Re: CVS: cvs.openbsd.org: src
On Sat, Nov 08, 2014 at 10:57:41PM +0200, Atanas Vladimirov wrote: On 24.10.2014 00:33, Robert Peichaer wrote: I'm following -current and decided to try autoinstall(8) from /auto_upgrade.conf when I moved to newer snapshot. I made a custom auto_upgrade.conf on my root [sd2a] partition but when I boot a newer bsd.rd, auto_upgrade.conf is not on the miniroot. I escaped to shell, mounted sd2a on /mnt and copied auto_upgrade.conf to miniroot. Then Autoupgrade completed as it should. The question is whether there are any easier steps to make auto_upgrade from local file, not by using dhcp/tftp/http? Thanks, Atanas The auto_upgrade.conf is searched in the ramdisk partition (which was into bsd.rd). As thevoid@ wrote, you could rebuild a new bsd.rd image to include it. Personnally, I extract the ramdisk image from bsd.rd, mount it, copy the auto_upgrade.conf to it, and restore the ramdisk into bsd.rd. Here the pseudo-script I use: # build rdsetroot ( cd /usr/src/distrib/common cc -o /tmp/rdsetroot elf32.c elf64.c elfrdsetroot.c ) # extract ramdisk from bsd.rd /tmp/rdsetroot -x bsd.rd ramdisk.img # mount ramdisk vnconfig vnd0 ramdisk.img mount /dev/vnd0a /mnt # copy config file cp auto_upgrade.conf /mnt/auto_upgrade.conf # umount ramdisk umount /dev/vnd0a vnconfig -u vnd0 # put modified ramdisk in bsd.rd /tmp/rdsetroot bsd.rd ramdisk.img # cleanup rm ramdisk.img And now, you could boot your modified bsd.rd. -- Sébastien Marie
Re: Changing root password from stdin value
On Thu, Oct 09, 2014 at 06:22:05PM +0100, Nux! wrote: Hello, I'm trying to get some scripts working which would take a password from stdin and set it for root. In Linux passwd --stdin is used, in FreeBSD pw mod user root -h 0. How would I do this in OpenBSD? Thanks, Lucian Hi, You could use encrypt(1) + usermod(1). encrypt will encrypt passwords from the command line or standard input. usermod will accept an already-encrypted password. -- Sébastien Marie
nginx/slowcgi: cgi program keep running
Hi, I do some tests with a cgi program that go in infinite loop. In order to test it with nginx (-current GENERIC.MP#304), I started slowcgi to run the cgi program (and configured ngnix). The configuration is ok: the cgi program reply as expected in normal cases. But when it go in infinite loop: the connection timeout after 1 minute. ngnix report 504 Gateway Time-out and the connection is closed. But, the cgi program is still running (in infinite loop at max CPU). Is it an expected behaviour or not ? It seems odd to me. Does slowcgi implements some timeout ? -- Sébastien Marie
Re: nginx/slowcgi: cgi program keep running
On Sat, Aug 02, 2014 at 10:37:41AM +, Florian Obser wrote: On Sat, Aug 02, 2014 at 12:11:18PM +0200, S?bastien Marie wrote: But, the cgi program is still running (in infinite loop at max CPU). Is it an expected behaviour or not ? It seems odd to me. Does slowcgi implements some timeout ? Yes, 120 seconds. After that it considers the cgi script to be dead and cleans up the connection to nginx. However it does not kill the cgi script. I talked to some people when I implemented that and we decided it would be best to not kill the cgi script as it probably cannot handle that. I.e. leaving half written files behind or some other crap. So it comes down to fixing the cgi script to not get into an infinit loop ;) ok, it make sens. Thanks a lot for your answer. -- Sébastien Marie
difference between locatedb and tar ft
Hi, I generally try to cleanup old files in installed system, between snapshots (remove old man pages, old libraries... that are not installed in new snapshots, but was in previous). Now, that snapshot embeds file list in locatedb format (usr/lib/locate/src.db and usr/X11R6/lib/locate/xorg.db), I look to use these files for my purpose. But in last snapshot (OpenBSD 5.5-current (GENERIC) #251: Sun Jul 13 20:40:26 MDT 2014), there is a diff between files in tgz, and files annonced in src.db . I generate file list in tgz with: $ for i in ${SNAPSHOT_DIR}/*.tgz ; do tar zft ${i} ; done \ | sort filelist-tgz And file list in locatedb with: $ locate -d usr/lib/locate/src.db:usr/X11R6/lib/locate/xorg.db '*' \ | sed 's/^[^:]*:/./' | sort filelist-db (the sed part is to have same format than tgz version) When diffing the file I have a difference: $ diff -u -C0 filelist-tgz filelist-db *** filelist-tgzMon Jul 14 09:00:04 2014 --- filelist-db Mon Jul 14 08:59:28 2014 *** *** 13233 --- 13234 + ./usr/libdata/perl5/OpenBSD/PackageRepository/Source.pm So the locatedb say .../Source.pm is installed, but tgz don't include it. As sometimes, snapshots embed modifications not commited, is it the case here ? Or I miss something else ? Thanks. -- Sébastien Marie
