On Mon, 3 Jul 2017, Franco Fichtner wrote:
>
> > On 2. Jul 2017, at 8:59 PM, Ted Unangst wrote:
> >
> > If the username starts with a digit, but isn't a number, treat it like root.
>
> I question the simplicity of this patch due to the fact that it leaves
> no head room for further security-re
On 08/06/17(Thu) 15:23, Martin Pieuchot wrote:
> Michał Koc reported a crash on misc@, turns out it's a use-after-free:
> http://marc.info/?l=openbsd-misc&m=149597472223216&w=2
>
> The trace indicates that argument given to pf_key_v2_stayalive() is no
> longer valid:
>
> #0 conf_get_str
Michał Koc reported another isakmpd(8) crash, this time related to a
NULL dereference:
#0 0x076e6ff12959 in ipsec_sa_check_flow_any (sa=Variable "sa" is not
available.) at /usr/src/sbin/isakmpd/ipsec.c:275
#1 0x076e6ff1c215 in sa_find (check=0x76e6ff128d0
, arg=0x7708ab93a00) at /usr/sr
On 26/06/17(Mon) 16:15, Martin Pieuchot wrote:
> I'd like to enforce the following "lock" ordering: always hold the
> socket lock when calling sblock().
>
> This would allow me to protect `so_state' in sosend() when setting the
> SS_ISSENDING bit.
>
> Diff below implements that. It also gets rid
All network processing contexts, with the exception of hardware
interrupt handlers, are now process contexts. That means the SPL
protection is no longer needed inside the NET_LOCK().
So the diff below removes the splsofnet()/splx() dance from the
NET_LOCK(). I'm not changing the NET_LOCK() macro
Hi Sebastian,
On Sat, 1 Jul 2017 16:44:14 +0200 Sebastian Benoit wrote:
> This makes netstat show only listening sockets for tcp sockets
> when invoked as netstat -l.
>
> With it "netstat -l -finet -p tcp" is equivalent to
> "netstat -a -finet | grep LISTEN"
This shows listening UDP ports too:
On Sat, Jul 01, 2017 at 04:44:14PM +0200, Sebastian Benoit wrote:
> This makes netstat show only listening sockets for tcp sockets
> when invoked as netstat -l.
> @@ -294,9 +294,14 @@ netdomainpr(struct kinfo_file *kf, int proto)
> }
>
> /* filter listening sockets out unless -a is s
On Sat, Jul 01, 2017 at 08:50:36PM +0200, Sebastian Benoit wrote:
> @@ -149,7 +149,7 @@ protopr(kvm_t *kvmd, u_long pcbaddr, u_int tableid, int
> proto)
> struct kinfo_file *kf;
> int i, fcnt;
>
> - kf = kvm_getfiles(kvmd, KERN_FILE_BYFILE, DTYPE_SOCKET,
> + kf = kvm_getfiles
I'd like to assert the socket lock is held when `so_qlen' is modified
or when it is accessed as part of a sequence that needs atomicity.
ok?
Index: kern/uipc_socket2.c
===
RCS file: /cvs/src/sys/kern/uipc_socket2.c,v
retrieving revis
I'd like to assert that the socket lock is held when modifying
`so_sate'.
ok?
Index: kern/uipc_socket2.c
===
RCS file: /cvs/src/sys/kern/uipc_socket2.c,v
retrieving revision 1.80
diff -u -p -r1.80 uipc_socket2.c
--- kern/uipc_socket2
soo_ioctl() will need to grab the socket lock since it modifies its
states. Sadly this function is sometimes called from socket-only
syscalls which already held the corresponding socket lock.
So the diff below simply set/remove SS_NBIO directly in places where
we are dealing with sockets and alre
On 07/01/17 18:14, Mark Kettenis wrote:
> CVSROOT: /cvs
> Module name: src
> Changes by: kette...@cvs.openbsd.org2017/07/01 10:14:10
>
> Modified files:
> sys/dev/pci/drm: drm_irq.c drm_linux.c drm_linux.h
>drm_linux_list.h drm_mm.c drm_mm.h drm_mode.
