OpenBSD 7.6 released, Oct 8, 2024

2024-10-07 Thread Theo de Raadt
- OpenBSD 7.6 RELEASED - October 8, 2024. We are pleased to announce the official release of OpenBSD 7.6. This is our 57th release. We remain proud of OpenBSD's record of mo

OpenBSD 7.5 released: Apr 5

2024-04-04 Thread Theo de Raadt
ry: xenocara.tar.gz ports.tar.gz src.tar.gz sys.tar.gz The README (https://ftp.OpenBSD.org/pub/OpenBSD/7.5/README) file explains how to deal with these source files. -------- - THANKS

Re: can't find PID

2024-03-05 Thread Theo de Raadt
PID 6504 was my shell. I've logged off now. What are you expecting here?? ofthecentury wrote: > Yes, I'm tcdupming pflog and ALL my dropped packets > reference some PID 6504 that is not found among > the processes that are running. I was actually not fishing > for PIDs, I just saw the PID ref

Re: Pre-built images for embeded machines

2024-03-03 Thread Theo de Raadt
Chris Narkiewicz wrote: > On Sat, Mar 02, 2024 at 12:51:05PM -0700, Theo de Raadt wrote: > > It might be easy, but it is wrong. > > Besides extra burden on the build infrastructure, are there other > issues? Curiosity calling, as I'm not using any arm64 devices > p

Re: mount not working as expected? and what are my default bioctl rounds?

2024-03-03 Thread Theo de Raadt
beecdadd...@danwin1210.de wrote: > But manual says this > "If it is a DUID, it will be automatically mapped to the appropriate entry > in /dev" > I assumed the opposite would be true, if I did mount sd3i, and that mount > would check it's DUID and check in fstab for it it does not do that? No way

Re: Pre-built images for embeded machines

2024-03-02 Thread Theo de Raadt
Odd Martin Baanrud wrote: > Are there any plans for providing pre-built images to be used on embeded > machines, like FreeBSD and NetBSD do? > It would be nice to run OpenBSD directly from a SD card on the Raspberry Pi > e.g. I'm not interested in building additional images which will be used

Re: New (for me,) dmesg warning during system bootup.

2024-02-25 Thread Theo de Raadt
Ignore it. Artifact of other work. Temporary. Brian Conway wrote: > On Sun, Feb 25, 2024, at 4:27 PM, Avon Robertson wrote: > > I have noticed several posts related to endbr64 in the last week, so I > > thought this might be of interest to someone. > > > > Performed a 'sysupgrade -s' earlier

Re: Automatic OS updates

2024-02-20 Thread Theo de Raadt
obs...@loopw.com wrote: > Most of the patches don’t require a reboot. This idea sounds horrible for > uptime. Sorry. I’m not rebooting something because a font was patched… syspatch outputs a message that the system needs a reboot. This could be parsed.

Re: sysupgrade fails firmware fetch

2024-02-17 Thread Theo de Raadt
Kirill A. Korinsky wrote: > On Sat, 17 Feb 2024 22:27:52 +0100, > Sonic wrote: > > > > Seems it's looking for a 7.5 directory (-current apparently just moved > > to 7.5-beta) instead of the snapshot directory. > > > > And using snapshot directory fails because wrong signature: > > ~ $ doas

Re: CARP and VRRP compliance

2024-02-14 Thread Theo de Raadt
Stuart Henderson wrote: > On 2024-02-13, Samuel Jayden wrote: > > From the information provided in the link, it appears that CARP and VRRP > > protocols aren't inherently interoperable. > > They are different protocols - they *had* to be different because VRRP > was subject to patents. And if c

Re: ntpd: "DNS lookup tempfail" when running on an IPv6-only node

2024-02-14 Thread Theo de Raadt
Stuart Henderson wrote: > You need to use one of the "2." pool addresses, e.g. > > global: > > 2.pool.ntp.org > > regional: > > 2.africa.pool.ntp.org > 2.asia.pool.ntp.org > 2.europe.pool.ntp.org > 2.north-america.pool.ntp.org > 2.oceania.pool.ntp.org > 2.south-america.pool.ntp.org > > "vend

Re: ntpd: "DNS lookup tempfail" when running on an IPv6-only node

2024-02-14 Thread Theo de Raadt
Willy Manga wrote: > On 14/02/2024 09:31, Theo de Raadt wrote: > > Willy Manga wrote: > > > >> Is it possible the default ntpd.conf file use something like > >> > >> "servers openbsd.pool.ntp.org" and of course have openbsd.pool.ntp.org

