Re: no /dev/usb means "usb events" are useless
On Sun, Jan 23, 2011 at 05:03:18AM +, Jacob Meuser wrote:
> NetBSD (where our usb stack came from) has a /dev/usb device node.
> this node exists primarily for reading usb events. however, we
> do not create /dev/usb, which means we have no way to get the usb
> events. usb events are device/driver attach/detachments. we have
> hotplug(4) to get this info.
>
> I don't see any reason to keep the usb event handling.
>
> thoughts? ok?
>
> PS notice how some drivers only do one of attach and detach instead of
> both, and that some drivers don't do either ...
> @@ -717,83 +630,6 @@ usbioctl(dev_t devt, u_long cmd, caddr_t
> return (0);
> }
>
> -int
> -usbpoll(dev_t dev, int events, struct proc *p)
> -{
> - int revents, mask, s;
> -
> - if (minor(dev) == USB_DEV_MINOR) {
> - revents = 0;
> - mask = POLLIN | POLLRDNORM;
> -
> - s = splusb();
> - if (events & mask && usb_nevents > 0)
> - revents |= events & mask;
> - if (revents == 0 && events & mask)
> - selrecord(p, &usb_selevent);
> - splx(s);
> -
> - return (revents);
> - } else {
> - return (POLLERR);
> - }
> -}
sigh. this is needed as well. obviously. sorry about that ...
--
jake...@sdf.lonestar.org
SDF Public Access UNIX System - http://sdf.lonestar.org
Index: conf.h
===
RCS file: /cvs/src/sys/sys/conf.h,v
retrieving revision 1.109
diff -u -p conf.h
--- conf.h 8 Jan 2011 19:45:09 - 1.109
+++ conf.h 23 Jan 2011 05:25:32 -
@@ -396,7 +396,7 @@ extern struct cdevsw cdevsw[];
#definecdev_usb_init(c,n) { \
dev_init(c,n,open), dev_init(c,n,close), (dev_type_read((*))) enodev, \
(dev_type_write((*))) enodev, dev_init(c,n,ioctl), \
- (dev_type_stop((*))) enodev, 0, dev_init(c,n,poll), \
+ (dev_type_stop((*))) enodev, 0, selfalse, \
(dev_type_mmap((*))) enodev }
/* open, close, write, ioctl */
no /dev/usb means "usb events" are useless
NetBSD (where our usb stack came from) has a /dev/usb device node. this node exists primarily for reading usb events. however, we do not create /dev/usb, which means we have no way to get the usb events. usb events are device/driver attach/detachments. we have hotplug(4) to get this info. I don't see any reason to keep the usb event handling. thoughts? ok? PS notice how some drivers only do one of attach and detach instead of both, and that some drivers don't do either ... -- jake...@sdf.lonestar.org SDF Public Access UNIX System - http://sdf.lonestar.org Index: if_athn_usb.c === RCS file: /cvs/src/sys/dev/usb/if_athn_usb.c,v retrieving revision 1.6 diff -u -p -r1.6 if_athn_usb.c --- if_athn_usb.c 8 Jan 2011 15:18:01 - 1.6 +++ if_athn_usb.c 23 Jan 2011 03:54:07 - @@ -281,8 +281,6 @@ athn_usb_attach(struct device *parent, s mountroothook_establish(athn_usb_attachhook, usc); else athn_usb_attachhook(usc); - - usbd_add_drv_event(USB_EVENT_DRIVER_ATTACH, usc->sc_udev, &sc->sc_dev); } int @@ -304,7 +302,6 @@ athn_usb_detach(struct device *self, int athn_usb_free_tx_list(usc); athn_usb_free_rx_list(usc); - usbd_add_drv_event(USB_EVENT_DRIVER_DETACH, usc->sc_udev, &sc->sc_dev); return (0); } Index: if_aue.c === RCS file: /cvs/src/sys/dev/usb/if_aue.c,v retrieving revision 1.83 diff -u -p -r1.83 if_aue.c --- if_aue.c6 Dec 2010 04:41:39 - 1.83 +++ if_aue.c23 Jan 2011 03:54:08 - @@ -837,9 +837,6 @@ aue_attach(struct device *parent, struct timeout_set(&sc->aue_stat_ch, aue_tick, sc); splx(s); - - usbd_add_drv_event(USB_EVENT_DRIVER_ATTACH, sc->aue_udev, - &sc->aue_dev); } int @@ -886,9 +883,6 @@ aue_detach(struct device *self, int flag usb_detach_wait(&sc->aue_dev); } splx(s); - - usbd_add_drv_event(USB_EVENT_DRIVER_DETACH, sc->aue_udev, - &sc->aue_dev); return (0); } Index: if_axe.c === RCS file: /cvs/src/sys/dev/usb/if_axe.c,v retrieving revision 1.104 diff -u -p -r1.104 if_axe.c --- if_axe.c6 Dec 2010 04:41:39 - 1.104 +++ if_axe.c23 Jan 2011 03:54:09 - @@ -814,9 +814,6 @@ axe_attach(struct device *parent, struct timeout_set(&sc->axe_stat_ch, axe_tick, sc); splx(s); - - usbd_add_drv_event(USB_EVENT_DRIVER_ATTACH, sc->axe_udev, - &sc->axe_dev); } int @@ -875,9 +872,6 @@ axe_detach(struct device *self, int flag usb_detach_wait(&sc->axe_dev); } splx(s); - - usbd_add_drv_event(USB_EVENT_DRIVER_DETACH, sc->axe_udev, - &sc->axe_dev); return (0); } Index: if_cdce.c === RCS file: /cvs/src/sys/dev/usb/if_cdce.c,v retrieving revision 1.48 diff -u -p -r1.48 if_cdce.c --- if_cdce.c 16 Jan 2011 22:35:29 - 1.48 +++ if_cdce.c 23 Jan 2011 03:54:10 - @@ -360,9 +360,6 @@ found: sc->cdce_attached = 1; splx(s); - - usbd_add_drv_event(USB_EVENT_DRIVER_ATTACH, sc->cdce_udev, - &sc->cdce_dev); } int @@ -387,9 +384,6 @@ cdce_detach(struct device *self, int fla sc->cdce_attached = 0; splx(s); - - usbd_add_drv_event(USB_EVENT_DRIVER_DETACH, sc->cdce_udev, - &sc->cdce_dev); return (0); } Index: if_cue.c === RCS file: /cvs/src/sys/dev/usb/if_cue.c,v retrieving revision 1.58 diff -u -p -r1.58 if_cue.c --- if_cue.c17 Dec 2010 13:48:06 - 1.58 +++ if_cue.c23 Jan 2011 03:54:10 - @@ -542,9 +542,6 @@ cue_attach(struct device *parent, struct timeout_set(&sc->cue_stat_ch, cue_tick, sc); splx(s); - - usbd_add_drv_event(USB_EVENT_DRIVER_ATTACH, sc->cue_udev, - &sc->cue_dev); } int @@ -585,9 +582,6 @@ cue_detach(struct device *self, int flag #endif splx(s); - - usbd_add_drv_event(USB_EVENT_DRIVER_DETACH, sc->cue_udev, - &sc->cue_dev); return (0); } Index: if_kue.c === RCS file: /cvs/src/sys/dev/usb/if_kue.c,v retrieving revision 1.62 diff -u -p -r1.62 if_kue.c --- if_kue.c17 Dec 2010 13:48:06 - 1.62 +++ if_kue.c23 Jan 2011 03:54:11 - @@ -543,9 +543,6 @@ kue_attach(struct device *parent, struct mountroothook_establish(kue_attachhook, sc); else kue_attachhook(sc); - - usbd_add_drv_event(USB_EVENT_DRIVER_ATTACH, sc->kue_udev, - &sc->kue_dev); } int Index: if_mos.c ==
Revealing secrets in netstart and other shell scripts
Hello all. Just got that: 1. ksh updates it's "real" argv when "set --" is used. 2. /etc/netstart does the following (excerpts): while :; do if [ "$cmd2" ]; then set -- $cmd2 # ... else read af name mask bcaddr ext1 ext2 || break fi case "$af" in # ... *) # ... case "$dt" in # ... *) cmd2="$dt $dtaddr" ;; esac # ... esac # ... done < /etc/hostname.$if You see - the possible secrets hiding in the /etc/hostname.* may be revealed by monitoring command arguments. /etc/hostname.* could be configuring tunnels or something hot-pluggable, it's legal to be called after system start. Even more, hotplugd(8) recommends this way of network interface initialization. The problem is that there is no good way to shift any array in shell. Best possible involves multiple translations from array to string and back, which is not acceptable, IMHO. So the possible choices I see are: 1. Make ksh does not update positional arguments (copy them on start). 2. Allow ksh to shift array operands when in non-POSIX mode by the following syntax: "shift [arrayname] [count]", being count distinguished from arrayname by checking is it a number or not. 3. Ignore possible problems with multiple translations, and do some tricks using them. What do you think? Also, other shell scripts dealing with secrets should be cheked too, of course; I'll try to do that, but a bit later. -- Best wishes, Vadim Zhukov A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?
