intel pro NICs and OBSD
Hi Folks, I have just joined the list again after an absence of some months. I have checked two different archives and found no reference to this issue, which surprises me. If it has been discussed please accept my apologies and give me a url to an archive with the relevant posts. My question is are the em NIC drivers vulnerable to the recently announced intel NIC driver stack overflow bugs? I see that there are new FREEBSD em drivers available on the Intel site but no mention of Open BSD. Cheers, Russell
Problems with making a new release
I am trying to generate a new release incorporating the two recent patches that I can then install on a number of other machines. I have one system with all the sources and have successfully built and installed the new kernel. Following the instruction in man release I am now trying to generate something that I can install on other systems. I don't really care about the floppy or CD images since I intend to upgrade most of the systems remotely -- i.e. I am primarily interested in the .tgz files and the new kernel. when I did cd /usr/src/etc nice make release It ground away for at least half an hour and then make terminated: TOPDIR=/usr/src/distrib/i386/ramdiskA/.. CURDIR=/usr/src/distrib/i386/ramdiskA OBJDIR=/usr/src/distrib/i386/ramdiskA/obj REV=38 TARGDIR=/mnt UTILS=/usr/src/distrib/i386/ramdiskA/../../miniroot sh /usr/src/distrib/i386/ramdiskA/../../miniroot/runlist.sh /usr/src/distrib/i386/ramdiskA/../common/list COPY ${OBJDIR}/instbin instbin cp: /mnt/instbin: Read-only file system *** Error code 1 [h... some wrapping of lines above ] any idea what is actually wrong? Cheers, Russell
Building Fox gui on 3.8 -- threadsafe versions of getpwuid and friends
Hi I am trying to install Fox on a 3.8 system but the compilation fails because several functions such as getpwuid_r are missing. These functions are part of the posix standard and are thread safe versions of the originals which use static buffers to return results. I've done some searching on Google but have not turned up anything useful. There are several courses of action possible but I am unsure which route to take. Hopefully there is a package which contains these routines but I have not been able to find it. Cheers, Russell
patch management on larger install bases
I am just starting to upgrade all my obsd boxes to 3.8. I have a copy of the official CDs -- I know the the ISOs are copyright but is there a way of burning an updated set so I don't have to patch each system individually? Alternately, with the kernel I'm guessing I can replace /bsd (and /bsd.rd) using the little shuffle recommended in the upgrade docs. Which perl files need replacing? How do others who manage several boxes apply patches like the recent ones? Cheers, Russell
using cvs to access stable branch
With the recent release of two patches I have finally been forced to come to grips with CVS and the source tree. I have unpacked the source tarballs on the target machine and read through http://www.openbsd.org/anoncvs.html#starting and http://www.openbsd.org/anoncvs.html#CVSROOT following the examples in the latter: -bash-3.00$ export [EMAIL PROTECTED]:/cvs -bash-3.00$ cvs -q up -rOPENBSD_3_8 -Pd ssh: connect to host anoncvs1.usa.openbsd.org port 22: Connection refused cvs [update aborted]: end of file from server (consult above messages if any) -bash-3.00$ ssh anoncvs1.usa.openbsd.org ssh: connect to host anoncvs1.usa.openbsd.org port 22: Connection refused I'm confused... Also http://www.openbsd.org/anoncvs.html#CVSROOT refers to the 'patch branch' and 'current' -- I assume 'patch branch' is really stable ?? cheers, Russell
Re: using cvs to access stable branch
Christopher Pascoe wrote: Hi Russell, Try switching to anoncvs3.usa.openbsd.org. It looks like anoncvs1 may be having problems at the moment - it isn't responding at all now. Doh! Whose bright idea was it to get pf to send RST for outbound dropped ssh sessions? :) :) If they had timed out I would have looked for network problems... I tried traceroute and got as far as the firewall. Apologies for the noise :( Russell
Re: pf not logging to /var/log/pflog...
Olivier Mehani wrote: On Mon, Jan 09, 2006 at 08:37:04PM +0100, Otto Moerbeek wrote: adsl: ! sh -c /sbin/ifconfig pflog0 up As far as I remember, it's not necessary to ifconfig pflog0 up to use it. Why enable pf only when the link is up? It's non-standard and potentially dangarous. You're better of using the standard way of enabling pf. However non standard, I don't clearly see the potential danger in this. Can you elaborate ? I think the philosophy is that if you have pf running all the time then there are a lot less things to go wrong. It starts at boot time and that is it. Russell
argus calloc failure on 3.7
Hi Folks, I am having problems running argus www.qosient.com on 3.7. The server runs for a variable amount of time (ususlly 1 - 2 hours) and then dies when a calloc for 128 bytes fails. We are fairly sure that this is not because of real memory exhustion (watching with top does not show any obvious leakying behaviour) so that points to possible bad frees or some other issue. Argus runs happily on other BSDs (and other flavous of UNIX/Linux) and people have used it on older OBSD versions. Theo's note about up coming changes to memory management in 3.8 made me wonder if anything was changed in 3.7 that may have caused latent bugs to manifest themselves. Anyone have any ideas? Cheers, Russell
x clients on 3.7 -- which install sets do I need?
