Re: core statement on fexecve, O_EXEC, and O_SEARCH

“able to permit”. [2] Like many insomniacs, I get naughtier as the night goes on. -- 3072D/F3A66B3A Julian Yon (2012 General Use) pgp.2...@jry.me signature.asc Description: PGP signature

Re: Making forced unmounts work

no process can open anything new on the detached fs, if it eventually unwedges itself somehow it won't get rewedged. Julian -- 3072D/F3A66B3A Julian Yon (2012 General Use) pgp.2...@jry.me signature.asc Description: PGP signature

Re: core statement on fexecve, O_EXEC, and O_SEARCH

pretty early on. I haven't solved it, but the problem seems to be one of context - if you try to execve /proc/self you'll also get ENOENT instead of the expected EACCES. Julian -- 3072D/F3A66B3A Julian Yon (2012 General Use) pgp.2...@jry.me signature.asc Description: PGP signature

Re: core statement on fexecve, O_EXEC, and O_SEARCH

On Tue, 4 Dec 2012 15:30:36 + David Holland dholland-t...@netbsd.org wrote: On Tue, Dec 04, 2012 at 01:58:13PM +, Julian Yon wrote: The descriptor is probably already closed on exec before the syscall tries to use it. Nope. That happens later. I was looking through

Re: Problem identified: WAPL/RAIDframe performance problems

On Sun, 2 Dec 2012 04:04:23 + David Holland dholland-t...@netbsd.org wrote: On Sun, Dec 02, 2012 at 03:22:24AM +, Julian Yon wrote: It's not weird, and there is a gain; it's for compatibility with large amounts of deployed code that assumes all devices have 512-byte blocks

Re: Problem identified: WAPL/RAIDframe performance problems

. Because that implies that the designers have made the explicit decision to sacrifice performance for no gain. But there is a cost: they had to write firmware code to emulate that block size. Julian -- 3072D/F3A66B3A Julian Yon (2012 General Use) pgp.2...@jry.me signature.asc Description: PGP

Re: fexecve, round 2

to read the contents of the file. You can open with --x but (correctly) you can't read from the file. Julian -- 3072D/F3A66B3A Julian Yon (2012 General Use) pgp.2...@jry.me signature.asc Description: PGP signature

Re: [PATCH] fexecve

On Sat, 17 Nov 2012 21:45:02 + David Laight da...@l8s.co.uk wrote: On Fri, Nov 16, 2012 at 12:52:30PM +, Julian Yon wrote: What does this gain over passing a filename around? (NB. I'm not claiming that's an entirely safe model either, but it's already possible). You don't

Re: fexecve, round 2

not sure if that's safe), and any other failed with EBADF? Seems to me this would allow the intended usage (tenuous as the rationale is) while closing the chroot based holes that have been discussed. Julian -- 3072D/F3A66B3A Julian Yon (2012 General Use) pgp.2...@jry.me signature.asc Description

Re: [PATCH] fexecve

On Sun, 18 Nov 2012 14:31:29 -0500 Thor Lancelot Simon t...@panix.com wrote: On Sun, Nov 18, 2012 at 07:27:27PM +, Julian Yon wrote: On Sat, 17 Nov 2012 21:45:02 + David Laight da...@l8s.co.uk wrote: You don't need the executable image inside the chroot. I don't believe

Re: [PATCH] fexecve

read rights you can open with O_EXEC instead, and you can't read the file you just opened; it merely provides a mechanism to pointlessly use fexecve. Julian -- 3072D/F3A66B3A Julian Yon (2012 General Use) pgp.2...@jry.me signature.asc Description: PGP signature

Re: [PATCH] fexecve

/F3A66B3A Julian Yon (2012 General Use) pgp.2...@jry.me signature.asc Description: PGP signature

Re: [PATCH] fexecve

needed the executable itself to do the chroot. What does this gain over passing a filename around? (NB. I'm not claiming that's an entirely safe model either, but it's already possible). Julian -- 3072D/F3A66B3A Julian Yon (2012 General Use) pgp.2...@jry.me signature.asc Description: PGP

Re: [PATCH] fexecve

, NetBSD doesn't define O_EXEC anyway (nor does Linux). Julian -- 3072D/F3A66B3A Julian Yon (2012 General Use) pgp.2...@jry.me signature.asc Description: PGP signature

Re: [PATCH] fexecve

files pretty much pwnz0rz the system already.) Depends whether they can overwrite all root-owned files, or just specific ones (due to some other exploit). Julian -- 3072D/F3A66B3A Julian Yon (2012 General Use) pgp.2...@jry.me signature.asc Description: PGP signature

Re: [PATCH] fexecve

/F3A66B3A Julian Yon (2012 General Use) pgp.2...@jry.me signature.asc Description: PGP signature

Re: [PATCH] fexecve

On Thu, 15 Nov 2012 16:02:50 -0500 Thor Lancelot Simon t...@panix.com wrote: Look at that rationale carefully and I think you will see the race condition that it does not eliminate. Talk about a solution looking for a problem! Indeed I do. Fair point. Julian -- 3072D/F3A66B3A Julian Yon

Re: suenv

-- 3072D/F3A66B3A Julian Yon (2012 General Use) pgp.2...@jry.me signature.asc Description: PGP signature

Re: suenv

people's incorrect code work most of the time are justifiable. The system authentication path is not one of them! I thought he was advocating a more generic kludge mechanic rather than one specific to authentication? Julian -- 3072D/F3A66B3A Julian Yon (2012 General Use) pgp.2...@jry.me

Re: suenv

that this is Not NetBSD's Problem, but I wonder how many people devise their own insane “solutions” to this sort of thing and are put at risk by the lack of an official workaround? I'm thinking particularly of less experienced folk, here. -- 3072D/F3A66B3A Julian Yon (2012 General Use) pgp.2...@jry.me

Re: suenv

the real problem in your specific case lies in the design of the module, not in the threads restriction. Julian -- 3072D/F3A66B3A Julian Yon (2012 General Use) pgp.2...@jry.me signature.asc Description: PGP signature