Re: Network problems
On Monday 08 May 2006 06:56, Rod.. Whitworth wrote: > On Mon, 08 May 2006 06:45:21 -0400, dave feustel wrote: > >which I won't bother you with. > > Promise? > > Please, pretty please? Quoting out of context only makes things worse. > From the land "down under": Australia. > Do we look from up over? > > Do NOT CC me - I am subscribed to the list. > Replies to the sender address will fail except from the list-server.
Re: kde: kio accessing files in /etc
On Monday 08 May 2006 07:09, Jason Dixon wrote: > On May 8, 2006, at 6:45 AM, dave feustel wrote: > > On Sunday 07 May 2006 11:35, Jason Dixon wrote: > >> I assumed that you would be bright enough to use Google to understand > >> the purpose of kio (virtual file system library). I was mistaken in > >> giving you the benefit of the doubt. Now that you know what kio is > >> for, does it start to make sense why it would access files in /etc > >> that pertain to file sharing? > > > > It is interesting to see the leaps in your logic. I do not run > > samba. It > > actually got installed by my mistake and I deleted as much of it as I > > could because I consider it a big security vulnerability. > > You just don't get it, do you? It doesn't matter if you're running > Samba or not. Kio will attempt to access those files which it is > programmed to use for its purpose (virtual file system library). The > files in /etc that you mentioned are part of this task. I was beginning to suspect that. Thanks for the confirmation. > -- > Jason Dixon > DixonGroup Consulting > http://www.dixongroup.net
Re: kde: kio accessing files in /etc
On Sunday 07 May 2006 11:35, Jason Dixon wrote: > On May 7, 2006, at 11:18 AM, dave feustel wrote: > > On Sunday 07 May 2006 10:53, Jason Dixon wrote: > >> On May 7, 2006, at 10:38 AM, dave feustel wrote: > >>> After running kde on 3.9 I found the following error messages in > >>> the kde error > >>> log: > >>> > >>> kio (KDirWatch): WARNING: KDirWatch::removeDir can't handle > >>> '/etc/samba/smb.conf' > >>> kio (KDirWatch): WARNING: KDirWatch::removeDir can't handle > >>> '/etc/security/fileshare.conf' > >>> kio (KDirWatch): WARNING: KDirWatch::removeDir can't handle '/etc/ > >>> exports' > >>> > >>> Why would kio access files in /etc? > >> > >> Why do you continue to ask questions like this? What do you think > >> kio is used for? Does your firewall block Google, or are you just > >> lazy? > > > > Thanks for the suggestion. I had not thought of trying google for > > the answer > > to this question. I just now googled for "kio /etc" and got 413,000 > > hits. I > > assume you either do not know, or choose not to post, the answer to my > > question. But thanks anyways for the help which you did provide. > > > > The question is, if I am not doing anything with those files, then > > why is > > kio accessing them? > > I assumed that you would be bright enough to use Google to understand > the purpose of kio (virtual file system library). I was mistaken in > giving you the benefit of the doubt. Now that you know what kio is > for, does it start to make sense why it would access files in /etc > that pertain to file sharing? It is interesting to see the leaps in your logic. I do not run samba. It actually got installed by my mistake and I deleted as much of it as I could because I consider it a big security vulnerability.
Re: Network problems
On Sunday 07 May 2006 11:29, Jason Dixon wrote: > >> So where are the "severe network problems" you allude to? > > > > Konqueror is unusable this morning because almost no web accesses > > other than those to my local webpages are completing. > > So provide troubleshooting examples (e.g., tcpdump) that demonstrate > something is broken with your TCP/IP stack. Actually, the problems with verizon are getting worse. Now more than half of my outgoing emails are failing to complete and I have to retransmit them. I am also having progressively more severe problems with Kmail which I won't bother you with.
Re: Network problems
On Sunday 07 May 2006 11:16, Constantine A. Murenin wrote: > On 07/05/06, dave feustel <[EMAIL PROTECTED]> wrote: > > I just upgraded to 3.9 yesterday and today I am having > > severe network problems. This has been happening for the > > past week, but is now much worse. Browser requests take forever > > Clearly, it's OpenBSD's fault. Try downgrading to 3.8, or 3.7, or > better yet 3.6. Or do a clear install. I always do a clean install from cdrom. > > > to complete, I can't ping verizon.com, traceroute doesn't > > As Jason has mentioned, no-one can ping verizon.com. This is a surprise to me. Verizon has changed the modem proved to DSL customers. It was possible to both ping and traceroute to verizon through the old modem. Not with the new modem. I generally ping mindspring to test connectivity. Only tried verizon this morning because I was running out of ideas. Also fvwm won't start - says it can't access the display. kde works though. > > work through the new verizon dsl modem which assigns > > a local address of 192.168.1.47 to my computer. The > > I assume it worked before the incident? Or you didn't test if it worked > before? > > > modem has address 192.168.1.1. Here is some sample console > > log showing the ping and traceroute problems. > > I called Verizon technical support, but it is useless. > > Try to email KDE mailing list, maybe it's just that your computer > doesn't have enough memory or something... 512 MB memory. > > Any ideas about how to fix this? > > Other than calling verizon, -- no. Tried that. Waste of time. > > Thanks, > > Dave Feustel > > Seriously, what do you think will happen if everyone would start > posting questions here about Sprint, Verizon, BT, Telstra, GMX, > Corbina? This is [EMAIL PROTECTED], not offtopic@, and not > [EMAIL PROTECTED] Understood. Thanks for your help.
OpenBSD Mentors?
Is there anyone who would be willing to mentor me wrt OpenBSD (ie receive and answer my OpenBSD questions off-list)? Thanks, Dave Feustel
Re: kde: kio accessing files in /etc
On Sunday 07 May 2006 16:16, D. E. Evans wrote: > The question is, if I am not doing anything with those files, >then why is kio accessing them? > > Why are you repeating your question when you've already been > answered? OK I didn't get it the first time. What was the answer? Thanks, Dave
Re: kde: kio accessing files in /etc
Thanks for the pointer. It may be a while before I can try this out since my dsl connection is basically useless the way it's working today. I have tried fvwm but it always aborts with the message that it can't open the display. Dave -Original Message- >From: "D. E. Evans" <[EMAIL PROTECTED]> >Sent: May 7, 2006 3:43 PM >To: [EMAIL PROTECTED] >Cc: misc@openbsd.org >Subject: Re: kde: kio accessing files in /etc > > Which window manager(s) do you recommend? I'll try it(them). > >See http://www.xwinman.org>. > >Keep in mind the applications you will be running, and whether they >need ICCCM or NetWM (EWMH) hints, or other dependencies for >certain functions the ports system may not automatically provide. Dave Feustel http://www.mindspring.com/~dfeustel
Re: kde: kio accessing files in /etc
On Sunday 07 May 2006 10:55, Constantine A. Murenin wrote: > On 07/05/06, dave feustel <[EMAIL PROTECTED]> wrote: > > After running kde on 3.9 I found the following error messages in the kde > > error log: > > > > kio (KDirWatch): WARNING: KDirWatch::removeDir can't handle > > '/etc/samba/smb.conf' > > kio (KDirWatch): WARNING: KDirWatch::removeDir can't handle > > '/etc/security/fileshare.conf' > > kio (KDirWatch): WARNING: KDirWatch::removeDir can't handle > > '/etc/exports' > > > > Why would kio access files in /etc? > > > > Thanks, > > Dave Feustel > > This sounds more like a question for the KDE people, not OpenBSD [EMAIL > PROTECTED] I submitted the question to kde as well, but I don't think they know security like this list does. (I may be wrong about that). > My guess is that it's for some GUI stuff or something... > Does this behaviour really surprise you? Actually it does, that's why I posted the question which reflects my (possibly naive) astonishment at some of the things I am finding out about kde and X-windows. > If it does, you are running a wrong > window manager (hint: KDE is not in src/, but in ports/ on OpenBSD). Which window manager(s) do you recommend? I'll try it(them). Thanks, Dave
Re: kde: kio accessing files in /etc
On Sunday 07 May 2006 10:53, Jason Dixon wrote: > On May 7, 2006, at 10:38 AM, dave feustel wrote: > > After running kde on 3.9 I found the following error messages in > > the kde error > > log: > > > > kio (KDirWatch): WARNING: KDirWatch::removeDir can't handle > > '/etc/samba/smb.conf' > > kio (KDirWatch): WARNING: KDirWatch::removeDir can't handle > > '/etc/security/fileshare.conf' > > kio (KDirWatch): WARNING: KDirWatch::removeDir can't handle '/etc/ > > exports' > > > > Why would kio access files in /etc? > > Why do you continue to ask questions like this? What do you think > kio is used for? Does your firewall block Google, or are you just lazy? Thanks for the suggestion. I had not thought of trying google for the answer to this question. I just now googled for "kio /etc" and got 413,000 hits. I assume you either do not know, or choose not to post, the answer to my question. But thanks anyways for the help which you did provide. The question is, if I am not doing anything with those files, then why is kio accessing them?
