Re: Where am I wasting resources? How to fix this problem?
On Thursday 30 April 2009 21:49:13 Chuck Swiger wrote: Hi, VeeJay-- On Apr 30, 2009, at 12:02 PM, VeeJay wrote: Guys, I am not very good on freebsd, its you guys who help me to keeping my server up... I hope you can spare a few minutes to sort this problem... last pid: 19656; load averages: 1.00, 1.00, 1.00 up 2+05:00:12 19:18:47 3049 processes:2 running, 3047 sleeping CPU: 12.5% user, 0.0% nice, 0.1% system, 0.0% interrupt, 87.4% idle Mem: 6253M Active, 3810M Inact, 921M Wired, 128K Cache, 214M Buf, 4683M Free Swap: 32G Total, 32G Free PID USERNAMETHR PRI NICE SIZERES STATE C TIME WCPU COMMAND 830 mysql 1500 440 1670M 813M ucond 1 0:00 100.00% mysqld It sure looks like you're running into a system limit with the maximum # of threads available to the mysql process. There's no such limit, see pthread_create(3) and pthread.h: #define PTHREAD_THREADS_MAX __ULONG_MAX but the 1500 is suspicious. Suspicious enough to be a MySQL configuration value or compile time option. The only way to get to the bottom of it, is to watch the number of threads in the mysql process and attach ktrace to it the moment it approaches 1500, to see if pthread_create actually does return EAGAIN and get a hint as to where. My suspicion however is that the thread abstraction of MySQL sets EAGAIN. A my.cnf certainly would help. -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Where am I wasting resources? How to fix this problem?
Hi Mel I tried your suggestions by giving values vm.kmem_size_max=1024M vm.kmem_size=1024M but still got mysql hung without any luck here is the top output: even though there is plenty of free memory Guys, I am not very good on freebsd, its you guys who help me to keeping my server up... I hope you can spare a few minutes to sort this problem... last pid: 19656; load averages: 1.00, 1.00, 1.00 up 2+05:00:12 19:18:47 3049 processes:2 running, 3047 sleeping CPU: 12.5% user, 0.0% nice, 0.1% system, 0.0% interrupt, 87.4% idle Mem: 6253M Active, 3810M Inact, 921M Wired, 128K Cache, 214M Buf, 4683M Free Swap: 32G Total, 32G Free PID USERNAMETHR PRI NICE SIZERES STATE C TIME WCPU COMMAND 830 mysql 1500 440 1670M 813M ucond 1 0:00 100.00% mysqld 19649 sshUser 1 440 16304K 8340K CPU1 1 0:00 0.39% top 18277 sshUser 1 440 26448K 2756K select 0 0:28 0.00% sshd 841 root 1 440 115M 17132K select 0 0:24 0.00% httpd 790 postfix 1 40 4600K 1972K kqread 1 0:07 0.00% qmgr 14353 apache1 40 117M 50896K sbwait 0 0:05 0.00% httpd 17564 apache1 40 119M 16084K sbwait 0 0:05 0.00% httpd 18320 sshUser 1 440 21560K 5920K select 1 0:04 0.00% sftp-server 14395 apache1 40 117M 51684K sbwait 0 0:04 0.00% httpd 782 root 1 40 4604K 1548K kqread 5 0:04 0.00% master 14456 apache1 40 120M 52440K sbwait 0 0:03 0.00% httpd 629 root 1 440 5688K 1252K select 2 0:02 0.00% syslogd 18687 apache1 40 116M 21528K sbwait 1 0:02 0.00% httpd 17759 apache1 40 118M 15852K sbwait 3 0:02 0.00% httpd 17561 apache1 40 117M 19368K sbwait 5 0:02 0.00% httpd 14609 apache1 40 116M 50696K sbwait 2 0:02 0.00% httpd 14623 apache1 40 117M 46444K sbwait 0 0:02 0.00% httpd 17599 apache1 40 118M 14884K sbwait 1 0:02 0.00% httpd 16262 apache1 40 119M 37000K sbwait 5 0:02 0.00% httpd 15176 apache1 40 119M 32660K sbwait 3 0:01 0.00% httpd 16147 apache1 40 118M 37540K sbwait 3 0:01 0.00% httpd 14624 apache1 40 118M 45248K sbwait 2 0:01 0.00% httpd 18696 apache1 40 116M 13544K sbwait 3 0:01 0.00% httpd 15694 apache1 40 118M 31304K sbwait 2 0:01 0.00% httpd 17442 apache1 40 118M 17872K sbwait 5 0:01 0.00% httpd 14621 apache1 40 117M 45496K sbwait 4 0:01 0.00% httpd 17412 apache1 40 118M 21500K sbwait 0 0:01 0.00% httpd 17504 apache1 40 118M 16052K sbwait 0 0:01 0.00% httpd 14626 apache1 40 118M 50984K sbwait 0 0:01 0.00% httpd 17448 apache1 40 119M 19772K sbwait 5 0:01 0.00% httpd 12204 apache1 40 116M 43588K sbwait 4 0:01 0.00% httpd 17560 apache1 40 118M 15300K sbwait 0 0:01 0.00% httpd 17729 apache1 40 119M 19828K sbwait 3 0:01 0.00% httpd 18017 apache1 40 119M 17808K sbwait 3 0:01 0.00% httpd 16802 apache1 40 118M 37124K sbwait 4 0:01 0.00% httpd 15640 apache1 40 118M 31864K sbwait 4 0:01 0.00% httpd 18411 apache1 40 119M 15084K sbwait 0 0:01 0.00% httpd -- Thanks! BR / vj ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Where am I wasting resources? How to fix this problem?
Hi, VeeJay-- On Apr 30, 2009, at 12:02 PM, VeeJay wrote: Guys, I am not very good on freebsd, its you guys who help me to keeping my server up... I hope you can spare a few minutes to sort this problem... last pid: 19656; load averages: 1.00, 1.00, 1.00 up 2+05:00:12 19:18:47 3049 processes:2 running, 3047 sleeping CPU: 12.5% user, 0.0% nice, 0.1% system, 0.0% interrupt, 87.4% idle Mem: 6253M Active, 3810M Inact, 921M Wired, 128K Cache, 214M Buf, 4683M Free Swap: 32G Total, 32G Free PID USERNAMETHR PRI NICE SIZERES STATE C TIME WCPU COMMAND 830 mysql 1500 440 1670M 813M ucond 1 0:00 100.00% mysqld It sure looks like you're running into a system limit with the maximum # of threads available to the mysql process. That's likely to be a consequence of some kind of query deadlock which is causing processes to get stuck and not be able to complete their work, resulting in subsequent requests also blocking until MySQL is no longer able to support more connection requests. There isn't enough information about what you're doing to really go much further-- something as simple as using MyISAM with full table- level locking versus InnoDB with row-level locking could be the problem, or you might have to take a closer look at the workload and outstanding queries. Regards, -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Where am I wasting resources? How to fix this problem?
Hi, VeeJay-- On Apr 30, 2009, at 12:02 PM, VeeJay wrote: Guys, I am not very good on freebsd, its you guys who help me to keeping my server up... I hope you can spare a few minutes to sort this problem... last pid: 19656; load averages: 1.00, 1.00, 1.00 up 2+05:00:12 19:18:47 3049 processes:2 running, 3047 sleeping CPU: 12.5% user, 0.0% nice, 0.1% system, 0.0% interrupt, 87.4% idle Mem: 6253M Active, 3810M Inact, 921M Wired, 128K Cache, 214M Buf, 4683M Free Swap: 32G Total, 32G Free PID USERNAMETHR PRI NICE SIZERES STATE C TIME WCPU COMMAND 830 mysql 1500 440 1670M 813M ucond 1 0:00 100.00% mysqld It sure looks like you're running into a system limit with the maximum # of threads available to the mysql process. That's likely to be a consequence of some kind of query deadlock which is causing processes to get stuck and not be able to complete their work, resulting in subsequent requests also blocking until MySQL is no longer able to support more connection requests. There isn't enough information about what you're doing to really go much further-- something as simple as using MyISAM with full table- level locking versus InnoDB with row-level locking could be the problem, or you might have to take a closer look at the workload and outstanding queries. Regards, -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Where am I wasting resources? How to fix this problem?
