Re: make build crashing
On 3/21/07, Greg Thomas <[EMAIL PROTECTED]> wrote: On 3/21/07, Open Phugu <[EMAIL PROTECTED]> wrote: > On 3/21/07, Bray Mailloux <[EMAIL PROTECTED]> wrote: > > I am updating my 4.0 system to the latest ~stable build and each time my > > "make build" is crashing. What information should I post in order to > > insure maximum clarity with the problem? > > > > > Post the exact command, the output of the ``make build'', the output > of ``uname -a''. And at least summarize the steps you took before the above info. I'll take a WAG and say you have bad RAM. If you get something of the sort: ``gcc: Internal compiler error: program cc1 got fatal signal 11'', you either have discovered an Internal Compiler error in gcc, or you have bad RAM. see http://www.bitwizard.nl/sig11/ for the bad-ram scenario
Re: 202 days Uptime in OpenBSD 3.6
What really matters is the security of the applications you are running(httpd, sshd, sendmail,...). If you keep those up to date, the kernel really does not matter. If you look at http://openbsd.org/security.html, most of the "openbsd" bugs really are in openssh, the c library, or are a local privilege escalation attack that cannot be exploited remotely. On 1/15/07, Karl R. Balsmeier <[EMAIL PROTECTED]> wrote: Joachim Schipper wrote: >On Mon, Jan 15, 2007 at 11:20:27AM -0700, Darren Spruell wrote: > > >>On 1/15/07, Alexander Bochmann <[EMAIL PROTECTED]> wrote: >> >> >>>...on Thu, Jan 11, 2007 at 08:42:35AM +0100, Marc Balmer wrote: >>> >>> >>> hmm, why are people so proud of their uptimes when it only show they don't care for their systems? >>>Bah, uptimes (is it that time of the year again?)... >>> >>>Last login: Sun Jan 7 19:22:19 2007 from xxx >>>OpenBSD 2.3 (LOCAL) #0: Wed Jul 31 12:51:38 CEST 2002 >>> >>>Welcome to OpenBSD: The proactively secure Unix-like operating system. >>> >>>{104} ls -al /etc/localtime >>>lrwxr-xr-x 1 root wheel 33 Jun 12 1998 /etc/localtime -> >>>/usr/share/zoneinfo/Europe/Berlin >>> >>>That's an Internet-connected system, running mail, web, DNS. >>> >>> >>Do you sleep well at night exposing that system to the Internet? One >>would question the amount of effort to ensure patch application (if at >>all possible) on a system so far out of date... >> >> > >If you are careful, and know what you do, and know what software to run, >you can get away with a very small number of patches. > >Still, I do try to upgrade at least once a year. > > Joachim > > > and behind a good firewall, even old systems like RH6 with a million holes are never going to get exploited as long as you take proper care. in a high volume, public facing infrastructure. there are too many cpanel and IIS servers around to hack, trying to bust into an OBSD box would mean you have to be a real hacker, like U4EA or DFENS or Radikahl or Sidewinder or Tkiller or Datarape or One's looking for a car with the doors unlocked, engine running, keys in the ignition, owner nowhere in sight. Can you show me some 3.6 exploits Alexander? It's hard to doubt someone cares about their system when they hang out on the list. Perhaps really, they actually know what they are doing eh? Where would I get an exploit for 3.6?, which exploit would I choose? Remote? How many hundreds of those are lying about for ready download? Can you or anyone else we know on the list give a nice howto on this? Just how easy is it compared to the old days when you could run nuke.c on IRC chats and literally shut down someone's Mac Plus on them mid-sentence? Now that was fun. Wasn't even a web back then, just BITNET, majordomo, FTPlists, BB's, archie, WAIS, even encrypted chat /dcc_chat /dcc_send (where'd that go?) I