Re: Kernel Panic on 6th March i386 build
On Fri, 06 Mar 2009 20:58:08 -0500 Daniel Ouellet dan...@presscom.net wrote: Fell free to disagree, that's fair. Best, Daniel With all due respect Daniel, I disagree, and I think you've misread things a bit. The original poster, Insan Praja, stated he had a panic with both a GENERIC kernel, and with the snapshot kernel, so the fact he compiled his own GENERIC kernel is completely irrelevant. The goal is to use GENERIC or GENERIC.MP when reporting bugs. Whether or not GENERIC/GENERIC.MP was compiled by you, or received as part of a snapshot does not matter. The things that really do matter are the actual *configuration* of the kernel, and whether or not any custom patches are being used. --The names GENERIC and GENERIC.MP are the names of the configuration files used to configure the build of the kernel. # cd /usr/src/sys/arch/i386/conf # config GENERIC # cd ../compile/GENERIC # make clean make depend make [...lots of output...] # make install If you are running the -RELEASE branch, you will be running the factory compiled GENERIC or GENERIC.MP kernel, but many people prefer to follow the -STABLE branch since there is some up-keep of the base system (i.e. security related patches, and other important fixes). If you are running the -STABLE branch, you will undoubtedly be compiling your own kernel, so obviously, who compiled the kernel does not matter. When it comes to running the -CURRENT branch, you could be either running the factory compiled kernel from a snapshot, or you could be running your own compiled kernel. There are some mild differences between running the GENERIC kernel from a snapshot, and running a GENERIC kernel which you compiled from source. At times, the supposedly GENERIC kernel(s) available in the snapshots have a bit of extra secret sauce, such as fairly solid patches which are still in need of further and greater testing. There are some great, but non-default, features not available in GENERIC or GENERIC.MP such as NTFS-read support. There is obviously no way to report a bug in the NTFS-read support unless it was enabled in the kernel, and hence, you're not running GENERIC/GENERIC.MP. There are nearly countless ways someone can really screw up a kernel configuration, and trying to track down bugs in some strange and unknown kernel is a serious waste of developer time. This is why people are told to always try to replicate the bug using GENERIC/GENERIC.MP before reporting it. In situations of reporting a bug on non-default features, like the NTFS-read support, you should replicate the bug with a kernel as close to GENERIC as possible, and then clearly state the exact changes you made to enable the non-default feature. When tracking down bugs, the more consistent things are, the easier it is to replicate, find, and fix the problem. This is why using *custom* kernels are strongly discouraged, and our standard GENERIC kernel is strongly encouraged. -- J.C. Roberts
Re: Kernel Panic on 6th March i386 build
On Fri, Mar 06, 2009 at 08:58:08PM -0500, Daniel Ouellet wrote: Stefan Sperling wrote: And note that there have recently been changes in the way pf keeps track of icmp, so this may well be a valid report. Could sure be I give you that. However, still true that snapshot is the way to go and see the results. This is not one of these is it? There isn't a snapshot for the 6 ready yet anyway. However there is a commit already for icmp on pf as well: http://marc.info/?l=openbsd-cvsm=123638870222588w=2 It may well address this issue for sure, or it may not. That commit was made in part because of this thread. Insan did the right thing. Stefan
Re: Worrying things in dmesg
I'm running OpenBSD 4.4 release on an i386 machine. I use a Compact Flash card as hdd. Without manual configuration the bios recognizes it as removable and refuses to boot OpenBSD. What machine is that? It's an old HP Vectra with a p3 733mhz and 128mo of pc133 sdram. I have decided to use compact flash cards to avoid problems with old hdds. Here is a full dmesg : http://www.kalessin.fr/stuff/dmesg_hp_vectra_cose.txt If you are sure all other hardware is OK, then the card is faulty. Throw it away and buy a new one, they are very cheap now. I have purchased six identical cards. I will run tests with another card with bonnie++ [1] under one hp vectra with OpenBSD and my workstation (far more recent than the vectras) under Linux 2.6.24. But, yesterday I have also noticed that I can't use setuid programs : Mar 2 15:02:14 gw-pri-eaubonne su: cannot stat /usr/libexec/auth/login_passwd: \ Permission denied Mar 2 15:02:14 gw-pri-eaubonne su: /usr/libexec/auth/login_passwd: path not secure Not sure what this means. Who is trying the su? A regular user in the wheel group. It happens because the setuid bit is not honored (/usr was mounted with nosuid). After I bit of searching I have seen this mail received from daily insecurity output. Checking setuid/setgid files and devices: Setuid additions: -r-sr-xr-x 1 root bin 157440 Aug 13 00:56:44 2008 /sbin/ping -r-sr-xr-x 1 root bin 182208 Aug 13 00:56:46 2008 /sbin/ping6 [...] == /etc/fstab diffs (-OLD +NEW) == --- /dev/null Wed Feb 25 01:30:08 2009 +++ /etc/fstab Mon Feb 16 15:32:45 2009 @@ -0,0 +1,5 @@ +/dev/wd0a / ffs rw 1 1 +/dev/wd0f /tmp ffs