Hello guys and gurus I am keep getting this error after a while *1135: Can't create a new thread (errno 35); if you are not out of available memory, you can consult the manual for a possible OS-dependent bug* Even though, I have 16GB memory and 32GB swap. But mysqlserver stops answering. Could you please help me to fix this problem? I am running FreeBSD on a Dell PowerEdge 2950 III having 2 x CPU 3,0 GHz Intel Xeon L5450 Quad-Core 2x6MB cache WITH 16 GB RAM Here is a snapshot from using top to have a overview of system resources... last pid: 27056; load averages: 1.05, 1.04, 1.01 up 3+16:22:44 09:01:53 3038 processes:2 running, 3036 sleeping CPU: 12.4% user, 0.0% nice, 0.1% system, 0.0% interrupt, 87.4% idle Mem: 6237M Active, 4005M Inact, 925M Wired, 40K Cache, 214M Buf, 4491M Free Swap: 32G Total, 32G Free PID USERNAMETHR PRI NICE SIZERES STATE C TIME WCPU COMMAND 3010 mysql 1500 510 1643M 822M ucond 2 0:01 100.00% mysqld 27030 sshUser 1 440 16304K 8316K CPU0 0 0:01 0.39% top 26838 sshUser 1 450 26448K 2464K select 5 0:22 0.20% sshd 853 root 1 440 114M 19060K select 0 0:32 0.00% httpd 790 postfix 1 40 4600K 2120K kqread 2 0:12 0.00% qmgr 23542 apache1 40 118M 46520K sbwait 3 0:09 0.00% httpd 23420 apache1 40 118M 42340K sbwait 7 0:08 0.00% httpd 23543 apache1 40 118M 51032K sbwait 2 0:08 0.00% httpd 22853 apache1 40 118M 48384K sbwait 4 0:07 0.00% httpd 23768 apache1 40 118M 35432K sbwait 0 0:07 0.00% httpd 23748 apache1 40 118M 36560K sbwait 2 0:07 0.00% httpd 22861 apache1 40 118M 48420K sbwait 2 0:07 0.00% httpd 23618 apache1 40 117M 45696K sbwait 2 0:06 0.00% httpd 23222 apache1 40 118M 46080K sbwait 3 0:06 0.00% httpd 23700 apache1 40 118M 39572K sbwait 0 0:06 0.00% httpd 23534 apache1 40 118M 43984K sbwait 0 0:06 0.00% httpd 23439 apache1 40 118M 42980K sbwait 4 0:06 0.00% httpd 23480 apache1 40 118M 42724K sbwait 0 0:05 0.00% httpd 782 root 1 40 4604K 1552K kqread 2 0:05 0.00% master 26843 sshUser 1 440 21560K 5824K select 1 0:05 0.00% sftp-server 23066 apache1 40 118M 42328K sbwait 3 0:05 0.00% httpd 23619 apache1 40 118M 48012K sbwait 3 0:05 0.00% httpd 23224 apache1 40 118M 46436K sbwait 3 0:05 0.00% httpd 23220 apache1 40 118M 50776K sbwait 3 0:05 0.00% httpd 23176 apache1 40 118M 44956K sbwait 5 0:04 0.00% httpd 23467 apache1 40 118M 41692K sbwait 0 0:04 0.00% httpd 23294 apache1 40 116M 45552K sbwait 0 0:04 0.00% httpd 22884 apache1 40 118M 48596K sbwait 0 0:04 0.00% httpd 23214 apache1 40 118M 48508K sbwait 4 0:04 0.00% httpd 23177 apache1 40 118M 44844K sbwait 6 0:04 0.00% httpd 23278 apache1 40 117M 44812K sbwait 5 0:04 0.00% httpd 23497 apache1 40 117M 41612K sbwait 0 0:04 0.00% httpd 23477 apache1 40 118M 42332K sbwait 2 0:04 0.00% httpd 23371 apache1 40 118M 42176K sbwait 4 0:04 0.00% httpd 23563 apache1 40 118M 45096K sbwait 2 0:04 0.00% httpd 629 root 1 440 5688K 1252K select 0 0:04 0.00% syslogd 23119 apache1 40 118M 42088K sbwait 0 0:03 0.00% httpd Any help will be appreciated -- Thanks! BR / vj ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Where am I wasting resources? How to fix this problem?
Hi folks then if I check with the process: I get following output: # ps ax | grep mysqld 797 con- I 0:00.00 /bin/sh /usr/local/bin/mysqld_safe --defaults-extra-file=/var/db/mysql/my.cnf --user=mysql --datadir=/var/db/mysql --pid-file=/var/db/mysql/localhost.server1.pid 835 con- S 8:17.81 /usr/local/libexec/mysqld --defaults-extra-file=/var/db/mysql/my.cnf --basedir=/usr/local --datadir=/var/db/mysql --pid-file=/var/db/mysql/localhost.server1.pid --port=3306 -- I am running FreeBSD, Apache, MySQL on a Dell PowerEdge 2950 III having 2 x CPU 3,0 GHz Intel Xeon L5450 Quad-Core 2x6MB cache WITH 16 GB RAM Below is the output from my my.cnf, may be that can help to fix this problem: -start # The following options will be passed to all MySQL clients [client] port= 3306 socket= /tmp/mysql.sock default-character-set=utf8 # Here follows entries for some specific programs # The MySQL server [mysqld] port= 3306 socket= /tmp/mysql.sock skip-locking key_buffer = 1024M max_allowed_packet = 16M table_cache = 1024 sort_buffer_size = 3M read_buffer_size = 12M read_rnd_buffer_size = 8M myisam_sort_buffer_size = 64M user=mysql set-variable=local-infile=0 init_connect='SET collation_connection = utf8_general_ci' init_connect='SET NAMES utf8' default-character-set=utf8 character-set-server = utf8 collation-server = utf8_general_ci bind-address=127.0.0.1 skip-innodb skip-name-resolve default-storage-engine = MyISAM wait_timeout = 60 log_slow_queries = /var/db/mysql/mysqld.slow.log long_query_time=3 log-queries-not-using-indexes connect_timeout=10 join_buffer=3M max_connections = 2000 query_cache_type = 1 query_cache_limit = 2M query_cache_size = 128M skip-name-resolve thread_cache_size = 8 thread_concurrency = 8 interactive_timeout=100 join_buffer_size=2M key_buffer_size=1024M max_connect_errors=1000 ft_min_word_len=2 ft_max_word_len=15 skip-networking log-bin=mysql-bin expire_logs_days=7 server-id= 1 [mysqldump] quick max_allowed_packet = 16M [mysql] no-auto-rehash default-character-set=utf8 [isamchk] key_buffer = 256M sort_buffer_size = 256M read_buffer = 2M write_buffer = 2M [myisamchk] key_buffer = 256M sort_buffer_size = 256M read_buffer = 2M write_buffer = 2M [mysqlhotcopy] interactive-timeout -end -- Thanks! BR / vj ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Where am I wasting resources? How to fix this problem?
#define EAGAIN 35 /* Resource temporarily unavailable */ check your process count limit. On Tue, 28 Apr 2009, VeeJay wrote: Sorry Folks, I should have provided complete information in order to get help... I am running DB: Server version: 5.0.77-log FreeBSD port: mysql-server-5.0.77_1 OS: FreeBSD 7.1 And I am keep getting this error after a while *1135: Can't create a new thread (errno 35); if you are not out of available memory, you can consult the manual for a possible OS-dependent bug* Then I am unable to shutdown the server or kill the processes not even connect through mysql client... -- Thanks! BR / vj ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Where am I wasting resources? How to fix this problem?
