On 2016/05/16 14:22, Craig Skinner wrote:
> On 2016-05-14 Sat 12:25 PM |, RD Thrush wrote:
> >
> > Thanks, Craig. That is much better than what I proposed
> >
>
> Another solution occured to me Bob;-
>
> ro /usr
> rw /usr/lib (an additional mount point)
>
> If power was lost during boot, most
On 2016-05-14 Sat 12:25 PM |, RD Thrush wrote:
>
> Thanks, Craig. That is much better than what I proposed
>
Another solution occured to me Bob;-
ro /usr
rw /usr/lib (an additional mount point)
If power was lost during boot, most of /usr would be unaffected.
The mods I mailed earlier could a
Sat, 14 May 2016 19:47:59 +0100 Kevin Chadwick
> > Finally, the read only file systems on a writable medium susceptible
> > to all sorts of failure modes is a silly silly useless trick. This
> > does not provide any real technical benefit but your own discomfort.
>
> Pipe it down a bit will you.
Sat, 14 May 2016 12:25:47 -0400 RD Thrush
> On 05/14/16 04:34, Craig Skinner wrote:
> > Hi RD/all,
> >
> > On 2016-05-13 Fri 17:16 PM |, RD Thrush wrote:
> >>
> >> # cp -p /etc/fstab /etc/fstab.orig
> >> # sed -e 's,/usr ffs rw,/usr ffs ro,' /etc/fstab
> >> # shutdown -f now
> >> Shutdown NOW!
> Finally, the read only file systems on a writable medium susceptible
> to all sorts of failure modes is a silly silly useless trick. This
> does not provide any real technical benefit but your own discomfort.
>
Pipe it down a bit will you. I use ro root, /dev in tmpfs and /usr ro
as well as an
Sat, 14 May 2016 12:24:50 -0400 RD Thrush
> On 05/13/16 23:34, Theo de Raadt wrote:
> >> The report is fairly easy to reproduce. Make the /usr filesystem
> >> read-only in /etc/fstab, go to single user mode and exit back to
> >> multi-user. I've appended a transcript.
> >
> > This does not ma
> Thanks, that would work fine. It may be useful as a note in the upgrade guide
> for 6.0 for those (apparently few of us) who have a read-only /usr.
The documentation describes the system as it is shipped.
It does not spend hundreds of pages satisfying tweakers.
On 05/13/16 19:37, Edgar Pettijohn wrote:
>> On May 13, 2016, at 4:16 PM, RD Thrush wrote:
>>
>> On 05/13/16 11:07, Theo de Raadt wrote:
Since the anti-ROP mechanism in libc [2] was added in late April, -current
with read-only /usr produces something like the following message:
re-
On 05/13/16 23:34, Theo de Raadt wrote:
>> The report is fairly easy to reproduce. Make the /usr filesystem
>> read-only in /etc/fstab, go to single user mode and exit back to
>> multi-user. I've appended a transcript.
>
> This does not matter. It is your configuration. It is not the default.
On 05/13/16 19:40, Chris Cappuccio wrote:
> RD Thrush [openbsd-t...@thrush.com] wrote:
>> On 05/13/16 11:07, Theo de Raadt wrote:
Since the anti-ROP mechanism in libc [2] was added in late April, -current
with read-only /usr produces something like the following message:
re-ordering
On 05/14/16 04:34, Craig Skinner wrote:
> Hi RD/all,
>
> On 2016-05-13 Fri 17:16 PM |, RD Thrush wrote:
>>
>> # cp -p /etc/fstab /etc/fstab.orig
>> # sed -e 's,/usr ffs rw,/usr ffs ro,' /etc/fstab
>> # shutdown -f now
>> Shutdown NOW!
>> shutdown: [pid 82541]
>
> Something like this in /etc/rc mi
Fri, 13 May 2016 17:16:19 -0400 RD Thrush
> On 05/13/16 11:07, Theo de Raadt wrote:
> >> Since the anti-ROP mechanism in libc [2] was added in late April, -current
> >> with read-only /usr produces something like the following message:
> >> re-ordering libraries:install: /usr/lib/INS@OPOjn7ck17:
Fri, 13 May 2016 18:55:58 -0500 Chris Bennett
> I think you are totally missing the point that Theo just made.
You too.
> Marking partitions as read-only is useful, when and only when
> appropriate.
Expand on a wrong idea does not make it right. Your advice is hurting
naive readers. This thre
Hi RD/all,
On 2016-05-13 Fri 17:16 PM |, RD Thrush wrote:
>
> # cp -p /etc/fstab /etc/fstab.orig
> # sed -e 's,/usr ffs rw,/usr ffs ro,' /etc/fstab
> # shutdown -f now
> Shutdown NOW!
> shutdown: [pid 82541]
Something like this in /etc/rc might help here:
rebuildlibs() {
mount -d /usr |
> I think you are totally missing the point that Theo just made.
> Marking partitions as read-only is useful, when and only when
> appropriate.
> I have:
> /var/www/var
> /home
> /home/user1
> /home/user2
> /usr/local
>
> all marked as read-only.
> Why, because when the power fails, no data is los
> The report is fairly easy to reproduce. Make the /usr filesystem
> read-only in /etc/fstab, go to single user mode and exit back to
> multi-user. I've appended a transcript.
This does not matter. It is your configuration. It is not the default.
Can you make /usr readonly on 90% of other ope
>I think it comes down to this. If you want read-only /etc, you'll have to
>modify /etc/rc, if you still want the mitigation.
I want to no readable files in /usr/lib!
PLEASE, the make-programs-run migitation is killing me!
I think you are totally missing the point that Theo just made.
Marking partitions as read-only is useful, when and only when
appropriate.
I have:
/var/www/var
/home
/home/user1
/home/user2
/usr/local
all marked as read-only.
Why, because when the power fails, no data is lost and I'm quickly back
u
RD Thrush [openbsd-t...@thrush.com] wrote:
> On 05/13/16 11:07, Theo de Raadt wrote:
> >> Since the anti-ROP mechanism in libc [2] was added in late April, -current
> >> with read-only /usr produces something like the following message:
> >> re-ordering libraries:install: /usr/lib/INS@OPOjn7ck17:
Sent from my iPhone
> On May 13, 2016, at 4:16 PM, RD Thrush wrote:
>
> On 05/13/16 11:07, Theo de Raadt wrote:
>>> Since the anti-ROP mechanism in libc [2] was added in late April, -current
>>> with read-only /usr produces something like the following message:
>>> re-ordering libraries:insta
On 05/13/16 11:07, Theo de Raadt wrote:
>> Since the anti-ROP mechanism in libc [2] was added in late April, -current
>> with read-only /usr produces something like the following message:
>> re-ordering libraries:install: /usr/lib/INS@OPOjn7ck17: Read-only file system
>
> Look, your statement is
> Since the anti-ROP mechanism in libc [2] was added in late April, -current
> with read-only /usr produces something like the following message:
> re-ordering libraries:install: /usr/lib/INS@OPOjn7ck17: Read-only file system
Look, your statement is false. I can install a snapshot right now,
and
Since the anti-ROP mechanism in libc [2] was added in late April, -current with
read-only /usr produces something like the following message:
re-ordering libraries:install: /usr/lib/INS@OPOjn7ck17: Read-only file system
I thought I was following best practice by mounting /usr, /usr/X11R6, and
/u
23 matches
Mail list logo