rw,nodev,nosuid 1 2 +/dev/wd0e /usr/ ffs rw,nodev,nosuid 1 2 +/dev/wd0d /var ffs rw,nodev,nosuid 1 2 +/dev/wd0g /var/tmp ffs rw,nodev,nosuid 1 2 [...] This looks to me like the first insecurity report after a fresh install - note that it's a diff between /dev/null (as of Feb 25 = OLD) and /etc/fstab (as of Feb 16 = NEW). Strange. So the system replaced my configuration files and put nosuid on /usr. Why would the system change your mount flags? This is really weird. The modifications that I have done on other configurations files (I haven't touched the fstab since the install) were kept. When did you install? You were right it's the first mail after install. I believe that I have installed this machine the 24 or 23 february, but now I'm not sure. - From where my configuration was restored ? (I don't use altroot) The system doesn't restore your configs (whatever that means), but keeps daily backups in /var/backups. It might be interesting to see the stat(1) of the files there. Which files exactly ? - These warnings in dmesg can be considered harmless ? No. Anyway, something is going wrong with the hardware here, yesterday the machine froze. It was certainly a panic() (nothing in logs not even messages about the compact flash). Monday, I will run some load tests on an identical machine and my workstation. Thanks a lot for your help. [1] http://www.coker.com.au/bonnie++/ -- Louis Opter
Re: Kernel Panic on 6th March i386 build
On Fri, Mar 6, 2009 at 9:24 PM, Robert rob...@openbsd.pap.st wrote: Wrong. Reporting problems with kernels built from unmodified source is fine. Appologies, I stant corrected. Steph
Re: Kernel Panic on 6th March i386 build
Hi Claudio and Misc@, On Sat, 07 Mar 2009 14:35:30 +0700, Claudio Jeker cje...@diehard.n-r-g.com wrote: On Fri, Mar 06, 2009 at 08:58:08PM -0500, Daniel Ouellet wrote: Stefan Sperling wrote: On Fri, Mar 06, 2009 at 06:07:00PM -0500, Daniel Ouellet wrote: Insan Praja SW wrote: Hi, On Sat, 07 Mar 2009 03:17:57 +0700, FRLinux frli...@gmail.com wrote: On Fri, Mar 6, 2009 at 7:12 PM, Insan Praja SW insan.pr...@gmail.com wrote: Hi Misc@, on a i386 kernel recent build (6th march), I got panic. It says: Hello, As far as I know, home built kernel is not supported, you need to try out a snapshot instead and see if it works. Cheers, Steph You are right, but I always had a backup of last working kernel, and that is what I use now. But this panic happens and I like to report it to see if anyone else experiencing the same panic, with home build kernel or snapshot. It's a generic kernel, anyway, I hope I can contribute in some other way, you know.. like testing diff or finding bugs. I also use sendbug(1) to report the panic. Thanks, You just don't built home build kernel at all. This is really not linux here. You can configure all you want on it as is. So what if I want debug symbols to produce meaningful traces from kernel core dumps with gdb? Then I have to compile with DEBUG=-g to get a bsd.gdb. Then I have a self-compiled kernel already. That wasn't the question, but again, if you know that you need -g and are looking at kernel core dumps then you wouldn't asked questions about it on misc@ would you? Stay on the topic as it was asked. And it sure wasn't a question about the core dump used with -g was it? But related to icmp. And what if I'm testing diffs posted to t...@? When testing diffs you usually don't only run them for 5 minutes. You usually run them for as long as you can. Then your question would have been on tech@ related to a spefici diff as well from tech@ too, but it wasn't. I guess these faq entries are there to stop people from tweaking the config so hard that their machine cannot boot anymore, and then reporting this as a bug. They don't exist to stop people who somewhat know what they are doing from reporting things they find in kernels they've compiled themselves. They are there to make sure valid tests are done on generic kernel as is and valid meaning full reports are sent in that can be reproduce by others and get fix. Not to asked a free for all home built kernel from anyone. And note that there have recently been changes in the way pf keeps track of icmp, so this may well be a valid report. Could sure be I give you that. However, still true that snapshot is the way to go and see the results. This is not one of these is it? There isn't a snapshot for the 6 ready yet anyway. However there is a commit already for icmp on pf as well: http://marc.info/?l=openbsd-cvsm=123638870222588w=2 It may well address this issue for sure, or it may not. The idea and intend still stand that it's not for everyone. Good one are important and useful and this may have been one of them. And if the same problem still exists then with a snapshot, I am sure someone will be more then happy to look into it. Hope this help to provide a bit more details as to what the intent of the faq are and what the spirit of my suggestion was. Fell free to disagree, that's fair. Sorry, I don't get it a non-developer tries to educate a developer about how kernel crashes should be reported? Sorry most of your standpoints are just wrong. Sure people are encuraged to run snapshot kernels but selfbuilt kernels are fine as long as they're built from a unmodified GENERIC config. Let us developers take care of yelling at those people who send in bad bug reports because we're acctually the people who may fix it in the end. I just sync the source-tree one of my panicking machines to 7th March '09, build the kernel and the userland and no panic. Here is the dmesg. OpenBSD 4.5-current (GENERIC) #72: Sat Mar 7 17:21:48 WIT 2009 r...