VeeJay wrote: Thanks Wojciech How can I find out the process count limit and how can I change it? And what is the maximum limit I can give with this hardware? Hello Veejay, Add thise to your loader.conf mysql# cat /boot/loader.conf kern.maxdsiz=4096M kern.dfldsiz=2048M kern.maxssiz=1024MB and reboot the system. This should help. These are values from one my mysql boxes. It is also also in mysql notes for freebsd(see bottom) http://dev.mysql.com/doc/refman/5.1/en/freebsd.html Peter ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Where am I wasting resources? How to fix this problem?
Hello Peter Thanks... I have tried the values but even after rebooting, I am still getting the same old values as: server1# sysctl -a | grep maxdsiz compat.ia32.maxdsiz: 536870912 server1# sysctl -a | grep maxssiz compat.ia32.maxssiz: 67108864 Even I tried both methods i.e. kern.maxdsiz=4096M kern.dfldsiz=2048M kern.maxssiz=1024MB and later kern.maxdsiz=4294967296 kern.dfldsiz=2147483648 kern.maxssiz=1073741824 but still no change :( -- Thanks! BR / vj ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Where am I wasting resources? How to fix this problem?
Sorry Folks, I should have provided complete information in order to get help... I am running DB: Server version: 5.0.77-log FreeBSD port: mysql-server-5.0.77_1 OS: FreeBSD 7.1 And I am keep getting this error after a while *1135: Can't create a new thread (errno 35); if you are not out of available memory, you can consult the manual for a possible OS-dependent bug* Then I am unable to shutdown the server or kill the processes not even connect through mysql client... -- Thanks! BR / vj ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Where am I wasting resources? How to fix this problem?
[r...@wojtek ~]# sysctl -a |grep maxpr kern.maxproc: 5266 kern.maxprocperuid: 4739 i don't know if there is limit ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Where am I wasting resources? How to fix this problem?
Thanks Wojciech How can I find out the process count limit and how can I change it? And what is the maximum limit I can give with this hardware? -- Thanks! BR / vj ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Where am I wasting resources? How to fix this problem?
On Tuesday 28 April 2009 14:29:42 Wojciech Puchar wrote: [r...@wojtek ~]# sysctl -a |grep maxpr kern.maxproc: 5266 kern.maxprocperuid: 4739 i don't know if there is limit Not relevant. See pthread_create(): EAGAIN is returned for lack of kernel memory or going over PHTREAD_THREADS_MAX which is ULONG_MAX. 1500 threads isn't even close to USHORT_MAX. -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Where am I wasting resources? How to fix this problem?
On Tuesday 28 April 2009 14:21:45 VeeJay wrote: Hello Peter Thanks... I have tried the values but even after rebooting, I am still getting the same old values as: server1# sysctl -a | grep maxdsiz compat.ia32.maxdsiz: 536870912 server1# sysctl -a | grep maxssiz compat.ia32.maxssiz: 67108864 It's a kenv(1) variable. Either way I don't think it's the problem. mysqld uses 1500 threads and many apache processes waiting for mysql to reply. You should figure out why that is, cause that sounds like a query that's holding a table lock and needing to sort the intermediate result set, stalling all other queries. If you really have ~1500 connections and consider that normal operation, then you may need more kernel memory. amd64 doesn't have a process memory limit (feature or bug I'm undecided on), so you can delete those. Instead set: vm.kmem_size_max=1024M vm.kmem_size=1024M -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Where am I wasting resources? How to fix this problem?
Hej Mel Well, I have removed these values kern.maxdsiz=4096M kern.dfldsiz=2048M kern.maxssiz=1024MB and have added: vm.kmem_size_max=1024M vm.kmem_size=1024M having crossed my fingers and hoping, I don't get this error again Thanks for your help! -- Thanks! BR / vj ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Where am I? :)
[format recovered] Oliver Leitner wrote: Karol Kwiatkowski schrieb: Kövesdán Gábor wrote: I don't use any log cleaner, I triggered this accidentally. Please read the whole thread if you're interested or see this: http://www.freebsd.org/cgi/query-pr.cgi?pr=94060 Gabor Kovesdan Looks similar to this: http://lists.freebsd.org/pipermail/freebsd-questions/2004-December/068201.html Regards, Karol Well, it could have different reasons then: 1. your box has been hacked, and you have a somewhat crippled login or shell, try to replace that things with clean ones. 2. maybe there is something wrong with memory mapping, eventually diag your ram, or build a new kernel. 3. its just one of those accidently things that happen every 10 years once... Very unlikely for various reasons: - it wasn't me who reported it back then (my post was basically me too) - this is a test machine with one user, no direct connection, no daemons except secured ssh, rebuilding world every other day - the machine was running 5.x back then, now 6.1-PRERELEASE and I can reproduce this; in fact I can do that on 6.0-RELEASE, too: [the same procedure Gabor Kovesdan wrote, only it seems 'login as fake user' step is not needed] % [EMAIL PROTECTED] ssh -p 722 orchid % Password: % Last login: Sat Mar 4 12:05:43 2006 from blackacidevil.o % [...motd skiped...] % [EMAIL PROTECTED] uname -sr % FreeBSD 6.0-RELEASE-p2 % [EMAIL PROTECTED] w % 11:31AM up 11 days, 9:24, 1 user, load averages: 0.29, 0.21, 0.17 % USER TTY FROM LOGIN@ IDLE WHAT % karolp0 blackacidevil.or 11:31AM - w % [EMAIL PROTECTED] login % login: karol % Last login: Sun Mar 5 11:31:22 from blackacidevil.o % [...motd skiped...] % [EMAIL PROTECTED] w % 11:32AM up 11 days, 9:25, 1 user, load averages: 0.11, 0.17, 0.16 % USER TTY FROM LOGIN@ IDLE WHAT % karolp0 -11:32AM - w % [EMAIL PROTECTED] exit % [EMAIL PROTECTED] w % 11:32AM up 11 days, 9:25, 0 users, load averages: 0.11, 0.17, 0.16 % USER TTY FROM LOGIN@ IDLE WHAT % [EMAIL PROTECTED] Here, I disappeared from 'w's output. Root can't see me too: % [EMAIL PROTECTED] su - % Password: % orchid: Yes, Master? w % 11:35AM up 11 days, 9:28, 0 users, load averages: 0.53, 0.26, 0.19 % USER TTY FROM LOGIN@ IDLE WHAT Here's what last(1) prints: % orchid: Yes, Master? last % karolttyp0 Sun Mar 5 11:32 - 11:32 (00:00) % karolttyp0192.168.1.66 Sun Mar 5 11:31 - 11:32 (00:00) % [...] % orchid: Yes, Master? It seems login(1) simply records user logged out the moment he's logged in the second time (sorry, I'm not native English speaker ;) ) The reason I didn't send any PR back then I didn't know if it's a bug or feature. Since there was virtually no response from list I assumed it's not a bug (at least not a serious one) and I just made a personal note: don't use w(1), who(1), last(1) or /var/log/wtmp. Best regards, Karol -- Karol Kwiatkowski freebsd at orchid dot homeunix dot org GPGKey: http://www.orchid.homeunix.org/carlos/gpg/0x06E09309.asc signature.asc Description: OpenPGP digital signature