On 03/07/17(Mon) 11:18, Martin Pieuchot wrote:
> On 08/06/17(Thu) 15:23, Martin Pieuchot wrote:
> > Michał Koc reported a crash on misc@, turns out it's a use-after-free:
> > http://marc.info/?l=openbsd-misc&m=149597472223216&w=2
> >
> > The trace indicates that argument given to pf_key_v2_sta
On Mon, Jul 03, 2017 at 02:41:15PM +0200, Martin Pieuchot wrote:
> I'd like to assert the socket lock is held when `so_qlen' is modified
> or when it is accessed as part of a sequence that needs atomicity.
>
> ok?
OK bluhm@
>
> Index: kern/uipc_socket2.c
> ==
On Mon, Jul 03, 2017 at 02:42:15PM +0200, Martin Pieuchot wrote:
> I'd like to assert that the socket lock is held when modifying
> `so_sate'.
>
> ok?
OK bluhm@
>
> Index: kern/uipc_socket2.c
> ===
> RCS file: /cvs/src/sys/kern/uip
On Mon, Jul 03, 2017 at 02:48:49PM +0200, Martin Pieuchot wrote:
> soo_ioctl() will need to grab the socket lock since it modifies its
> states. Sadly this function is sometimes called from socket-only
> syscalls which already held the corresponding socket lock.
>
> So the diff below simply set/r
On Sun, Jul 02, 2017 at 11:50:56PM -0400, Rob Pierce wrote:
> Remove obvious clear_config() comments and misleading state_change() comments.
>
> Also relocate do_action() calls for the init block from change_state() to
> occur with the corresponding do_action() calls for the body block within
> th
On Mon, Jul 03, 2017 at 11:42:19AM +0200, Martin Pieuchot wrote:
> Updated diff that fixes some issues reported by visa@:
>
> - prevents relocking the netlock in the 'restart' case.
> - always call solock() after sbunlock() in sosplice().
>
> Alexander is there an easy way to trigger the 'res
Hi
On Thu, Jun 29, 2017 at 09:29:57PM +0200, Klemens Nanni wrote:
> While reading file(1)'s code in #openbsd-daily mulander noted that the
> 'name' and 'use' types were missing from magic(5).
>
> I'm not entirely sure yet whether this is complete, so here's what I
> did:
>
> magic(5) provided by
Hello,
I'm curious if it's possible to provide /usr/include/elf.h file on OpenBSD to
improve its niceness to software porting from other Unixes. Following patch
adds this for me and is tested with GHC where I'd like to kill code like:
#if !defined(openbsd_HOST_OS)
# include
#else
/* openbsd
commited, thanks.
Rob Pierce(r...@2keys.ca) on 2017.07.03 09:45:35 -0400:
> On Sun, Jul 02, 2017 at 11:50:56PM -0400, Rob Pierce wrote:
> > Remove obvious clear_config() comments and misleading state_change()
> > comments.
> >
> > Also relocate do_action() calls for the init block from change_st
Hi all,
i'm having two firewalls fw1 and fw2 and on fw1 i'm sending console
output to com0.
root@fw1:~
# cat /etc/boot.conf
stty com0 115200
set tty com0
root@fw1:~
# cat /etc/ttys | grep tty00
tty00 "/usr/libexec/getty std.115200" vt220 on secure
on fw2 i'm using "cu -s 115200" to play w
> From: Hrvoje Popovski
> Date: Mon, 3 Jul 2017 21:05:01 +0200
>
> Hi all,
>
> i'm having two firewalls fw1 and fw2 and on fw1 i'm sending console
> output to com0.
>
> root@fw1:~
> # cat /etc/boot.conf
> stty com0 115200
> set tty com0
>
> root@fw1:~
> # cat /etc/ttys | grep tty00
> tty00 "
Fix some variable alignment whitespace.
