On Thu, Sep 07, 2023 at 11:30:11PM -0400, Thomas Frohwein wrote:
> Very basic pledge(2) for the whole program. I didn't dive too much into
> the details and maybe this can be refined some more. This is kind of a
> product of me trying a tool I made `abstain` [1] for usefulness of
> pledge(2) execpr
On Wed, Jul 26, 2023 at 12:23:58PM -0400, Dave Voutila wrote:
> When adding exec for vm's and fork/exec'd vio{blk,net} devices, the
> current verbosity wasn't being set on the new process. The below change
> keeps it simple, avoiding runtime string manipulation. Also tosses in an
> ifdef around a v
On Mon, May 15, 2023 at 09:17:00AM -0400, Okan Demirmen wrote:
> On Mon 2023.05.15 at 10:41 +0200, Matthieu Herrb wrote:
> > On Mon, May 15, 2023 at 06:26:41AM +, Klemens Nanni wrote:
> > > Both fvwm(1) and twm(1) have a restart menu that contains other window
> > > managers by default, which i
On Sun, Mar 05, 2023 at 08:53:00AM +0100, Alexandre Ratchov wrote:
> If you've an azalia(4) attaching as "AMD 17h/1xh HD Audio", please
> test this diff and report regressions. Especially audio lock ups that
> require reboot.
>
> IIRC, MSI was disabled few years ago to "fix" such lockups, and now
On Tue, Jan 17, 2023 at 09:37:24PM +0100, Jan Klemkow wrote:
> Hi,
>
> This diff adjust the manpage of mem(4) to be more accurate. You can
> open(2) mem(4) in securelevel 1 in readonly mode, but not writable.
>
> kern/spec_vnops.c:
>
> if (ap->a_cred != FSCRED && (ap->a_mode & FWRITE)) {
On Thu, Aug 04, 2022 at 08:39:46PM -0600, Theo de Raadt wrote:
> Bryan Steele wrote:
>
> > On Fri, Aug 05, 2022 at 03:37:41AM +0200, Theo Buehler wrote:
> > > On Fri, Aug 05, 2022 at 03:34:57AM +0200, Theo Buehler wrote:
> > > > If you want games, opt into it. Th
On Fri, Aug 05, 2022 at 03:37:41AM +0200, Theo Buehler wrote:
> On Fri, Aug 05, 2022 at 03:34:57AM +0200, Theo Buehler wrote:
> > If you want games, opt into it. They are very old, full of bugs and not
> > really maintained. It's very easy to get a PATH containing games via
> > /etc/skel. I think t
On Thu, Aug 04, 2022 at 12:47:36PM +0100, Ricardo Mestre wrote:
> We are using pledge so if you don't remove the unveil permission it will be
> allowed throughtout the entire process, so please just change unveil(NULL,
> NULL)
> to old previous pledge("stdio rpath wpath cpath fattr sendfd").
>
>
On Mon, Jun 27, 2022 at 11:01:31PM +0200, Stefan Hagen wrote:
> Hi,
>
> acpitz(4) implements passive cooling, which starts throttling the CPU to
> keep it under the temperature reported by the _PSV trip point.
>
> https://uefi.org/specs/ACPI/6.4/11_Thermal_Management/thermal-control.html
>
> Th
On Tue, May 24, 2022 at 01:18:20AM +0200, Daniel Douglas Dyrseth wrote:
> I know a little C, but not enough to get any profound progress on making a
> Wayland WM for OpenBSD. Not to be rude, but could someone that has a coding
> team for OpenBSD make one? It will shrink the OS a lot and optimize
On Wed, May 04, 2022 at 05:40:43PM +0200, Marc Espie wrote:
> On Wed, May 04, 2022 at 07:43:35AM -0400, Bryan Steele wrote:
> > On Wed, May 04, 2022 at 01:20:10PM +0200, Frederic Cambus wrote:
> > > Hi tech@,
> > >
> > > The base system includes the compiler
On Wed, May 04, 2022 at 01:20:10PM +0200, Frederic Cambus wrote:
> Hi tech@,
>
> The base system includes the compiler-rt profile library for
> source-based code coverage.
