:> between NFSv2 and NFSv3.
:Yes, I concur with your patch whole-heartedly. Apparently last night I
:was too-tired, and not intoxicated enough to understand the nfs_serv.c code :)
:
:I alas will not be able to test it. The machine is up and stable with 3k
:mbufs in reserve.. maybe later :)
:
Julian Elischer wrote:
>
> talk to terry on this topic :-)
> He has a set of patches that straighten all this out
You know, I almost made that comment. But I'd rather not have Terry
started again. :-)
--
Daniel C. Sobral(8-DCS)
d...@newsguy.com
d...@freebsd.org
Installing compat22 did it, thank you!
Matthew
At 04:40 PM 7/23/99 -0700, Matthew Dillon wrote:
>:Install the compat22 dist; you have an old a.out binary there.
>:
>:> Greetings,
>:>
>:> I have a 3.2 install from CD-ROM and I am trying to run a commerical
>:> program, i.e. I don't have the sourc
On Fri, Jul 23, 1999, Wes Peters wrote:
> > Do I get a discount for having the same first name?
>
> Nope, you get charged double for attempting to share in the Matt-light.
I've got you _all_ beat. Both of their first names is my
middle name. I get through free!
--
|Chris Costello
|Con
No answer on -current, any help appreciated.
Doug
Original Message
My boxes at work are -current from 7/16. They both use IDE disks since
other than system stuff the disk I/O for the real work is all NFS. In the
daily logs this morning I see this:
> wd0: interr
Well, I'm having problems upgrading a system from 2.2.8 to 3.2-stable. I
checked the archives, and apparently others have run into this one as well.
Unfortunately, I couldn't find a fix for it.
The problem is when the upgrade procedure tries to build the elf version of
libmytinfo. It generates a
Hi clever people
Nobody seems to be confident about the answer to my post to -questions.
Below is the only public answer. It is typical of many private answers
I received from otherwise knowledgeable people willing to make a
partial educated guess but not willing to expose their ignorance
publicly
On Sun, 25 Jul 1999 10:59:26 MST, Doug wrote:
> No answer on -current, any help appreciated.
We're probably all sitting here thinking "I'm sure this was asked and
answered recently. He can read his CURRENT mail like the rest of us."
For the terminally lazy, this was a bug in the pci code
Sue Blake wrote:
>
> Nobody seems to be confident about the answer to my post to -questions.
> Below is the only public answer. It is typical of many private answers
> I received from otherwise knowledgeable people willing to make a
> partial educated guess but not willing to expose their ignoranc
A sandbox is a security term. It can mean two things:
* A process which is placed inside a set of virtual walls that are
designed to prevent someone who breaks into the process from being
able to break into the wider system.
The process is said to be able to "play" in
Sue Blake wrote:
>
> Nobody seems to be confident about the answer to my post to -questions.
> Below is the only public answer. It is typical of many private answers
> I received from otherwise knowledgeable people willing to make a
> partial educated guess but not willing to expose their ignoranc
Speaking of jail() ... it might be a good idea to change the int32 being
passed for the IP address to something a little more portable or it will
not be useable when IPV6 goes in. Perhaps a pointer and a length instead
of an int32, or even pass a structural pointer and a length (wh
In message <199907240405.aaa04...@cs.rpi.edu> "David E. Cross" writes:
: Any-who, is there a way I can get a look at the raw mbuf/mbuf-clusters?
: I have a feeling that seeing the data in them would speak volumes of
: information. Preferably a way to see them without DDB/panic would be ideal.
I'v
In message <19990724082555.a40...@holly.dyndns.org> Chris Costello writes:
:Are you going to be listing all the RFCs that apply? For
: example, DNS is 1033, 1034, and 1035, and NNTP is 0850 and 0977.
DNS is also 1123 and a few others in the 2xxx range. Then again, a
lot are 1123 :-) NNTP sh
On Sun, Jul 25, 1999 at 11:36:49AM -0700, Matthew Dillon
wrote:
> A sandbox is a security term. It can mean two things:
>
[...]