@greenbridgevpn.mygreenlinks.net:/usr/src/sys/arch/i386/compile/GENERIC RTC BIOS diagnostic error dfixed_disk,invalid_time cpu0: Intel(R) Xeon(R) CPU E3110 @ 3.00GHz (GenuineIntel 686-class) 3 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,S SE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,CX16,xTPR real mem = 2143842304 (2044MB) avail mem = 2064748544 (1969MB) RTC BIOS diagnostic error dfixed_disk,invalid_time mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 12/12/07, SMBIOS rev. 2.5 @ 0x7fdfd000 (63 entries) bios0: vendor Intel Corporation version S3200X38.86B.00.00.0045.082820081329 date 08/28/2008 bios0: Intel Corporation S3210SH acpi0 at bios0: rev 2 acpi0: tables DSDT SLIC FACP APIC WDDT MCFG HPET SPCR SSDT SSDT SSDT SSDT SSDT HEST BERT ERST EINJ DMAR acpi0: wakeup devices SLPB(S5) NPE1(S5) NPE6(S5) P32_(S5) PS2M(S1) PS2K(S1) ILAN(S5) PEX0(S5) PEX1(S5) PEX2(S5)
energy data in ksh prompts
Here are two variations of the standard ksh shell prompt that I myself find useful on several of my devices, in particular the portables. The first prompt shows the temperature on cpu0, the second the amount of battery claimed to remain: export PS1='`( /sbin/sysctl hw.sensors.cpu0.temp0 | sed -e \ s/^.*\([0-9][0-9]\.[0-9]\)\([0-9]\).*$/\1/g;)`$ ' 66.0$ export PS1='`/usr/sbin/apm -l`% $ ' 96% $ Here is a test using date: export PS1='`/bin/date +%H:%M:%S`$ ' 14:20:33$ apm is to cool running mode in rc.local Regards -Lars
Re: energy data in ksh prompts
On Sat, Mar 7, 2009 at 2:47 PM, Lars NoodC)n larsnoo...@openoffice.org wrote: Here are two variations of the standard ksh shell prompt that I myself find useful on several of my devices, in particular the portables. B The first prompt shows the temperature on cpu0, the second the amount of battery claimed to remain: B B B B export PS1='`( /sbin/sysctl hw.sensors.cpu0.temp0 | sed -e \ B B B B s/^.*\([0-9][0-9]\.[0-9]\)\([0-9]\).*$/\1/g;)`$ ' B B B B 66.0$ B B B B export PS1='`/usr/sbin/apm -l`% $ ' B B B B 96% $ Here is a test using date: B B B B export PS1='`/bin/date +%H:%M:%S`$ ' B B B B 14:20:33$ er, there is a \D{format} for that, see ksh(1) backslashed special char for sensors, like \S{name} would be neat thing, though :-)
Re: PF firewall system capable of handling a multi-gigabit link
Could you please point me to one of the hundreds of this kind of installs in the archives? I would be very appreciated. Thanks 2009/2/17 Alface Voadora alface.voad...@gmail.com hundreds! OK!! thanks!! 2009/2/16 Henning Brauer lists-open...@bsws.de * Alface Voadora alface.voad...@gmail.com [2009-02-08 21:37]: Did someone implement this kind of system before? Is it performing well? Is it impossible at all? you'd find hundreds of these kind of installs if you searched the list archives. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: energy data in ksh prompts
Denis Doroshenko wrote: er, there is a \D{format} for that, see ksh(1) Yes, there's a lot there. date(1) was just the first, short way of testing that the output changes, much nicer than tail -n 1 /var/something... backslashed special char for sensors, like \S{name} would be neat thing, though :-) That would be quite cool. Just for fun I am looking at ksh. \D{format} seems to start on line in /usr/src/bin/ksh/lex.c and I expect that /usr/src/sys/sys/sysctl.h would be used. However, that's the extent of my C. -Lars
Re: IPSEC: certificate ignored
Am 06.03.2009 um 22:56 schrieb Toni Mueller: Hi, I'm trying to get a VPN connection to work which should actually be a no-brainer (and I have quite similar things out there, for years): network 1 | Linux w/ isakmpd (u...@road-warrior) | | Internet | | OpenBSD w/ isakmpd (office-router) | network 2 Authentication should be done with X.509 certificates. I have my small CA that issues these certificates. On startup, OpenBSD reads all required certificates from /etc/isakmpd/{certs,ca} plus its key from /etc/isakmpd/private just fine (I double-checked using openssl and grep), but when it comes to checking the client's incoming cert, it goes like this: 223644.842092 Plcy 30 keynote_cert_obtain: failed to open /etc/ isakmpd/keynote//u...@road-warrior/credentials 223644.842516 Default get_raw_key_from_file: monitor_fopen (/etc/ isakmpd/pubkeys//ufqdn/u...@road-warrior, r) failed: Permission denied ?? Permission denied? Could this be the problem? -Heinrich 223644.842707 Default rsa_sig_decode_hash: no public key found 223644.842903 Default dropped message from 1.2.3.4 port 500 due to notification type INVALID_ID_INFORMATION In isakmpd.policy(5), I read: When X509-based authentication is performed in Main Mode, any X509 cer- tificates received from the remote IKE daemon are converted to very sim- ple KeyNote credentials. The conversion is straightforward: the issuer of the X509 certificate becomes the Authorizer of the KeyNote credential, the subject becomes the only Licensees entry, while the Conditions field simply asserts that the credential is only valid for IPsec policy use (see the app_domain action attribute below). Please note that the Linux box can identify the OpenBSD box just fine, too. It's only that the OpenBSD box (various 4.5 snapshots, actually, the latest being 4.5 GENERIC.MP#63 i386 of Feb 10th, don't seem to do this conversion of certificates to credentials anymore, or I'm making some stupid mistake that I'm too blind to see. Any help is much appreciated! -- Kind regards, --Toni++