>
> So here is a diff to document support in clang-local.1, the same
> way we document support for the ubsan_minimal sanitize
On Mon, Apr 25, 2022 at 05:33:51PM +0200, Claudio Jeker wrote:
> On Mon, Apr 25, 2022 at 11:31:22AM -0400, Bryan Steele wrote:
> > On Mon, Apr 25, 2022 at 05:20:46PM +0200, Claudio Jeker wrote:
> > > On Sun, Apr 24, 2022 at 07:06:19PM +0200, Claudio Jeker wrote:
> > > &
On Mon, Apr 25, 2022 at 05:20:46PM +0200, Claudio Jeker wrote:
> On Sun, Apr 24, 2022 at 07:06:19PM +0200, Claudio Jeker wrote:
> > On Ryzen CPUs each CCD has a temp sensor. If the CPU has CCDs (which
> > excludes Zen APU CPUs) this should show additional temp info. This is
> > based on info from t
On Sun, Apr 24, 2022 at 07:06:19PM +0200, Claudio Jeker wrote:
> On Ryzen CPUs each CCD has a temp sensor. If the CPU has CCDs (which
> excludes Zen APU CPUs) this should show additional temp info. This is
> based on info from the Linux k10temp driver.
>
> Additionally use the MSRs defined in "Ope
On Wed, Mar 23, 2022 at 04:27:40AM +, Alexis wrote:
> Indeed I understood both octboot and vmm seabios/uefi initialazation process.
>
> But has its done with kexec and linuxboot coreboot payload octboot could be
> ported to act in the same way. Explaining now again for the 3rd time, to
> avo
On Tue, Feb 08, 2022 at 08:39:35PM +0100, Alexander Bluhm wrote:
> Hi,
>
> Sort the ps(1) STAT characters alphabetically like in the man page.
> Note that the 'else' I have removed is redundant.
>
> ok?
>
> bluhm
>
> Index: bin/ps/print.c
> ==
On Thu, Nov 04, 2021 at 02:44:18PM +0100, Jan Klemkow wrote:
> Hi,
>
> This fix [1] in seabios breaks our "boot device cdrom" feature.
>
> # vmctl start -Lc -d disk.img -r cd70.iso -B cdrom vm
> ...
> No bootable device. Retrying in 60 seconds.
>
> # vmctl start -Lc -d disk.img -r cd70.iso vm
>
On Sun, Oct 10, 2021 at 02:26:32PM -0500, Scott Cheloha wrote:
> On Sun, Oct 10, 2021 at 12:31:22PM -0600, Theo de Raadt wrote:
> > Bryan Steele wrote:
> >
> > > On Sun, Oct 10, 2021 at 12:18:55PM -0500, Scott Cheloha wrote:
> > > > On Sun, Oct 10, 2021 at 1
On Sun, Oct 10, 2021 at 12:18:55PM -0500, Scott Cheloha wrote:
> On Sun, Oct 10, 2021 at 10:51:29AM -0600, Theo de Raadt wrote:
> > did anyone ever use it this way, or are you getting ahead of yourself.
>
> I don't understand the question.
I've only ever seen it used with -count as the first argu
On Sun, Apr 25, 2021 at 08:58:35PM +, Smccalib wrote:
> Greetings,
>
> While reading the source code for ed, I noticed a small stylistic
> inconsistency in main.c whereby "isatty(0)" is called followed by a
> series of calls to functions that take a fd being called with
> STDIN_FILENO. Althoug
On Mon, Apr 05, 2021 at 09:54:14AM -0400, Dave Voutila wrote:
>
> Dave Voutila writes:
>
> > The following diff cleans up and improves MSR-related event handling in
> > vmm(4) for when the guest attempts a rdmsr/wrmsr instruction. As
> > mentioned in a previous email to tech@ about fixing support
On Sun, Mar 28, 2021 at 08:38:13AM -0400, Dave Voutila wrote:
> abieber@ found the latest 9front release ends up in a boot loop if
> hosted on an AMD system. I tracked it down to 9front (oddly) trying to
> read the PAT msr prior to writing it. [1] The problem is vmm(4)'s msr
> handling for svm inje
On Sun, Mar 28, 2021 at 08:38:13AM -0400, Dave Voutila wrote:
> abieber@ found the latest 9front release ends up in a boot loop if
> hosted on an AMD system. I tracked it down to 9front (oddly) trying to
> read the PAT msr prior to writing it. [1] The problem is vmm(4)'s msr
> handling for svm inje
On Mon, Mar 22, 2021 at 08:18:45PM +0100, Klemens Nanni wrote:
> I was too stupid to look at `wsconsctl' output (which needs root) and
> only looked here.
