Re: tuning for samba
Chad David wrote: A local company has been having issues with samba for some time (it kills an e250, and has seriously stressed an e5000) and I've been telling the admin (half seriously) that he should just toss it on a PC with FreeBSD. Well they finally got tired of hearing FreeBSD this and FreeBSD that and asked me to bring a box in if I was so confident... tomorrow morning at 9am. So, I'm building a new box tonight and was wondering if anybody has any tried and true tuning parameters for samba on -stable. They currently have ~700 users attached. The load per user is pretty low but just rebooting and handling the reconnects has killed small boxes. As a side note, the data being served will be attached to the samba server via NFS. The one thing I've seen kill a box besides the reboot-reconnect blast is content searches by the Windows Find dialog. All it takes is one user on a fast machine and network link doing the Windows equivalent of find / -name * -exec grep foo \{\} \; to run you out of file descriptors in a matter of seconds. Samba uses a seperate process for each connection, and Windows opens one connection per share. Most Windows users only work on one share at a time, so with two open shares on ~700 machines that means ~1400 connections with roughly half of them idle. That's a lot of freeable RAM should you suddenly need it. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message
Re: tuning for samba
On Wed, 10 Jul 2002, Darren Pilgrim wrote: Chad David wrote: A local company has been having issues with samba for some time (it kills an e250, and has seriously stressed an e5000) and I've been telling the admin (half seriously) that he should just toss it on a PC with FreeBSD. Well they finally got tired of hearing FreeBSD this and FreeBSD that and asked me to bring a box in if I was so confident... tomorrow morning at 9am. So, I'm building a new box tonight and was wondering if anybody has any tried and true tuning parameters for samba on -stable. They currently have ~700 users attached. The load per user is pretty low but just rebooting and handling the reconnects has killed small boxes. As a side note, the data being served will be attached to the samba server via NFS. The one thing I've seen kill a box besides the reboot-reconnect blast is content searches by the Windows Find dialog. All it takes is one user on a fast machine and network link doing the Windows equivalent of find / -name * -exec grep foo \{\} \; to run you out of file descriptors in a matter of seconds. Yes, Samba has to do readdir scans to simulate a case-insensitive file system on a case-sensitive file system. Samba uses a seperate process for each connection, and Windows opens one connection per share. Yes to the first claim, no to the second. Most definitely not. For a single client, windows puts all share access (net use, mounting, whatever you want to call it) over the single TCP connection to the server. The only time Windows will create a new connection is if you have given the server multiple NetBIOS names, and you use different NetBIOS names to access the share. For example, even if the NetBIOS names NB1 and NB2 translate to the same IP (10.10.10.10), if you do the following: net use f: \\nb1\share1 net use f: \\nb2\share1 the client will establish two different connections. However, that is the only way I know to get multiple connections from a client to a server. Even Terminal Server multiplexes multiple users over the one TCP connection. Most Windows users only work on one share at a time, so with two open shares on ~700 machines that means ~1400 connections with roughly half of them idle. That's a lot of freeable RAM should you suddenly need it. Nope, ~700 connections! Regards - Richard Sharpe, [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message
Re: tuning for samba
Richard Sharpe wrote: On Wed, 10 Jul 2002, Darren Pilgrim wrote: Samba uses a seperate process for each connection, and Windows opens one connection per share. Yes to the first claim, no to the second. Most definitely not. For a single client, windows puts all share access (net use, mounting, whatever you want to call it) over the single TCP connection to the server. You're right, sorry. I had gotten mixed up on the multiple connection issue because of my own configuration that results in one share per connection. Nope, ~700 connections! Even with just one connection per machine, though, you're still going to have a significant amount of swappable memory in idle smbd processes. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message
Re: tuning for samba
On Thu, 11 Jul 2002, Darren Pilgrim wrote: Richard Sharpe wrote: On Wed, 10 Jul 2002, Darren Pilgrim wrote: Samba uses a seperate process for each connection, and Windows opens one connection per share. Yes to the first claim, no to the second. Most definitely not. For a single client, windows puts all share access (net use, mounting, whatever you want to call it) over the single TCP connection to the server. You're right, sorry. I had gotten mixed up on the multiple connection issue because of my own configuration that results in one share per connection. Nope, ~700 connections! Even with just one connection per machine, though, you're still going to have a significant amount of swappable memory in idle smbd processes. Yes, I agree. Something that I would like to do more about by making sure that as much as possible is shared. Regards - Richard Sharpe, [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message
Re: tuning for samba
Richard Sharpe wrote: On Thu, 11 Jul 2002, Darren Pilgrim wrote: Richard Sharpe wrote: On Wed, 10 Jul 2002, Darren Pilgrim wrote: Samba uses a seperate process for each connection, and Windows opens one connection per share. Yes to the first claim, no to the second. Most definitely not. For a single client, windows puts all share access (net use, mounting, whatever you want to call it) over the single TCP connection to the server. You're right, sorry. I had gotten mixed up on the multiple connection issue because of my own configuration that results in one share per connection. Nope, ~700 connections! Even with just one connection per machine, though, you're still going to have a significant amount of swappable memory in idle smbd processes. Yes, I agree. Something that I would like to do more about by making sure that as much as possible is shared. At over 4MB per process (4252K each on my server), I should hope that most of it is already shared. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message
No suid crontab(1).
