Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?)
[CC list trimmed] If memory serves me right, "Greg 'groggy' Lehey" wrote: > 2. Document these things very well. Both this ssh change and the X > without TCP change are confusing. If three core team members were > surprised, it's going to surprise the end user a whole lot more. The SSH change happened before 4.5-RELEASE, but wasn't documented. I admit to having been totally unaware of this change at the time. green and I made several attempts at an item for the errata, which, while not perfect, does give some workarounds for the problem, including almost every one mentioned in this thread. So far, it looks like precious few people on this thread actually read it. :-( > We should at least have had a HEADS UP, Having run into the SSH change myself, I agree. I haven't bumped into the "X without TCP" change. > and we probably need a > security policy document with the distributions. Hmmm. Still trying to wrap my mind around this concept, but I'm worried that people won't read *that* document either. In any case, someone needs to maintain it to make sure it doesn't get stale. Cheers, Bruce. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: "boot -a" in 4.5-STABLE
Marc Heckmann wrote: > > I've got 4.5-STABLE setup here with vinum as per the Vinum bootstrapping howto > (http://www.freebsd.org/doc/en_US.ISO8859-1/articles/vinum/index.html). > > I have ad0s1a which is "/" and ad2s1a which is mounted on /rootback, it's an > exact copy of the "/" filesystem. ^ [SNIP] > mountroot> ufs:/dev/ad2s1a > Mounting root from ufs:/dev/ad0s1a < NOTE this if the root partitions are identical, the /etc/fstab files are also identical, so you are truing to mount the initial root paartition from the second disk. TfH To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?)
> be able to use it too. I'd suggest that we do the following: > > 1. Give the user the choice of these additional features at > installation time. Recommend the procedures, but explain that you > need to understand the differences. > > 2. Document these things very well. Both this ssh change and the X > without TCP change are confusing. If three core team members were > surprised, it's going to surprise the end user a whole lot more. > We should at least have had a HEADS UP, and we probably need a > security policy document with the distributions. > I disagree somewhat with #1. A "secure by default" policy is by far more favorable than a "not so secure by default, but we'll try to let you know how to make it more secure easily" policy. Consider a move to make telnetd commented out in inetd.conf a default. Many newcomers will of course be baffled, but it is in the long run a better policy, and people will get used to it. This example is somewhat of an *extremely* simplified analogy to adding s/key authentication as a default before password authentication, but it still holds in that a default installation had better be more secure than not. If FreeBSD were to have installation dialogues with the user suggesting that the user install certain components for security purposes, the user will likely opt for the default "button," which I assume in this case would default to have the less secure, more conventional option. I think that #2 alone is the way to go. Make it "clear" (not that that is necessarily an easy task) that the default install of a certain software package no longer follows what has historically been the default, or at least do so in the case where the software will become unusable to the unknowing user. Perhaps a "SEVERE DIFFERENCES" section of www.freebsd.org is in order? 8D -Anthony. > Greg > -- > See complete headers for address and phone numbers > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-hackers" in the body of the message --- PGP key at: http://www.keyserver.net/ http://www.anthonydotcom.com/gpgkey/key.txt Home: http://www.anthonydotcom.com --- msg33750/pgp0.pgp Description: PGP signature
Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?)
On Monday, 22 April 2002 at 19:53:06 -0700, Jordan Hubbard wrote: >> That fix relies on the extensive PAM updates in -CURRENT however; in >> -STABLE it can probably be similarly replicated via appropriate tweaking >> of sshd (?). > > Why not fix it in stable by the very simple tweaking of the > ChallengeResponseAuthentication to no in the sshd config file we ship > Trust me, this question is going to come up a _lot_ for us otherwise. :( I've been noticing a continuing trend for more and more "safe" configurations the default. I spent half a day recently trying to find why I could no longer open windows on my X display, only to discover that somebody had turned off tcp connections by default. I have a problem with this, and as you imply, so will a lot of other people. As a result of this sort of thing, people trying to migrate from other systems will probably just give up. I certainly would have. While it's a laudable aim to have a secure system, you have to be able to use it too. I'd suggest that we do the following: 1. Give the user the choice of these additional features at installation time. Recommend the procedures, but explain that you need to understand the differences. 2. Document these things very well. Both this ssh change and the X without TCP change are confusing. If three core team members were surprised, it's going to surprise the end user a whole lot more. We should at least have had a HEADS UP, and we probably need a security policy document with the distributions. Greg -- See complete headers for address and phone numbers To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
[no subject]