Re: KeyTrap DNS vulnerability

2024-02-14 Thread Theo de Raadt
Otto Moerbeek wrote: > On Wed, Feb 14, 2024 at 04:55:20AM +0100, b...@fea.st wrote: > > > “A single packet can exhaust the processing > > capacity of a vulnerable DNS server, effectively > > disabling the machine, by exploiting a > > 20-plus-year-old design flaw in the DNSSEC > > specification

Re: ntpd: "DNS lookup tempfail" when running on an IPv6-only node

2024-02-13 Thread Theo de Raadt
Willy Manga wrote: > Is it possible the default ntpd.conf file use something like > > "servers openbsd.pool.ntp.org" and of course have openbsd.pool.ntp.org > looking for IPv6 nodes? Not going to happen.

Re: Improve support of Go

2024-02-13 Thread Theo de Raadt
Stuart Henderson wrote: > On 2024/02/13 07:36, Theo de Raadt wrote: > > Stuart Henderson wrote: > > > > > On 2024-02-13, Kirill A Korinsky wrote: > > > > Good day, > > > > > > > > I'm updating go's syscall table to moder

Re: Improve support of Go

2024-02-13 Thread Theo de Raadt
Stuart Henderson wrote: > On 2024-02-13, Kirill A Korinsky wrote: > > Good day, > > > > I'm updating go's syscall table to modern OpenBSD (7.4). > > Save your time. Post-7.4 you cannot call syscall() any more. The result seems to have nothing to do with syscalls. It is the same as the build

Re: SSH Controlmaster holding devices

2024-02-05 Thread Theo de Raadt
This has nothing to do with ssh. Unix works this way. You have not thought through that the cwd means. It is a fd, on a vnode, as an inode on a filesystem. Of course it will prevent an unmount.

Re: M.2 Libre NIC

2024-01-30 Thread Theo de Raadt
Rohan Ganapavarapu <24rganapavar...@athenian.org> wrote: > Do any of you guys know of a NIC card with OpenBSD support, fits in a M.2 > slot, and has libre firmware? > > I found the AR9462, which has libre firmware and is M.2, but the current > ath9k driver does not support it. libre firmware ha

Re: GENERIC.MP#1600 last snapshot cvs cant create tmp subdir

2024-01-17 Thread Theo de Raadt
You removed the relevant part of the ktrace, so noone can help.

Re: time keeping fallback mechanics during reboot on octeon

2024-01-17 Thread Theo de Raadt
Did anyone try this idea: Theo de Raadt wrote: > Horrible hack that might work: > > Put a big #ifndef BOOT_QUIET inside ffs_sbupdate() to stop it from > doing the writeout. > > That option serves other purposes inside the BOOT kernels, but maybe > we can find another

Re: time keeping fallback mechanics during reboot on octeon

2024-01-14 Thread Theo de Raadt
Horrible hack that might work: Put a big #ifndef BOOT_QUIET inside ffs_sbupdate() to stop it from doing the writeout. That option serves other purposes inside the BOOT kernels, but maybe we can find another way of abstracting it better.

Re: time keeping fallback mechanics during reboot on octeon

2024-01-13 Thread Theo de Raadt
Blocking the timeupdate in ffs_sbupdate() will be difficult. It is probably easier to have the BOOT kernel learn the time (from the true root filesystem), so that ffs_sbupdate() writes back the same value. That means either an ugly way to reach inittodr() or the userland code in the bootblock cou

Re: time keeping fallback mechanics during reboot on octeon

2024-01-13 Thread Theo de Raadt
I think the BOOT kernel has done inittodr() with the stale value in the bootblock file. Stale, because this is never written back. Later it mounts a filesystem onto /mnt, which is the real root. That gets unmounted. It writes the stale time to that filesystem.

Re: time keeping fallback mechanics during reboot on octeon

2024-01-12 Thread Theo de Raadt
I suspect this is due to how powerpc64 and octeon boot. Their bootblocks are a special kernel called BOOT which mounts the ffs filesystem diretly. I suspect during the transition to loading GENERIC.MP something wrong happens with the on-disk time information, which misleads the next kernel.

Re: as cannot do endbr64 instructions (too old)

2023-12-31 Thread Theo de Raadt
Ah, only disasm support was added to binutils.