Re: Network problems
On Sunday 07 May 2006 10:28, Jason Dixon wrote: > On May 7, 2006, at 9:21 AM, dave feustel wrote: > > I just upgraded to 3.9 yesterday and today I am having > > severe network problems. This has been happening for the > > past week, but is now much worse. Browser requests take forever > > to complete, I can't ping verizon.com, traceroute doesn't > > work through the new verizon dsl modem which assigns > > a local address of 192.168.1.47 to my computer. The > > modem has address 192.168.1.1. Here is some sample console > > log showing the ping and traceroute problems. > > I called Verizon technical support, but it is useless. > > Any ideas about how to fix this? > > 1) Your ping to mindspring.com succeeds. > 2) Your traceroutes to verizon.com and mindspring.com fail. These > are being blocked by your DSL modem. > 3) Pings to verizon.com are being filtered by Verizon. I wondered about this. > So where are the "severe network problems" you allude to? Konqueror is unusable this morning because almost no web accesses other than those to my local webpages are completing. > And why does your email suggest any of this is related to OpenBSD? As I mentioned, while I was having slow response in Konqueror on 3.8 last week, the response times have become MUCH worse in the last three days, which is roughly the time that I have had 3.9 installed. I did not mean to suggest that OpenBSD is causing these delays. The length of time it takes to get no new messages from verizon mail server suggests strongly that it is a problem with the verizon network. (I *am* having a number of problems with kde 3.5.1, but that is not an OpenBSD issue). I was looking for either 'Me too' or 'No problem here' responses from other OpenBSD users with respect to network throughput problems. Your response seems to fall in the latter category. Thanks for the feedback.
kde: kio accessing files in /etc
After running kde on 3.9 I found the following error messages in the kde error log: kio (KDirWatch): WARNING: KDirWatch::removeDir can't handle '/etc/samba/smb.conf' kio (KDirWatch): WARNING: KDirWatch::removeDir can't handle '/etc/security/fileshare.conf' kio (KDirWatch): WARNING: KDirWatch::removeDir can't handle '/etc/exports' Why would kio access files in /etc? Thanks, Dave Feustel
Network problems
I just upgraded to 3.9 yesterday and today I am having severe network problems. This has been happening for the past week, but is now much worse. Browser requests take forever to complete, I can't ping verizon.com, traceroute doesn't work through the new verizon dsl modem which assigns a local address of 192.168.1.47 to my computer. The modem has address 192.168.1.1. Here is some sample console log showing the ping and traceroute problems. I called Verizon technical support, but it is useless. Any ideas about how to fix this? Thanks, Dave Feustel = /home/daf}ping mindspring.com PING mindspring.com (207.69.189.28): 56 data bytes 64 bytes from 207.69.189.28: icmp_seq=0 ttl=246 time=80.915 ms 64 bytes from 207.69.189.28: icmp_seq=1 ttl=246 time=81.187 ms 64 bytes from 207.69.189.28: icmp_seq=2 ttl=246 time=80.871 ms 64 bytes from 207.69.189.28: icmp_seq=3 ttl=246 time=83.075 ms 64 bytes from 207.69.189.28: icmp_seq=4 ttl=246 time=82.433 ms 64 bytes from 207.69.189.28: icmp_seq=5 ttl=246 time=82.232 ms 64 bytes from 207.69.189.28: icmp_seq=6 ttl=246 time=81.964 ms --- mindspring.com ping statistics --- 7 packets transmitted, 7 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 80.871/81.811/83.075/0.780 ms /home/daf}traceroute mindspring.com traceroute: Warning: mindspring.com has multiple addresses; using 207.69.189.28 traceroute to mindspring.com (207.69.189.28), 64 hops max, 40 byte packets 1 dslrouter (192.168.1.1) 0.632 ms 0.601 ms 0.464 ms 2 * * * 3 * * * 4 * * * 5 * * * 6 * * * 7 * * * 8 * * * 9 smtpsvc8.mindspring.com (207.69.189.28) 79.695 ms * 105.213 ms /home/daf}traceroute verizon.com traceroute to verizon.com (192.76.85.245), 64 hops max, 40 byte packets 1 dslrouter (192.168.1.1) 0.602 ms 0.555 ms 0.483 ms 2 * * * 3 * * * 4 * * * 5 * * * 6 * * * 7 * * * 8 * * * 9 * * * 10 * * * 11 * * * 12 * * * 13 * * * 14 * * * 15 * * * 16 * * * ^C /home/daf} /home/daf}ping verizon.com PING verizon.com (192.76.85.245): 56 data bytes --- verizon.com ping statistics --- 170 packets transmitted, 0 packets received, 100.0% packet loss ===
Re: OpenBSD alternative for Bruce Schneier's "password safe"
On Friday 05 May 2006 15:30, Bob Beck wrote: > > How do you people store passwords in OpenBSD if you have so many of > > them and would need to copy one of them to a password prompt while > > others are aroud you watching your screen? If you are using KDE windows, there is a program called kwalletmanager that (in windows) prevents the disclosure of any of your passwords when they are used. It works pretty well once it is initialized, but first time startup can be a real PITA. Just work your way through it. Dave
Re: /dev/rst[01] Question
On Friday 05 May 2006 13:21, Greg Thomas wrote:
> Someone has cracked your system through a remote KDE exploit
Well! THAT certainly did not take long! 3.9 has been installed on my
computer for less than 24 hours. Must be that newly discovered
X-windows bug. :-)
3.9 seems to run great though. KDE 3.5.1 is definitely quicker, although
I have found a few minor repeatable bugs(Kmail).
Seriously, I do have a number of strange (ie never before seen by me,
at least) error messages in the kde error log. Some of the messages
relate to sockets(-1 errors), DCOP server(rejected internal attach attemps)
and KDE internals. The socket permissions in 3.9 are tighter than they
were in 3.8) but not as tight as I like. (I run the command
"find /tmp -user daf -exec chmod 700 {} \;" as soon as I start kde.
It doesn't seem to break anything.) I noticed also that files in /dev/ptyp*
are accessed but they always seem to be root:wheel crw-rw-rw- which
puzzles me so far.
/dev/rst[01] Question
I have just installed OpenBSD 3.9 and I am running into some strangeness. What are the devices /dev/rst[01]used for? Thanks, Dave
Re: parallel port application
On Friday 05 May 2006 08:21, Tihomir Koychev wrote: > Hi > Can someone suggest simple application which can send data to parallel > port.I want to send 0,1 on pin2 to control relay. > > best regards > Tihomir The approach I have taken to do digital io from OpenBSD is to get an ethernet 24 io module from Saelig which is controlled by UDP packets, The module is made by Elexol and they offer several different io modules (switches, relays, led) available to plug into it. You will have to write your own software since only windows software comes with it. The user manual documents the programming interface completely. www.saelig.com www.elexol.com Dave Feustel
Re: www.openbsd.org defaults to Japanese
On Tuesday 02 May 2006 19:02, Ray Lai wrote: > On Tue, May 02, 2006 at 11:26:37PM +, Tan Dang wrote: > > Any reason why www.openbsd.org displays Japanese by default now? > > April Fools! > > -Ray- Nope. I see Japanese as of just now as well. Kinda Neat! But hard for me to make any sense out of. Dave Feustel -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
Re: (PC video card memory aperture !=0) =>OS Rootability?
On Monday 01 May 2006 21:00, mcb, inc. wrote: > On Mon, 1 May 2006, Dave Feustel wrote: > > > Below is a comment about X-Windows security sent to me > > by a person with a lot of experience in computer security: > > === > > Dave, > > > > X-Windows has been known to be insecure for some time. That is to > > say it can be hacked. > > This is true but doesn't enumerate the attack vectors and their > defenses. It's just a sweeping statement that sounds impressive > to children and maiden aunts. Read this and then get back to me. http://www.ssi.gouv.fr/fr/sciences/fichiers/lti/cansecwest2006-duflot-paper.pdf
Re: Using OpenBSD article in 'The Jem Report'
On Monday 01 May 2006 10:48, Kurt Miller wrote: > On Sunday 30 April 2006 10:56 pm, Dave Feustel wrote: > > This is a very well written article for new users of OpenBSD: > > > > http://www.softwareinreview.com/cms/content/view/34/1/ > > > > One question I have: Is the description in the article of what's > > required to install Java on OpenBSD correct? > > The only thing that looked incorrect to me was the lack > of a jre package. The port builds two packages; one for > the jdk and one for the jre. You can install the jre > using pkg_add or SUBPACKAGE=-jre make install. > > -Kurt Thanks for the tip. Dave -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
Re: (PC video card memory aperture !=0) =>OS Rootability?
Below is a comment about X-Windows security sent to me by a person with a lot of experience in computer security: === Dave, X-Windows has been known to be insecure for some time. That is to say it can be hacked. Now you could get the code and change the sockets that are used or require authentication of every communication. But this would slow it down. You might also have "virtual" x-windows where you use 127.0.0.x as the endpoint and refuse to allow non-local connections. Would implementing virtual x-windows as this person describes above solve the X-Windows security problem on OpenBSD? Thanks Dave Feustel
(PC video card memory aperture !=0) =>OS Rootability?