Subject: VIRUS IN YOUR MAIL V I R U S A L E R T Our viruschecker found the 'W32/Klez-G' 'W32/Klez-G' virus(es) in your email. Please check your system for viruses, or ask your system administrator to do so. For your reference, here are the headers from your email: - BEGIN HEADERS - Received: from uzdeco.com (unknown [218.30.255.44]) by mx2.irbs.com (Postfix) with ESMTP id A8FAA78201 for <[EMAIL PROTECTED]>; Mon, 22 Apr 2002 23:28:31 -0400 (EDT) Received: from Zioiupbq (leonid.uzdeco.com [192.168.1.9]) by uzdeco.com (8.9.3/8.8.7) with SMTP id IAA21828 for <[EMAIL PROTECTED]>; Tue, 23 Apr 2002 08:33:30 +0500 Date: Tue, 23 Apr 2002 08:33:30 +0500 Message-Id: <[EMAIL PROTECTED]> From: freebsd-hackers <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Language MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=GBo5i03a6i54ow66T9pu743m3P -- END HEADERS -- To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: implementing linux mmap2 syscall
On Monday 22 April 2002 10:06 am, you wrote: > Kenneth Culver writes: > > static inline unsigned long do_mmap(struct file *file, unsigned long > > addr, > > <..> > > >ret = do_mmap_pgoff(file, addr, len, prot, flag, offset >> > > PAGE_SHIFT); out: > >return ret; > > } > > > > This is what mmap2 does: > > > > andstatic inline long do_mmap2( > >unsigned long addr, unsigned long len, > >unsigned long prot, unsigned long flags, > >unsigned long fd, unsigned long pgoff) > > <...> > > >error = do_mmap_pgoff(file, addr, len, prot, flags, pgoff); > > > > > > So what it looks like to me is that mmap2 expects an offset that's > > already page-aligned (I'm not sure if this is the right way to say it), > > where mmap doesn't. the FreeBSD code in the linuxulator basically just > > takes the offset > > To me, it looks like mmap2 takes an offset that's a page index, rather > than a byte position. Since linux passes the offset with a 32-bit > long, rather than a 64-bit off_t like we do, they need to do this in > order to be able to map offsets larger than 4GB into a file. > > For linux_mmap2, I'd think we want to do roughly the same things as > linux_mmap, but with bsd_args.pos = ctob((off_t)linux_args.pos) > > Drew OK, I found another problem, here it is: static void linux_prepsyscall(struct trapframe *tf, int *args, u_int *code, caddr_t *params) { args[0] = tf->tf_ebx; args[1] = tf->tf_ecx; args[2] = tf->tf_edx; args[3] = tf->tf_esi; args[4] = tf->tf_edi; *params = NULL; /* no copyin */ } Basically, linux_mmap2 takes 6 args, and this looks here like only 5 args are making it in... I checked this because the sixth argument to linux_mmap2() in truss was showing 0x6, but when I printed out that arg from the kernel, it was showing 0x0. Am I correct here? Ken To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: ssh + compiled-in SKEY support considered harmful?
At 6:40 PM -0700 4/22/02, Peter Wemm wrote: >Mike Meyer wrote: > > Jordan Hubbard <[EMAIL PROTECTED]> typed: > > > My question: Who's "wrong" here, FreeBSD or Mac OS X? If the latter, >> >> Someone decided that FreeBSD should do challengeresponse >> authentication by default. You can fix it by uncommenting the line >> "#ChallengeResponseAuthentication no" in /etc/ssh/sshd_config. > >AHA! I've been wondering about this too. I cheated and set >"Protocol 1,2" to avoid the whole issue. The release notes at: http://www.FreeBSD.org/releases/4.5R/errata.html imply you can also fix this on the client side by adding the line: PreferredAuthentications publickey,password,keyboard-interactive to your own ~/.ssh/config file (useful if you need to connect to some machine where you can't change the /etc/ssh/sshd_config file). Usually I wouldn't know these things, but I just happened to be reading the errata notes a few minutes ago... :-) -- Garance Alistair Drosehn= [EMAIL PROTECTED] Senior Systems Programmer or [EMAIL PROTECTED] Rensselaer Polytechnic Instituteor [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: ssh + compiled-in SKEY support considered harmful?
On Mon, 22 Apr 2002, Terry Lambert wrote: > When the default behaviour is changed, the dicussion belongs here, I was only joking...hence the ;-) on the end. The original question wasn't why did the defualt configuration change but "what changed" anyway. Andrew To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: ssh + compiled-in SKEY support considered harmful?
> That fix relies on the extensive PAM updates in -CURRENT however; in > -STABLE it can probably be similarly replicated via appropriate tweaking > of sshd (?). Why not fix it in stable by the very simple tweaking of the ChallengeResponseAuthentication to no in the sshd config file we ship Trust me, this question is going to come up a _lot_ for us otherwise. :( - Jordan To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: ssh + compiled-in SKEY support considered harmful?
Andrew wrote: > On Mon, 22 Apr 2002, Jordan Hubbard wrote: > > We at Apple are noticing a strange problem with newer versions of > > ssh (which has been upgraded to OpenSSH_3.1p1) and FreeBSD 4.5-STABLE's > > sshd. This problem did not occur with our older ssh, but it also does not > > It's just your settings. Issues like this really belong on -questions ;-) > > You can put "ChallengeResponseAuthentication no" into ssh{,d}_config on > either end. I beg to differ. When the default behaviour is changed, the dicussion belongs here, since here is where the proplr who live who can change it back to The Way It Is Supposed To Be By Default(tm). IMO, you should have to: "Add ``ChallengeResponseAuthentication yes'' to get the new behaviour" NOT: "Add ``ChallengeResponseAuthentication no'' to get the historical behaviour" It's really damn annoying. Maybe the intention was to subtlely harass people who put passwords challenge/response pairs into shell scripts, but the effect has been to unsubtlely harass people who wire their typing of passwords into their medulla. -- Terry To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: ssh + compiled-in SKEY support considered harmful?