Re: as cannot do endbr64 instructions (too old)

2023-12-31 Thread Theo de Raadt
That's curious. We never invoke as directly these days. It feels like an upstream llvm bug, and I say that because noone else has embraced BTI/IBT as much as we have, everyone else is still considering it a thing for specific applications or the future. Lorenz (xha) wrote: > hi misc@, > > lik

Re: Firefox, Chrome, Libreoffice bogus syscall on -current

2023-12-29 Thread Theo de Raadt
Ax0n wrote: > And yes, quite a lot of stuff referencing libc.so.97.1 in /usr/local - 223 > files in bin, 361 in lib, 0 in sbin. Then your machine is not -current, not by a long shot. We moved to libc.so.98.0 on Dec 12. At least two rounds of new packages have shown up since then. I do believ

Re: Firefox, Chrome, Libreoffice bogus syscall on -current

2023-12-28 Thread Theo de Raadt
Stuart Henderson wrote: > On 2023-12-27, Ax0n wrote: > > I had been running #1471 since December 5th without issue, and this week > > upgraded to the latest snapshot (#1567) after which some apps such as > > Firefox won't run. They display "msyscall a8000 error" followed by a > > core dump. dme

Re: Firefox, Chrome, Libreoffice bogus syscall on -current

2023-12-27 Thread Theo de Raadt
b...@fea.st wrote: > On Thu, Dec 28, 2023, at 00:41, Ax0n wrote: > > I had been running #1471 since December 5th without issue, and this week > > upgraded to the latest snapshot (#1567) after which some apps such as > > Firefox won't run. They display "msyscall a8000 error" followed by a > > core

Re: ls in color

2023-12-08 Thread Theo de Raadt
Karel Lucas wrote: > In openBSD V7.4 I would like to see the output of ls in color, and > therefore would like to know how to configure that. The output of "man > ls" provides no information about this. Can anyone give me a tip? Black and white are also colours.

Re: termtypes.master glitch in building -current

2023-12-01 Thread Theo de Raadt
This is not new. >From time to time, manual crossover build steps occur. We don't build them into the tree, because that turn into future burden. Eric Grosse wrote: > When I've built -current on several machines recently, the procedure dies at > ===> share/termtypes > /usr/bin/tic -C -x /us

Re: CPU0 at 100% on Thinkpad 480 with OpenBSD 7.4

2023-11-27 Thread Theo de Raadt
Mike Larkin wrote: > On Mon, Nov 27, 2023 at 01:05:56PM -0500, Laurent Cimon wrote: > > Hi, > > > > > > The CPU0 on my Thinkpad 480 is always running at around 100%. It's on > > OpenBSD 7.4. > > > > It seems to be doing this in the kernel. > > > > > > Here is the CPU's line from top(1). > > > >  

Re: Reptar aka CVE-2023-23583

2023-11-21 Thread Theo de Raadt
You can find that information on Intel's webpages. Michael Hekeler wrote: > Am 15.11.23 13:41 schrieb Christian Weisgerber: > > not jacinda ardern: > > > > > I saw something about a new intel microcode coming out (subject line) for > > > a goofy new bug somebody found. Do you guys package that

Re: Upgrading from 7.3 to 7.4 with sysupgrade

2023-11-17 Thread Theo de Raadt
Florian Obser wrote: > On 2023-11-17 16:06 +01, Odd Martin Baanrud wrote: > > Hello Jan, > > > > Thanks for the tip. > > The upgrade went smoothly. > > I ran “sysupgrade -n”, deleted the game set and the X sets and rebooted. > > > > Perhaps sysupgrade should be enhanced, so one could either choo

Re: Upgrading from 7.3 to 7.4 with sysupgrade

2023-11-17 Thread Theo de Raadt
Odd Martin Baanrud wrote: > Perhaps sysupgrade should be enhanced, so one could either choose which sets > should be upgraded, or even beter, the tool could figure out which sets are > installed, and upgrade just those. That will never happen.

Re: What happened to art4.html

2023-11-08 Thread Theo de Raadt
crying won't bring them back cat wrote: > > for now > > It has been over a year > > On November 3, 2023 3:07:14 PM GMT, Christian Weisgerber > wrote: > >cat: > > > >> I tried to find OpenBSD's official branding art (not the release poster > >> art or anything) and I couldn't find it. Wikip

Re: Jumbo frame, just a little late..

