From owner-freebsd-hackers Sun Apr 21 12:13:20 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from viola.sinor.ru (viola.sinor.ru [217.70.106.9]) by hub.freebsd.org (Postfix) with ESMTP id A7A0237B405; Sun, 21 Apr 2002 12:13:16 -0700 (PDT) Received: from tlg2-ppp15.sibnet.ru (tlg2-ppp15.sibnet.ru [217.70.97.126]) by viola.sinor.ru (8.9.3/8.9.3) with ESMTP id CAA05985; Mon, 22 Apr 2002 02:13:13 +0700 Date: Mon, 22 Apr 2002 02:13:12 +0700 (NOVST) From: "Semen A. Ustimenko" X-X-Sender: semenu@def.the.net To: freebsd-hackers@FreeBSD.org Cc: Bill Paul Subject: MIIBUS_MEDIAINIT method Message-ID: <20020422020233.W611-100000@def.the.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi! I was just thinking about the purpose of this method... What is it? It used to be used by NIC drivers to add something like AUI beside MII provided media, correct? But it looks like every PHY's driver thinks it must call MEDIAINIT in its attach() routine. So, if there would be two PHY on MII (can this happen?), then the method will be called twice, and some NIC drivers (tx, xl, dc, maybe more) will not behave well. Isn't it reasonable to stop all PHY drivers from calling MEDIAINIT, and call it once per miibus instance in miibus_attach() or miibus_probe() instead? Thanks! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Sun Apr 21 12:25: 6 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mailhub.yumyumyum.org (dsl092-171-091.wdc1.dsl.speakeasy.net [66.92.171.91]) by hub.freebsd.org (Postfix) with SMTP id 6277C37B419 for ; Sun, 21 Apr 2002 12:24:54 -0700 (PDT) Received: (qmail 16373 invoked from network); 21 Apr 2002 19:24:44 -0000 Received: from ken.yumyumyum.org (192.168.0.2) by router.yumyumyum.org with SMTP; 21 Apr 2002 19:24:44 -0000 Content-Type: text/plain; charset="us-ascii" From: Kenneth Culver To: freebsd-hackers@freebsd.org, freebsd-emulation@freebsd.org Subject: implementing linux mmap2 syscall Date: Sun, 21 Apr 2002 15:25:08 -0400 X-Mailer: KMail [version 1.4] MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-Id: <200204211525.08827.culverk@yumyumyum.org> Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi, =09I have recently been trying to implement the linux mmap2 syscall into = our=20 linuxulator, and I have run into a little problem.=20 I looked at the code that was used to implement the regular linux_mmap=20 syscall, and I've also looked in the linux kernel at the code that they u= se=20 for mmap and mmap2. Basically this is in the linux kernel: This is what mmap does in linux... static inline unsigned long do_mmap(struct file *file, unsigned long addr= , =09unsigned long len, unsigned long prot, =09unsigned long flag, unsigned long offset) { =09unsigned long ret =3D -EINVAL; =09if ((offset + PAGE_ALIGN(len)) < offset) =09=09goto out; =09if (!(offset & ~PAGE_MASK)) =09=09ret =3D do_mmap_pgoff(file, addr, len, prot, flag, offset >> PAGE_S= HIFT); out: =09return ret; } This is what mmap2 does: andstatic inline long do_mmap2( =09unsigned long addr, unsigned long len, =09unsigned long prot, unsigned long flags, =09unsigned long fd, unsigned long pgoff) { =09int error =3D -EBADF; =09struct file * file =3D NULL; =09flags &=3D ~(MAP_EXECUTABLE | MAP_DENYWRITE); =09if (!(flags & MAP_ANONYMOUS)) { =09=09file =3D fget(fd); =09=09if (!file) =09=09=09goto out; =09} =09down_write(¤t->mm->mmap_sem); =09error =3D do_mmap_pgoff(file, addr, len, prot, flags, pgoff); =09up_write(¤t->mm->mmap_sem); =09if (file) =09=09fput(file); out: =09return error; } So what it looks like to me is that mmap2 expects an offset that's alread= y=20 page-aligned (I'm not sure if this is the right way to say it), where mma= p=20 doesn't. the FreeBSD code in the linuxulator basically just takes the off= set=20 that is passed in with the linux mmap, and uses that to call FreeBSD's mm= ap=20 (the kernel version, not the one called from userland). So basically I'm=20 kinda stuck as to what to do to implement linux's mmap2. The only thing I= can=20 think of is to implement a FreeBSD "mmap2" that basically assumes that th= e=20 offset passed in is already page aligned or whatever, and just uses it, a= nd=20 then have linux_mmap2() just call the FreeBSD mmap2(). Any ideas? Ken To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Sun Apr 21 14:11: 2 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.86.163]) by hub.freebsd.org (Postfix) with ESMTP id D532037B400; Sun, 21 Apr 2002 14:10:57 -0700 (PDT) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.12.2/8.12.2) with ESMTP id g3LLAhHx053375; Sun, 21 Apr 2002 23:10:44 +0200 (CEST) (envelope-from phk@critter.freebsd.dk) To: "Semen A. Ustimenko" Cc: freebsd-hackers@FreeBSD.ORG, Bill Paul Subject: Re: MIIBUS_MEDIAINIT method In-Reply-To: Your message of "Mon, 22 Apr 2002 02:13:12 +0700." <20020422020233.W611-100000@def.the.net> Date: Sun, 21 Apr 2002 23:10:43 +0200 Message-ID: <53374.1019423443@critter.freebsd.dk> From: Poul-Henning Kamp Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In message <20020422020233.W611-100000@def.the.net>, "Semen A. Ustimenko" write s: >Hi! > >I was just thinking about the purpose of this method... What is it? > >It used to be used by NIC drivers to add something like AUI beside MII >provided media, correct? > >But it looks like every PHY's driver thinks it must call MEDIAINIT in its >attach() routine. So, if there would be two PHY on MII (can this happen?), >then the method will be called twice, and some NIC drivers (tx, xl, dc, >maybe more) will not behave well. > >Isn't it reasonable to stop all PHY drivers from calling MEDIAINIT, and >call it once per miibus instance in miibus_attach() or miibus_probe() >instead? I just had reason to mess around with a PHY GigE related problem as well, and I can only say that the MII code might have sounded like a good idea at the time but the implementation sucks as far as I can tell. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Sun Apr 21 16: 4:35 2002 Delivered-To: freebsd-hackers@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 618) id 9B4B637B400; Sun, 21 Apr 2002 16:04:24 -0700 (PDT) Subject: Re: MIIBUS_MEDIAINIT method In-Reply-To: <20020422020233.W611-100000@def.the.net> from "Semen A. Ustimenko" at "Apr 22, 2002 02:13:12 am" To: semenu@FreeBSD.org (Semen A. Ustimenko) Date: Sun, 21 Apr 2002 16:04:24 -0700 (PDT) Cc: freebsd-hackers@FreeBSD.org X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-Id: <20020421230424.9B4B637B400@hub.freebsd.org> From: wpaul@FreeBSD.ORG (Bill Paul) Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > Hi! > > I was just thinking about the purpose of this method... What is it? > > It used to be used by NIC drivers to add something like AUI beside MII > provided media, correct? It is _still_ used that way. See if_xl.c. There exists a 3c905B-Combo card which supports a 10/100 RJ-45 port, a 10Mbps-only BNC port and a 10Mbps only AUI port. Why did I concoct MEDIAINIT for this? Because each device can have only one ifmedia structure. When a driver uses miibus, the ifmedia struct is initialized by the underlying PHY driver, and that initialization does not happen until after we leave the MAC driver's attach routine. It's not a problem to add additional media types to the ifmedia struct later, but we need to have the PHY driver call back to the MAC driver to do this, which is why every PHY driver has a call to MIIBUS_MEDIAINIT() in its attach routine. If the parent MAC driver does not implement this method, nothing happens. But if it does implement this method, the parent can use it to do some extra ifmedia_add()s to tack on some extra media types. > But it looks like every PHY's driver thinks it must call MEDIAINIT in its > attach() routine. So, if there would be two PHY on MII (can this happen?), Yes, though it's rare, and not always useful. > then the method will be called twice, and some NIC drivers (tx, xl, dc, > maybe more) will not behave well. They work fine if the author of the MAC driver was smart enough to check for this in his mediainit method and just return immmediately if the auxilliary media types have already been ifmedia_add()ed. Right now, the only card that uses this feature is the 3c905B-Combo, and its hardware configuration does not permit the sort of edge condition you are fretting over. > Isn't it reasonable to stop all PHY drivers from calling