Re: Pseudoterminals increase: compilation error
On 2008-Jul-19 19:44:18 -0700, Unga [EMAIL PROTECTED] wrote: truss -o truss.log -f expect -c spawn ls 1178: open(/dev/ptyp0,O_RDWR,027757763030)ERR#5 'Input/output error' 1178: open(/dev/ptyp1,O_RDWR,027757763030)ERR#5 'Input/output error' 1178: open(/dev/ptyp2,O_RDWR,027757763030)= 5 (0x5) 1178: fstat(5,{mode=crw-rw-rw- ,inode=178,size=0,blksize=4096}) = 0 (0x0) : : 1178: chown(/dev/ttyp2,1002,4)ERR#1 'Operation not permitted' This is definitely wrong. expect should not be calling chown(2), it should be calling pt_chown. I'm using Expect-5.43.0 compiled from sources. So, it looks like some sort of a misconfiguration. Still investigating. Have you built the FreeBSD port or used your own build configuration? If the latter, I suggest you build the port - it works for me. -- Peter Jeremy Please excuse any delays as the result of my ISP's inability to implement an MTA that is either RFC2821-compliant or matches their claimed behaviour. pgpJWcB8BpLRs.pgp Description: PGP signature
Re: Pseudoterminals increase: compilation error
--- On Sun, 7/20/08, Peter Jeremy [EMAIL PROTECTED] wrote: From: Peter Jeremy [EMAIL PROTECTED] Subject: Re: Pseudoterminals increase: compilation error To: Unga [EMAIL PROTECTED] Cc: freebsd-stable@freebsd.org Date: Sunday, July 20, 2008, 6:37 PM On 2008-Jul-19 19:44:18 -0700, Unga [EMAIL PROTECTED] wrote: truss -o truss.log -f expect -c spawn ls 1178: open(/dev/ptyp0,O_RDWR,027757763030) ERR#5 'Input/output error' 1178: open(/dev/ptyp1,O_RDWR,027757763030) ERR#5 'Input/output error' 1178: open(/dev/ptyp2,O_RDWR,027757763030) = 5 (0x5) 1178: fstat(5,{mode=crw-rw-rw- ,inode=178,size=0,blksize=4096}) = 0 (0x0) : : 1178: chown(/dev/ttyp2,1002,4) ERR#1 'Operation not permitted' This is definitely wrong. expect should not be calling chown(2), it should be calling pt_chown. Hmm...that's a good point. I'll check that. I'm using Expect-5.43.0 compiled from sources. So, it looks like some sort of a misconfiguration. Still investigating. Have you built the FreeBSD port or used your own build configuration? If the latter, I suggest you build the port - it works for me. Yes, I build my own build configuration. Anyway, I'll check what are the patches applied by the FreeBSD port. Unga ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD 7.1 and BIND exploit
Date: Sun, 20 Jul 2008 14:22:09 +1000 From: Edwin Groothuis [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] On Sat, Jul 19, 2008 at 09:36:38PM -0600, Brett Glass wrote: At 09:28 PM 7/19/2008, Subhro wrote: You need to understand the release engineering process of FreeeBSD. I've been watching it (and testing release candidates) since 2.x, so I think I may possibly have some understanding of it by now. ;-) The release edition is essential created from the stabe edition. 7.1R would not be something new which is *not* present on 7-STABLE today. Mostly true. But the new release would undergo extensive testing, and changes which were not ready for prime time would be rolled back or made solid. I've had enough trouble with some recent snapshots of -STABLE that I'd rather install a release that's been thoroughly tested... preferably with the latest ports. That's why I'm asking about the likely actual release date of 7.1. The best thing a looking glass can come up with is: http://www.freebsd.org/releng/#schedule But that unless an announcement that as much worth as the lifetime of the electrons hitting the back of your eyes. I think we might have a communications issue. If I am wrong, sorry for the waste of bandwidth, First, 7.1 will not be out before Black Hat where the details of the vulnerability will be discussed publicly, so scratch that. Second, RELENG_7_0 has the patch plus two other security patches. IT IS NOT STABLE! It is 7.0 with exactly three important security patches and nothing else. While I find stable to be more stable and generally far better tested than release versions, I understand th preference many have for release versions. You have three options: 1. Upgrade to STABLE 2. Apply the patch to your existing system 3. Upgrade to RELENG_7_0 Of these, 2 is generally the easiest. 3 is probably the closest you can get to what you want, but pulls in two other security patches (which you probably should have installed, anyway) and 1 is probably the best approach in terms of system stability, but it does make a great many changes and it is probably not the best choice for a production environment where careful testing would be needed before deployment. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: [EMAIL PROTECTED] Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751 pgpnKTveZmtYI.pgp Description: PGP signature
