Radeon HD 7770
Sent from Outlook Mobile. Yes, it works with gmail.
On Wed, Apr 20, 2016 at 12:21 PM -0700, "ilyes aiouaz"
wrote:
Hi,
What's the model of your graphics card ?
Le 20/04/2016 18:46, Daniel Boyd a écrit :
> Breakthrough in xfce -- Settings ->
On 22.04.2016 03:25, Ultramedia Libertad wrote:
> hello
>
> I am upgrade OpenBSD 5.8 to 5.9 and after to reboot
>
> i have follow errors in remote console :
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> *init: daemon: unknown class (failed)syslogdsu: daemon: unknown class
> (failed)pflogdsu:
On 24.04.2016 04:39, niya levi wrote:
> hi everyone
> i am trying to setup openvpn with tun on a bridge (openbsd 5.9),
> i tried the following but got an Invalid argument error,
>
> ifconfig tun0 create
> ifconfig bridge0 create
> ifconfig bridge0 add em0
> ifconfig bridge0 add tun0
> ifconfig: br
On 26/04/2016 04:56, open...@smartpoint.co.nz wrote:
> Does anyone have experience connecting an OpenBSD box via a fibre ONT ?
>
> I currently have a working setup using the OpenBSD box as a
> router/firewall for my LAN, connecting to the internet via an ethernet
> connected ADSL modem. I'm trying
Any idea how to get it to map the uid? Once I mount the folder, I can't
access it.
I've tried -o idmap=user, -o uid=1000, etc. None of that seems to work.
On Mon, Apr 25, 2016 at 6:18 AM, Dmitrij D. Czarkoff
wrote:
> Thuban said:
> > Oh, that was it.
> > It works after a
> > # chmod 666 /d
On 28/04/2016 05:07, Jeremy wrote:
> On Tue, 26 Apr 2016 17:53:32 -0500
> Adam Thompson wrote:
>> If all else fails, run "ifconfig em2 up", and then "tcpdump -i em2
>> - -l -n" and see what, if any, traffic is coming from the ONT on
>> the raw ethernet port (this will include the VLAN 10 packe
On Mon, 9 May 2016 15:03:30 -0600, Jeff Ross
wrote:
> Trying to install apache-httpd-openbsd in -current
https://marc.info/?l=openbsd-ports-cvs&m=146186762111571&w=2
On Sun, 15 May 2016 12:17:40 +0200, Leo Unglaub
wrote:
> Now i wannted to use bioctl -cC -lsd8a softraid0 but i get the
> following error message:
>
> > softraid0: sd8a has unsupported sector size (4096)
> > softraid0: invalid metadata format
>
> I looked around and found an old email from Ke
On Tue, May 17, 2016 at 07:25:45AM +0100, trebol55...@yandex.ru wrote:
> mg(1)
>
> […] It is compatible with emacs because
> there shouldn't be any reason to learn more editor types than emacs or
> vi(1).
>
> Where is the troll, where is the silly troll?
>
Given enough time, a UN
On 25.05.2016 15:01, Jeff Ross wrote:
> Hi all,
>
> I am incrementally bringing my server up to date. I was on 5.5-current so
> following the instructions I upgraded to 5.6 stable.
>
> I re-wrote my pf.conf to remove the oldqueue rules and to simplify the
> rule set.
>
> Checks okay for syntax
evl_tag = htons(ifv->ifv_tag);
m_adj(m, ETHER_HDR_LEN);
M_PREPEND(m, sizeof(evh), M_DONTWAIT);
if (m == NULL) {
Daniel
On Mon, Jun 06, 2016 at 09:52:49AM -0400, Alan Corey wrote:
>
> On the Arch Linux page at
> https://wiki.archlinux.org/index.php/Flashing_BIOS_from_Linux there's
> mention of a couple programs that might work: BiosDisk and Flashrom.
> Anybody use either of those under OpenBSD? I haven't tried cha
Has anyone else been hvaing random reboots on current? The system freezes up for
maybe 30 seconds or so, then reboots. I have a hunch that it's something with my
wifi card because occasionally during a reboot it'll error saying something
about
MIC errors and then reboot, or just freeze+reboot duri
he reboot comes in (doesn't
handle
something right in the driver, I guess? And it hangs the network card.)