Re: Gnash, mplayer, Firefox losing its mind in current 28 Feb
On Sat, 07 Mar 2009 12:03:15 -0600 Ed Ahlsen-Girard eagir...@cox.net wrote: Running current from a Feb 28 snapshot, I have found that if either mplayer or gnash (from snapshots) are installed, and if embedded media gain focus in FireFox, the mouse pointer will slide to the right edge of the window and stay there until the system is restarted. The pointer can be moved up and down along the edge, but will not leave it, and focus cannot be moved to another window. Ctrl-arrow keys have no effect. A gnash core file of 8064892 bytes exists. Dmesg below, core on request. Ed Ahlsen-Girard OpenBSD 4.4-current (GENERIC) #6: Fri Mar 6 22:42:12 CST 2009 e...@puff.waynel.local:/usr/src/sys/arch/i386/compile/GENERIC From the above you're running a self compiled 4.4-STABLE and not a current snapshot. Since the tree was tagged 4.5-current a few days ago, the most recent snapshots will report OpenBSD 4.5-current Prior to this tag change, they reported OpenBSD 4.5-beta You did not mention what version of firefox you are running? On 4.4, you've got firefox 2.X, but on 4.5 we have firefox 3.X. I did notice a strange right side mouse pointer issue quite a while ago (without any plugins) in firefox 2.X on OBSD 4.4, but I was never able to repeat it... possibly because I created my own updated 2.X port. If you are running 4.4-STABLE as your dmesg suggests, I have a back-port/update of Firefox 2.0.0.20 that might just fix the issue. -- J.C. Roberts
Re: Kernel Panic on 6th March i386 build
Claudio Jeker wrote: Fell free to disagree, that's fair. Sorry, I don't get it a non-developer tries to educate a developer about how kernel crashes should be reported? Sorry most of your standpoints are just wrong. Sure people are encuraged to run snapshot kernels but selfbuilt kernels are fine as long as they're built from a unmodified GENERIC config. Let us developers take care of yelling at those people who send in bad bug reports because we're acctually the people who may fix it in the end. Hi All, I stand corrected on this one. I was bias in my reply, I must admit it and come clean on it! No offense intended to anyone it may have offended. I was quick to reply to Steph as I did react to the content of the email and the linux name in the email address. My fault to react to quickly on this one. I should have know better! Not only did I put my foot in my mouth, but I swallow the boot as well. I follow cvs for years and I didn't see Insan as making changes to the tree, so I didn't know he actually was a developers or I would have known better and I miss a chance to just shut up! I didn't see his name on the list either. My bad! Insan, please accept my apologies on a misplace reply to you on my part! I was clearly out of place. Same to you Steph, I shouldn't have reacted so quickly to your email address and have wrongly concluded to an other Linux quick miss place question, or reaction. I try to help when I can and over time stop reacting as much as I used to, but obviously I still have ways to go as this treed have shown. My bad and I have no one else to blame then myself here. Please accept my deepest apology where I should have know better and obviously missed a chance to shut up! And Claudio and J.C., you are both right. Thanks for taking the time to straighted me up! I deserved that one fully. One only get better by learning from their mistakes and that's not the first I did for sure and I am sure it will not the last either. Best regards, Daniel Ouellet
Re: Gnash, mplayer, Firefox losing its mind in current 28 Feb
On Sat, Mar 07, 2009 at 12:03:15PM -0600, Ed Ahlsen-Girard wrote: Running current from a Feb 28 snapshot, I have found that if either mplayer or gnash (from snapshots) are installed, and if embedded media gain focus in FireFox, the mouse pointer will slide to the right edge of the window and stay there until the system is restarted. The pointer can be moved up and down along the edge, but will not leave it, and focus cannot be moved to another window. Ctrl-arrow keys have no effect. A gnash core file of 8064892 bytes exists. Dmesg below, core on request. what window manager are you using? Ed Ahlsen-Girard OpenBSD 4.4-current (GENERIC) #6: Fri Mar 6 22:42:12 CST 2009 e...