Re: Generate hashed rootpw for native ldapd
On Fri, Feb 21, 2014 at 01:31:13PM +0100, Joel Carnat wrote: Hum, I tried it but it doesn't work. I have a slappasswd else where to test. And here's what I get : # print passphrase | openssl dgst -sha1 -binary | openssl enc -base64 | awk '{print {SHA}$0}' {SHA}ZLvhLmLU88dUQwzfUgsq6IV8ZRE= # echo passphrase | openssl dgst -sha1 -binary | openssl enc -base64 | awk '{print {SHA}$0}' {SHA}ZLvhLmLU88dUQwzfUgsq6IV8ZRE= # slappasswd -h {SHA} -s passphrase {SHA}YhAnRDQFLyD8uD4dD0kiBPyxGIQ= echo passphrase include a return at end of line: you should avoid it. $ echo -n passphrase | openssl dgst -sha1 -binary | openssl enc -base64 | awk '{print {SHA}$0}' {SHA}YhAnRDQFLyD8uD4dD0kiBPyxGIQ= Bye. -- Sébastien Marie
Re: system seems deadlock
Hi, Just to signal that the last change on spec_vnops.c (1.77) correct my problem: now the system don't deadlock. Thanks a lot. -- Sebastien Marie On Mon, Oct 21, 2013 at 09:59:43AM +0200, Sébastien Marie wrote: On Sat, Oct 19, 2013 at 05:54:22PM +0200, Sébastien Marie wrote: Hi, I fall in a system problem using tmux: the system (OpenBSD -current on i386) freeze (but no panic). The freeze seems to be a dead-lock, and tmux expose it. ddb ps PID PPID PGRPUID S FLAGS WAIT COMMAND [...] 13243 1 13243 0 3 0 inode tmux [...] Here, tmux is waiting inode. This wait message is set here: ufs/ext2fs/ext2fs_vfsops.c 831: lockinit(ip-i_lock, PINOD, inode, 0, 0); ufs/ffs/ffs_vfsops.c 1257:lockinit(ip-i_lock, PINOD, inode, 0, 0); And if I let the system running, several others process fall in inode waiting (as cron, or login_passwd if I try login). With ddb, if I check locked vnodes, there are two on root partition. ddb show all mounts flags 5LOCAL,ROOTFS vnodecovered 0x0 syncer 0xd316aa60 data 0xd108a200 vfsconf: ops 0xd098d7a0 name ffs num 1 ref 3 flags 0x1000 statvfs cache: bsize 800 iosize 4000 blocks 403383 free 375320 avail 355151 files 102910 ffiles 100646 favail 100646 f_fsidx {0x400, 0xc8a5ad54} owner 0 ctime 0x52640b1d syncwrites 325 asyncwrites = 340 syncreads 8881 asyncreads = 0 fstype ffs mnton / mntfrom /dev/sd0a mntspec ab8fcda4850f14e9.a locked vnodes: 0xd3165ea8, 0xd316a310 [... others partitions stripped ...] ddb show vnode 0xd3165ea8 tag UFS(1) type VCHR(4) mount 0xd108b400 typedata 0xd0ffb100 data 0xd3161298 usecount 2 writecount 0 holdcnt 0 numoutput 0 ddb show vnode 0xd316a310 tag UFS(1) type VDIR(2) mount 0xd108b400 typedata 0x0 data 0xd31851ec usecount 1 writecount 0 holdcnt 3 numoutput 0 Does someone have any clue, about what to check or how to debug this ? I think I will try the option VFSLCKDEBUG in kernel, but what else ? -- Sébastien Marie
Re: system seems deadlock
On Sat, Oct 19, 2013 at 05:54:22PM +0200, Sébastien Marie wrote: Hi, I fall in a system problem using tmux: the system (OpenBSD -current on i386) freeze (but no panic). The freeze seems to be a dead-lock, and tmux expose it. ddb ps PID PPID PGRPUID S FLAGS WAIT COMMAND [...] 