Hello there. On end of this post You got diif how to remove set-uid-root bit from crontab(1). What You think about it? Some directory and files perms changes: leila:root:~# ls -l /usr/bin/crontab -r-xr-sr-x 1 root crontab 24804 11 Lip 12:37 /usr/bin/crontab leila:root:~# ls -ld /var/cron drwxr-x--- 3 root crontab 512 22 Maj 2001 /var/cron leila:root:~# ls -l /var/cron total 3 -rw-r- 1 root crontab5 11 Lip 12:33 allow -rw-r- 1 root crontab6 11 Lip 12:33 deny drwxrwx--- 2 root crontab 512 11 Lip 12:37 tabs leila:root:~# ls -lo /var/cron/tabs total 3 rw 1 giaur crontab uchg 254 11 Lip 12:23 giaur rw 1 nick crontab uchg 255 11 Lip 12:37 nick -rw--- 1 root crontab uchg 274 11 Lip 12:03 root Of course You have to have crontab group defined in Your /etc/group. If crontab will be broken, attacker can change ONLY his own file, cause of uchg flags on files (yes, uchg, not schg, couse of securelevel). Attacker can't remove any files too cause of uchg too in spite of he has gid of directory /var/cron/tabs owner. Oke, here You got patch: 11 Lip 12:36 2002 diff -lu /usr/src/usr.sbin/cron/crontab/Makefile projects/crontab/Makefile Page 1 --- /usr/src/usr.sbin/cron/crontab/Makefile Wed Apr 25 14:09:24 2001 +++ projects/crontab/Makefile Thu Jul 11 12:25:06 2002 @@ -8,7 +8,8 @@ BINDIR=/usr/bin BINOWN=root -BINMODE=4555 +BINGRP=crontab +BINMODE=2555 INSTALLFLAGS=-fschg .include bsd.prog.mk 11 Lip 12:36 2002 diff -lu /usr/src/usr.sbin/cron/crontab/crontab.c projects/crontab/crontab.c Page 1 --- /usr/src/usr.sbin/cron/crontab/crontab.cSat Jun 16 05:18:37 2001 +++ projects/crontab/crontab.c Thu Jul 11 12:36:23 2002 @@ -101,7 +101,6 @@ setlinebuf(stderr); #endif parse_args(argc, argv); /* sets many globals, opens a file */ - set_cron_uid(); set_cron_cwd(); if (!allowed(User)) { warnx(you (%s) are not allowed to use this program, User); @@ -280,7 +279,7 @@ log_it(RealUser, Pid, DELETE, User); (void) sprintf(n, CRON_TAB(User)); - if (unlink(n)) { + if (chflags(n, 0) || unlink(n)) { if (errno == ENOENT) errx(ERROR_EXIT, no crontab for %s, User); else @@ -328,14 +327,6 @@ goto fatal; } (void) umask(um); -#ifdef HAS_FCHOWN - if (fchown(t, getuid(), getgid()) 0) { -#else - if (chown(Filename, getuid(), getgid()) 0) { -#endif - warn(fchown); - goto fatal; - } if (!(NewCrontab = fdopen(t, r+))) { warn(fdopen); goto fatal; @@ -402,8 +393,8 @@ goto fatal; case 0: /* child */ - if (setuid(getuid()) 0) - err(ERROR_EXIT, setuid(getuid())); + if (setgid(getgid()) 0) + err(ERROR_EXIT, setgid(getgid())); if (chdir(/tmp) 0) err(ERROR_EXIT, chdir(/tmp)); if (strlen(editor) + strlen(Filename) + 2 = MAX_TEMPSTR) @@ -493,7 +484,7 @@ replace_cmd() { charn[MAX_FNAME], envstr[MAX_ENVSTR], tn[MAX_FNAME]; FILE*tmp; - int ch, eof; + int ch, eof, perm; entry *e; time_t now = time(NULL); char**envp = env_init(); @@ -563,24 +554,18 @@ return (-1); 11 Lip 12:36 2002 diff -lu /usr/src/usr.sbin/cron/crontab/crontab.c projects/crontab/crontab.c Page 2 } -#ifdef HAS_FCHOWN - if (fchown(fileno(tmp), ROOT_UID, -1) OK) -#else - if (chown(tn, ROOT_UID, -1) OK) -#endif - { - warn(chown); - fclose(tmp); unlink(tn); - return (-2); - } - + if (getuid() == ROOT_UID) + perm = 0600; + else + perm = 0060; + #ifdef HAS_FCHMOD - if (fchmod(fileno(tmp), 0600) OK) + if (fchmod(fileno(tmp), perm) OK) #else - if (chmod(tn, 0600) OK) + if (chmod(tn, perm) OK) #endif { - warn(chown); + warn(chmod); fclose(tmp); unlink(tn); return (-2); } @@ -592,11 +577,19 @@ } (void) sprintf(n, CRON_TAB(User)); + chflags(n, 0); if (rename(tn, n)) { warn(error renaming %s to %s, tn, n); unlink(tn); return (-2); } + if (chflags(n, UF_IMMUTABLE) OK) + { + warn(chflags); + unlink(n); + return (-2); + } + log_it(RealUser, Pid, REPLACE, User); poke_daemon(); -- Pawel Jakub Dawidek UNIX Systems Administrator http://garage.freebsd.pl Am I Evil? Yes, I Am. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the
Re: No suid crontab(1).
