Re: Random PID implementation and security

Le 2015-05-26 16:25, Theo de Raadt a écrit : Le 2015-05-26 00:10, Miod Vallat a =C3=A9crit=C2=A0: > It is not the responsibility of the operating system to protect its > users against software which assumes using the pid as a random source= =20 > is > a bright and wise idea. =20 Isn't this the

Re: Random PID implementation and security

On 05/27/15 10:18, Simon wrote: Le 2015-05-26 16:25, Theo de Raadt a écrit : Le 2015-05-26 00:10, Miod Vallat a =C3=A9crit=C2=A0: > It is not the responsibility of the operating system to protect its > users against software which assumes using the pid as a random source= =20 > is > a bright a

Re: simple maiserver fail (postfix dovecot)

it is hard to understand even for me only to follow thread . so i write down at http://openbsd-akita.blogspot.jp/2015/05/wifi-router-run0-192.html if there are mistakes , please point them . --- regards

Re: Dual-NSD setup management

On 2015-05-26, Felipe Scarel wrote: > after reading some documentation on the NSD manpage and online, it > seems there's no support for views as offered with BIND. I've gathered > that the general suggestion is to run two separate instances (running > on 127.0.0.1, for example), and divert traffic

Re: Random PID implementation and security

> A 16 bit PID is suppsed to provide true safety? >>> Please. >>> >> >> > Having PID's that are not easily predicable helps to reduce the attack > surface. > IMO that is a security measure, but YMMV. > > Random PIDs is that plastic part, not the padlock. -- May the most significant bit of

Re: Random PID implementation and security

On Wed, May 27, 2015 at 5:18 AM, Simon wrote: > So do you confirm that random PID is actually not a security measure? > > It is often presented as is, but it would not be the first time that some > wrong rumors get widespread enough to become accepted as a truth by most > people. language isn't a

Re: Random PID implementation and security

Le 2015-05-27 11:53, Fred a écrit : On 05/27/15 10:18, Simon wrote: Le 2015-05-26 16:25, Theo de Raadt a écrit : A 16 bit PID is suppsed to provide true safety? Please. The problem is people who believe that shoving a 16 bit value into a deterministic function gets them somewhere. So do yo

Re: Random PID implementation and security

Le 2015-05-27 14:01, Janne Johansson a écrit : A 16 bit PID is suppsed to provide true safety? Please. Having PID's that are not easily predicable helps to reduce the attack surface. IMO that is a security measure, but YMMV. Random PIDs is that plastic part, not the padlock. You mean

Re: Random PID implementation and security

Le 2015-05-27 14:29, Kenneth Gober a écrit : On Wed, May 27, 2015 at 5:18 AM, Simon wrote: So do you confirm that random PID is actually not a security measure? It is often presented as is, but it would not be the first time that some wrong rumors get widespread enough to become accepted as a

installing stable failed

Hi folks, stable built fine, but make install failed with : cc -Werror -Wall -Wimplicit-function-declaration -Wno-main -Wno-uninitialized -Wframe-larger-than=2047 -mcmodel=kernel -mno-red-zone -mno-sse2 -mno-sse -mno-3dnow -mno-mmx -msoft-float -fno-omit-frame-pointer -fno-builtin-printf -

cvs fingerprint for anonvs.jp.openbsd.org

The fingerprints shown for anoncvs.jp.openbsd.org at http://www.openbsd.org/anoncvs.html are md5. Currently, when I connect to the server via the usual cvs command, it responds with an ssh256 fingerprint. For some reason, my brain is not helping me find a way to ask the server to give me md5 fin

Re: cvs fingerprint for anonvs.jp.openbsd.org

On Wed, 27 May 2015, Joel Rees wrote: > Currently, when I connect to the server via the usual cvs command, it > responds with an ssh256 fingerprint. > > For some reason, my brain is not helping me find a way to ask the > server to give me md5 fingerprints. Is there a way? >From what I've tried,