MEDIAINIT, and > call it once per miibus instance in miibus_attach() or miibus_probe() > instead? No. We want the PHY driver to set up its media types in the ifmedia struct first, and then add our own after those, which means we have to wait until the end of the PHY's attach routine, and it's newbus that calls the attach routines, not the miibus code. If you have a card or hardware configuration which is actually causing the scenario you describe, then say so. Otherwise, keep your fingers out of this code. No user-servicable parts inside. Keep out of children. Do not look into laser optics with remaining eye. -Bill -- ============================================================================= -Bill Paul (510) 749-2329 | Senior Engineer, Master of Unix-Fu wpaul@windriver.com | Wind River Systems ============================================================================= God was my co-pilot, until we crashed in the mountains and I had to eat him. ============================================================================= To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Sun Apr 21 17: 5:19 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from viola.sinor.ru (viola.sinor.ru [217.70.106.9]) by hub.freebsd.org (Postfix) with ESMTP id 4FCC437B416; Sun, 21 Apr 2002 16:59:35 -0700 (PDT) Received: from tlg5-ppp85.sibnet.ru (tlg5-ppp85.sibnet.ru [217.70.98.216]) by viola.sinor.ru (8.9.3/8.9.3) with ESMTP id GAA16279; Mon, 22 Apr 2002 06:59:31 +0700 Date: Mon, 22 Apr 2002 06:59:31 +0700 (NOVST) From: "Semen A. Ustimenko" X-X-Sender: semenu@def.the.net To: Bill Paul Cc: freebsd-hackers@FreeBSD.org Subject: Re: MIIBUS_MEDIAINIT method In-Reply-To: <20020421230424.9B4B637B400@hub.freebsd.org> Message-ID: <20020422061252.N2315-100000@def.the.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Pretty clear now... Thanks! See below... On Sun, 21 Apr 2002, Bill Paul wrote: > > then the method will be called twice, and some NIC drivers (tx, xl, dc, > > maybe more) will not behave well. > > They work fine if the author of the MAC driver was smart enough to check > for this in his mediainit method and just return immmediately if the > auxilliary media types have already been ifmedia_add()ed. The authors of above drivers do not. :) I bet they didn't know... And a quest: how will you know inside YOURMAC_miibus_mediainit() that this is the call from the *last* PHY? (Not critical, but...) > > Isn't it reasonable to stop all PHY drivers from calling MEDIAINIT, and > > call it once per miibus instance in miibus_attach() or miibus_probe() > > instead? > > No. We want the PHY driver to set up its media types in the ifmedia > struct first, and then add our own after those, which means we have > to wait until the end of the PHY's attach routine, and it's newbus > that calls the attach routines, not the miibus code. > Ah, my bad... You're rigth. This is the main point - there is no place which would be more appropriate to notify MAC driver about PHY attachement completion. Well.... But this isn't very nice... As long as MEDIAINIT method is called per every PHY, it should at least contain a PHY-identifying argument, i think... Yet mii_inst would be enough, even to solve the ``quest above''. This way somebody could do per-PHY tricks in MAC driver :) If you really need to spot the all-PHYs-atachment-completion-event, then you must await it from miibus device, i think. > If you have a card or hardware configuration which is actually > causing the scenario you describe, then say so. No, I don't. But who knows what NIC there can exist? > Otherwise, keep your fingers out of this code. No user-servicable parts > inside. Keep out of children. Do not look into laser optics with > remaining eye. > :) OK... As you say... Just one more question: Will the MIIBUS_LINKCHG method be MFCed? Thanks! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Sun Apr 21 17:20: 1 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from outbox.attcanada.ca (outbox.attcanada.ca [207.245.244.41]) by hub.freebsd.org (Postfix) with ESMTP id 4FD3E37B416 for ; Sun, 21 Apr 2002 17:19:57 -0700 (PDT) Received: from default (trt-on70-140.netcom.ca [142.154.113.140]) by outbox.attcanada.ca (Postfix) with ESMTP id 47B8B2F86 for ; Sun, 21 Apr 2002 20:19:36 -0400 (EDT) Message-ID: <4113-22002412214037280@default> X-Priority: 3 X-MSMail-Priority: Normal Organization: InfoSource From: "Barbara Caldwell" To: "hackers@freebsd.org" Subject: The United States Healthcare Directory Date: Sun, 21 Apr 2002 20:40:37 -0500 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG We are publishers of specialized reports and directories=20 dealing with public affairs=2E Our new directory,=20 "The United States Healthcare Directory" covers hospitals,=20 nursing homes, HMOs, medical manufacturers, etc=2E It is available=20 at an introductory price of $245=2E If you are interested=20 in receiving this directory, please provide us with your mailing=20 address or visit our website at www=2Enational-directories=2Ecom=2E To contact us by phone, please call 905-751-0919=2E To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Sun Apr 21 18:22:47 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from web20.linux-hosting.com (web20.linux-hosting.com [216.121.191.212]) by hub.freebsd.org (Postfix) with ESMTP id 3283637B41B for ; Sun, 21 Apr 2002 18:22:45 -0700 (PDT) Received: (from nobody@localhost) by web20.linux-hosting.com (8.9.3/8.9.3) id GAA04719; Mon, 22 Apr 2002 06:24:46 +0500 Date: Mon, 22 Apr 2002 06:24:46 +0500 Message-Id: <200204220124.GAA04719@web20.linux-hosting.com> To: hackerpx@hotmail.com, hackerr116@aol.com, hackers@FreeBSD.org, hackers@hackers-for-hire.com, hackers@lists.samba.org From: teen4free@aol.com () Subject: Your Acount ID is 215069414 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Below is the result of your feedback form. It was submitted by (teen4free@aol.com) on Monday, April 22, 2002 at 06:24:46 --------------------------------------------------------------------------- :

Adult Membership Approved
Your Application Has been Processed And ACCEPTED


free gallery membership at TEEN4FREE galleries


>>HERE to enter<<


(if this email was sent in error, please ignore it)

--------------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Sun Apr 21 19: 9:12 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from yello.shallow.net (yello.shallow.net [203.18.243.120]) by hub.freebsd.org (Postfix) with ESMTP id B498137B405 for ; Sun, 21 Apr 2002 19:09:09 -0700 (PDT) Received: by yello.shallow.net (Postfix, from userid 1001) id 9D5D92A6D; Mon, 22 Apr 2002 12:09:02 +1000 (EST) Date: Mon, 22 Apr 2002 12:09:02 +1000 From: Joshua Goodall To: freebsd-hackers@FreeBSD.org Subject: kernel backtrace of sleeping processes Message-ID: <20020422020902.GB86692@roughtrade.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.28i Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In a remote kgdb, I have struct proc * for several processes that are sleeping and I want the kernel backtraces for them. To illustrate: (kgdb) set var $p201 = allproc.lh_first->p_list.le_next->p_list.le_next (kgdb) print $p201->p_pid $12 = 201 (kgdb) print $p201->p_xxthread.td_wmesg $13 = 0xc0247174 "select" Now I want a (kernel) backtrace on this; given that I have $p201, how can I select the appropriate stack frame? (recent -current on i386) Joshua To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Sun Apr 21 19:47:39 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 1C82E37B400 for ; Sun, 21 Apr 2002 19:47:35 -0700 (PDT) Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.11.6/8.11.6) with SMTP id g3M2lKw09906; Sun, 21 Apr 2002 22:47:20 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Sun, 21 Apr 2002 22:47:19 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Joshua Goodall Cc: freebsd-hackers@FreeBSD.org Subject: Re: kernel backtrace of sleeping processes In-Reply-To: <20020422020902.GB86692@roughtrade.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, 22 Apr 2002, Joshua Goodall wrote: > In a remote kgdb, I have struct proc * for several processes that > are sleeping and I want the kernel backtraces for them. To illustrate: > > (kgdb) set var $p201 = allproc.lh_first->p_list.le_next->p_list.le_next > (kgdb) print $p201->p_pid > $12 = 201 > (kgdb) print $p201->p_xxthread.td_wmesg > $13 = 0xc0247174 "select" > > Now I want a (kernel) backtrace on this; given that I have $p201, > how can I select the appropriate stack frame? > > (recent -current on i386) In recent -CURRENT, you can just use trace or trace I have to say that since that since this feature was introduced, life has become a *lot* easier :-). Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Sun Apr 21 20: 4: 5 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mailhub.yumyumyum.org (dsl092-171-091.wdc1.dsl.speakeasy.net [66.92.171.91]) by hub.freebsd.org (Postfix) with SMTP id 58E2E37B405 for ; Sun, 21 Apr 2002 20:03:55 -0700 (PDT) Received: (qmail 18432 invoked from network); 22 Apr 2002 03:03:43 -0000 Received: from ken.yumyumyum.org (192.168.0.2) by router.yumyumyum.org with SMTP; 22 Apr 2002 03:03:43 -0000 Content-Type: text/plain; charset="us-ascii" From: Kenneth Culver To: freebsd-hackers@freebsd.org, freebsd-emulation@freebsd.org Subject: more on mmap2 Date: Sun, 21 Apr 2002 23:04:09 -0400 X-Mailer: KMail [version 1.4] MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-Id: <200204212304.09259.culverk@yumyumyum.org> Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Alright, sorry for the cross-post, not sure where to send this. I THINK I= got=20 linux's mmap2 working, but for some reason, the program I'm testing with = (the=20 linux version of winex, the one that runs all those neat windows directx = 8=20 games ;-) ) still does this (from truss) linux_mmap2(0x65430000,0x100000,0x0,0x22,0xffffffff,0x6) =3D 1698889728=20 (0x65430000) linux_mmap2(0x65430000,0x100000,0x3,0x11,0x9,0x6) =3D 1698889728 (0x65430= 000) linux_rt_sigprocmask(0x0,0x28150c00,0x286b2b70,0x8) =3D 0 (0x0) write(4,0x286b2c08,64) =3D 64 (0x40) read(0x5,0x286b2c08,0x40) =3D 64 (0x40) linux_rt_sigprocmask(0x2,0x286b2b70,0x0,0x8) =3D 0 (0x0) close(9) =3D 0 (0x0) linux_rt_sigprocmask(0x0,0x28150c00,0x286b2c78,0x8) =3D 0 (0x0) writev(0x4,0x286b2c38,0x2) =3D 98 (0x62) read(0x5,0x286b2d14,0x40) =3D 64 (0x40) linux_rt_sigprocmask(0x2,0x286b2c78,0x0,0x8) =3D 0 (0x0) mprotect(0x65430000,0x100000,0x7) =3D 0 (0x0) linux_rt_sigprocmask(0x0,0x28150c00,0x286b2c90,0x8) =3D 0 (0x0) write(4,0x286b2d20,64) =3D 64 (0x40) read(0x5,0x286b2d20,0x40) =3D 64 (0x40) linux_rt_sigprocmask(0x2,0x286b2c90,0x0,0x8) =3D 0 (0x0) linux_rt_sigprocmask(0x0,0x28150c00,0x286b2c78,0x8) =3D 0 (0x0) write(4,0x286b2d10,64) =3D 64 (0x40) read(0x5,0x286b2d10,0x40) =3D 64 (0x40) linux_rt_sigprocmask(0x2,0x286b2c78,0x0,0x8) =3D 0 (0x0) close(6) =3D 0 (0x0) linux_mmap2(0x0,0x120000,0x0,0x22,0xffffffff,0x6) =3D 678707200 (0x287440= 00) munmap(0x28744000,0xc000) =3D 0 (0x0) munmap(0x28860000,0x4000) =3D 0 (0x0) mprotect(0x28750000,0x10000,0x7) =3D 0 (0x0) linux_rt_sigprocmask(0x0,0x28150c00,0x286b2ca4,0x8) =3D 0 (0x0) write(4,0x286b2d40,64) =3D 64 (0x40) read(0x5,0x286b2d40,0x40) =3D 64 (0x40) linux_rt_sigprocmask(0x2,0x286b2ca4,0x0,0x8) =3D 0 (0x0) linux_rt_sigprocmask(0x0,0x28150c00,0x286b2ca4,0x8) =3D 0 (0x0) write(4,0x286b2d40,64) =3D 64 (0x40) read(0x5,0x286b2d40,0x40) =3D 64 (0x40) linux_rt_sigprocmask(0x2,0x286b2ca4,0x0,0x8) =3D 0 (0x0) linux_rt_sigprocmask(0x0,0x28150c00,0x286b2ca4,0x8) =3D 0 (0x0) write(4,0x286b2d40,64) =3D 64 (0x40) read(0x5,0x286b2d40,0x40) =3D 64 (0x40) linux_rt_sigprocmask(0x2,0x286b2ca4,0x0,0x8) =3D 0 (0x0) linux_open("/",0x8000,00) =3D 6 (0x6) linux_ioctl(0x6,0x82187201,0x28391024) ERR#22 'Invalid argument= ' close(6) =3D 0 (0x0) linux_stat64(0x286b23f0,0x286b2274,0x2813c568) =3D 0 (0x0) linux_open("/",0x18800,00) =3D 6 (0x6) linux_fstat64(0x6,0x286b2274,0x0) =3D 0 (0x0) linux_fcntl64(0x6,0x2,0x1) =3D 0 (0x0) linux_getdents64(0x6,0x286b2148,0x110) =3D 252 (0xfc) linux_getdents64(0x6,0x286b2148,0x110) =3D 252 (0xfc) linux_getdents64(0x6,0x286b2148,0x110) =3D 264 (0x108) linux_getdents64(0x6,0x286b2148,0x110) =3D 60 (0x3c) linux_getdents64(0x6,0x286b2148,0x110) =3D 0 (0x0) close(6) =3D 0 (0x0) linux_open("/",0x8000,00) =3D 6 (0x6) linux_ioctl(0x6,0x82187201,0x28391024) ERR#22 'Invalid argument= ' close(6) =3D 0 (0x0) linux_stat64(0x286b23f0,0x286b2274,0x2813c568) =3D 0 (0x0) linux_open("/",0x18800,00) =3D 6 (0x6) linux_fstat64(0x6,0x286b2274,0x0) =3D 0 (0x0) linux_fcntl64(0x6,0x2,0x1) =3D 0 (0x0) linux_getdents64(0x6,0x286b2148,0x110) =3D 252 (0xfc) linux_getdents64(0x6,0x286b2148,0x110) =3D 252 (0xfc) linux_getdents64(0x6,0x286b2148,0x110) =3D 264 (0x108) linux_getdents64(0x6,0x286b2148,0x110) =3D 60 (0x3c) linux_getdents64(0x6,0x286b2148,0x110) =3D 0 (0x0) close(6) =3D 0 (0x0) linux_rt_sigprocmask(0x0,0x28150c00,0x286b2ce0,0x8) =3D 0 (0x0) write(4,0x286b2d74,64) =3D 64 (0x40) read(0x5,0x286b2d74,0x40) =3D 64 (0x40) linux_rt_sigprocmask(0x2,0x286b2ce0,0x0,0x8) =3D 0 (0x0) exit(0x0) process exit, rval =3D 0 this is the end of the truss output, can anyone tell me if anything in th= is=20 truss output looks like it would cause the program to exit without doing=20 anything? (this is what happens, it doesn't do ANYTHING at all Ken To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Sun Apr 21 20: 4:44 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id C146A37B416 for ; Sun, 21 Apr 2002 20:04:40 -0700 (PDT) Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.11.6/8.11.6) with SMTP id g3M34Sw10024; Sun, 21 Apr 2002 23:04:28 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Sun, 21 Apr 2002 23:04:27 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Joshua Goodall Cc: freebsd-hackers@FreeBSD.org Subject: Re: kernel backtrace of sleeping processes In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sun, 21 Apr 2002, Robert Watson wrote: > On Mon, 22 Apr 2002, Joshua Goodall wrote: > > In recent -CURRENT, you can just use > > trace > > or > > trace > > I have to say that since that since this feature was introduced, life > has become a *lot* easier :-). Sigh. Remote gdb, not ddb. I tried the usual tricks (updating $sp in gdb, etc) but gdb persisted in using the old frame. Nevermind. It seemed to me that on i386, just using the value of allproc.lh_first->(....)->p_threads.tqh_first.td_frame.tf_esp should DTRT, but apparently not. Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Mon Apr 22 2: 5:52 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from web20901.mail.yahoo.com (web20901.mail.yahoo.com [216.136.226.223]) by hub.freebsd.org (Postfix) with SMTP id 78B6437B400 for ; Mon, 22 Apr 2002 02:05:50 -0700 (PDT) Message-ID: <20020422090317.76678.qmail@web20901.mail.yahoo.com> Received: from [61.152.254.1] by web20901.mail.yahoo.com via HTTP; Mon, 22 Apr 2002 02:03:17 PDT Date: Mon, 22 Apr 2002 02:03:17 -0700 (PDT) From: David Xu Subject: fix wrong PNP ID comment To: freebsd-hackers@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Current branch, pci_bus.c has wrong PNP ID comment. --- /sys/i386/pci/pci_bus.c.orig Mon Apr 22 16:13:02 2002 +++ /sys/i386/pci/pci_bus.c Mon Apr 22 16:13:29 2002 @@ -554,7 +554,7 @@ * people. */ static struct isa_pnp_id pcibus_pnp_ids[] = { - { 0x030ad041 /* PNP030A */, "PCI Bus" }, + { 0x030ad041 /* PNP0A03 */, "PCI Bus" }, { 0 } }; __________________________________________________ Do You Yahoo!? Yahoo! Games - play chess, backgammon, pool and more http://games.yahoo.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Mon Apr 22 2:17:24 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from gate.nentec.de (gate2.nentec.de [194.25.215.66]) by hub.freebsd.org (Postfix) with ESMTP id A9E4737B400 for ; Mon, 22 Apr 2002 02:17:19 -0700 (PDT) Received: from nenny.nentec.de (root@nenny.nentec.de [153.92.64.1]) by gate.nentec.de (8.11.3/8.9.3) with ESMTP id g3M9C6330396 for ; Mon, 22 Apr 2002 11:12:06 +0200 Received: from nentec.de (andromeda [153.92.64.34]) by nenny.nentec.de (8.11.3/8.11.3/SuSE Linux 8.11.1-0.5) with ESMTP id g3M9CAm19384 for ; Mon, 22 Apr 2002 11:12:10 +0200 Message-ID: <3CC3D3EA.6020505@nentec.de> Date: Mon, 22 Apr 2002 11:12:10 +0200 From: Andy Sporner User-Agent: Mozilla/5.0 (X11; U; Linux i686; de-AT; rv:0.9.8) Gecko/20020204 X-Accept-Language: de-at, de, en, en-us MIME-Version: 1.0 To: freebsd-hackers@FreeBSD.ORG Subject: FreeBSD Convention in EU References: <20020422090317.76678.qmail@web20901.mail.yahoo.