Re: misc/41772: can't disable keybell [PATCH]

2003-03-22 Thread soralx 

> Using kbdcontrol -b off on my laptop running current does
> turn off the sound already.

I tested `kbdcontrol -b off` on FreeBSD 5.0-RELEASE, and it
still did not turn off the beeper. I have also checked
'syscons.c', v. 1.399 ([0]), and foud only one change
concerning keybell:
'if (cold || shutdown_in_progress || !enable_bell)' -
('enable_bell' added, which must be "hw.syscons.bell"
sysctl var), that enables to turn the keybell off globally,
but not for separate vtys.

> Incidentally, using quiet.off doesn't
> shut it up either which is very confusing since quiet sets
> SC_QUIET_BELL.

I tested this again, and it works fine:

`kbdcontrol -b quiet.normal`
`(sleep 2;echo -e "\x07";sleep 2)&`
When, after executing this command, i quickly switch to
another vty, I hear no bell; when I stay on the same vty,
I can hear the bell.

> PCI ID's for the ICH4 controllere were committed prior to 4.7.

good, found my controller's ID in the latest CVSweb ATA-PCI tree

> This patch would inadvertently turn off visual bell's if you
> set the duration or pitch to zero manually.  A better patch
> might be:
>
> Index: syscons.c
> ===
> RCS file: /usr/cvs/src/sys/dev/syscons/syscons.c,v
> retrieving revision 1.399
> diff -u -r1.399 syscons.c
> --- syscons.c   3 Mar 2003 16:24:44 -   1.399
> +++ syscons.c   22 Mar 2003 14:38:58 -
> @@ -3547,7 +3547,7 @@
> if (scp != scp->sc->cur_scp)
> scp->sc->blink_in_progress += 2;
> blink_screen(scp->sc->cur_scp);
> -} else {
> +} else if (duration != 0 && pitch != 0) {
> if (scp != scp->sc->cur_scp)
> pitch *= 2;
> sysbeep(pitch, duration);
>
> Can you verify that this fix works for you?

yes, it does
but, I think, this may produce faster code:
 +} else if (duration && pitch) {

I also found couple more problems:

00.
`kbdcontrol -b 128.800`
`(sleep 2;echo -e "\x07";sleep 2)&`
If I stay on the same vty, I hear 800Hz bell, if I switch
to another vty, I hear ~400Hz bell.

`kbdcontrol -b normal`
`(sleep 2;echo -e "\x07";sleep 2)&`
If I stay on the same vty, I hear normal bell, if I switch
to another vty, I hear a bell with pitch twice as _high_.

01.
`kbdcontrol quiet.115.400` - won't set SC_QUIET_BELL flag


[0]
(http://www.freebsd.org/cgi/cvsweb.cgi/~checkout~/root/src \
/src/sys/dev/syscons/syscons.c?rev=1.399&content-type=text/plain)

22.03.2003; 23:12:44
[SorAlx]  http://cydem.org.ua/

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message

Love from abroad

2003-03-22 Thread Elfriede 


Hi, Elfriede here,

A nice lady wants to correspond with you. check her out


Let me know and I won't write you again. Thanks









To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message

Binary Security Updates

2003-03-22 Thread Colin Percival 
  Ok, I've decided that my binary security updates code is now 
release-worthy.  Right now I'm only building updates for 4.7-RELEASE; as 
soon as 4.8-RELEASE comes out I'll start building updates for that as well.
  Note that this code only works properly if you performed a binary 
install of the -RELEASE and have not recompiled anything (ie, haven't 
applied any updates since October), so theoretically nobody should be using 
this until after 4.8 is released.
  Everything is at http://www.daemonology.net/freebsd-update/ including a 
portified version of the client and the resulting package.  MD5 hashes are 
dac0f4bdf3d23b642bcbbac0e544821e, 12f69c9d0a2bf1f5278e49f0a4821aa7, 
b96bfc6bffcbfa18130250e36e6109d6, and 227819b9403a6f727566bd6ad5a79684 for 
server, client, client port, and client package respectively.