13243 1 13243 0 3 0 inode tmux [...] Here, tmux is waiting inode. This wait message is set here: ufs/ext2fs/ext2fs_vfsops.c 831: lockinit(ip-i_lock, PINOD, inode, 0, 0); ufs/ffs/ffs_vfsops.c 1257:lockinit(ip-i_lock, PINOD, inode, 0, 0); And if I let the system running, several others process fall in inode waiting (as cron, or login_passwd if I try login). With ddb, if I check locked vnodes, there are two on root partition. ddb show all mounts flags 5LOCAL,ROOTFS vnodecovered 0x0 syncer 0xd316aa60 data 0xd108a200 vfsconf: ops 0xd098d7a0 name ffs num 1 ref 3 flags 0x1000 statvfs cache: bsize 800 iosize 4000 blocks 403383 free 375320 avail 355151 files 102910 ffiles 100646 favail 100646 f_fsidx {0x400, 0xc8a5ad54} owner 0 ctime 0x52640b1d syncwrites 325 asyncwrites = 340 syncreads 8881 asyncreads = 0 fstype ffs mnton / mntfrom /dev/sd0a mntspec ab8fcda4850f14e9.a locked vnodes: 0xd3165ea8, 0xd316a310 [... others partitions stripped ...] ddb show vnode 0xd3165ea8 tag UFS(1) type VCHR(4) mount 0xd108b400 typedata 0xd0ffb100 data 0xd3161298 usecount 2 writecount 0 holdcnt 0 numoutput 0 ddb show vnode 0xd316a310 tag UFS(1) type VDIR(2) mount 0xd108b400 typedata 0x0 data 0xd31851ec usecount 1 writecount 0 holdcnt 3 numoutput 0 Does someone have any clue, about what to check or how to debug this ? I think I will try the option VFSLCKDEBUG in kernel, but what else ? -- Sébastien Marie
system hang with tmux commands
-5 added (80x25, vt100 emulation) em0 at pci0 dev 3 function 0 Intel 82540EM rev 0x03: apic 0 int 11, address 5 2:54:00:12:34:56 isa0 at pcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com0: console pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pms0 mux 0 pcppi0 at isa0 port 0x61 spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 1: density unknown nvram: invalid checksum vscsi0 at root scsibus1 at vscsi0: 256 targets softraid0 at root scsibus2 at softraid0: 256 targets root on wd0a (ab8fcda4850f14e9.a) swap on wd0b dump on wd0b WARNING: / was not properly unmounted clock: unknown CMOS layout -- Sébastien Marie
Re: tor + rdomain
On Sat, Jan 26, 2013 at 05:03:28PM -0500, Jiri B wrote: On Sat, Jan 26, 2013 at 02:11:06PM +0100, Sébastien Marie wrote: Hi, I would like to have some help for perform a network isolation using rtable, to use tor without network leak. I use -current. The host is a workstation (no forwarding set in sysctl). I just run a program which should use Tor only under different user and use PF to block any outgoing traffic of such user. It's not what you want but this works for me. jirib Thanks for your response. It is not exactly what I want, because I try to play with rdomain. But your contribution is appreciate ! Regards. -- Sébastien Marie
tor + rdomain
Hi, I would like to have some help for perform a network isolation using rtable, to use tor without network leak. I use -current. The host is a workstation (no forwarding set in sysctl). The purpose is to have dedicate rtable where program that should use tor live (route -T 1 exec ...), and with the only access to network is throught tor socks server, accessible in this rtable. I use the tor package as-it in ports (socks server listening to 127.0.0.1:9050, in rdomain 0). I have created a loopback device in rdomain 1. --- BEGIN /etc/hostname.lo1 --- rdomain 1 inet 127.0.0.1 up --- END /etc/hostname.lo1 --- Program is started in rtable 1 with something like: $ route -T 1 exec chrome --proxy-server=socks5://127.0.0.1:9050 Now I should redirect all access to tcp://127.0.0.1:9050 in rdomain 1 to tcp://127.0.0.1:9050 in rdomain 0. There are many possibilities to achieve this goal. pf rules set (all my rules) [that works]: block drop in log quick on ! lo0 proto tcp from any to any port 6000:6010 match in on lo1 proto tcp to 127.0.0.1 port 9050 rdr-to 127.0.0.1 rtable 0 match out on lo0 proto tcp to 127.0.0.1 port 9050 nat-to lo0 pass all Currently I'm not fully agreed with these rules, as it not permit me to keep disabled pf on lo devices (no more set skip lo), or at least on lo0. I think it should be possible to do redirect in userland with nc(1) (something like nc -V 1 -l 9050 | nc 127.0.0.1 9050) or socat(1) There are also inetd(8), but it should listen on rtable 1 for one service. Does it is possible without new instance ? Or relayd(8)... So how to elegantly perform redirect in level 3 between rdomain ? (the term elegantly is unusual, but I think it is understandable... perhaps best practice is more common) Thanks -- Sébastien Marie
Re: Strange ksh history behaviour