2023-11-07 Thread Theo de Raadt
Daniele B. wrote: > Actually i'm not sure about the real benefits of it, and for a soho > environment like mine but after 17 years I decided to take jumbo > frame seriously.. and MTU values of my network equipment to 9018. > I watched with happiness also to my old Mac having jumbo frame hard > co

Re: USB serial local getty terminal re-prompts for login on any input

2023-10-26 Thread Theo de Raadt
ktrace -di of the process will show what is going on Crystal Kolipe wrote: > On Thu, Oct 26, 2023 at 12:20:08PM -0400, Morgan Aldridge wrote: > > Yes, your assumption was correct, every keypress acts as if I had pressed > > enter. Thanks for confirming! > > Getty re-displays the login prompt

Re: Donations

2023-10-26 Thread Theo de Raadt
Joel Carnat wrote: > > Le 26 oct. 2023 à 16:38, Ingo Schwarze a écrit : > > > > The advice is extremely simple: > > > > If you can, donate directly to the OpenBSD project because that means > > 1. the donation can be used for any purpose, including all purposes > >that can be funded by the

Re: What could cause high CPU load averages (no actual CPU usage)?

2023-10-25 Thread Theo de Raadt
Mike Fischer wrote: > > Am 25.10.2023 um 17:29 schrieb Theo de Raadt : > > > > Mike Fischer wrote: > > > >> True. But like I said, this was noticed because of the sudden increase on > >> the same (OpenBSD) machine without any obvious reason. &g

Re: What could cause high CPU load averages (no actual CPU usage)?

2023-10-25 Thread Theo de Raadt
Mike Fischer wrote: > True. But like I said, this was noticed because of the sudden increase on the > same (OpenBSD) machine without any obvious reason. The reason is obvious. You installed a completely different system. There is no SLA on keeping the load average code's calculation the same.

Re: What could cause high CPU load averages (no actual CPU usage)?

2023-10-25 Thread Theo de Raadt
Claudio Jeker wrote: > On Wed, Oct 25, 2023 at 11:57:54AM +0200, Mike Fischer wrote: > > I have been observing occasional bouts of high load averages on several > > servers I administer and I am trying to find the cause. (I monitor these > > machines so that I can implement corrective measures in

Re: Fwd: install74.iso

2023-10-23 Thread Theo de Raadt
In the next few snapshots, an ISO file will start to show up. I won't be testing it. You will. Privately let me know how it goes and I'll make more tweaks to it. There may be problems with bootblocks, etc. At this time I don't know what it will take to get it right. Robert Palm wrote: > Tha

Re: AAAA entry for openbsd.org

2023-10-23 Thread Theo de Raadt
Martin Schröder wrote: > Am Mo., 23. Okt. 2023 um 17:14 Uhr schrieb Theo de Raadt > : > > Martin Schröder wrote: > > > > > Am Mo., 23. Okt. 2023 um 16:54 Uhr schrieb Theo de Raadt > > > : > > > > So many, many words demanding that I configure

Re: AAAA entry for openbsd.org

2023-10-23 Thread Theo de Raadt
Martin Schröder wrote: > Am Mo., 23. Okt. 2023 um 16:54 Uhr schrieb Theo de Raadt > : > > So many, many words demanding that I configure my networks for ipv6. > > "is there any reason openbsd.org still has no entry at the end of 2023?" > > So the reason

Re: AAAA entry for openbsd.org

2023-10-23 Thread Theo de Raadt
So many, many words demanding that I configure my networks for ipv6. Armin Jenewein wrote: > No idea what you perceive here as a "rant", my apologies if that seemed > like one to you, that's not my intention. > > FWIW both ftplist1.openbsd.org and ftplist2.openbsd.org have no > entry, eith

Re: Crash on TOSHIBA PORTEGE Z30-A laptop

2023-10-21 Thread Theo de Raadt
Mike Larkin wrote: > On Sat, Oct 21, 2023 at 01:27:21PM +0400, wes...@technicien.io wrote: > > Hi Philip, > > > > Thank you very much for your answer. > > > > I tried to disable all options (+devices) possible. Same issue. > > And what's about disable acpi in the kernel using the bsd.re-config? >

Re: malloc leak detection

2023-10-19 Thread Theo de Raadt
Hiltjo Posthuma wrote: > On Thu, Oct 19, 2023 at 08:27:37PM +0200, Otto Moerbeek wrote: > > Hello, > > > > I made a small tutorial with some usage notes for the new malloc leak > > detection which is available in OpenBSD 7.4: > > > > https://www.drijf.net/malloc/ > > > > While I have you a

Re: ldd error with setuid/setgid binaries

2023-10-18 Thread Theo de Raadt
Yoshihiro Kawamata wrote: > From: "Theo de Raadt" > Subject: Re: ldd error with setuid/setgid binaries > Date: Wed, 18 Oct 2023 06:35:51 -0600 > > > You don't explain why you need to do this. You just completely skipped > > that. > > You don'

