Re: Unable to stop a jail
Steven Hartland [EMAIL PROTECTED] Wrote, jctl is not a valid command here, perhaps its a thirdparty addon you have there? Steve # whereis jail jail: /usr/sbin/jail /usr/share/man/man8/jail.8.gz /usr/src/usr.sbin/jail Its stock on my machine... Perhaps your path is bad? ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Converting libfoo.so for linux to freebsd
On Tue, 9 Aug 2005, M. Warner Losh wrote: In message: [EMAIL PROTECTED] Bernd Walter [EMAIL PROTECTED] writes: : On Tue, Aug 09, 2005 at 01:37:34PM -0600, M. Warner Losh wrote: : I have recently purcahsed a device that comes with a .so for linux, : but no sources. Is there any way one can take an arbitrary linux .so : which appears to have no dependencies to a FreeBSD .so? The binary : code is about 20k or so. : : Isn't this just brandelf'ing to FreeBSD-i386? : Asuming that the lib really has no dependencies to linux specific : device/kernel features or linux specific libs. I tried brandelfing, but that didn't work. There's some weird symbols in there: DF *UND* 0023 GLIBC_2.0 fprintf DF *UND* 00f8 GLIBC_2.0 fflush DF *UND* 01b4 GLIBC_2.0 malloc DF *UND* 0058 GLIBC_2.0 memmove DO *UND* 0004 GLIBC_2.0 stderr DF *UND* 020d GLIBC_2.0 abort DF *UND* 0027 GLIBC_2.0 memcpy w DF *UND* 00ac GLIBC_2.1.3 __cxa_finalize DF *UND* 0043 GLIBC_2.0 memset So it looks like I'm close... objcopy -R kept the GLIBC_* references in place, alas, so that didn't work, as suggested elsewhere in this thread. The above list is small, but has hree bad entries: fprintf, fflush and stderr. So that may present a problem for me if these functions are ever called. Warner Well, those functions do exist... except for stderr, although that is a varible (libc) The problem is that when you brandelf a .so file, it dosen't do anything, whatever uses it must be brandelf'd and compiled for linux... (well, in my experience with it it does nothing that i have noticed) If you can compile whatever needs to use it as linux then brandelf it, it should work ~Neo-Vortex ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ProPolice: best way to fill canary
On Fri, 8 Jul 2005, Jeremie Le Hen wrote: Hello hackers, I'm going to disturb you once again with ProPolice. The original ProPolice patch, as well as most of FreeBSD variants and Linux one, uses /dev/urandom to fill the canary with random data (the canary is what is going to be put between buffer and return address in the stack). OTOH, OpenBSD uses kern.arnd sysctl to achieve this (this is a sysctl front-end to the arc4random() function). Just one question, why does the canary have to be filled with random data? Why not just zero it? sure you get a single random value to find out how many zero's to use, but why waste that much good-quality random data (and of course if there isn't enough in urandom, you would have to make it loop till there is enough unless you make it just leave the rest as-is) IMHO there is no advantages (well, that i can see) of having it random data rather than just NULL... Feel free to correct me if i'm wrong... ~NVX ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ProPolice: best way to fill canary
On Fri, 8 Jul 2005, ALeine wrote: [EMAIL PROTECTED] wrote: On Fri, 8 Jul 2005, Jeremie Le Hen wrote: Hello hackers, I'm going to disturb you once again with ProPolice. The original ProPolice patch, as well as most of FreeBSD variants and Linux one, uses /dev/urandom to fill the canary with random data (the canary is what is going to be put between buffer and return address in the stack). OTOH, OpenBSD uses kern.arnd sysctl to achieve this (this is a sysctl front-end to the arc4random() function). Just one question, why does the canary have to be filled with random data? Why not just zero it? sure you get a single random value to find out how many zero's to use, but why waste that much good-quality random data (and of course if there isn't enough in urandom, you would have to make it loop till there is enough unless you make it just leave the rest as-is) IMHO there is no advantages (well, that i can see) of having it random data rather than just NULL... Feel free to correct me if i'm wrong... You're wrong, when the canary value is fixed and known (such as in terminator canaries), there are cases where an attacker could manage to reset the canary to the expected value and circumvent the protection mechanism. That chance doesn't exist with random canaries. AFAIK, ProPolice supports both terminator and random canaries. As for the original topic, I would prefer the sysctl front-end, IMO it's more consistent with other BSDs and more clean and direct while extending open(2) would only appear transparent at the expense of needlessly increasing the complexity of open(2). I was meaning random length fixed value... and unless the attacker wants to set the return address to 0x0... ~NVX ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Slowing down an old program to run on a fast CPU?