have a 3.6 system right here, unpatched behind a firewall, and one not behind a firewall. -i'd like to see some skills from the fear-uncertainty-doubt 5th column since everyone's so absolutely sure you'll get hacked if you turn on a computer at all and try to make it do anything useful whatsoever. uptime 412 days on #drgori he's running an ancient os because informix hasn't altogether disappeared from the base of code run by our v1 app made what, 6 years ago? boy if that one customer who needs it would just scram. -practical need vs. non-useful-perfectionism. the ugly flower never gets picked. I hate informix, but #drgori never goes down, does it's job, and even though people try, -they just can't get through the defenses in front of him. Just curious Alexander. Just curious. booya. biff y -krb -- -- Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
Re: ahem... skype on o'bsd
Right: Skype is completely closed source, and the developers have admitted that the only reason it is not open source, is because the security is too weak. See http://www.theregister.co.uk/2004/06/15/voip_and_skype/page3.html and look at the bottom: "Would he[Niklas Zennstrom, co-founder of Skype] make Skype open-source? No - that would make its strong 1024 bit encryption and security vulnerable: "We could do it but only if we re-engineered the way it works and we don't have the time right now." This is merely security by obscurity. According to a security analysis presented at BlackHat, the code is protected with many layers of obfuscation and encryption, intended to prevent reversing. Here is relevant sections of the EULA( http://www.skype.com/company/legal/eula/): 4.1 *Utilization of Your computer.* You hereby acknowledge that the Skype Software may utilize the processor and bandwidth of the computer (or other applicable device) You are utilizing, for the limited purpose of facilitating the communication between Skype Software users. So, basically, you accept the fact that Skype will use any and all resources to "facilitate communication". How does anyone know that there is not a backdoor that can bes used to access any machine running Skype. On 12/11/06, Tobias Weisserth <[EMAIL PROTECTED]> wrote: > > Hi, > > On Dec 11, 2006, at 6:15 PM, Vim Visual wrote: > > > the proof ;) > > > > http://www.aei.mpg.de/~pau/skype.png > > > > I don't have any contacts under that nickname; therefore the list > > is empty... > > I would be careful with Skype. My father's Mandriva Linux PC was > trojaned using an outdated version of Skype as entry point. > > Maybe you should post a systrace policy along with how to use Skype > in OpenBSD ;-) > > regards, > Tobias W. > > -- "If I am laughing, check your backups."
Re: Software License
Any other operating system would need (must) download only the *.o object code and clue them together. I agree, that you "clue" object files together. Maybe someone else needs to be clued. -- --- Olivier V. Meyer Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the government for a redress of grievances.
Re: ktrace interpretation
Most of what you see is the libc setting up default signal stuff. After the ELF is loaded mprotect is used to make the area executable, so when EIP is set to the starting point, the program does not SEGV. As to understanding, I would read the appropriate code in the kernel. On 11/21/06, Jan Stary <[EMAIL PROTECTED]> wrote: Hi all, being interested in the system's internals, I ktraced a trivial 'program': int main(void) { return 0; } cc -o prog prog.c strip prog ktrace ./prog kdump -f ktrace.out The output shows things one would expect: ktrace execve's the ./prog, libc.so is read, permisions are checked, the executable itself is read, ... 