Useful tools missing from /rescue
Hi all, I've had to use /rescue recently and felt lack of a few basic tools in it, namely pgrep(1), head(1), tail(1), tee(1), and a text filter, e.g., sed(1). Well, in fact most functionality of pgrep(1), head(1), tail(1), and even tee(1) can be emulated if one has sed(1), but the tools are so tiny and convenient that it's a pity not to have them all handy during hard times. In addition, there are chflags and chmod in /rescue, but there's no chown in it, so the toolset is a bit incomplete. Would anyone mind if I add those tools to /rescue? The size growth will be rather small: -r-xr-xr-x 121 root wheel 3715096 1 сен 10:22 /mnt2/rescue.old/rescue -r-xr-xr-x 129 root wheel 3761828 1 сен 11:22 /mnt2/rescue/rescue The patch is attached. Thanks! -- Yar --- //depot/vendor/freebsd/src/rescue/rescue/Makefile 2007/07/14 22:47:42 +++ //depot/user/yar/hack/rescue/rescue/Makefile2007/09/01 07:28:25 @@ -85,6 +85,10 @@ CRUNCH_ALIAS_rm= unlink CRUNCH_ALIAS_ed= red +CRUNCH_PROGS_bin+= pkill +CRUNCH_SRCDIR_pkill= ${.CURDIR}/../../usr.bin/pkill +CRUNCH_ALIAS_pkill= pgrep + .if ${MK_RCMDS} != no CRUNCH_PROGS_bin+= rcp .endif @@ -190,6 +194,8 @@ # CRUNCH_SRCDIRS+= usr.bin +CRUNCH_PROGS_usr.bin= head sed tail tee + CRUNCH_PROGS_usr.bin+= gzip CRUNCH_ALIAS_gzip= gunzip gzcat zcat @@ -211,7 +217,10 @@ # CRUNCH_SRCDIRS+= usr.sbin -CRUNCH_PROGS_usr.sbin+= chroot +CRUNCH_PROGS_usr.sbin= chroot + +CRUNCH_PROGS_usr.sbin+= chown +CRUNCH_ALIAS_chown= chgrp ## # The following is pretty nearly a generic crunchgen-handling makefile ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Useful tools missing from /rescue
Reference: From: Yar Tikhiy [EMAIL PROTECTED] Date: Sat, 1 Sep 2007 11:34:40 +0400 Message-id: [EMAIL PROTECTED] Yar Tikhiy wrote: Hi all, I've had to use /rescue recently and felt lack of a few basic tools in it, namely pgrep(1), head(1), tail(1), tee(1), and a text filter, e.g., sed(1). Well, in fact most functionality of pgrep(1), head(1), tail(1), and even tee(1) can be emulated if one has sed(1), but the tools are so tiny and convenient that it's a pity not to have them all handy during hard times. In addition, there are chflags and chmod in /rescue, but there's no chown in it, so the toolset is a bit incomplete. Would anyone mind if I add those tools to /rescue? The size growth will be rather small: -r-xr-xr-x 121 root wheel 3715096 1 ÓÅÎ 10:22 /mnt2/rescue.old/rescue -r-xr-xr-x 129 root wheel 3761828 1 ÓÅÎ 11:22 /mnt2/rescue/rescue Don't do it without approval of re@ (who might be too busy just now anyway) It might blow the limit on the tight packed rescue floppy. ( though desk workstations have CDs, lost of small boxes still just have floppies for rescue) Best try to build a rescue floppy yourself before adding bloat. BTW I've never used pgrep thus superfluous to rescue. Others also not really needed, merely nice. True rescue is just to fix FS at which point you can mount other FS or CDROM or NFS etc for more tools. Before anyone else might discuss which tools might be nice, I'd suggest build yourself a FIXIT floppy, see what space is left, what you'd have to chuck out to make space for what you want to add. The patch is attached. Thanks! -- Yar --- //depot/vendor/freebsd/src/rescue/rescue/Makefile 2007/07/14 22:47:42 +++ //depot/user/yar/hack/rescue/rescue/Makefile 2007/09/01 07:28:25 @@ -85,6 +85,10 @@ CRUNCH_ALIAS_rm= unlink CRUNCH_ALIAS_ed= red +CRUNCH_PROGS_bin+= pkill +CRUNCH_SRCDIR_pkill= ${.CURDIR}/../../usr.bin/pkill +CRUNCH_ALIAS_pkill= pgrep + .if ${MK_RCMDS} != no CRUNCH_PROGS_bin+= rcp .endif @@ -190,6 +194,8 @@ # CRUNCH_SRCDIRS+= usr.bin +CRUNCH_PROGS_usr.bin= head sed tail tee + CRUNCH_PROGS_usr.bin+= gzip CRUNCH_ALIAS_gzip= gunzip gzcat zcat @@ -211,7 +217,10 @@ # CRUNCH_SRCDIRS+= usr.sbin -CRUNCH_PROGS_usr.sbin+= chroot +CRUNCH_PROGS_usr.sbin= chroot + +CRUNCH_PROGS_usr.sbin+= chown +CRUNCH_ALIAS_chown= chgrp ## # The following is pretty nearly a generic crunchgen-handling makefile ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED] -- Julian Stacey. Munich Computer Consultant, BSD Unix C Linux. http://berklix.com Ihr Rauch=mein allergischer Kopfschmerz. Dump cigs 4 snuff. ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Verizon Wireless Card v620 (Novatel Wireless)
Success ... on device from ugen1 to ucom0 ucom0: Novatel Wireless Inc. Novatel Wireless Merlin CDMA, rev 1.10/0.00, addr 2 ..I have successfully gotten my device to detect as ucom.. (ucom0: Novatel Wireless Inc. Novatel Wireless Merlin CDMA, rev 1.10/0.00, addr 2) and not ugen.. HOWEVER, my problem here is connecting... each time i type ppp ,... it says 'ucom0: ubsa_request STALLED. and the stalled messages keep coming.. when i type ping google.com to see if i'm online it shows me host look up failure, thus meaning im not connected. Please what can i do to solve this problem, it's eating me up.. i really need this.. I have even recompiled my kernel (from 6.2-RELEASE to 6.2-STABLE) ... and its still not working .. what can i do to solve this .. please help. - Fussy? Opinionated? Impossible to please? Perfect. Join Yahoo!'s user panel and lay it on us. ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Verizon Wireless Card v620 (Novatel Wireless)