@puff.waynel.local:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium III (GenuineIntel 686-class, 512KB L2 cache) 499 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE real mem = 335118336 (319MB) avail mem = 315379712 (300MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 08/01/01, BIOS32 rev. 0 @ 0xffe90, SMBIOS rev. 2.2 @ 0xfb410 (64 entries) bios0: vendor Dell Computer Corporation version A10 date 08/01/01 bios0: Dell Computer Corporation OptiPlex GX1 500Mbr+ apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown acpi at bios0 function 0x0 not configured pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfc670/176 (9 entries) pcibios0: PCI Interrupt Router at 000:07:0 (Intel 82371AB PIIX4 ISA rev 0x00) pcibios0: PCI bus #2 is the last bus bios0: ROM list: 0xc/0xd000 0xd/0x8000 cpu0 at mainbus0: (uniprocessor) pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel 82443BX AGP rev 0x03 intelagp0 at pchb0 agp0 at intelagp0: aperture at 0xf000, size 0x400 ppb0 at pci0 dev 1 function 0 Intel 82443BX AGP rev 0x03 pci1 at ppb0 bus 1 ATI Rage Pro rev 0x5c at pci1 dev 0 function 0 not configured piixpcib0 at pci0 dev 7 function 0 Intel 82371AB PIIX4 ISA rev 0x02 pciide0 at pci0 dev 7 function 1 Intel 82371AB IDE rev 0x01: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: Maxtor 91024D4 wd0: 16-sector PIO, LBA, 9765MB, 1728 sectors wd1 at pciide0 channel 0 drive 1: WDC WD800JB-00JJC0 wd1: 16-sector PIO, LBA, 76319MB, 156301488 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 wd1(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 2 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets, initiator 7 cd0 at scsibus0 targ 0 lun 0: HITACHI, CDR-8430, 0024 ATAPI 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, DMA mode 2 uhci0 at pci0 dev 7 function 2 Intel 82371AB USB rev 0x01: irq 11 piixpm0 at pci0 dev 7 function 3 Intel 82371AB Power rev 0x02: SMBus disabled vga1 at pci0 dev 14 function 0 ATI Radeon 9200 SE Sec rev 0x01 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) radeondrm0 at vga1: irq 9 drm0 at radeondrm0 ppb1 at pci0 dev 15 function 0 DEC 21152 PCI-PCI rev 0x03 pci2 at ppb1 bus 2 ohci0 at pci2 dev 11 function 0 Acer Labs M5237 USB rev 0x03: irq 9, version 1.0, legacy support ehci0 at pci2 dev 11 function 3 Acer Labs M5239 USB2 rev 0x01: irq 10 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Acer Labs EHCI root hub rev 2.00/1.00 addr 1 usb1 at ohci0: USB revision 1.0 uhub1 at usb1 Acer Labs OHCI root hub rev 1.00/1.00 addr 1 xl0 at pci0 dev 17 function 0 3Com 3c905B 100Base-TX rev 0x24: irq 11, address 00:c0:4f:22:a7:b8 exphy0 at xl0 phy 24: 3Com internal media interface isa0 at piixpcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pmsi0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pmsi0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec isapnp0 at isa0 port 0x279: read port 0x203 wss1 at isapnp0 CS4236B, CSC, , WSS/SB port 0x534/4,0x388/4,0x220/16 irq 5 drq 1,0: CS4236/CS4236B (vers 0) audio0 at wss1 joy0 at isapnp0 CS4236B, CSC000F, , Game port 0x3a0/8 CS4236B, CSC0010, , Ctrl at isapnp0 port 0xf00/8 not configured CS4236B, CSC0003, , MPU at isapnp0 port 0x330/2 not configured usb2 at uhci0: USB revision 1.0 uhub2 at usb2 Intel UHCI root hub rev 1.00/1.00 addr 1 biomask ef45 netmask ef45 ttymask ffdf mtrr: Pentium Pro MTRR support ugen0 at uhub1 port 2 OMNIKEY AG Smart Card Reader USB rev 1.10/2.00 addr 2 softraid0 at root root on wd1a
Re: Gnash, mplayer, Firefox losing its mind in current 28 Feb
On Sat, Mar 07, 2009 at 06:58:39PM +, Nigel J. Taylor wrote: I have found the mouse pointer being locked to the right edge as well, and very annoying. I can normally recover, the I move the middle mouse button up/down and press escape, that seems to release the mouse pointer for me, not much help if you have a two button mouse. I use an amd64 current build, and I found the issue is not confined to firefox/gnash. what window manager are you using? Regards Nigel Taylor Ed Ahlsen-Girard wrote: Running current from a Feb 28 snapshot, I have found that if either mplayer or gnash (from snapshots) are installed, and if embedded media gain focus in FireFox, the mouse pointer will slide to the right edge of the window and stay there until the system is restarted. The pointer can be moved up and down along the edge, but will not leave it, and focus cannot be moved to another window. Ctrl-arrow keys have no effect. A gnash core file of 8064892 bytes exists. Dmesg below, core on request. Ed Ahlsen-Girard OpenBSD 4.4-current (GENERIC) #6: Fri Mar 6 22:42:12 CST 2009 e...@puff.waynel.local:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium III (GenuineIntel 686-class, 512KB L2 cache) 499 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE real mem = 335118336 (319MB) avail mem = 315379712 (300MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 08/01/01, BIOS32 rev. 0 @ 0xffe90, SMBIOS rev. 2.2 @ 0xfb410 (64 entries) bios0: vendor Dell Computer Corporation version A10 date 08/01/01 bios0: Dell Computer Corporation OptiPlex GX1 500Mbr+ apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown acpi at bios0 function 0x0 not configured pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfc670/176 (9 entries) pcibios0: PCI Interrupt Router at 000:07:0 (Intel 82371AB PIIX4 ISA rev 0x00) pcibios0: PCI bus #2 is the last bus bios0: ROM list: 0xc/0xd000 0xd/0x8000 cpu0 at mainbus0: (uniprocessor) pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel 82443BX AGP rev 0x03 intelagp0 at pchb0 agp0 at intelagp0: aperture at 0xf000, size 0x400 ppb0 at pci0 dev 1 function 0 Intel 82443BX AGP rev 0x03 pci1 at ppb0 bus 1 ATI Rage Pro rev 0x5c at pci1 dev 0 function 0 not configured piixpcib0 at pci0 dev 7 function 0 Intel 82371AB PIIX4 ISA rev 0x02 pciide0 at pci0 dev 7 function 