After looking at the slides for Loic Duffet's presentation http://72.14.203.104/search?q=cache:y-G4z3W2zuQJ:www.cansecwest.com/slides06/csw06-duflot.ppt+%27Lo%C3%AFc+Duflot%27&hl=en&gl=us&ct=clnk&cd=1&ie=UTF-8 on x86 hardware vulnerabilities at CanSecWest, I'm wondering if *any* OS that allows the video card to access PC memory can be 'rooted'. Is this a correct conclusion from Loic's presentation? Is simply running run X windows sufficient to permit 'rooting' of OpenBSD, or must the memory aperture of the video card be non-zero as well? What changes would have to be made to PC hardware architecture to plug the security holes Loic has identified? Thanks, Dave Feustel -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
Re: Using OpenBSD article in 'The Jem Report'
On Sunday 30 April 2006 21:19, David T Harris wrote: > Yes, pretty much. Having installed Java on OpenBSD 3.8 > a few months ago to be able to use the Camera > Cache simulator (which is written in Java) for school, > you do have to install every version of Java listed > (1.3, 1.4, etc) depending on the version you want. > If you want just 1.3 then you don't need 1.4 and 1.5 > (I think), but if you want 1.5 then yes, you need > to get everything prior to that (1.3, 1.4, etc...) as > well as the BSD patchsets for those versions of Java. > > It does take a long time to compile (if you're running > on a computer that's a few years old, like I was), > but it does work quite nicely. After install > and adjusting your PATH correctly, everything > should work like a charm :). I have avoided Java like the plague for years, but now I am getting interested in using it. I probably will try installing it sometime after I get a newer and (much) faster computer with a AMD revision F cpu in it. Dave Feustel -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
Using OpenBSD article in 'The Jem Report'
This is a very well written article for new users of OpenBSD: http://www.softwareinreview.com/cms/content/view/34/1/ One question I have: Is the description in the article of what's required to install Java on OpenBSD correct? Thanks, Dave Feustel -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
OpenBSD 3.9: Blob-Busters Interviewed by Federico Biancuzzi
Article at http://www.onlamp.com/lpt/a/6557 (excerpt) Federico Biancuzzi: I remember that just before releasing 3.8 you had to disable the new behavior of your implementation of malloc()/free() that returned SIGSEGV when accessing a freed area. You had to do this because too many ports were instable (crashing). Does 3.9 enable it by default? Otto Moerbeek: I first have to make a correction: we do unmap unused memory, but not very aggressively. There are too many programs containing "use-after-free" bugs that would stop working if we unmapped unused memory all the time. I remember one of my grad school CS professors mentioning in class one day years ago that The collected algorithms of the ACM (CACM) contained algorithms that would retrieve data from the free area of a stack after the data had been popped from the stack. I remember also being stunned when I heard that. Dave Feustel -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
Re: DHCP range question
On Wednesday 26 April 2006 19:54, Peter Bako wrote:
> A question to the DHCP gods
Here is a handy reference by a couple of dhcp gods
which I have found handy more than once: :-)
http://www.dhcp-handbook.com/
Dave Feustel
> Within the dhcpd.conf file, if I have a defined range and then define a
> single host to be always assigned by MAC address and use an IP address that
> is normally within the DHCP range, is that number automatically excluded
> from the range, or do I have to make sure that the address given out by the
> host statement is outside of the normal DHCP pool? For example:
> -
> shared-network LOCAL-NET {
> option domain-name "xyz.org";
> option domain-name-servers 192.168.14.2;
>
> subnet 192.168.14.0 netmask 255.255.255.0 {
> option routers 192.168.14.1;
>
> range 192.168.14.25 192.168.14.254;
> }
> }
>
> host box1 {
> hardware ethernet xx:xx:xx:xx:xx:xx;
> fixed-address 192.168.14.35;
> }
> -
>
> Thanks,
> Peter
>
>
--
Lose, v., experience a loss, get rid of, "lose the weight"
Loose, adj., not tight, let go, free, "loose clothing"
Re: Problem Compiling Stevens' Socket Source Code
I have uploaded to http://dfeustel.home.mindspring.com/unp-config.h a version of config.h that allows successful compilation of ~98% of the Stevens source files. Let me know of how to fix errors and I will update the file. Dave Feustel -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
How will OpenBSD Defend against Virtual Rootkits?
This question comes to mind as a result of my reading just now VM Rootkits: The Next Big Threat? By Ryan Naraine March 10, 2006 http://www.eweek.com/article2/0,1895,193,00.asp Dave Feustel -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
Re: Problem Compiling Stevens' Socket Source Code
On Monday 24 April 2006 17:10, Tobias Ulmer wrote: > Here's a patch that removes all(?) warnings/errors from the > intro chapter if you followed the instructions in the readme... Tobias, Thanks for the intro chapter patches. I had started directly with chapter 7 since I had purchased a hardware digital I/O module that communicates over ethernet via UDP datagrams (Ether 24 IO - http://elexol.com/Downloads/EtherIO24DS1.pdf available in the US from saelig.com for $99 + shipping ) and I need to learn how to use sendto and recvfrom to control and monitor the I/O bits. It looks to me like the configure script doesn't generate a proper config.h for OpenBSD. I don't know whether config doesn't know about OpenBSD file layout or something is broken in configure. I'm suddenly learning a lot about autoconf, but I still don't see the problem. I currently am tweaking config.h by hand trying to get rid of the compile errors caused by the bad data put in that file by configure. Dave Feustel -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
re Problem Compiling Stevens' Socket Source Code
I wrote previously: > I have downloaded the source code accompanying > Stevens' book _Advanced Network Programming > - The Socket Programming API, vol 1, 3rd ed. I forgot to mention that the souce code tar ball is available at http://www.unpbook.com/src.html. Thanks, Dave Feustel -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
Problem Compiling Stevens' Socket Source Code
I have downloaded the source code accompanying Stevens' book _Advanced Network Programming - The Socket Programming API, vol 1, 3rd ed. After uncompressing the tar ball, cd'ing to the source code directory , running ./configure and attempting to gmake the source in lib, I get a number of errors which seem to stem from failure of the ./configure command to find many of the OpenBSD include files related to sockets. This failure shows up in the file config.h, where defines created during the configure process specify that OpenBSD is missing many include files and socket-related structures. This results in compile errors when socket structures are redefined during compilation. I started to fix individual errors until I figured out that there was a more general problem in ./configure. I have looked at the shell script in ./configure but so far I have not figured out where the configure goes wrong. Is there a simple way to run or fix ./configure so that the config.h generated by configure reflects the actual content of openbsd include files and subsequent compiles of Stevens' source work? Thanks, Dave Feustel -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
Anyone Interested in Programmable AMD Coprocessors?
If Yes, Here You Go: http://www.drccomputer.com/pages/products.html I would get one of these if I could afford it. Dave Feustel -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
Re: Virtualization of OpenBSD 3.9 on Xen
On Friday 21 April 2006 11:10, Stefan Kaltenbrunner <[EMAIL PROTECTED]> wrote: > Dave Feustel wrote: > > On Saturday 15 April 2006 17:53, Anthony Liguori wrote: > > > >>On Sat, 15 Apr 2006 17:39:10 -0500, Dave Feustel wrote: > >> > >>>AMD Pacifica and Intel's VT make possible the virtualization of unmodified > >>>operating systems. Is it still necessary to add code to the hypervisor to > >>>support specific operating systems, or can Xen, as written, support any > >>>arbitrary OS that successfully boots on a PC? (I'm thinking of the BSDs > >>>here). (snipped) > >>While theoretically, > >>VT and SVM ought to allow any OS to run under Xen, in practice, if an OS > >>hasn't been tested as a guest under Xen, it is likely to turn up some bugs > >>or incompleteness. Over time, this will certainly be a less of an issue. > >> > >>The problem has to do with the fact that different OS's will use different > >>instructions when accessing things like page tables. Right now, Xen only > >>emulates the instructions that we know are used by the systems we test > >>with (things like Linux and certain versions of Windows). > > (snipped) > OpenBSD 3.9 works quite fine (installed using the native installer in > the virtualized environment!) as an unmodified guest on my Intel VT box, > with following caveats: > > *) pcn(4) - aka AMD Pcnet does not seem to work well with the emulated > one (send works - receive does not) > > *) ne(4) does work but is complaining about corrupted nic memory under > heavy traffic (does not seem to affect it much other than logging th errors) > > > Stefan -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
ethernet-based video server recommendations
Can anyone recommend brands of video servers (for composite video cameras) that can be initialized and used without Java, Javascript, ActiveX, or any windows software? Thanks, Dave Feustel -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
Firewire
What is the current outlook for OpenBSD support of Firewire? Thanks, Dave Feustel -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
Re: Questions about 3.9 Installation on External USB Disk
On Sunday 09 April 2006 18:39, [EMAIL PROTECTED] wrote: > I do not believe an existing 'a' partition (dos). > I do believe an existing dos partition, > which is something very different from an OpenBSD 'a' partition. I now have installed 3.9 on my external usb drive. There is a bug in the install that causes disklabel to not always include the size of the 'a' partition when computing the offset of the 'b' (swap) partition. This bug does not occur often, but I have seen it at least twice during installs of previous versions of OpenBSD. This bug is not 100% repeatable. I was able to install 3.9 on the usb disk sd0. However, my system is 8 years old and the bios does not support booting from usb devices. I cannot boot from any but fd*, wd*, and cd* right now, unless I reinstall my old scsi subsystems. If, later this year, I buy a new system, boot problems should become moot. Dave Feustel -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
Re: Questions about 3.9 Installation on External USB Disk
On Sunday 09 April 2006 16:41, [EMAIL PROTECTED] wrote: > Something is very confused. > I do not believe an existing 'a' partition (dos). I bought the disk at Best Buy and copied a few files from /home/daf to test the disk. The files were copied to the usb-connected disk and stored in the fat file system already installed on the disk. I don't mind the fat file system on a usb flash disk, but I do mind a fat file system on a large usb hard drive. I wanted to replace the fat file system with default BSD partitions/filesystems. I though I could kill 2 birds with one stone by installing OpenBSD 3.9 on the usb drive. Maybe this is not possible with external usb drives. Until now I have had no experience with usb harddrives running with OpenBSD, hence my caution. Dave
Questions about 3.9 Installation on External USB Disk
I got my 3.9 Cdrom set yesterday and today started installing
it on an external usb disk so as not to wipe out my existing
3.8 setup. When I got to the disk partition, I erased the existing
'a' partition (dos) and created a new bsd 'a' partition. The partition
had a default offset of 32 which looked odd to me, so I changed
it to 64 and sized it to 1G. Then I created a 'b' partition. Again,
the default offset was 32. That looked even odder to me, so
I aborted the installation. A dmesg of the 3.8 boot (with external
usb drive attached) follows at the end of this post.
So is it possible to install 3.9 on an external usb drive and then to
boot from that drive? Is the default 32 offset for a and b partitions
on the usb drive correct? (I don't think so, but I am asking anyways
since I have not used usb hard drives with OpenBSD before).