  Feedback is welcome. ;)

Colin Percival
PS. This is probably of interest to people reading stable@ as well, but 
that would apparently constitute excessive cross-posting.

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message

Re: Lots of kernel core dumps

2003-03-22 Thread Anti 
On Sun, 23 Mar 2003 00:10:38 +0100
Daniela <[EMAIL PROTECTED]> wrote:

> > I know, but 5.0-RELEASE was
> >
> > a) A work-in-progress, not a perfect, bug-free release
> >
> > b) A snapshot of 5.0-CURRENT
> >
> > You read the 5.0 Early Adopter's Guide, right?  Bugs like this are
> > expected at this stage in the development process, and if you
> > encounter them then you need to either give up on 5.x and go back to
> > 4.x-STABLE, or upgrade to 5.0-CURRENT if they are already fixed there.
> >
> > Kris
> 
> Yes, I read the Early Adopter's Guide.
> Is there any way to solve this without upgrading to -current?
> I want a stable server, of course, but I still want to help the FreeBSD folks 
> to make 5.0 the best release ever. This requires testing to be done.
> 
> Daniela


current isn't really any less stable than 5.0 release, likely more stable...


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message

Re: boot without user and password

2003-03-22 Thread Willem van Engen 
There is also the autologin (al) option in gettytab(5) that logs in a user
instead of prompting for a username/password. You can run X from his .profile

btw. isn't this more appropriate for freebsd-questions instead of -hackers?

On Thu, 20 Mar 2003 16:18:43 +
"Emilio Manuel" <[EMAIL PROTECTED]> wrote:

> I want to know how a FreeBSD box, just after finish booting process,
> can start automatically a session with a predeterminate user without
> doing the normal login process (ie, without typing user and password).
> 
> I wan to do this under Xwindows because I pretend to use this box as a
> "dumb X terminal" that can display messages send from another UNIX
> machine.
> 
> Security themes don't bother me, cause I use this box in a small local
> 
> network without conflictive users.
> 
> Thank you in advance.

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message

Re: Lots of kernel core dumps

2003-03-22 Thread Kris Kennaway 
On Sun, Mar 23, 2003 at 12:10:38AM +0100, Daniela wrote:

> Yes, I read the Early Adopter's Guide.
> Is there any way to solve this without upgrading to -current?

If you wanted to dig through the CVS commit logs to find the change
that fixed this problem (this may be difficult), you could back-port
it, but other than that, not really.

Kris


pgp0.pgp
Description: PGP signature

Re: Lots of kernel core dumps

2003-03-22 Thread Daniela 
> I know, but 5.0-RELEASE was
>
> a) A work-in-progress, not a perfect, bug-free release
>
> b) A snapshot of 5.0-CURRENT
>
> You read the 5.0 Early Adopter's Guide, right?  Bugs like this are
> expected at this stage in the development process, and if you
> encounter them then you need to either give up on 5.x and go back to
> 4.x-STABLE, or upgrade to 5.0-CURRENT if they are already fixed there.
>
> Kris

Yes, I read the Early Adopter's Guide.
Is there any way to solve this without upgrading to -current?
I want a stable server, of course, but I still want to help the FreeBSD folks 
to make 5.0 the best release ever. This requires testing to be done.

Daniela

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message

Re: ld.so and hard links

2003-03-22 Thread . 
> On Sat, 2003-03-22 at 07:30, Terry Lambert wrote:
> > You could potentially save a lot of memory.  *However*.  You may
> > not want to do this, since you are defeating priviledge seperation
> > that is what made you want to use jails in the first place.
> 
> There's a Linux Jail like thing called vserver, it has a feature where
> you hardlink a whole bunch of stuff for different jails (it has tools
> for building a set of jails from a given tree). It does a copy on write
> for any of these hardlinked files so you don't get the security issue.
> 
> No idea if it's possible to implement something like that for a jail :)
schg flag is sufficient to do impossible
hardlinked files change in jail IMHO
Or I forgot something?