Re: ldd error with setuid/setgid binaries

2023-10-18 Thread Theo de Raadt
Stuart Henderson wrote: > On 2023/10/18 06:35, Theo de Raadt wrote: > > ldd around suid programs has a fine history of security holes. > > > > One idea is for you to just not not do that. > > > > You don't explain why you need to do this. You just compl

Re: ldd error with setuid/setgid binaries

2023-10-18 Thread Theo de Raadt
ldd around suid programs has a fine history of security holes. One idea is for you to just not not do that. You don't explain why you need to do this. You just completely skipped that. You don't justify why you need it to work. Does that make me care?? No, it really doesn't make me care. Yoshi

OpenBSD 7.4 released -- Oct 16, 2023

2023-10-16 Thread Theo de Raadt
- OpenBSD 7.4 RELEASED - October 16, 2023. We are pleased to announce the official release of OpenBSD 7.4. This is our 55th release. We remain proud of OpenBSD's record of m

Re: ROP Exploitation in openbsd-64 Programs After Removing ROP Gadgets

2023-10-12 Thread Theo de Raadt
Nan ZoE wrote: > Sure, thank you for your patient response. > > I will continue to refine my work and attempt to develop some > countermeasures against ROP mitigation. If there's good news, I will > contact OpenBSD again! By the way, the first idea I provided, which is > "Zeroing registers befor

Re: OpenBSD 7.4

2023-10-12 Thread Theo de Raadt
Don't be ridiculous, there is no point to be so obtuse. The date is already visible in many files in our tree, and you know it. Oct 16. Peter N. M. Hansteen wrote: > On Thu, Oct 12, 2023 at 07:54:04PM +0200, Karel Lucas wrote: > > Is it already known when openBSD 7.4 will be released? I would

Re: ROP Exploitation in openbsd-64 Programs After Removing ROP Gadgets

2023-10-12 Thread Theo de Raadt
> We would like to collaborate with OpenBSD in researching how to reduce the > number of gadgets and increase the difficulty of using gadgets. I've think I've vaguely explained how that works. All the mitigations efforst went like this: 1) come up with an idea 2) write a complete working prototy

Re: ROP Exploitation in openbsd-64 Programs After Removing ROP Gadgets

2023-10-12 Thread Theo de Raadt
Nan ZoE wrote: > Hello, Thank you for your response. > > I'm sorry, I just looked at the introduction of pinsyscall. If OpenBSD only > uses > pinsyscall, calling syscall is a challenge in exploitation. However, I'm not > sure if > this is a required protection mechanism for all programs. What

Re: ROP Exploitation in openbsd-64 Programs After Removing ROP Gadgets

2023-10-12 Thread Theo de Raadt
Nan ZoE wrote: > Additionally, it's reasonable to assess the correctness of the ROP payloads > we generate for a program by injecting vulnerabilities. Firstly, the > original gadget set in the program remains intact and usable. Secondly, > this method of injecting vulnerabilities is equivalent to

Re: vmd and /dev/sd*

2023-10-12 Thread Theo de Raadt
Manuel Giraud wrote: > > Manuel Giraud writes: > > > >> Hi, > >> > >> I can't find the information on this list (or elsewhere). Is it > >> possible to have a vm that access a disk through its device? The > >> following does not seem to work: > >> > >> # vmctl start -cL -m 1G -b /bsd.rd -d /dev

Re: ROP Exploitation in openbsd-64 Programs After Removing ROP Gadgets

2023-10-12 Thread Theo de Raadt
Nan ZoE wrote: > In comparison, a more straightforward example is the "as" program. The ROP > payload > > for > this program is relatively simple, and it can also achieve the ROP target > of calling ex

Re: ROP Exploitation in openbsd-64 Programs After Removing ROP Gadgets

2023-10-12 Thread Theo de Raadt
> Please note that after injecting the vulnerabilities, the programs execute > the '*main*' function from the vulnerable program, not the entry function > from the original program. However, the Gadgets from the original program > are still usable. This approach allows us to evaluate the ROP constr

Re: ROP Exploitation in openbsd-64 Programs After Removing ROP Gadgets

2023-10-12 Thread Theo de Raadt
Nan ZoE wrote: > Thank you for your response. It seems there might be some misunderstanding > about what > I'm researching. Allow me to explain the experiments I'm conducting in more > detailed. I'm looking at the Subject. It uses the word "Exploitation". That word has a very specific meanin