Re: installing stable failed

Just to be sure, do you have /bsd directory created? Since the error is: "ln: /bsd: No such file or directory" Since your report is only the make install error and the error is that the directory does not exist maybe you should start there before making other assumptions about cleverness. Or maybe

Re: installing stable failed

On Wed, May 27, 2015 at 03:08:53PM +0200, Harald Dunkel wrote: > cmp -s bsd /bsd || ln -f /bsd /obsd > ln: /bsd: No such file or directory > *** Error 1 in /usr/src/sys/arch/amd64/compile/GENERIC (Makefile:904 > 'install-kernel-gate5c.example.com.') > > I have rebuilt it *because* /bsd was deleted

Re: Random PID implementation and security

On Tue, May 26, 2015 at 9:50 PM, Simon wrote: > [...] > > Unless specific cases, I do not think that programmers assume that PID > are especially sequential or not, but merely rely on the hypothesis > that: > > - PID are unguessable, > - PID will not be reused quickly. > > And yes, it seems possib

Re: Random PID implementation and security

2015-05-27 15:42 GMT+02:00 Joel Rees : > On Tue, May 26, 2015 at 9:50 PM, Simon > wrote: > > [...] > > > > Unless specific cases, I do not think that programmers assume that PID > > are especially sequential or not, but merely rely on the hypothesis > > that: > > > > - PID are unguessable, > > -

Re: Random PID implementation and security

hi

Re: Random PID implementation and security

Sorry for interruption. I have sent the message by mistake, please ignore it. 2015년 5월 27일 (수) 23:17, 님이 작성: > hi

Re: Random PID implementation and security

On Wed, May 27, 2015 at 02:34:43PM +0200, Simon wrote: > Le 2015-05-27 11:53, Fred a écrit : > >On 05/27/15 10:18, Simon wrote: > >>Le 2015-05-26 16:25, Theo de Raadt a écrit : > >>> > >>>A 16 bit PID is suppsed to provide true safety? > >>> > >>>Please. > >>> > >>>The problem is people who believe

Re: Openbsd 5.7 and sendmail

Thanks I managed to miss noting that I should look at /usr/local/share/doc/pkg-readmes/sendmail-* -Original Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of John Merriam Sent: Tuesday, May 26, 2015 12:20 PM To: Peter Fraser Cc: 'misc@openbsd.org' Subjec

Re: HP LaserJet 1100 lpr printing?

On 2015-05-22 Fri 17:11 PM |, Antoine Jacoutot wrote: > On Fri, May 22, 2015 at 04:08:20PM +0100, Craig Skinner wrote: > > On 2015-05-22 Fri 17:01 PM |, Antoine Jacoutot wrote: > > > > > > What is the version of the cups package you are running? > > > > > > > $ pkg_info -I cups cups-filters foom

Re: Dual-NSD setup management

Additionally to all this good advice, you can create multiple loopback interfaces if you did want to use divert-to. 'ifconfig create lo1' then you don't need to use weird ports to accomplish things. On Wed, May 27, 2015 at 4:06 AM, Stuart Henderson wrote: > On 2015-05-26, Felipe Scarel wrote: >

Re: Dual-NSD setup management

Thanks for the input Stuart and Bryan, I think the dual-authoritative setup might indeed be overkill. I'll look into unbound local-data options, hadn't considered that. On Wed, May 27, 2015 at 3:10 PM, Bryan Irvine wrote: > Additionally to all this good advice, you can create multiple loopback >

Re: "Logjam Attack": is OpenIKED and OpenSMTPD vulnerable?

On 25 May 2015 at 14:33, Pablo Méndez Hernández wrote: > Hi, > > Any statement for iked? > iked implements IKEv2 which doesn't use SSL/TLS. So this attack doesn't directly apply to IKEv2. However we would accept MODP 1024 and better by default. Perhaps we should bump it to 2048 minimum.

NATing out enc0 traffic

Greetings everyone I am playing with amazon virtual private clouds (VPC). I have set a few up. I have no issues connecting ipsec from openbsd <-> amazon VPC. All of these VPCs so far have their own internet connection going out from amazon that works fine. [OpenBSD][VPC]

building mp userland?