>
> Mailing the diff for my lack of better wording, plus the knob atually
> takes three values which I have yet to decode by reading wsconsctl(
On Mon, Mar 22, 2021 at 01:47:18PM +0100, Mischa wrote:
>
>
> > On 22 Mar 2021, at 13:43, Stuart Henderson wrote:
> >
> >>> Created a fresh install qcow2 image and derived 35 new VMs from it.
> >>> Then I started all the VMs in four cycles, 10 VMs per cycle and waiting
> >>> 240 seconds after
On Tue, Feb 23, 2021 at 06:23:22PM +1100, Jonathan Gray wrote:
> On Tue, Feb 23, 2021 at 08:10:54AM +0100, Otto Moerbeek wrote:
> > On Mon, Feb 22, 2021 at 08:58:07PM -, Miod Vallat wrote:
> >
> > >
> > > > No problem, real-life often takes precedence.
> > >
> > > No way! operator(7) would n
On Tue, Feb 02, 2021 at 08:23:29AM +0100, Anton Lindqvist wrote:
> On Sat, Jan 30, 2021 at 01:18:07PM +0200, Ville Valkonen wrote:
> > On Sat, 2021-01-30 at 08:36 +0100, Anton Lindqvist wrote:
> > > On Fri, Jan 29, 2021 at 10:15:05PM +0200, Ville Valkonen wrote:
> > > > Hi,
> > > >
> > > > I have
On Fri, Jan 22, 2021 at 02:26:34PM -0500, Bryan Steele wrote:
> On Fri, Jan 22, 2021 at 07:00:57PM +0100, Marcus Glocker wrote:
> > On Fri, 15 Jan 2021 22:41:13 +0100
> > Marcus Glocker wrote:
> >
> > > On Fri, 15 Jan 2021 11:37:47 -0500
> > > Bryan Steel
On Fri, Jan 22, 2021 at 07:00:57PM +0100, Marcus Glocker wrote:
> On Fri, 15 Jan 2021 22:41:13 +0100
> Marcus Glocker wrote:
>
> > On Fri, 15 Jan 2021 11:37:47 -0500
> > Bryan Steele wrote:
> >
> > > On Fri, Jan 15, 2021 at 06:23:01AM -0700, Thomas Froh
On Fri, Jan 15, 2021 at 06:23:01AM -0700, Thomas Frohwein wrote:
> On Sat, Jan 09, 2021 at 10:16:16AM +0100, Marcus Glocker wrote:
> > On Thu, Jan 07, 2021 at 08:20:35PM +0100, Marcus Glocker wrote:
> >
> > > > I have heard from others who tried the diff that the PS4 controller is
> > > > causing
rh.4 \
> uoakv.4 upd.4 upgt.4 upl.4 uplcom.4 ural.4 ure.4 url.4 urlphy.4 \
> Index: share/man/man4/uhidev.4
> ===
> RCS file: /cvs/src/share/man/man4/uhidev.4,v
> retrieving revision 1.12
> diff -u -p -r1.12 uhidev.4
&g
On Mon, Nov 23, 2020 at 03:25:34PM +0100, Otto Moerbeek wrote:
> tOn Mon, Nov 23, 2020 at 01:53:01PM +0100, Solene Rapenne wrote:
>
> > A common mistake when using dd is to create a file in /dev which
> > fills up the space of / and may stay silent until / gets filled up
> > by something else that
On Mon, Nov 23, 2020 at 03:19:24PM +0100, Mark Kettenis wrote:
> > Date: Mon, 23 Nov 2020 13:53:01 +0100
> > From: Solene Rapenne
> >
> > A common mistake when using dd is to create a file in /dev which
> > fills up the space of / and may stay silent until / gets filled up
> > by something else t
On Fri, Nov 20, 2020 at 03:08:42PM +0100, Mark Kettenis wrote:
> > Date: Fri, 20 Nov 2020 07:41:20 -0500
> > From: Bryan Steele
> >
> > On Fri, Nov 20, 2020 at 09:26:08AM +0100, Otto Moerbeek wrote:
> > > Hi,
> > >
> > > I got a new Ryzen
On Fri, Nov 20, 2020 at 08:21:41AM -0500, Bryan Steele wrote:
> On Fri, Nov 20, 2020 at 01:13:02PM +, Stuart Henderson wrote:
> > On 2020/11/20 07:41, Bryan Steele wrote:
> > > At least on a desktop I'd suggest to leaved apmd(8) and not do any
> > > manual hw.s
On Fri, Nov 20, 2020 at 01:13:02PM +, Stuart Henderson wrote:
> On 2020/11/20 07:41, Bryan Steele wrote:
> > At least on a desktop I'd suggest to leaved apmd(8) and not do any
> > manual hw.setperf tweaking, you should have adequate cooling
>
> the planet doesn
On Fri, Nov 20, 2020 at 01:13:02PM +, Stuart Henderson wrote:
> On 2020/11/20 07:41, Bryan Steele wrote:
> > At least on a desktop I'd suggest to leaved apmd(8) and not do any
> > manual hw.setperf tweaking, you should have adequate cooling
>
> the planet doesn't! :/
hahaha
On Fri, Nov 20, 2020 at 07:41:22AM -0500, Bryan Steele wrote:
> On Fri, Nov 20, 2020 at 09:26:08AM +0100, Otto Moerbeek wrote:
> > Hi,
> >
> > I got a new Ryzen machine, dmesg below. What I'm observing might be a
> > issue with hw.setperf.
