Re: Should IPFilter be pulled from FreeBSD as well
Greg Lehey schrieb: [Format recovered--see http://www.lemis.com/email/email-format.html] This message contained so many replies in different directions that I'm not sure I have restored the correct sequence. On Wednesday, 30 May 2001 at 18:04:04 +0200, Christoph Sold wrote: Thomas T. Veldhouse schrieb: On Wednesday, May 30, 2001 9:39 AM, Valeriy E. Ushakov [EMAIL PROTECTED] wrote: On Wed, May 30, 2001 at 09:15:50 -0500, Thomas T. Veldhouse wrote: It is being pulled from OpenBSD for what seems like a pretty good reason to me. Please, see this message from Darren to NetBSD's current-users. http://mail-index.netbsd.org/current-users/2001/05/30/0004.html I have cleared this up with [EMAIL PROTECTED] and whilst they appear to be happy that any problems have been resolved, another effort is required so that [EMAIL PROTECTED] can convey this to NetBSD users in a meaningful way. A similar message will also be sent to the FreeBSD people as I've also been working with [EMAIL PROTECTED] to resolve any issues they had. Nothing in that article has convinced me that FreeBSD developers can change the source at their will and distribute it -- according to the IPFilter licence. That right should be implicit in ALL FreeBSD system level source code. I disagree. IPF is part of the ports. Since we accept other beasts (even without source code access like netscape 4.x) to lurk in there. Thus, having ipf in FreeBSD ports does in no way conflict with the license of the base system. I'm not sure which system you're talking about here. We call it IPFILTER in FreeBSD, and it's in the kernel source tree. If the worst comes to the worst, we can move it to the ports, where you would be correct, but I'm personally confident that we'll come to a clarification which will leave it where it is. Greg is right, I stand corrected. Sorry about the confusion. -Christoph Sold To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
Re: 'xl'+DP83840 broken?
Hello, I guess see PR kern/27722 on www.freebsd.org Bingo! Thanks a lot, Wilko. Since I'm tracking STABLE, I replaced revision 1.2.2.3 of nsphy.c (which was merged from current on May 14th) with 1.2.2.2 from W.Paul. This solved all my problems! IMHO the new nsphy.c has nothing to do with anything called STABLE, (BTW: it killed the connected switchport after some time - nothing that I like :-( ). And it doesn't help to fix problems with 'fxp' while breaking 'xl'. This MFC should be withdrawn. Thanks a lot again and... Ciao/BSD - Matthias To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
Re: Kernel Fails to Boot. Errors out On MySQL
Doug Barton wrote: Once the system comes up multiuser, diagnose and fix mysql problems. For future reference, ALWAYS disable startup scripts for third party stuff before _starting_ the upgrade. This is especially true for remote upgrades. The pity moment is that init(8) logic is absolutely inconsistent: it doesn't allow local logins before /etc/rc terminates, and even doesn't allow reboot via ctrl-alt-del before /etc/rc terminates. If system hangs during boot scripts, the only way to unhang it locally is to press reset. (Using debugger is not considered.) Does anybody think for cured init? (Really, question not for -stable) /netch To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
ATA questions
I have several questions about ATA interface: * Are there any plans to MFC atacontrol into -stable? It would be really great to allow to set various PIO/DMA modes in -stable. * Is there any work or are there any plans to change write-cache and queue-tagging settings from global to per-drive? We have a mix of drives (Maxtor/IBM) in one box and it would be good to see write-cache and queue-tagging enabled for IBM drive and both disabled for Maxtor drive. * Is there any way to change transfer mode for ZIP drive from PIO0 to PIO4 in -stable? Thanks. -- Rudolf Cejka ([EMAIL PROTECTED]; http://www.fee.vutbr.cz/~cejkar) Brno University of Technology, Faculty of El. Engineering and Comp. Science Bozetechova 2, 612 66 Brno, Czech Republic To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
Re: Possible Install bug for the following hardware in FreeBSD Stable (4.3)