Thanks,
Dave Feustel
--
OpenBSD 3.8 (GENERIC) #138: Sat Sep 10 15:41:37 MDT 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium III ("GenuineIntel" 686-class) 797 MHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE
real mem = 536190976 (523624K)
avail mem = 482353152 (471048K)
using 4278 buffers containing 26910720 bytes (26280K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 09/17/01, BIOS32 rev. 0 @ 0xfda74
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 30102 dobusy 0 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf2c30/224 (12 entries)
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82371FB ISA" rev 0x00)
pcibios0: PCI bus #3 is the last bus
bios0: ROM list: 0xc/0xb000 0xcb000/0x800
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82815 Hub" rev 0x02: rng active, 7Kb/sec
ppb0 at pci0 dev 1 function 0 "Intel 82815 AGP" rev 0x02
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "ATI Rage Fury" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ppb1 at pci0 dev 30 function 0 "Intel 82801BA AGP" rev 0x02
pci2 at ppb1 bus 2
xl0 at pci2 dev 10 function 0 "3Com 3c905C 100Base-TX" rev 0x78: irq 3, address
00:01:03:23:4c:b3
bmtphy0 at xl0 phy 24: Broadcom 3C905C internal PHY, rev. 7
ohci0 at pci2 dev 11 function 0 "NEC USB" rev 0x41: irq 11, version 1.0
usb0 at ohci0: USB revision 1.0
uhub0 at usb0
uhub0: NEC OHCI root hub, rev 1.00/1.00, addr 1
uhub0: 3 ports with 3 removable, self powered
ohci1 at pci2 dev 11 function 1 "NEC USB" rev 0x41: irq 9, version 1.0
usb1 at ohci1: USB revision 1.0
uhub1 at usb1
uhub1: NEC OHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
ehci0 at pci2 dev 11 function 2 "NEC USB" rev 0x01: irq 11
usb2 at ehci0: USB revision 2.0
uhub2 at usb2
uhub2: NEC EHCI root hub, rev 2.00/1.00, addr 1
uhub2: 5 ports with 5 removable, self powered
ppb2 at pci2 dev 12 function 0 "Texas Instruments PCI2250 PCI-PCI" rev 0x02
pci3 at ppb2 bus 3
sis0 at pci3 dev 0 function 0 "NS DP83815 10/100" rev 0x00: DP83816A, irq 9,
address 00:00:24:c3:4c:c0
nsphyter0 at sis0 phy 0: DP83815 10/100 PHY, rev. 1
sis1 at pci3 dev 1 function 0 "NS DP83815 10/100" rev 0x00: DP83816A, irq 11,
address 00:00:24:c3:4c:c1
nsphyter1 at sis1 phy 0: DP83815 10/100 PHY, rev. 1
sis2 at pci3 dev 2 function 0 "NS DP83815 10/100" rev 0x00: DP83816A, irq 3,
address 00:00:24:c3:4c:c2
nsphyter2 at sis2 phy 0: DP83815 10/100 PHY, rev. 1
sis3 at pci3 dev 3 function 0 "NS DP83815 10/100" rev 0x00: DP83816A, irq 11,
address 00:00:24:c3:4c:c3
nsphyter3 at sis3 phy 0: DP83815 10/100 PHY, rev. 1
eap0 at pci2 dev 13 function 0 "Ensoniq AudioPCI97" rev 0x07: irq 11
ac97: codec id 0x83847608 (SigmaTel STAC9708/11)
ac97: codec features 18 bit DAC, 18 bit ADC, SigmaTel 3D
audio0 at eap0
midi0 at eap0:
ichpcib0 at pci0 dev 31 function 0 "Intel 82801BA LPC" rev 0x02
pciide0 at pci0 dev 31 function 1 "Intel 82801BA IDE" rev 0x02: DMA, channel 0
wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 1:
wd0: 16-sector PIO, LBA, 76345MB, 156355584 sectors
wd0(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 5
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: SCSI0 5/cdrom
removable
atapiscsi1 at pciide0 channel 1 drive 1
scsibus1 at atapiscsi1: 2 targets
cd1 at scsibus1 targ 0 lun 0: SCSI0 5/cdrom
removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
cd1(pciide0:1:1): using PIO mode 4, Ultra-DMA mode 2
uhci0 at pci0 dev 31 function 2 "Intel 82801BA USB" rev 0x02: irq 10
usb3 at uhci0: USB revision 1.0
uhub3 at usb3
uhub3: Intel UHCI root hub, r
3.9 packages
I did not find them at the mirror I checked. Will they be available for download prior to May 1st? Thanks, Dave Feustel -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
Re: Motion Jpeg Video on OpenBSD
followup: Jacob Meuser suggested using ffplay from the ffmjpeg package. I installed ffmjpeg-20050413.tgz from the 3.8 package collection and ffplay does in fact play video from my ethernet-connected video camera. Dave Feustel
problem building xine-lib on 3.8
I am now trying to build xine to be able to display mjpeg files on OpenBSD. I get the following error attempting to build xine-lib on OpenBSD 3.8: gmake[3]: Entering directory `/home/daf/Xine/xine-lib-1.1.1/src/xine-utils' if /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../i nclude -I../../include -I../../src -I../../src/xine-engine -I../../src/xine-engine -I../../src/xine-ut ils -I../../intl -I../../intl -I../../src/input -I../../src/input -I../../lib -I/usr/X11R6/include-mcpu=i386 -O3 -pipe -fomit-frame-pointer -falign-functions=4 -falign-loops=4 -falign-jumps=4 -mprefe rred-stack-boundary=2 -fexpensive-optimizations -fschedule-insns2 -fno-strict-aliasing -ffast-math -fn o-inline-functions -Wall -Wnested-externs -Wcast-align -Wchar-subscripts -Wmissing-declarations -Wmiss ing-prototypes -DNDEBUG -D_REENTRANT -D_FILE_OFFSET_BITS=64 -DXINE_COMPILE -MT cpu_accel.lo -MD -MP-MF ".deps/cpu_accel.Tpo" -c -o cpu_accel.lo cpu_accel.c; \ then mv -f ".deps/cpu_accel.Tpo" ".deps/cpu_accel.Plo"; else rm -f ".deps/cpu_accel.Tpo"; exit 1; fi gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../include -I../../include -I../../src -I../../src/x ine-engine -I../../src/xine-engine -I../../src/xine-utils -I../../intl -I../../intl -I../../src/input -I../../src/input -I../../lib -I/usr/X11R6/include -mcpu=i386 -O3 -pipe -fomit-frame-pointer -falign-f unctions=4 -falign-loops=4 -falign-jumps=4 -mpreferred-stack-boundary=2 -fexpensive-optimizations -fsc hedule-insns2 -fno-strict-aliasing -ffast-math -fno-inline-functions -Wall -Wnested-externs -Wcast-ali gn -Wchar-subscripts -Wmissing-declarations -Wmissing-prototypes -DNDEBUG -D_REENTRANT -D_FILE_OFFSET_ BITS=64 -DXINE_COMPILE -MT cpu_accel.lo -MD -MP -MF .deps/cpu_accel.Tpo -c cpu_accel.c -fPIC -DPIC -o.libs/cpu_accel.o In file included from xineutils.h:64, from cpu_accel.c:41: /usr/include/malloc.h:4:2: warning: #warning " is obsolete, use " cpu_accel.c: In function `arch_accel': cpu_accel.c:109: error: can't find a register in class `BREG' while reloading `asm' cpu_accel.c:117: error: can't find a register in class `BREG' while reloading `asm' cpu_accel.c:133: error: can't find a register in class `BREG' while reloading `asm' cpu_accel.c:135: error: can't find a register in class `BREG' while reloading `asm' gmake[3]: *** [cpu_accel.lo] Error 1 gmake[3]: Leaving directory `/home/daf/Xine/xine-lib-1.1.1/src/xine-utils' gmake[2]: *** [all-recursive] Error 1 gmake[2]: Leaving directory `/home/daf/Xine/xine-lib-1.1.1/src' gmake[1]: *** [all-recursive] Error 1 gmake[1]: Leaving directory `/home/daf/Xine/xine-lib-1.1.1' gmake: *** [all] Error 2 === I don't see any reference to 'BREG' in the source code. google 'xibe-lib breg openbsd' returns indications of a problem with fPIC, but the messages are from 2003. Can this be made to work with 3.8 or 3.9? Thanks, Dave Feustel -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
kmplayer no longer in packages
I see that kde kmplayer was dropped from i386 packages as of 3.7. Does anyone remember why that happened? Is there any way now to play mjpeg files from within Konqueror? Thanks, Dave Feustel -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
Intel doc paralyses both xpdf and kpdf at page 16
I'm running KDE 3.4.2 on OpenBSD 3.8 Doc: Intel(r)_VT_for_Direct_IO.pdf from ftp://download.intel.com/technology/computing/vptech/Intel(r)_VT_for_Direct_IO.pdf Possibly relevant error message: /home/daf/Intel}Error: PDF version 1.6 -- xpdf supports version 1.5 (continuing anyway) Both programs freeze and stop responding when I attempt to display page 16 of the doc. Kill -9 seems to be the only way to exit. xpdf is version 3.00p5 Dave Feustel -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
usb peripheral device support
I have been looking for webcams to use with openbsd. Am I correct in assuming that cameras which require their own drivers cannot be used with openbsd even if I had the source for the drivers unless the driver code were added to the openbsd kernel? So, assuming my assumption is correct, I am restricting my search to webcams with an ethernet interface and a builtin webserver. I have found one such camera at Hawkingtech.com. Does anyone recommend any other ethernet-interfaced webcams? Thanks, Dave Feustel Dave Feustel http://www.mindspring.com/~dfeustel
Boost
Has anyone successfully compiled the Boost libraries (read aboutthem at boost.org) on OpenBSD 3.8 or 3.9? Thanks, Dave Feustel Dave Feustel http://www.mindspring.com/~dfeustel
Re: PF or BPF
On Monday 13 February 2006 21:25, Damien Miller wrote: > On Mon, 13 Feb 2006, Dave Feustel wrote: > > > Marco, > > > > I would like to add that I appreciate the work you and the rest of the > > crew are doing to develop OpenBSD. > > Please show your appreciation by educating yourself using the available > manpages (which represent a huge amount of work) before asking questions > whose answers can easily be found with a little reading. > > -d Roger. Wilco. -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
Re: PF or BPF
Marco, I would like to add that I appreciate the work you and the rest of the crew are doing to develop OpenBSD. On Monday 13 February 2006 19:36, Marco Peereboom wrote: > http://www.oxide.org/cvs/tedu.html > Commit Statistics: > > Total: 864 > src: 834 (96.528%) > ports: 6 (0.694%) > www: 24 (2.778%) > Total Days: 1095 > Average per day: 0.789 > Oldest: Tue Jan 28 16:00:45 MST 2003 > Newest: Sat Jan 28 00:27:38 MST 2006
Re: PF or BPF
On Monday 13 February 2006 19:36, Marco Peereboom wrote: > Time for you to start using Linux, Windows or OSX. > OpenBSD is clearly not fulfilling your needs Your psychic abilities are failing you again. > and the lists are unfriendly. So What? > http://www.oxide.org/cvs/tedu.html > Commit Statistics: > > Total: 864 > src: 834 (96.528%) > ports: 6 (0.694%) > www: 24 (2.778%) > Total Days: 1095 > Average per day: 0.789 > Oldest: Tue Jan 28 16:00:45 MST 2003 > Newest: Sat Jan 28 00:27:38 MST 2006 > > Dave Feustel: > Commit Statistics: > > Total: 0 So What? -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
Re: PF or BPF
On Monday 13 February 2006 14:52, Jason Crawford wrote: > You cannot learn all there is to know about bpf and how to effectively > use it in 10 minutes, so you, personally, do NOT need to use bpf at > all. It's what the other utilities like pf and tcpdump use to do what > they do. The utilities are nice user friendly wrappers to the bpf > interfaces, and someone with your experience (lack there of?) should > probably not be touching bpf directly. bpf is very powerful and very > useful, but you really need to understand a lot more than what you > have grasped so far to use bpf effectively. Well, one thing is for certain, the caustic responders to this thread aren't psychic. So let's try a r e a l s i m p l e q u e s t i o n : What OpenBSD programs use bpf. Please don't try to figure out why I am asking the question. Just answer it or go do something else that won't upset you. Thanks, Dave Feustel -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
Re: PF or BPF