Re: FreeBSD 7.1 and BIND exploit
On Sat, Jul 19, 2008 at 08:30:57PM -0600, Brett Glass wrote: Everyone: Will FreeBSD 7.1 be released in time to use it as an upgrade to close the BIND cache poisoning hole? We'd like to upgrade affected servers to the latest FreeBSD at the same time that we upgrade BIND if possible. Given that 7.1 and 6.4 are still listed as August in the RE page, and things often slip a bit as the date approaches, I'd say you'd be well-advised not to wait. Assuming you're running 7.0 or 6.3, upgrade to the latest _RELENG patch which is much less work than a full version upgrade. My opinion only. I'm not a developer, and I'm not running any recursive resolvers on BIND these days; my limited set of machines are running djbdns instead, so I have more flexibility. -- Clifton -- Clifton Royston -- [EMAIL PROTECTED] / [EMAIL PROTECTED] President - I and I Computing * http://www.iandicomputing.com/ Custom programming, network design, systems and network consulting services ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD 7.1 and BIND exploit
Cilton, Off topic, but could you please tell me (us) the advantages(and disadvantages) of djbdns over bind? Thanks Subhro On Sun, Jul 20, 2008 at 11:45 PM, Clifton Royston [EMAIL PROTECTED] wrote: On Sat, Jul 19, 2008 at 08:30:57PM -0600, Brett Glass wrote: Everyone: Will FreeBSD 7.1 be released in time to use it as an upgrade to close the BIND cache poisoning hole? We'd like to upgrade affected servers to the latest FreeBSD at the same time that we upgrade BIND if possible. Given that 7.1 and 6.4 are still listed as August in the RE page, and things often slip a bit as the date approaches, I'd say you'd be well-advised not to wait. Assuming you're running 7.0 or 6.3, upgrade to the latest _RELENG patch which is much less work than a full version upgrade. My opinion only. I'm not a developer, and I'm not running any recursive resolvers on BIND these days; my limited set of machines are running djbdns instead, so I have more flexibility. -- Clifton -- Clifton Royston -- [EMAIL PROTECTED] / [EMAIL PROTECTED] President - I and I Computing * http://www.iandicomputing.com/ Custom programming, network design, systems and network consulting services ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED] -- Subhro Kar Software Engineer Dynamic Digital Technologies Pvt. Ltd. EPY-3, Sector: V Salt Lake City 700091 India ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD 7.1 and BIND exploit
On Sun, Jul 20, 2008 at 09:44:31AM -0700, Kevin Oberman wrote: [ snip ] Second, RELENG_7_0 has the patch plus two other security patches. IT IS NOT STABLE! It is 7.0 with exactly three important security patches and nothing else. [ snip ] I believe the second sentence could be better written as IT IS NOT -STABLE! which is an important difference ;) Regards, Gary ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Panic on ZFS startup after crash
Pawel Jakub Dawidek wrote: Can you try this patch? http://people.freebsd.org/~pjd/patches/space_map.c.patch Now it panics (solaris assert) at line 431 in dmu.c. I'll try to get a backtrace in a day or two if it would help. Any other suggestions Pawel? ___ Daniel Eriksson (http://www.toomuchdata.com/) ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Pseudoterminals increase: compilation error [SOLVED]
--- On Sun, 7/20/08, Peter Jeremy [EMAIL PROTECTED] wrote: From: Peter Jeremy [EMAIL PROTECTED] Subject: Re: Pseudoterminals increase: compilation error To: Unga [EMAIL PROTECTED] Cc: freebsd-stable@freebsd.org Date: Sunday, July 20, 2008, 6:37 PM On 2008-Jul-19 19:44:18 -0700, Unga [EMAIL PROTECTED] wrote: truss -o truss.log -f expect -c spawn ls 1178: open(/dev/ptyp0,O_RDWR,027757763030) ERR#5 'Input/output error' 1178: open(/dev/ptyp1,O_RDWR,027757763030) ERR#5 'Input/output error' 1178: open(/dev/ptyp2,O_RDWR,027757763030) = 5 (0x5) 1178: fstat(5,{mode=crw-rw-rw- ,inode=178,size=0,blksize=4096}) = 0 (0x0) : : 1178: chown(/dev/ttyp2,1002,4) ERR#1 'Operation not permitted' This is definitely wrong. expect should not be calling chown(2), it should be calling pt_chown. Yep, it was pt_chown was missing. Fixed the issue. Now ttyp* are created with correct ownerships. A big thank specially to Peter Jeremy and all others who helped me to solve this. Best regards Unga ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]