Re: debugging "invalid argument" errors when loading elf files

2023-10-11 Thread Theo de Raadt
I think the problem here is you are using a linker script. You are creating a new class of binary, with different layouts and issues, and since you are doing it on your own, you'll never know what you are missing until later. The linker script stuff is fragile, poorly undocumented stuff which cha

Re: ROP Exploitation in openbsd-64 Programs After Removing ROP Gadgets

2023-10-11 Thread Theo de Raadt
the execve system call entrypoint for a memory image which is not readable. >From innovations.html: ld.so and crt0 register the location of the execve(2) stub with the kernel using pinsyscall(2), after which the kernel only accepts an execve call from that specific location. Theo de R

Re: openFPGAloader successfully built, but can't flash with ftdi error

2023-10-11 Thread Theo de Raadt
Gregory Edigarov wrote: > On Fri, 6 Oct 2023 10:06:15 - (UTC) > Stuart Henderson wrote: > > > On 2023-10-06, S V wrote: > > >> The software that you're using may need the USB device to be > > >> attached to ugen rather than uftdi. The simplest way to do this is > > >> probably to type "boo

Re: Understanding -current as 7.4 is released

2023-10-06 Thread Theo de Raadt
Rudolf Leitgeb wrote: > On Fri, 2023-10-06 at 11:06 -0600, Theo de Raadt wrote: > > > Other operating systems do not have a vast number of people using  > > daily snapshots in the way our users do, so it is only our users who > > have this experience. > > Your exp

Re: Understanding -current as 7.4 is released

2023-10-06 Thread Theo de Raadt
Marc Espie wrote: > Specifically, OpenBSD decides whether it's running "bleeding edge" current > (snapshot) or a release/stable based on what the kernel says. OpenBSD does not decide. It has labels to delineate transitions in the process. Maybe we should go versionless? Noone would have a cl

Re: Understanding -current as 7.4 is released

2023-10-06 Thread Theo de Raadt
Marc Espie wrote: > On Thu, Oct 05, 2023 at 12:45:56PM -0400, Ronald Dahlgren wrote: > > Hello friends, > > > > I’ve been running -current for several months now. Recently I started using > > “-D snap” when updating packages with pkg_add. > > > > I ask the list to help me understand what, if an

Re: X11 crashing

2023-10-05 Thread Theo de Raadt
Maria Morisot wrote: > I installed the patch for X11 (October 3rd), then rebooted, > now X is crashing every time I log in on xenodm, > sometimes I get a blue screen with debug messages, > other times I get a square on my screen with a black background, > and it is otherwise completely frozen, an

Re: ROP Exploitation in openbsd-64 Programs After Removing ROP Gadgets

2023-09-22 Thread Theo de Raadt
You have missed other stuff which matters. Try again. Nan ZoE wrote: > Because, as far as I understand, these ROP mitigation mechanisms seem to > have been updated only in the three versions of OpenBSD, namely 6.3 to 6.5 > . Of course, I have also studied some

Re: ROP Exploitation in openbsd-64 Programs After Removing ROP Gadgets

2023-09-21 Thread Theo de Raadt
There is no comprehensive & final solution for RET polymorphism due to variable-sized instruction architecture, and the only solution is to move to fixed-sized architectures where all RETs can be protected and ROP-free therefore becomes possible. The best we can do is reduce it. The ability to re

Re: undocumented command switches -OR- fix documentation fully

2023-09-20 Thread Theo de Raadt
e for this > kind of effort.. in OpenBSD in 2025. Is it too late and too thin of > an edge to walk on? > > awk-local(1) when? > > On 9/20/23, Theo de Raadt wrote: > > Old man yells at cloud. > > Yes.

Re: undocumented command switches -OR- fix documentation fully

2023-09-20 Thread Theo de Raadt
Old man yells at cloud.

Re: GPIO on Octeon

2023-09-19 Thread Theo de Raadt
Alex Frolkin wrote: > Hi all, > > I see that the Octeon kernel provides an octgpio0 device, but there's no > gpio0 at octgpio0 device (and I've tried to compile a kernel that has > it, but it fails to configure), and the gpioctl binary is missing. > > Is GPIO support on this platform just incom

Re: File transfer using ftp from bsd.rd booted system

2023-08-27 Thread Theo de Raadt
The interactive mode of the ftp client is not compiled into the install media. But, the non-interactive mode is there, so you can use -o to download files. However, you seem to want to push files out. That support is also compiled out. These things are missing because if they remained, the inst