>
> UNIX implements two core sanboxes. One is at the process level, and one
> is at the userid level.
>
> Every UNIX process is completely firewalle
On Mon, 26 Jul 1999, Sue Blake wrote:
> If nobody understands how this sandbox thing works, we should change
> the named.conf that we supply. If somebody does, then they or someone
Understanding a sandbox only requires the ability to read on the part of
the user (something anyone in charge of nam
On Thu, Jul 22, 1999 at 04:47:15PM -0600, Ronald G. Minnich wrote:
> I'm working with intermezzo now. It's interesting.
>
> Note that the VFS is quite simple, and defines a simple kernel-user
> channel which maps VFS ops to requests on an IPC channel. The
> possibilities are endless ...
>
> A fr
On Thu, Jul 15, 1999 at 07:14:03PM -0700, Jaye Mathisen wrote:
>
>
> I could grow to like it.
>
I just wish that it was the other way around. I'd actually run
NT if I could get it in a VMWare compartment under FreeBSD.
Until that happens, I might just have to be content with slagging
it off,
>I think committing this would be beneficial. Would someone w/ commit
>privs care to review and then commit this bit?
I wrote it in rev 1.41 and gave it to the squid folks; it turned out
to cause X to fail in unexplained ways so we reverted it. Then I added
PRUS_MORETOCOME in rev 1.50,
>Can anyone explain how or where the "199.15.32&0xc70f22" entry could
>have come from? I've been unable to remove it ...
Have you tried
route -delete 199.15.32.0 -netmask 199.15.34.0? (I'm guessing at the .0
part; it got truncated. "netstat -nrA" might help figure out what it
really is)
(I ca
Sheldon Hearn wrote:
>
> On Sun, 25 Jul 1999 10:59:26 MST, Doug wrote:
>
> > No answer on -current, any help appreciated.
>
> We're probably all sitting here thinking "I'm sure this was asked and
> answered recently. He can read his CURRENT mail like the rest of us."
I have indeed
Hello,
I am wondering if anyone has had success running bridging only between a
wavelan IEEE802.11 in a BSD machine and a WavepointII using an
IEEE802.11 card. I have had great succes using purely wavelan/BSD.
Kirk McDonald
To Unsubscribe: send mail to majord...@freebsd.org
with "unsubscribe fr
Vincent Poy wrote:
>
> On Thu, 22 Jul 1999, Doug wrote:
>
> > On Wed, 21 Jul 1999, Vincent Poy wrote:
> >
> > > Greetings everyone,
> > >
> > > What are the current good motherboards for FreeBSD for the pentium
> > > II and III? I know on the Pentium, it was the ASUS board but for the
> > >
Apologies if this appears twice. The first attempt didn't appear to work.
Well, I'm having problems upgrading a system from 2.2.8 to 3.2-stable. I
checked the archives, and apparently others have run into this one as well.
Unfortunately, I couldn't find a fix for it.
The problem is when the upg
On Sun, 25 Jul 1999, Doug wrote:
> Vincent Poy wrote:
> >
> > On Thu, 22 Jul 1999, Doug wrote:
> >
> > > On Wed, 21 Jul 1999, Vincent Poy wrote:
> > >
> > > > Greetings everyone,
> > > >
> > > > What are the current good motherboards for FreeBSD for the pentium
> > > > II and III? I know on
jk> The intent of this change is to prevent a user from seeing how an
jk> executable with '--x--x--x' perms works by ktrace'ing its execution.
jk> My question to -hackers is: is this a useful semantic? Would it break
jk> anything if added?
nw> If we make kernel auditing based upon KTRACE (wh
:Understanding a sandbox only requires the ability to read on the part of
:the user (something anyone in charge of named administration has hopefully
:learned, else they don't need to be administrating anything).