On Sun, Jun 19, 2016 at 07:54:45PM -0700, Philip Guenther wrote:
> On Sun, Jun 19, 2016 at 1:59 PM, Daniel Wilkins wrote:
> > Has anyone else been hvaing random reboots o
On Mon, Jun 20, 2016 at 10:19:36AM +0200, Erling Westenvik wrote:
> On Sun, Jun 19, 2016 at 07:54:45PM -0700, Philip Guenther wrote:
> > On Sun, Jun 19, 2016 at 1:59 PM, Daniel Wilkins
> > wrote:
> > > Has anyone else been hvaing random reboots on current? The syst
I've blatantly copied tedu@'s subject line from
http://www.tedunangst.com/flak/post/the-day-some-of-the-DNS-stopped
since he's a developer and I believe I've run into the same issue.
Almost every time the Internet connection goes down at home, unbound
1.5.7 on my 5.9-release router partly goes dow
While trying out the latest snapshot, I noticed that PKG_CACHE is ignored:
# whoami
root
# echo $PKG_CACHE
/root/packages
# pkg_add -ivv wget
Update candidates: quirks-2.241 -> quirks-2.241
quirks-2.241 signed on 2016-07-26T16:56:10Z
No change in quirks-2.241
parsing wget-1.18
...
Running /usr/bin
On Sat, Jul 30, 2016 at 08:00:26AM -0400, Richard Thornton wrote:
> Does this USB wireless add-o, which uses a realtek chipset, work with
> OpenBSDThe installer sees it, the firmware fails to load.
It's common for manufacturers to sell completely different hardware with
the same marketing name
That works very differently as far as taxes go. Theo would have to start
reporting
it as income if Canada works like the US, and things are interesting from
there.
On Sun, Aug 21, 2016 at 07:36:40AM -0400, Donald Allen wrote:
> But isn't it still better to send the money directly to you, since
vided by a 13 years old at the
time for multi boot installed here:
http://marc.info/?t=12694577022&r=1&w=4
And that was on his mac 5,5 however he had it running way before that on
his very old mac 1,1 model.
If your really interested I am sure you can find it in the archive.
So, live up to your own words or eat them!
Peace,
Daniel
PS: Statement like your remind me why I don't write as much as I used to
on this list...
urrent on Digital
Ocean when/if he install it. No ne have a clue what you run there, so
why bother to answer you!
So, do you also " Do you need a draw ?"?
Peace,
Daniel
lue what you run, version and all. How do you
frankly expect an answer?
Have a nice day.
Peace,
Daniel
PS: No, your mother told you we had a date last week? Holy shit... I
didn't remember that one
On 8/24/16 2:18 PM, Troy Frericks wrote:
> -- Forwarded message --
> From: Troy Frericks
> Date: Wed, Aug 24, 2016 at 1:17 PM
> Subject: Re: DigitalOcean and OpenBSD
> To: Daniel Ouellet
>
>
> OpenBSD is not supported on/by DigitalOcean.
I never said i
On 25.08.2016 14:46, Kamil Cholewiński wrote:
> On Thu, 25 Aug 2016, Gilles Chehade wrote:
>> There are other alternatives with better hardware, services and policies
>> within the same price ranges. online.net to name one, hetzner.de to name
>> another one.
>
> Hetzner customer here. Hetzner doe
Hi,
> Hetzner customer here. Hetzner doesn't support OpenBSD natively. The
> only instructions I could find are kind of dated, in German, seem to
> apply only to dedicated servers (as opposed to VMs), and overall look
> like a giant hack. Anyone had luck getting things running recently?