On Mon, 22 Apr 2002, Jordan Hubbard wrote: > That would be my question as well, especially since "everyone else" > seems to use that default. Thanks to all who responded, and so quickly > at that - this at least clarified the situation (and gave me a way > out!). This was discussed fairly extensively regarding -current: basically, s/key is "greedy" and attempts to fake s/key responses even for users who don't have s/key enabled. Nothing is wrong with challenge response -- arguably, that's a cleaner way to handle things as a default in the client, since it means if you connect to a server that does want to use challenge response, it DTRT. The fix in -CURRENT, I believe, was to make s/key "faking" for non-enabled users be an option, and to turn the option off by default. That fix relies on the extensive PAM updates in -CURRENT however; in -STABLE it can probably be similarly replicated via appropriate tweaking of sshd (?). Robert N M Watson FreeBSD Core Team, TrustedBSD Project [EMAIL PROTECTED] NAI Labs, Safeport Network Services To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: implementing linux mmap2 syscall
Kenneth Culver wrote: > > This is too much work. > > > > Basically, it just wants to bitch when the offset is not page > > aligned, and then call the old mmap if it doesn't bitch. > > > OK, I think I can do that, thanks for the help. Will anyone be interested in > patches when/if I get this working? I also implemented ftruncate64 (which > just calls ftruncate). Sure. PR them, and then send email to whoever CVS says touched them last. -- Terry To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: ssh + compiled-in SKEY support considered harmful?
That would be my question as well, especially since "everyone else" seems to use that default. Thanks to all who responded, and so quickly at that - this at least clarified the situation (and gave me a way out!). - Jordan > shouldn't the default be no skey? > > On Mon, Apr 22, 2002 at 09:41:20PM -0400, Anthony Schneider wrote: > > On Mon, Apr 22, 2002 at 08:04:43PM -0500, Mike Meyer wrote: > > > In <[EMAIL PROTECTED]>, Jordan Hubbard typed: > > > > My question: Who's "wrong" here, FreeBSD or Mac OS X? If the latter, > > > > > > Someone decided that FreeBSD should do challengeresponse > > > authentication by default. You can fix it by uncommenting the line > > > "#ChallengeResponseAuthentication no" in /etc/ssh/sshd_config. > > > > > > > that's what fixxed it for me, too. > > SkeyAuthentication no also does it. :) > > -Anthony. > > > > --- > > PGP key at: > > http://www.keyserver.net/ > > http://www.anthonydotcom.com/gpgkey/key.txt > > Home: > > http://www.anthonydotcom.com > > --- > > > > > > -- > pgp fingerprint: BC64 2E7A CAEF 39E1 9544 80CA F7D5 784D FB46 16C1 To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: ssh + compiled-in SKEY support considered harmful?
On Mon, 22 Apr 2002, Jordan Hubbard wrote: > We at Apple are noticing a strange problem with newer versions of > ssh (which has been upgraded to OpenSSH_3.1p1) and FreeBSD 4.5-STABLE's > sshd. This problem did not occur with our older ssh, but it also does not It's just your settings. Issues like this really belong on -questions ;-) You can put "ChallengeResponseAuthentication no" into ssh{,d}_config on either end. Andrew To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: ssh + compiled-in SKEY support considered harmful?
shouldn't the default be no skey? On Mon, Apr 22, 2002 at 09:41:20PM -0400, Anthony Schneider wrote: > On Mon, Apr 22, 2002 at 08:04:43PM -0500, Mike Meyer wrote: > > In <[EMAIL PROTECTED]>, Jordan Hubbard ><[EMAIL PROTECTED]> typed: > > > My question: Who's "wrong" here, FreeBSD or Mac OS X? If the latter, > > > > Someone decided that FreeBSD should do challengeresponse > > authentication by default. You can fix it by uncommenting the line > > "#ChallengeResponseAuthentication no" in /etc/ssh/sshd_config. > > > > that's what fixxed it for me, too. > SkeyAuthentication no also does it. :) > -Anthony. > > --- > PGP key at: > http://www.keyserver.net/ > http://www.anthonydotcom.com/gpgkey/key.txt > Home: > http://www.anthonydotcom.com > --- > -- pgp fingerprint: BC64 2E7A CAEF 39E1 9544 80CA F7D5 784D FB46 16C1 To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: ssh + compiled-in SKEY support considered harmful?
Mike Meyer wrote: > In <[EMAIL PROTECTED]>, Jordan Hubbard typed: > > My question: Who's "wrong" here, FreeBSD or Mac OS X? If the latter, > > Someone decided that FreeBSD should do challengeresponse > authentication by default. You can fix it by uncommenting the line > "#ChallengeResponseAuthentication no" in /etc/ssh/sshd_config. AHA! I've been wondering about this too. I cheated and set "Protocol 1,2" to avoid the whole issue. Cheers, -Peter -- Peter Wemm - [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] "All of this is for nothing if we don't go to the stars" - JMS/B5 To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: ssh + compiled-in SKEY support considered harmful?
On Mon, Apr 22, 2002 at 08:04:43PM -0500, Mike Meyer wrote: > In <[EMAIL PROTECTED]>, Jordan Hubbard ><[EMAIL PROTECTED]> typed: > > My question: Who's "wrong" here, FreeBSD or Mac OS X? If the latter, > > Someone decided that FreeBSD should do challengeresponse > authentication by default. You can fix it by uncommenting the line > "#ChallengeResponseAuthentication no" in /etc/ssh/sshd_config. > that's what fixxed it for me, too. SkeyAuthentication no also does it. :) -Anthony. --- PGP key at: http://www.keyserver.net/ http://www.anthonydotcom.com/gpgkey/key.txt Home: http://www.anthonydotcom.com --- msg33736/pgp0.pgp Description: PGP signature
Re: ssh + compiled-in SKEY support considered harmful?