On Mon, Jan 07, 2013 at 02:09:01PM +0100, Lars von den Driesch wrote: Hello, I just discovered a strange behaviour with ksh-history that I cannot explain. So I hope you can probably help. I read some man pages and used google but didn't find anything useful. If this is is just a RTFM please hit me with it :-) ready ? :-) [...] However, I like vim and as soon as I set the EDITOR env variable to it the arrow up/down functionality is gone. In fact even if EDITOR is set with export EDITOR= the functionality is gone. Commands typed in still appear in the history using fc -l. I just cannot use the arrow-keys. It is the documented behaviour in ksh(1) :-) You could see the EDITOR variable comment in ksh(1): EDITOR If the VISUAL parameter is not set, this parameter controls the command-line editing mode for interactive shells. And as arrow-keys are not used by the 'vi'-like command-line editing... What am I missing here? Can someone confirm this? You need to set your command-line editing mode to emacs. In order to keep EDITOR to vi, you should set VISUAL to emacs in your .profile: VISUAL=emacs EDITOR=vi export VISUAL EDITOR -- Sebastien Marie
fbtab(5) and X11
Hi, Just a question about fbtab(5) and X11. In the distributed /etc/fbtab (under i386, -current) the file contains: # $OpenBSD: fbtab.head,v 1.2 1999/05/05 06:56:34 deraadt Exp $ # login(1) reads this file to determine which devices should be chown'd to # the new user. Format is: # login-tty permdevice:[device]:... /dev/ttyC0 0600 /dev/console:/dev/wskbd:/dev/wskbd0:/dev/wsmouse:/dev/wsmouse0:/dev/ttyCcfg /dev/X0 0600/dev/wsmouse:/dev/wsmouse0 # samples #/dev/ttyC0 0600/dev/fd0 With it, login(1) do the right thing when login on ttyC0 (all devs listed in ttyC0 line are owned by logged user). But I couldn't acheve the same thing under X11 (login with xdm). x11$ ls -l /dev/wsmouse0 crw--- 1 root wheel 68, 0 Oct 14 14:25 /dev/wsmouse0 A grep -Rl in /usr/xenocara for login_fbtab(3) found nothing... So does fbtab is implemented for local X11 connection (with xdm) ? And if not, what is the purpose of /dev/X0 in /etc/fbtab ? The initial purpose is to own some devices like cd0a or ttyU0 when login under X11. Thanks. -- Sebastien Marie
tmux: create window failed (too many open files)
Hi, I'm running -current (not latest, only GENERIC.MP#20), see dmesg below. I run in a error in tmux (a long session: 10 days for now), when a want to create a new window (C-b C-c), I have this error: Create window failed: exec ksh: Too many open files Note, my default shell in tmux.conf is exec ksh (see ~/.tmux.conf below) My limit for open files are standard: semarie@bert:~$ ulimit -n 512 Currently, I have only 4 windows in this sessions, but: semarie@bert:~$ fstat -u semarie | grep tmux semarie tmux3941 wd /home 4053504 drwx-- r 2560 semarie tmux39410 / 17084 crw--w rwttyp5 semarie tmux39411 / 17084 crw--w rwttyp5 semarie tmux39412 / 17084 crw--w rwttyp5 semarie tmux39413 kqueue 0xd8c0f3d4 0 state: W semarie tmux39414 /home 4053890 -rw-r--r-- r 1859 semarie tmux39415* unix stream 0xd31c7680 - 0xd4105380 semarie tmux1509 wd /home 4053504 drwx-- r 2560 semarie tmux15090 / 17621 crw-rw-rw- rw null semarie tmux15091 / 17621 crw-rw-rw- rw null semarie tmux15092 / 17621 crw-rw-rw- rw null semarie tmux15093 kqueue 0xd8c0f310 0 state: W semarie tmux15094 /home 4053942 -rw-r--r-- r 1805 semarie tmux15095* unix stream 0xd4105380 - 0xd31c7680 semarie tmux15096* unix stream 0xd3228740 semarie tmux15097 / 17084 crw--w rwttyp5 semarie tmux15099 / 17621 crw-rw-rw- r null semarie tmux1509 10 / 17079 crw-rw-rw- rwptyp2 semarie tmux1509 11 / 17621 crw-rw-rw- r null semarie tmux1509 12 / 17621 crw-rw-rw- r null semarie tmux1509 13 / 17621 crw-rw-rw- r null semarie tmux1509 14 / 17621 crw-rw-rw- r null semarie tmux1509 15 / 17621 crw-rw-rw- r null semarie tmux1509 16 / 17621 crw-rw-rw- r null [...] semarie tmux1509 503 / 17621 crw-rw-rw- r null semarie tmux1509 504 / 17621 crw-rw-rw- r null semarie tmux1509 505 / 17621 crw-rw-rw- r null semarie tmux1509 506 / 17621 crw-rw-rw- r null semarie tmux1509 507 / 17621 crw-rw-rw- r null semarie tmux1509 508 / 17621 crw-rw-rw- r null semarie tmux1509 509 / 17618 crw-rw-rw- r tty semarie tmux1509 510 / 17618 crw-rw-rw- r tty There are 510 descriptors opened... Any hints ? Does tmux could not closed not-need descriptors for old created windows ? It will try too keep this session running for debug if need... I could also upgrade to latest snapshot if needed. But I don't show any commit to tmux that seems related to that. But I could be wrong: please let me know. Thanks. -- Sebastien Marie My ~/.tmux.conf set -g default-command exec ksh set -g status-right #(sysctl -n vm.loadavg) # Statusbar properties. set -g display-time 3000 set -g status-bg black set -g status-fg cyan set-window-option -g window-status-current-attr bright,reverse set-window-option -g window-status-current-bg cyan set-window-option -g window-status-current-fg black # divers set -g default-path set -g bell-action any set -g set-titles on set -g base-index 1 set -g history-limit 5000 set -g update-environment DISPLAY WINDOWID SSH_ASKPASS SSH_AUTH_SOCK SSH_AGENT_PID SSH_CONNECTION DBUS_SESSION_BUS_ADDRESS XDG_SESSION_COOKIE KRB5CCNAME My dmesg: OpenBSD 5.2-current (GENERIC.MP) #20: Tue Sep 11 11:54:03 MDT 2012 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Genuine Intel(R) CPU T2400 @ 1.83GHz (GenuineIntel 686-class) 1.83 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,SSE3,MWAIT,VMX,EST,TM2,xTPR,PDCM real mem = 2137399296 (2038MB) avail mem = 2091552768 (1994MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 03/09/06, BIOS32 rev. 0 @ 0xffa10, SMBIOS rev. 2.4 @ 0xf7b70 (44 entries) bios0: vendor Dell Inc. version A03 date 03/09/2006 bios0: Dell Inc. MM061 acpi0 at bios0: rev 0 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP APIC MCFG BOOT SSDT acpi0: wakeup devices LID_(S3) PBTN(S4) PCI0(S3) USB0(S0) USB1(S0) USB2(S0) USB3(S0) EHCI(S0) CH31(S0) AZAL(S3) PCIE(S4) RP01(S4) RP02(S3) RP03(S3) RP04(S3) RP05(S3) RP06(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 166MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Genuine Intel(R) CPU T2400 @ 1.83GHz
Re: tmux: create window failed (too many open files)
On Wed, Sep 26, 2012 at 09:20:25AM +0100, Nicholas Marriott wrote: Are you running a tmux command from any shell script or cron or anything? I used X11 (cwm). I open a terminal (rxvt), maximize size, and run: $ tmux attach -d -t semarie (normally, via an alias) There are only two places tmux itself opens /dev/null and they are both after fork so this must be /dev/null passed with imsg from a client. Also please should me output of tmux info. (in a ksh in the session) semarie@bert:~$ tmux info semarie@bert:~$ echo $? 1 semarie@bert:~$ so via the tmux command-line (C-b : + info) pid 1509, started Sat Sep 15 10:17:49 2012 [137/137] socket path /tmp/tmux-1000/default, debug level 0 system is OpenBSD 5.2 GENERIC.MP#20 i386 configuration file is /home/semarie/.tmux.conf protocol version is 7 Clients: 0: /dev/ttyp3 (5, 7): semarie [80x24 rxvt-256color bs=177 xterm=95] [flags=0x1/0x3b, references=0] Sessions: [5/10] 0: semarie: 4 windows (created Sat Sep 15 10:17:49 2012) [127x42] [flags=0x0] 1: ksh [127x42] [flags=0x8, references=1, last layout=-1] 0: /dev/ttyp5 24460 131 1/42, 80 bytes; UTF-8 0/42, 0 bytes 2: ksh [127x42] [flags=0x8, references=1, last layout=-1] 0: /dev/ttyp6 19418 421 3/42, 285 bytes; UTF-8 0/42, 0 bytes 3: ksh [127x42] [flags=0x8, references=1, last layout=-1] 0: /dev/ttyp2 2926 10 4/21, 405 bytes; UTF-8 0/21, 0 bytes 4: ksh [127x42] [flags=0x8, references=1, last layout=-1] 0: /dev/ttyp1 29566 185 153/156, 45190 bytes; UTF-8 2/156, 880 bytes Terminals: [117/137] rxvt-256color [references=1, flags=0x1]: 1: acsc: (string) ``aaffggjjkkllmmnnooppqqrrssttuuvvwwxxyyzz{{||}}~~ 0: AX: (flag) true 2: bel: (string) \007 3: blink: (string) \033[5m 4: bold: (string) \033[1m 5: Cc: [missing] 6: civis: (string) \033[?25l 7: clear: (string) \033[H\033[2J 8: cnorm: (string) \033[?25h 9: colors: (number) 256 10: Cr: [missing] 11: Cs: [missing] 12: csr: (string) \033[%i%p1%d;%p2%dr 13: Csr: [missing] 14: cub: (string) \033[%p1%dD 15: cub1: (string) \010 16: cud: (string) \033[%p1%dB 17: cud1: (string) \012 18: cuf: (string) \033[%p1%dC 19: cuf1: (string) \033[C 20: cup: (string) \033[%i%p1%d;%p2%dH 21: cuu: (string) \033[%p1%dA 22: cuu1: (string) \033[A 23: dch: [missing] 24: dch1: [missing] 25: dim: [missing] 26: dl: (string) \033[%p1%dM 27: dl1: (string) \033[M 28: E3: [missing] 29: el: (string) \033[K 30: el1: (string) \033[1K 31: enacs: (string) \033(B\033)0 32: fsl: (string) \007 33: home: (string) \033[H 34: hpa: (string) \033[%i%p1%dG 35: ich: (string) \033[%p1%d@ 36: ich1: (string) \033[@ 37: il: (string) \033[%p1%dL 38: il1: (string) \033[L 39: invis: [missing] 40: is1: (string) \033[?47l\033=\033[?1l [75/137] 41: is2: (string) \033[r\033[m\033[2J\033[H\033[?7h\033[?1;3;4;6l\033[4l 42: is3: [missing] 43: kcbt: (string) \033[Z 44: kcub1: (string) \033[D 45: kcud1: (string) \033[B 46: kcuf1: (string) \033[C 47: kcuu1: (string) \033[A 48: kDC: (string) \033[3$ 49: kDC3: [missing] 50: kDC4: [missing] 51: kDC5: (string) \033[3^ 52: kDC6: (string) \033[3@ 53: kDC7: [missing] 54: kdch1: (string) \033[3~ 55: kDN: (string) \033[b 56: kDN3: [missing] 57: kDN4: [missing] 58: kDN5: (string) \033Ob 59: kDN6: [missing] 60: kDN7: [missing] 61: kend: (string) \033[8~ 62: kEND: (string) \033[8$ 63: kEND3: [missing] 64: kEND4: [missing] 65: kEND5: (string) \033[8^ 66: kEND6: (string) \033[8@ 67: kEND7: [missing] 68: kf1: (string) \033[11~ 69: kf10: (string) \033[21~ 70: kf11: (string) \033[23~ 71: kf12: (string) \033[24~ 72: kf13: (string) \033[25~ 73: kf14: (string) \033[26~ 74: kf15: (string) \033[28~ 75: kf16: (string) \033[29~ 76: kf17: (string) \033[31~ 77: kf18: (string) \033[32~ 78: kf19: (string) \033[33~ 79: kf2: (string) \033[12~ 80: kf20: (string) \033[34~ 81: kf3: (string) \033[13~ 82: kf4: (string) \033[14~ 83: kf5: (string) \033[15~ 84: kf6: (string) \033[17~ 85: kf7: (string) \033[18~ 86: kf8: (string) \033[19~ 87: kf9: (string) \033[20~ 88: kHOM: (string) \033[7$ 89: kHOM3: [missing] 90: kHOM4: [missing] 91: kHOM5: (string) \033[7^ 92: kHOM6: (string) \033[7@ 93: kHOM7: [missing] 94: khome: (string) \033[7~ 95: kIC: (string) \033[2$ 96: kIC3: [missing] 97: kIC4: [missing] 98: kIC5: (string) \033[2^ 99: kIC6: (string) \033[2@ 100: kIC7: [missing] 101: kich1: (string) \033[2~ 102: kLFT: (string) \033[d 103: kLFT3: [missing] 104: kLFT4: [missing] 105: kLFT5: (string) \033Od 106: kLFT6: [missing] 107: kLFT7: [missing] 108: kmous: (string) \033[M 109: knp: (string) \033[6~ 110: kNXT: (string) \033[6$ 111: kNXT3: [missing] 112: kNXT4: [missing] 113: kNXT5: (string) \033[6^ 114: kNXT6: (string) \033[6@ 115: kNXT7: [missing] 116: kpp: (string) \033[5~ 117: kPRV: (string)
Re: tmux: create window failed (too many open files)
Hi, After some tests (on a new tmux server, started with tmux -L test ...), I could (partially) reproduce the problem. Partially, because: in fstat output there are 2 kinds of bugged entries: tty and null tty: 181 descriptors null: 320 descriptors And I arrived to keep descriptors opened against /dev/tty , but not against /dev/null (for the moment, but I monitor what in my use what generate this...). This occurs with urlview (textproc/urlview), with a custom url_handler. Basically urlview take a text in stdin (generally an email), and display a menu (ncurses) of URLs found in the text. The user choose an URL, and urlview start a command (in my case, a custom script). First, my configuration: $ cat ~/.urlview # command to invoke for selected URL COMMAND /home/semarie/.local/bin/urlview_handler.sh Next, the command started by urlview: $ cat /home/semarie/.local/bin/urlview_handler.sh #!/bin/sh # if TMUX enable, update environment if [ -n ${TMUX} ] ; then eval `tmux show-environment | grep -v '^-' | sed 's/=\(.*\)$/=\\1\/'` unset `tmux show-environment | grep'^-' | sed 's/^-//'` export `tmux show-environment | grep -v '^-' | sed 's/=\(.*\)$//'` fi # check DISPLAY if [ -n ${DISPLAY} ] ; then exec chrome $@ fi # if not DISPLAY exec lynx $@ And when I launch the command: $ echo 'http://www.openbsd.org/' | urlview 3 new descriptors against tty are opened and not closed after the command. There are directly correlate with the 3 tmux show-environment in the script. I don't remind exactly the purpose of updating the environnement in the script... should be to keep kerberos ticket or display environnement in text-mode ... but ? Additionnaly, running the url_hander alone (without urlview) don't trigger the problem. I will disabling the part of updating environment in my script (and if I always need it, I will recall when something won't work !) I will post when I have more info. Please let me known if more informations are needed. Thanks. -- Sebastien Marie