> >
> > On
On Fri, Nov 20, 2020 at 09:26:08AM +0100, Otto Moerbeek wrote:
> Hi,
>
> I got a new Ryzen machine, dmesg below. What I'm observing might be a
> issue with hw.setperf.
>
> On startsup it shows:
>
> hw.cpuspeed=3800
> hw.setperf=100
>
> If I lower hw.setperf to zero, the new state i
On Sun, Nov 08, 2020 at 05:16:55PM +0100, Stefan Hagen wrote:
> Hello,
>
> xterm has an annoying delay when it's being close by the window manager
> when child processes exist.
>
> Test 1:
> xterm -e "sh"
>
> Now hit the "X" button or whatever your window manager provides to send a
> windo
On Sun, Oct 18, 2020 at 09:44:52AM -0600, Bob Beck wrote:
>
> Yeah, it's just a number.
>
> But it's been a pretty wild ride. Thanks everyone for 25 years.
>
> -Bob
>
>
>
>
Happy 25th everybody! \o/
-Bryan.
On Fri, Aug 07, 2020 at 03:49:32PM +0200, Solene Rapenne wrote:
> Now that i386 platform requires i586 CPU, I guess we should mention
> it in current.html (the page i386.html should be updated accordingly
> at 6.8 release)
>
> Index: current.html
> =
On Thu, Aug 06, 2020 at 02:16:11PM -0700, jo...@armadilloaerospace.com wrote:
> I tried to mount a 12TB USB drive, and was getting an "Inappropriate
> file type or format" error.
>
> It turned out to be due to exFAT formatting, but it took me some
> investigating to figure that out. Would it be r
On Tue, Jul 28, 2020 at 01:44:33PM -0400, Johan Huldtgren wrote:
> hello,
>
> On 2020-07-28 11:12, Mark Kettenis wrote:
> > > Date: Tue, 28 Jul 2020 13:46:34 +1000
> > > From: Jonathan Matthew
> > >
> > > On Mon, Jul 27, 2020 at 05:16:47PM +0200, Mark Kettenis wrote:
> > > > > Date: Mon, 27 Jul
On Tue, Jul 28, 2020 at 01:09:51PM +0200, Mark Kettenis wrote:
> > Date: Tue, 28 Jul 2020 11:16:56 +0100
> > From: Jason McIntyre
> >
> > On Tue, Jul 28, 2020 at 11:12:21AM +0200, Mark Kettenis wrote:
> > > > Date: Tue, 28 Jul 2020 13:46:34 +1000
> > > > From: Jonathan Matthew
> > > >
> > > > O
On Mon, Jul 27, 2020 at 05:02:41PM +0200, Mark Kettenis wrote:
> Recent ACPI versions have deprecated "Processor()" nodes in favout of
> "Device()" nodes with a _HID() method that returns "ACPI0007". This
> diff tries to support machines with firmware that implements this. If
> you see something
On Thu, Jul 23, 2020 at 09:54:56PM +, goldeneagle96 wrote:
> Hello OpenBSD devs. It has come to my attention that a mysterious commit
> , unlogged by CVS, has appeared. This commit changes language, breaking
> compatibility on header and source files.