[resend] ipv6 support for tftp
can anyone test this diff? your feedback will be most welcome
On Wed, Sep 08, 2010 at 11:51:11AM -0300, Gleydson Soares wrote:
> hi,
>
> - ipv6 support for tftp client.
>
> based on an old itojun's diff.
Index: tftpsubs.c
===
RCS file: /cvs/src/usr.bin/tftp/tftpsubs.c,v
retrieving revision 1.14
diff -u -r1.14 tftpsubs.c
--- tftpsubs.c 27 Oct 2009 23:59:44 - 1.14
+++ tftpsubs.c 8 Sep 2010 14:01:19 -
@@ -258,7 +258,7 @@
{
int i, j = 0;
charrbuf[SEGSIZE_MIN];
- struct sockaddr_in from;
+ struct sockaddr_storage from;
socklen_t fromlen;
for (;;) {
Index: tftp.c
===
RCS file: /cvs/src/usr.bin/tftp/tftp.c,v
retrieving revision 1.22
diff -u -r1.22 tftp.c
--- tftp.c 27 Oct 2009 23:59:44 - 1.22
+++ tftp.c 8 Sep 2010 14:01:39 -
@@ -58,7 +58,7 @@
#include "tftpsubs.h"
static int makerequest(int, const char *, struct tftphdr *, const char *);
-static voidnak(int);
+static voidnak(int, struct sockaddr *);
static voidtpacket(const char *, struct tftphdr *, int);
static voidstartclock(void);
static voidstopclock(void);
@@ -67,7 +67,7 @@
static voidoack(struct tftphdr *, int, int);
static int oack_set(const char *, const char *);
-extern struct sockaddr_in peeraddr; /* filled in by main */
+extern struct sockaddr_storage peeraddr; /* filled in by main */
extern int f; /* the opened socket */
extern int trace;
extern int verbose;
@@ -124,7 +124,8 @@
sendfile(int fd, char *name, char *mode)
{
struct tftphdr *dp, *ap; /* data and ack packets */
- struct sockaddr_in from;
+ struct sockaddr_storage from;
+ struct sockaddr_storage peer;
struct pollfdpfd[1];
unsigned longamount;
socklen_tfromlen;
@@ -138,6 +139,7 @@
convert = !strcmp(mode, "netascii");
block = 0;
amount = 0;
+ memcpy(&peer, &peeraddr, peeraddr.ss_len);
do {
/* read data from file */
@@ -146,7 +148,7 @@
else {
size = readit(file, &dp, convert, segment_size);
if (size < 0) {
- nak(errno + 100);
+ nak(errno + 100, (struct sockaddr *)&peer);
break;
}
dp->th_opcode = htons((u_short)DATA);
@@ -164,8 +166,8 @@
if (trace)
tpacket("sent", dp, size + 4);
if (sendto(f, dp, size + 4, 0,
- (struct sockaddr *)&peeraddr,
- sizeof(peeraddr)) != size + 4) {
+ (struct sockaddr *)&peer,
+ peer.ss_len) != size + 4) {
warn("sendto");
goto abort;
}
@@ -202,7 +204,19 @@
warn("recvfrom");
goto abort;
}
- peeraddr.sin_port = from.sin_port; /* added */
+ switch (peer.ss_family) { /* added */
+ case AF_INET:
+ ((struct sockaddr_in *)&peer)->sin_port =
+ ((struct sockaddr_in *)&from)->sin_port;
+ break;
+ case AF_INET6:
+ ((struct sockaddr_in6 *)&peer)->sin6_port =
+ ((struct sockaddr_in6 *)&from)->sin6_port;
+ break;
+ default:
+ /* unsupported */
+ break;
+ }
if (trace)
tpacket("received", ap, n);
@@ -256,7 +270,8 @@
recvfile(int fd, char *name, char *mode)
{
struct tftphdr *dp, *ap; /* data and ack packets */
- struct sockaddr_in from;
+ struct sockaddr_storage from;
+ struct sockaddr_storage peer;
struct pollfdpfd[1];
unsigned longamount;
socklen_tfromlen;
@@ -273,6 +288,7 @@
block = 1;
amount = 0;
firsttrip = 1;
+ memcpy(&peer, &peeraddr, peeraddr.ss_len);
options:
do {
@@ -298,8 +314,8 @@
if (trace)
tpacket("sent", ap, size);
if
Amenities de Calidad
Shampoo,Acondicionador,Gel de bano, en botellitas personalizadas o sachets diferentes modelos , Jabones en varios gramajes y presentaciones , Cofias para bano , Kits Dental ,de Afeitar , Vanity Pack, Panuelitos tissue , Fajitas para desinfectado , Costureritos,Boligrafos promocionales, Etiquetas autoadhesivas, Peines y gran surtido mas en Amenities de primera calidad e impresos CON SU LOGOTIPO A TODO COLOR . 2 PAG WEB : amenities01.com.ar jaboncitos.com.ar Solicite precios
Re: afterboot.8 - Login in as root