:
:As for the current named.conf format... I agree that it should be
:changed. Rc.co
In article <199907260450.vaa10559.kithrup.freebsd.hack...@freefall.freebsd.org>
you write:
>Yes, but /if/ KTRACE is present, today's code allows you to bypass
>the lack of read permissions on an executable. That shouldn't be
>allowed. The current behaviour could be regarded as a security
>hole a
:I wrote it in rev 1.41 and gave it to the squid folks; it turned out
:to cause X to fail in unexplained ways so we reverted it. Then I added
:PRUS_MORETOCOME in rev 1.50, which was supposed to have fixed the problem.
:Let's please not put the hack back in; if PRUS_MORETOCOME is broken
:let's fix
On Sun, 25 Jul 1999 21:50:55 MST, jko...@freebsd.org wrote:
> Yes, but /if/ KTRACE is present, today's code allows you to bypass
> the lack of read permissions on an executable. That shouldn't be
> allowed. The current behaviour could be regarded as a security
> hole actually :).
This doesn't
jk> Yes, but /if/ KTRACE is present, today's code allows you to bypass
jk>the lack of read permissions on an executable. That shouldn't be
jk>allowed. The current behaviour could be regarded as a security
jk>hole actually :).
sef> No more so than core dumps do.
Yes, but an application can pro
>Yes, but an application can protect itself from an inadvertent core dump.
>It can't (today) against being ktrace'd.
You'd better fix ptrace and procfs then. Of course, that breaks everything
that has always been true, but, hey, it's better to be wrong than right, I
guess?
if you care about secu
In message <199907260338.uaa01...@realtime.exit.com> Frank Mayhar writes:
: I'm just doing a "make upgrade" on a clean /usr/obj. It crashes when it gets
: to libmytinfo. That's it.
:
: Any help or pointers would be greatly appreciated. Thanks.
You might try to get a hold of 3.1 release, do a m
In message <64855.932967...@axl.noc.iafrica.com> Sheldon Hearn writes:
: This doesn't look right. If I can execute a binary, I can have the
: system allocate memory to me and but the binary image in it. It's my
: memory. :-)
Also, one can use a custom libc to get around the readonly ness, since
fu
In message <199907260548.waa10...@kithrup.com> Sean Eric Fagan writes:
: if you care about security, you made the damned executable suid or
: sgid. Then ktrace, ptrace, truss, and core dumps do not work. Even
: if it simply does setuid(getruid()).
It also disables attacking the contents of the e
Julian Elischer wrote:
>
> talk to terry on this topic :-)
> He has a set of patches that straighten all this out
You know, I almost made that comment. But I'd rather not have Terry
started again. :-)
--
Daniel C. Sobral(8-DCS)
[EMAIL PROTECTED]
[EMAIL PROTECTED]
Installing compat22 did it, thank you!
Matthew
At 04:40 PM 7/23/99 -0700, Matthew Dillon wrote:
>:Install the compat22 dist; you have an old a.out binary there.
>:
>:> Greetings,
>:>
>:> I have a 3.2 install from CD-ROM and I am trying to run a commerical
>:> program, i.e. I don't have the sour
On Fri, Jul 23, 1999, Wes Peters wrote:
> > Do I get a discount for having the same first name?
>
> Nope, you get charged double for attempting to share in the Matt-light.
I've got you _all_ beat. Both of their first names is my
middle name. I get through free!
--
|Chris Costello <[EM
No answer on -current, any help appreciated.
Doug
Original Message
My boxes at work are -current from 7/16. They both use IDE disks since
other than system stuff the disk I/O for the real work is all NFS. In the
daily logs this morning I see this:
> wd0: inter
Well, I'm having problems upgrading a system from 2.2.8 to 3.2-stable. I
checked the archives, and apparently others have run into this one as well.
Unfortunately, I couldn't find a fix for it.
The problem is when the upgrade procedure tries to build the elf version of
libmytinfo. It generates
Hi clever people
Nobody seems to be confident about the answer to my post to -questions.
Below is the only public answer. It is typical of many private answers
I received from otherwise knowledgeable people willing to make a
partial educated guess but not willing to expose their ignorance
publicl
On Sun, 25 Jul 1999 10:59:26 MST, Doug wrote:
> No answer on -current, any help appreciated.