Re: Where am I? :)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 *If* this is a genuine bug in the 7.0 branch of fbsd, it would sound like a major problem to me... Have you tried to reach the developers, to tell them about the problem? Giorgos Keramidas schrieb: On 2006-03-04 23:41, Oliver Leitner [EMAIL PROTECTED] wrote: Well, it could have different reasons then: 1. your box has been hacked, and you have a somewhat crippled login or shell, try to replace that things with clean ones. 2. maybe there is something wrong with memory mapping, eventually diag your ram, or build a new kernel. 3. its just one of those accidently things that happen every 10 years once... No it's a genuine bug. I can reproduce it here too, on FreeBSD 7.0-CURRENT, using the instructions of Gabor Kovesdan, as you can see here: % [EMAIL PROTECTED]:/home/keramida$ w % 3:07AM up 1 day, 3:12, 3 users, load averages: 0.12, 0.09, 0.03 % USER TTY FROM LOGIN@ IDLE WHAT % keramida v2 - 3:07AM - w % [EMAIL PROTECTED]:/home/keramida$ tty % /dev/ttyv2 Here you can see that I'm logged in on ttyv2 (third virtual console). % [EMAIL PROTECTED]:/home/keramida$ login some_fake_user % Password: % Login incorrect % login: keramida % Last login: Sun Mar 5 03:07:27 on ttyv2 % Copyright (c) 1992-2006 The FreeBSD Project. % Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 % The Regents of the University of California. All rights reserved. % % FreeBSD 7.0-CURRENT (FLAME) #0: Fri Mar 3 20:13:02 EET 2006 % [EMAIL PROTECTED]:/home/keramida$ w % 3:07AM up 1 day, 3:13, 3 users, load averages: 0.08, 0.09, 0.03 % USER TTY FROM LOGIN@ IDLE WHAT % keramida v2 - 3:07AM - w % [EMAIL PROTECTED]:/home/keramida$ Now I'm logged in again on the same terminal, but in a nested login. % [EMAIL PROTECTED]:/home/keramida$ exit % logout % [EMAIL PROTECTED]:/home/keramida$ w % 3:07AM up 1 day, 3:13, 2 users, load averages: 0.08, 0.09, 0.03 % USER TTY FROM LOGIN@ IDLE WHAT % [EMAIL PROTECTED]:/home/keramida$ Done. I'm gone, and my login record has been wiped from wtmp. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFECt8CWvEVE8MtwbgRAkywAKCVxsVNPQeuNovGKXmSfaUS4QG4SQCeJM9D jiBcPTf4w3Gl5V02jNjTXGI= =mQZX -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Where am I? :)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Karol Kwiatkowski schrieb: [format recovered] Oliver Leitner wrote: Karol Kwiatkowski schrieb: Kövesdán Gábor wrote: I don't use any log cleaner, I triggered this accidentally. Please read the whole thread if you're interested or see this: http://www.freebsd.org/cgi/query-pr.cgi?pr=94060 Gabor Kovesdan Looks similar to this: http://lists.freebsd.org/pipermail/freebsd-questions/2004-December/068201.html Regards, Karol Well, it could have different reasons then: 1. your box has been hacked, and you have a somewhat crippled login or shell, try to replace that things with clean ones. 2. maybe there is something wrong with memory mapping, eventually diag your ram, or build a new kernel. 3. its just one of those accidently things that happen every 10 years once... Very unlikely for various reasons: - it wasn't me who reported it back then (my post was basically me too) - this is a test machine with one user, no direct connection, no daemons except secured ssh, rebuilding world every other day - the machine was running 5.x back then, now 6.1-PRERELEASE and I can reproduce this; in fact I can do that on 6.0-RELEASE, too: [the same procedure Gabor Kovesdan wrote, only it seems 'login as fake user' step is not needed] % [EMAIL PROTECTED] ssh -p 722 orchid % Password: % Last login: Sat Mar 4 12:05:43 2006 from blackacidevil.o % [...motd skiped...] % [EMAIL PROTECTED] uname -sr % FreeBSD 6.0-RELEASE-p2 % [EMAIL PROTECTED] w % 11:31AM up 11 days, 9:24, 1 user, load averages: 0.29, 0.21, 0.17 % USER TTY FROM LOGIN@ IDLE WHAT % karolp0 blackacidevil.or 11:31AM - w % [EMAIL PROTECTED] login % login: karol % Last login: Sun Mar 5 11:31:22 from blackacidevil.o % [...motd skiped...] % [EMAIL PROTECTED] w % 11:32AM up 11 days, 9:25, 1 user, load averages: 0.11, 0.17, 0.16 % USER TTY FROM LOGIN@ IDLE WHAT % karolp0 -11:32AM - w % [EMAIL PROTECTED] exit % [EMAIL PROTECTED] w % 11:32AM up 11 days, 9:25, 0 users, load averages: 0.11, 0.17, 0.16 % USER TTY FROM LOGIN@ IDLE WHAT % [EMAIL PROTECTED] Here, I disappeared from 'w's output. Root can't see me too: % [EMAIL PROTECTED] su - % Password: % orchid: Yes, Master? w % 11:35AM up 11 days, 9:28, 0 users, load averages: 0.53, 0.26, 0.19 % USER TTY FROM LOGIN@ IDLE WHAT Here's what last(1) prints: % orchid: Yes, Master? last % karolttyp0 Sun Mar 5 11:32 - 11:32 (00:00) % karolttyp0192.168.1.66 Sun Mar 5 11:31 - 11:32 (00:00) % [...] % orchid: Yes, Master? It seems login(1) simply records user logged out the moment he's logged in the second time (sorry, I'm not native English speaker ;) ) The reason I didn't send any PR back then I didn't know if it's a bug or feature. Since there was virtually no response from list I assumed it's not a bug (at least not a serious one) and I just made a personal note: don't use w(1), who(1), last(1) or /var/log/wtmp. Best regards, Karol He is still logged in, so id suggest that this is a bug -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFECuAAWvEVE8MtwbgRAuLEAJ4sQfNx8p/JaugF4YyiRPgui6WmJACeMz5a Ta8ciquZ8Vf8UTZzWTr1llk= =P5ny -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Where am I? :)
Oliver Leitner wrote: *If* this is a genuine bug in the 7.0 branch of fbsd, it would sound like a major problem to me... Have you tried to reach the developers, to tell them about the problem? I've sent a PR, but I gave you the link to that PR in one of my previous replies. Gabor Kovesdan P.S.: Please do not top-post. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
ENOUGH ALREADY!! [WAS: Re: Where am I? :)]
WHY!!! Do we have to keep seeing a dozen messages a day about this?! You found a bug. Congrats. Thanks. Report it and quit beating the dead horse. -Wayne At 05:59 AM 3/5/2006, you wrote: The reason I didn't send any PR back then I didn't know if it's a bug or feature. Since there was virtually no response from list I assumed it's not a bug (at least not a serious one) and I just made a personal ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ENOUGH ALREADY!! [WAS: Re: Where am I? :)]
Not entirely sure why you're upset about receiving too much mail on a mailing list, but I would have thought the Haven't been able to make world in about a year message from 2/21 that has continuously been diagnosed for the past few weeks would have certainly gotten to you before this one did from 3/3. Just kidding, though. :) -David On 3/5/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: WHY!!! Do we have to keep seeing a dozen messages a day about this?! You found a bug. Congrats. Thanks. Report it and quit beating the dead horse. -Wayne At 05:59 AM 3/5/2006, you wrote: The reason I didn't send any PR back then I didn't know if it's a bug or feature. Since there was virtually no response from list I assumed it's not a bug (at least not a serious one) and I just made a personal ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ENOUGH ALREADY!! [WAS: Re: Where am I? :)]
[EMAIL PROTECTED] wrote: WHY!!! Do we have to keep seeing a dozen messages a day about this?! You found a bug. Congrats. Thanks. Report it and quit beating the dead horse. -Wayne This was a discussion if it is a bug or not. Neither Karol Kwiatkowski nor me was vaunting ourselves that we found it, we wanted just investigate if it's actually a bug or the assumed behavior. It's a public list, there are a lot of topics discussed here. Maybe you find some of them irrelevant, as I do, but you have agreed to receive them when you subscribed to the list. Gabor Kovesdan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ENOUGH ALREADY!! [WAS: Re: Where am I? :)]
On 2006-03-05 16:21, K?vesd?n G?bor [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] wrote: WHY!!! Do we have to keep seeing a dozen messages a day about this?! You found a bug. Congrats. Thanks. Report it and quit beating the dead horse. Wayne, you are over-reacting. This was a discussion if it is a bug or not. Yes, and that's all. I provided with some feedback about reproducing this behavior in a recent CURRENT build. Some messages may have been duplicated, but on a mailing list with the huge traffic of freebsd-questions this is, I guess, expected... Please, everyone, let us move on to more productive discussions now :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ENOUGH ALREADY!! [WAS: Re: Where am I? :)]