1 Intel 82371AB IDE rev 0x01: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: Maxtor 91024D4 wd0: 16-sector PIO, LBA, 9765MB, 1728 sectors wd1 at pciide0 channel 0 drive 1: WDC WD800JB-00JJC0 wd1: 16-sector PIO, LBA, 76319MB, 156301488 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 wd1(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 2 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets, initiator 7 cd0 at scsibus0 targ 0 lun 0: HITACHI, CDR-8430, 0024 ATAPI 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, DMA mode 2 uhci0 at pci0 dev 7 function 2 Intel 82371AB USB rev 0x01: irq 11 piixpm0 at pci0 dev 7 function 3 Intel 82371AB Power rev 0x02: SMBus disabled vga1 at pci0 dev 14 function 0 ATI Radeon 9200 SE Sec rev 0x01 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) radeondrm0 at vga1: irq 9 drm0 at radeondrm0 ppb1 at pci0 dev 15 function 0 DEC 21152 PCI-PCI rev 0x03 pci2 at ppb1 bus 2 ohci0 at pci2 dev 11 function 0 Acer Labs M5237 USB rev 0x03: irq 9, version 1.0, legacy support ehci0 at pci2 dev 11 function 3 Acer Labs M5239 USB2 rev 0x01: irq 10 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Acer Labs EHCI root hub rev 2.00/1.00 addr 1 usb1 at ohci0: USB revision 1.0 uhub1 at usb1 Acer Labs OHCI root hub rev 1.00/1.00 addr 1 xl0 at pci0 dev 17 function 0 3Com 3c905B 100Base-TX rev 0x24: irq 11, address 00:c0:4f:22:a7:b8 exphy0 at xl0 phy 24: 3Com internal media interface isa0 at piixpcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pmsi0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pmsi0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec isapnp0 at isa0 port 0x279: read port 0x203 wss1 at isapnp0 CS4236B, CSC, , WSS/SB port 0x534/4,0x388/4,0x220/16 irq 5 drq
Re: Root as R/O
Janusz, This might be late, but take a look at: http://surricani.blogspot.com/2007/09/openbsd-and-readonly-filesystems.html On Sun, Mar 1, 2009 at 6:03 AM, Jean-Francois jfsimon1...@gmail.com wrote: Janusz, I try to secure a box by forbidding the change to main system files. /dev /etc /tmp /var are on separate slides and would be w/r of course. Le dimanche 01 mars 2009 C 13:15 +0100, Janusz Gumkowski a C)crit : On Sun, Mar 01, 2009 at 10:18:54AM +0100, Jean-Francois wrote: Hi All, One could develop a little bit the addvantage(s) of mounting root as read only ? Myself, I don't see any. /dev, /etc, /tmp and /var/* are changed a lot during startup or while the system is running. What are you trying do do, exactly?
Re: snort/bas
Rodolfo Timoteo da Silva escreveu: Has anyone installed snort, base and receive the same error when trying to connect to DB in the first access? [Fri Mar 6 13:13:21 2009] [error] PHP Warning: session_start() [a href='function.session-start'function.session-start/a]: open(/tmp//sess_ignndir3nk8sv4ntdrr05o6at2, O_RDWR) failed: No such file or directory (2) in /htdocs/base/base_conf.php on line 21 Hi Rodolfo, OpenBSD's apache is chroot, so to use PHP with session you need to create the /var/www/tmp directory. That's why you got this open(/tmp//sess_ignndir3nk8sv4ntdrr05o6at2, O_RDWR) failed. Remember that /var/www/tmp will turn into /tmp inside the apache's chroot. HTH, Anything else contact me offlist in portuguese :D THANKS, for now. Regards, Vinicius
Re: offtopic - file permission trivial question
2009/2/9 Ariane van der Steldt ari...@stack.nl: On Mon, Feb 09, 2009 at 01:46:39AM +0100, Jesus Sanchez wrote: This question it's a little complicated to make. It's more a curiosity than a technical situation. First I will try to put the situation. Let's say I'm the root of a system, and one of my users (user foo) have his home dir with rwx privileges ( /home/foo/ have permissions 700 ) and I wan't to create a black box dir inside it's home, so I cd to /home/foo and do: # mkdir blackdir # chmod 000 blackdir At this point (as I know) the foo user isn't able to see the content of blackdir, but if the dir is empty he can delete it (rm -df blackdir) cause he have rwx on /home/foo. Someway, user foo can have information about the contents of blackdir: if it's empty he can 'rm -d' it, so he will know if the dir had or not any file. In my way of think, thats information about the dir. What is the design cause of this behaviour? I mean, It wouldn't be more logical the fact that if a dir have 000 permissions, the foo user shouldn't be able to get any kind of information about the dir? even something so trivial as if the dir was empty or not. The user is allowed to remove the directory, but only if it is empty. rm -d expects and empty directory argument and executes the remove operation, which the kernel will not grant if there's files in it. It's not a design decision, but a logical conclusion of the design. Commenting on an old thread here, but maybe this will help somebody googling the archives (and yes, most OpenBSD miscers know this of course): The reason for this behaviour --which may seem counterintuitive depending on your implicit assumptions-- is that directories are actually defined in their *parent* directory. Thus, as you correctly observed, when the user tries to remove the empty blackdir in /home/foo, they can do so, because the permissions of /home/foo are 700. If however there's a file in /home/foo/blackdir, then this will prevent /home/foo/blackdir