On Monday 13 February 2006 13:51, dereck wrote: > This is getting ridiculous! The guy said he was under > attack.(!) What is the point of a _misc_ list anyway? > He's not clogging the dev list! > > The responses here are totally out of line. Haven't > any of you guys EVER had a desperate situation before? Dereck, Thanks for the support. However, my situation is not desparate. By refusing to answer a question to which he indicated he had an answer, Ted has left all of us hanging as to whether he *really* knows what the differences are between the capabilities of pf and bpf. *I* could certainly not testify that Ted actually knows the answer to that question as he claims to. :-) (BTW, I had read the bpf man page and, frankly, I couldn't make any sense out of it on first reading. I started getting a better idea of bpf by the time I started reading the freebsd bpf man page, but then I started wondering "why bother with bpf? How do I even use it?". It must have a useful purpose or it wouldn't be in OpenBSD.) Maybe someone else can jump in here. Dave -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
Re: PF or BPF
On Monday 13 February 2006 12:45, Ted Unangst wrote: > On 2/13/06, Dave Feustel <[EMAIL PROTECTED]> wrote: > > What can BPF do that PF can not? > > different things. OK, I'll bite. Such as? (this might be a loong, drawnout thread, but I've got time :-)) -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
PF or BPF
What can BPF do that PF can not? Thanks, Dave Feustel -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
Re: X11 Demo programs
On Sunday 12 February 2006 16:43, [EMAIL PROTECTED] wrote: > Dave Feustel wrote: > [snip] > > Well, I'm lazy, so I let pf drop all unsolicited incoming > > traffic. Works Great! > > Lets me experiment with my system in peace and safety. > > Not really. > Depends on what you can be conned into soliciting. I think I understand what you mean, but could you please elaborate just in case I am wrong? Thanks. -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
Re: X11 Demo programs
On Sunday 12 February 2006 16:28, Grumpy wrote: > > Damn! FedGov agencies must LOVE X11! My slogan is now 'block in all'! > > I'm looking forward to your slogan being ``I'll keep my mouth shut''. > > Grumpy Please hold your breath! :-)) -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
Re: X11 Demo programs
On Sunday 12 February 2006 16:06, Mats O Jansson wrote: > On Sun, 12 Feb 2006, Dave Feustel wrote: > > > The source and OpenBSD executables for five X11 demo programs > > is now available at http://dfeustel.home.mindspring.com/e-files.zip. > > The programs are xkey, xspy, xwatchwin, xghostwriter, and xevact. > > The code and makefiles have been tweaked enough to compile > > and run on OpenBSD 3.8, but the original unmodified code is contained > > in the .tgz files in the zip file. > > > > Xspy and xkey are key logging programs. I got one of these programs > > to log kde konsole keystrokes to a different user login running in > > console mode after I ran xhost + in the kde session. > > You are a fucking genius! Why didn't I think of that? Security is much > harder when you turn it off. Well, I'm lazy, so I let pf drop all unsolicited incoming traffic. Works Great! Lets me experiment with my system in peace and safety. > -moj > > > Xwatchwin allows you to peek at a window on another X server. > > > > Xghostwriter is supposed to make the x11 keyboard seem to be > > demonically possessed. It doesn't quite work, but probably can > > be made to work by anyone with a little x11 experience. > > > > Xevact is a more complicated program. Read the documentation > > to see what it does. I took the sound features out of the OpenBSD > > version of the program to get it to compile since I never use sound > > effects on my computer. > > > > Documentation of these programs is sparse, but adequate to run the programs. > > > > Have Fun, > > Dave Feustel > > -- > > Lose, v., experience a loss, get rid of, "lose the weight" > > Loose, adj., not tight, let go, free, "loose clothing" > > > > > > -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
Re: X11 Demo programs
On Sunday 12 February 2006 16:03, Matthias Kilian wrote: > On Sun, Feb 12, 2006 at 03:23:06PM -0500, Dave Feustel wrote: > > I got one of these programs > > to log kde konsole keystrokes to a different user login running in > > console mode after I ran xhost + in the kde session. > ^^^ > > This is exactly how it is supposed to work. If you explicitely give > the world to access your display, don't cry if the world *does* > access your display. See xhost(1). And stop trolling by constantly > posting non-issues. > > Ciao, > Kili, adjusting filters Damn! FedGov agencies must LOVE X11! My slogan is now 'block in all'! -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
X11 Demo programs
The source and OpenBSD executables for five X11 demo programs is now available at http://dfeustel.home.mindspring.com/e-files.zip. The programs are xkey, xspy, xwatchwin, xghostwriter, and xevact. The code and makefiles have been tweaked enough to compile and run on OpenBSD 3.8, but the original unmodified code is contained in the .tgz files in the zip file. Xspy and xkey are key logging programs. I got one of these programs to log kde konsole keystrokes to a different user login running in console mode after I ran xhost + in the kde session. Xwatchwin allows you to peek at a window on another X server. Xghostwriter is supposed to make the x11 keyboard seem to be demonically possessed. It doesn't quite work, but probably can be made to work by anyone with a little x11 experience. Xevact is a more complicated program. Read the documentation to see what it does. I took the sound features out of the OpenBSD version of the program to get it to compile since I never use sound effects on my computer. Documentation of these programs is sparse, but adequate to run the programs. Have Fun, Dave Feustel -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
Re: Sudo
On Saturday 11 February 2006 12:17, Steve Tornio wrote: > man sudoers Thanks to all who replied. I will try hard to be more thorough in the future. Dave -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
Re: Sudo
On Saturday 11 February 2006 11:04, [EMAIL PROTECTED] wrote: > man sudo for starters. > (actually that's quite enough even for a noob like me) > (even a very out of date linux is enough) > sheesh Actually --with-tickets is not mentioned in sudo. (I was sent '--with-tickets' info off-list by a helpful person.) I found out via a google search on 'tickets sudo' about the behavior I had discovered and reported. Then after Otto let me know how pathetic my post was, I went back to man sudo but found nothing about tickets or about sudo being active in all shells. There may be something in the sudo man page that describes this behavior, but I haven't spotted it yet. My reading skills must be deteriorating. -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
Re: X11 exploit info
On Saturday 11 February 2006 10:59, Roman Hunt wrote: > > Dude what is your major f*&^%! malfunction? Years ago this sh!^ would've > never been allowed to fly on this list. Sorry. I don't intend to offend or to irritate. Just out of curiosity, how old are you? Also, to which post are you referring? > Maybe you think that posting all this ridiculous shit is funny but it's > really not. Actually, I don't think it's rediculous or funny, but you have a right to your opinion and also to express it. > Go take a class at a community college and learn the basics before you post > again. I may well be the only person in Fort Wayne using OpenBSD or even pretending to know anything about it. I am not aware of any courses in BSD around here. > PLEASE! And definitely stop wasting your time trying > To discover how to exploit systems you are unable to comprehend. Actually, I am in defensive mode. My system is clearly being penetrated. I am trying to find and plug the holes. So far running pf with a block in all' seems to be the most effective defense. I opened up port 80 to run Apache, but I started having problems again, so I went back to the 'block all' rule. I've found and reported to kde and misc a security problem in the way kde is currently ported to OpenBSD. The kde developers understand the problem and, last I heard, had a fix in the pipeline. I've got a kludge fix for that problem now. But I am still seeing signs of intrusion, so there are either still unblocked (kde or x11) holes that I haven't found that provide intruders with at least user privileges, or my system was rooted at some point in the past and will continue to be rooted until I either reinstall or upgrade to 3.9 sometime after May. Today I found two attempts to access port 6000. One from China, the other from Korea. > That said If you ever need serious system administration help for a > serious issue (not one you make up when you are all paranoid and gunning > to be a BIG HACKER HERO) then feel free to ask me and I'll be happy to help. I have no interest in being a cracker. I've looked at what is typically involved in cracking a system or creating shell code and I have no interest in spending my time doing either, although I have more than enough experience with x86 assembly code for that time-wasting activity. I have other projects that I need to spend time on. Are you interested in general relativity, electromagnetism, or tensors? I definitely need help with tensors. And I do appreciate your offer of help. I only wish it weren't so hard to explain things by email. Dave > - > Roman > > > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > Dave Feustel > Sent: Saturday, February 11, 2006 6:04 AM > To: misc@openbsd.org > Subject: X11 exploit info > > > at http://www.hackinglinuxexposed.com/articles/ > is a 3-part series on X-11 exploits which those who > think they understand x11 security might wish to > read and comment upon. I clearly don't understand > x11 security so I have no comments, but I will read > with great interest comments by anyone else. > > 05-Jul-2004: SSH Users beware: The hazards of X11 forwarding Logging into > another machine can compromise your desktop... > > 08-Jun-2004: The ease of (ab)using X11, Part 2 > Abusing X11 for fun and passwords. > > 13-May-2004: The ease of (ab)using X11, Part 1 > X11 is the protocol that underlies your graphical desktop environment, and > you need to be aware of its security model. > > Dave Feustel -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
Re: Sudo
On Saturday 11 February 2006 10:42, Otto Moerbeek wrote: > > On Sat, 11 Feb 2006, Dave Feustel wrote: > > > I don't know whether this is or would be considered as a bug, > > or whether it is generally known, but sudo, when successfully > > invoked with a password in one shell, becomes active in all > > shells of that user for the timed duration. > > This is pathetic. Why don't you read the docs before posting such a > "discovery"? > > -Otto Which docs? -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
Sudo
I don't know whether this is or would be considered as a bug, or whether it is generally known, but sudo, when successfully invoked with a password in one shell, becomes active in all shells of that user for the timed duration. Dave Feustel -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
X11 exploit info
at http://www.hackinglinuxexposed.com/articles/ is a 3-part series on X-11 exploits which those who think they understand x11 security might wish to read and comment upon. I clearly don't understand x11 security so I have no comments, but I will read with great interest comments by anyone else. 05-Jul-2004: SSH Users beware: The hazards of X11 forwarding Logging into another machine can compromise your desktop... 08-Jun-2004: The ease of (ab)using X11, Part 2 Abusing X11 for fun and passwords. 13-May-2004: The ease of (ab)using X11, Part 1 X11 is the protocol that underlies your graphical desktop environment, and you need to be aware of its security model. Dave Feustel -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
Pet-grub.com a cia front?