In <[EMAIL PROTECTED]>, Jordan Hubbard <[EMAIL PROTECTED]> typed: > My question: Who's "wrong" here, FreeBSD or Mac OS X? If the latter, Someone decided that FreeBSD should do challengeresponse authentication by default. You can fix it by uncommenting the line "#ChallengeResponseAuthentication no" in /etc/ssh/sshd_config. http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: ssh + compiled-in SKEY support considered harmful?
On Mon, Apr 22, 2002 at 05:39:26PM -0700, Jordan Hubbard wrote: > > My question: Who's "wrong" here, FreeBSD or Mac OS X? If the latter, > why doesn't Linux or anything else produce this problem? I ask now > because I know that the usage of Mac OS X is growing and there are going > to be a lot of annoyed users (like me!) who very quickly get tired > of having to wind through all the bogus S/Key password prompts before > they can actually type in their real password (and no, skey is not > enabled on winston and I have never done a keyinit operation, so I couldn't > S/Key authenticate to it if I wanted to). > I got it sshing from -current to a freshly installed 4.5 box and it continued to happen when I upgraded the 4.5 box to 5.0-DP1. It doesn't happen when I ssh to my regular -stable server, but I've not investigated the reasons why. Joe msg33734/pgp0.pgp Description: PGP signature
ssh + compiled-in SKEY support considered harmful?
We at Apple are noticing a strange problem with newer versions of ssh (which has been upgraded to OpenSSH_3.1p1) and FreeBSD 4.5-STABLE's sshd. This problem did not occur with our older ssh, but it also does not occur with the newer version and *any* other OS other than FreeBSD, e.g. if you ssh to a Linux or Solaris or Mac OS X box, for that matter, you will not see this behavior. What behavior am I talking about? This: jhubbard@wafer-> ssh [EMAIL PROTECTED] otp-md5 114 wi7854 ext S/Key Password: otp-md5 117 wi5044 ext S/Key Password: otp-md5 397 wi0652 ext S/Key Password: [EMAIL PROTECTED]'s password: The machine "wafer" is a Mac OS X box running 10.1.3 and winston.freebsd.org is running FreeBSD 4.5-STABLE. The authentication method which tries this S/Key stuff is "keyboard-interactive" and this is tried, for some reason, before the "password" auth method. If you compile sshd on the FreeBSD side without SKEY support built-in, the problem also goes away. My question: Who's "wrong" here, FreeBSD or Mac OS X? If the latter, why doesn't Linux or anything else produce this problem? I ask now because I know that the usage of Mac OS X is growing and there are going to be a lot of annoyed users (like me!) who very quickly get tired of having to wind through all the bogus S/Key password prompts before they can actually type in their real password (and no, skey is not enabled on winston and I have never done a keyinit operation, so I couldn't S/Key authenticate to it if I wanted to). - Jordan To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
So cool a flash,enjoy it
To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: implementing linux mmap2 syscall
> Basically, it just wants to bitch when the offset is not page > aligned, and then call the old mmap if it doesn't bitch. > Basically I misunderstood what the linux mmap2 was doing, it recieves an offset as a number of pages, not as bytes, so by definition it's already page aligned. All I have to do is convert the number of pages to a number of bytes and pass it along to FreeBSD's mmap. Thanks! Ken To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
make installworld failed on 4.0-RELEASE
Hi, I have a problem when installing 4-STABLE on 4.0-RELEASE from remotely mounted /usr/src and /usr/obj: ELF binary type not known. Use "brandelf" to brand it Why? === [skipped] -- >>> Installing everything.. -- cd /usr/src; make -f Makefile.inc1 install ===> share/info ===> include if [ -h /usr/include/cam ]; then rm -f /usr/include/cam; fi if [ -h /usr/include/msdosfs ]; then rm -f /usr/include/msdosfs; fi if [ -h /usr/include/net ]; then rm -f /usr/include/net; fi if [ -h /usr/include/netatalk ]; then rm -f /usr/include/netatalk; fi if [ -h /usr/include/netatm ]; then rm -f /usr/include/netatm; fi if [ -h /usr/include/netgraph ]; then rm -f /usr/include/netgraph; fi if [ -h /usr/include/netinet ]; then rm -f /usr/include/netinet; fi if [ -h /usr/include/netinet6 ]; then rm -f /usr/include/netinet6; fi if [ -h /usr/include/netipx ]; then rm -f /usr/include/netipx; fi if [ -h /usr/include/netkey ]; then rm -f /usr/include/netkey; fi if [ -h /usr/include/netnatm ]; then rm -f /usr/include/netnatm; fi if [ -h /usr/include/netncp ]; then rm -f /usr/include/netncp; fi if [ -h /usr/include/netns ]; then rm -f /usr/include/netns; fi if [ -h /usr/include/netsmb ]; then rm -f /usr/include/netsmb; fi if [ -h /usr/include/nfs ]; then rm -f /usr/include/nfs; fi if [ -h /usr/include/ntfs ]; then rm -f /usr/include/ntfs; fi if [ -h /usr/include/nwfs ]; then rm -f /usr/include/nwfs; fi if [ -h /usr/include/pccard ]; then rm -f /usr/include/pccard; fi if [ -h /usr/include/posix4 ]; then rm -f /usr/include/posix4; fi if [ -h /usr/include/sys ]; then rm -f /usr/include/sys; fi if [ -h /usr/include/vm ]; then rm -f /usr/include/vm; fi if [ -h /usr/include/fs/smbfs ]; then rm -f /usr/include/fs/smbfs; fi if [ -h /usr/include/isofs/cd9660 ]; then rm -f /usr/include/isofs/cd9660; fi if [ -h /usr/include/ufs/ffs ]; then rm -f /usr/include/ufs/ffs; fi if [ -h /usr/include/ufs/mfs ]; then rm -f /usr/include/ufs/mfs; fi if [ -h /usr/include/ufs/ufs ]; then rm -f /usr/include/ufs/ufs; fi if [ -h /usr/include/dev/ppbus ]; then rm -f /usr/include/dev/ppbus; fi if [ -h /usr/include/dev/usb ]; then rm -f /usr/include/dev/usb; fi if [ -h /usr/include/machine ]; then rm -f /usr/include/machine; fi mtree -deU -f /usr/src/include/../etc/mtree/BSD.include.dist -p /usr/include cd /usr/src/include/../sys; install -C -o root -g wheel -m 444 cam/*.h /usr/include/cam ELF binary type not known. Use "brandelf" to brand it. Abort trap *** Error code 134 Stop in /usr/src/include. *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src. === - Dmitry To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: "boot -a" in 4.5-STABLE
You might try just booting it normally and letting it fail. Then enter th ufs:/dev/ad2s1a I do this all time when I stick a hd in a fast machine to install FBSD its gets ad4s what ever... but in the machine its ends up it needs to be ad0s whatever. after I mount every manually the first time, I just change my /etc/fstab file to be what it should and everything is happy. On Mon, 22 Apr 2002, Marc Heckmann wrote: > Hi, > > I've got 4.5-STABLE setup here with vinum as per the Vinum bootstrapping howto > (http://www.freebsd.org/doc/en_US.ISO8859-1/articles/vinum/index.html). > > I have ad0s1a which is "/" and ad2s1a which is mounted on /rootback, it's an > exact copy of the "/" filesystem. I wanted to try one of the failure scenarios > from the howto > (http://www.freebsd.org/doc/en_US.ISO8859-1/articles/vinum/failures.html) so I > shutdown the machine, unplugged the ad0 drive. The machine found the boot > loader on ad2 and I have a prompt.. so far so good.. > > I do "boot -as" so that I can manually tell the kernel which root filesystem to > mount. here is what I get: > > ad2: 95396MB [193821/16/63] at ata1-master UDMA66 > > Manual root filesystem specification: > : Mount using filesystem >eg. ufs:/dev/da0s1a > ? List valid disk boot devices > Abort manual input > > mountroot> ufs:/dev/ad2s1a > Mounting root from ufs:/dev/ad0s1a < NOTE this > Root mount failed: 6 > panic: Root mount failed, startup aborted. > > Why is it still trying to use ad0s1a as the root when I explicitly told it to > use /dev/ad2s1a? > > Any ideas? thanks in advance. > > -m > > -- > m. heckmann. > -- > merconic GmbH, Chausseestr. 128-129, D-10115 Berlin (Mitte) > Telefon +49-30-726265-200, Fax +49-30-726265-211, Durchwahl -200 > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-hackers" in the body of the message > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: implementing linux mmap2 syscall
Kenneth Culver wrote: > So what it looks like to me is that mmap2 expects an offset that's already > page-aligned (I'm not sure if this is the right way to say it), where mmap > doesn't. the FreeBSD code in the linuxulator basically just takes the offset > that is passed in with the linux mmap, and uses that to call FreeBSD's mmap > (the kernel version, not the one called from userland). So basically I'm > kinda stuck as to what to do to implement linux's mmap2. The only thing I can > think of is to implement a FreeBSD "mmap2" that basically assumes that the > offset passed in is already page aligned or whatever, and just uses it, and > then have linux_mmap2() just call the FreeBSD mmap2(). Any ideas? This is too much work. Basically, it just wants to bitch when the offset is not page aligned, and then call the old mmap if it doesn't bitch. -- Terry To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
"boot -a" in 4.5-STABLE