To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message

Re: OID problem with Init?

2003-03-22 Thread Dan Nelson 
In the last episode (Mar 22), Ben Burke said:
> So my questions are:
> 1. Does init check for this seemingly retired OID on purpose?
> 2. What's "The Right Way" or even "A Right Way" to do an installworld
> on a remote machine?

Serial console :)

Otherwise, you can just installworld in multiuser mode, and reboot
after it's done.  The advise to install in single-user mode is just so
that people logged in while you install don't have problems due to
binaries getting installed before required libraries, etc.

-- 
Dan Nelson
[EMAIL PROTECTED]

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message

RE: jail support for ping, traceroute, etc.. crude hack

2003-03-22 Thread Mooneer Salem 
Hello,

Another possibility would be to deny access to IP_FW_* and IP_DUMMYNET_*
in getsockopt(), or at least limit access to the IP addresses the jail
is assigned (there's a struct thread pointer in the struct sockopt that it
receives, meaning we can get to ucred and the jail's struct prison pointer).
This should mitigate some of the security concerns.

Thanks,

--
Mooneer Salem
GPLTrans: http://www.translator.cx/
lifeafterking.org: http://www.lifeafterking.org/

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of "."@babolo.ru
Sent: Monday, March 17, 2003 2:57 AM
To: Peter Jeremy
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: jail support for ping, traceroute, etc.. crude hack


> On Mon, Mar 17, 2003 at 10:06:27AM +0300, "."@babolo.ru wrote:
> >It is time to invent "ping socket" and "traceroute socket"
> >in addition to tcp, udp, divert so on?
>
> Whilst this might seem nice, actually implementing so that it is
> both useful and safe is not easy.
>
> For a "ping socket", this is reasonably easy if all you want is the
> ability to send "ICMP ECHO REQUEST" packets and receive any "ICMP ECHO
> REPLY" packets associated with previous request packets.  It's not
> totally trivial because the kernel has to keep the state for outgoing
> packets to ensure that only the correct incoming packets are
> forwarded.  (This is a security issue - you don't want somone finding
> out hosts someone outside that jail is pinging).  Remember to allow
> for multiple responses to a single request and for long delays.  You
> might also want to implement resource restrictions to prevent someone
> flooding the system with request packets.
Not so easy to do but easy understandable for me.

> A "traceroute socket" is harder: There's no "ICMP TRACEROUTE" packet.
> Instead, traceroute(8) sends outgoing IP packets with varying TTL
> sizes and monitors incoming ICMP looking for check for "HOST
> UNREACHABLE - TIME EXCEEDED IN TRANSIT" packets.  Again, the kernel
> would need to validate the incoming packets against outgoing packets.
"traceroute socket" is just a curiosity.
It seems to me better use UDP socket with some controls
and "ping socket" from above.
But way to obtain "ping socket" coupled with UDP socket
is above my brain.

Or may be more common way? Semiraw socket
for ability send some classes of IP packets
and seceive all induced ICMP
ICMP ECHO REQUEST, any UDP and other protocols
exept TCP with correct source IP address
is probably secure enough for use by root in jail.

> In both cases, you also need to work out how to handle other random
> ICMP packets that be received as a result of the outgoing packets.


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message






To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message

Re: misc/41772: can't disable keybell [PATCH]

2003-03-22 Thread soralx 
> Incidentally, using quiet.off doesn't
> shut it up either which is very confusing since quiet sets
> SC_QUIET_BELL.

it does, actually
the `man kbdcontrol` doesn't say that it also checks to see
if the beeping console is not current:

if (scp != scp->sc->cur_scp && (scp->sc->flags & SC_QUIET_BELL))

> +} else if (duration != 0 && pitch != 0) {

why using "if (duration != 0 && pitch != 0)" is
better than "if (!(duration && pitch))"?