I forgot, that should be always an empty file root in /var/cron/tabs and files of all users if we don't want to gives attacker their rights. But I think the best way is to change cron(8) that it will be check file owner. -- Pawel Jakub Dawidek UNIX Systems Administrator http://garage.freebsd.pl Am I Evil? Yes, I Am. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message
Re: IDE EIDE ATAPI Low Level Format tools by vendor
Thus spake Terry Lambert [EMAIL PROTECTED]: Feel free to add to this list, and repost, to capture in the list archive. Excellent! Adding an untested Quantum tool to the list. I really could have used this last week, but couldn't find it until I followed the Maxtor link you gave. Doh! Seagate DiscWizard: http://www.seagate.com/support/kb/disc/low_level_ata.html Maxtor LLFUTIL.EXE: http://www.maxtor.com/SoftwareDownload/utilities.html Quantum PowerMax: http://www.maxtor.com/Quantum/support/csr/software/softmenu.htm Western Digital Data Lifeguard Tools: http://support.wdc.com/download/index.asp IBM Drive Fitness Test (also available as a Linux Binary): http://www.storage.ibm.com/hdd/support/download.htm Samsung Clearhdd.exe (not satisfying; they claim it lasts a lifetime): http://www.samsungelectronics.com/hdd/support/faqs/faq_1320.html Hitachi (also not satisfying; they claim it last's a lifetime): http://www.hitachi.com/opstore/opstoretech/01ustech/02hddsupport/faqhdd/ To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message
security jobs
Hi Hackers... Recently, (this past Sunday), I CVS-upped my 4.5-STABLE to 4.6-STABLE. Everything is fine, except one thing... The security check jobs no longer run at 2:00 AM like they used to. I checked all the settings in /etc/periodic and also in root's crontab, and can't find anything wrong. Here's the strange part. From the #, I can type: periodic daily and in about 30 seconds get an email with the security reports. However, the same line in crontab, sends me an email: periodic not found. Can anyone shed some light on this? Thanks Peter -- Peter Elsner [EMAIL PROTECTED] Vice President Of Customer Service (And System Administrator) 1835 S. Carrier Parkway Grand Prairie, Texas 75051 (972) 263-2080 - Voice (972) 263-2082 - Fax (972) 489-4838 - Cell Phone (425) 988-8061 - eFax Unix IS user friendly... It's just selective about who its friends are. System Administration - It's a dirty job, but somebody said I had to do it. If you receive something that says 'Send this to everyone you know, pretend you don't know me. Standard $500/message proofreading fee applies for UCE.
Re: security jobs
Peter Elsner (peter) writes: Here's the strange part. From the #, I can type: periodic daily and in about 30 seconds get an email with the security reports. However, the same line in crontab, sends me an email: periodic not found. Do you have /usr/sbin in the PATH statement ? Look in the beginning of your crontab file, you should have something like: PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin -- Best Regards, Michael Landin Hostbaek FreeBSDCluster.org - an International Community */ PGP-key available upon request /* To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message
IN NEED OF HELP
FAX: 27-731485293. ATTN: THE MANAGING DIRECTOR/C. E. O. TEL:27-825087950. DEAR SIR/MADAM, BUSINESS TRANSACTION. MY NAME IS MIKENA DUBELA THE SON OF DR MOSES DUBE, ONE OF THE GREAT FARMERS IN ZIMBABWE. MY FATHER HAPPENS TO BE ONE OF THE OPPONENTS OF THE PRESIDENT OF ZIMBABWE [ROBERT MUGABE] IN HIS POLITICAL AMBITIONS TO REMAIN IN POWER FOREVER, BECAUSE OF THIS, MY FATHER'S FARM WAS BURNT DOWN AND THE WHOLE ASSETS WAS LOOTED WHILE MY FATHER LOST HIS LIFE. WHEN WE DISCOVERED THAT OUR LIVES WAS NO LONGER SAFE IN ZIMBABWE, MY MOTHER AND I DECIDED TO FLEE TO SOUTH AFRICA WITH THE MONEY MY FATHER HID AWAY IN MY MOTHER'S HOUSE. THIS MONEY, WHICH IS OUR ONLY HOPE OF SURVIVING IS US$16.5M [SIXTEEN MILLION FIVE HUNDRED THOUSAND UNITED STATES DOLLARS ]. THIS MONEY IS NOW DEPOSITED IN A FINANCE SECURITY COMPANY AS A BOX OF VALUABLE CONTAINING JEWELERIES, TO AVOID SABOTAGE. NOW, MY REFUGEE STATUS IN SOUTH AFRICA DOES NOT ALLOW ME TO HAVE A BANK ACCOUNT OR EMBARK ON ANY INVESTMENT AND AGAIN, THE CLOSENESS OF ZIMBABWE TO SOUTH AFRICA DOES NOT MAKE US FEEL VERY SAFE. I WANT YOUR HELP TO ASSIST ME MOVE THIS MONEY OUT OF SOUTH AFRICA TO YOUR FOREIGN ACCOUNTSO THAT I WILL COME OVER THERE TO YOUR COUNTRYTO INVEST THE MONEY. I, SURELY WILL REWARD YOUR EFFORT WITH 25% OF THE TOTAL AMOUNTWHILE 5% WILL COVER THE EXPENSES THAT MAY ARISE IN THE PROCESS OF THE TRANSFER OF THE MONEY. THOUGH, THERE IS NO RISK IN THIS BUSINESS BUT MAKE SURE THAT YOU DON'T DISCUSS THIS TRANSACTION WITH ANYONE. BEST REGARDS, MIKENA DUBELA. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message
Re: tuning for samba