We're probably all sitting here thinking "I'm sure this was asked and
answered recently. He can read his CURRENT mail like the rest of us."
For the terminally lazy, this was a bug in the pci cod
Sue Blake wrote:
>
> Nobody seems to be confident about the answer to my post to -questions.
> Below is the only public answer. It is typical of many private answers
> I received from otherwise knowledgeable people willing to make a
> partial educated guess but not willing to expose their ignoran
A sandbox is a security term. It can mean two things:
* A process which is placed inside a set of virtual walls that are
designed to prevent someone who breaks into the process from being
able to break into the wider system.
The process is said to be able to "play" i
Sue Blake wrote:
>
> Nobody seems to be confident about the answer to my post to -questions.
> Below is the only public answer. It is typical of many private answers
> I received from otherwise knowledgeable people willing to make a
> partial educated guess but not willing to expose their ignoran
Speaking of jail() ... it might be a good idea to change the int32 being
passed for the IP address to something a little more portable or it will
not be useable when IPV6 goes in. Perhaps a pointer and a length instead
of an int32, or even pass a structural pointer and a length (w
In message <[EMAIL PROTECTED]> "David E. Cross" writes:
: Any-who, is there a way I can get a look at the raw mbuf/mbuf-clusters?
: I have a feeling that seeing the data in them would speak volumes of
: information. Preferably a way to see them without DDB/panic would be ideal.
I've also seen pr
In message <[EMAIL PROTECTED]> Chris Costello writes:
:Are you going to be listing all the RFCs that apply? For
: example, DNS is 1033, 1034, and 1035, and NNTP is 0850 and 0977.
DNS is also 1123 and a few others in the 2xxx range. Then again, a
lot are 1123 :-) NNTP should just list 977,
On Sun, Jul 25, 1999 at 11:36:49AM -0700, Matthew Dillon <[EMAIL PROTECTED]>
wrote:
> A sandbox is a security term. It can mean two things:
>
[...]
>
> UNIX implements two core sanboxes. One is at the process level, and one
> is at the userid level.
>
> Every UNIX process is
On Mon, 26 Jul 1999, Sue Blake wrote:
> If nobody understands how this sandbox thing works, we should change
> the named.conf that we supply. If somebody does, then they or someone
Understanding a sandbox only requires the ability to read on the part of
the user (something anyone in charge of na
On Thu, Jul 22, 1999 at 04:47:15PM -0600, Ronald G. Minnich wrote:
> I'm working with intermezzo now. It's interesting.
>
> Note that the VFS is quite simple, and defines a simple kernel-user
> channel which maps VFS ops to requests on an IPC channel. The
> possibilities are endless ...
>
> A f
On Thu, Jul 15, 1999 at 07:14:03PM -0700, Jaye Mathisen wrote:
>
>
> I could grow to like it.
>
I just wish that it was the other way around. I'd actually run
NT if I could get it in a VMWare compartment under FreeBSD.
Until that happens, I might just have to be content with slagging
it off
>I think committing this would be beneficial. Would someone w/ commit
>privs care to review and then commit this bit?
I wrote it in rev 1.41 and gave it to the squid folks; it turned out
to cause X to fail in unexplained ways so we reverted it. Then I added
PRUS_MORETOCOME in rev 1.50,
>Can anyone explain how or where the "199.15.32&0xc70f22" entry could
>have come from? I've been unable to remove it ...
Have you tried
route -delete 199.15.32.0 -netmask 199.15.34.0? (I'm guessing at the .0
part; it got truncated. "netstat -nrA" might help figure out what it
really is)
(I c
Sheldon Hearn wrote:
>
> On Sun, 25 Jul 1999 10:59:26 MST, Doug wrote:
>
> > No answer on -current, any help appreciated.
>
> We're probably all sitting here thinking "I'm sure this was asked and
> answered recently. He can read his CURRENT mail like the rest of us."
I have indee
Hello,
I am wondering if anyone has had success running bridging only between a
wavelan IEEE802.11 in a BSD machine and a WavepointII using an
IEEE802.11 card. I have had great succes using purely wavelan/BSD.
