Re: Worrying things in dmesg
> > I'm running OpenBSD 4.4 release on an i386 machine. > > I use a Compact Flash card as hdd. Without manual configuration the bios > > recognizes it as removable and refuses to boot OpenBSD. > > What machine is that? It's an old HP Vectra with a p3 733mhz and 128mo of pc133 sdram. I have decided to use compact flash cards to avoid problems with old hdds. Here is a full dmesg : http://www.kalessin.fr/stuff/dmesg_hp_vectra_cose.txt > If you are sure all other hardware is OK, then the card > is faulty. Throw it away and buy a new one, they are very cheap now. I have purchased six identical cards. I will run tests with another card with bonnie++ [1] under one hp vectra with OpenBSD and my workstation (far more recent than the vectras) under Linux 2.6.24. > > But, yesterday I have also noticed that I can't use setuid programs : > > > > Mar 2 15:02:14 gw-pri-eaubonne su: cannot stat /usr/libexec/auth/login_passwd: \ > > Permission denied > > Mar 2 15:02:14 gw-pri-eaubonne su: /usr/libexec/auth/login_passwd: path not secure > > Not sure what this means. Who is trying the su? A regular user in the wheel group. It happens because the setuid bit is not honored (/usr was mounted with nosuid). > > After I bit of searching I have seen this mail received from daily > > insecurity output. > > > > Checking setuid/setgid files and devices: > > Setuid additions: > > -r-sr-xr-x 1 root bin 157440 Aug 13 00:56:44 2008 /sbin/ping > > -r-sr-xr-x 1 root bin 182208 Aug 13 00:56:46 2008 /sbin/ping6 > > [...] > > == > > /etc/fstab diffs (-OLD +NEW) > > == > > --- /dev/null Wed Feb 25 01:30:08 2009 > > +++ /etc/fstab Mon Feb 16 15:32:45 2009 > > @@ -0,0 +1,5 @@ > > +/dev/wd0a / ffs rw 1 1 > > +/dev/wd0f /tmp ffs rw,nodev,nosuid 1 2 > > +/dev/wd0e /usr/ ffs rw,nodev,nosuid 1 2 > > +/dev/wd0d /var ffs rw,nodev,nosuid 1 2 > > +/dev/wd0g /var/tmp ffs rw,nodev,nosuid 1 2 > > [...] > > This looks to me like the first insecurity report after a fresh install > - note that it's a diff between /dev/null (as of Feb 25 = OLD) and /etc/fstab > (as of Feb 16 = NEW). Strange. > > > So the system replaced my configuration files and put nosuid on /usr. > > Why would the system change your mount flags? This is really weird. > > The modifications that I have done on other configurations files (I > > haven't touched the fstab since the install) were kept. > > When did you install? You were right it's the first mail after install. I believe that I have installed this machine the 24 or 23 february, but now I'm not sure. > > - From where my configuration was restored ? (I don't use altroot) > > > > The system doesn't "restore" your configs (whatever that means), > > but keeps daily backups in /var/backups. It might be interesting to see > > the stat(1) of the files there. Which files exactly ? > > - These warnings in dmesg can be considered harmless ? > > No. Anyway, something is going wrong with the hardware here, yesterday the machine froze. It was certainly a panic() (nothing in logs not even messages about the compact flash). Monday, I will run some load tests on an identical machine and my workstation. Thanks a lot for your help. [1] http://www.coker.com.au/bonnie++/ -- Louis Opter
Re: Worrying things in dmesg
On Mar 03 16:10:45, Louis Opter wrote: > Hello, > > I'm running OpenBSD 4.4 release on an i386 machine. > I use a Compact Flash card as hdd. Without manual configuration the bios > recognizes it as removable and refuses to boot OpenBSD. What machine is that? > The machine is used for nat/filtering + dns server, and do it very well. > > But, I have noticed something strange with the compact flash. Sometimes, > I get this in dmesg : > > Feb 24 08:12:10 gw-pri-eaubonne /bsd: wd0(pciide0:0:0): timeout > Feb 24 08:12:10 gw-pri-eaubonne /bsd: type: ata > Feb 24 08:12:11 gw-pri-eaubonne /bsd: c_bcount: 16384 > Feb 24 08:12:11 gw-pri-eaubonne /bsd: c_skip: 0 > Feb 24 08:12:11 gw-pri-eaubonne /bsd: pciide0:0:0: bus-master DMA error: > missing interrupt, status=0x20 > Feb 24 08:12:11 gw-pri-eaubonne /bsd: wd0d: device timeout reading fsbn > 209760 of 209760-209791 (wd0 bn 604896; cn 75 tn 1 sn 33), retrying > Feb 24 08:12:11 gw-pri-eaubonne /bsd: wd0: soft error (corrected) > Feb 24 08:12:11 gw-pri-eaubonne savecore: no core dump > Feb 24 08:12:12 gw-pri-eaubonne /bsd: wd0: transfer error, downgrading to > Ultra-DMA mode 1 > Feb 24 08:12:13 gw-pri-eaubonne /bsd: wd0(pciide0:0:0): using PIO mode 4, > Ultra-DMA mode 1 > Feb 24 08:12:13 gw-pri-eaubonne /bsd: wd0e: aborted command, interface CRC > error reading fsbn 466560 of 466560-466591 (wd0 bn 1272960; cn 157 tn 109 sn > 45), retrying > Feb 24 08:12:13 gw-pri-eaubonne /bsd: wd0: soft error (corrected) (You should always provide a full dmesg with hardware issues.) If you