> Thankfully, it was logged by the Github m
On Tue, Jun 23, 2020 at 01:03:18PM +0200, Patrick Wildt wrote:
> On Tue, Jun 23, 2020 at 06:51:20AM -0400, Bryan Steele wrote:
> > On Mon, Jun 22, 2020 at 11:10:10PM -0700, jo...@armadilloaerospace.com
> > wrote:
> > > Are SSE instructions allowed in the AMD64 kernel? I
On Tue, Jun 23, 2020 at 06:51:22AM -0400, Bryan Steele wrote:
> On Mon, Jun 22, 2020 at 11:10:10PM -0700, jo...@armadilloaerospace.com wrote:
> > Are SSE instructions allowed in the AMD64 kernel? Is #ifdef __SSE__
> > a sufficient guard?
> >
> > I have a rasops32
On Mon, Jun 22, 2020 at 11:10:10PM -0700, jo...@armadilloaerospace.com wrote:
> Are SSE instructions allowed in the AMD64 kernel? Is #ifdef __SSE__
> a sufficient guard?
>
> I have a rasops32 putchar with SSE that is 2x faster.
No, in general you cannot using FP instructions in the kernel, also
On Sat, Jun 13, 2020 at 10:41:06PM +0200, Lorenz Troiza wrote:
> Am 13.06.2020 um 22:27 schrieb jo...@armadilloaerospace.com:
> > What would be a good system with CoreBoot to get for OpenBSD testing?
> >
> > It looks like there are some edge cases where the CoreBoot framebuffer
> > support won't be
On Thu, May 28, 2020 at 04:29:19PM +0200, Solene Rapenne wrote:
> the macro CPU_INFO_FOREACH loop over every CPU but the frequency
> algorithm will raise frequency if one cpu usage goes over a threshold
> but also if the sum of cpu usage goes over another threshold.
>
> In the current case, if you
On Thu, May 21, 2020 at 11:07:39PM +0100, Ricardo Mestre wrote:
> Hi,
>
> After the handle sioctl_hdl `hdl' is opened (which in itself requires rw fs
> access and opening an unix socket) then all operations happen over that handle
> so the program may be restricted to only "stdio".
>
> All option
On Sat, Apr 18, 2020 at 03:07:28PM +0200, Tobias Heider wrote:
> Hi,
>
> the attached diff allows sdmmc(4) to use DMA for all commands instead of just
> mem_read and mem_write.
>
> There were problems in the past with some controllers not liking small DMA
> transfers, so it would be nice to get
On Tue, Apr 07, 2020 at 04:56:31PM +0200, Martijn van Duren wrote:
> This came up during u2k20 while discussing tempfiles for gotweb inside a
> chroot. At the moment we don't include it by default and ports have to
> create it themselves. Since I assume we want web applications to run
> inside a /v
On Sat, Mar 07, 2020 at 04:50:52PM +, Stuart Henderson wrote:
> On 2020/03/07 15:41, Jonathan Gray wrote:
> > On Fri, Mar 06, 2020 at 11:29:57PM +, Stuart Henderson wrote:
> > > I've finally managed to get openbsd installed on an rpi3b (need
> > > something to run signify/pkg_sign and this
On Wed, Jan 22, 2020 at 03:15:37PM -0500, Okan Demirmen wrote:
> Hi,
>
> I think we've (or at least I have) mused about this for a while; a
> recent mail reminded me that this feature should go - a window manager
> doesn't need to parse the ssh known_hosts file for a menu; there are
> better tools
On Sat, Dec 28, 2019 at 08:03:17PM -0500, Bryan Steele wrote:
> On Sat, Dec 28, 2019 at 07:48:47PM -0500, Bryan Steele wrote:
> > With FreeDB announcing[0] that the service will be shutting down as of
> > March 31st of 2020, and the only other alternative (MusicBrainz) already
>
On Sat, Dec 28, 2019 at 07:48:47PM -0500, Bryan Steele wrote:
> With FreeDB announcing[0] that the service will be shutting down as of
> March 31st of 2020, and the only other alternative (MusicBrainz) already
> having shutdown their freedb/cddb gateway in favour of their own API
> ear
With FreeDB announcing[0] that the service will be shutting down as of
March 31st of 2020, and the only other alternative (MusicBrainz) already
having shutdown their freedb/cddb gateway in favour of their own API
early this year, it likely makes sense to remove support from cdio(1).