On Wed, 30 May 2001, Darian Lanx wrote: Hello list. After debugging this with a few friends who are by far more experience din freebsd than I am, I have been asked to report the following strange behaviour to this list He asked me to be specific, so I am going to provide a much information as I can. The hardware used is as follows: ASUS CUSL Motherboard 2 Hard drives On the primary Master a Maxtor 53073U6 30736 MB ioctl (I am in linux) reports the following geometry for it: geometry = 3736/255/63, sectors = 60030432, start = 0 The second hard drive on the secondary Master channel is a IBM DTLA-307030 also 30736 MB. ioctl reports the following geometry for this drive: geometry = 3737/255/63, sectors = 60036480, start = 0 I have downloaded the 4.3 boot floppies from ftp.at.freebsd.org and then booted my system. After entering the installer friend told me to press scroll lock and scroll up to see the actual output of the Kernel. The output for the drives reads as follows: ad0 2014 MB Maxtor 53073U6 [4092/16/63] at at-0-master UDMA66 I had this problem after I enabled the '4092-cylinder limit' jumper on my Maxtor drive, because my BIOS (at that point) hung with a drive over 4092 cylinders. I flashed the BIOS afterwards, but forgot about the jumper, because windows/linux both (somehow) saw the full geometry of the drive. FreeBSD only saw 2014MB until I removed the jumper. Perhaps your drive has a similar jumper? check the manual. ad2 29314 MB IBM DTLA-307030 [5956/16/63 at at-1-master UDMA100 29314 * 1024 * 1024 bytes (i.e. 2914 megabytes) == 30736 * 1000 * 1000 bytes (i.e. 2914 million bytes) Its something harddrive manufacturers do to make their drives look bigger... -- David Taylor [EMAIL PROTECTED] PGP signature
remounts (was: Re: adding noschg to ssh and friends)
Karsten W. Rohrbach [EMAIL PROTECTED] wrote: there are some real high-impact tweaks to be a little bit safer from rootkits. one of them is mounting /tmp noexec. drawback: you got to remount it exec for make installworld. I always wondered... Why are remounts permitted in all securelevels? I mean, in a locked-down system where it's acceptable to force a reboot in order to upgrade (or run a rootkit), I should be able to enforce read-only mounts. Currently anyone (well, root) can just mount -u -w them. Is this an implementation problem in mount(2)? (I haven't looked at the code). Or is this going to break things for people (amd? in high securelevels?). What am I missing? To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
encryption
I recently installed 4.3 on a new box but it now seems that it is using md5 encryption instead of des, Is there an easy way to change this so when I move the password file off of the old machine that it will recognize the des passwords? -- --- Willie Bollinger, ABSnet Internet Service Voice 410-361-8160 E-Mail [EMAIL PROTECTED] http://www.abs.net --- To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
Re: encryption
On Thu, May 31, 2001 at 08:59:21AM -0400, Willie Bollinger wrote: I recently installed 4.3 on a new box but it now seems that it is using md5 encryption instead of des, Is there an easy way to change this so when I move the password file off of the old machine that it will recognize the des passwords? It should just work - it can tell from the format of the password entry what type of password to use. David. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
Re: Should IPFilter be pulled from FreeBSD as well
In message [EMAIL PROTECTED], dive writes: I don't know if its my particular setup that makes ipnat faster, or just the fact that with ipnat the NAT is done in the kernel not in a daemon - I haven't tested ipnat vs. natd on any other setup yet since I just started using ipnat. It's been my experience that ipnat is easier to setup than natd when redirecting ingress packets to specific ports. Performance-wise, I would think that ipnat would be faster, as packets don't have to get shuffled through a userland process, they just stay in the kernel. Natd on the other hand is more flexible because filtering can be done before NAT. IMO IPFW/natd and IPF/IPNAT are two different tools with ever so slightly different applications. Thats the beauty of FreeBSD: You have a choice of which tools in the FreeBSD toolbox you want to use to solve any particular problem. The fact that IP Filter lives in the contrib directory, just like all of the GPLed applications do, allows FreeBSD Inc. to keep truly base system code separate from contributed base code that does not integrate that well for various reasons (one reason being licensing). My vote is to keep IP Filter in the base system and failing that keep it as a port. As IP Filter does touch some code in /usr/sys, installing IP Filter separately can potentially break buildworld. Moving IP Filter to ports would increase the likelihood of consistent breakage when IP Filter is installed. As it stands now, with IP Filter in contrib and integrated into the system buildworld works and can be made to work by replacing contrib/ipfilter with the latest IP Filter and building world. This is very handy when maintaining multiple machines at separate customer sites where NFS and FTP of /usr/obj are not an option. Regards, Phone: (250)387-8437 Cy SchubertFax: (250)387-5766 Team Leader, Sun/Alpha Team Internet: [EMAIL PROTECTED] Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
Re: adding noschg to ssh and friends