I have a
it should or that would be a good idea may just be for you to
add to your SPF records the entry for the mailing list used as this:
host-2:~ daniel$ dig txt bsdly.net +short
"v=spf1 a mx ip4:213.187.179.198 ip4:194.54.103.54/26
ip6:2001:16d8:ff00:1a9::2 ip6:2001:16d8:ccbc:dead:
On 8/26/16 5:37 PM, li...@wrant.com wrote:
> Fri, 26 Aug 2016 15:36:16 -0400 Daniel Ouellet
>> On 2016-08-26, Peter N. M. Hansteen wrote:
>>
>>> The only downside is, the traditional forwarding that mailing lists do
>>> *also* triggers the DMARC dark magic
On 8/26/16 8:11 PM, li...@wrant.com wrote:
>> But my question for sure that I am not sure of the answer is if you have
>> emails that happened to have multiple DKIM signature added to the header
>> along the way.
>
> Why would you have these, if email is not getting changed after sending?
> Simply
On Tue, Aug 30, 2016 at 08:44:44PM -0400, Joe Gidi wrote:
> I suspect/fear that the answer might be, "your hardware died", but since
> the armv7 port is under heavy development, maybe this information will be
> of some value to the devs...
>
> I've been running snapshots on my Wandboard Quad for t
release to the public
today. Takes time to get all piece together you know.
Might be more welcome to say thanks to the devs instead don't you think?
I am sure they would appreciate that more...
Best,
Daniel
On Tue, May 27, 2014 at 3:33 PM, Stuart Henderson wrote:
> It just works for me, no special setup needed, no static-port or anything,
> just a standard nat-to rule. This is with various devices; snom and gigaset
> hardware phones, softclient on android, pjsua on OpenBSD.
>
> But the SIP servers I
s of
https://uglyman.kremlin.cc/gitweb/gitweb.cgi?p=systemd-utl.git;a=blob;f=scripts/gen-gdbus-interfaces.sh;h=f827434d0211ea8765c075fdb2916386ffc16ecb;hb=HEAD
btw. it's bashism in a posix shell suit?
Daniel
> hostnamed, localed, and timedated as well as a framework for porting the
> logind behemoth. you can follow the progress at
> https://uglyman.kremlin.cc/gitweb/gitweb.cgi?p=systemd-utl.git
>
> ian
2014-06-29 13:40 GMT+02:00 Antoine Jacoutot :
> So first you comment on Ian's GSoC and now on systemd... thai is confusing.
> I don't care about systemd we will never have it. We just need some
> interfaces
> that are currently only implemented in systemd.
This is the right approach to the subj
ow of one.
Daniel
On 7/3/14, 6:41 AM, Stuart Henderson wrote:
> On 2014-07-03, Daniel Ouellet wrote:
>> Sorry for the off topic question, but I am looking and researching a PCI
>> network card that would have both the cat5 jack and wireless capability
>> to be use as host into an OpenBSD ser
It means he's a Southerner by the grace of God.
have a nice day,
Daniel
>From Texas
In Canada
On Sat, Jul 5, 2014 at 2:56 PM, ÐÑÑÑÑ ÐÑÑомин
wrote:
> On Sun, Jun 29, 2014 at 12:38:58PM -0500, Gilbert Sanford wrote:
> > Though the following has nothing to do with
I contacted the CVS maintainer (one of the Canadian sites) and everything
is fine now. I was able to update to -stable in about 97 minutes.
I don't recall the last time I saw KDE load so fast, and it runs so
smoothly.
Daniel V.
On Thu, Jul 10, 2014 at 5:31 PM, Daniel Villarreal
On Thu, Jul 17, 2014 at 1:51 PM, Charles Musser wrote:
> I'm looking to create or cobble together functionality that automates
> network connections as a user roams around with a laptop. The idea is
> to respond to changing network availability: wifi network is known, so
> connect, or cable was pl
pd.conf, I
would appreciate it!
Daniel
Original message from Gordon Turner at 21-7-2014 2:35
> Hey List,
>
> I am trying to use OpenBSD 5.5 as an VPN end point for iOS 7.0 and OSX
> 10.9 native VPN clients, using L2TP / IPsec.
Wow, that is some response!
I'll give it a try today or tomorrow.
Thank you Bastien, Gordon, Chenghan and mxb.