Hi Folks, Which of the X install sets do I need if I just want to run x clients? Clearly I don't need xserver but what about xfonts? Russell
problems adding packages in 3.7
Hi Folks, I'm getting errors about missing libraries while adding packages to a 3.7 system. This was a new install with 3.7 so there should not be any old stuff laying around -bash-3.00$ sudo pkg_add ftp://ftp.openbsd.org/pub/OpenBSD/3.6/packages/i386/recode-3.6p1.tgz Can't install ftp://ftp.openbsd.org/pub/OpenBSD/3.6/packages/i386/recode-3.6p1.tgz: lib not found intl.1.1 Even by looking in the dependency tree: libiconv-1.9.2, gettext-0.10.40p2 Maybe it's in a dependent package, but not tagged with @lib ? (check with pkg_info -K -L) If you are still running 3.6 packages, update them. -bash-3.00$ uname -a OpenBSD matata.insec.auckland.ac.nz 3.7 GENERIC#50 i386 I understand that it can not find lib intl.1.1 and that it has looked for it in the package dependencies. However I don't understand what it is suggesting I do with pkg_info (yes I've read the man page). A little more guidance would be appreciated. Cheers, Russell
Re: problems adding packages in 3.7 -- solved
It has just been pointed out to me (off list) that I was loading the package from the 3.6 tree. Doh!!! Russell Russell Fulton wrote: Hi Folks, I'm getting errors about missing libraries while adding packages to a 3.7 system. This was a new install with 3.7 so there should not be any old stuff laying around -bash-3.00$ sudo pkg_add ftp://ftp.openbsd.org/pub/OpenBSD/3.6/packages/i386/recode-3.6p1.tgz Can't install ftp://ftp.openbsd.org/pub/OpenBSD/3.6/packages/i386/recode-3.6p1.tgz: lib not found intl.1.1 Even by looking in the dependency tree: libiconv-1.9.2, gettext-0.10.40p2 Maybe it's in a dependent package, but not tagged with @lib ? (check with pkg_info -K -L) If you are still running 3.6 packages, update them. -bash-3.00$ uname -a OpenBSD matata.insec.auckland.ac.nz 3.7 GENERIC#50 i386 I understand that it can not find lib intl.1.1 and that it has looked for it in the package dependencies. However I don't understand what it is suggesting I do with pkg_info (yes I've read the man page). A little more guidance would be appreciated. Cheers, Russell
Re: howto clean disks ?
Once information on a digital media has been overwritten, it cannot be recreated/restored in any lab. All this talk about electron microscopes and overwriting in multiple passes is just a load of crap derived from an old DoD standard. It has no practical meaning. One overwrite is enough. Please let this ugly rumour die :) Peter Gutman presented a paper on the technique of using electron microscopes to recover data from overwritten disks nearly 10 years ago at a USENIX Security Symposium. Peter did the research on this while at IBM's Watson Laboratory. Yes, it's very expensive (in terms of time) and you need sophisticated equipment but it is well within the reach of any technical university or well financed organisation. Like all security decisions how you wipe your data depends on how valuable it is. For most stuff one pass is probably enough but OTOH doing a five or seven pass with random data is not a large incremental cost so why not do it properly. The biggest cost in the exercise is the time it takes to boot the machine up on a CD with the right tools and start them running. Do you really care if it takes one or five hours to do the wipe. (OK there will be times when you do care and in that case you opt for speed unless there is something extraordinarily sensitive on the disk...) Russell [demime 1.01d removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s]
Re: VPN client connectivity issues with OBSD firewall
On Mon, 2005-05-30 at 12:16 +0530, Suresh Myneni wrote: Hopefully someone will be able to help me with a vpn client connectivity problem . Using Contivity VPN client on windows 2k going through OpenBSD 3.7 PF/NAT I have three workstations behind the firewall using private IPs. The internet usage is fine on all the machines. But when I use Contivity VPN client through NAT on a single machine to connect to the remote site, I am able to connect fine. When I use the second machine to connect to the remote site using the VPN client, the VPN client fails in the last stage of establishing the connection. It gives me a message Checking for banner text from x.x.x.x and then disconnects. I know nothing about Contivity but is it possible that it objects to having two sessions from one IP? I assume that x.x.x.x is the external NAT IP for your firewall. If this is the problem then the 'fault' lies with the vpn software not with the of configuration. Cheers, Russell [demime 1.01d removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s]
OBSD 3.7 ports -- mysql
Hi Folks, I've just installed mysql from the ports on my 3.7 system. All went well (I did not see any errors) but so far as I can see only the client stuff was installed. The server is there in the ports tree under /usr/local/libexec/mysqld but it is not installed. Nor does there appear to be a start up script or safe-mysqld. Any ideas? Cheers, Russell [demime 1.01d removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s]