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by AMaViS-perl11-milter (http://amavis.org/) Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi, I heard some random comment here about a possible convention (sort of like BSDCon) in Europe. Does anyone know about this or if there is going to be such a thing? I have an interest to present either on Clustering or perhaps if the timing is right, a feature I am working on to bundle ethernet adapters as a single virtual adaptor (idea taken from Intel Adapter Teaming). Thanks in advance! Andy To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Mon Apr 22 2:28: 3 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from www.example.org (dhcp-nic-val-26-130.cisco.com [64.103.26.130]) by hub.freebsd.org (Postfix) with SMTP id CA44637B427 for ; Mon, 22 Apr 2002 02:27:55 -0700 (PDT) Received: (qmail 97199 invoked by uid 1000); 22 Apr 2002 09:21:55 -0000 Message-ID: <20020422092155.97198.qmail@cobweb.example.org> Date: Mon, 22 Apr 2002 11:21:55 +0200 From: Marco Molteni To: hackers@freebsd.org Cc: Andy Sporner Subject: Re: FreeBSD Convention in EU In-Reply-To: <3CC3D3EA.6020505@nentec.de> References: <20020422090317.76678.qmail@web20901.mail.yahoo.com> <3CC3D3EA.6020505@nentec.de> X-Mailer: Sylpheed version 0.7.4 (GTK+ 1.2.10; i386-portbld-freebsd4.5) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, 22 Apr 2002 11:12:10 +0200, Andy Sporner wrote: > I heard some random comment here about a possible convention (sort of like > BSDCon) in Europe. Does anyone know about this or if there is going to be > such a thing? http://www.eurobsdcon2002.org/ marco To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Mon Apr 22 2:31:28 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from host217-41-2-91.in-addr.btopenworld.com (host217-41-2-91.in-addr.btopenworld.com [217.41.2.91]) by hub.freebsd.org (Postfix) with ESMTP id B7D8E37B42B for ; Mon, 22 Apr 2002 02:31:19 -0700 (PDT) Received: by host217-41-2-91.in-addr.btopenworld.com (Postfix, from userid 1001) id 6BEC948C; Mon, 22 Apr 2002 10:26:41 +0100 (BST) Date: Mon, 22 Apr 2002 10:26:40 +0100 From: Dominic Marks To: Andy Sporner Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: FreeBSD Convention in EU Message-ID: <20020422102640.A65157@host217-41-2-91.in-addr.btopenw> References: <20020422090317.76678.qmail@web20901.mail.yahoo.com> <3CC3D3EA.6020505@nentec.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <3CC3D3EA.6020505@nentec.de>; from sporner@nentec.de on Mon, Apr 22, 2002 at 11:12:10AM +0200 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, Apr 22, 2002 at 11:12:10AM +0200, Andy Sporner wrote: > Hi, > > I heard some random comment here about a possible convention (sort of like > BSDCon) in Europe. Does anyone know about this or if there is going to be > such a thing? http://www.eurobsdcon2002.org/ > I have an interest to present either on Clustering or perhaps if the > timing is > right, a feature I am working on to bundle ethernet adapters as a single > virtual > adaptor (idea taken from Intel Adapter Teaming). > > Thanks in advance! > > > > Andy > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message -- Dominic To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Mon Apr 22 2:48:47 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mail.viasoft.com.cn (ip-167-164-97-218.anlai.com [218.97.164.167]) by hub.freebsd.org (Postfix) with ESMTP id 0BFDF37B405 for ; Mon, 22 Apr 2002 02:48:40 -0700 (PDT) Received: from davidwnt (davidwnt.viasoft.com.cn [192.168.1.239]) by mail.viasoft.com.cn (8.9.3/8.9.3) with SMTP id QAA28930 for ; Mon, 22 Apr 2002 16:52:14 +0800 Message-ID: <00aa01c1e9d8$b3c1b9f0$ef01a8c0@davidwnt> From: "David Xu" To: Subject: fix wrong pnp id comment Date: Mon, 22 Apr 2002 16:35:47 +0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Current branch, pci_bus.c has wrong PNP ID comment. --- /sys/i386/pci/pci_bus.c.orig Mon Apr 22 16:13:02 2002 +++ /sys/i386/pci/pci_bus.c Mon Apr 22 16:13:29 2002 @@ -554,7 +554,7 @@ * people. */ static struct isa_pnp_id pcibus_pnp_ids[] =3D { - { 0x030ad041 /* PNP030A */, "PCI Bus" }, + { 0x030ad041 /* PNP0A03 */, "PCI Bus" }, { 0 } }; To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Mon Apr 22 3:23:38 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from gate.nentec.de (gate2.nentec.de [194.25.215.66]) by hub.freebsd.org (Postfix) with ESMTP id ED97C37B41D for ; Mon, 22 Apr 2002 03:23:34 -0700 (PDT) Received: from nenny.nentec.de (root@nenny.nentec.de [153.92.64.1]) by gate.nentec.de (8.11.3/8.9.3) with ESMTP id g3M9gH302716; Mon, 22 Apr 2002 11:42:17 +0200 Received: from nentec.de (andromeda [153.92.64.34]) by nenny.nentec.de (8.11.3/8.11.3/SuSE Linux 8.11.1-0.5) with ESMTP id g3M9gLm20855; Mon, 22 Apr 2002 11:42:21 +0200 Message-ID: <3CC3DAFD.6040407@nentec.de> Date: Mon, 22 Apr 2002 11:42:21 +0200 From: Andy Sporner User-Agent: Mozilla/5.0 (X11; U; Linux i686; de-AT; rv:0.9.8) Gecko/20020204 X-Accept-Language: de-at, de, en, en-us MIME-Version: 1.0 To: Dominic Marks Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: FreeBSD Convention in EU -- OK Enough said ;-) References: <20020422090317.76678.qmail@web20901.mail.yahoo.com> <3CC3D3EA.6020505@nentec.de> <20020422102640.A65157@host217-41-2-91.in-addr.btopenw> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by AMaViS-perl11-milter (http://amavis.org/) Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I have submitted a form for a presentation. I can only hope it is accepted. Thanks for all of your comments! :-) Andy To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Mon Apr 22 8:48: 4 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from duke.cs.duke.edu (duke.cs.duke.edu [152.3.140.1]) by hub.freebsd.org (Postfix) with ESMTP id 8E2F137B431; Mon, 22 Apr 2002 08:46:24 -0700 (PDT) Received: from grasshopper.cs.duke.edu (grasshopper.cs.duke.edu [152.3.145.30]) by duke.cs.duke.edu (8.9.3/8.9.3) with ESMTP id KAA02472; Mon, 22 Apr 2002 10:07:25 -0400 (EDT) Received: (from gallatin@localhost) by grasshopper.cs.duke.edu (8.11.6/8.9.1) id g3ME6tV42317; Mon, 22 Apr 2002 10:06:55 -0400 (EDT) (envelope-from gallatin@cs.duke.edu) From: Andrew Gallatin MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15556.6399.62081.426193@grasshopper.cs.duke.edu> Date: Mon, 22 Apr 2002 10:06:55 -0400 (EDT) To: Kenneth Culver Cc: freebsd-hackers@freebsd.org, freebsd-emulation@freebsd.org Subject: Re: implementing linux mmap2 syscall In-Reply-To: <200204211525.08827.culverk@yumyumyum.org> References: <200204211525.08827.culverk@yumyumyum.org> X-Mailer: VM 6.75 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Kenneth Culver writes: > static inline unsigned long do_mmap(struct file *file, unsigned long addr, <..> > ret = do_mmap_pgoff(file, addr, len, prot, flag, offset >> PAGE_SHIFT); > out: > return ret; > } > > This is what mmap2 does: > > andstatic inline long do_mmap2( > unsigned long addr, unsigned long len, > unsigned long prot, unsigned long flags, > unsigned long fd, unsigned long pgoff) <...> > error = do_mmap_pgoff(file, addr, len, prot, flags, pgoff); > > So what it looks like to me is that mmap2 expects an offset that's already > page-aligned (I'm not sure if this is the right way to say it), where mmap > doesn't. the FreeBSD code in the linuxulator basically just takes the offset To me, it looks like mmap2 takes an offset that's a page index, rather than a byte position. Since linux passes the offset with a 32-bit long, rather than a 64-bit off_t like we do, they need to do this in order to be able to map offsets larger than 4GB into a file. For linux_mmap2, I'd think we want to do roughly the same things as linux_mmap, but with bsd_args.pos = ctob((off_t)linux_args.pos) Drew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Mon Apr 22 9:57:41 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from panzer.kdm.org (panzer.kdm.org [216.160.178.169]) by hub.freebsd.org (Postfix) with ESMTP id 449B837B41A for ; Mon, 22 Apr 2002 09:57:37 -0700 (PDT) Received: (from ken@localhost) by panzer.kdm.org (8.11.6/8.9.1) id g3MGtMm25875; Mon, 22 Apr 2002 10:55:22 -0600 (MDT) (envelope-from ken) Date: Mon, 22 Apr 2002 10:55:22 -0600 From: "Kenneth D. Merry" To: Andy Sporner Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: port trunking (was Re: FreeBSD Convention in EU) Message-ID: <20020422105522.A25845@panzer.kdm.org> References: <20020422090317.76678.qmail@web20901.mail.yahoo.com> <3CC3D3EA.6020505@nentec.