I built the userland with a GENERIC kernel. Then I looked at the dmesg and realized I had wanted the GENERIC.MP kernel. I'm going to re-build userland anyway, but how different is the resulting userland? Joel Rees Computer memory is just fancy paper, CPUs just fancy pens. All is a stream of text

Re: building mp userland?

>I built the userland with a GENERIC kernel. Then I looked at the dmesg and >realized I had wanted the GENERIC.MP kernel. > >I'm going to re-build userland anyway, but how different is the resulting >userland? Not a single bit different.

Lenovo T450s status

Hello Misc I'm looking at purchasing a Lenovo T450s as my main laptop, but I wanted to find out if anyone has hit any major roadblocks using obsd 5.7 with this model. I know this is a fairly new machine and support is always hit and miss, but any guidance on this machine would help. Biggest concer

booting OpenBSD with grub

any idea on the the proper way to get grub to boot openbsd: set root=(hd1,4) is what i have, but i am missing something and i do not know what. any thoughts would help. regards. gilles

Re: booting OpenBSD with grub

On Wed, May 27, 2015 at 07:48:49AM -0400, cobalt wrote: > any idea on the the proper way to get grub to boot openbsd: > > set root=(hd1,4) is what i have, but i am missing something and i do not > know what. > > any thoughts would help. > > regards. > > gilles I have an old netbook with sysuti

httpd authenticate option usage

ok, I'm probably being overly dense here, but ... How does the httpd "authenticate" option work? from httpd.conf(5): [no] authenticate [realm] with htpasswd Authenticate a remote user for realm by checking the credentials against the user authentication file htpasswd. The file nam

Re: booting OpenBSD with grub

You can also use kopenbsd to load an OpenBSD kernel directly in grub, I did just this to install OpenBSD from a previous Debian install (just downloaded bsd.rd, rebooted, used grub to boot bsd.rd) --- “Lanie, I’m going to print more printers. Lots more printers. One for everyone. That’s wort

Re: httpd authenticate option usage

> How does the httpd "authenticate" option work? from httpd.conf(5): > [no] authenticate [realm] with htpasswd > Authenticate a remote user for realm by checking the credentials > against the user authentication file htpasswd. The file name is > relative to the chroot and must b

Re: httpd authenticate option usage

On 05/27/15 22:42, Yegor Timoschenko wrote: >> How does the httpd "authenticate" option work? from httpd.conf(5): >> [no] authenticate [realm] with htpasswd >> Authenticate a remote user for realm by checking the credentials >> against the user authentication file htpasswd. The file n

Re: installing stable failed

Hi Theo, On 05/27/15 15:37, Theo Buehler wrote: > > To fix your machine, either use the cp and mv commands as above or > simply issuing > > # cp bsd /bsd > > would be enough since `/bsd' isn't in the way. > The point is that "make install" didn't, because it expected a previous /bsd in the de

Re: Lenovo T450s status

Hi Shaun, On 05/28/15 01:48, Shaun Reiger wrote: > Hello Misc I'm looking at purchasing a Lenovo T450s as my main laptop, but > I wanted to find out if anyone has hit any major roadblocks using obsd 5.7 > with this model. I know this is a fairly new machine and support is always > hit and miss, bu

Re: HP LaserJet 1100 lpr printing?

> $ dmesg | egrep 'lpt|ugen' > ugen0 at uhub1 port 2 "Pr?lific Technology Inc. IEEE-1284 Controller" rev > 1.00/2.00 addr 3 sigh, I totally missed the fact that this was a parallel printer. > Suggestions welcome. The underlying issue might be in the USB stack -- I have no USB/Parallel adapter

Re: groups new

groups.dat-egypt.diff ..for someones cut-n-paste convenience. 2015-05-26 3:54 GMT+02:00 noob sia009 : > 0 > C Egypt > P Masr EL-Gdida > T Cairo > F irregular > O Egypt OpenBSD Group > I Hossam EL-Mansy > M noobsia...@yahoo.com > U > N OpenBSD