On 30-May-2001, Karsten W. Rohrbach wrote: there are some real high-impact tweaks to be a little bit safer from rootkits. one of them is mounting /tmp noexec. drawback: you got to remount it exec for make installworld. An alternate approach (which I use) is: # make TMPDIR=/some/other/dir installworld -- |David McNett |To ensure privacy and data integrity this message has| |[EMAIL PROTECTED]|been encrypted using dual rounds of ROT-13 encryption| |Austin, TX USA|Please encrypt all important correspondence with PGP!| PGP signature
Re: Should IPFilter be pulled from FreeBSD as well
It is being pulled from OpenBSD for what seems like a pretty good reason to me. http://slashdot.org/article.pl?sid=01/05/28/1225224mode=nested This is really quite sad as IPFilter really is a nice piece of software. The FreeBSD core team and Darren Reed have agreement in principle that we can keep the sources in the source tree. We're still working on the details, but the amount of attention this issue is getting is just getting people needlessly upset. Is the license going to be modified to become a BSD-like license? This is the main sticking point I and others have, since otherwise the code as it currently sits in the FreeBSD tree is using a license that is more restrictive than both the BSD and GPL licenses. More information on this from -core and/or Darren would be helpful. The amount of attention that this is receiving is relevant to the amount of interest people have in making sure that FreeBSD uses software in the base system that has some semblance of being Open Source, which the current IPF code is not. Nate To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
Re: Should IPFilter be pulled from FreeBSD as well
The FreeBSD core team and Darren Reed have agreement in principle that we can keep the sources in the source tree. We're still working on the details, but the amount of attention this issue is getting is just getting people needlessly upset. Is the license going to be modified to become a BSD-like license? This is the main sticking point I and others have, since otherwise the code as it currently sits in the FreeBSD tree is using a license that is more restrictive than both the BSD and GPL licenses. More information on this from -core and/or Darren would be helpful. The amount of attention that this is receiving is relevant to the amount of interest people have in making sure that FreeBSD uses software in the base system that has some semblance of being Open Source, which the current IPF code is not. ps. Darren's intentions aside, the legal license as currently written is not commercial friendly in any shape or form. Darren may not care or enforce his license, but having recently had to go rounds with lawyers over the use of software with the BSD license, I can't even imagine the grief I would get in trying to explain to a lawyer that the author's intent is the same. Nate To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
Re: remounts (was: Re: adding noschg to ssh and friends)
Dan Pelleg wrote: Karsten W. Rohrbach [EMAIL PROTECTED] wrote: there are some real high-impact tweaks to be a little bit safer from rootkits. one of them is mounting /tmp noexec. drawback: you got to remount it exec for make installworld. I always wondered... Why are remounts permitted in all securelevels? I mean, in a locked-down system where it's acceptable to force a reboot in order to upgrade (or run a rootkit), I should be able to enforce read-only mounts. Currently anyone (well, root) can just mount -u -w them. Is this an implementation problem in mount(2)? (I haven't looked at the code). Or is this going to break things for people (amd? in high securelevels?). What am I missing? I wrote a very simple patch that disallows mount(2) calls at elevated securelevel some time ago. Check the -security archives for December or so. Also look for a long thread on the whole question of turning off mount(2) at high securelevel. As for breaking things, yes, it will. You cannot mount stuff. But that's the whole idea. ;) OK, found it in the archive, http://docs.freebsd.org/mail/archive/2000/freebsd-security/20001224.freebsd-security.html Look at the 'Read-Only Filesystems' thread. -- Crist J. ClarkNetwork Security Engineer [EMAIL PROTECTED]Globalstar, L.P. (408) 933-4387FAX: (408) 933-4926 The information contained in this e-mail message is confidential, intended only for the use of the individual or entity named above. If the reader of this e-mail is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any review, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please contact [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
make world broken in kerberosIV
Using the lastest cvsup (about 30 minutes old now), make world dies while building in kerberosIV. Several undefined references in sra.o (all to symbols beginning with pam_) occur. This file is in ./kerberosIV/libexec/telnetd/. jmc P.S. Something's screwy with sendmail, won't send through my remote smtp server to FreeBSD.org anymore. Bummer . . . :) To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