At 10:28 AM 3/5/2006, you wrote: Wayne, you are over-reacting. Yeah, you're right. My bad :( I've just been deleting them, but I looked at a couple and it seemed like silly repetition from my statistically invalid sample. Sorry... -Wayne ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Where am I? :)
Giorgos Keramidas wrote: On 2006-03-04 00:44, K?vesd?n G?bor [EMAIL PROTECTED] wrote: Hello, look at this: [EMAIL PROTECTED] w 12:41AM up 82 days, 10:05, 0 users, load averages: 0.00, 0.00, 0.00 USER TTY FROM LOGIN@ IDLE WHAT [EMAIL PROTECTED] Where am I? :) I don't know exactly how it happened, but I'll investigate, I have an idea and I'll report if I find out. Some programs may tweak wtmp to `hide' users that are actively logged in. One program that I know can do this is screen(1). Hitting ``^A L'' here, between successive `w' invocations, I can see this: [EMAIL PROTECTED]:/root# w 2:04AM up 2:10, 1 user, load averages: 0.07, 0.16, 0.19 USER TTY FROM LOGIN@ IDLE WHAT [EMAIL PROTECTED]:/root# w 2:05AM up 2:11, 2 users, load averages: 0.03, 0.14, 0.17 USER TTY FROM LOGIN@ IDLE WHAT root pts/0:0:S.02:05AM - w [EMAIL PROTECTED]:/root# And what do the other logged in users see? With my method I can completely hide, nobody can see me logged in. So I think it might be an opportunity to abusing. I'll send a PR soon, I just wanted to know before if somebody already knows about this trick. Gabor Kovesdan P.S.: It happened on a RELENG_5_3 system via SSH, but I suppose it can be triggered locally. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Where am I? :)
Erik Greenwald wrote: On Sat, Mar 04, 2006 at 12:44:19AM +0100, K?vesd?n G?bor wrote: Hello, look at this: [EMAIL PROTECTED] w 12:41AM up 82 days, 10:05, 0 users, load averages: 0.00, 0.00, 0.00 USER TTY FROM LOGIN@ IDLE WHAT [EMAIL PROTECTED] Where am I? :) I don't know exactly how it happened, but I'll investigate, I have an idea and I'll report if I find out. I've seen that happen when the userland and kernel are out of sync. (not too long ago, I did a make buildworld kernel, was waiting for an opportune time to installworld, and suffered some kinda failure causing a reboot). Check the uname -a date and the date of /bin/w or something? perhaps go through a cvsup/upgrade to try to sync things up? :) No, they are in sync. :) Being out of sync for the kernel and the userland is not so common, because it derives from the forgetfullness of the administrator, but this trick can be triggered every time. Gabor Kovesdan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Where am I? :)
Mike Tancsa wrote: On Sat, 04 Mar 2006 00:44:19 +0100, in sentex.lists.freebsd.questions you wrote: Hello, look at this: [EMAIL PROTECTED] w 12:41AM up 82 days, 10:05, 0 users, load averages: 0.00, 0.00, 0.00 USER TTY FROM LOGIN@ IDLE WHAT [EMAIL PROTECTED] Where am I? :) I don't know exactly how it happened, but I'll investigate, I have an idea and I'll report if I find out. Does w -n work ? No, I get the same. Gabor Kovesdan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Where am I? :)
Kövesdán Gábor wrote: Hello, look at this: [EMAIL PROTECTED] w 12:41AM up 82 days, 10:05, 0 users, load averages: 0.00, 0.00, 0.00 USER TTY FROM LOGIN@ IDLE WHAT [EMAIL PROTECTED] Where am I? :) I don't know exactly how it happened, but I'll investigate, I have an idea and I'll report if I find out. I seem to recall a thread regarding this issue several months back. I don't know if this is the same issue or not. But in the past thread there was a discussion of 'invisible' users in certain situations. Don't know if it turned out to be a bug or a feature. Might do some good digging through the archives to see what you can find. This *is not* what I was thinking of but it is interesting: http://www.freebsd.org/cgi/getmsg.cgi?fetch=130608+133460+/usr/local/www/db/text/1996/freebsd-questions/19960915.freebsd-questions Gabor Kovesdan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Regards, Eric ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Where am I? :)
On 2006-03-04 09:00, Kovesdan Gabor [EMAIL PROTECTED] wrote: Giorgos Keramidas wrote: On 2006-03-04 00:44, Kovesdan Gabor [EMAIL PROTECTED] wrote: Hello, look at this: [EMAIL PROTECTED] w 12:41AM up 82 days, 10:05, 0 users, load averages: 0.00, 0.00, 0.00 USER TTY FROM LOGIN@ IDLE WHAT [EMAIL PROTECTED] Where am I? :) I don't know exactly how it happened, but I'll investigate, I have an idea and I'll report if I find out. Some programs may tweak wtmp to `hide' users that are actively logged in. One program that I know can do this is screen(1). Hitting ``^A L'' here, between successive `w' invocations, I can see this: [EMAIL PROTECTED]:/root# w 2:04AM up 2:10, 1 user, load averages: 0.07, 0.16, 0.19 USER TTY FROM LOGIN@ IDLE WHAT [EMAIL PROTECTED]:/root# w 2:05AM up 2:11, 2 users, load averages: 0.03, 0.14, 0.17 USER TTY FROM LOGIN@ IDLE WHAT root pts/0:0:S.02:05AM - w [EMAIL PROTECTED]:/root# And what do the other logged in users see? Only what `w' can see too. With my method I can completely hide, nobody can see me logged in. What is your method? I haven't seen any description of how *you* ended up not being logged in. Are you using screen(1) or another program that tweaks /var/log/wtmp? Which program? Have you found out why your login seems record in wtmp was marked as logged out? So I think it might be an opportunity to abusing. I'll send a PR soon, I just wanted to know before if somebody already knows about this trick. I don't think this is a bug. The permissions of ``/var/log/wtmp'' are: $ ls -ld /var/log/wtmp -rw-r--r-- 1 root wheel - 8052 Mar 4 16:51 /var/log/wtmp What a bug about this would report is that set-user-id programs, like screen(1), can do all sorts of nasty things if abused. This isn't exactly a bug, but common knowledge. - Giorgos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Where am I? :)
Giorgos Keramidas wrote: On 2006-03-04 09:00, Kovesdan Gabor [EMAIL PROTECTED] wrote: Giorgos Keramidas wrote: On 2006-03-04 00:44, Kovesdan Gabor [EMAIL PROTECTED] wrote: Hello, look at this: [EMAIL PROTECTED] w 12:41AM up 82 days, 10:05, 0 users, load averages: 0.00, 0.00, 0.00 USER TTY FROM LOGIN@ IDLE WHAT [EMAIL PROTECTED] Where am I? :) I don't know exactly how it happened, but I'll investigate, I have an idea and I'll report if I find out. Some programs may tweak wtmp to `hide' users that are actively logged in. One program that I know can do this is screen(1). Hitting ``^A L'' here, between successive `w' invocations, I can see this: [EMAIL PROTECTED]:/root# w 2:04AM up 2:10, 1 user, load averages: 0.07, 0.16, 0.19 USER TTY FROM LOGIN@ IDLE WHAT [EMAIL PROTECTED]:/root# w 2:05AM up 2:11, 2 users, load averages: 0.03, 0.14, 0.17 USER TTY FROM LOGIN@ IDLE WHAT root pts/0:0:S.02:05AM - w [EMAIL PROTECTED]:/root# And what do the other logged in users see? Only what `w' can see too. With my method I can completely hide, nobody can see me logged in. What is your method? I haven't seen any description of how *you* ended up not being logged in. Are you using screen(1) or another program that tweaks /var/log/wtmp? Which program? Have you found out why your login seems record in wtmp was marked as logged out? Here's my method: http://www.freebsd.org/cgi/query-pr.cgi?pr=94060 So I think it might be an opportunity to abusing. I'll send a PR soon, I just wanted to know before if somebody already knows about this trick. I don't think this is a bug. The permissions of ``/var/log/wtmp'' are: $ ls -ld /var/log/wtmp -rw-r--r-- 1 root wheel - 8052 Mar 4 16:51 /var/log/wtmp What a bug about this would report is that set-user-id programs, like screen(1), can do all sorts of nasty things if abused. This isn't exactly a bug, but common knowledge. - Giorgos /bin/login is suid, too. Can't screen and login be modified somehow to take care of this issue? Gabor Kovesdan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Where am I? :)