Original message from mxb at 22-7-2014 13:15
> As been the original author of undeadly.org article I can state that info in
> is stil partially valid, except npppd.conf part.
o npppd is started automatically
at system boot
And one question:
Do we really need to allow ah in pf.conf? I have it working with just esp.
Daniel
Original message from mxb at 22-7-2014 13:15
> As been the original author of undeadly.org article I can state that info in
> is stil partial
it from the internet behind a firewall/router that is doing NAT.
Daniel
Original message from Bastien Ceriani at 23-7-2014 9:41
> Daniel,
>
> Good.
> Did you try to connect an Windows (Seven or Eight ?) client. Your VPN
> server is working on your frontend firewall/router or on
On Fri, Aug 1, 2014 at 12:50 PM, Tobias Stoeckmann
wrote:
> Is it (technically) possible to join two wireless networks with just
> one chip? My system has an athn0 interface, would be nice if I can
> join two networks with that.
I don't believe this is possible with OpenBSD.
On Wed, Aug 6, 2014 at 2:38 PM, Stuart Henderson wrote:
> In my (admittedly very limited) testing with the new queueing system,
> it hasn't done very well with low bandwidth queues (ADSL type speeds) that
> used to work OK with altq (symptom, packets being assigned to queues as
> expected, but rat
On Thu, 7 Aug 2014 00:31:14 +0200, Theo Buehler
wrote:
> The version numbers of less and perl in 56.html are incorrect.
While there, nsd's version is wrong too:
http://marc.info/?l=openbsd-cvs&m=139481293201958&w=2
Index: 56.html
openbsd.org/pub/OpenBSD/5.5/packages/amd64 >
/etc/pkg.conf
seemed to resolve the issue at first, but it's still happening. Hmm.
Daniel
It means "Producer," or "maker"
If you do a search, you will see that they sell a lot of OpenBSD
stuffare they or are they not selling official merchandise? I'd like to
hear what German OpenBSD users think of the situation. If they're too busy,
let me know.
Dani
On Fri, 15 Aug 2014 11:37:56 +0400, Denis Lapshin
wrote:
> Is it possible to change or set fixed device names for drives like
> SD0, SD1, SD2, SD3 and so on.
http://www.openbsd.org/faq/faq14.html#DUID
Cheers,
--
Vigdis
x27;s .profile...
*PKG_PATH=http://ftp.openbsd.org/pub/OpenBSD/$(uname
<http://ftp.openbsd.org/pub/OpenBSD/$(uname> -r)/packages/$(uname -m)/*
# cat
/etc/pkg.conf
installpath=http://ftp.openbsd.org/pub/OpenBSD/5.5/packages/amd64
-rw-r--r-- 1 root wheel 66 Aug 12 18:14 pkg.conf
Tha
Hi,
Index: security.html
===
RCS file: /cvs/www/security.html,v
retrieving revision 1.417
diff -u -p -r1.417 security.html
--- security.html 28 Jul 2014 16:48:23 - 1.417
+++ security.html 19 Aug 2014 13:42:42 -000
I shall wait, i"ll keep trying different things I have defined PKG_CACHE
in my regular user home dir, I'll try unsetting that and other things, and
let you know if I get different results ... thanks.
Daniel
On Wed, Aug 20, 2014 at 2:14 AM, Philip Guenther wrote:
> On Mon, Aug 18,
Ville,
I will do those corrections shortly. I really appreciate your help.
FYI, the `installpath=http://ftp.openbsd.org/pub/OpenBSD/5.5/packages/amd64`
part I got directly from the CD-set liner notes. I still need to listen to
the songs on discs 1 and 2.
kind regards,
Daniel Villarreal
On Wed, 27 Aug 2014 19:47:33 +0200, "Martijn Rijkeboer"
wrote:
> Hi,
>
> The files
> http://ftp.openbsd.org/pub/OpenBSD/snapshots/amd64/SHA256[.sig] don't
> have a hash for etc56.tgz and the etc56.tgz file is also older that
> the other base files. Is this an error or did I miss something?
http
ne?
>
http://www.openbsd.org/faq/faq2.html#WebSites
"As always, do not blindly enter commands you do not understand into your
computer."