from being removed, because the 000 permissions of blackdir prevent the file from being removed -- even if the latter has 777 permissions or is an empty subdirectory. If blackdir has 333 permissions, the user can remove the file (that has 777 permissions). However, if blackdir has 333 permissions and contains an empty subdirectory that has 000 permissions, then the user must already know or be able to guess the name of that subdirectory, because to remove it, they will need to run first rm -rf blackdir/subdirectory and then rm -rf blackdir. The easy way to thus create a persistent blackbox directory that the user cannot delete is to make sure it's never empty, for instance by doing # mkdir /home/foo/blackbox # chmod 000 /home/foo/blackbox # touch /home/foo/blackbox/.sticky Of course a blackbox would not be very useful really, unless you're trying to hide your private files in someone else's directory. *Dropboxes* however are quite useful (though not necessarily in individual users' home folders): # mkdir dropbox # chmod 333 dropbox # touch dropbox/.sticky Because the 333 permissions of the dropbox folder would in principle allow users to delete .sticky (as opposed to the above scenario where the 000 permissions of blackbox would have prevented that, as long as .sticky isn't an empty subfolder), the permissions of .sticky itself now become important, and it's probably best to do: # chmod 000 dropbox/.sticky Voila! A dropbox that users cannot delete, and whose contents users cannot list, but which they can copy files into. That's very useful e.g. for WebDAV (cf. http://openports.se/www/mod_dav ) and probably FTP servers, so people can give stuff to you, without being able to see what files others have sent you. However, be warned: This prevents them from listing the directory contents, but due to the execute (=directory traverse) permissions of the dropbox folder, people with shell access will still be able to confirm the *existence* of individual files if they can guess their file names, like so: $ ll dropbox/.sticky -- 1 root ropers 0 Mar 8 04:44 dropbox/.sticky $ (NB: On my systems, alias ll='ls -Fahl'.) This tells them that the file they asked to be listed does indeed exist; if the file did not exist, the above command would have resulted in an error. They wouldn't however be able to tell what --if anything-- is inside those files. So dropboxes are a nice facility that you may set up once and for all, and that people could use to copy/upload files to you and only you. However: If someone were to e.g. copy a file called L4T35T B00TL3G M0V13.RAR into your drop box, then it'd be entirely possible that some WIPO-RICO vigilante might be able to guess and confirm that a file of that name is indeed present on your system... regards, --ropers
Re: Gnash, mplayer, Firefox losing its mind in current 28 Feb
Hi, On Sat, Mar 07, 2009 at 06:58:39PM +, Nigel J. Taylor wrote: I have found the mouse pointer being locked to the right edge as well, and very annoying. I can normally recover, the I move the middle mouse button up/down and press escape, that seems to release the mouse pointer for me, not much help if you have a two button mouse. I use an amd64 current build, and I found the issue is not confined to firefox/gnash. what window manager are you using? Mainly kde, also run others, can't be sure, I think had the same happen with some other window managers. Regards Nigel Taylor Ed Ahlsen-Girard wrote: Running current from a Feb 28 snapshot, I have found that if either mplayer or gnash (from snapshots) are installed, and if embedded media gain focus in FireFox, the mouse pointer will slide to the right edge of the window and stay there until the system is restarted. The pointer can be moved up and down along the edge, but will not leave it, and focus cannot be moved to another window. Ctrl-arrow keys have no effect. A gnash core file of 8064892 bytes exists. Dmesg below, core on request. Ed Ahlsen-Girard OpenBSD 4.4-current (GENERIC) #6: Fri Mar 6 22:42:12 CST 2009 e...@puff.waynel.local:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium III (GenuineIntel 686-class, 512KB L2 cache) 499 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE real mem = 335118336 (319MB) avail mem = 315379712 (300MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 08/01/01, BIOS32 rev. 0 @ 0xffe90, SMBIOS rev. 2.2 @ 0xfb410 (64 entries) bios0: vendor Dell Computer Corporation version A10 date 08/01/01 bios0: Dell Computer Corporation OptiPlex GX1 500Mbr+ apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown acpi at bios0 function 0x0 not configured pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfc670/176 (9 entries) pcibios0: PCI Interrupt Router at 000:07:0 (Intel 82371AB PIIX4 ISA rev 0x00) pcibios0: PCI bus #2 is the last bus bios0: ROM list: 0xc/0xd000 0xd/0x8000 cpu0 at mainbus0: (uniprocessor) pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel 82443BX AGP rev 0x03 intelagp0 at pchb0 agp0 at intelagp0: aperture at 0xf000, size 0x400 ppb0 at pci0 dev 1 function 0 Intel 82443BX AGP rev 0x03 pci1 at ppb0 bus 1 ATI Rage Pro rev 0x5c at pci1 dev 0 function 0 not configured piixpcib0 at pci0 dev 7 function 0 Intel 82371AB PIIX4 ISA rev 0x02 pciide0 at pci0 dev 7 function 1 Intel 82371AB IDE rev 