On 2006-03-04 16:56, Kovesdan Gabor [EMAIL PROTECTED] wrote: Giorgos Keramidas wrote: What is your method? I haven't seen any description of how *you* ended up not being logged in. Are you using screen(1) or another program that tweaks /var/log/wtmp? Which program? Have you found out why your login seems record in wtmp was marked as logged out? Here's my method: http://www.freebsd.org/cgi/query-pr.cgi?pr=94060 Ah, I see now. Thanks :) What a bug about this would report is that set-user-id programs, like screen(1), can do all sorts of nasty things if abused. This isn't exactly a bug, but common knowledge. /bin/login is suid, too. Can't screen and login be modified somehow to take care of this issue? login is part of the base system so it should be fixed, if possible. `screen' is a thirdparty program and the feature *is* deliberate, but I think it can be disabled by running screen as non-suid root. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Where am I? :)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Big one, so you know howto use a log cleaner. am i am the only one that is not impressed? btw, did you actually realize, that log cleaner wont clean the history file? just a suggestion... Kövesdán Gábor schrieb: Hello, look at this: [EMAIL PROTECTED] w 12:41AM up 82 days, 10:05, 0 users, load averages: 0.00, 0.00, 0.00 USER TTY FROM LOGIN@ IDLE WHAT [EMAIL PROTECTED] Where am I? :) I don't know exactly how it happened, but I'll investigate, I have an idea and I'll report if I find out. Gabor Kovesdan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFECgWwWvEVE8MtwbgRAjuyAJ0elWznHcoynRn3uVxIX+Hz1hvuYQCfVKlm /0PIp0qp4iilRHevAyFUU3U= =aeud -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Where am I? :)
Oliver Leitner wrote: Big one, so you know howto use a log cleaner. am i am the only one that is not impressed? btw, did you actually realize, that log cleaner wont clean the history file? just a suggestion... I don't use any log cleaner, I triggered this accidentally. Please read the whole thread if you're interested or see this: http://www.freebsd.org/cgi/query-pr.cgi?pr=94060 Gabor Kovesdan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Where am I? :)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yea... Right... well, however... log out and log back in, it should start the logs again. in case you really dropped it accidently, look if the system logging daemon is running. Kövesdán Gábor schrieb: Oliver Leitner wrote: Big one, so you know howto use a log cleaner. am i am the only one that is not impressed? btw, did you actually realize, that log cleaner wont clean the history file? just a suggestion... I don't use any log cleaner, I triggered this accidentally. Please read the whole thread if you're interested or see this: http://www.freebsd.org/cgi/query-pr.cgi?pr=94060 Gabor Kovesdan -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFEChFhWvEVE8MtwbgRArAGAJwOnNI2RwZ6zq2EC8v2bz+eJ5F5vACfUuap 7mbdrC5vWV/ILQbhp1PBzzM= =tJyb -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Where am I? :)
Oliver Leitner wrote: Yea... Right... well, however... log out and log back in, it should start the logs again. in case you really dropped it accidently, look if the system logging daemon is running. Yes, of course it is running. Logging out and logging in solves this issue, but the point is here that even a single user without root acces can be hiding. He can do anything and nobody will notice that he is even loggod in. We discussed in the list that /var/log/wtmp helds the login states and only suid programs can access it, e.g. screen or login. As for login, it will be fixed if possible since it is in the base system. Gabor Kovesdan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Where am I? :)
Kövesdán Gábor wrote: I don't use any log cleaner, I triggered this accidentally. Please read the whole thread if you're interested or see this: http://www.freebsd.org/cgi/query-pr.cgi?pr=94060 Gabor Kovesdan Looks similar to this: http://lists.freebsd.org/pipermail/freebsd-questions/2004-December/068201.html Regards, Karol -- Karol Kwiatkowski freebsd at orchid dot homeunix dot org GPGKey: http://www.orchid.homeunix.org/carlos/gpg/0x06E09309.asc signature.asc Description: OpenPGP digital signature
Re: Where am I? :)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Well, it could have different reasons then: 1. your box has been hacked, and you have a somewhat crippled login or shell, try to replace that things with clean ones. 2. maybe there is something wrong with memory mapping, eventually diag your ram, or build a new kernel. 3. its just one of those accidently things that happen every 10 years once... Karol Kwiatkowski schrieb: Kövesdán Gábor wrote: I don't use any log cleaner, I triggered this accidentally. Please read the whole thread if you're interested or see this: http://www.freebsd.org/cgi/query-pr.cgi?pr=94060 Gabor Kovesdan Looks similar to this: http://lists.freebsd.org/pipermail/freebsd-questions/2004-December/068201.html Regards, Karol -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFECheUWvEVE8MtwbgRAjiPAJ99pScZphH029dzwLoxU1UiBX1KygCfX79s TeoN/020yEHS9efy2ZDTdz8= =tlxX -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Where am I? :)
Oliver Leitner wrote: Well, it could have different reasons then: 1. your box has been hacked, and you have a somewhat crippled login or shell, try to replace that things with clean ones. 2. maybe there is something wrong with memory mapping, eventually diag your ram, or build a new kernel. 3. its just one of those accidently things that happen every 10 years once... 4, It is just a bug in login, or it is the normail behavior. :) As for the first and second assumption, I can guarantee they are wrong. I do a lot of effort to keep the machine secure. As for the second one, this machine has a quite big uptime: 11:44PM up 83 days, 9:09, 1 user, load averages: 0.04, 0.05, 0.01 It has been running for 83 days without any deficiency. Gabor Kovesdan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Where am I? :)
On 2006-03-04 23:41, Oliver Leitner [EMAIL PROTECTED] wrote: Well, it could have different reasons then: 1. your box has been hacked, and you have a somewhat crippled login or shell, try to replace that things with clean ones. 2. maybe there is something wrong with memory mapping, eventually diag your ram, or build a new kernel. 3. its just one of those accidently things that happen every 10 years once... No it's a genuine bug. I can reproduce it here too, on FreeBSD 7.0-CURRENT, using the instructions of Gabor Kovesdan, as you can see here: % [EMAIL PROTECTED]:/home/keramida$ w % 3:07AM up 1 day, 3:12, 3 users, load averages: 0.12, 0.09, 0.03 % USER TTY FROM LOGIN@ IDLE WHAT % keramida v2 - 3:07AM - w % [EMAIL PROTECTED]:/home/keramida$ tty % /dev/ttyv2 Here you can see that I'm logged in on ttyv2 (third virtual console). % [EMAIL PROTECTED]:/home/keramida$ login some_fake_user % Password: % Login incorrect % login: keramida % Last login: Sun Mar 5 03:07:27 on ttyv2 % Copyright (c) 1992-2006 The FreeBSD Project. % Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 % The Regents of the University of California. All rights reserved. % % FreeBSD 7.0-CURRENT (FLAME) #0: Fri Mar 3 20:13:02 EET 2006 % [EMAIL PROTECTED]:/home/keramida$ w % 3:07AM up 1 day, 3:13, 3 users, load averages: 0.08, 0.09, 0.03 % USER TTY FROM LOGIN@ IDLE WHAT % keramida v2 - 3:07AM - w % [EMAIL PROTECTED]:/home/keramida$ Now I'm logged in again on the same terminal, but in a nested login. % [EMAIL PROTECTED]:/home/keramida$ exit % logout % [EMAIL PROTECTED]:/home/keramida$ w % 3:07AM up 1 day, 3:13, 2 users, load averages: 0.08, 0.09, 0.03 % USER TTY FROM LOGIN@ IDLE WHAT % [EMAIL PROTECTED]:/home/keramida$ Done. I'm gone, and my login record has been wiped from wtmp. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Where am I? :)
