03:20:35PM +, Ricardo Mestre wrote:
> > Hi,
> >
> > After all files are opened ripd(8) can have the fs access disabled just
> > before
> > each process main loop. Its 2 childs already run under chroot, but since
> > they
> > are still not
On Tue, Oct 30, 2018 at 03:20:35PM +, Ricardo Mestre wrote:
> Hi,
>
> After all files are opened ripd(8) can have the fs access disabled just before
> each process main loop. Its 2 childs already run under chroot, but since they
> are still not pledged at least they have no way to
ok benno@
Ricardo Mestre(ser...@helheim.mooo.com) on 2018.10.30 15:20:35 +:
> Hi,
>
> After all files are opened ripd(8) can have the fs access disabled just before
> each process main loop. Its 2 childs already run under chroot, but since they
> are still not pledged at least they have no
Hi,
After all files are opened ripd(8) can have the fs access disabled just before
each process main loop. Its 2 childs already run under chroot, but since they
are still not pledged at least they have no way to read/write/create files
within
the chroot. No loads or reloads of the config file
Looks right.
Ricardo Mestre wrote:
> snmpd(8)'s main process needs to open the config file and /dev/pf both with
> read permissions, but once it reaches pledge(2) just before the main loop both
> were already opened. Since snmpd(8) doesn't have a way to load or reload the
> config file, not
Looks good to me.
Ricardo Mestre wrote:
> ifstated(8) needs to load configfile from within the main loop, but also to
> reload it on SIGHUP so unveil(2) it with read permissions. Additionally all
> commands are exec'ed through /bin/sh instead of directly so we can just
> unveil(2) /bin/sh with
Hi,
snmpd(8)'s main process needs to open the config file and /dev/pf both with
read permissions, but once it reaches pledge(2) just before the main loop both
were already opened. Since snmpd(8) doesn't have a way to load or reload the
config file, not even through SIGHUP, then rpath promise is
Makes sense to me.
> Hi,
>
> htpasswd(1) when in batch mode (-I) and 1 argument is used, or when not in
> batch mode and 2 arguments are used we know we have to access argv[0] with rwc
> permissions and also to rwc a temporary file in /tmp so we can unveil(2) both
> argv[0] and /tmp with rwc
Hi,
ifstated(8) needs to load configfile from within the main loop, but also to
reload it on SIGHUP so unveil(2) it with read permissions. Additionally all
commands are exec'ed through /bin/sh instead of directly so we can just
unveil(2) /bin/sh with x perms. Since /bin/sh is already used on
OK florian@
On Mon, Oct 29, 2018 at 11:27:15PM +0100, Remi Locherer wrote:
> Hi,
>
> ospf6d does not support reloading so its parent proc does not need
> filesystem access with the exception of the control socket cleanup on
> exit. Once we teach it how to reload the config it is easy to unveil
On Tue, Oct 30, 2018 at 10:57:08AM +0100, Patrick Wildt wrote:
> On Tue, Oct 30, 2018 at 05:30:55PM +0800, Kevin Lo wrote:
> > On Tue, Oct 30, 2018 at 09:43:08AM +0100, Patrick Wildt wrote:
> > > + if (sc->ure_flags & URE_FLAG_8152)
> > > + ifp->ifp_hardmtu = URE_MAX_FRAMELEN_8152;
> > > +
OK florian@
On Tue, Oct 30, 2018 at 09:02:48AM +, Ricardo Mestre wrote:
> Hi,
>
> htpasswd(1) when in batch mode (-I) and 1 argument is used, or when not in
> batch mode and 2 arguments are used we know we have to access argv[0] with rwc
> permissions and also to rwc a temporary file in /tmp
Klemens Nanni wrote:
> "system" is ambigious, see `owner id` in vm.conf(5).
>
> OK?
>
> Index: faq16.html
> ===
> RCS file: /cvs/www/faq/faq16.html,v
> retrieving revision 1.2
> diff -u -p -r1.2 faq16.html
> --- faq16.html
"system" is ambigious, see `owner id` in vm.conf(5).
OK?
Index: faq16.html
===
RCS file: /cvs/www/faq/faq16.html,v
retrieving revision 1.2
diff -u -p -r1.2 faq16.html
--- faq16.html 25 Oct 2018 15:43:31 - 1.2
+++
On Tue, Oct 30, 2018 at 05:30:55PM +0800, Kevin Lo wrote:
> On Tue, Oct 30, 2018 at 09:43:08AM +0100, Patrick Wildt wrote:
> > + if (sc->ure_flags & URE_FLAG_8152)
> > + ifp->ifp_hardmtu = URE_MAX_FRAMELEN_8152;
> > + else
> > + ifp->ifp_hardmtu = URE_MAX_FRAMELEN_8153;
> >
On Tue, Oct 30, 2018 at 09:43:08AM +0100, Patrick Wildt wrote:
>
> Hi,
>
> I recently wanted to use VLANs on ure(4) but failed. As it turns out,
> hardmtu is set to 1500 which apparently does not leave enough space
> for the VLAN tag. It looks like the Gigabit Version does even support
> Jumbo
Hi,
htpasswd(1) when in batch mode (-I) and 1 argument is used, or when not in
batch mode and 2 arguments are used we know we have to access argv[0] with rwc
permissions and also to rwc a temporary file in /tmp so we can unveil(2) both
argv[0] and /tmp with rwc permissions. In order to avoid
Do not roll our own for-loop, use the proper TAILQ function.
Also use unsleep() instead of unrolling the same functionality here again.
Now there is only one place that resets p_wchan. And the unsleep-part has
the same pattern like in endtsleep().
---
v2:
- TAILQ_FOREACH -> TAILQ_FOREACH_SAFE,
Hi,
I recently wanted to use VLANs on ure(4) but failed. As it turns out,
hardmtu is set to 1500 which apparently does not leave enough space
for the VLAN tag. It looks like the Gigabit Version does even support
Jumbo frames. Thus we can set the maximum framelen on the RX path
to something
On Mon, Oct 29, 2018 at 11:55:52PM +0100, Jan Klemkow wrote:
> On Sun, Oct 28, 2018 at 10:58:34PM +, Jason McIntyre wrote:
> > On Sun, Oct 28, 2018 at 09:40:33PM +0100, Jan Klemkow wrote:
> > > Unlike the manpage saids or one might think , sendto(2) sets errno to
> > > EHOSTUNREACH instead of
41 matches
Mail list logo