I agree with what you have done. Thanks. Although I've included the information about the user created via the installation method being added to the wheel group. But then again I would even go as far as informing the user during the installation that the users they are about to create are members of the wheel group. To me this is too critical a bit of information to not know. -mark Index: afterboot.8 === RCS file: /cvs/src/share/man/man8/afterboot.8,v retrieving revision 1.130 diff -u -p -r1.130 afterboot.8 --- afterboot.8 21 Jan 2011 12:20:04 - 1.130 +++ afterboot.8 22 Jan 2011 13:34:53 - @@ -47,7 +47,7 @@ A basic knowledge of .Ux is assumed, otherwise type: .Pp -.Dl # help +.Dl $ help .Pp Complete instructions for correcting and fixing items is not provided. There are manual pages and other methodologies available for doing that. @@ -55,7 +55,7 @@ For example, to view the man page for th .Xr ls 1 command, type: .Pp -.Dl # man 1 ls +.Dl $ man 1 ls .Pp Administrators will rapidly become more familiar with .Ox @@ -67,19 +67,8 @@ Any security or reliability fixes can be .Pa http://www.openbsd.org/errata.html . It is recommended that you check this page regularly. .Ss Login -Log in as -.Dq root . -You can do so on the console, or over the network using +Log in on the console, or over the network using .Xr ssh 1 . -If you wish to deny root logins over the network, edit the -.Pa /etc/ssh/sshd_config -file and set -.Cm PermitRootLogin -to -.Dq no -(see -.Xr sshd_config 5 ) . -.Pp For security reasons, it is bad practice to log in as root during regular use and maintenance of the system. Instead, administrators are encouraged to add a @@ -91,7 +80,23 @@ group, then use the and .Xr sudo 8 commands when root privileges are required. -This process is described in more detail later. +During the installation you were given the option to set up a user account. +By default, accounts created via this method are automatically added to +the +.Dq wheel +group. +If you did not use this option see the paragraph +.Sx Add new users +below for details. +.Pp +If you wish to deny root logins over the network, edit the +.Pa /etc/ssh/sshd_config +file and set +.Cm PermitRootLogin +to +.Dq no +(see +.Xr sshd_config 5 ) . .Ss Root password Change the password for the root user. (Note that throughout the documentation, the term @@ -102,7 +107,9 @@ as well as from the upper and lower case Do not choose any word in any language. It is common for an intruder to use dictionary attacks. Type the command -.Ic /usr/bin/passwd +.Pp +.Dl $ /usr/bin/sudo /usr/bin/passwd root +.Pp to change it. .Pp It is a good idea to always specify the full path name for the
Re: afterboot.8 - Login in as root
Hi Mark, Mark Lumsden wrote on Sat, Jan 22, 2011 at 11:35:20AM +: > afterboot.8 hasn't been changed to reflect the fact that a user can > be created during installation and you have no other option but to > login as root on first boot. You have a point, but the text seems easier to follow when rearranging it a bit. 1) I think the paragraph "Login" starts with the imperative "Log in..." on purpose, so leave that in place. Indeed, after installing a system, logging in is about the first thing you should do. 2) Which user account to use for the login is closely related to that sentence, so put it next. Then, integrate the reference to the installation into the existing sentence "This process is described in more detail later." 