Hello, look at this: [EMAIL PROTECTED] w 12:41AM up 82 days, 10:05, 0 users, load averages: 0.00, 0.00, 0.00 USER TTY FROM LOGIN@ IDLE WHAT [EMAIL PROTECTED] Where am I? :) I don't know exactly how it happened, but I'll investigate, I have an idea and I'll report if I find out. Gabor Kovesdan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Where am I? :)
On 2006-03-04 00:44, K?vesd?n G?bor [EMAIL PROTECTED] wrote: Hello, look at this: [EMAIL PROTECTED] w 12:41AM up 82 days, 10:05, 0 users, load averages: 0.00, 0.00, 0.00 USER TTY FROM LOGIN@ IDLE WHAT [EMAIL PROTECTED] Where am I? :) I don't know exactly how it happened, but I'll investigate, I have an idea and I'll report if I find out. Some programs may tweak wtmp to `hide' users that are actively logged in. One program that I know can do this is screen(1). Hitting ``^A L'' here, between successive `w' invocations, I can see this: [EMAIL PROTECTED]:/root# w 2:04AM up 2:10, 1 user, load averages: 0.07, 0.16, 0.19 USER TTY FROM LOGIN@ IDLE WHAT [EMAIL PROTECTED]:/root# w 2:05AM up 2:11, 2 users, load averages: 0.03, 0.14, 0.17 USER TTY FROM LOGIN@ IDLE WHAT root pts/0:0:S.02:05AM - w [EMAIL PROTECTED]:/root# ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Where am I? :)
On Sat, Mar 04, 2006 at 12:44:19AM +0100, K?vesd?n G?bor wrote: Hello, look at this: [EMAIL PROTECTED] w 12:41AM up 82 days, 10:05, 0 users, load averages: 0.00, 0.00, 0.00 USER TTY FROM LOGIN@ IDLE WHAT [EMAIL PROTECTED] Where am I? :) I don't know exactly how it happened, but I'll investigate, I have an idea and I'll report if I find out. I've seen that happen when the userland and kernel are out of sync. (not too long ago, I did a make buildworld kernel, was waiting for an opportune time to installworld, and suffered some kinda failure causing a reboot). Check the uname -a date and the date of /bin/w or something? perhaps go through a cvsup/upgrade to try to sync things up? :) Gabor Kovesdan -- -Erik [EMAIL PROTECTED] [http://math.smsu.edu/~erik] The opinions expressed by me are not necessarily opinions. In all probability, they are random rambling, and to be ignored. Failure to ignore may result in severe boredom or confusion. Shake well before opening. Keep Refrigerated. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Where am I? :)
On Sat, 04 Mar 2006 00:44:19 +0100, in sentex.lists.freebsd.questions you wrote: Hello, look at this: [EMAIL PROTECTED] w 12:41AM up 82 days, 10:05, 0 users, load averages: 0.00, 0.00, 0.00 USER TTY FROM LOGIN@ IDLE WHAT [EMAIL PROTECTED] Where am I? :) I don't know exactly how it happened, but I'll investigate, I have an idea and I'll report if I find out. Does w -n work ? ---Mike Mike Tancsa, Sentex communications http://www.sentex.net Providing Internet Access since 1994 [EMAIL PROTECTED], (http://www.tancsa.com) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
set-uid bit: where am I going wrong?
I'm trying to use a script I wrote to copy files from one directory to another (as part of my backup regime). Unfortunately, because they are in my webserver directory, some of the files don't belong to the user that I run the script as (via cron). I can run the script with sudo, so I know that it's a permission problem. My initial thought is that I can use the set-uid bit and chown the script to root, but this still balks. Here is the relevant output of ls -l. -rwsr-xr-x 1 root admin 283 Nov 23 15:58 buprep.yuri Clearly the file is owned by root, and I kept it as part of my group. I've read the man pages, and believe that when I call the script, it will assume root's permissions. It doesn't, so where am I going wrong? Thanks, Tim -- [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: set-uid bit: where am I going wrong?
On Apr 11, 2005 2:51 PM, Tim Stephens [EMAIL PROTECTED] wrote: Clearly the file is owned by root, and I kept it as part of my group. I've read the man pages, and believe that when I call the script, it will assume root's permissions. It doesn't, so where am I going wrong? FreeBSD does not support setuid scripts. They are inherently insecure. You have some options though to your problem. You could run the script directly as root, which is what you are trying to do. Or you could write a wrapper round your script, which may seem like overkill. Given that you trust your script enough to try to run it setuid, I would go for the first option. Make sure the script cannot be altered by anyone other than root, then run it as root. Thanks, Tim Frem. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: set-uid bit: where am I going wrong?
Tim Stephens [EMAIL PROTECTED] writes: I'm trying to use a script I wrote to copy files from one directory to another (as part of my backup regime). Unfortunately, because they are in my webserver directory, some of the files don't belong to the user that I run the script as (via cron). I can run the script with sudo, so I know that it's a permission problem. My initial thought is that I can use the set-uid bit and chown the script to root, but this still balks. Here is the relevant output of ls -l. -rwsr-xr-x 1 root admin 283 Nov 23 15:58 buprep.yuri Clearly the file is owned by root, and I kept it as part of my group. I've read the man pages, and believe that when I call the script, it will assume root's permissions. It doesn't, so where am I going wrong? The kernel ignores the setuid bit on interpreted files, for security reasons. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: where am I supposed to put my rc.firewall?
On Friday 30 January 2004 11:02 pm, JJB wrote: How can it cause connections problems, you have never used it yet, so how can you say that. I HAVE used it, and it is cause, primarily, DNS request problems. DNS queries don't seem to have the ability to forward to other servers. Yes the rule set you posted is wide open. You could remove rule 200 300, pretty meaningless in an wide open config. The wide-open config is a start. I want to start with a working connection, and move to adding deny rules from there. Thanks for the reply! -- Eric F Crist AdTech Integrated Systems, Inc (612) 998-3588 pgp0.pgp Description: signature
Re: where am I supposed to put my rc.firewall?
On Fri, 30 Jan 2004 19:47:47 -0600 Eric F Crist [EMAIL PROTECTED] wrote: On Friday 30 January 2004 06:54 pm, Chuck Swiger wrote: Eric F Crist wrote: I'm trying to add IPFW support. Where do I put my rc.firewall so that it gets read at boot time? I've tried /usr/local/etc/rc.d and /etc but neither seems to get read. Specify the location of your firewall script in /etc/rc.conf like so: firewall_enable='YES' firewall_type='/etc/ERICS_firewall' firewall_flags='-p /usr/bin/cpp' [ You might choose to use some other preprocessor... ] Well, here's what I have now. I have a file in /etc called grog.firewall. It's contents are: grog# more grog.firewall ipfw -f flush ipfw add 100 pass all from any to any via lo0 ipfw add 200 deny all from any to 127.0.0.0/8 ipfw add 300 deny ip from 127.0.0.0/8 to any ipfw add 600 allow all from any to any In my /etc/rc.conf file, I have the following two entries pertaining to the firewall: firewall_enable=YES firewall_type=/etc/grog.firewall Add this to your rc.conf: (instead of firewall_type=...): firewall_script=/etc/grog.firewall See /etc/defaults/rc.conf ! ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: where am I supposed to put my rc.firewall?
Peder Blom wrote: [ ... ] Add this to your rc.conf: (instead of firewall_type=...): firewall_script=/etc/grog.firewall See /etc/defaults/rc.conf ! While I won't speak against looking at /etc/defaults/rc.conf, setting firewall_type works fine; see the end of /etc/rc.firewall: *) if [ -r ${firewall_type} ]; then ${fwcmd} ${firewall_flags} ${firewall_type} fi ;; -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: where am I supposed to put my rc.firewall?