On Thu, Jul 11, 2002 at 12:33:30AM -0700, Darren Pilgrim wrote: Richard Sharpe wrote: On Thu, 11 Jul 2002, Darren Pilgrim wrote: Richard Sharpe wrote: On Wed, 10 Jul 2002, Darren Pilgrim wrote: ... Even with just one connection per machine, though, you're still going to have a significant amount of swappable memory in idle smbd processes. Yes, I agree. Something that I would like to do more about by making sure that as much as possible is shared. At over 4MB per process (4252K each on my server), I should hope that most of it is already shared. With my testing last night, 350 clients each writing used ~700M of cache (with was the data being writen) and only ~100M of active memory. There was only a nominal amount swapped (probably getty and friends), so the number of shared pages is actually quite high with ~2.1M of resident mem showing for each process. If it were otherwise I would have quickly burned the 1G in the test server. The only thing I managed to exhaust was mbuf clusters, and that was on the clients first and finally on the server after a bit. Thanks to everybody for their input and suggestions, and I'll let you know how it works in the wild :). -- Chad David[EMAIL PROTECTED] www.FreeBSD.org [EMAIL PROTECTED] ACNS Inc. Calgary, Alberta Canada To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message
Re: A question about S/390 port
Apparently, On Thu, Jul 11, 2002 at 09:11:47AM +0400, Serguei Tzukanov said words to the effect of; On Thursday 11 July 2002 02:45, Jake Burkholder wrote: I think this is because your console driver (hc) doesn't have a tty interface, just the low level cn* stuff. If you look at the ofw_console driver, it provides a rudimentary tty interface using polling and cngetc, cnputc equivalents. Hm, what about /dev/console (tty_cons)? I put into /etc/ttys line console /usr/libexec/getty std.1200 vt100 on secure. Where exactly in init are you trying to print? If you're in the single_user function, you can only use stdio in the forked child after it calls setctty. Before that you have to open an fd on /dev/console yourself and write(2) to it, or call login_tty on it which dups the standard descriptors from it. I don't know if starting a getty on /dev/console will work, but in any case this doesn't happen until you go multi-user, iirc this line is only used for the secure keyword. Jake To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message
Re: security jobs
I didn't have that line, but I also never had that line in my crontab file in the past, and the security jobs ran fine. Just for giggles, I added it. Checked my mail after it should have run, and nothing... At 03:50 PM 7/11/2002 +0200, you wrote: Peter Elsner (peter) writes: Here's the strange part. From the #, I can type: periodic daily and in about 30 seconds get an email with the security reports. However, the same line in crontab, sends me an email: periodic not found. Do you have /usr/sbin in the PATH statement ? Look in the beginning of your crontab file, you should have something like: PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin -- Best Regards, Michael Landin Hostbaek FreeBSDCluster.org - an International Community */ PGP-key available upon request /* To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message -- Peter Elsner [EMAIL PROTECTED] Vice President Of Customer Service (And System Administrator) 1835 S. Carrier Parkway Grand Prairie, Texas 75051 (972) 263-2080 - Voice (972) 263-2082 - Fax (972) 489-4838 - Cell Phone (425) 988-8061 - eFax Unix IS user friendly... It's just selective about who its friends are. System Administration - It's a dirty job, but somebody said I had to do it. If you receive something that says 'Send this to everyone you know, pretend you don't know me. Standard $500/message proofreading fee applies for UCE.
Re: A question about S/390 port
On Thursday 11 July 2002 18:43, Jake Burkholder wrote: Where exactly in init are you trying to print? If you're in the single_user function, you can only use stdio in the forked child after it calls setctty. Before that you have to open an fd on /dev/console yourself and write(2) to it, or call login_tty on it which dups the standard descriptors from it. I don't know if starting a getty on /dev/console will work, but in any case this doesn't happen until you go multi-user, iirc this line is only used for the secure keyword. Problem is solved, I made as you'd said earlier: fixed hc to support tty interface. Right now I'm debugging sh crushing with sig 11. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message
Re: security jobs
Peter Elsner (peter) writes: I didn't have that line, but I also never had that line in my crontab file in the past, and the security jobs ran fine. Just for giggles, I added it. Checked my mail after it should have run, and nothing... Did you run mergemaster(8) after installworld ? Besides, this sort of question should be for -hackers, but for [EMAIL PROTECTED], or perhaps [EMAIL PROTECTED] Let us move it there... -- Best Regards, Michael Landin Hostbaek FreeBSDCluster.org - an International Community */ PGP-key available upon request /* To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message
Re: Non suid crontab(1).
On Thu, Jul 11, 2002 at 01:03:56PM +0200, Pawel Jakub Dawidek wrote: http://garage.freebsd.pl/crontab.diff http://garage.freebsd.pl/crontab.README.eng There You got updated patch, added chroot() to /var/cron as soon as possbile and fixed note about permissions, for users files should be: leila:root:~# ls -lo /var/cron/tabs total 3 -r--rw 1 giaur crontab uchg 254 11 Lip 12:23 giaur -r--rw 1 nick crontab uchg 255 11 Lip 12:37 nick -rw--- 1 root crontab uchg 274 11 Lip 12:03 root PS. I'm still waiting for ANY comments:) -- Pawel Jakub Dawidek UNIX Systems Administrator http://garage.freebsd.pl Am I Evil? Yes, I Am. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message
Re: termios guru ?