Part of the magic of OpenBSD for me is that the operating system doesn't
try to "think" for me.
have fun,
Daniel Villarreal
http://www.youcanlinux.org/
On Sun, 7 Sep 2014 19:56:19 +0900, Joel Rees
wrote:
> and I get the following output:
>
> if [ ! -d //. ]; then install -d -o root -g wheel -m 755 /; fi
> mtree -qdef mtree/4.4BSD.dist -p // -U
>
> mtree: unknown group _unbound
> mtree: failed at line 840 of the specification
>
> On Tue, Sep 9, 2014 at 4:30 PM, Matti Karnaattu wrote:
> Hello,
>
> Is it possible to dedicate CPU core to process?
This thread may or may not be useful to read over:
http://marc.info/?t=13588288892&r=1&w=1
>
> What I'm looking for is simple way to take advantage of high quality and
> se
On Tue, Sep 9, 2014 at 7:29 PM, Matti Karnaattu wrote:
>>Also if you were to provide more specifics about your goals, others may
>>have more input.
>
> At the moment I'm looking hobby project to maintain/improve my skills
> developing open source software and my goal is to develop/improve some
> o
2014-09-13 19:27 GMT+02:00 why not :
> hello
>
> Besides NTRU is having a GPL licence,
https://github.com/NTRUOpenSourceProject/ntru-crypto/issues/4
https://github.com/tbuktu/libntru
but:
http://blog.cr.yp.to/20140213-ideal.html
Daniel
/pub/OpenBSD/5.5/index.html
If I manually remove the "index.html" from the url, it works, of course.
I use the snapshot from Thursday (iirc), on amd64.
Cheers,
--
Daniel
On Tue, Sep 23, 2014 at 9:39 AM, Dewey Hylton wrote:
> i have a site-to-site vpn setup across a 40Mbps wan link (average ~30ms
> latency). one of its uses is for san replication, but of course management
> traffic (ssh sessions, etc.) have to cross the link as well. without using
> queues, at time
http://cyclone.thelanguage.org/
http://en.wikipedia.org/wiki/Cyclone_(programming_language)
http://trevorjim.com/papers/usenix2002.pdf
http://homes.cs.washington.edu/~djg/papers/cyclone-cuj.pdf
Best regards,
Daniel
.
...
So if you read the man page you should have the information you need.
Hope this help
Daniel
On 10/2/14 11:39 PM, Daniel Ouellet wrote:
> May be a bit more for you as well under man hostname.if
>
> in the description it said this. "Any lines not matching these packed
> formats are passed directly to ifconfig(8)."
>
> and this section.
>
> options
>
the hostname.if
Hope this clarify it better.
Daniel
On 10/3/14 9:35 AM, trondd wrote:
> The man page for dhclient.conf shows the ability to ignore options sent by
> the dhcp server. If hostname.* doesn't do it, that might be necessary.
>
> Tim.
>
> On Fri, Oct 3, 2014 at
On 10/3/14 6:43 PM, Stuart Henderson wrote:
> On 2014-10-03, Daniel Ouellet wrote:
>> But this had nothing to do with options in hardware network cards
>> configuration like half duplex, full duplex, auto negotiation, speed,
>> mtu, etc.
>
> er, there is option
st in case.
Best,
Daniel
PS: No need to make this into an other JavaScript tread please! (:> Just
yes or no is fine really and if yes, how?
Actually 4.8 to 5.4 included are missing.
Just getting to old and tired to think straight.
My Son got me the 5.5, good boy! (:> He learn well...
Anyway still the same question.
On 10/6/14 9:39 PM, Daniel Ouellet wrote:
> Hi,
>
> I know a few months back the information for the r
On Mon, Oct 6, 2014 at 6:34 PM, Philip Guenther wrote:
> On Mon, Oct 6, 2014 at 2:09 PM, Tor Houghton wrote:
>> Hi,
>>
>> Dumb question: I'm running 'sudo ntpd -s' as part of a remote command to an
>> OpenBSD guest[*]; unless I add a 'pkill sshd' to the end of the remote
>> command, e.g.
