1) telnetd removed, so it won't be a parent process
2) Restricted shells can redirect window decor to > /dev/tty
3) In wcd(), only do _ignore() if cd (e.g: can't cd /root)
Index: ksh.kshrc
===
RCS file: /cvs/src/etc/ksh.kshrc,v
ret
On 2014-10-14 Tue 00:24 AM |, Antoine Jacoutot wrote:
>
> Makes sense yes. Not sure I'd want a function just for that one liner though.
> I'll commit something tomorrow.
>
Nice one, using shell internals.
This restricts the listing to files which are also executable:
Index: rcctl.sh
=
Move 2 duplicate searches into a function.
The diff also ignores (RCS) subdirectories.
$ find /etc/rc.d ! -type f
/etc/rc.d
/etc/rc.d/RCS
Index: rcctl.sh
===
RCS file: /cvs/src/usr.sbin/rcctl/rcctl.sh,v
retrieving revision 1.43
dif
Some notes to demo the diff below:
# -=-=-=-=-=-=-= Assignment:
me$ _STATIC_RCCONF='/etc/rc.conf'
me$ _RCCONF="${_STATIC_RCCONF}.local"
# -=-=-=-=-=-=-= Test 1:
me$ print ${_STATIC_RCCONF} ${_RCCONF}
/etc/rc.conf /etc/rc.conf.local
me$ print ${_RCCONF%/*} ${_RCCONF##*/}
/etc rc.conf.local
On 2014-07-15 Tue 16:04 PM |, Theo de Raadt wrote:
> >On Tue, Jul 15, 2014 at 12:22:37PM +0100, Craig R. Skinner wrote:
> >>
> >> Suggestion of add NSD, Unbound & BIND control ports to /etc/services:
> >
> >Makes sense to me. Anyone want
On 2014-07-15 Tue 22:11 PM |, Antoine Jacoutot wrote:
>
> I run both squid and cvsyncd and never needed these entries.
>
Doubtful anyone _needs_ the Microsoft-SQL-* entries.
>
> >
> >
> > Index: etc/services
> > ===
> > RCS fil
The IANA names don't match these popular OpenBSD package's port numbers:
http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?search=3128
= ndl-aas, not web cache/squid
http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xht
Suggestion of add NSD, Unbound & BIND control ports to /etc/services:
Index: etc/services
===
RCS file: /cvs/src/etc/services,v
retrieving revision 1.87
diff -u -p -r1.87 services
--- etc/services12 Jul 2014 14:51:07 -
On 2014-07-11 Fri 03:03 AM |, Theo de Raadt wrote:
> If lynx was removed from base, and only available in ports... how many of
> you would even know of it's existance and use it?
>
Several times a week I use lynx for http or local html docs.
If it wasn't in base, I'd install it/some similar pack
On 2014-06-20 Fri 16:14 PM |, Maurice Janssen wrote:
> ># FIXME No. 9 Moxa card port:
> >moxa09:dv=/dev/tty10:common:
> >
> ># FIXME No. 10 Moxa card port:
> >moxa10:dv=/dev/tty11:common:
>
> Try /dev/tty0a and /dev/tty0b
>
Perfect!
Here's a man page diff to sync with lines 1383-1397 of
/usr/s
FYI;- The sudo users mailing list quickly said the 3 issues I identified
are known bugs, which have been fixed in newer sudo versions.
http://www.sudo.ws/sudo/stable.html
"The current stable release of sudo is 1.8.10p3"
$ sudo -V
Sudo version 1.7.2p8
$ uname -a
OpenBSD teak.britvault.co.uk 5.4 G
FYI tech@, there was a thread on misc@ about
sudo -iu not setting some environment variables:
http://thread.gmane.org/gmane.os.openbsd.misc/211823/
On 2014-04-08 Tue 09:26 AM |, Craig R. Skinner wrote:
> To clarify, there are no ~/. shell dot files.
>
> $PATH & umask are set in /e
On 2014-04-11 Fri 08:58 AM |, Bob Beck wrote:
> sponsors having privileged access to the information (in other words
> they aren't donors, they are paying for early access.)