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <3CC3D3EA.6020505@nentec.de>; from sporner@nentec.de on Mon, Apr 22, 2002 at 11:12:10AM +0200 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, Apr 22, 2002 at 11:12:10 +0200, Andy Sporner wrote: > I have an interest to present either on Clustering or perhaps if the > timing is > right, a feature I am working on to bundle ethernet adapters as a single > virtual > adaptor (idea taken from Intel Adapter Teaming). You may want to take a look at: http://people.freebsd.org/~wpaul/FEC/ I haven't tried it, but it implements the Cisco Fast Etherchannel stuff. Anyone know why it hasn't made it into -current? Ken -- Kenneth Merry ken@kdm.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Mon Apr 22 13: 8:47 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from ahuumrelay1.ams.ops.eu.uu.net (ahuumrelay1.ams.ops.eu.uu.net [195.129.70.139]) by hub.freebsd.org (Postfix) with ESMTP id 414EA37B400 for ; Mon, 22 Apr 2002 13:08:42 -0700 (PDT) Received: from Jeff ([212.208.161.213]) by ahuumrelay1.ams.ops.eu.uu.net (8.11.0/8.11.0) with SMTP id g3MCqXD21990 for ; Mon, 22 Apr 2002 12:52:33 GMT Content-Type: text/plain; charset="iso-8859-1" From: Jeff Reply-To: jeff@netfly.fr Organization: NETFLY To: freebsd-hackers Subject: Re: A powful tool Date: Mon, 22 Apr 2002 14:54:05 -0400 X-Mailer: KMail [version 1.2] References: <20020422124842.508E031B93@mail.fr.uu.net> In-Reply-To: <20020422124842.508E031B93@mail.fr.uu.net> MIME-Version: 1.0 Message-Id: <02042214540500.03719@Jeff> Content-Transfer-Encoding: 8bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG thx . gros con. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Mon Apr 22 13:12:42 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mailhub.yumyumyum.org (dsl092-171-091.wdc1.dsl.speakeasy.net [66.92.171.91]) by hub.freebsd.org (Postfix) with SMTP id 4B18737B405 for ; Mon, 22 Apr 2002 13:12:37 -0700 (PDT) Received: (qmail 22813 invoked from network); 22 Apr 2002 20:04:19 -0000 Received: from dsl092-171-091.wdc1.dsl.speakeasy.net (66.92.171.91) by dsl092-171-091.wdc1.dsl.speakeasy.net with SMTP; 22 Apr 2002 20:04:19 -0000 Date: Mon, 22 Apr 2002 16:04:18 -0400 (EDT) From: Kenneth Culver To: Andrew Gallatin Cc: freebsd-hackers@freebsd.org, Subject: Re: implementing linux mmap2 syscall In-Reply-To: <15556.6399.62081.426193@grasshopper.cs.duke.edu> Message-ID: <20020422155927.E22719-100000@alpha.yumyumyum.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > To me, it looks like mmap2 takes an offset that's a page index, rather > than a byte position. Since linux passes the offset with a 32-bit > long, rather than a 64-bit off_t like we do, they need to do this in > order to be able to map offsets larger than 4GB into a file. > > For linux_mmap2, I'd think we want to do roughly the same things as > linux_mmap, but with bsd_args.pos = ctob((off_t)linux_args.pos) > > Drew > > AHH, ok I was wondering where PAGE_SHIFT was for FreeBSD. I guess ctob does what I need it to. I think that's probably why it still wasn't working yet... I think it also has to be page aligned before you pass it in though, I have to look at linux's do_mmap_pgoff() (I think that's the right function name) to see if it's expecting an already page-aligned arg, or if it's aligning it before it uses it. Thanks Ken To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Mon Apr 22 13:21:24 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from salmon.maths.tcd.ie (salmon.maths.tcd.ie [134.226.81.11]) by hub.freebsd.org (Postfix) with SMTP id B446337B41C; Mon, 22 Apr 2002 13:21:16 -0700 (PDT) Received: from walton.maths.tcd.ie by salmon.maths.tcd.ie with SMTP id ; 22 Apr 2002 13:27:21 +0100 (BST) To: Robert Watson Cc: Joshua Goodall , freebsd-hackers@FreeBSD.org Subject: Re: kernel backtrace of sleeping processes In-Reply-To: Your message of "Sun, 21 Apr 2002 23:04:27 EDT." Date: Mon, 22 Apr 2002 13:27:20 +0100 From: Ian Dowse Message-ID: <200204221327.aa71960@salmon.maths.tcd.ie> Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In message , Robe rt Watson writes: >Sigh. Remote gdb, not ddb. I tried the usual tricks (updating $sp in >gdb, etc) but gdb persisted in using the old frame. Nevermind. It seemed In gdb, the "proc" command switches processes, so this should work: proc bt Ian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Mon Apr 22 13:25:43 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from duke.cs.duke.edu (duke.cs.duke.edu [152.3.140.1]) by hub.freebsd.org (Postfix) with ESMTP id 5C37637B61B; Mon, 22 Apr 2002 13:24:33 -0700 (PDT) Received: from grasshopper.cs.duke.edu (grasshopper.cs.duke.edu [152.3.145.30]) by duke.cs.duke.edu (8.9.3/8.9.3) with ESMTP id QAA14970; Mon, 22 Apr 2002 16:23:28 -0400 (EDT) Received: (from gallatin@localhost) by grasshopper.cs.duke.edu (8.11.6/8.9.1) id g3MKMwe02443; Mon, 22 Apr 2002 16:22:58 -0400 (EDT) (envelope-from gallatin@cs.duke.edu) From: Andrew Gallatin MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15556.28962.259876.509643@grasshopper.cs.duke.edu> Date: Mon, 22 Apr 2002 16:22:58 -0400 (EDT) To: Kenneth Culver Cc: freebsd-hackers@freebsd.org, Subject: Re: implementing linux mmap2 syscall In-Reply-To: <20020422155927.E22719-100000@alpha.yumyumyum.org> References: <15556.6399.62081.426193@grasshopper.cs.duke.edu> <20020422155927.E22719-100000@alpha.yumyumyum.org> X-Mailer: VM 6.75 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Kenneth Culver writes: > > To me, it looks like mmap2 takes an offset that's a page index, rather > > than a byte position. Since linux passes the offset with a 32-bit > > long, rather than a 64-bit off_t like we do, they need to do this in > > order to be able to map offsets larger than 4GB into a file. > > > > For linux_mmap2, I'd think we want to do roughly the same things as > > linux_mmap, but with bsd_args.pos = ctob((off_t)linux_args.pos) > > > > Drew > > > > > AHH, ok I was wondering where PAGE_SHIFT was for FreeBSD. I guess ctob > does what I need it to. I think that's probably why it still wasn't > working yet... I think it also has to be page aligned before you pass it > in though, I have to look at linux's do_mmap_pgoff() (I think that's the > right function name) to see if it's expecting an already page-aligned arg, > or if it's aligning it before it uses it. The name implies that do_mmap_pgoff() takes page-shift'ed args. An offset specified as a page-shift is page-aligned by definition. Eg, when you call ctob(pgoff) this turns out to be (pgoff << PAGE_SHIFT) bytes. Drew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Mon Apr 22 13:30:44 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from freebie.xs4all.nl (freebie.xs4all.nl [213.84.32.253]) by hub.freebsd.org (Postfix) with ESMTP id D8DAE37B4A6 for ; Mon, 22 Apr 2002 13:29:59 -0700 (PDT) Received: from freebie.xs4all.nl (localhost [127.0.0.1]) by freebie.xs4all.nl (8.12.2/8.12.2) with ESMTP id g3MJZMaq004494 for ; Mon, 22 Apr 2002 21:35:22 +0200 (CEST) (envelope-from wkb@freebie.xs4all.nl) Received: (from wkb@localhost) by freebie.xs4all.nl (8.12.2/8.12.2/Submit) id g3MJZMvZ004493 for hackers@freebsd.org; Mon, 22 Apr 2002 21:35:22 +0200 (CEST) Date: Mon, 22 Apr 2002 21:35:22 +0200 From: Wilko Bulte To: hackers@FreeBSD.org Subject: sendmail complaining about filedescriptors? Message-ID: <20020422213522.A4465@freebie.xs4all.