Tonight, looking for info on cat food, I may have found a cia front company(Just Kidding!!!). When I enter pet-grub.com in the Konqueror location bar, Konqueror is redirected to https://comm.cia.gov/cgi/comment_form.cgi before the webpage for pet-grub.com is fully loaded. This so far (6 times) is 100% repeatable, even after shutting down and restarting kde. What is particularly interesting is that using lynx to access pet-grub.com results in only the expected web page to be displayed. It looks like there may still be a few security holes to be dealt with. I've started running apache webserver. My web address (until the next power failure) is 71.97.182.5. Feel free to try to hack it. -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
Strange xauth entry
I found the entry 10.0.3.15:0 in my .Xauthority file via the xauth list command. Assuming that I did not add that entry to the file, how might it have been added? Thanks, Dave Feustel -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
Re: OpenBSD security could be tightened up easily
Just for reference, here is the original post in this thread, which for some reason, I do not find in the reverse misc archive. --- OpenBSD security could be tightened up easily Date: 2006-02-05 08:09 From: Dave Feustel <[EMAIL PROTECTED]> To: misc@ OpenBSD's handling of file permissions needs work. Good security practice requires that root's default permission set by umask should be 077. But setting root's umask to this value breaks the package install mechanism since all files installed by root with umask 077 are unavailable to users. Also, all x11 and kde sockets are created with permissions up to and including 777 that can be restricted with no loss of functionality. I now routinely chmod all sockets in /tmp and $TMPDIR to 600 immediately upon starting up kde and have seen no errors generated by this. The problem with insecure [tp]ty allocation in kde is still not fixed as far as I know, although I see a new kdelibs in errata. (this problem occurs only in OpenBSD so far as I know), It might also be a good idea to run pf by default with the rule "block all in" to prevent intruders taking advantage of undiagnosed security problems in kde or x11. ALL of my strange problems with kde have ceased since I started running pf with this rule. Having said this, I would like to add that OpenBSD looks better than ever to me now and I recommend it highly to people I talk to. OpenBSD is the Rock upon which I build everything else. Dave Feustel
Re: OpenBSD security could be tightened up easily
On Tuesday 07 February 2006 13:16, Ted Unangst wrote: > On 2/5/06, Dave Feustel <[EMAIL PROTECTED]> wrote: > > Also, all x11 and kde sockets are created with permissions up to and > > including 777 that can be restricted with no loss of functionality. I now > > and how are other users going to connect to the socket then? > Since all six x11/kde sockets that I chmod to 600 have me as the owner, I assume that no one else should be connecting to those sockets. -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
OpenBSD security could be tightened up easily
OpenBSD's handling of file permissions needs work. Good security practice requires that root's default permission set by umask should be 077. But setting root's umask to this value breaks the package install mechanism since all files installed by root with umask 077 are unavailable to users. Also, all x11 and kde sockets are created with permissions up to and including 777 that can be restricted with no loss of functionality. I now routinely chmod all sockets in /tmp and $TMPDIR to 600 immediately upon starting up kde and have seen no errors generated by this. The problem with insecure [tp]ty allocation in kde is still not fixed as far as I know, although I see a new kdelibs in errata. (this problem occurs only in OpenBSD so far as I know), It might also be a good idea to run pf by default with the rule "block all in" to prevent intruders taking advantage of undiagnosed security problems in kde or x11. ALL of my strange problems with kde have ceased since I started running pf with this rule. Having said this, I would like to add that OpenBSD looks better than ever to me now and I recommend it highly to people I talk to. OpenBSD is the Rock upon which I build everything else. Dave Feustel -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
Re: httpd question - solved
On Saturday 04 February 2006 16:57, L. V. Lammert wrote: > On Sat, 4 Feb 2006, Dave Feustel wrote: > > > I am now starting httpd at boot. It reports that it cannot > > determine the fully qualified domain name and listens to > > only 127.0.0.1. How can I set the ip address to which httpd > > listens to the address assigned to me by verizon's dhcp server? > > > ahh, .. httpd.conf & ifconfig?? > > Lee I started httpd successfully after I commented out the change I had made to the email address for the server administrator (which apparently set off DNS requests - a bad thing for a server with no name) and set ServerName to the ip address assigned to my computer. I will have to update ServerName each time I get a new IP address. Dave Feustel -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
httpd question
I am now starting httpd at boot. It reports that it cannot determine the fully qualified domain name and listens to only 127.0.0.1. How can I set the ip address to which httpd listens to the address assigned to me by verizon's dhcp server? Thanks, Dave Feustel -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
pf question - solved
I found the solution in the pf faq: skip lo0. This rule is not mentioned in Artymiak's book which I had been reading. I will now read the complete pf faq to see what I have not been aware of. Dave Feustel
pf question
After getting pf working with a "block in all" rule,
I am now trying to add a rule to allow local and internet access to my
webserver.
I have been able to access the web server from a computer on a subnet,
I copied a rule from the OpenBSD pf faq which would seem to accomplish this,
(see ruleset below) but nothing comes back even to my browser running on the
same computer.
What pf rule(s) do I have to change/add to permit my browser and others on the
internet to access the web server?
Thanks,
Dave Feustel
===current pf ruleset
ext_if = "xl0"
#ext_ad = "71.97.201.76"
ext_ad = "(xl0)"
web_server = "(xl0)"
pr1 = "192.168.1.1/24"
pr2 = "192.168.2.1/24"
pr3 = "192.168.3.1/24"
pr4 = "192.168.4.1/24"
nat_proto = "{tcp, udp, icmp}"
# options
set require-order yes
set block-policy drop
set optimization normal
set loginterface none
# scrubbing
scrub in all
scrub out all
# nat rules
nat on $ext_if inet proto $nat_proto \
from {$pr1, $pr2, $pr3, $pr4} to any -> $ext_ad
# filtering
pass in quick on sis1
block in log all
pass in on $ext_if proto tcp to $web_server \
port www flags S/SA keep state \
(max 200, source-track rule, max-src-nodes 100, max-src-states 3)
pass out log quick on $ext_if inet \
from ($ext_if) to any flags S/SA keep state
antispoof for $ext_if
===
Port Question
PF works GREAT! Here is a list of ports that have had data sent to them today. The 2nd number is the number of packets dropped. Is there anything in the list that I should pay particular attention to? Thanks, Dave Feustel 23 104 telnet 23/udp Telnet 31 3 msg-auth 31/udp MSG Authentication 34 4 # 34/udp Unassigned 35 3 35/udp any private printer server 50 8 re-mail-ck 50/udp Remote Mail Checking Protocol 290 12 296 12 349 18 mftp 349/udp mftp 376 3 nip 376/udp Amiga Envoy Network Inquiry Proto 377 8 tnETOS 377/udp NEC Corporation 380 1 is99s 380/udp TIA/EIA/IS-99 modem server 487 5 saft 487/udp saft Simple Asynchronous File Transfer 490 2 micom-pfs 490/udp micom-pfs 495 2 intecourier 495/udp intecourier 496 2 pim-rp-disc 496/udp PIM-RP-DISC 525 5 timed 525/udp timeserver 900 1 omginitialrefs 900/udp OMG Initial Refs 906 8 921 5 -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
Re: Securia Rates OpenBSD
On Monday 23 January 2006 18:37, Bill wrote: > On Mon, 23 Jan 2006 17:08:00 -0500 > Dave Feustel <[EMAIL PROTECTED]> spake: > > > Securia gives OpenBSD a pretty nice security rating at > > http://secunia.com/product/100/ > > Hi Dave, > > I did not see how Securia gives OpenBSD a high rating... All I could > find on that page were statistics on vulnerabilities, which I think > only reflects the project. Did I miss it? Definitely credit goes to > the OpenBSD team for this - of course its why we are here in the first > place, right? :) You are correct. Securia didn't give a rating. I was referring to my interpretation of the rather nice-looking report indicating zero unpatched vulnerabilities. I have been googling a lot lately looking for information about ways that sockets can be exploited if permissions are loose. I've run across a few for KDE and X-windows. I have had no obvious trouble with gremlins lately. I attribute that to running pf with a rule to block and drop all unsolicited in-bound traffic. I was really surprised by how much unsolicited traffic is coming my way. > But its fun to see the statistics... and 0 open vulnerabilies That's what impressed me too. > Anyway, In any case this definitely will help some saavy IT person sell > their less agile brained management on allowing OpenBSD! I recommend OpenBSD to everyone. I *am* beginning to see that switching could be quite hard for the average Joe Sixpack for a number of reasons. I'm glad I had previous exposure to unix. Dave -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
Re: Securia Rates OpenBSD
On Monday 23 January 2006 18:41, eric wrote: > On Mon, 2006-01-23 at 17:08:00 -0500, Dave Feustel proclaimed... > > > Securia gives OpenBSD a pretty nice security rating at > > http://secunia.com/product/100/ > > Shouldn't this go to advocacy@ ? That did not occur to me, but you have a point there. -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
Securia Rates OpenBSD
Securia gives OpenBSD a pretty nice security rating at http://secunia.com/product/100/ -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
/dev permissions question
I notice that the permissions on /dev/ttyp* are reset to 666 on boot, but that the permissions on /dev/ptyp* are not altered. Is there a reason for the differential treatment of the two groups of devices? Thanks, Dave Feustel -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
Re: ssh to computer with variable ip address
