On 2020-09-22 15:07, Ottavio Caruso wrote:
> On 22/09/2020 14:37, Martin Sukany wrote:
>> Hi colleges,
>>
>> I need to set up some kind of collaborative environment (rich text
>> docjuments, basic tables) — request is „something like google docs“.
>>
>> As I’m almost working in shell I have to
On 2020-09-22 10:58, Theo de Raadt wrote:
>> I actually agree with this. Designing a program with pledge in
>> mind is always better. However, that requires that the program be
>> trusted, and there still may be some corner cases in which I can
>> tighten down the pledge more than the program
On 2020-09-22 09:58, Ingo Schwarze wrote:
> Hi Demi,
>
> Demi M. Obenour wrote on Mon, Sep 21, 2020 at 12:51:34PM -0400:
>
>> The tool makes essential use of the execpromises argument
>> to pledge(2), so that it can sandbox the program it executes.
>
> This appe
ve. If it tries to do something that the
sandbox doesn’t allow, it *should* fail. I expect that some
functionality *will* break. That’s okay in my application.
> There's one more thing I want to mention: pledge("shitload of options")
> intentionally is a non-POSIX compliant environment. Command line users
> won't understand the edge conditions.
I agree. pledge(1) is meant for advanced users and for those
implementing sandboxes.
Sincerely,
Demi M. Obenour
unveil(NULL, NULL))
err(2, "unveil");
if (pledge(NULL, *argv))
err(2, "pledge");
execve(progpath, argv + 1, environ);
err(1, "execve");
}
---
Sincerely,
Demi M. Obenour
#include
#include
#include
extern cha
On 2020-09-21 12:51, Demi M. Obenour wrote:
> Yesterday, I wrote an unprivileged sandboxing tool for OpenBSD, based
> on pledge(2) and unveil(2). I have included the complete C source
> code below, and also attached it in case this makes it easier to use.
I just realized that I forgot t
On 2020-09-03 01:09, Mike Larkin wrote:
> On Wed, Sep 02, 2020 at 09:36:14PM -0400, Bryan Steele wrote:
>> On Wed, Sep 02, 2020 at 02:03:35AM -0700, Mike Larkin wrote:
>>> On Wed, Sep 02, 2020 at 03:35:54AM +0200, f...@disciples.com wrote:
, and use PF to NAT packets in this range to 10.137.0.77.
However, this feels like an ugly hack.
For IPv6, I can use the link-local address of each interface as the
-ifa argument, so I am much less worried.
Thank you for your time and attention.
Sincerely,
Demi M. Obenour
signature.asc
On 2020-08-06 09:51, Janne Johansson wrote:
> I have a setup where the virtualization (KVM) combined with the networking
> does present a IPv6 def-gw as both an fe80:: and
> the more normal 2001:a:b:c:d::1/64 and where the 2001-v6 ip works far
> better on virtual machines due to redundancy mac
On 2020-07-24 14:36, Markus Kolb wrote:
> Am 24.07.2020 17:30, schrieb Theo de Raadt:
> [...]
>> non-OpenBSD bootloaders will do a shitty job of booting OpenBSD.
>> I'm not going to bother explaining the situation in detail. People
>> who try to go that way have already decided they don't care
On 2020-07-14 12:58, Stuart Henderson wrote:
> Known problem, there's no nice way around it though. The standard model
> used on most OS of controlling many simpler USB devices from a low
> privileged userland process does not work too well with the approach
> in
On 2020-06-23 22:29, Jordan Geoghegan wrote:
> Hello,
>
> I was working on a couple POSIX regular expressions to search for and
> validate IPv4 and IPv6 addresses with optional CIDR blocks, and encountered
> some strange behaviour from the base system grep.
>
> I wanted to validate my regex
On 2020-07-09 05:06, Markus Kolb wrote:
> Hi,
>
> is there a possibility to install/boot OpenBSD in a Xen guest which is booted
> by pvgrub1 or pvgrub2? The pvgrub is configured to use a /boot/grub/grub.cfg
> of the guest in the 1st partition.
>
> In a non-Xen-grub there is a bsd-module which
On 2020-05-26 09:34, Kanto Andria wrote:
> Hello,
> man ndp is probably another solution
>
> On Tuesday, May 26, 2020, 9:17:25 a.m. EDT, Tommy Nevtelen
> wrote:
>
> On 26/05/2020 11.38, Demi M. Obenour wrote:
>> What is the OpenBSD equivalent to this Linux
What is the OpenBSD equivalent to this Linux command?
ip neighbor add 2001:db8::1 dev xnf0 lladdr fe:ff:ff:ff:ff:ff router nud
permanent
It doesn’t need to be a single command. If the existing userspace
tooling does not support this, is it possible to do it via the
kernel APIs?
Sincerely,
How can I force all IPv6 packets sent via a certain route to:
- Be directed out of a certain interface
- Sent to a certain MAC address
- Regardless of whether NDP works?
I don’t know the peer’s IPv6 address, but I do know the interface
and MAC address.
Sincerely,
Demi
signature.asc
I am working on an OpenBSD-based QubesOS TemplateVM, and have run
into a few problems.
In QubesOS, all volumes of a TemplateVM are persistent. AppVMs based
on a TemplateVM use a (copy of) the TemplateVM’s root partition,
but have their own private partition, which is set to zero when the
VM
On 2019-12-09 10:41, Theo de Raadt wrote:
>
> the project doesn't run the anoncvs servers. we are not able
> to provide you with a list which has more validity than your own
> checks.
>
I (mistakenly) considered the list on the OpenBSD website to be
official. Sorry.
Sincerely,
Demi
On 2019-12-09 10:33, Theo de Raadt wrote:
> Demi M. Obenour wrote:
>
>> Would it be possible to include the default AnonCVS mirrors’ SSH
>> fingerprints in the default ssh_known_hosts?
>
> There is no default ssh_known_hosts file.
>
>> If not, could it be inc
Would it be possible to include the default AnonCVS mirrors’ SSH
fingerprints in the default ssh_known_hosts? If not, could it be
included in another file in the base system?
Sincerely,
Demi
signature.asc
Description: OpenPGP digital signature
I am trying to configure IPv6 support for an OpenBSD VM running on
QubesOS, but have not been successful. Is this likely due to NDP
traffic being blocked by the peer? If so, is there a workaround?
Linux manages to connect fine.
For context, QubesOS uses Xen networking, and drops all IP
21 matches
Mail list logo