Re: suspend/resume issue on T440p w/ Libreboot

2023-08-26 Thread Theo de Raadt
There is a change to acpi.c (1.421) regarding wakeup GPEs which may help, however this is work was done after 7.3

Re: Change userland core dump location

2023-08-25 Thread Theo de Raadt
There isn't a way. And I will argue there shouldn't be a way to do that. I don't see a need to invent such a scheme for one user, when half a century of Unix has no way to do this. Sorry. Johannes Thyssen Tishman wrote: > Hi everyone, > > is there a way to configure a location to store userlan

Re: ld depends on libpthread 27.1, 27.0 is installed

2023-08-21 Thread Theo de Raadt
Yesterday, there was a snapshot that was missing the new library. Just upgrade again, and it should be fixed.

Re: volatility or something like that in the future ?

2023-08-21 Thread Theo de Raadt
whistlez wrote: > My mindset was to contribute what I know to improve the > project. What did you contribute? You typed words, which is not a contribution. You asked for others to do things you want. But we don't want the feature you want, because we consider it an anti-feature. We do not wa

Re: volatility or something like that in the future ?

2023-08-19 Thread Theo de Raadt
whistlez wrote: > > > > I saw no hatred in the post you replied to. > > > > OpenBSD developers are Makers, not Takers. They code for OpenBSD for > > themselves, not for the user community. > > > > The point is you should spend some time trying to contribute before you > > start asking fo

Re: Feedback on redesigned OpenBSD.org

2023-08-11 Thread Theo de Raadt
When did it become an assumption that we would adopt any of these changes?

Re: Recognition Of Linux LVMs

2023-08-07 Thread Theo de Raadt
Greg Thomas wrote: > > storage (and I wonder, parenthetically, why FreeBSD and NetBSD are > > willing to support ZFS, but OpenBSD is not). Why continue to wonder? Why not just sit down and figure out that they surrendered their ideals? I make vegeterian meals all the time, with a big slab of b

Re: Installing openBSD

2023-07-31 Thread Theo de Raadt
gt; > Umgeher Torgersen 于 2023年8月1日周二 上午12:21写道: > > On Mon, Jul 31, 2023 at 09:37:13AM -0600, Theo de Raadt wrote: > > Omar Polo wrote: > > > > > On 2023/07/31 17:19:59 +0200, Karel Lucas wrote: > > > > > > > > Hi, > > >

Re: Installing openBSD

2023-07-31 Thread Theo de Raadt
Omar Polo wrote: > On 2023/07/31 17:19:59 +0200, Karel Lucas wrote: > > > > Hi, > > > > But fdisk also has an option to edit the existing partition table. > > only if you want to do stuff manually, which from the thread I assume > you don't need. > > > This > > allows me to delete only the

Re: Installing openBSD

2023-07-31 Thread Theo de Raadt
Karel Lucas wrote: > Multi-boot is not an option here. The intention is to replace the entire > PfSense installation with openBSD. Eventually this computer becomes a > firewall with PF, so the current installation is unnecessary. But my > question remains whether I need the (U)EFI partition fo

Re: RISCV mailing list

2023-07-26 Thread Theo de Raadt
develo...@robert-palm.de wrote: > Zitat von Theo de Raadt : > > > develo...@robert-palm.de wrote: > > > >> I suggest a mailing list for the RISCV arch. > >> > >> Ok? > > > > > > It will be as popular and useful as the other

Re: RISCV mailing list

2023-07-26 Thread Theo de Raadt
develo...@robert-palm.de wrote: > I suggest a mailing list for the RISCV arch. > > Ok? It will be as popular and useful as the other per-architecture lists, meaning -- it is the wrong approach.

Re: ddb panic on 7.3 after applying 2023-07-24 zenbleed patches

2023-07-25 Thread Theo de Raadt
Stuart Henderson wrote: > On 2023-07-25, Kevin wrote: > > Regarding the Zenbleed vulnerability itself, none of our AMD hosts are > > known to be vulnerable at this time as they are all running Milan and > > later CPUs. > > rather than going with "none are known to be vulnerable" they should > p

Re: ddb panic on 7.3 after applying 2023-07-24 zenbleed patches

2023-07-25 Thread Theo de Raadt
Kevin wrote: > Would this be worth putting a ticket into Vultr to get them to make > appropriate > updates on their side? You are the customer.