Re: tmux: create window failed (too many open files)
The patch seems to resolv the problem. Only seems, because I only known to reproduce it for the 'tty' descriptor, but I hope the 'null' descriptor will be in the same case :-) But I will use this version for test it. Thanks a lot. -- Sebastien Marie On Wed, Sep 26, 2012 at 03:42:23PM +0100, Nicholas Marriott wrote: Try this please: Index: server-client.c === RCS file: /cvs/src/usr.bin/tmux/server-client.c,v retrieving revision 1.79 diff -u -p -r1.79 server-client.c --- server-client.c 3 Sep 2012 09:32:38 - 1.79 +++ server-client.c 26 Sep 2012 14:42:04 - @@ -912,8 +912,10 @@ server_client_msg_identify( return; } - if (!isatty(fd)) - return; + if (!isatty(fd)) { + close(fd); + return; + } data-term[(sizeof data-term) - 1] = '\0'; tty_init(c-tty, c, fd, data-term); if (data-flags IDENTIFY_UTF8) On Wed, Sep 26, 2012 at 01:40:53PM +0200, S?bastien Marie wrote: Hi, After some tests (on a new tmux server, started with tmux -L test ...), I could (partially) reproduce the problem. Partially, because: in fstat output there are 2 kinds of bugged entries: tty and null tty: 181 descriptors null: 320 descriptors And I arrived to keep descriptors opened against /dev/tty , but not against /dev/null (for the moment, but I monitor what in my use what generate this...). This occurs with urlview (textproc/urlview), with a custom url_handler. Basically urlview take a text in stdin (generally an email), and display a menu (ncurses) of URLs found in the text. The user choose an URL, and urlview start a command (in my case, a custom script). First, my configuration: $ cat ~/.urlview # command to invoke for selected URL COMMAND /home/semarie/.local/bin/urlview_handler.sh Next, the command started by urlview: $ cat /home/semarie/.local/bin/urlview_handler.sh #!/bin/sh # if TMUX enable, update environment if [ -n ${TMUX} ] ; then eval `tmux show-environment | grep -v '^-' | sed 's/=\(.*\)$/=\\1\/'` unset `tmux show-environment | grep'^-' | sed 's/^-//'` export `tmux show-environment | grep -v '^-' | sed 's/=\(.*\)$//'` fi # check DISPLAY if [ -n ${DISPLAY} ] ; then exec chrome $@ fi # if not DISPLAY exec lynx $@ And when I launch the command: $ echo 'http://www.openbsd.org/' | urlview 3 new descriptors against tty are opened and not closed after the command. There are directly correlate with the 3 tmux show-environment in the script. I don't remind exactly the purpose of updating the environnement in the script... should be to keep kerberos ticket or display environnement in text-mode ... but ? Additionnaly, running the url_hander alone (without urlview) don't trigger the problem. I will disabling the part of updating environment in my script (and if I always need it, I will recall when something won't work !) I will post when I have more info. Please let me known if more informations are needed. Thanks. -- Sebastien Marie
Re: tmux: create window failed (too many open files)
ok, I found why I have some 'null' descriptors... it nears the same case that with 'tty' descriptors. I have a custom script (again) for X11 locking, that first destroy kerberos tickets. And I use tmux show-environment for get KRB5CCNAME environment variable that I used in the tmux session. As the script is run by cwm, the input descriptor should be /dev/null. The patch resolvs all the problem. For simple test, this command could be used: $ tmux info /dev/null This will dup the descriptor in the tmux server, and it will not close it. So after some time, too many descriptors are opened... Thanks again. -- Sebastien Marie On Wed, Sep 26, 2012 at 05:19:56PM +0200, Sébastien Marie wrote: The patch seems to resolv the problem. Only seems, because I only known to reproduce it for the 'tty' descriptor, but I hope the 'null' descriptor will be in the same case :-) But I will use this version for test it. Thanks a lot. -- Sebastien Marie On Wed, Sep 26, 2012 at 03:42:23PM +0100, Nicholas Marriott wrote: Try this please: Index: server-client.c === RCS file: /cvs/src/usr.bin/tmux/server-client.c,v retrieving revision 1.79 diff -u -p -r1.79 server-client.c --- server-client.c 3 Sep 2012 09:32:38 - 1.79 +++ server-client.c 26 Sep 2012 14:42:04 - @@ -912,8 +912,10 @@ server_client_msg_identify( return; } - if (!isatty(fd)) - return; + if (!isatty(fd)) { + close(fd); + return; + } data-term[(sizeof data-term) - 1] = '\0'; tty_init(c-tty, c, fd, data-term); if (data-flags IDENTIFY_UTF8)