>
Benefits with strings attached are not donations, ... more like bribes.
Respect for freedom fighting and staying open!
On 2014-03-06 Thu 15:42 PM |, Stuart Henderson wrote:
>
> Personally I'd keep them for releases (which also gives people a base
> to speed up updates to -current) but probably drop them for snapshots..
>
Sensible logic;- reducing workload, network & electricity costs!
On 2013-12-28 Sat 15:13 PM |, Theo de Raadt wrote:
> > > Enhance rc.d/rc.subr with lowered/raised daemon running priority.
>
> You still have done nothing to prove the case for this extra
> complexity.
>
When I managed customer's dedicated servers, it would have been useful,
for example, to have
On 2013-12-28 Sat 21:16 PM |, Craig R. Skinner wrote:
> On 2013-12-19 Thu 13:43 PM |, Craig R. Skinner wrote:
> > Enhance rc.d/rc.subr with lowered/raised daemon running priority.
> >
>
> Take 2:
>
> Replace /etc/rc.d/ rc_renice=X with
> /etc/rc.conf.local _nice
On 2013-12-19 Thu 13:43 PM |, Craig R. Skinner wrote:
> Enhance rc.d/rc.subr with lowered/raised daemon running priority.
>
Take 2:
Replace /etc/rc.d/ rc_renice=X with
/etc/rc.conf.local _nice=X
$ fgrep _nice /etc/rc.conf.local
sshd_nice=-10
dhcpd_nice=15
inetd_nice=YES
greyscanner_ni
On 2013-12-21 Sat 17:13 PM |, Alexander Hall wrote:
> >
> >Comments/testing observations/?
>
> This is not the purpose nor responsibility off the rc.d scripts.
>
>
What alternatives have you in mind?
Maybe an /etc/rc.nicetab which a root run cron job parses for daemon
values, then checks that
On 2013-12-21 Sat 09:16 AM |, Theo de Raadt wrote:
> > > You seem to be coming from the perspective that people do stupid
> > > things, and our base system should handle those stupid things.
> > >
> >
> > My perspective is maildir (backed IMAP) is commonly deployed,
> > and such are as well being
On 2013-12-21 Sat 08:55 AM |, Theo de Raadt wrote:
>
> You seem to be coming from the perspective that people do stupid
> things, and our base system should handle those stupid things.
>
My perspective is maildir (backed IMAP) is commonly deployed,
and such are as well being security checked.
On 2013-12-19 Thu 13:43 PM |, Craig R. Skinner wrote:
> Enhance rc.d/rc.subr with lowered/raised daemon running priority.
>
Comments/testing observations/?
ksh syntax used (which works with /bin/sh & bin/ksh being the same
binary), but dinnae ken if that's "wrong".
On 2013-12-16 Mon 12:11 PM |, Craig R. Skinner wrote:
> Check the security of /var/mail/dirs similar to /var/mail/boxes:
>
Several skilled sysadmins have stated they deliberately avoid using
/var/mail for maildirs as security(8) generates warnings about these.
People are placing maild
On 2013-12-18 Wed 20:48 PM |, J??r??mie Courr??ges-Anglas wrote:
> skin...@britvault.co.uk (Craig R. Skinner) writes:
>
> > On 2013-12-18 Wed 15:54 PM |, Stuart Henderson wrote:
> >> > > > > Check the security of /var/mail/dirs similar to /var/mail/boxes:
> >
On 2013-12-18 Wed 15:54 PM |, Stuart Henderson wrote:
> > > > > Check the security of /var/mail/dirs similar to /var/mail/boxes:
> > >
>
> Indeed, but security(8) really reflects things in the base OS,
>
smtpd.conf(8)
deliver to maildir path
Mail is added to a maildir.
On 2013-12-16 Mon 13:15 PM |, Craig R. Skinner wrote:
> On 2013-12-16 Mon 12:22 PM |, Stuart Henderson wrote:
> > On 2013/12/16 12:11, Craig R. Skinner wrote:
> > > Check the security of /var/mail/dirs similar to /var/mail/boxes:
> >
> > Aren't maildirs usuall
On 2013-12-16 Mon 12:22 PM |, Stuart Henderson wrote:
> On 2013/12/16 12:11, Craig R. Skinner wrote:
> > Check the security of /var/mail/dirs similar to /var/mail/boxes:
>
> Aren't maildirs usually in ~/Maildir?