On Sat, 31 Jan 2004 10:50:19 -0500 Chuck Swiger [EMAIL PROTECTED] wrote: Peder Blom wrote: [ ... ] Add this to your rc.conf: (instead of firewall_type=...): firewall_script=/etc/grog.firewall See /etc/defaults/rc.conf ! While I won't speak against looking at /etc/defaults/rc.conf, setting firewall_type works fine; see the end of /etc/rc.firewall: *) if [ -r ${firewall_type} ]; then ${fwcmd} ${firewall_flags} ${firewall_type} fi ;; -- -Chuck ___ Yes, that's the other way of doing it. The mentioning of scripts and the fact that his file was in the form of a script made me assume that he wanted to write his own script for setting up his firewall. On second thought I realize that he might just as well want to do it your way and define a set of rules to be read in by rc.firewall. (This might even be the best solution). I've never done it this way, but in this case I assume that you just define the rules in '/etc/ERICS_firewall', thus: -- add 100 pass all from any to any via lo0 add 200 deny all from any to 127.0.0.0/8 add 300 deny ip from 127.0.0.0/8 to any add 600 allow all from any to any -- Using your suggestions for rc.conf, of course. Is this correct? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: where am I supposed to put my rc.firewall?
Peder Blom wrote: I've never done it this way, but in this case I assume that you just define the rules in '/etc/ERICS_firewall', thus: -- add 100 pass all from any to any via lo0 add 200 deny all from any to 127.0.0.0/8 add 300 deny ip from 127.0.0.0/8 to any add 600 allow all from any to any -- Using your suggestions for rc.conf, of course. Is this correct? Exactly. And then you add a preprocessor like cpp, and you can define: # set these to your inside interface network and netmask and ip #define IIF fxp0 #define INET 10.1.1.0/24 #define IIP 10.1.1.1 [ ...OIF info snipped... ] # port number ranges #define LOPORTS 1-1023 #define HIPORTS 1024-65535 # basic stuff add 100 pass all from any to any via lo0 add deny all from any to 127.0.0.0/8 add deny ip from 127.0.0.0/8 to any add deny all from INET to any in via OIF add deny all from ONET to any in via IIF ...and go from there. -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: where am I supposed to put my rc.firewall?
Jack L. Stone wrote: At 02:04 PM 1.31.2004 -0500, Chuck Swiger wrote: # set these to your inside interface network and netmask and ip #define IIF fxp0 #define INET 10.1.1.0/24 #define IIP 10.1.1.1 [ ...OIF info snipped... ] # port number ranges #define LOPORTS 1-1023 #define HIPORTS 1024-65535 A simple example would be: # dynamic rules add check-state # permit some services inbound... add pass tcp from any HIPORTS to INET 22,80,143,443,993,3128 setup keep-state # ...but block most other services (ie, ones with root privs) add deny tcp from any to INET LOPORTS For a more complicated example, where PI is a mailserver which performs virus scanning and spamfiltering, PONG is an internal reader box: INET --- [FW1] --DMZ + Mailserver PI-- [FW2] --Internal subnet + PONG # on FW1: add pass tcp from PI HIPORTS to any 25 add pass tcp from any 25 to PI HIPORTS established add pass tcp from any HIPORTS to PI 25 add pass tcp from PI 25 to OIP HIPORTS established add unreach filter-prohib log tcp from any to INET 25 # on FW2: # permit SMTP exchange between pi and pong/fw add pass tcp from PI HIPORTS to PONG 25 add pass tcp from PONG 25 to PI HIPORTS established add pass tcp from PONG HIPORTS to PI 25 add pass tcp from PI 25 to PONG HIPORTS established [ ... ] # track SMTP from inside to outside and block SMTP from outside add pass log logamount 20 tcp from INET HIPORTS to any 25 setup add pass tcp from INET HIPORTS to any 25 established add pass tcp from any 25 to INET HIPORTS established -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
where am I supposed to put my rc.firewall?
Hello all, I'm trying to add IPFW support. Where do I put my rc.firewall so that it gets read at boot time? I've tried /usr/local/etc/rc.d and /etc but neither seems to get read. TIA -- Eric F Crist AdTech Integrated Systems, Inc (612) 998-3588 pgp0.pgp Description: signature
Re: where am I supposed to put my rc.firewall?
Eric F Crist wrote: I'm trying to add IPFW support. Where do I put my rc.firewall so that it gets read at boot time? I've tried /usr/local/etc/rc.d and /etc but neither seems to get read. Specify the location of your firewall script in /etc/rc.conf like so: firewall_enable='YES' firewall_type='/etc/ERICS_firewall' firewall_flags='-p /usr/bin/cpp' [ You might choose to use some other preprocessor... ] -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: where am I supposed to put my rc.firewall?
On Friday 30 January 2004 06:54 pm, Chuck Swiger wrote: Eric F Crist wrote: I'm trying to add IPFW support. Where do I put my rc.firewall so that it gets read at boot time? I've tried /usr/local/etc/rc.d and /etc but neither seems to get read. Specify the location of your firewall script in /etc/rc.conf like so: firewall_enable='YES' firewall_type='/etc/ERICS_firewall' firewall_flags='-p /usr/bin/cpp' [ You might choose to use some other preprocessor... ] Well, here's what I have now. I have a file in /etc called grog.firewall. It's contents are: grog# more grog.firewall ipfw -f flush ipfw add 100 pass all from any to any via lo0 ipfw add 200 deny all from any to 127.0.0.0/8 ipfw add 300 deny ip from 127.0.0.0/8 to any ipfw add 600 allow all from any to any In my /etc/rc.conf file, I have the following two entries pertaining to the firewall: firewall_enable=YES firewall_type=/etc/grog.firewall Now, this is a headless system, so I access it through the serial port. I don't see any errors anywhere, but my ipfw show command, immediately after boot, shows: 65535 481 38684 deny ip from any to any What have I done wrong? -- Eric F Crist AdTech Integrated Systems, Inc (612) 998-3588 pgp0.pgp Description: signature
Re: where am I supposed to put my rc.firewall?
On Friday 30 January 2004 09:34 pm, JJB wrote: firewall_type=/etc/grog.firewall is wrong, replace it with firewall_srcipt='/etc/grog.firewall ' -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Eric F Crist Sent: Friday, January 30, 2004 8:48 PM To: Chuck Swiger Cc: [EMAIL PROTECTED] Subject: Re: where am I supposed to put my rc.firewall? On Friday 30 January 2004 06:54 pm, Chuck Swiger wrote: Eric F Crist wrote: I'm trying to add IPFW support. Where do I put my rc.firewall so that it gets read at boot time? I've tried /usr/local/etc/rc.d and /etc but neither seems to get read. Specify the location of your firewall script in /etc/rc.conf like so: firewall_enable='YES' firewall_type='/etc/ERICS_firewall' firewall_flags='-p /usr/bin/cpp' [ You might choose to use some other preprocessor... ] Well, here's what I have now. I have a file in /etc called grog.firewall. It's contents are: grog# more grog.firewall ipfw -f flush ipfw add 100 pass all from any to any via lo0 ipfw add 200 deny all from any to 127.0.0.0/8 ipfw add 300 deny ip from 127.0.0.0/8 to any ipfw add 600 allow all from any to any In my /etc/rc.conf file, I have the following two entries pertaining to the firewall: firewall_enable=YES firewall_type=/etc/grog.firewall Now, this is a headless system, so I access it through the serial port. I don't see any errors anywhere, but my ipfw show command, immediately after boot, shows: 65535 481 38684 deny ip from any to any What have I done wrong? -- Eric F Crist AdTech Integrated Systems, Inc (612) 998-3588 Ok, I'll change that. This script still seems to cause connection problems. Which rules do I need to change? This should be a wide-open firewall script, right? TIA -- Eric F Crist AdTech Integrated Systems, Inc (612) 998-3588 pgp0.pgp Description: signature