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i X-OS: FreeBSD 4.5-STABLE X-PGP: finger wilko@freebsd.org Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On -stable as of last week I see sendmail log errors on file descriptors as in: Apr 22 09:29:16 freebie sm-msp-queue[126]: starting daemon (8.12.2): queueing@00:30:00 Apr 22 09:29:50 freebie sendmail[253]: File descriptors missing on startup: stdout, stderr; Bad file descriptor Apr 22 09:29:50 freebie sendmail[253]: g3M7To31000253: from=wkb, size=449, class=0, nrcpts=1, msgid=<20020422092950.A243@freebie.xs4all.nl>, relay=wkb@localhost etc. Mail arrives OK, mergemaster has been run. Any idea? -- | / o / /_ _ wilko@FreeBSD.org |/|/ / / /( (_) Bulte Arnhem, the Netherlands To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Mon Apr 22 13:41:35 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from fw.wemm.org (12-232-135-171.client.attbi.com [12.232.135.171]) by hub.freebsd.org (Postfix) with ESMTP id 7C6F737B432 for ; Mon, 22 Apr 2002 13:40:34 -0700 (PDT) Received: from overcee.wemm.org (overcee.wemm.org [10.0.0.3]) by fw.wemm.org (8.11.6/8.11.6) with ESMTP id g3MKdVe27263 for ; Mon, 22 Apr 2002 13:39:31 -0700 (PDT) (envelope-from peter@wemm.org) Received: from wemm.org (localhost [127.0.0.1]) by overcee.wemm.org (Postfix) with ESMTP id 0B84638CC; Mon, 22 Apr 2002 13:39:32 -0700 (PDT) (envelope-from peter@wemm.org) X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 To: Wilko Bulte Cc: hackers@FreeBSD.ORG Subject: Re: sendmail complaining about filedescriptors? In-Reply-To: <20020422213522.A4465@freebie.xs4all.nl> Date: Mon, 22 Apr 2002 13:39:32 -0700 From: Peter Wemm Message-Id: <20020422203932.0B84638CC@overcee.wemm.org> Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Wilko Bulte wrote: > On -stable as of last week I see sendmail log errors on file descriptors > as in: > > Apr 22 09:29:16 freebie sm-msp-queue[126]: starting daemon (8.12.2): queueing @00:30:00 > Apr 22 09:29:50 freebie sendmail[253]: File descriptors missing on startup: s tdout, stderr; Bad file descriptor > Apr 22 09:29:50 freebie sendmail[253]: g3M7To31000253: from=wkb, size=449, cl ass=0, nrcpts=1, msgid=<20020422092950.A243@freebie.xs4all.nl>, relay=wkb@l ocalhost > > etc. Mail arrives OK, mergemaster has been run. This is usually because fstat(2) fails on file descriptors that have been revoked. By the time that message is printed, the /dev/console descriptors that were inherited from /etc/rc etc would have been revoke(2)'ed by the getty on /dev/ttyv0 or ttyd0. cron also used to do this. It would end up with handles to the console that would get revoked, and sendmail would get upset when cron fired it up. I "fixed" that a while back in cron to ensure that it had valid handles. Have a look at lsof/fstat output for the revoked fd's, and you'll probably find some new ones now. Cheers, -Peter -- Peter Wemm - peter@wemm.org; peter@FreeBSD.org; peter@yahoo-inc.com "All of this is for nothing if we don't go to the stars" - JMS/B5 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Mon Apr 22 15:17:21 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from web14806.mail.yahoo.com (web14806.mail.yahoo.com [216.136.224.222]) by hub.freebsd.org (Postfix) with SMTP id 1250037C74F for ; Mon, 22 Apr 2002 15:07:47 -0700 (PDT) Message-ID: <20020422203120.15772.qmail@web14806.mail.yahoo.com> Received: from [213.19.151.12] by web14806.mail.yahoo.com via HTTP; Mon, 22 Apr 2002 13:31:20 PDT Date: Mon, 22 Apr 2002 13:31:20 -0700 (PDT) From: ali nasseh Subject: subscription To: freebsd-hackers@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG hi, pleasz subscribe me for freebsd-hackers list a. nasseh __________________________________________________ Do You Yahoo!? Yahoo! Games - play chess, backgammon, pool and more http://games.yahoo.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Mon Apr 22 15:17:37 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from horsey.gshapiro.net (horsey.gshapiro.net [209.220.147.178]) by hub.freebsd.org (Postfix) with ESMTP id 8771537C8EF for ; Mon, 22 Apr 2002 15:15:03 -0700 (PDT) Received: from horsey.gshapiro.net (gshapiro@localhost [IPv6:::1]) by horsey.gshapiro.net (8.12.3/8.12.3) with ESMTP id g3MKcXOE032708 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Mon, 22 Apr 2002 13:38:34 -0700 (PDT) Received: (from gshapiro@localhost) by horsey.gshapiro.net (8.12.3/8.12.3/Submit) id g3MKcXnD032705; Mon, 22 Apr 2002 13:38:33 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15556.29897.695479.817308@horsey.gshapiro.net> Date: Mon, 22 Apr 2002 13:38:33 -0700 From: Gregory Neil Shapiro To: Wilko Bulte Cc: hackers@FreeBSD.ORG Subject: Re: sendmail complaining about filedescriptors? In-Reply-To: <20020422213522.A4465@freebie.xs4all.nl> References: <20020422213522.A4465@freebie.xs4all.nl> X-Mailer: VM 7.00 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG wkb> Apr 22 09:29:50 freebie sendmail[253]: File descriptors missing on startup: stdout, stderr; Bad file descriptor sendmail always checks it's first three fd's at startup to avoid the problem that has just come to light in the FreeBSD security announcement. This is what is logged if sendmail has problems with them. It can be ignored as sendmail attaches /dev/null to them. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Mon Apr 22 15:21:14 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mailhub.yumyumyum.org (dsl092-171-091.wdc1.dsl.speakeasy.net [66.92.171.91]) by hub.freebsd.org (Postfix) with SMTP id 1C74437C55A for ; Mon, 22 Apr 2002 15:12:48 -0700 (PDT) Received: (qmail 23745 invoked from network); 22 Apr 2002 22:12:14 -0000 Received: from dsl092-171-091.wdc1.dsl.speakeasy.net (66.92.171.91) by dsl092-171-091.wdc1.dsl.speakeasy.net with SMTP; 22 Apr 2002 22:12:14 -0000 Date: Mon, 22 Apr 2002 18:12:14 -0400 (EDT) From: Kenneth Culver To: Andrew Gallatin Cc: freebsd-hackers@freebsd.org, Subject: Re: implementing linux mmap2 syscall In-Reply-To: <15556.28962.259876.509643@grasshopper.cs.duke.edu> Message-ID: <20020422172703.C23429-100000@alpha.yumyumyum.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > > AHH, ok I was wondering where PAGE_SHIFT was for FreeBSD. I guess ctob > > does what I need it to. I think that's probably why it still wasn't > > working yet... I think it also has to be page aligned before you pass it > > in though, I have to look at linux's do_mmap_pgoff() (I think that's the > > right function name) to see if it's expecting an already page-aligned arg, > > or if it's aligning it before it uses it. > > The name implies that do_mmap_pgoff() takes page-shift'ed args. > An offset specified as a page-shift is page-aligned by definition. > Eg, when you call ctob(pgoff) this turns out to be (pgoff << > PAGE_SHIFT) bytes. > > Drew > > That makes sense, regular linux mmap seems to expect the offset to be in bytes (from linux's mmap): ret = do_mmap_pgoff(file, addr, len, prot, flag, offset >> PAGE_SHIFT); Where linux's mmap2 does this: error = do_mmap_pgoff(file, addr, len, prot, flags, pgoff); so this looks to me like do_mmap_pgoff expects a page-aligned offset, meaning that the difference between a regular linux mmap, and linux's mmap2 is that mmap expects bytes, and mmap2 expects a page offset instead... even more is that linux's old_mmap (the one that we actually emulate in linux_mmap(), calls do_mmap2 with these args: err = do_mmap2(a.addr, a.len, a.prot, a.flags, a.fd, a.offset >> PAGE_SHIFT); so, I'll just do the ctob() and see what happens. :-) Ken To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Mon Apr 22 15:34:34 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mailhub.yumyumyum.org (dsl092-171-091.wdc1.dsl.speakeasy.net [66.92.171.91]) by hub.freebsd.org (Postfix) with SMTP id A52D037C065 for ; Mon, 22 Apr 2002 15:23:56 -0700 (PDT) Received: (qmail 21100 invoked from network); 22 Apr 2002 13:23:05 -0000 Received: from ken.yumyumyum.org (192.168.0.2) by router.yumyumyum.org with SMTP; 22 Apr 2002 13:23:05 -0000 Content-Type: text/plain; charset="iso-8859-1" From: Kenneth Culver To: Terry Lambert Subject: Re: implementing linux mmap2 syscall Date: Mon, 22 Apr 2002 09:23:35 -0400 X-Mailer: KMail [version 1.4] References: <200204211525.08827.culverk@yumyumyum.org> <3CC3E619.8AD5EFF9@mindspring.com> In-Reply-To: <3CC3E619.8AD5EFF9@mindspring.com> Cc: freebsd-hackers@freebsd.org, freebsd-emulation@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-Id: <200204220923.35667.culverk@yumyumyum.org> Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Monday 22 April 2002 06:29 am, you wrote: > Kenneth Culver wrote: > > So what it looks like to me is that mmap2 expects an offset that's > > already page-aligned (I'm not sure if this is the right way to say it= ), > > where mmap doesn't. the FreeBSD code in the linuxulator basically jus= t > > takes the offset that is passed in with the linux mmap, and uses that= to > > call FreeBSD's mmap (the kernel version, not the one called from > > userland). So basically I'm kinda stuck as to what to do to implement > > linux's mmap2. The only thing I can think of is to implement a FreeBS= D > > "mmap2" that basically assumes that the offset passed in is already p= age > > aligned or whatever, and just uses it, and then have linux_mmap2() ju= st > > call the FreeBSD mmap2(). Any ideas? > > This is too much work. > > Basically, it just wants to bitch when the offset is not page > aligned, and then call the old mmap if it doesn't bitch. > OK, I think I can do that, thanks for the help. Will anyone be interested= in=20 patches when/if I get this working? I also implemented ftruncate64 (which= =20 just calls ftruncate).