CDDB is used t
On Mon, Dec 16, 2019 at 09:05:47PM +0100, Claudio Jeker wrote:
> On Mon, Dec 16, 2019 at 08:02:55PM +0100, Mark Kettenis wrote:
> > > Date: Mon, 16 Dec 2019 12:37:51 +0100
> > > From: Claudio Jeker
> > >
> > > This diff should add support for newer smbus controllers used on newer AMD
> > > chipse
On Mon, Dec 16, 2019 at 03:19:30PM +0100, Claudio Jeker wrote:
> On Mon, Dec 16, 2019 at 08:46:21AM -0500, Bryan Steele wrote:
> > On Mon, Dec 16, 2019 at 12:37:51PM +0100, Claudio Jeker wrote:
> > > This diff should add support for newer smbus controllers used on newer
On Mon, Dec 16, 2019 at 12:37:51PM +0100, Claudio Jeker wrote:
> This diff should add support for newer smbus controllers used on newer AMD
> chipsets. Especially Hudson-2 and Kerncz based chipsets. On my Ryzen 5 the
> iic(4) busses attach but there is nothing detected on them (well possible
> that
On Fri, Nov 29, 2019 at 11:06:45AM +, Ricardo Mestre wrote:
> Hi,
>
> After fork(2) the main proc needs rpath for {l,}stat/open and sendfd for
> imsg_*
> to send fds to the child proc which is already pledged by recvfd to receive
> them.
>
> Still passes regress tests, OK?
>
> Index: file.c
On Fri, Oct 18, 2019 at 07:39:26AM -0600, Nelson H. F. Beebe wrote:
> Because I dislike splitting disks into numerous partitions, each of
> whose sizes is a future show-stopper when they prove too small, I
> generally split disks into just root + swap. Thus, I find on our
> currently 7 versions of
On Wed, Oct 09, 2019 at 07:37:11AM +0200, Job Snijders wrote:
> On Tue, Oct 08, 2019 at 09:57:42PM -0600, Theo de Raadt wrote:
> > Sometime in the last week OpenBSD crossed 400,000 commits (*) upon all
> > our repositories since starting at 1995/10/18 08:37:01
> > Canada/Mountain. That's a lot of
On Fri, Oct 04, 2019 at 01:57:31PM +0200, Mischa wrote:
> Hi All,
>
> Does it make sense to add my talk on vmm/vmd at EuroBSDCon to the events.html
> page?
> If it does, below is the diff. (Thanx Paul! :))
>
> Mischa
done.
> Index: events.html
>
7 Sep 2019 16:24:03 -
@@ -0,0 +1,170 @@
+/* $OpenBSD$ */
+
+/*
+ * Copyright (c) 2019 Bryan Steele
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and
On Wed, Aug 28, 2019 at 12:03:07PM -0600, Theo de Raadt wrote:
> ping and traceroute are setuid programs, so increased access-reduction
> features are worthwhile.
>
> they can both lock their filesystem visibility to "readonly" very early on.
>
> the attack model being prevented against is very o
On Mon, Aug 26, 2019 at 11:01:26AM +0100, Ricardo Mestre wrote:
> Hi,
>
> Currently vmd(8) has 3 processes that run under chroot(2)/chdir(2), namely
> control, vmm and priv. From these both control and vmm already run under
> different pledge(2)s but without any filesystem access, priv in the othe
On Mon, Aug 05, 2019 at 04:58:27PM +0300, Paul Irofti wrote:
> Hi,
>
> Here is a third version of the TSC diff that also take into
> consideration the suspend-resume path which was ignored by the previous
> thus rendering resume broken.
>
> Have a go at it. Reports are welcome. So far I only got
On Fri, Aug 02, 2019 at 01:29:37PM +0300, Paul Irofti wrote:
> Hi,
>
> Here is an updated diff with a few bugs eliminated from the previous and
> with most of the concerns I got in private and from Mark fixed.