On Wed, Jul 10, 2002 at 09:13:18PM -0700, bruno schwander wrote: I making a port (not much really) of Irit (http://www.cs.technion.ac.il/~irit/) a modelling environment. I am having some problems with terminal handling, so all termios guru out there, please help ! :-) That's what I did for a terminal programm to setup the controlling tty: void settty(void) { struct termios buf; if (tcgetattr(STDIN_FILENO, save_termios) 0) { printf(tcgetattr failed: %s\n, strerror(errno)); exit (1); } memcpy(buf, save_termios, sizeof(buf)); buf.c_lflag = ~(ECHO | ICANON | IEXTEN | ISIG); buf.c_iflag = ~(ICRNL | INPCK | ISTRIP | IXON); buf.c_cflag = ~(CSIZE | PARENB); buf.c_cflag |= CS8; buf.c_oflag = ~OPOST; buf.c_cc[VMIN] = 1; buf.c_cc[VTIME] = 0; if (tcsetattr(STDIN_FILENO, TCSAFLUSH, buf) 0) { printf(tcsetattr failed: %s\n, strerror(errno)); exit (1); } ttyset = 1; return; } At stratup, irit does the following Termio.c_cc[VEOF] = 0; /* MIN = 0, no minimal length to wait for. */ Termio.c_cc[VEOL] = 1; /* TIME - 1 tenth of a second as time o Setting VEOL or VEOF with disabled ICANON is senseless. which seems wrong, I think it should be Termio.c_cc[VMIN] = 0; /* MIN = 0, no minimal length to wait for. */ Termio.c_cc[VTIME] = 1; /* TIME - 1 tenth of a second as time o then later: Termio.c_lflag = ~ICANON; Sparse initialisation may require specific defaults to work. basically, irit wants to manage line editing itself, to manage the irit command prompt. There is some code doing the ^A, ^H, etc handling and line printing, and reading periodically stdin. What I see happening, is that usually at the very beginning, input seems locked. Running in the debugger, I see that characters are fgetc'ed periodically, but fgetc always returns -1 even when there should be characters available. I then tried using fcntl(0, F_SETFL, O_NONBLOCK) instead of the above 2 lines. which I thought would do the right thing, ie: non blocking IO, but anything available from stdin is buffered and provided on the next read. This works, however I am seeing something strange on stdout now: when outputting lots of lines, outputs stalls after a few dozen lines. Adding a usleep between each fwrite() solves the problem but slows it all down... (and is inherently wrong) I'm not shure if nonblocking or character mode is compatible with stdio. I always used direct io in such cases. What is going on here ? I do not understand very well all the terminal/IO discipline here. I agree that this is all bad design, and should probably multithread or use select() but I am not Irit's author... -- B.Walter COSMO-Project http://www.cosmo-project.de [EMAIL PROTECTED] Usergroup [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message
Re: Motherboard temperature sensing
On Tue, 9 Jul 2002, Julian Elischer wrote: I haven't been following this so now naturally it becomes important.. anyone have good pointers? If you're looking at server machines with IPMI I have some tools that can query the temperature sensors. Doug White| FreeBSD: The Power to Serve [EMAIL PROTECTED] | www.FreeBSD.org To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message
Re: terminfo/termcap and cygwin
Alex Dupre wrote: Wednesday, July 10, 2002, 10:22:22 PM, you wrote: TL Sounds like Cygwin's terminal program fails to correctly implement TL the ANSI 3.64 standard. Could you use an ANSI 3.64 standard terminal, TL instead? Windows Telnet is standards compliant, for example. I can use other terminals, usually from windows machines I use putty that works good, but I'd like a working cygwin, too. Cygwin problem. I'd like a working Microsoft Windows. 8-). Thanks for your suggestions. I tried to replace the cygwin termcap entry with the one included in cygwin and many problems disappeared, but not all. TL Actually, if you do a search for: TL termcap entry test program TL You should be able to quickly identify what's wrong with your TL termcap entry, or if it's actually another Cygwin bug. Can you give me more details on this test program, pls? I couldn't find it. It's included in the ncurses package. There's also one called aC that's included with the O'Reilly Termcap and Terminfo book, and there are three or four of them in the comp.unix.sources archives (if I remember correctly, Archive #27 has one of them). Basically, you run it, and then step through it, and it tells you should see, and if you don't see what it tells you you should see, then you correct your termcap entry so that the output becomes more correct. It will test things like AM and AW, etc., which are common places implementations of termcap entries are broken. -- TErry To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message
Re: termios guru ?
On Wed, Jul 10, 2002 at 09:13:18PM -0700, bruno schwander wrote: I making a port (not much really) of Irit (http://www.cs.technion.ac.il/~irit/) a modelling environment. I am having some problems with terminal handling, so all termios guru out there, please help ! :-) At stratup, irit does the following Termio.c_cc[VEOF] = 0; /* MIN = 0, no minimal length to wait for. */ Termio.c_cc[VEOL] = 1; /* TIME - 1 tenth of a second as time o which seems wrong, I think it should be Termio.c_cc[VMIN] = 0; /* MIN = 0, no minimal length to wait for. */ Termio.c_cc[VTIME] = 1; /* TIME - 1 tenth of a second as time o VMIN == VEOF and VTIME == VEOL. then later: Termio.c_lflag = ~ICANON; take a look at cfmakeraw(3) which is BSD specific, but that's not important since it's a port *to* BSD :) more +/cfmakeraw /usr/src/lib/libc/gen/termios.c cfmakeraw(t) struct termios *t; { t-c_iflag = ~(IMAXBEL|IXOFF|INPCK|BRKINT|PARMRK|ISTRIP|INLCR|IGNCR|ICRNL|IXON|IGNPAR); t-c_iflag |= IGNBRK; t-c_oflag = ~OPOST; t-c_lflag = ~(ECHO|ECHOE|ECHOK|ECHONL|ICANON|ISIG|IEXTEN|NOFLSH|TOSTOP|PENDIN); t-c_cflag = ~(CSIZE|PARENB); t-c_cflag |= CS8|CREAD; t-c_cc[VMIN] = 1; t-c_cc[VTIME] = 0; } so, a short answer could be, as Bernd Walter suggested : int settty(raw) int raw; { static int init; static struct termios old; struct termios buf, *new; if (!init) { if (tcgetattr(STDIN_FILENO, old) 0) { printf(tcgetattr failed: %s\n, strerror(errno)); return(1); } init++; } if (raw) { if (init 2) { cfmakeraw(buf); init++; } new = buf; } else new = old; if (tcsetattr(STDIN_FILENO, TCSAFLUSH, new) 0) { printf(tcsetattr failed: %s\n, strerror(errno)); return(1); } return(0); } Cyrille. -- Cyrille Lefevre mailto:[EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message
Re: termios guru ?