Rob
Index: ifstated.h
===
RCS file: /cvs/src/usr.sbin/ifstated/ifstated.h,v
retrieving revision 1.15
diff -u -p -r1.15 ifstated.h
--- ifstated.h 2 Jul 2017 15:28:26 - 1.15
+++ ifstat
On Mon, Jul 03, 2017 at 05:36:52PM +0100, Nicholas Marriott wrote:
Hi
On Thu, Jun 29, 2017 at 09:29:57PM +0200, Klemens Nanni wrote:
[...]
What about the current version being 4.21? We're clearly ahead of this,
it seems magic(5) wasn't updated when nicm@ reimplemented things.
This patch docume
ifstated monitors interface state and the return state of invoked commands,
and takes action accordingly, all of which is managed with the help of a
finite state machine. That makes for a lot of "state" references in the code.
The following diff renames variables to make a distinction between link
On 2017/07/03 21:05, Hrvoje Popovski wrote:
> Hi all,
>
> i'm having two firewalls fw1 and fw2 and on fw1 i'm sending console
> output to com0.
>
> root@fw1:~
> # cat /etc/boot.conf
> stty com0 115200
> set tty com0
>
> root@fw1:~
> # cat /etc/ttys | grep tty00
> tty00 "/usr/libexec/getty std.
On 3.7.2017. 23:42, Stuart Henderson wrote:
> The phrase "break sequence" is often used, but it's a bit of a misnomer.
> When a serial port is connected but not actively transmitting data the tx
> line is usually held high. A "break" is when that line is low for more
> than a frame duration (the l
On Wed, Jun 14, 2017 at 05:37:07PM +0200, Klemens Nanni wrote:
> With this patch, v[46]_info() both output exactly what their description
> says.
>
> As of now, these functions are only used through
> set -- $(v4_info $_if)
> which gracefully handles any constellation of whitespaces in the o
On Mon, Jul 03, 2017 at 10:47:31PM +, Robert Peichaer wrote:
Dokument explicitely possible outputs and tweak the sed expressions
to remove the superfluous whitespaces. I guess that does the trick.
Index: install.sub
===
RCS file
Remove duplicate full stop and add space after function name.
Feedback/OK?
Index: install.sub
===
RCS file: /cvs/src/distrib/miniroot/install.sub,v
retrieving revision 1.1019
diff -u -p -r1.1019 install.sub
--- install.sub 2 Jul 201
Hi,
i think i've noted about this before, around 13months ago freebsd
first disabled alignment faults, and they haven't enabled them since.
deja vu, or not, i don't recall if the last diff like below did go
anywhere, nor if it got discussed about, so i'm sorry in advance,
if i'm banging my head to
Hi,
When building bc, yacc can directly write bc.c instead of renaming
the file with mv. Does this look any better?
- Michael
Index: Makefile
===
RCS file: /cvs/src/usr.bin/bc/Makefile,v
retrieving revision 1.9
diff -u -p -u -r1.9
Artturi Alm writes:
> Hi,
>
> i think i've noted about this before, around 13months ago freebsd
> first disabled alignment faults, and they haven't enabled them since.
> deja vu, or not, i don't recall if the last diff like below did go
> anywhere, nor if it got discussed about, so i'm sorry in a
> > i think i've noted about this before, around 13months ago freebsd
> > first disabled alignment faults, and they haven't enabled them since.
> > deja vu, or not, i don't recall if the last diff like below did go
> > anywhere, nor if it got discussed about, so i'm sorry in advance,
> > if i'm ban
> On 4 Jul 2017, at 12:54, Michael W. Bombardieri wrote:
>
> Hi,
>
> When building bc, yacc can directly write bc.c instead of renaming
> the file with mv. Does this look any better?
there's some debate at the moment about the least worst or best way of handling
this kind of stuff.
it is def
36 matches
Mail list logo