On Sunday 15 January 2006 12:14, Peter Philipp wrote: > On Sun, Jan 15, 2006 at 11:45:35AM -0500, Dave Feustel wrote: > > I now have a working ssh connection to a computer on > > my subnet by using the (hardwired) ip address in the > > known_hosts file. How can ssh be used to connect to a > > computer with a (variable) dhcp-assigned ip address, > > given that the ip address can change at any time? > > I do this although not on a LAN with DHCP addressing but on the Internet on > several computers registering to a self-made lookup service. On a LAN with > DHCP you may be able to configure Dynamic DNS to identify what hosts have > what IP address. You should take care of the StrictHostKeyChecking which > will complain that a known hosts will have a different Public Host Key. > You'll get those "this could mean a man-in-middle attack" type messages which > you'll have to ignore and possibly edit the .ssh/known_hosts to get rid of > any entries there. Also you won't really know for sure what host is what > so it's probably safer to resort to rsa/dsa key authentication as password > authentication should be avoided since the host behind an IP could be a > malicious host with purpose to gobble up passwords. > > Cheers, > > -peter Thanks, Peter! I got this working internally by using the ip address of the internal ethernet adaptor. I have in the past just posted dhcp-assigned ip addresses of http servers on my public website where they could be used as indirect addressing. -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
ssh to computer with variable ip address
I now have a working ssh connection to a computer on my subnet by using the (hardwired) ip address in the known_hosts file. How can ssh be used to connect to a computer with a (variable) dhcp-assigned ip address, given that the ip address can change at any time? Thanks, Dave Feustel -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
Re: rc.conf.local question
On Friday 13 January 2006 07:15, Hannah Schroeter wrote: > Hello! > > On Thu, Jan 12, 2006 at 09:36:14PM -0500, Dave Feustel wrote: > >[...] > > >I also am using dhcp to get an ip address from verizon when I boot up. > > As long as you serve your own dhcp on different interfaces than the > one you use dhclient on, it should be not much of a problem. Dhcpd works now when I boot. Thanks to the emailers for the pointers. > I've got a hairy setup running, though, with dhclient and dhcpd on > the *same* interface. But I wouldn't recommend it to thin-skinned > people. Usually, a second NIC is cheaper than the loss of time and > perhaps even health, unless you're a warped hacker ;-) Using sis0 for internet and sis[1-3] for local nets was my original plan. But I think I now know how to make my pci expansion chassis work with OpenBSD, so unless I need a *lot* of slots, I will use separate NICs for internet and local nets. BTW, I noticed last week that the 7-slot Magma pci expansion chassis was selling for ~$70 on EBay. It cost over $1000 new when I bought mine years ago. > Or you want to have it run *now* without sacrificing the time to > buy a second NIC... ;-) > > >-- > >Lose, v., experience a loss, get rid of, "lose the weight" > >Loose, adj., not tight, let go, free, "loose clothing" > > I appreciate language education. Another one: "its" = "of it", "it's" = > "it is". ;-) If only .sig files didn't have to be so short! Dangling participial phrases are extremely frequent.
Re: rc.conf.local question
On Thursday 12 January 2006 20:28, Alexander Hall wrote: > Dave Feustel wrote: > > I added the statement dchpd_flags="-d sis0 sis1 sis2 sis3" to rc.conf.local, > > but dhcpd is not started at bootup. Is something else needed to get > > dhcpd started automatically? > > Why would you want the output to stderr when starting from /etc/rc? That > could be your problem. The -d flag for debugging when I was starting dhcpd manually while I was getting it to work. Now it works and I want it to start automatically. I've removed the -d flag. > On a sidenote, set dhcpd_flags="" and add your interfaces to > /etc/dhcpd.interfaces. Magic will happen (see /etc/rc). I had added sis[0-3] to /etc/dhcpd.interfaces. Maybe the redundant specification of the sis interfaces caused a problem with rc.conf startup of dhcpd. I've made dhcpd="" again for normal operation. I also am using dhcp to get an ip address from verizon when I boot up. > /Alexander > -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
Re: rc.conf.local question
On Thursday 12 January 2006 20:13, Jason Dixon wrote: > On Jan 12, 2006, at 7:52 PM, Dave Feustel wrote: > > > I added the statement dchpd_flags="-d sis0 sis1 sis2 sis3" to > > rc.conf.local, > > but dhcpd is not started at bootup. Is something else needed to get > > dhcpd started automatically? > > Spelling it right would help. :) That's why I like cut and paste so much. :-) > -- > Jason Dixon > DixonGroup Consulting > http://www.dixongroup.net > > > > -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
rc.conf.local question
I added the statement dchpd_flags="-d sis0 sis1 sis2 sis3" to rc.conf.local, but dhcpd is not started at bootup. Is something else needed to get dhcpd started automatically? Thanks, Dave Feustel -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
Re: "DadOS" - sys shutdown with XDM
On Wednesday 04 January 2006 02:36, Otto Moerbeek wrote: > > On Tue, 3 Jan 2006, Dave Feustel wrote: > > > On Tuesday 03 January 2006 17:50, Otto Moerbeek wrote: > > > > > > On Tue, 3 Jan 2006, Dave Feustel wrote: > > > > > > > On Tuesday 03 January 2006 17:11, J.C. Roberts wrote: > > > > > > > > > The rule of thumb for granting privileges is simple; avoid granting > > > > > permissions whenever possible. > > > > > > > > Check the ownership/privileges on /tmp/.X11-unix/X0 after you start kde > > > > or Xorg. > > > > > > Come on, this is a unix domain socket, as has been pointed out before. > > > You keep on repeating this nonsense. Having a world writable socket is > > > not a problem in itself. X has it's own authentication/authorization > > > scheme, which is used both for unix domain sockets and tcp sockets. > > > > I confess that I do not understand the ramifications of the world rw+suid > > permissions on this socket. I do wonder why this socket has world rw when > > it seems to work equally well after I do a chmod 4700 on it at the > > beginning > > of every kde session. Do not the permissions applied to this socket violate > > the principle of least privilege mentioned above? > > It does not have suid permissions. This clearly shows you understand > little about permissions. Hint: it's a socket, starting with an 's'. > > The princpiple is not violated, because having the socket writable for > others has it's uses, maybe? > > -Otto Otto, I reread the man page for ls and I did indeed misread the documentation as to what the 's' means here. Thanks for pointing that out. 50 srwxrwxrwx1 daf wheel 0 Jan 4 05:01 /tmp/.X11-unix/X0 80 srwx--1 daf wheel 0 Jan 4 05:01 /tmp/.ICE-unix/dcop15166-1136368903 90 srwx--1 daf wheel 0 Jan 4 05:01 /tmp/.ICE-unix/389 -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
Re: "DadOS" - sys shutdown with XDM
On Tuesday 03 January 2006 18:20, J.C. Roberts wrote: > I'm not really a KDE user. Heck, I even resist installing X11 whenever > possible. I am getting ever closer to adopting your point of view re X11 and KDE. -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
Re: "DadOS" - sys shutdown with XDM
On Tuesday 03 January 2006 17:50, Otto Moerbeek wrote: > > On Tue, 3 Jan 2006, Dave Feustel wrote: > > > On Tuesday 03 January 2006 17:11, J.C. Roberts wrote: > > > > > The rule of thumb for granting privileges is simple; avoid granting > > > permissions whenever possible. > > > > Check the ownership/privileges on /tmp/.X11-unix/X0 after you start kde or > > Xorg. > > Come on, this is a unix domain socket, as has been pointed out before. > You keep on repeating this nonsense. Having a world writable socket is > not a problem in itself. X has it's own authentication/authorization > scheme, which is used both for unix domain sockets and tcp sockets. I confess that I do not understand the ramifications of the world rw+suid permissions on this socket. I do wonder why this socket has world rw when it seems to work equally well after I do a chmod 4700 on it at the beginning of every kde session. Do not the permissions applied to this socket violate the principle of least privilege mentioned above? > > Also check the ownership/privileges on the /dev/[pt]typ* pair allocated > > to any konsole session running under kde on openbsd. > > Now that is likely a problem. A workaround is to use xterm instead > of konsole. > > -Otto > -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
Re: "DadOS" - sys shutdown with XDM
On Tuesday 03 January 2006 17:11, J.C. Roberts wrote: > The rule of thumb for granting privileges is simple; avoid granting > permissions whenever possible. Check the ownership/privileges on /tmp/.X11-unix/X0 after you start kde or Xorg. Also check the ownership/privileges on the /dev/[pt]typ* pair allocated to any konsole session running under kde on openbsd. -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
dhcpd question
I used to use a switch plugged into my dsl modem to hook up multiple computers to the internet, but that no longer works, (no reponse to 2nd computer's dhclient requests through the switch, although 1st computer's requests are responded to). So I have plugged my laptop into the 4-port(sis[0-3]) ethernet card in my desktop and now have an ip address(192.168.1.32) assigned to the laptop by dhcpd running on the desktop. I also have net.inet.ip.forwarding=1 on the desktop. I assume I need to add some rules to the laptop routing table and to update the pf.conf rules on the desktop with a NAT rule. What rule(s) do I need to add to pf.conf to give the laptop internet access via the desktop? Thanks, Dave Feustel -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
Skull & Bones cursor in KDE
Is sudden appearance of a skull & bones cursor on the kde desktop associated with any exploits against kde? Thanks, Dave Feustel -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
getmail question
I have installed getmail in my quest for a console-based pop3 mail client. When I use getmail to retrieve email, getmail reports that the directory named "Maildir" is not a maildir. What makes a maildir different from a standard directory and how is it created? Should I try a different pop3 mail client? Thanks, Dave Feustel -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
Re: pf question
On Thursday 29 December 2005 20:27, David Higgs wrote: > You're either the victim of a truncated display or lacking in > fundamental DNS knowledge. I definitely lack knowledge of DNS right now. > [EMAIL PROTECTED] host 5.191.160.66 > Host 66.160.191.5.in-addr.arpa not found: 3(NXDOMAIN) > [EMAIL PROTECTED] host dedicated5.thehideout.net > Host dedicated5.thehideout.net not found: 3(NXDOMAIN) > [EMAIL PROTECTED] host 66.160.191.5 > 5.191.160.66.in-addr.arpa domain name pointer dedicated5.thehideout.net. What is the import of the last line above? Thanks. -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
Re: pf question
On Thursday 29 December 2005 12:32, eric wrote: > Re: pf question I just noticed that it's 5.0.0.0/8, not 5.0.0.0/24. -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
Re: pf question
from http://www.liquifried.com/docs/security/reservednets.html
"For security purposes, reserved addresses should be prevented from both
entering and leaving a network
(i.e. ingress and egress filtering). Ideally, this filtering will be
multi-layer in nature; at a minimum, this sort
of filtering should be done at the border of a network."