thanks, I see the idea but cfmakeraw has some other effects... newlines output by the program are not translated, etc. My main program now is the VMIN/VTIME stuff. The way irit tries to use is, is basically to be able to do async stdin reading, but this does not work. Whenever I try those settings, no input is ever read by the program. It fgetc() constantly returns -1. Any idea why ? bruno On Thu, 11 Jul 2002, Cyrille Lefevre wrote: On Wed, Jul 10, 2002 at 09:13:18PM -0700, bruno schwander wrote: I making a port (not much really) of Irit (http://www.cs.technion.ac.il/~irit/) a modelling environment. I am having some problems with terminal handling, so all termios guru out there, please help ! :-) At stratup, irit does the following Termio.c_cc[VEOF] = 0; /* MIN = 0, no minimal length to wait for. */ Termio.c_cc[VEOL] = 1; /* TIME - 1 tenth of a second as time o which seems wrong, I think it should be Termio.c_cc[VMIN] = 0; /* MIN = 0, no minimal length to wait for. */ Termio.c_cc[VTIME] = 1; /* TIME - 1 tenth of a second as time o VMIN == VEOF and VTIME == VEOL. then later: Termio.c_lflag = ~ICANON; take a look at cfmakeraw(3) which is BSD specific, but that's not important since it's a port *to* BSD :) more +/cfmakeraw /usr/src/lib/libc/gen/termios.c cfmakeraw(t) struct termios *t; { t-c_iflag = ~(IMAXBEL|IXOFF|INPCK|BRKINT|PARMRK|ISTRIP|INLCR|IGNCR|ICRNL|IXON|IGNPAR); t-c_iflag |= IGNBRK; t-c_oflag = ~OPOST; t-c_lflag = ~(ECHO|ECHOE|ECHOK|ECHONL|ICANON|ISIG|IEXTEN|NOFLSH|TOSTOP|PENDIN); t-c_cflag = ~(CSIZE|PARENB); t-c_cflag |= CS8|CREAD; t-c_cc[VMIN] = 1; t-c_cc[VTIME] = 0; } so, a short answer could be, as Bernd Walter suggested : int settty(raw) int raw; { static int init; static struct termios old; struct termios buf, *new; if (!init) { if (tcgetattr(STDIN_FILENO, old) 0) { printf(tcgetattr failed: %s\n, strerror(errno)); return(1); } init++; } if (raw) { if (init 2) { cfmakeraw(buf); init++; } new = buf; } else new = old; if (tcsetattr(STDIN_FILENO, TCSAFLUSH, new) 0) { printf(tcsetattr failed: %s\n, strerror(errno)); return(1); } return(0); } Cyrille. -- Cyrille Lefevre mailto:[EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message
Re: No suid crontab(1).
On Thu, Jul 11, 2002 at 12:52:14PM +0200, Pawel Jakub Dawidek wrote: [snip] @@ -592,11 +577,19 @@ } (void) sprintf(n, CRON_TAB(User)); + chflags(n, 0); please, backup old flags such as (oflags = chflags(n, 0)) since you don't know if only UF_IMMUTABLE is used. if (rename(tn, n)) { warn(error renaming %s to %s, tn, n); unlink(tn); return (-2); } then chflags(oflags|UF_IMMUTABLE). + if (chflags(n, UF_IMMUTABLE) OK) + { + warn(chflags); + unlink(n); + return (-2); + } + log_it(RealUser, Pid, REPLACE, User); poke_daemon(); does this work w/ `sysctl kern.securelevel' 0 ? # man init 1 Secure mode - the system immutable and system append-only flags may ^^^ not be turned off; disks for mounted filesystems, /dev/mem, and ^ /dev/kmem may not be opened for writing; kernel modules (see kld(4)) may not be loaded or unloaded. I guess no. Cyrille. -- Cyrille Lefevre mailto:[EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message
Re: Non suid crontab(1).
On Thu, Jul 11, 2002 at 05:07:12PM +0200, Pawel Jakub Dawidek wrote: On Thu, Jul 11, 2002 at 01:03:56PM +0200, Pawel Jakub Dawidek wrote: http://garage.freebsd.pl/crontab.diff http://garage.freebsd.pl/crontab.README.eng PS. I'm still waiting for ANY comments:) done, but if you want your change be integrated to FreeBSD, you'll have to submit a PR (man send-pr). Cyrille. -- Cyrille Lefevre mailto:[EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message
Old libtool.
Anyone have any ideas [when|if] the libtool in ports will be updated? It's preventing me from compiling CVS of various things, such as gaim, py-gtk, and other non-GNOME things as well. TIA for the info, and best regards. Chris Nehren To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message
Re: No suid crontab(1).
On Fri, Jul 12, 2002 at 12:08:44AM +0200, Cyrille Lefevre wrote: + please, backup old flags such as (oflags = chflags(n, 0)) since + you don't know if only UF_IMMUTABLE is used. + But this files should have ONLY UF_IMMUTABLE, I think... + does this work w/ `sysctl kern.securelevel' 0 ? + Yes, it does. I'm using uchg, not schg flags. -- Pawel Jakub Dawidek UNIX Systems Administrator http://garage.freebsd.pl Am I Evil? Yes, I Am. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message
CDR performance
Just thought I'd report that using cdrecord on a netserver 5 with SCSI2 bus, I can do 8 CDs at 4 speed, 7 at 6 speed and 4 or 5 at 8 speed. It will start fine with 8, but after a few seconds I get bus errors and a few new coasters pop out. I've tried staggering startup a few seconds, but the best I can do is go from 4 bad ones to 3 bad ones. I'm thinking if I had something other than a p100 with all of 64M ram things would work a little better. Still, a nice way to save the $499 license fee that a nero windows license would cost to burn 8 CDs. Thanks for the help, Keith To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message
Re: CDR performance
:Just thought I'd report that using cdrecord on a netserver 5 with SCSI2 bus, :I can do 8 CDs at 4 speed, 7 at 6 speed and 4 or 5 at 8 speed. It will start fine :with 8, but after a few seconds I get bus errors and a few new coasters pop :out. I've tried staggering startup a few seconds, but the best I can do is :go from 4 bad ones to 3 bad ones. : :I'm thinking if I had something other than a p100 with all of 64M ram things :would work a little better. : :Still, a nice way to save the $499 license fee that a nero windows license :would cost to burn 8 CDs. : :Thanks for the help, : :Keith Wow, that's excellent news Keith! I'm amazed that you were able to get it to work so well with such an old box. -Matt Matthew Dillon [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message
Re: CDR performance
Keith Pitcher wrote: Just thought I'd report that using cdrecord on a netserver 5 with SCSI2 bus, I can do 8 CDs at 4 speed, 7 at 6 speed and 4 or 5 at 8 speed. It will start fine with 8, but after a few seconds I get bus errors and a few new coasters pop out. I've tried staggering startup a few seconds, but the best I can do is Re. coasters, cdrecord -dummy will reduce cost to your pocket environment. Julian Stacey Computer Sys. Eng. Unix Consultant, Munich Ihr Rauchen = mein allergischer Kopfschmerz ! Schnupftabak probieren. 7000 Free programs: http://www.freebsd.org/ports/ To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message
Re: termios guru ?