>>
>>
ln /bin/pax /bin/tar?
ot;sysctl kern.netlivelocks net.inet.ip.ifq"
> look like?
net.inet.ip.ifq.maxlen was set to 256 i've changed it to 768. I'll look
if the values in net.inet.ip.ifq.drops change.
Kind regards,
Daniel
I'm not sure where this sort of thing is supposed to be reported but the
"Project Goals" link on libressl.org (http://libressl.org/goals.html) is
giving me a 404 error.
On Sun, Oct 19, 2014 at 6:32 PM, worik wrote:
> In a fresh(ish) OpenBSD installation I note .cshrc and .profile in /.
>
> Why?
>
Not sure there's an answer but it was discussed at least one time before:
http://marc.info/?t=11910307971&r=1&w=2
nd:
$ openssl x509 -in fb_ca_chain_bundle.crt -noout -text
The system time and timezone is accurate and I also tried the
mtier-binpatch[0].
I don't know where the problem is. Does anyone have any advice?
Thanks for help
// Daniel
[0]
https://stable.mtier.org/vuxml?release=55&vid=fa94244f-a4b6-4486-891d-4787b27252a7
Ok, the problem is fixed now.
I think it was solved by rebuilding/-installing the crypto library.
Sorry for the disturbance.
// Daniel
On 20.10.2014 23:31, Daniel Pajonzeck wrote:
> Hi list,
>
> I'm running OpenBSD-5.5-amd64. Today, I patched the 012_openssl.patch,
> built
Hi,
I wanted to use the new performance throttling system but I had to look
for what to change so if I can prevent others from doing it. Feel free
to modify the wording :)
Cheers,
Daniel
Index: sysctl.8
===
RCS file: /cvs/src/sbin
yep, it's intended: see:
https://www.mail-archive.com/source-changes@openbsd.org/msg54858.html
On Tue, Oct 28, 2014 at 4:56 PM, Carsten Kunze wrote:
> Hello,
>
> in OpenBSD 5.5 make did try makefiles in order BSDmakefile -> makefile ->
> Makefile.
>
> In Current BSDmakefile is not tried anymore,
FreeBSD's
> Capsicum?
http://www.openbsdfoundation.org/gsoc2014.html
Daniel
GM45 works fine playing html5 videos in firefox for me
OpenBSD 5.4-current (GENERIC.MP) #150: Thu Nov 14 00:30:57 MST 2013
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 4161064960 (3968MB)
avail mem = 4042162176 (3854MB)
mainbus0 at root
bios0 at mainbus0: SM
Hi all,
so, I installed the OpenBSD 5.4 in my laptop (hardware/configs dumps
below) a few weeks ago and everything is running smoothly, with one
exception: the fan is quite noisy.
I tried already setting the hw.setperf to 0 by using the apmd(8)
options -C, -A and -L, which indeed set this config
I've installed current of Dec 9 on a Shuttle DS47 but the network card
doesn't seem to work.
It is detected but doesn't get a DHCP lease, I don't see any traffic on
the network with tcpdump and setting a fixed IP address doesn't help either.
What can I do to help get it supported in OpenBSD?
T
s, fstab or mount didn't point anything on it either.
Many thanks for the continuous improvements!
Daniel
> man mount_tmpfs
>
> Only in the recent snapshots.
>
> If not then CVS, cd /usr/src/sbin/mount_tmpfs
> for source / man page
Why didn't I think of mount_tmpfs???
Thank you!
On Tue, Jan 07, 2014 at 03:05:39PM +, Jurjen Oskam wrote:
> Hi everybody,
>
> Earlier I had a Linux machine (well, a Raspberry Pi actually) which
> I used to read out my energy meter. The energy meter was connected
> to a USB port with a custom FTDI cable. The energy meter only
> supports read
lack of good marketing.
Best regards,
Daniel
2014/1/16 Jack Woehr :
> Daniel Cegiełka wrote:
>>
>> http://goteo.org/project/gnupg-new-website-and-infrastructure
>>
>> Why do not you do such a campaign?