9465 ktrace RET ktrace 0 9465 ktrace CALL execve(0xcfbf6be7,0xcfbf6a58,0xcfbf6a60) 9465 ktrace NAMI "./prog" 9465 prog NAMI "/usr/libexec/ld.so" 9465 prog EMUL "native" 9465 prog RET execve 0 9465 prog CALL issetugid() 9465 prog RET issetugid 0 9465 prog CALL mprotect(0x2506,0x1000,0x1) 9465 prog RET mprotect 0 9465 prog CALL mmap(0,0x1000,0x3,0x1002,0x,0,0,0) 9465 prog RET mmap -2113363968/0x8208a000 9465 prog CALL open(0x2505e723,0,0) 9465 prog NAMI "/var/run/ld.so.hints" 9465 prog RET open 3 9465 prog CALL fstat(0x3,0xcfbcbb40) 9465 prog RET fstat 0 9465 prog CALL mmap(0,0x2e4f,0x1,0x2,0x3,0,0,0) 9465 prog RET mmap 2129707008/0x7ef0c000 9465 prog CALL close(0x3) 9465 prog RET close 0 9465 prog CALL open(0x7ef0da80,0,0) 9465 prog NAMI "/usr/lib/libc.so.39.0" 9465 prog RET open 3 9465 prog CALL fstat(0x3,0xcfbcaff0) 9465 prog RET fstat 0 9465 prog CALL read(0x3,0xcfbcb060,0x1000) 9465 prog GIO fd 3 read 4088 bytes "\^?ELF\^A\^A\^A\0\0\0\0\0\0\0\0\0\^C\0\^C\0\^A\0\0\0\M-(:\^A\0004\0\0\ \0\^TA:\0\0\0\0\0004\0 \0\^F\0(\0)\0&\0\^A\0\0\0\0\0\0\0\0\0\0\0\0\0\0\ [...] 9465 prog GIO fd 3 read 8 bytes "\0\0\0\0\M-1\^E\0\0" 9465 prog RET read 4096/0x1000 Then comes stuff I don't really understand - 9465 prog CALL mquery(0,0x82000,0x5,0,0x3,0,0,0) 9465 prog RET mquery 217501696/0xcf6d000 9465 prog CALL mquery(0x2cf6d000,0xd000,0x1,0x10,0x,0,0,0) 9465 prog RET mquery 754372608/0x2cf6d000 9465 prog CALL mquery(0x2cf7a000,0x3000,0x3,0x10,0x,0,0,0) 9465 prog RET mquery 754425856/0x2cf7a000 9465 prog CALL mquery(0x2cf7d000,0x2000,0x3,0x10,0x,0,0,0) 9465 prog RET mquery 754438144/0x2cf7d000 9465 prog CALL mquery(0x2cf7f000,0x1000,0x3,0x10,0x,0,0,0) 9465 prog RET mquery 754446336/0x2cf7f000 9465 prog CALL mquery(0x2cf8,0x1e000,0x3,0x10,0x,0,0,0) 9465 prog RET mquery 754450432/0x2cf8 9465 prog CALL mmap(0xcf6d000,0x82000,0x5,0x12,0x3,0,0,0) 9465 prog RET mmap 217501696/0xcf6d000 9465 prog CALL mmap(0x2cf6d000,0xd000,0x1,0x12,0x3,0,0x82000,0) 9465 prog RET mmap 754372608/0x2cf6d000 9465 prog CALL mmap(0x2cf7a000,0x3000,0x3,0x12,0x3,0,0x8f000,0) 9465 prog RET mmap 754425856/0x2cf7a000 9465 prog CALL mmap(0x2cf7d000,0x2000,0x3,0x12,0x3,0,0x91000,0) 9465 prog RET mmap 754438144/0x2cf7d000 9465 prog CALL mmap(0x2cf7f000,0x1000,0x3,0x12,0x3,0,0x92000,0) 9465 prog RET mmap 754446336/0x2cf7f000 9465 prog CALL mmap(0x2cf8,0x1e000,0x3,0x1012,0x,0,0,0) 9465 prog RET mmap 754450432/0x2cf8 9465 prog CALL close(0x3) 9465 prog RET close 0 - is this the ELF being loaded into memory? 9465 prog CALL mmap(0,0x5000,0x3,0x1002,0x,0,0,0) 9465 prog RET mmap -2099654656/0x82d9d000 9465 prog CALL mprotect(0xcf6d000,0x81d56,0x7) 9465 prog RET mprotect 0 9465 prog CALL mprotect(0x2cf6d000,0xc3a1,0x3) 9465 prog RET mprotect 0 9465 prog CALL mprotect(0xcf6d000,0x81d56,0x5) 9465 prog RET mprotect 0 9465 prog CALL mprotect(0x2cf6d000,0xc3a1,0x1) 9465 prog RET mprotect 0 9465 prog CALL mprotect(0xcf6d000,0x81d56,0x7) 9465 prog RET mprotect 0 9465 prog CALL mprotect(0x2cf6d000,0xc3a1,0x3) 9465 prog RET mprotect 0 9465 prog CALL mprotect(0xcf6d000,0x81d56,0x5) 9465 prog RET mprotect 0 9465 prog CALL mprotect(0x2cf6d000,0xc3a1,0x1) 9465 prog RET mprotect 0 9465 prog CALL mprotect(0x2cf7d000,0x2000,0x1) 9465 prog RET mprotect 0 9465 prog CALL munmap(0x82d9d000,0x5000) 9465 prog RET munmap 0 9465 prog CALL mprotect(0x3c002000,0x1000,0x1) 9465 prog RET mprotect 0 - and then being "protected" in the memory, whatever that means? What puzles me most is the subsequent storm of sigprocmask(): what are these really for? Who is really doing this - my prog doesn't really chagnge its sigset. 9465 prog CALL sigpr