Hi, I've got 4.5-STABLE setup here with vinum as per the Vinum bootstrapping howto (http://www.freebsd.org/doc/en_US.ISO8859-1/articles/vinum/index.html). I have ad0s1a which is "/" and ad2s1a which is mounted on /rootback, it's an exact copy of the "/" filesystem. I wanted to try one of the failure scenarios from the howto (http://www.freebsd.org/doc/en_US.ISO8859-1/articles/vinum/failures.html) so I shutdown the machine, unplugged the ad0 drive. The machine found the boot loader on ad2 and I have a prompt.. so far so good.. I do "boot -as" so that I can manually tell the kernel which root filesystem to mount. here is what I get: ad2: 95396MB [193821/16/63] at ata1-master UDMA66 Manual root filesystem specification: : Mount using filesystem eg. ufs:/dev/da0s1a ? List valid disk boot devices Abort manual input mountroot> ufs:/dev/ad2s1a Mounting root from ufs:/dev/ad0s1a < NOTE this Root mount failed: 6 panic: Root mount failed, startup aborted. Why is it still trying to use ad0s1a as the root when I explicitly told it to use /dev/ad2s1a? Any ideas? thanks in advance. -m -- m. heckmann. -- merconic GmbH, Chausseestr. 128-129, D-10115 Berlin (Mitte) Telefon +49-30-726265-200, Fax +49-30-726265-211, Durchwahl -200 To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
RE: 4.5 STABLE - kernel panics
Just to add fuel to the fire, I'm getting this on 4.5-RELEASE on an Intel R440 SMP board with 2xPII-233 CPUs: ad4: UDMA ICRC error reading fsbn 1480839 of 0-103 Fatal trap 18: integer divide while in kernel mode mp_lock = 0102; cpuid = 1; lapic.id = instruction pointer = 0x8:0xc020ad39 stack pointer = 0x10:0xff80ff48 frame pointer = 0x10:0xff80ff5c code segment= base 0x0, limit 0x, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags= interrupt enabled, resume, IOPL = 0 current process = idle interrupt mask = bio <- SMP: XXX trap number = 18 panic: integer divide fault mp_lock = 0x0102; cpuid = 1; lapic.id = bot() called on CPU #1 syncing disks... 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 giving up on 8 buffers Uptime: 35s Automatic reboot in 15 seconds - press a key on the console to abort --> Press a key on the console to reboot, --> or switch off the system now -Original Message- From: Steven Goodwin [mailto:[EMAIL PROTECTED]] Sent: Saturday, 20 April 2002 7:32 PM To: Herbert Cc: [EMAIL PROTECTED] Subject: Re: 4.5 STABLE - kernel panics Hello. Just out of curiosity, what sort of hardware are you running? I get a similar kernel panic message ... Fatal trap 12: page fault while in kernel mode fault virtual address = 0xc4b4641e fault code = supervisor read, page not present ... while extracting large tarballs. I'm using a ASUS A7M266 motherboard and, unfortunately, I haven't been able to find a solution on this list (or freebsd-questions). Steve On Fri, 19 Apr 2002, Herbert wrote > Hei! > > When I have tried to compile QT-3.0.3 with g++30 today my > FreeBSD-STABLE kernel paniced while gmake was generating the Makefiles. > > # uname -a > FreeBSD freebsd3.rocks 4.5-STABLE FreeBSD 4.5-STABLE #0: Fri Apr 19 > 07:24:16 CEST 2002 > [EMAIL PROTECTED]:/usr/obj/usr/src/sys/ATAPICAM i386 > > Fatal trap 12: page fault while in kernel mode > fault virtual address = 0x46 > fault code = supervisor read, page not present > instruction pointer = 0x8:0xc02798d4 > stack pointer = 0x10:0xdd7d5c28 > frame pointer = 0x10:0xdd7d5c18 > code segment= base 0x0, limit 0xf, type 0x1b > = DPL 0, pres 1, def32 1, gran 1 > processor eflags= interrupt enabled, resume, IOPL = 0 > current process = 16947 (cpp0) > interrupt mask = none > trap number = 12 > panic: page fault > > syncing disks... 24 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 > done > Uptime: 6h15m10s > > (kgdb) bt > #0 dumpsys () at /usr/src/sys/kern/kern_shutdown.c:487 > #1 0xc016d313 in boot (howto=256) at > /usr/src/sys/kern/kern_shutdown.c:316 > #2 0xc016d751 in panic (fmt=0xc02bbfcc "%s") > at /usr/src/sys/kern/kern_shutdown.c:595 > #3 0xc027c36b in trap_fatal (frame=0xdd7d5be8, eva=70) > at /usr/src/sys/i386/i386/trap.c:966 > #4 0xc027c019 in trap_pfault (frame=0xdd7d5be8, usermode=0, eva=70) > at /usr/src/sys/i386/i386/trap.c:859 > #5 0xc027bb93 in trap (frame={tf_fs = 16, tf_es = 16, tf_ds = 16, > tf_edi = -574190496, tf_esi = -578986936, tf_ebp = -578986984, > tf_isp = -578986988, tf_ebx = 14, tf_edx = -578998272, > tf_ecx = 13077933, tf_eax = 14, tf_trapno = 12, tf_err = 0, > tf_eip = -1071146796, tf_cs = 8, tf_eflags = 66050, tf_esp = 0, > tf_ss = -579023232}) at /usr/src/sys/i386/i386/trap.c:458 > #6 0xc02798d4 in pmap_prefault (pmap=0x8, addra=66050, entry=0x0) > at /usr/src/sys/i386/i386/pmap.c:2535 > > Anyone knows what's going on here? > > Regards, > Herbert > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-hackers" in the body of the message > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: sendmail complaining about filedescriptors?