This morning I found an established tcp connection between
[EMAIL PROTECTED]:43060 and [EMAIL PROTECTED]:2005
(ip address [EMAIL PROTECTED]:2005 (an IANA reserved address))
Whois does not return any info on the ip name. The connection
seems to be incoming only (15718 packets at last check). I put
a block all from 5.0.0.0/24 in pf.conf. Additionally, as of this morning,
the # on the keyboard displayed as a British Pound sign in console
mode until I logged off and logged back in.
On Thursday 29 December 2005 12:32, eric wrote:
> On Thu, 2005-12-29 at 11:38:22 -0500, Dave Feustel proclaimed...
>
> > Has anyone on the list experience with using pf to
> > block ip addresses in the iana reserved ip address ranges list?
>
> I don't think any of us have ever thought of that.
>
> Oh wait..I may have... run this out of cron weekly
>
> #!/bin/sh
> #; $Id: gbogl.sh,v 1.3 2005/01/28 04:47:16 epancer Exp $
> #; a small tool to grab bogon list from team cymru
> #;
>
> PATH="/usr/bin:/bin:/usr/sbin:/sbin"
> BOGONFILE="/etc/bogon.txt"
> BOGONURL="http://www.cymru.com/Documents/bogon-bn-nonagg.txt";
>
> checkfile () {
> if [ ! -f $BOGONFILE ]; then
> echo "! $BOGONFILE must exist, exiting."
> exit 2
> fi
> }
>
> getnewfile () {
> lynx -dump $BOGONURL > $BOGONFILE
> }
>
> fixperm () {
> chmod 644 $BOGONFILE
> }
>
> logmsg () {
> logger -p kern.notice "rewrote $BOGONFILE"
> }
>
> checkfile
> getnewfile
> fixperm
> logmsg
>
> exit 0
>
>
> Then...
>
> table persist file "/etc/bogon.txt"
>
> Somewhere in your pf.conf.
>
--
Lose, v., experience a loss, get rid of, "lose the weight"
Loose, adj., not tight, let go, free, "loose clothing"
pf question
Has anyone on the list experience with using pf to block ip addresses in the iana reserved ip address ranges list? Thanks, Dave Feustel -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
Re: A Little Tip for OpenBSD Users of KDE
Marc Espie and Dirk at kde have acknowledged the security problem OpenBSD has with kde kgrantpty. The problem with /tmp/.X11-unix/X0 addressed by the 2003 paper on XFree86 still exists today with Xorg. If the rest of you fail to see the problem, even when the evidence is available to you on your respective systems, so be it. On Tuesday 27 December 2005 14:56, Daniel Ouellet wrote: > Dave, > > I keep reading your emails and many answer to them as well. So far, > nothing is evidence or anything yet. Also, based on some of your latests > emails, look like the intruder is still coming back to your box still > and you reboot the KDE to kick him/here out. > > Look like you are saying there is a security problem, but yet you still > provide no details what so ever on your setup, what you do, what's > install, how he/she may get into, etc. > > If there is really a problem, then provide the informations, all of it. > If the intruder is still coming in, then the entry door is still open > then. So, I am not saying this should be done, but either provide all > the details, or may be even better if someone from the project want to > look at it as it is happening, then let them do so, if they want to > obviously. > > If there is any security problem in OpenBSD of any kind, I am sure many > developers would be all over it by now, but it doesn't look to me that > there is one, project related anyway, or if it is from some packages > provided by the project as well, I am sure they would love to know that > and address it! After all they live for that, way of speaking anyway! > > With all due respect to you and I intend no disrespect what so ever, it > really start to be annoying more then helping. Please provide details, > ALL of it so that better mind can look at it seriously and if there is a > problem, address it ASAP. Quite frankly, it is becoming clear to me that I'm better off to keep quiet about things I become aware of. And not just wrt computers. I'm perhaps relearning that lesson quite late in life. I was told in 7th Grade by an exasperated history teacher "you don't let people *know* that(what?) you know"! One of my survival skill perhaps? :-) > If instead you try to keep the informations for yourself, for what ever > reason, then so do it. But in all fairness what you do now is very much > annoying at best. Again, believe me, I mean no offense to you or anyone > else, but it is just how it is from my side. SO, if there is a real > problem, put it under the spotlight and let get it fix, or else. > > Just an idea and that was my first and last email on that one. > > Daniel Your comments are taken in the spirit in which they are offered. I'll try hard in the future to let sleeping dogs lay. Happy New Year, Dave -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
Re: A Little Tip for OpenBSD Users of KDE
On Tuesday 27 December 2005 11:05, Otto Moerbeek wrote: > > On Tue, 27 Dec 2005, Dave Feustel wrote: > > > by KDE are root-owned and world rw. There is also a problem with the socket > > /tmp/.X11-unix/X0. This is documented on the web and even in an OpenBSD > > presentation on XFree86 from about 2002. > > Dunno about KDE but can you elaborate or give refs why having a world > writable unix domain socket is considered a problem? Here is a presentation of XFree86 security issues that I found yesterday that seems to be relevant. X0 permissions are specifically addressed. I am definitely having fewer (if any) problems after several times rm'ing the tmp files associated with Xorg and KDE. I've done it with no problems except when I do it while KDE is running. Then DCOP dies. The most reliable way of reactivating DCOP correctly is (right now) to reboot KDE. http://www.openbsd.org/papers/xf86-sec.pdf -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
Re: A Little Tip for OpenBSD Users of KDE
On Monday 26 December 2005 22:12, J.C. Roberts wrote: > On Mon, 26 Dec 2005 11:39:22 -0500, Dave Feustel > <[EMAIL PROTECTED]> wrote: > > >Don't use sudo in any konsole session. > > Dave, > > I don't think you're nuts but the fear mongering without providing any > proof or details of a compromise is questionable at best. > If you really were compromised while running OpenBSD, you aren't the > first and probably won't be the last. As for leaving a terminal window > open with root privs, sudo or su, it has *always* been a bad idea: I never run root any more. Just long enough to install, add a user or two, and set up sudo. I have added a large number of packages and also compiled and installed other software not in the OpenBSD package collection. So I may have introduced a few holes at the user level myself. I have constantly been looking for signs of changes only possible via root. So far I have almost been able to convince myself that the intruder is doing whatever with my user privileges only. I am prepared to reinstall OpenBSD from scratch without Xorg and KDE if I become convinced that root access has been compromised. My respect for OpenBSD's security has increased substantially during the past few days. I think the security problems I am experiencing are in Xorg and KDE sockets. Rm'ing all the files in /tmp and Tmp (I have TMPDIR=/home/daf/Tmp) and then exiting and restarting KDE seems to disable the intruder temporarily. There also is some problem with DCOPserver, but again, restarting KDE seems to fix that. > http://seclists.org/lists/bugtraq/2002/May/0294.html > > As you can see from what happened to Dug Song and monkey.org, the > problem may not be konsole itself, instead, your sudo-enabled konsole > session could have been taken over via an exploit in some other > application you are running. I'm not familiar with what happened to Dug Song, The problem with using Sudo in a Konsole session is that either the sudo password may be captured for use in subsequent login, or (and I don't know whether this is possible) an eavesdropper might inject sudo commands during the 5-minute window that sudo remains enabled. The remedy for this is to always switch back to your login console when typing in passwords and using sudo since the login console is secure. This is possible by executing startkde &. This problem exists because the kde pty allocation program shipped with KDE was not ported to OpenBSD, the result being that all the OpenBSD [pt]typ's allocated to konsole sessions by KDE are root-owned and world rw. There is also a problem with the socket /tmp/.X11-unix/X0. This is documented on the web and even in an OpenBSD presentation on XFree86 from about 2002. > > jcr > I have learned a lot about OpenBSD, Xorg and KDE in the last week dealing with this problem. If I weren't an OpenBSD diehard before, I certainly am now. Dave Feustel -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
A Little Tip for OpenBSD Users of KDE
Don't use sudo in any konsole session. -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
X connection server shutdown question
How can I get the message "X connection to :0.0 broken (explicit kill or server shutdown) in my Xorg log while kde is still running and I am the the only user on the system? Thanks, Dave Feustel -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
pkg_delete questions
Is there a simple way to delete kde and xorg other than to reinstall OpenBSD without those packages? Is there a way to make sure tha pkg_add installs nothing that uses graphics packages (ie kde or Xorg) is to be installed, even if requested? Thanks, Dave Feustel -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