=20 Ken To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Mon Apr 22 16: 6:49 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from fw.wemm.org (12-232-135-171.client.attbi.com [12.232.135.171]) by hub.freebsd.org (Postfix) with ESMTP id 4F2EA37B935; Mon, 22 Apr 2002 15:55:18 -0700 (PDT) Received: from overcee.wemm.org (overcee.wemm.org [10.0.0.3]) by fw.wemm.org (8.11.6/8.11.6) with ESMTP id g3MMsee27747; Mon, 22 Apr 2002 15:54:40 -0700 (PDT) (envelope-from peter@wemm.org) Received: from wemm.org (localhost [127.0.0.1]) by overcee.wemm.org (Postfix) with ESMTP id A91A138CC; Mon, 22 Apr 2002 15:54:40 -0700 (PDT) (envelope-from peter@wemm.org) X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 To: Gregory Neil Shapiro Cc: Wilko Bulte , hackers@FreeBSD.ORG Subject: Re: sendmail complaining about filedescriptors? In-Reply-To: <15556.29897.695479.817308@horsey.gshapiro.net> Date: Mon, 22 Apr 2002 15:54:40 -0700 From: Peter Wemm Message-Id: <20020422225440.A91A138CC@overcee.wemm.org> Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Gregory Neil Shapiro wrote: > wkb> Apr 22 09:29:50 freebie sendmail[253]: File descriptors missing on start up: stdout, stderr; Bad file descriptor > > sendmail always checks it's first three fd's at startup to avoid the > problem that has just come to light in the FreeBSD security announcement. > This is what is logged if sendmail has problems with them. It can be > ignored as sendmail attaches /dev/null to them. In this particular case it's a false alarm. There are fd's there, but they got revoke(2)'ed by the getty on the console. fstat(2) returns EBADF on the revoked fd's and is impossible to tell the difference between a revoke'd fd and a non-existing fd. Cheers, -Peter -- Peter Wemm - peter@wemm.org; peter@FreeBSD.org; peter@yahoo-inc.com "All of this is for nothing if we don't go to the stars" - JMS/B5 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Mon Apr 22 16:14: 4 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mail6.microsoft.com (mail6.microsoft.com [131.107.3.126]) by hub.freebsd.org (Postfix) with ESMTP id D54C337BF6C for ; Mon, 22 Apr 2002 16:06:23 -0700 (PDT) Received: from inet-vrs-06.redmond.corp.microsoft.com ([157.54.6.201]) by mail6.microsoft.com with Microsoft SMTPSVC(5.0.2195.4905); Mon, 22 Apr 2002 16:06:10 -0700 Received: from 157.54.8.155 by inet-vrs-06.redmond.corp.microsoft.com (InterScan E-Mail VirusWall NT); Mon, 22 Apr 2002 16:06:08 -0700 Received: from na-hub-02.redmond.corp.microsoft.com ([157.54.0.171]) by inet-hub-04.redmond.corp.microsoft.com with Microsoft SMTPSVC(5.0.2195.4905); Mon, 22 Apr 2002 16:06:10 -0700 Received: from sp-hub-01.southpacific.corp.microsoft.com ([157.54.7.153]) by na-hub-02.redmond.corp.microsoft.com with Microsoft SMTPSVC(5.0.2195.4905); Mon, 22 Apr 2002 16:06:21 -0700 Received: from syd-msg-02.southpacific.corp.microsoft.com ([157.60.164.36]) by sp-hub-01.southpacific.corp.microsoft.com with Microsoft SMTPSVC(5.0.2195.4905); Mon, 22 Apr 2002 16:06:03 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.0.6177.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: 4.5 STABLE - kernel panics Date: Tue, 23 Apr 2002 09:03:41 +1000 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: 4.5 STABLE - kernel panics Thread-Index: AcHoTj/wA8CfaeIqR3e2dvxRpA2rSQCA3KQw From: "Chris Moran" To: "Steven Goodwin" , "Herbert" Cc: X-OriginalArrivalTime: 22 Apr 2002 23:06:04.0178 (UTC) FILETIME=[46F53F20:01C1EA52] Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Just to add fuel to the fire, I'm getting this on 4.5-RELEASE on an Intel R440 SMP board with 2xPII-233 CPUs: ad4: UDMA ICRC error reading fsbn 1480839 of 0-103 Fatal trap 18: integer divide while in kernel mode mp_lock =3D 01000002; cpuid =3D 1; lapic.id =3D 00000000 instruction pointer =3D 0x8:0xc020ad39 stack pointer =3D 0x10:0xff80ff48 frame pointer =3D 0x10:0xff80ff5c code segment =3D base 0x0, limit 0xffff, type 0x1b =3D DPL 0, pres 1, def32 1, gran 1 processor eflags =3D interrupt enabled, resume, IOPL =3D 0 current process =3D idle interrupt mask =3D bio <- SMP: XXX trap number =3D 18 panic: integer divide fault mp_lock =3D 0x01000002; cpuid =3D 1; lapic.id =3D 00000000 bot() called on CPU #1 syncing disks... 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 giving up on 8 buffers Uptime: 35s Automatic reboot in 15 seconds - press a key on the console to abort --> Press a key on the console to reboot, --> or switch off the system now -----Original Message----- From: Steven Goodwin [mailto:steve@cit.gu.edu.au]=20 Sent: Saturday, 20 April 2002 7:32 PM To: Herbert Cc: hackers@FreeBSD.ORG Subject: Re: 4.5 STABLE - kernel panics Hello. Just out of curiosity, what sort of hardware are you running? I get a similar kernel panic message ...=20 Fatal trap 12: page fault while in kernel mode fault virtual address =3D 0xc4b4641e fault code =3D supervisor read, page not present ... while extracting large tarballs. I'm using a ASUS A7M266 motherboard and, unfortunately, I haven't been able to find a solution on this list (or freebsd-questions). Steve On Fri, 19 Apr 2002, Herbert wrote > Hei! >=20 > When I have tried to compile QT-3.0.3 with g++30 today my > FreeBSD-STABLE kernel paniced while gmake was generating the Makefiles. >=20 > # uname -a > FreeBSD freebsd3.rocks 4.5-STABLE FreeBSD 4.5-STABLE #0: Fri Apr 19 > 07:24:16 CEST 2002 > herbert@freebsd3.rocks:/usr/obj/usr/src/sys/ATAPICAM i386 >=20 > Fatal trap 12: page fault while in kernel mode > fault virtual address =3D 0x46 > fault code =3D supervisor read, page not present > instruction pointer =3D 0x8:0xc02798d4 > stack pointer =3D 0x10:0xdd7d5c28 > frame pointer =3D 0x10:0xdd7d5c18 > code segment =3D base 0x0, limit 0xfffff, type 0x1b > =3D DPL 0, pres 1, def32 1, gran 1 > processor eflags =3D interrupt enabled, resume, IOPL =3D 0 > current process =3D 16947 (cpp0) > interrupt mask =3D none > trap number =3D 12 > panic: page fault >=20 > syncing disks... 24 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1=20 > done > Uptime: 6h15m10s >=20 > (kgdb) bt > #0 dumpsys () at /usr/src/sys/kern/kern_shutdown.c:487 > #1 0xc016d313 in boot (howto=3D256) at > /usr/src/sys/kern/kern_shutdown.c:316 > #2 0xc016d751 in panic (fmt=3D0xc02bbfcc "%s") > at /usr/src/sys/kern/kern_shutdown.c:595 > #3 0xc027c36b in trap_fatal (frame=3D0xdd7d5be8, eva=3D70) > at /usr/src/sys/i386/i386/trap.c:966 > #4 0xc027c019 in trap_pfault (frame=3D0xdd7d5be8, usermode=3D0, = eva=3D70) > at /usr/src/sys/i386/i386/trap.c:859 > #5 0xc027bb93 in trap (frame=3D{tf_fs =3D 16, tf_es =3D 16, tf_ds =3D = 16,=20 > tf_edi =3D -574190496, tf_esi =3D -578986936, tf_ebp =3D = -578986984,=20 > tf_isp =3D -578986988, tf_ebx =3D 14, tf_edx =3D -578998272,=20 > tf_ecx =3D 13077933, tf_eax =3D 14, tf_trapno =3D 12, tf_err =3D = 0,=20 > tf_eip =3D -1071146796, tf_cs =3D 8, tf_eflags =3D 66050, tf_esp = =3D 0,=20 > tf_ss =3D -579023232}) at /usr/src/sys/i386/i386/trap.c:458 > #6 0xc02798d4 in pmap_prefault (pmap=3D0x8, addra=3D66050, = entry=3D0x0) > at /usr/src/sys/i386/i386/pmap.c:2535 >=20 > Anyone knows what's going on here? >=20 > Regards, > Herbert >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message >=20 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Mon Apr 22 16:19: 3 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mail.merconic.com (mail.merconic.com [62.96.220.180]) by hub.freebsd.org (Postfix) with SMTP id 447DB37B93E for ; Mon, 22 Apr 2002 16:11:40 -0700 (PDT) Received: (qmail 21262 invoked by uid 306); 22 Apr 2002 17:44:57 -0000 Received: from scotty.ds9 (192.168.2.100) by uhura.ds9 with SMTP; 22 Apr 2002 17:44:56 -0000 Received: by scotty.ds9 (Postfix, from userid 754) id F171558374; Mon, 22 Apr 2002 19:44:55 +0200 (CEST) Date: Mon, 22 Apr 2002 19:44:55 +0200 From: Marc Heckmann To: freebsd-hackers@freebsd.org Subject: "boot -a" in 4.5-STABLE Message-ID: <20020422174455.GA8682@merconic.