Gregory Neil Shapiro wrote: > wkb> Apr 22 09:29:50 freebie sendmail[253]: File descriptors missing on start up: stdout, stderr; Bad file descriptor > > sendmail always checks it's first three fd's at startup to avoid the > problem that has just come to light in the FreeBSD security announcement. > This is what is logged if sendmail has problems with them. It can be > ignored as sendmail attaches /dev/null to them. In this particular case it's a false alarm. There are fd's there, but they got revoke(2)'ed by the getty on the console. fstat(2) returns EBADF on the revoked fd's and is impossible to tell the difference between a revoke'd fd and a non-existing fd. Cheers, -Peter -- Peter Wemm - [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] "All of this is for nothing if we don't go to the stars" - JMS/B5 To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: implementing linux mmap2 syscall
On Monday 22 April 2002 06:29 am, you wrote: > Kenneth Culver wrote: > > So what it looks like to me is that mmap2 expects an offset that's > > already page-aligned (I'm not sure if this is the right way to say it), > > where mmap doesn't. the FreeBSD code in the linuxulator basically just > > takes the offset that is passed in with the linux mmap, and uses that to > > call FreeBSD's mmap (the kernel version, not the one called from > > userland). So basically I'm kinda stuck as to what to do to implement > > linux's mmap2. The only thing I can think of is to implement a FreeBSD > > "mmap2" that basically assumes that the offset passed in is already page > > aligned or whatever, and just uses it, and then have linux_mmap2() just > > call the FreeBSD mmap2(). Any ideas? > > This is too much work. > > Basically, it just wants to bitch when the offset is not page > aligned, and then call the old mmap if it doesn't bitch. > OK, I think I can do that, thanks for the help. Will anyone be interested in patches when/if I get this working? I also implemented ftruncate64 (which just calls ftruncate). Ken To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: implementing linux mmap2 syscall
> > AHH, ok I was wondering where PAGE_SHIFT was for FreeBSD. I guess ctob > > does what I need it to. I think that's probably why it still wasn't > > working yet... I think it also has to be page aligned before you pass it > > in though, I have to look at linux's do_mmap_pgoff() (I think that's the > > right function name) to see if it's expecting an already page-aligned arg, > > or if it's aligning it before it uses it. > > The name implies that do_mmap_pgoff() takes page-shift'ed args. > An offset specified as a page-shift is page-aligned by definition. > Eg, when you call ctob(pgoff) this turns out to be (pgoff << > PAGE_SHIFT) bytes. > > Drew > > That makes sense, regular linux mmap seems to expect the offset to be in bytes (from linux's mmap): ret = do_mmap_pgoff(file, addr, len, prot, flag, offset >> PAGE_SHIFT); Where linux's mmap2 does this: error = do_mmap_pgoff(file, addr, len, prot, flags, pgoff); so this looks to me like do_mmap_pgoff expects a page-aligned offset, meaning that the difference between a regular linux mmap, and linux's mmap2 is that mmap expects bytes, and mmap2 expects a page offset instead... even more is that linux's old_mmap (the one that we actually emulate in linux_mmap(), calls do_mmap2 with these args: err = do_mmap2(a.addr, a.len, a.prot, a.flags, a.fd, a.offset >> PAGE_SHIFT); so, I'll just do the ctob() and see what happens. :-) Ken To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: sendmail complaining about filedescriptors?
wkb> Apr 22 09:29:50 freebie sendmail[253]: File descriptors missing on startup: stdout, stderr; Bad file descriptor sendmail always checks it's first three fd's at startup to avoid the problem that has just come to light in the FreeBSD security announcement. This is what is logged if sendmail has problems with them. It can be ignored as sendmail attaches /dev/null to them. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
subscription
hi, pleasz subscribe me for freebsd-hackers list a. nasseh __ Do You Yahoo!? Yahoo! Games - play chess, backgammon, pool and more http://games.yahoo.com/ To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: sendmail complaining about filedescriptors?
Wilko Bulte wrote: > On -stable as of last week I see sendmail log errors on file descriptors > as in: > > Apr 22 09:29:16 freebie sm-msp-queue[126]: starting daemon (8.12.2): queueing @00:30:00 > Apr 22 09:29:50 freebie sendmail[253]: File descriptors missing on startup: s tdout, stderr; Bad file descriptor > Apr 22 09:29:50 freebie sendmail[253]: g3M7To31000253: from=wkb, size=449, cl ass=0, nrcpts=1, msgid=<[EMAIL PROTECTED]>, relay=wkb@l ocalhost > > etc. Mail arrives OK, mergemaster has been run. This is usually because fstat(2) fails on file descriptors that have been revoked. By the time that message is printed, the /dev/console descriptors that were inherited from /etc/rc etc would have been revoke(2)'ed by the getty on /dev/ttyv0 or ttyd0. cron also used to do this. It would end up with handles to the console that would get revoked, and sendmail would get upset when cron fired it up. I "fixed" that a while back in cron to ensure that it had valid handles. Have a look at lsof/fstat output for the revoked fd's, and you'll probably find some new ones now. Cheers, -Peter -- Peter Wemm - [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] "All of this is for nothing if we don't go to the stars" - JMS/B5 To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
sendmail complaining about filedescriptors?