bruno schwander wrote: thanks, I see the idea but cfmakeraw has some other effects... newlines output by the program are not translated, etc. My main program now is the VMIN/VTIME stuff. The way irit tries to use is, is basically to be able to do async stdin reading, but this does not work. Whenever I try those settings, no input is ever read by the program. It fgetc() constantly returns -1. Any idea why ? In noncanonical mode input processing, input bytes are not assembled into lines, and erase and kill processing does not occur. The values of the VMIN and VTIME members of the c_cc array are used to determine how to process the bytes received. MIN represents the minimum number of bytes that should be received when the read(2) function successfully returns. TIME is a timer of 0.1 second granularity that is used to time out bursty and short term data transmis- sions. If MIN is greater than { MAX_INPUT}, the response to the request is undefined. The four possible values for MIN and TIME and their inter- actions are described below. What's MAX_INPUT set to? Try running: system(stty -a); From your program, after you set the terminal modes, to make sure you set them correctly. Make sure you are using termios, not termio. See also the source code to raw(3) and cbreak(3) in the curses library source code. -- Terry To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message
Re: termios guru ?
bruno schwander wrote: thanks, I see the idea but cfmakeraw has some other effects... newlines output by the program are not translated, etc. To get rid of the raw output effects, remove the line t-c_oflag = ~OPOST; My main program now is the VMIN/VTIME stuff. The way irit tries to use is, is basically to be able to do async stdin reading, but this does not work. Whenever I try those settings, no input is ever read by the program. It fgetc() constantly returns -1. Any idea why ? bruno On Thu, 11 Jul 2002, Cyrille Lefevre wrote: On Wed, Jul 10, 2002 at 09:13:18PM -0700, bruno schwander wrote: I making a port (not much really) of Irit (http://www.cs.technion.ac.il/~irit/) a modelling environment. I am having some problems with terminal handling, so all termios guru out there, please help ! :-) At stratup, irit does the following Termio.c_cc[VEOF] = 0; /* MIN = 0, no minimal length to wait for. */ Termio.c_cc[VEOL] = 1; /* TIME - 1 tenth of a second as time o which seems wrong, I think it should be Termio.c_cc[VMIN] = 0; /* MIN = 0, no minimal length to wait for. */ Termio.c_cc[VTIME] = 1; /* TIME - 1 tenth of a second as time o VMIN == VEOF and VTIME == VEOL. On SysV but not guaranteed to be so on every system. In fact, if we look in the FreeBSD /usr/include/sys/termios.h we can see: #define VEOF0 /* ICANON */ #define VEOL1 /* ICANON */ #define VMIN16 /* !ICANON */ #define VTIME 17 /* !ICANON */ No wonder that it does not work. -SB To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message
Bad vnode causing crash in 4.x
I've been suffering infrequent system crashes when running ange-ftp under emacs for some time and finally have a crash dump from a kernel with symbols. This crash dump was on 4.6-stable, though I've seen the bug off and on for at least a year. All the crashes have the following characteristic: Fatal trap 12: page fault while in kernel mode fault virtual address = 0x10 fault code = supervisor read, page not present instruction pointer = 0x8:0xc01ae331 stack pointer = 0x10:0xd7c9eed8 frame pointer = 0x10:0xd7c9eedc code segment= base 0x0, limit 0xf, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags= interrupt enabled, resume, IOPL = 0 current process = 36349 (ftp) interrupt mask = none trap number = 12 panic: page fault (kgdb) where #0 dumpsys () at /usr/src/sys/kern/kern_shutdown.c:487 #1 0xc017fd2f in boot (howto=256) at /usr/src/sys/kern/kern_shutdown.c:316 #2 0xc0180154 in poweroff_wait (junk=0xc02f668c, howto=-1070636625) at /usr/src/sys/kern/kern_shutdown.c:595 #3 0xc02a3cce in trap_fatal (frame=0xd7c9ee98, eva=16) at /usr/src/sys/i386/i386/trap.c:966 #4 0xc02a39a1 in trap_pfault (frame=0xd7c9ee98, usermode=0, eva=16) at /usr/src/sys/i386/i386/trap.c:859 #5 0xc02a358b in trap (frame={tf_fs = -676790256, tf_es = -676790256, tf_ds = -674693104, tf_edi = -676731680, tf_esi = 1, tf_ebp = -674631972, tf_isp = -674631996, tf_ebx = 0, tf_edx = -674631932, tf_ecx = 47, tf_eax = -674575552, tf_trapno = 12, tf_err = 0, tf_eip = -1071979727, tf_cs = 8, tf_eflags = 66118, tf_esp = -1038362816, tf_ss = -674631960}) at /usr/src/sys/i386/i386/trap.c:458 #6 0xc01ae331 in vop_revoke (ap=0xd7c9ef04) at /usr/src/sys/kern/vfs_subr.c:1965 #7 0xc01aace9 in vop_defaultop (ap=0xd7c9ef04) at /usr/src/sys/kern/vfs_default.c:150 #8 0xc0178381 in exit1 (p=0xd7a9e4e0, rv=0) at vnode_if.h:500 #9 0xc01780e4 in exit1 (p=0xd7a9e4e0, rv=0) at /usr/src/sys/kern/kern_exit.c:103 #10 0xc02a3f7d in syscall2 (frame={tf_fs = 47, tf_es = 47, tf_ds = 47, tf_edi = 0, tf_esi = -1, tf_ebp = -1077939936, tf_isp = -674631724, tf_ebx = 672471396, tf_edx = 672470976, tf_ecx = 1, tf_eax = 1, tf_trapno = 7, tf_err = 2, tf_eip = 672154536, tf_cs = 31, tf_eflags = 647, tf_esp = -1077939980, tf_ss = 47}) at /usr/src/sys/i386/i386/trap.c:1167 #11 0xc0297f05 in Xint0x80_syscall () Cannot access memory at address 0xbfbff120. The final problem before the crash is a reference to page 0 in vop_revoke because dev is 0. The vop_revoke_args struct (ap) appears to be filled in, but v_type is VBAD and a_vp-v_un.vu_spec.vu_specinfo (which is assigned to dev in vop_revoke) is 0. Here is the whole data structure: (kgdb) p *((struct vop_revoke_args *) 0xd7c9ef04)-a_desc $1 = {vdesc_offset = 47, vdesc_name = 0xc02bff86 vop_revoke, vdesc_flags = 0, vdesc_vp_offsets = 0xc0300664, vdesc_vpp_offset = -1, vdesc_cred_offset = -1, vdesc_proc_offset = -1, vdesc_componentname_offset = -1, vdesc_transports = 0x0} (kgdb) p *((struct vop_revoke_args *) 0xd7c9ef04)-a_vp $2 = {v_flag = 8, v_usecount = 1, v_writecount = 0, v_holdcnt = 0, v_id = 18538, v_mount = 0x0, v_op = 0xc1de6500, v_freelist = { tqe_next = 0x0, tqe_prev = 0xd660a29c}, v_nmntvnodes = { tqe_next = 0x0, tqe_prev = 0xd7c59824}, v_cleanblkhd = { tqh_first = 0x0, tqh_last = 0xd7cacb6c}, v_dirtyblkhd = { tqh_first = 0x0, tqh_last = 0xd7cacb74}, v_synclist = { le_next = 0x0, le_prev = 0x0}, v_numoutput = 0, v_type = VBAD, v_un = {vu_mountedhere = 0x0, vu_socket = 0x0, vu_spec = { vu_specinfo = 0x0, vu_specnext = {sle_next = 0x0}}, vu_fifoinfo = 0x0}, v_lease = 0x0, v_lastw = 0, v_cstart = 0, v_lasta = 0, v_clen = 0, v_object = 0x0, v_interlock = { lock_data = 0}, v_vnlock = 0x0, v_tag = VT_NON, v_data = 0x0, v_cache_src = {lh_first = 0x0}, v_cache_dst = {tqh_first = 0x0, tqh_last = 0xd7cacbc0}, v_dd = 0xd7cacb40, v_ddid = 0, v_pollinfo = {vpi_lock = {lock_data = 0}, vpi_selinfo = {si_pid = 0, si_note = {slh_first = 0x0}, si_flags = 0}, vpi_events = 0, vpi_revents = 0}, v_vxproc = 0x0} Any suggestions? This seems to be triggered when ange-ftp mode in emacs is left sitting for hours without either it or emacs running. I assume exit() is called for the ftp process because the remote side hung up. Just having the remote side hang up isn't enough to trigger it though. I often have the remote side hang up after a few minutes and ange-ftp reconnects. This seems to happen only after the process sits around. The machine is relatively idle, too. The probability that any swap is involved is quite low. -Michael To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message
Report to Sender
Incident Information:- Database: d:/notes/data/mail2.box Originator: hackers [EMAIL PROTECTED] Recipients: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject:Hello,let's be friends Date/Time: 07/11/2002 08:56:34 PM The file attachment target.scr you sent to the recipients listed above was infected with the W32/Klez.h@MM virus and was not successfully cleaned. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message
Request for submissions: FreeBSD Bi-Monthly Development Status Report (fwd)
Just a reminder that the deadline is on July 19; please submit status reports as soon as possible, thanks! Robert N M Watson FreeBSD Core Team, TrustedBSD Projects [EMAIL PROTECTED] Network Associates Laboratories -- Forwarded message -- Date: Mon, 8 Jul 2002 19:23:02 -0400 (EDT) From: Robert Watson [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Request for submissions: FreeBSD Bi-Monthly Development Status Report This is a solicitation for submissions for the May 2002 - June 2002 FreeBSD Bi-Monthly Development Status Report. All submissions are due by July 19, 2002. Submissions should be made by filling out the template found at: http://www.FreeBSD.org/news/status/report-sample.xml Submissions must then be e-mailed to the following address: [EMAIL PROTECTED] For automatic processing. Reports must be submitted in the XML format described, or they will be silently dropped. Submissions made to other e-mail addresses will be ignored. Status reports should be submitted once per project, although project developers may choose to submit additional reports on specific sub-projects of substantial size. Status reports are typically one or two short paragraphs, but the text may be up to 20 lines in length. Submissions are welcome on a variety of topics relating to FreeBSD, including development, documentation, advocacy, and development processes. Prior status reports may be viewed at: http://www.FreeBSD.org/news/status/ Robert N M Watson FreeBSD Core Team, TrustedBSD Projects [EMAIL PROTECTED] Network Associates Laboratories To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message