>
> I will do the TSC_ADJUST_MSR dance in another iteration if the current
> incarnatio
On Thu, Jul 25, 2019 at 10:06:52AM -0400, Bryan Steele wrote:
> On Thu, Jul 18, 2019 at 05:44:21PM -0400, Bryan Steele wrote:
> > On Thu, Jul 18, 2019 at 11:46:46AM -0400, Bryan Steele wrote:
> > > On Thu, Jul 18, 2019 at 04:13:10PM +0200, Alexander Bluhm wrote:
> > > &g
On Thu, Jul 18, 2019 at 05:44:21PM -0400, Bryan Steele wrote:
> On Thu, Jul 18, 2019 at 11:46:46AM -0400, Bryan Steele wrote:
> > On Thu, Jul 18, 2019 at 04:13:10PM +0200, Alexander Bluhm wrote:
> > > Hi,
> > >
> > > Can we track unveil(2) violators in proces
On Sun, Jul 21, 2019 at 05:57:32PM +0200, Ingo Schwarze wrote:
> Hi,
>
> Bryan Steele wrote on Fri, Jul 19, 2019 at 06:14:56PM -0400:
> > On Sat, Jul 20, 2019 at 12:03:03AM +0200, Jesper Wallin wrote:
> >> On Fri, Jul 19, 2019 at 05:14:03PM -0400, Bryan Steele wrote:
&g
On Sat, Jul 20, 2019 at 12:03:03AM +0200, Jesper Wallin wrote:
> On Fri, Jul 19, 2019 at 05:14:03PM -0400, Bryan Steele wrote:
> > I suspect that in secure/-S mode, the :pre[serve] should either be
> > disabled, or modified to stop calling sendmail. The mail it is sending
> &g
On Fri, Jul 19, 2019 at 09:43:14PM +0200, Jesper Wallin wrote:
> Hi all,
>
> When using vi(1) with secure mode (-S), both 'proc' and 'exec' are
> stripped from the pledge promise. This breaks the :pre[serve] command
> as it uses fork(2). This is broken on 6.4, 6.5 and -current.
>
> Re-add the '
On Thu, Jul 18, 2019 at 11:46:46AM -0400, Bryan Steele wrote:
> On Thu, Jul 18, 2019 at 04:13:10PM +0200, Alexander Bluhm wrote:
> > Hi,
> >
> > Can we track unveil(2) violators in process accounting lastcomm(1)?
> > This makes it easier to find them.
> >
On Thu, Jul 18, 2019 at 04:13:10PM +0200, Alexander Bluhm wrote:
> Hi,
>
> Can we track unveil(2) violators in process accounting lastcomm(1)?
> This makes it easier to find them.
>
> $ lastcomm | grep -e '-[A-Z]U'
> pflogd -FU root__ 0.00 secs Thu Jul 18 14:19 (2:33:22.00)
>
On Wed, Jul 10, 2019 at 03:44:55PM +0100, Ricardo Mestre wrote:
> Hi,
>
> Since the last email I sent, mentioned at the bottom, dhclient(8) has dropped
> support for re-execing itself on SIGHUP and so what path, hardcoded or not,
> should be unveiled for the executable is out of this conversation.
On Sat, Jul 06, 2019 at 03:27:04PM -0700, Andrew Hewus Fresh wrote:
> I wrote up a tiny unveil(2) wrapper for perl, similar to the pledge(2)
> wrapper we have in tree. It passes the tests I wrote, but it's entirely
> possible I'm doing something terrible wrong.
>
> But, I think it could be useful
On Sat, Jun 15, 2019 at 04:05:14PM +0200, Srikant T wrote:
> + /* XXX cludge to let Xorg function */
> + if (35 == p->p_ucred->cr_uid)
> + return;
This is completely unacceptable.
Kludge is spelled with a K.
> ---
> END.
>
>
On Thu, May 30, 2019 at 12:09:01AM -0500, Katherine Rohl wrote:
> Okay, here's the first pass of my 8042 device - I wasn't able to figure out
> how to tie the reset line to the guest VM reset, so I was hoping someone
> could give me a hand with that. Other than that, it attaches to i386 and
> am
On Sun, May 26, 2019 at 03:57:48PM +0200, Jan-Piet Mens wrote:
> I noticed hosts(5) still mentions YP in spite of support for the latter
> having been removed in [1]. This minuscule patch corrects the man page.
>
> Index: share/man/man5/hosts.5
> ===
On Tue, May 21, 2019 at 07:34:05AM +0200, Martijn van Duren wrote:
> Hello Jesper,
> On 5/20/19 10:58 PM, Jesper Wallin wrote:
> > Hi all,
> >
> > When ex/vi is started with -S (secure), a stricter pledge is used to
> > prevent exec from being used. It's tedious to specify -S all the time
> > and
On Tue, Apr 30, 2019 at 06:23:57PM +0100, Ricardo Mestre wrote:
> Went through my old sent emails and saw this one still pending on my tree.
>
> Is this OK?