>
MTA's can deliver to maildirs in several places.
P
Check the security of /var/mail/dirs similar to /var/mail/boxes:
Index: security
===
RCS file: /cvs/src/libexec/security/security,v
retrieving revision 1.23
diff -u -u -p -r1.23 security
--- security21 Mar 2013 09:37:37 -
As the others here with brains have had a chance to sleep on this,
what's the current thinking?
As I understand it, there are 2 decisions to make:
1) How to decide if a $daemon is a script as opposed to a binary
(*) file(1)
(*) dd(d)
(*) sed(1)
Could stat(1) be tasked to
On 2013-09-16 Mon 23:28 PM |, Alexander Hall wrote:
>
> sed can do it all. Really.
This is getting beyond me Alexander.
Is sed a mechanism to step away from using file(1) ?
> Notes:
>
> - I separate re_quote() cause I think it can be useful in other places.
> - I think re_quote() is (basic
On 2013-09-16 Mon 15:12 PM |, Paul de Weerd wrote:
> Hi Craig,
>
> --- cat bad_script.sh
> # This is a VERY BAD example of a script! This will break your
> # shebang thingambob
>
> echo Now what...
> ---
On 2013-09-16 Mon 13:00 PM |, Antoine Jacoutot wrote:
>
> Heh, very interesting trick ;-)
> But I don't think that is 100% full proof as is.
>
> e.g.
> $ head -n 1 /usr/local/bin/xml2-config | cut -d! -f2
> /bin/sh
> You have a white space before the interpreter.
>
> If you can improve that and
For scripts (perl, shell, whatever...), prefix ${pexp} with the script's
interpretor path as defined by the script.
No need to override ${pexp} in the daemon's rc file.
Index: rc.subr
===
RCS file: /cvs/src/etc/rc.d/rc.subr,v
retrie
ping
On 2013-09-05 Thu 14:48 PM |, Todd C. Miller wrote:
> I changed my mind and decided it is better to just move the chown
> and chmod out of copydotfiles() and add an explicit check for skeldir
> set to the empty string. Much as I would like to prettify the
> user.c code it is a losing battle
ping
On 2013-09-06 Fri 10:29 AM |, David Coppa wrote:
> On Thu, Sep 5, 2013 at 9:31 PM, Craig R. Skinner
> wrote:
> > Doesn't seem to reload once chrooted:
> >
> > $ sudo /etc/rc.d/spamd -d reload
> > doing rc_read_runfile
> > doing rc_check
> > sp
Solved?
On 2013-09-05 Thu 14:48 PM |, Todd C. Miller wrote:
> I changed my mind and decided it is better to just move the chown
> and chmod out of copydotfiles() and add an explicit check for skeldir
> set to the empty string. Much as I would like to prettify the
> user.c code it is a losing batt
On 2013-09-06 Fri 10:29 AM |, David Coppa wrote:
>
> OK with me.
>
> ciao,
> David
Anyone else?
--
Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7
Doesn't seem to reload once chrooted:
$ sudo /etc/rc.d/spamd -d reload
doing rc_read_runfile
doing rc_check
spamd
doing rc_reload
Sep 5 19:57:54 oak spamd[22335]: greyreader failed (Error 0)
doing rc_wait reload
doing rc_check
doing rc_check
...
..
.
doing rc_check
(failed)
Index: spamd
On 2013-08-31 Sat 11:18 AM |, Kenneth R Westerback wrote:
>
> This makes sense to me. ok krw@
>
> Ken
>
ping?
--
Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7
On 2013-08-31 Sat 11:45 AM |, patrick keshishian wrote:
> On Sat, Aug 31, 2013 at 06:23:25AM -0600, Todd C. Miller wrote:
> > Assuming we want to make this a non-fatal error the following should
> > do.
>
> You meant non-existent skel dir, not empty. Unless you
> meant empty argument for -k option
39 matches
Mail list logo