On Saturday 01 September 2007, Anthrax De Oracle wrote: Success ... on device from ugen1 to ucom0 ucom0: Novatel Wireless Inc. Novatel Wireless Merlin CDMA, rev 1.10/0.00, addr 2 ..I have successfully gotten my device to detect as ucom.. (ucom0: Novatel Wireless Inc. Novatel Wireless Merlin CDMA, rev 1.10/0.00, addr 2) and not ugen.. HOWEVER, my problem here is connecting... each time i type ppp ,... it says 'ucom0: ubsa_request STALLED. and the stalled messages keep coming.. when i type ping google.com to see if i'm online it shows me host look up failure, thus meaning im not connected. Please what can i do to solve this problem, it's eating me up.. i really need this.. I have even recompiled my kernel (from 6.2-RELEASE to 6.2-STABLE) ... and its still not working .. what can i do to solve this .. please help. See my thread about this from a few months ago on the freebsd-mobile mailing list. I saw strings of STALLED messages as well but it always worked fine for me. You might want to compare my patches to yours. JN ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Exclusive binary files
Hi. Well, anybody know a way to make the FreeBSD run just binaries that I have compiled? For example: A hacker get a access to a shell into my server, and then it put a exploit code, but on the machine don't have a compiler, then he tries to put the compiled exploit... supose that I can't mount the users partition in noexec mode... Anybode knows a solution for these? -- /* * Klaus Schneider */ ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: what happened to make world?
On 2007-08-30 21:49, Pietro Cerutti [EMAIL PROTECTED] wrote: # make world WARNING: make world will overwrite your existing FreeBSD installation without also building and installing a new kernel. This can be dangerous. Please read the handbook, 'Rebuilding world', for how to upgrade your system. Define DESTDIR to where you want to install FreeBSD, including /, to override this warning and proceed as usual. You may get the historical 'make world' behavior by defining HISTORICAL_MAKE_WORLD. You should understand the implications before doing this. Bailing out now... *** Error code 1 Stop in /usr/src. Even worse.. it doesn't tell you how to do what you tell him to do.. it doubts that maybe that's not what you really want to do! Oh but it does. You may get the historical 'make world' behavior by defining HISTORICAL_MAKE_WORLD. You should understand the implications before doing this. So, if you know what you are doing and you really _want_ the old behavior, set HISTORICAL_MAKE_WORLD and off you go: # env HISTORICAL_MAKE_WORLD=yes \ make world It's not so hard or such a big PITA, right? ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Exclusive binary files
On 2007-Sep-01 14:27:42 -0300, Klaus Schneider [EMAIL PROTECTED] wrote: Well, anybody know a way to make the FreeBSD run just binaries that I have compiled? The simplest way would be to change the ELF OSABI that the kernel loader recognises as FreeBSD (patch ELFOSABI_FREEBSD in sys/sys/elf_common.h and rebuild). You would need to use brandelf to patch executables built on other FreeBSD systems. There's a set of patches implementing mac_chkexec floating around see (eg) http://lists.virus.org/freebsd-security-0503/msg00042.html This might do what you want. -- Peter Jeremy pgpuXq7ZvgCrd.pgp Description: PGP signature
Re: Exclusive binary files
On Sat, 1 Sep 2007 14:27:42 -0300 Klaus Schneider [EMAIL PROTECTED] wrote: Well, anybody know a way to make the FreeBSD run just binaries that I have compiled? In general, it's impossible. There's no way the system can know that you compiled a binary. There are a number of things you could do with a custom kernel and toolchain to indicate that you compiled the binary (like Peter's changing of ELF OSABI), but that's just security through obscurity. If someone figures out those changes and replicates them, you lose. The extreme version of this involves designing a new processor, getting a copy fabbed, porting FreeBSD to it, and then using that. Somewhat more practical are crypto technics, say having the kernel check that you've digitally signed the binaries. Those aren't unbreakable, just expensive to break. For example: A hacker get a access to a shell into my server, and then it put a exploit code, but on the machine don't have a compiler, then he tries to put the compiled exploit... supose that I can't mount the users partition in noexec mode... Anybode knows a solution for these? You haven't described why you can't make the users partition noexec (which is really strange since you don't want users to be able to install executables), so no, I can't provide a solution for that. There are lots of other possibilities that might turn up with a different phrasing of the problem. For instance, restricting the kernel to a fixed list of executables should be doable. But until you tell us what problem you're really trying to solve, there's no way to know which would be acceptable and which wouldn't. mike -- Mike Meyer [EMAIL PROTECTED] http://www.mired.org/consulting.html Independent Network/Unix/Perforce consultant, email for more information. ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Useful tools missing from /rescue
On Sat, Sep 01, 2007 at 02:40:29PM +0200, Julian Stacey wrote: Reference: From: Yar Tikhiy [EMAIL PROTECTED] Date: Sat, 1 Sep 2007 11:34:40 +0400 Message-id: [EMAIL PROTECTED] Yar Tikhiy wrote: Hi all, I've had to use /rescue recently and felt lack of a few basic tools in it, namely pgrep(1), head(1), tail(1), tee(1), and a text filter, e.g., sed(1). Well, in fact most functionality of pgrep(1), head(1), tail(1), and even tee(1) can be emulated if one has sed(1), but the tools are so tiny and convenient that it's a pity not to have them all handy during hard times. In addition, there are chflags and chmod in /rescue, but there's no chown in it, so the toolset is a bit incomplete. Would anyone mind if I add those tools to /rescue? The size growth will be rather small: -r-xr-xr-x 121 root wheel 3715096 1 сен 10:22 /mnt2/rescue.old/rescue -r-xr-xr-x 129 root wheel 3761828 1 сен 11:22 /mnt2/rescue/rescue Don't do it without approval of re@ (who might be too busy just now Thanks for the reminder. ;-) anyway) It might blow the limit on the tight packed rescue floppy. ( though desk workstations have CDs, lost of small boxes still just have floppies for rescue) Best try to build a rescue floppy yourself before adding bloat. If you meant the fixit floppy, it is built separately. The rescue(8) binary is already bigger than a floppy and it isn't supposed to fit on that media. BTW I've never used pgrep thus superfluous to rescue. Others also not really needed, merely nice. True rescue is just to fix FS at which point you can mount other FS or CDROM or NFS etc for more tools. Unlike a fixit floppy, rescue(8) was introduced mostly to help when shared libraries were damaged badly. In that case, to prevent system malfunction, you may want to kill daemons starting other binaries, e.g., cron(8) and sendmail(8), if you don't want to, or just cannot, drop into single-user mode immediately. Of course, rescue(8) is also of use in other recovery tasks if one is lucky enough to be able to mount / and too lazy to reach for a fixit CD. Before anyone else might discuss which tools might be nice, I'd suggest build yourself a FIXIT floppy, see what space is left, what you'd have to chuck out to make space for what you want to add. Again, fixit is built using a different configuration file, please see src/release/${TARGET_ARCH}/fixit_crunch.conf. -- Yar ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: what happened to make world?
In message: [EMAIL PROTECTED] Pietro Cerutti [EMAIL PROTECTED] writes: : Max Laier wrote: : On Thursday 30 August 2007, Pietro Cerutti wrote: : # make world : WARNING: make world will overwrite your existing FreeBSD : installation without also building and installing a new : kernel. This can be dangerous. Please read the handbook, : 'Rebuilding world', for how to upgrade your system. : Define DESTDIR to where you want to install FreeBSD, : including /, to override this warning and proceed as usual. : You may get the historical 'make world' behavior by defining : HISTORICAL_MAKE_WORLD. You should understand the implications : before doing this. : : Bailing out now... : *** Error code 1 : : Stop in /usr/src. : : : Now, THIS is quite funny... do you really thing that a person with : - root access : - the knowledge of the existence of make world : needs this sort of things? : : I didn't see anything about this new-wave-of-user-friendly-bsd going on : the list.. have I missed something? : : And your complaint would be ... what exactly? : : : I don't want my OS to treat me like a stupid. I will note that since we switched to the multi-phase world with explicit reboot instructions, the support load for 'oh no, I shot myself in the foot' has gone way down. There are times that one must put a few safety rails in place. Since we have limited resources for support for users, it is better to make them make sure they know what they are doing so we can focus our resources better. Sometimes we have to optimize for developer time in the tradeoffs that are made. Warner ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]