Re: Ports security updates in 5.1 or 5.2
On Thu, Aug 30, 2012 at 06:52:15PM +, Stuart Henderson wrote: On 2012-08-30, Sébastien Marie semarie-open...@latrappe.fr wrote: I not used all pervious ports, and some are used in safe usage (like using postgresql ports, but not for server). It just a question to known what follow, in order to keep updated... really, in order to keep updated, following -current is a good policy. sure, updates in -current are more fresh ! but the investissement may be important, as it is required to upgrade the system before add or upgrade ports... I think I will consider installing -current on an external disk, in order to see and learn upgrade process (via snapshots) before definitively switch to -current on my laptop. Thanks Stuart. -- Sebastien Marie
Re: Ports security updates in 5.1 or 5.2
On Wed, Aug 29, 2012 at 09:34:22PM +0200, Patrick Lamaiziere wrote: Le Wed, 29 Aug 2012 09:59:46 +0200, Sebastien Marie semarie-open...@latrappe.fr a écrit : Hello, I currently follow STABLE branch for openbsd (and so, for ports too), which is OPENBSD_5_1. But, I saw that the last security updates for ports go to OPENBSD_5_2 and not to OPENBSD_5_1. Any examples ? The probleme may not be present in 5.1. databases/postgresql version 9.1.4 (in OPENBSD_5_1) is vulnerable to CVE-2012-3488 and CVE-2012-3489 CVE-2012-3488 : insecure use of xslt (xslt is in contrib, so need activation) CVE-2012-3489 : insecure use of libxml2 (XXE possible) OPENBSD_5_2 has upgraded from 9.1.4 to 9.1.5 editors/emacs23 same version in OPENBSD_5_1 (emacs-23.4) and OPENBSD_5_2 (emacs-23.4p2) vulnerable to CVE-2012-3479 (GNU Emacs enable-local-variables Variable Processing Vulnerability) games/openttd same version in OPENBSD_5_1 (openttd-1.1.5) and OPENBSD_5_2 (openttd-1.1.5p1) vulnerable to CVE-2012-3436 (Denial of service (server) using ships on half tiles and landscaping) net/tor same version in OPENBSD_5_1 (tor-0.2.2.37) and OPENBSD_5_2_BASE OPENBSD_5_2 upgrade to tor-0.2.2.38 Tor 0.2.2.38 fixes a rare race condition that can crash exit relays; fixes a remotely triggerable crash bug; and fixes a timing attack that could in theory leak path information. www/py-django OPENBSD_5_1 has version 1.3p3 NIST reports version before 1.3.2 are vulnerable (for CVE-2012-3442 at least) CVE-2012-3442 CVE-2012-3443 CVE-2012-3444 Others ports that would need more investigation for determine if vulnerable or not in OPENBSD_5_1: graphics/GraphicsMagick CVE-2012-3438 graphics/ImageMagick CVE-2012-3437 mail/roundcubemail CVE-2012-3508 I not used all pervious ports, and some are used in safe usage (like using postgresql ports, but not for server). It just a question to known what follow, in order to keep updated... Thanks. -- Sebastien Marie
Re: Perl script ran by chrooted apache
On Fri, Aug 24, 2012 at 06:02:39PM +0100, Mik J wrote: Hello, I have the following perl script that works in command line: [...] # ./dns.pl 142.244.12.42 [...] I tried in /var/www/htdocs/cgi/ but when I access http://192.168.1.1/cgi/dns.pl I have a blank page In theory when Apache is started it loads Net::DNS so that dns.pl can use it. I don't think I'm far from the solution but I'm stuck here. Does anyone have an idea how can I make it work ? Hi, Just a question, the cgi script is the *same* that the command line script ? If yes, you should first print HTTP headers before the content. Try: print Content-Type: text/plain; print ; at the start of your script. The command line should echo: $ ./dns.pl Content-Type: text/plain 142.244.12.42 $ -- Sébastien Marie