Kirk McDonald
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freeb
Vincent Poy wrote:
>
> On Thu, 22 Jul 1999, Doug wrote:
>
> > On Wed, 21 Jul 1999, Vincent Poy wrote:
> >
> > > Greetings everyone,
> > >
> > > What are the current good motherboards for FreeBSD for the pentium
> > > II and III? I know on the Pentium, it was the ASUS board but for the
> > >
Apologies if this appears twice. The first attempt didn't appear to work.
Well, I'm having problems upgrading a system from 2.2.8 to 3.2-stable. I
checked the archives, and apparently others have run into this one as well.
Unfortunately, I couldn't find a fix for it.
The problem is when the up
On Sun, 25 Jul 1999, Doug wrote:
> Vincent Poy wrote:
> >
> > On Thu, 22 Jul 1999, Doug wrote:
> >
> > > On Wed, 21 Jul 1999, Vincent Poy wrote:
> > >
> > > > Greetings everyone,
> > > >
> > > > What are the current good motherboards for FreeBSD for the pentium
> > > > II and III? I know o
jk> The intent of this change is to prevent a user from seeing how an
jk> executable with '--x--x--x' perms works by ktrace'ing its execution.
jk> My question to -hackers is: is this a useful semantic? Would it break
jk> anything if added?
nw> If we make kernel auditing based upon KTRACE (w
:Understanding a sandbox only requires the ability to read on the part of
:the user (something anyone in charge of named administration has hopefully
:learned, else they don't need to be administrating anything).
:
:As for the current named.conf format... I agree that it should be
:changed. Rc.c
In article <[EMAIL PROTECTED]> you
write:
>Yes, but /if/ KTRACE is present, today's code allows you to bypass
>the lack of read permissions on an executable. That shouldn't be
>allowed. The current behaviour could be regarded as a security
>hole actually :).
No more so than core dumps do.
I v
:I wrote it in rev 1.41 and gave it to the squid folks; it turned out
:to cause X to fail in unexplained ways so we reverted it. Then I added
:PRUS_MORETOCOME in rev 1.50, which was supposed to have fixed the problem.
:Let's please not put the hack back in; if PRUS_MORETOCOME is broken
:let's fi
On Sun, 25 Jul 1999 21:50:55 MST, [EMAIL PROTECTED] wrote:
> Yes, but /if/ KTRACE is present, today's code allows you to bypass
> the lack of read permissions on an executable. That shouldn't be
> allowed. The current behaviour could be regarded as a security
> hole actually :).
This doesn't
jk> Yes, but /if/ KTRACE is present, today's code allows you to bypass
jk>the lack of read permissions on an executable. That shouldn't be
jk>allowed. The current behaviour could be regarded as a security
jk>hole actually :).
sef> No more so than core dumps do.
Yes, but an application can pr
>Yes, but an application can protect itself from an inadvertent core dump.
>It can't (today) against being ktrace'd.
You'd better fix ptrace and procfs then. Of course, that breaks everything
that has always been true, but, hey, it's better to be wrong than right, I
guess?
if you care about sec
In message <[EMAIL PROTECTED]> Frank Mayhar writes:
: I'm just doing a "make upgrade" on a clean /usr/obj. It crashes when it gets
: to libmytinfo. That's it.
:
: Any help or pointers would be greatly appreciated. Thanks.
You might try to get a hold of 3.1 release, do a make upgrade to that,
In message <[EMAIL PROTECTED]> Sheldon Hearn writes:
: This doesn't look right. If I can execute a binary, I can have the
: system allocate memory to me and but the binary image in it. It's my
: memory. :-)
Also, one can use a custom libc to get around the readonly ness, since
functions in libc c
In message <[EMAIL PROTECTED]> Sean Eric Fagan writes:
: if you care about security, you made the damned executable suid or
: sgid. Then ktrace, ptrace, truss, and core dumps do not work. Even
: if it simply does setuid(getruid()).
It also disables attacking the contents of the executable by
LD
69 matches
Mail list logo
