Re: malloc.conf: better docs and impl for J/J

On Sun, Jul 03, 2016 at 09:31:11AM +0200, Otto Moerbeek wrote: > On Sat, Jul 02, 2016 at 01:17:10PM -0400, Ted Unangst wrote: > > > Otto Moerbeek wrote: > > > Hi, > > > > > > J/j is actually a three valued var. So document that and make it > > > possible to set all three values. Default is

Re: pledge bpf + 32bit arch unbreak

On Tue, Jul 05, 2016 at 08:12:05PM +0200, Martin Pelikan wrote: > > The uint64_t part still stands. > ok semarie@ -- Sebastien Marie

Add libtls functionality for OCSP, and OCSP stapling support

Ok, so this work was done by Marko Kreen, all as the result of a very long discussion in: https://github.com/libressl-portable/openbsd/pull/47 In a nutshell, I threw down a glove that libtls could have functions to support OCSP, and make it where a client could write ocsp stuff, but I would

Re: Root can panic kernel with mknod on a tmpfs filesystem

On Tue, Jul 05, 2016 at 07:21:57PM -0400, Ted Unangst wrote: > Tim Newsham wrote: > > Recommendation: > > Validate the device number vap->va_rdev in tmpfs_mknod() and return > > an error if it is VNOVAL (-1). > > Sounds about right to me. > > Index: tmpfs_vnops.c >

Re: Root can panic kernel with mknod on a tmpfs filesystem

Tim Newsham wrote: > Recommendation: > Validate the device number vap->va_rdev in tmpfs_mknod() and return > an error if it is VNOVAL (-1). Sounds about right to me. Index: tmpfs_vnops.c === RCS file:

route6d summer cleanup

Nobody cares about route6d, and it shows: runas as root, not chrooted. Also it uses wide pledge(2) permissions. I have diffs to switch the logging to log.c and use it to support the -R option and /var/run/route6d_dump. The end goal is to use a tighter pledge(2) call: + if (pledge("stdio

Root can panic kernel with mknod on a tmpfs filesystem

Hi, While fuzzing the openbsd system call interface we came across a low severity issue. The details are below in our proof-of-concept that includes a writeup with recommendations. Tim & Jesse @ NCC Group /* * tmpfs_mknod_panic.c: *Demonstrate a panic in tmpfs when performing mknod

Re: [armv7] introducing tipru(4)

On Tue, Jul 5, 2016 at 12:56 AM, Jonathan Gray wrote: > I don't have time to look into how tied to the rest of the > system the pru is at the moment. I can save you the trouble; page 198 of am335x TRM: "The PRUs have access to all resources on the SoC through the Interface/OCP

Re: pledge bpf + 32bit arch unbreak

Martin Pelikan writes: [...] > The uint64_t part still stands. ok jca@ -- jca | PGP: 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE

Re: pledge bpf + 32bit arch unbreak

> In many bpf-using programs, bpf is setup before privs are droppped, > then locked, and then no significant ioctl's are done after that. > > So please show the userland diffs that use this. You're right. I was thinking of arp(8) but that code path is write only. I wrote it for the GSoC dhcpd

Re: pledge bpf + 32bit arch unbreak

In many bpf-using programs, bpf is setup before privs are droppped, then locked, and then no significant ioctl's are done after that. Meaning, which bpf is being setup -- the program is still fully root, has no lockdown, etc, and the bpf programming component is probably not the riskiest aspect...

pledge bpf + 32bit arch unbreak

Only the bits necessary to set up a filter and lock down an incoming interface. Index: kern/kern_pledge.c === RCS file: /cvs/src/sys/kern/kern_pledge.c,v retrieving revision 1.174 diff -u -p -r1.174 kern_pledge.c ---

Re: [PATCH] dont increase the size of socket buffers in low memory situations

2016-07-05 15:36 GMT+02:00, Claudio Jeker : > On Tue, Jul 05, 2016 at 07:22:27AM -0600, Bob Beck wrote: >> Makes sense to me. Others? >> >> >> On Tue, Jul 5, 2016 at 4:08 AM, Simon Mages >> wrote: >> > At the moment the buffersize will be set

Re: [PATCH] dont increase the size of socket buffers in low memory situations

On Tue, Jul 05, 2016 at 07:22:27AM -0600, Bob Beck wrote: > Makes sense to me. Others? > > > On Tue, Jul 5, 2016 at 4:08 AM, Simon Mages > wrote: > > At the moment the buffersize will be set to the default even if the > > current value > > is smaller. > > > > The

Re: [PATCH] dont increase the size of socket buffers in low memory situations

Makes sense to me. Others? On Tue, Jul 5, 2016 at 4:08 AM, Simon Mages wrote: > At the moment the buffersize will be set to the default even if the > current value > is smaller. > > The following diff fixes this problem. > > Index: netinet/tcp_usrreq.c >

Re: syslogd: accept space-deliminated fields

- Original Message - > From: "Todd C. Miller" > To: "tech" > Sent: Friday, July 1, 2016 12:55:11 PM > Subject: syslogd: accept space-deliminated fields > Linux, Net and Free also support space-deliminated fields. Maybe > we should too... > -

Re: does true.c need command line arguments?

On Mon, Jul 04, 2016 at 03:04:32PM -0600, Theo de Raadt wrote: > Because main() is specified to take those arguments. For what it's worth, the C-standard [1] specifies both versions: int main(void) and int main(int argc, char *argv[]). Regards Simon [1]: C11-draft, section 5.1.2.2.1 -- +

Re: ypbind: convert from select to poll

On Tue, 05 Jul 2016 07:32:19 +0200, Jeremie Courreges-Anglas wrote: > Updated diff: > - ignore EINTR > - add a comment about POLLHUP, for people that could be tempted to copy > the code. Looks great, OK millert@ - todd

Re: libc: simplify devname() fallback

On Mon, 04 Jul 2016 22:24:02 -0700, Philip Guenther wrote: > Yep. Too much programming in a garbage collected language recently, I > guess. :-) > > Revised diff below. OK millert@ - todd

Re: IPv6 forwarding path without KERNEL_LOCK

On 04/07/16(Mon) 15:52, Alexander Bluhm wrote: > On Mon, Jul 04, 2016 at 01:03:22PM +0200, Martin Pieuchot wrote: > > + if (ip6_hbhchcheck(m, , , )) { > > + if_put(ifp); > > + return; /* m have already been freed */ > > } > > As ip6_hbhchcheck() does ip6 = mtod(m, struct

[PATCH] dont increase the size of socket buffers in low memory situations

At the moment the buffersize will be set to the default even if the current value is smaller. The following diff fixes this problem. Index: netinet/tcp_usrreq.c === RCS file: /cvs/src/sys/netinet/tcp_usrreq.c,v retrieving revision