On Fri, 10 Jun 2005, Mike Hunter wrote: Hey everybody, I was playing around in ports and came across xroach. Cool program :) The only problem is that it runs too fast; you can't see the roaches because they scurry under your windows too quickly. Is there a general-purpose approach to this kind of problem in the FBSD world? I can see myself writing a C program called `slow` that would take argv[1] as the factor ( 1) by which argv[2] should be slowed down by. Anybody else ever come up against this? Thanks and happy Friday! You could try installing vmware and running however many copies of windows it takes to make the game playable... (i would say some other form of *BSD, but it probobly wouldn't hog as much cpu :P) ~NVX ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: HEADS UP! 6.0 Schedule, 6.0-CURRENT Snapshot
On Sun, 5 Jun 2005, Andre Guibert de Bruet wrote: Yes, oh lordie yes. I guess we aren't going to have a new logo in time for FreeBSD6-RELEASE in August, are we? Coordinating the release with the new logo would be really nifty! Mabe im living under a rock... but what new logo? ~NVX ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
vmstat reporting incorrect cpu usage
I've noticed if i run vmstat with no params when rebuilding the kernel i get this right: # vmstat procs memory page disk faults cpu r b w avmfre flt re pi po fr sr ad0 in sy cs us sy id 2 1 0 294156 44596 313 0 0 0 296 1 0 82 85 225 14 8 78 # But, if i run it like this # vmstat -c 2 procs memory page disk faults cpu r b w avmfre flt re pi po fr sr ad0 in sy cs us sy id 1 1 0 299580 38204 313 0 0 0 296 1 0 82 85 225 14 8 78 1 1 0 294996 42876 886 0 0 0 2061 0 3 1364 2231 81 19 0 # The second result shows what top does, but the first one seems to be completely wrong... # vmstat -c 6 procs memory page disk faults cpu r b w avmfre flt re pi po fr sr ad0 in sy cs us sy id 1 1 0 300136 36196 313 0 0 0 296 1 0 82 85 225 14 8 78 1 1 0 301040 35312 230 0 0 0 9 0 0 2193 489 2156 87 13 0 1 1 0 296720 39644 1234 0 0 0 2326 0 5 2190 1530 2185 70 30 0 1 1 0 297092 39228 1435 0 0 0 1336 0 3 2200 1562 2188 75 25 0 1 1 0 298488 37844 1573 0 0 0 1229 0 4 2206 1592 2191 69 31 0 1 1 0 299372 36908 316 0 0 0 123 0 96 2301 618 2442 86 14 0 # Only the first one seems to do it though... FreeBSD 5.3-RELEASE. Does this happen for anyone else? (Mabe someone running 5.4 can test this?) ~Neo-Vortex ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: The performances of [EMAIL PROTECTED] v0.8-alpha
On Wed, 1 Jun 2005 [EMAIL PROTECTED] wrote: Mean Resp. Time (ms)/ Weighted Bandwidth (bps)/ Valid+Invalid connections/ Confirming Connections/ Throughput ops/sec snip Apache(FreeBSD) 410.0 303272.69 300+0 50 761 Apache(RHEL)382.2 313600.49 300+0 56 765 snip Apache(FreeBSD) 719.3 166083.41 600+0 0 771 Apache(RHEL)758.2 157416.85 600+0 0 769 snip Apache(FreeBSD) 1077.7 110974.79 983+17 0 773 Apache(RHEL)1247.2 95514.28989+11 0 750 snip Anyone care to explain why on FreeBSD (without OpenKeta) the preformance was lower than Linux for the 300 connection test although better for the 600 and 1000? (Just Curiosity) ~Neo-Vortex ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: the error connection of socket in kernel(new)
On Tue, 31 May 2005, shiner chen wrote: sa_in.sin_port = htons(21); /*this is my computer ip:172.19.11.8*/ sa_in.sin_addr.s_addr = htonl((172 8) | 19) 8) | 11) 8) | 48); Can't help much with your question, but that last line quoted could be made much simpler (and less prone to errors) by using the inet_addr() function... half asleep at the moment... will re-look over your actual question later :) ~Neo-Vortex ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Route/arp help?