3) The sentence about remote root logins is easier to understand after having discouraged root login in general, so put it last. Besides, now that we don't suggest root login any longer, change the prompt from # to $ for non-privileged commands, and show how to run passwd(1) using sudo(8). I'm not sure the suggestion to type out the sudo and passwd paths makes much sense. Does anybody really do that in practice? It would be very tedious, it only helps in cases where your system is already compromised in about the worst way imaginable, and it doesn't even help to detect the compromise or prevent all of its consequences. But removing that advice would be a different matter. Yours, Ingo Index: afterboot.8 === RCS file: /cvs/src/share/man/man8/afterboot.8,v retrieving revision 1.130 diff -u -r1.130 afterboot.8 --- afterboot.8 21 Jan 2011 12:20:04 - 1.130 +++ afterboot.8 22 Jan 2011 12:32:52 - @@ -47,7 +47,7 @@ .Ux is assumed, otherwise type: .Pp -.Dl # help +.Dl $ help .Pp Complete instructions for correcting and fixing items is not provided. There are manual pages and other methodologies available for doing that. @@ -55,7 +55,7 @@ .Xr ls 1 command, type: .Pp -.Dl # man 1 ls +.Dl $ man 1 ls .Pp Administrators will rapidly become more familiar with .Ox @@ -67,19 +67,8 @@ .Pa http://www.openbsd.org/errata.html . It is recommended that you check this page regularly. .Ss Login -Log in as -.Dq root . -You can do so on the console, or over the network using +Log in on the console, or over the network using .Xr ssh 1 . -If you wish to deny root logins over the network, edit the -.Pa /etc/ssh/sshd_config -file and set -.Cm PermitRootLogin -to -.Dq no -(see -.Xr sshd_config 5 ) . -.Pp For security reasons, it is bad practice to log in as root during regular use and maintenance of the system. Instead, administrators are encouraged to add a @@ -91,7 +80,19 @@ and .Xr sudo 8 commands when root privileges are required. -This process is described in more detail later. +If you did not use the option to set up a regular user account during +the installation, see the paragraph +.Sx Add new users +below for details. +.Pp +If you wish to deny root logins over the network, edit the +.Pa /etc/ssh/sshd_config +file and set +.Cm PermitRootLogin +to +.Dq no +(see +.Xr sshd_config 5 ) . .Ss Root password Change the password for the root user. (Note that throughout the documentation, the term @@ -102,7 +103,9 @@ Do not choose any word in any language. It is common for an intruder to use dictionary attacks. Type the command -.Ic /usr/bin/passwd +.Pp +.Dl $ /usr/bin/sudo /usr/bin/passwd root +.Pp to change it. .Pp It is a good idea to always specify the full path name for the
afterboot.8 - Login in as root
afterboot.8 hasn't been changed to reflect the fact that a user can be created during installation and you have no other option but to login as root on first boot. comments/ok? -mark Index: afterboot.8 === RCS file: /cvs/src/share/man/man8/afterboot.8,v retrieving revision 1.130 diff -u -p -r1.130 afterboot.8 --- afterboot.8 21 Jan 2011 12:20:04 - 1.130 +++ afterboot.8 22 Jan 2011 11:27:25 - @@ -67,9 +67,7 @@ Any security or reliability fixes can be .Pa http://www.openbsd.org/errata.html . It is recommended that you check this page regularly. .Ss Login -Log in as -.Dq root . -You can do so on the console, or over the network using +You can login via the console, or over the network using .Xr ssh 1 . If you wish to deny root logins over the network, edit the .Pa /etc/ssh/sshd_config @@ -92,6 +90,11 @@ and .Xr sudo 8 commands when root privileges are required. This process is described in more detail later. +.Pp +During the installation you were given the option to create a regular user. +This user is automatically added to the +.Dq wheel +group. .Ss Root password Change the password for the root user. (Note that throughout the documentation, the term