> Can you verify that this fix works for you?

OK, I'll check it after work

22.03.2003; 09:09:34
[SorAlx]  http://cydem.org.ua/

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message

Re: misc/41772: can't disable keybell [PATCH]

2003-03-22 Thread John Baldwin 

On 22-Mar-2003 [EMAIL PROTECTED] wrote:
> 
>> http://www.freebsd.org/cgi/query-pr.cgi?pr=41772
> This appears to be _VERY_ old problem (I don't remember
> it on 2.2.7-RELEASE, though)
> In short: the beeper still produces noises (clicks) when
> shut up with `kbdcontrol -b off`

Using kbdcontrol -b off on my laptop running current does
turn off the sound already.  On a stable machine I still
do see the problem.  Incidentally, using quiet.off doesn't
shut it up either which is very confusing since quiet sets
SC_QUIET_BELL.

> (as well a this one:
> 'http://www.FreeBSD.org/cgi/query-pr.cgi?pr=kern/44257' -
> it works well for my EIDE controller).

PCI ID's for the ICH4 controllere were committed prior to 4.7.
However, thanks for your submission.

> FreeBSD 4.6.2-RELEASE:
> ===8<===
> --- ./syscons.c.ORIG  Fri Mar 21 23:10:05 2003
> +++ ./syscons.c   Fri Mar 21 23:10:37 2003
> @@ -3385,6 +3385,9 @@
>  if (scp != scp->sc->cur_scp && (scp->sc->flags & SC_QUIET_BELL))
>   return;
>  
> +if (!(duration && pitch))
> + return;
> +
>  if (scp->sc->flags & SC_VISUAL_BELL) {
>   if (scp->sc->blink_in_progress)
>   return;
> ===8<===

This patch would inadvertently turn off visual bell's if you
set the duration or pitch to zero manually.  A better patch
might be:

Index: syscons.c
===
RCS file: /usr/cvs/src/sys/dev/syscons/syscons.c,v
retrieving revision 1.399
diff -u -r1.399 syscons.c
--- syscons.c   3 Mar 2003 16:24:44 -   1.399
+++ syscons.c   22 Mar 2003 14:38:58 -
@@ -3547,7 +3547,7 @@
if (scp != scp->sc->cur_scp)
scp->sc->blink_in_progress += 2;
blink_screen(scp->sc->cur_scp);
-} else {
+} else if (duration != 0 && pitch != 0) {
if (scp != scp->sc->cur_scp)
pitch *= 2;
sysbeep(pitch, duration);

Can you verify that this fix works for you?

-- 

John Baldwin <[EMAIL PROTECTED]>  <><  http://www.FreeBSD.org/~jhb/
"Power Users Use the Power to Serve!"  -  http://www.FreeBSD.org/

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message

OID problem with Init?

2003-03-22 Thread Ben Burke 
Hello Everyone,

I was looking for a good way to run "make installworld" in single-user
mode on a machine which I don't have any kind of remote hands or
serial-console access to. The first thought that came to my head was to
temporarily put the commands at the end of rc.shutdown. I'm not sure if
the machine is still multi-user at that point. Anyway it worked, but on
such a slow machine it didn't complete before init timed out the
shutdown script. So I looked at init...

On line 1576 (spacing changed, comment added for email):
if (
  sysctlbyname("kern.shutdown_timeout", &shutdowntimeout, &len, NULL, 0)
  == -1 || shutdowntimeout < 2
) shutdowntimeout = DEATH_SCRIPT; /* DEATH_SCRIPT = 120 */

I know that there was a "kern.shutdown_timeout" in FBSD 3, but there
doesn't seem to be one now in FBSD 4.8-RC (from yesterday).

So my questions are:
1. Does init check for this seemingly retired OID on purpose?
2. What's "The Right Way" or even "A Right Way" to do an installworld
on a remote machine?

Thanks in advance!


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message