On Wed, 2005-04-13 at 16:38, M. Parsons wrote: I was under the impression (but would need to check to make sure) that all incoming packets are diverted to ng_pppoe when it is hooked into the Ethernet interface. This would explain your problems. Can you try this without the interface being used for PPPOE? I have a single interface for PPPoE using netgraph and it connects to the modem, and other computers fine For the record, http://www.broadbandreports.com/faq/9693 is the page on how you access the line stats, and the MAC part is required for my modem. The only reason i could think of as to why it is required, is if its ip address isn't 10.0.0.1 as you think it is and for some strange reason it accepts ip packets as its own if the ethernet header points to its MAC address... try setting it to DHCP and see if you get an ip... else look up the manufacturer for the default ip and try a factory reset ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Fwd: problem due to hostname change
On Thu, 17 Mar 2005, Pietro Cerutti wrote: Hi Hackers, I posted this on freebsd-questions, but couldn't find a solution... Maybe here Thank you! Please: don't Cc me, I'm on the list! -- Forwarded message -- From: Pietro Cerutti [EMAIL PROTECTED] Date: Thu, 17 Mar 2005 15:04:45 + Subject: Re: problem due to hostname change To: Lowell Gilbert [EMAIL PROTECTED] Cc: FreeBSD freebsd-questions@freebsd.org On 17 Mar 2005 09:57:26 -0500, Lowell Gilbert [EMAIL PROTECTED] wrote: Pietro Cerutti [EMAIL PROTECTED] writes: Hi list, my computer is not part of a domain, and so I had set my hostname to old_hostname. Now I changed it in rc.conf to new_hostname: ~ cat /etc/rc.conf | grep hostname hostname=new_hostname ~ I rebooted, but my pc is still somewhere configured to be called old_hostname. First of all, when the pc boots, I see this in dmesg: FreeBSD 5.4-PRERELEASE #10: Wed Mar 9 15:40:46 UTC 2005 my_name@old_hostname:/usr/obj/usr/src/sys/GAHR That's not a problem; all it means is that's who built the kernel. It doesn't get used for *anything* other than printing that message. Then, when I try to start apache, I see this in my /var/log/httpd-error.log, and apache won't start: [Thu Mar 17 13:29:11 2005] [alert] mod_unique_id: unable to gethostbyname(old_hostname) grep -ir old_hostname /etc /usr/local/etc (mabe even for /var/named too...) that might shed some light as to where its coming from... as for the bootup the [EMAIL PROTECTED] is just that you compiled the kernel as that, it affects nothing You must have put the old hostname into Apache's configuration explicitly. You will need to change it by hand. The configuration file is (by default, as installed from the port) /usr/local/etc/apache/httpd.conf. No, this is not the problem. I searched in httpd.conf but I didn't find anything concerning my old_hostname. I even deinstalled deleted the configuration files reinstalled apache. Don't forget this: FreeBSD 5.4-PRERELEASE #10: Wed Mar 9 15:40:46 UTC 2005 my_name@old_hostname:/usr/obj/usr/src/sys/GAHR Here I have my old_hostname too. My question is: how can I change my hostname to new_hostname safely, in a way that the old_hostname is not used anymore in any part of the OS? Changing rc.conf is enough for anything that was configured automatically. It should be so, but it actually isn't. If you changed some other configuration by hand, you will need to change it again by hand. Note that if you had not added your hostname to httpd.conf, Apache would have used the system hostname by default (I believe; I haven't actually checked this recently). I'm sure I didn't set my old_hostname anywhere else than in rc.conf Be well. However, thank you for your advice, but it didn't solve my problem... -- Pietro Cerutti [EMAIL PROTECTED] http://www.gahr.ch/pgp-key Beansidhe - SwiSS Death / Thrash Metal www.beansidhe.ch Windows: Where do you want to go today? Linux: Where do you want to go tomorrow? FreeBSD: Are you guys coming or what? -- Pietro Cerutti [EMAIL PROTECTED] http://www.gahr.ch/pgp-key Beansidhe - SwiSS Death / Thrash Metal www.beansidhe.ch Windows: Where do you want to go today? Linux: Where do you want to go tomorrow? FreeBSD: Are you guys coming or what? ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]