>
> On 13:02 Wed 07 Nov , Ricardo Mestre wrote:
> > Hi,
> >
> > tcpdrop(8) needs to access only two files, in this case /etc/hosts and
On Wed, Apr 24, 2019 at 03:08:59PM +0200, Fabio Scotoni wrote:
> This diff updates the acme-client(1) STANDARDS section.
> Currently, it lists an RFC draft for the ACME protocol.
> Since March of this year, there is a proposed standard with an actual
> RFC number.
>
> While at it, make the format
On Mon, Apr 22, 2019 at 10:06:44PM +, Bryan Everly wrote:
> Hi @tech,
>
> I just got through building a new desktop machine and thought I'd
> install OpenBSD -current on it. The install kernel booted quite fast,
> but now that I have the real kernel there, it takes approximately 5
> minutes t
On Mon, Apr 01, 2019 at 02:30:22AM +0200, Florian Obser wrote:
> OK?
>
> diff --git server_http.c server_http.c
> index 6c8549d2b41..f04a15bd056 100644
> --- server_http.c
> +++ server_http.c
> @@ -1176,7 +1176,7 @@ server_response(struct httpd *httpd, struct client *clt)
> struct http_descr
On Fri, Jan 04, 2019 at 11:52:05AM -0500, Ted Unangst wrote:
> Theo de Raadt wrote:
> > > unveil isn't really buying much if you pledge "rpath" immediately after,
> > > so if you want just add another pledge here instead, that is fine.
> >
> > "rpath" is obviously cheaper than unveil of even 1 fil
On Thu, Jan 03, 2019 at 08:26:00PM -0500, Ted Unangst wrote:
> Ted Unangst wrote:
> > Bryan Steele wrote:
> > > It is not possible to unveil(2) all arguments passed to file(1), as this
> > > would require walking *argv. Instead, we can unveil("/", "r"
It is not possible to unveil(2) all arguments passed to file(1), as this
would require walking *argv. Instead, we can unveil("/", "r") to permit
readonly access to the entire filesystem, while restricting all execute
write, and create operations.
This only provides some additional early protection
tcpdump's privsep monitor process handles any privileged operations on
behalf of the unprivileged "packet parser" process. After this, it
enters its final runtime state, which:
* Performs DNS and other "numbers to names" lookups, sending results
back over a pipe/socketpair.
* Displays the final pa
This was suggested by deraadt@, sorry.
On Thu, Nov 08, 2018 at 08:05:13PM -0500, Bryan Steele wrote:
> These libc functions are used to map hardware MAC addresses to hostnames
> and vice versa. If it exists, /etc/ethers will typically contain a
> number of lines like so:
>
> 34
These libc functions are used to map hardware MAC addresses to hostnames
and vice versa. If it exists, /etc/ethers will typically contain a
number of lines like so:
34:00:8a:56:10:20 superman
In addition to that, there is support for using a YP (nee Yellow Pee)
lookup service:
"If a '+' ap
On Wed, Nov 07, 2018 at 07:32:25PM -0500, Bryan Steele wrote:
> On Wed, Nov 07, 2018 at 07:06:09PM -0500, Bryan Steele wrote:
> > I'm revisiting some old tcpdump diffs, now that mestre@ has added proper
> > unveil(2) support! :-)
> >
> > Refresher: htt
On Wed, Nov 07, 2018 at 07:06:09PM -0500, Bryan Steele wrote:
> I'm revisiting some old tcpdump diffs, now that mestre@ has added proper
> unveil(2) support! :-)
>
> Refresher: https://marc.info/?l=openbsd-tech&m=150535073209723&w=2
>
> This hoists opening pf.o
I'm revisiting some old tcpdump diffs, now that mestre@ has added proper
unveil(2) support! :-)
Refresher: https://marc.info/?l=openbsd-tech&m=150535073209723&w=2
This hoists opening pf.os(5) fingerprints '-o' from the 'RUN' state to
the 'FILTER' state, this will allow for a reduced pledge(2) at
This is OpenBSD tech@
On Sat, Oct 20, 2018 at 08:36:33PM +0100, Andrew Grillet wrote:
> So, substitute opening and closing the connection to the network?
>
> Is the IOMMU not used for disk (and all SCSI) access also?
>
>
>
> On Sat, 20 Oct 2018 at 20:32, Theo de Raadt wrote:
>
> > Andrew Gri
1 - 100 of 188 matches
Mail list logo