are sure all other hardware is OK, then the card is faulty. Throw it away and buy a new one, they are very cheap now. > However the machine works normally. (And, I have checked the card is > correctly plugged in) > > But, yesterday I have also noticed that I can't use setuid programs : > > Mar 2 15:02:14 gw-pri-eaubonne su: cannot stat > /usr/libexec/auth/login_passwd: Permission denied > Mar 2 15:02:14 gw-pri-eaubonne su: /usr/libexec/auth/login_passwd: path not > secure Not sure what this means. Who is trying the su? > After I bit of searching I have seen this mail received from daily > insecurity output. > > Checking setuid/setgid files and devices: > Setuid additions: > -r-sr-xr-x 1 root bin 157440 Aug 13 00:56:44 2008 /sbin/ping > -r-sr-xr-x 1 root bin 182208 Aug 13 00:56:46 2008 /sbin/ping6 > [...] > == > /etc/fstab diffs (-OLD +NEW) > == > --- /dev/null Wed Feb 25 01:30:08 2009 > +++ /etc/fstab Mon Feb 16 15:32:45 2009 > @@ -0,0 +1,5 @@ > +/dev/wd0a / ffs rw 1 1 > +/dev/wd0f /tmp ffs rw,nodev,nosuid 1 2 > +/dev/wd0e /usr/ ffs rw,nodev,nosuid 1 2 > +/dev/wd0d /var ffs rw,nodev,nosuid 1 2 > +/dev/wd0g /var/tmp ffs rw,nodev,nosuid 1 2 > [...] This looks to me like the first insecurity report after a fresh install - note that it's a diff between /dev/null (as of Feb 25 = OLD) and /etc/fstab (as of Feb 16 = NEW). Strange. > So the system replaced my configuration files and put nosuid on /usr. Why would the system change your mount flags? > The modifications that I have done on other configurations files (I > haven't touched the fstab since the install) were kept. When did you install? > I have corrected the fstab and it works. But now I have three > questions : > - Why this happened ? > - From where my configuration was restored ? (I don't use altroot) The system doesn't "restore" your configs (whatever that means), but keeps daily backups in /var/backups. It might be interesting to see the stat(1) of the files there. > - These warnings in dmesg can be considered harmless ? No. Jan
Worrying things in dmesg
Hello, I'm running OpenBSD 4.4 release on an i386 machine. I use a Compact Flash card as hdd. Without manual configuration the bios recognizes it as removable and refuses to boot OpenBSD. The machine is used for nat/filtering + dns server, and do it very well. But, I have noticed something strange with the compact flash. Sometimes, I get this in dmesg : Feb 24 08:12:10 gw-pri-eaubonne /bsd: wd0(pciide0:0:0): timeout Feb 24 08:12:10 gw-pri-eaubonne /bsd: type: ata Feb 24 08:12:11 gw-pri-eaubonne /bsd: c_bcount: 16384 Feb 24 08:12:11 gw-pri-eaubonne /bsd: c_skip: 0 Feb 24 08:12:11 gw-pri-eaubonne /bsd: pciide0:0:0: bus-master DMA error: missing interrupt, status=0x20 Feb 24 08:12:11 gw-pri-eaubonne /bsd: wd0d: device timeout reading fsbn 209760 of 209760-209791 (wd0 bn 604896; cn 75 tn 1 sn 33), retrying Feb 24 08:12:11 gw-pri-eaubonne /bsd: wd0: soft error (corrected) Feb 24 08:12:11 gw-pri-eaubonne savecore: no core dump Feb 24 08:12:12 gw-pri-eaubonne /bsd: wd0: transfer error, downgrading to Ultra-DMA mode 1 Feb 24 08:12:13 gw-pri-eaubonne /bsd: wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 1 Feb 24 08:12:13 gw-pri-eaubonne /bsd: wd0e: aborted command, interface CRC error reading fsbn 466560 of 466560-466591 (wd0 bn 1272960; cn 157 tn 109 sn 45), retrying Feb 24 08:12:13 gw-pri-eaubonne /bsd: wd0: soft error (corrected) However the machine works normally. (And, I have checked the card is correctly plugged in) But, yesterday I have also noticed that I can't use setuid programs : Mar 2 15:02:14 gw-pri-eaubonne su: cannot stat /usr/libexec/auth/login_passwd: Permission denied Mar 2 15:02:14 gw-pri-eaubonne su: /usr/libexec/auth/login_passwd: path not secure After I bit of searching I have seen this mail received from daily insecurity output. Checking setuid/setgid files and devices: Setuid additions: -r-sr-xr-x 1 root bin 157440 Aug 13 00:56:44 2008 /sbin/ping -r-sr-xr-x 1 root bin 182208 Aug 13 00:56:46 2008 /sbin/ping6 [...] == /etc/fstab diffs (-OLD +NEW) == --- /dev/null Wed Feb 25 01:30:08 2009 +++ /etc/fstab Mon Feb 16 15:32:45 2009 @@ -0,0 +1,5 @@ +/dev/wd0a / ffs rw 1 1 +/dev/wd0f /tmp ffs rw,nodev,nosuid 1 2 +/dev/wd0e /usr/ ffs rw,nodev,nosuid 1 2 +/dev/wd0d /var ffs rw,nodev,nosuid 1 2 +/dev/wd0g /var/tmp ffs rw,nodev,nosuid 1 2 [...] So the system replaced my configuration files and put nosuid on /usr. The modifications that I have done on other configurations files (I haven't touched the fstab since the install) were kept. I have corrected the fstab and it works. But now I have three questions : - Why this happened ? - From where my configuration was restored ? (I don't use altroot) - These warnings in dmesg can be considered harmless ? Thanks for your help. -- Louis Opter - COSE