0x01: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: Maxtor 91024D4 wd0: 16-sector PIO, LBA, 9765MB, 1728 sectors wd1 at pciide0 channel 0 drive 1: WDC WD800JB-00JJC0 wd1: 16-sector PIO, LBA, 76319MB, 156301488 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 wd1(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 2 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets, initiator 7 cd0 at scsibus0 targ 0 lun 0: HITACHI, CDR-8430, 0024 ATAPI 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, DMA mode 2 uhci0 at pci0 dev 7 function 2 Intel 82371AB USB rev 0x01: irq 11 piixpm0 at pci0 dev 7 function 3 Intel 82371AB Power rev 0x02: SMBus disabled vga1 at pci0 dev 14 function 0 ATI Radeon 9200 SE Sec rev 0x01 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) radeondrm0 at vga1: irq 9 drm0 at radeondrm0 ppb1 at pci0 dev 15 function 0 DEC 21152 PCI-PCI rev 0x03 pci2 at ppb1 bus 2 ohci0 at pci2 dev 11 function 0 Acer Labs M5237 USB rev 0x03: irq 9, version 1.0, legacy support ehci0 at pci2 dev 11 function 3 Acer Labs M5239 USB2 rev 0x01: irq 10 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Acer Labs EHCI root hub rev 2.00/1.00 addr 1 usb1 at ohci0: USB revision 1.0 uhub1 at usb1 Acer Labs OHCI root hub rev 1.00/1.00 addr 1 xl0 at pci0 dev 17 function 0 3Com 3c905B 100Base-TX rev 0x24: irq 11, address 00:c0:4f:22:a7:b8 exphy0 at xl0 phy 24: 3Com internal media interface isa0 at piixpcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pmsi0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pmsi0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec isapnp0 at isa0 port 0x279: read port 0x203 wss1 at isapnp0 CS4236B, CSC, , WSS/SB port
Re: Gnash, mplayer, Firefox losing its mind in current 28 Feb
2009/3/8 Nigel J. Taylor njtay...@asterisk.demon.co.uk: what window manager are you using? Mainly kde, also run others, can't be sure, I think had the same happen with some other window managers. You mean KWin? http://en.wikipedia.org/wiki/KWin
Lenovo and Toshiba laptop question
Just checking to see if anyone has tried OpenBSD on either of these laptop models Toshiba Satellite A305-S6909 Lenovo 3000 G530 and if so, how much success they had. The Toshiba shows this on the graphics: Integrated Intel Graphics Media Accelerator 4500MHD The Lenovo shows this: Intel Graphics Media Accelerator X4500 No mention of Nvidia, so that's a plus. I'd rather have the Toshiba since it has a bigger hard drive and more ram for the same price, but I know from reading on the list that Lenovo is generally more compatible with OpenBSD than most laptops. I also know that you're usually better off going with an older model since there's been time to test it, write drivers, code, etc., for it, than with a relatively new model. I have an ancient Toshiba but it's really not up to the task anymore except maybe to use as a secure email station, etc. I searched through the mailing lists archives but found no mention of either model listed above, so any comments, advice, and so forth much appreciated. Denny White -- === () ASCII ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments === GnuPG key : 0x1644E79A | http://wwwkeys.nl.pgp.net Fingerprint: D0A9 AD44 1F10 E09E 0E67 EC25 CB44 F2E5 1644 E79A ===
Apache PHP
I compile some c code and link it statically. It's the simple 'hello world' program. I name it 'hello' and put it in /var/www/test/ I then try to execute it through php using the shell_exec function like so: $output = shell_exec(/var/www/test/hello); echo $output; I get no output at all. Same program runs fine via shell_exec on other Apache PHP setups. Being this is statically linked and ldd shows no shared libs (the chroot should not impact it, right?) and the php.ini files does not exclude shell_exec from running... what else might be wrong? -- View this message in context: http://www.nabble.com/Apache---PHP-tp22395513p22395513.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Sparc64 panics
Hi list, I m experiencing some panics on 4.2/4.4 Sparc64 system with generic kernel. /bsd: text_access_error: memory error... /bsd: text memory error type 10 sfsr=0 sfva=48961240 afsr=cfec201d38 afva=4c tf=0x4000e8cbed0 /bsd: data error type 32 sfsr=0 sfva=455fba48 afsr=44 afva=cfec201d38 tf=0x4000e8f3ed0 This system has ECC and all the hardware tests are ok If i ls -l in a directroy with numerous files or if i issue a line with a result of long text the system will panic. I read the trap.c but i m bit confused . Can some give me advice on this ? TIA
Re: Apache PHP
On Sunday 08 March 2009 08.13.58 you wrote: I compile some c code and link it statically. It's the simple 'hello world' program. I name it 'hello' and put it in /var/www/test/ I then try to execute it through php using the shell_exec function like so: $output = shell_exec(/var/www/test/hello); echo $output; I get no output at all. Same program runs fine via shell_exec on other Apache PHP setups. Being this is statically linked and ldd shows no shared libs (the chroot should not impact it, right?) and the php.ini files does not exclude shell_exec from running... what else might be wrong? Do you have a shell executable in your chroot? Daniel -- LEVAI Daniel PGP key ID = 0x4AC0A4B1 Key fingerprint = D037 03B9 C12D D338 4412 2D83 1373 917A 4AC0 A4B1