>
>
> I think Theo has answered this previously. His point was that he doesn't
> want to spend
there what they should do!
They do plenty already!
Best regards,
Daniel
14/02/01 04:37:58
Modified files:
usr.sbin/pkg_add/OpenBSD: Dependencies.pm
Log message:
let solve_depends work as soon as we have update_info
Reverting Dependencies.pm to 1.151 fixes it for me.
Daniel
--
LÉVAI Dániel
PGP key ID = 0x83B63A8F
Key fingerprint = DBEC C66B A47A DFA2
D+Current&arch=i386&format=html
Daniel
2014-02-04 Otto Moerbeek :
> On Tue, Feb 04, 2014 at 03:41:09PM +0100, Daniel Cegie?ka wrote:
>
> I believe that in -current, the pubkey comes from /etc/signify.
>
> -Otto
yes, but man pkg_sign:
-s signify|x509 [-s cert] -s privkey
Specify signature
is exactly the same public key, which is stored on OpenBSD
servers (MITM)? signify is a step in the right direction but does not
fix anything. We need trusted key distribution (or verification) for
signify - without it we will being stuck on the same shit (but
successfully verified).
best regards,
Daniel
I agree with the fact that we have no solution to this problem, and
probably will not find it quickly (or ever). I do not want to shout
that now we have to do something. I want to make people aware that
even with signify still need to keep limited trust.
best,
Daniel
On Tue, Feb 11, 2014 at 10:31 PM, Ted Unangst wrote:
> How does bursting work in new queue? I'm unable to measure any effects.
>
> For instance, I start with something like:
>
> pass in on em0 proto tcp to port 80 queue web
> queue rootq on em0 bandwidth 100M max 100M
> queue web parent rootq band
try this:
--- cat id0.c ---
int getuid(){return 0;}
int geteuid(){return 0;}
int getgid(){return 0;}
int getegid(){return 0;}
--- end cut ---
# shell (as normal user):
id -un
cc -shared id0.c -o id0
LD_PRELOAD=./id0 sh
id -un
best,
Daniel
2014-02-16 22:36 GMT+01:00 :
> Hello!
>
2014-02-17 13:15 GMT+01:00 :
> On 16. februar 2014 at 10:11 PM, "Daniel Cegiełka"
> wrote:
>
> try this:
>
> --- cat id0.c ---
> int getuid(){return 0;}
> int geteuid(){return 0;}
> int getgid(){return 0;}
> int getegid(){return 0;}
> --- end cut ---
2014-02-17 15:49 GMT+01:00 Giancarlo Razzolini :
>> Solution: static linking of critical binaries.
>>
>> I hope that my explanation was helpful.
>>
>> best regards,
>> Daniel
>>
> Static linking does solves the issue with this particular rootkit, but
_PRELOAD you can inject
your own code on OpenBSD.
I hope that now it is more understandable.
Daniel
And it never was a threat?
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0872
http://www.cvedetails.com/cve/CVE-2006-6164/
Daniel
ARY_PATH", envp);
}
if (_dl_preload) {
_dl_preload = NULL;
_dl_unsetenv("LD_PRELOAD", envp);
}
It actually should reduce the risk for set*id(), but this in the past
related to CVE-2006-6164 (_dl_unsetenv())?
Daniel
>
> Miod
h.
>>*/
>>_dl_trust = !_dl_issetugid();
>>if (!_dl_trust) { /* Zap paths if s[ug]id... */
>>if (_dl_libpath) {
>>_dl_free_path(_dl_libpath);
>>_dl_libpath = NULL;
>>_dl_unsetenv("LD_LIBRARY_PATH", envp);
>>}
>>if (_dl_preload) {
>&g
e
> time NFS earned its true name (Notreally a File System)...
>
> To put things in perspective, that was roughly 20 years ago.
At least on linux this type of abuse seem to be still (very) effective:
http://blackhatlibrary.net/LD_PRELOAD
http://blackhatlibrary.net/Azazel
and of course PAM:
http://blackhatlibrary.net/Hooking_PAM
Daniel
701 - 800 of 2727 matches
Mail list logo