Re: ddb panic on 7.3 after applying 2023-07-24 zenbleed patches

2023-07-25 Thread Theo de Raadt
Snapshots got that diff about 8 hours earlier. > For what it’s worth, my Vultr VPS machine is running snapshots and updated > without issue. > > Hope this helps as a clue! > > On Tue, Jul 25, 2023 at 10:45 AM Theo de Raadt wrote: > > > It seems some of the smaller

Re: ddb panic on 7.3 after applying 2023-07-24 zenbleed patches

2023-07-25 Thread Theo de Raadt
It seems some of the smaller hypervisor companies didn't get the memo, and they are blocking the msr write to to set the chicken bit. They block it by raising an exception. They should IGNORE that bit if they allow setting it. I also have a strong suspicion some of them do not have the firmware f

Re: amd microcode

2023-07-24 Thread Theo de Raadt
Jonathan Gray wrote: > On Mon, Jul 24, 2023 at 03:17:26PM -0700, Courtney wrote: > > $ pkg_info | grep amd > > amd-firmware-20230719 microcode update binaries for AMD CPUs > > It by no means covers all zen 2 models. ^^^ AMD's firmwar updates for the fix are incomplete. Some models won't get

Re: patch-008 missing in CVS repo

2023-07-20 Thread Theo de Raadt
ckeader wrote: > Brian Conway writes: > [...] > > >> I see similar results when I try pulling from a couple anoncvs mirrors. > > >> Perhaps a bug or oops in the CVS update process? > > > > > > Keep waiting while more of Canada wakes up and it will likely get > > > resolved. > > > In the meantim

Re: Syspatch https://cdn.openbsd.org/pub/OpenBSD

2023-07-13 Thread Theo de Raadt
We only manufacture errata for the last two releases. 7.1 is 3 releases ago. You are on your own, or you upgrade to the last two releases. Duncan Patton a Campbell wrote: > > I'm just looking at > http://www.openbsd.org/errata71.html > (see attached PNG) > > and it's missing the last 8 entr

Re: Self-hosting OpenBSD server, any documentation?

2023-07-08 Thread Theo de Raadt
Jonathan Drews wrote: > > > > On Sat, Jul 8, 2023, at 01:42, Jonas Borchelt wrote: > > The book "Absolute OpenBSD" is an excellent choice to expand your knowledge > > of the OpenBSD operating system. It was written by Michael W. Lucas and is > > regarded as a comprehensive resource for begin

Re: ntpd and ppm

2023-07-04 Thread Theo de Raadt
J Doe wrote: > On 2023-07-04 17:27, Martin Schröder wrote: > > > Am Di., 4. Juli 2023 um 23:20 Uhr schrieb J Doe : > >> I checked: man ntpd and: man 2 adjfreq, and while: man 2 adjfreq > >> mentions the same unit - "ppm" - it doesn't explain what that means. > >> > >> What does "ppm" stand for

Re: ntpd and ppm

2023-07-04 Thread Theo de Raadt
J Doe wrote: > Hi, > > I noticed when: ntpd logs time adjustments in: /var/log/daemon it uses a > unit of "ppm": > > Jun 22 23:22:20 server ntpd[45813]: adjusting clock frequency by > -1.127600 to 0.056400ppm > > I checked: man ntpd and: man 2 adjfreq, and while: man 2 adjfreq > mentio

Re: Immutable Page Protections

2023-06-30 Thread Theo de Raadt
Justin Handville wrote: > > pledge does not drop access to system calls. It blocks the *action* > > of it, inside the kernel. You are muddling things together far too much. > > That's a matter of semantics. The point is that pledge reduces attack surface > by > reducing what a program is capa

Re: Immutable Page Protections

2023-06-30 Thread Theo de Raadt
Justin Handville wrote: > Theo de Raadt wrote: > > > > It's a cheap defense in depth protection that simplifies my use > > > case. > > > But I don't see a real security benefit of what you are trying to do. > > There may not be. At this poi

Re: Immutable Page Protections

2023-06-30 Thread Theo de Raadt
Justin Handville wrote: > Dave Voutila wrote: > > > Have you considered a libexec approach instead? If the goal is to keep a > > child process having only the executable pages it needs for operations, > > why not split up the program design instead of mucking with ELF stuff? > > That surely has

Re: Immutable Page Protections

2023-06-30 Thread Theo de Raadt
Justin Handville wrote: > I'm assuming that misc@ is probably the best place for this e-mail, > although it gets a bit in the tech@ weeds. I upgraded to 7.3 not so > long ago, and I noticed that a daemon I had written was no longer > working properly. For reasons that are probably too much to ge

  1   2   3   4   5   6   7   8   9   10   >