On -stable as of last week I see sendmail log errors on file descriptors as in: Apr 22 09:29:16 freebie sm-msp-queue[126]: starting daemon (8.12.2): queueing@00:30:00 Apr 22 09:29:50 freebie sendmail[253]: File descriptors missing on startup: stdout, stderr; Bad file descriptor Apr 22 09:29:50 freebie sendmail[253]: g3M7To31000253: from=wkb, size=449, class=0, nrcpts=1, msgid=<[EMAIL PROTECTED]>, relay=wkb@localhost etc. Mail arrives OK, mergemaster has been run. Any idea? -- | / o / /_ _ [EMAIL PROTECTED] |/|/ / / /( (_) Bulte Arnhem, the Netherlands To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: implementing linux mmap2 syscall
Kenneth Culver writes: > > To me, it looks like mmap2 takes an offset that's a page index, rather > > than a byte position. Since linux passes the offset with a 32-bit > > long, rather than a 64-bit off_t like we do, they need to do this in > > order to be able to map offsets larger than 4GB into a file. > > > > For linux_mmap2, I'd think we want to do roughly the same things as > > linux_mmap, but with bsd_args.pos = ctob((off_t)linux_args.pos) > > > > Drew > > > > > AHH, ok I was wondering where PAGE_SHIFT was for FreeBSD. I guess ctob > does what I need it to. I think that's probably why it still wasn't > working yet... I think it also has to be page aligned before you pass it > in though, I have to look at linux's do_mmap_pgoff() (I think that's the > right function name) to see if it's expecting an already page-aligned arg, > or if it's aligning it before it uses it. The name implies that do_mmap_pgoff() takes page-shift'ed args. An offset specified as a page-shift is page-aligned by definition. Eg, when you call ctob(pgoff) this turns out to be (pgoff << PAGE_SHIFT) bytes. Drew To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: kernel backtrace of sleeping processes
In message <[EMAIL PROTECTED]>, Robe rt Watson writes: >Sigh. Remote gdb, not ddb. I tried the usual tricks (updating $sp in >gdb, etc) but gdb persisted in using the old frame. Nevermind. It seemed In gdb, the "proc" command switches processes, so this should work: proc bt Ian To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: implementing linux mmap2 syscall
> To me, it looks like mmap2 takes an offset that's a page index, rather > than a byte position. Since linux passes the offset with a 32-bit > long, rather than a 64-bit off_t like we do, they need to do this in > order to be able to map offsets larger than 4GB into a file. > > For linux_mmap2, I'd think we want to do roughly the same things as > linux_mmap, but with bsd_args.pos = ctob((off_t)linux_args.pos) > > Drew > > AHH, ok I was wondering where PAGE_SHIFT was for FreeBSD. I guess ctob does what I need it to. I think that's probably why it still wasn't working yet... I think it also has to be page aligned before you pass it in though, I have to look at linux's do_mmap_pgoff() (I think that's the right function name) to see if it's expecting an already page-aligned arg, or if it's aligning it before it uses it. Thanks Ken To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: A powful tool
thx . gros con. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: port trunking (was Re: FreeBSD Convention in EU)
On Mon, Apr 22, 2002 at 11:12:10 +0200, Andy Sporner wrote: > I have an interest to present either on Clustering or perhaps if the > timing is > right, a feature I am working on to bundle ethernet adapters as a single > virtual > adaptor (idea taken from Intel Adapter Teaming). You may want to take a look at: http://people.freebsd.org/~wpaul/FEC/ I haven't tried it, but it implements the Cisco Fast Etherchannel stuff. Anyone know why it hasn't made it into -current? Ken -- Kenneth Merry [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: FreeBSD Convention in EU -- OK Enough said ;-)
I have submitted a form for a presentation. I can only hope it is accepted. Thanks for all of your comments! :-) Andy To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
fix wrong pnp id comment
Current branch, pci_bus.c has wrong PNP ID comment. --- /sys/i386/pci/pci_bus.c.origMon Apr 22 16:13:02 2002 +++ /sys/i386/pci/pci_bus.c Mon Apr 22 16:13:29 2002 @@ -554,7 +554,7 @@ * people. */ static struct isa_pnp_id pcibus_pnp_ids[] = { - { 0x030ad041 /* PNP030A */, "PCI Bus" }, + { 0x030ad041 /* PNP0A03 */, "PCI Bus" }, { 0 } }; To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: FreeBSD Convention in EU
On Mon, Apr 22, 2002 at 11:12:10AM +0200, Andy Sporner wrote: > Hi, > > I heard some random comment here about a possible convention (sort of like > BSDCon) in Europe. Does anyone know about this or if there is going to be > such a thing? http://www.eurobsdcon2002.org/ > I have an interest to present either on Clustering or perhaps if the > timing is > right, a feature I am working on to bundle ethernet adapters as a single > virtual > adaptor (idea taken from Intel Adapter Teaming). > > Thanks in advance! > > > > Andy > > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-hackers" in the body of the message -- Dominic To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: FreeBSD Convention in EU
On Mon, 22 Apr 2002 11:12:10 +0200, Andy Sporner <[EMAIL PROTECTED]> wrote: > I heard some random comment here about a possible convention (sort of like > BSDCon) in Europe. Does anyone know about this or if there is going to be > such a thing? http://www.eurobsdcon2002.org/ marco To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
FreeBSD Convention in EU
Hi, I heard some random comment here about a possible convention (sort of like BSDCon) in Europe. Does anyone know about this or if there is going to be such a thing? I have an interest to present either on Clustering or perhaps if the timing is right, a feature I am working on to bundle ethernet adapters as a single virtual adaptor (idea taken from Intel Adapter Teaming). Thanks in advance! Andy To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
fix wrong PNP ID comment
Current branch, pci_bus.c has wrong PNP ID comment. --- /sys/i386/pci/pci_bus.c.origMon Apr 22 16:13:02 2002 +++ /sys/i386/pci/pci_bus.c Mon Apr 22 16:13:29 2002 @@ -554,7 +554,7 @@ * people. */ static struct isa_pnp_id pcibus_pnp_ids[] = { - { 0x030ad041 /* PNP030A */, "PCI Bus" }, + { 0x030ad041 /* PNP0A03 */, "PCI Bus" }, { 0 } }; __ Do You Yahoo!? Yahoo! Games - play chess, backgammon, pool and more http://games.yahoo.com/ To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message