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.28i X-Virus-Scanned: by AMaViS perl-11 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi, I've got 4.5-STABLE setup here with vinum as per the Vinum bootstrapping howto (http://www.freebsd.org/doc/en_US.ISO8859-1/articles/vinum/index.html). I have ad0s1a which is "/" and ad2s1a which is mounted on /rootback, it's an exact copy of the "/" filesystem. I wanted to try one of the failure scenarios from the howto (http://www.freebsd.org/doc/en_US.ISO8859-1/articles/vinum/failures.html) so I shutdown the machine, unplugged the ad0 drive. The machine found the boot loader on ad2 and I have a prompt.. so far so good.. I do "boot -as" so that I can manually tell the kernel which root filesystem to mount. here is what I get: ad2: 95396MB [193821/16/63] at ata1-master UDMA66 Manual root filesystem specification: : Mount using filesystem eg. ufs:/dev/da0s1a ? List valid disk boot devices Abort manual input mountroot> ufs:/dev/ad2s1a Mounting root from ufs:/dev/ad0s1a <---- NOTE this Root mount failed: 6 panic: Root mount failed, startup aborted. Why is it still trying to use ad0s1a as the root when I explicitly told it to use /dev/ad2s1a? Any ideas? thanks in advance. -m -- m. heckmann. -- merconic GmbH, Chausseestr. 128-129, D-10115 Berlin (Mitte) Telefon +49-30-726265-200, Fax +49-30-726265-211, Durchwahl -200 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Mon Apr 22 16:27:23 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from deathrow.mail.pas.earthlink.net (deathrow.mail.pas.earthlink.net [207.217.120.19]) by hub.freebsd.org (Postfix) with ESMTP id 39AEB37B8A4; Mon, 22 Apr 2002 16:20:34 -0700 (PDT) Received: from gull.mail.pas.earthlink.net ([207.217.120.84] helo=gull.prod.itd.earthlink.net) by deathrow.mail.pas.earthlink.net with esmtp (Exim 3.33 #1) id 16zb5L-0000CN-00; Mon, 22 Apr 2002 03:30:15 -0700 Received: from pool0081.cvx40-bradley.dialup.earthlink.net ([216.244.42.81] helo=mindspring.com) by gull.prod.itd.earthlink.net with esmtp (Exim 3.33 #2) id 16zb5I-0002Za-00; Mon, 22 Apr 2002 03:30:13 -0700 Message-ID: <3CC3E619.8AD5EFF9@mindspring.com> Date: Mon, 22 Apr 2002 03:29:45 -0700 From: Terry Lambert X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Kenneth Culver Cc: freebsd-hackers@freebsd.org, freebsd-emulation@freebsd.org Subject: Re: implementing linux mmap2 syscall References: <200204211525.08827.culverk@yumyumyum.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Kenneth Culver wrote: > So what it looks like to me is that mmap2 expects an offset that's already > page-aligned (I'm not sure if this is the right way to say it), where mmap > doesn't. the FreeBSD code in the linuxulator basically just takes the offset > that is passed in with the linux mmap, and uses that to call FreeBSD's mmap > (the kernel version, not the one called from userland). So basically I'm > kinda stuck as to what to do to implement linux's mmap2. The only thing I can > think of is to implement a FreeBSD "mmap2" that basically assumes that the > offset passed in is already page aligned or whatever, and just uses it, and > then have linux_mmap2() just call the FreeBSD mmap2(). Any ideas? This is too much work. Basically, it just wants to bitch when the offset is not page aligned, and then call the old mmap if it doesn't bitch. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Mon Apr 22 16:35:50 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from your-mom.student.umd.edu (your-mom.student.umd.edu [129.2.247.58]) by hub.freebsd.org (Postfix) with ESMTP id 6FF5937BC9C for ; Mon, 22 Apr 2002 16:32:29 -0700 (PDT) Received: from localhost (philip@localhost) by your-mom.student.umd.edu (8.11.6/8.11.6) with ESMTP id g3MIamT61644; Mon, 22 Apr 2002 18:36:48 GMT (envelope-from philip@your-mom.student.umd.edu) Date: Mon, 22 Apr 2002 18:36:48 +0000 (GMT) From: Philip To: Marc Heckmann Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: "boot -a" in 4.5-STABLE In-Reply-To: <20020422174455.GA8682@merconic.com> Message-ID: <20020422183440.R61615-100000@your-mom.student.umd.edu> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG You might try just booting it normally and letting it fail. Then enter th ufs:/dev/ad2s1a I do this all time when I stick a hd in a fast machine to install FBSD its gets ad4s what ever... but in the machine its ends up it needs to be ad0s whatever. after I mount every manually the first time, I just change my /etc/fstab file to be what it should and everything is happy. On Mon, 22 Apr 2002, Marc Heckmann wrote: > Hi, > > I've got 4.5-STABLE setup here with vinum as per the Vinum bootstrapping howto > (http://www.freebsd.org/doc/en_US.ISO8859-1/articles/vinum/index.html). > > I have ad0s1a which is "/" and ad2s1a which is mounted on /rootback, it's an > exact copy of the "/" filesystem. I wanted to try one of the failure scenarios > from the howto > (http://www.freebsd.org/doc/en_US.ISO8859-1/articles/vinum/failures.html) so I > shutdown the machine, unplugged the ad0 drive. The machine found the boot > loader on ad2 and I have a prompt.. so far so good.. > > I do "boot -as" so that I can manually tell the kernel which root filesystem to > mount. here is what I get: > > ad2: 95396MB [193821/16/63] at ata1-master UDMA66 > > Manual root filesystem specification: > : Mount using filesystem > eg. ufs:/dev/da0s1a > ? List valid disk boot devices > Abort manual input > > mountroot> ufs:/dev/ad2s1a > Mounting root from ufs:/dev/ad0s1a <---- NOTE this > Root mount failed: 6 > panic: Root mount failed, startup aborted. > > Why is it still trying to use ad0s1a as the root when I explicitly told it to > use /dev/ad2s1a? > > Any ideas? thanks in advance. > > -m > > -- > m. heckmann. > -- > merconic GmbH, Chausseestr. 128-129, D-10115 Berlin (Mitte) > Telefon +49-30-726265-200, Fax +49-30-726265-211, Durchwahl -200 > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Mon Apr 22 16:36:54 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from SRDMAIL.SINP.MSU.RU (bigking.sinp.msu.ru [213.131.9.130]) by hub.freebsd.org (Postfix) with ESMTP id 8020737B619 for ; Mon, 22 Apr 2002 16:30:34 -0700 (PDT) Received: from dima (helo=localhost) by SRDMAIL.SINP.MSU.RU with local-esmtp (Exim 3.34 #1) id 16zcAq-0005No-00 for freebsd-hackers@FreeBSD.org; Mon, 22 Apr 2002 15:40:00 +0400 Date: Mon, 22 Apr 2002 15:40:00 +0400 (MSD) From: Dmitry Mottl To: freebsd-hackers@FreeBSD.org Subject: make installworld failed on 4.0-RELEASE Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi, I have a problem when installing 4-STABLE on 4.0-RELEASE from remotely mounted /usr/src and /usr/obj: ELF binary type not known. Use "brandelf" to brand it Why? === [skipped] -------------------------------------------------------------- >>> Installing everything.. -------------------------------------------------------------- cd /usr/src; make -f Makefile.inc1 install ===> share/info ===> include if [ -h /usr/include/cam ]; then rm -f /usr/include/cam; fi if [ -h /usr/include/msdosfs ]; then rm -f /usr/include/msdosfs; fi if [ -h /usr/include/net ]; then rm -f /usr/include/net; fi if [ -h /usr/include/netatalk ]; then rm -f /usr/include/netatalk; fi if [ -h /usr/include/netatm ]; then rm -f /usr/include/netatm; fi if [ -h /usr/include/netgraph ]; then rm -f /usr/include/netgraph; fi if [ -h /usr/include/netinet ]; then rm -f /usr/include/netinet; fi if [ -h /usr/include/netinet6 ]; then rm -f /usr/include/netinet6; fi if [ -h /usr/include/netipx ]; then rm -f /usr/include/netipx; fi if [ -h /usr/include/netkey ]; then rm -f /usr/include/netkey; fi if [ -h /usr/include/netnatm ]; then rm -f /usr/include/netnatm; fi if [ -h /usr/include/netncp ]; then rm -f /usr/include/netncp; fi if [ -h /usr/include/netns ]; then rm -f /usr/include/netns; fi if [ -h /usr/include/netsmb ]; then rm -f /usr/include/netsmb; fi if [ -h /usr/include/nfs ]; then rm -f /usr/include/nfs; fi if [ -h /usr/include/ntfs ]; then rm -f /usr/include/ntfs; fi if [ -h /usr/include/nwfs ]; then rm -f /usr/include/nwfs; fi if [ -h /usr/include/pccard ]; then rm -f /usr/include/pccard; fi if [ -h /usr/include/posix4 ]; then rm -f /usr/include/posix4; fi if [ -h /usr/include/sys ]; then rm -f /usr/include/sys; fi if [ -h /usr/include/vm ]; then rm -f /usr/include/vm; fi if [ -h /usr/include/fs/smbfs ]; then rm -f /usr/include/fs/smbfs; fi if [ -h /usr/include/isofs/cd9660 ]; then rm -f /usr/include/isofs/cd9660; fi if [ -h /usr/include/ufs/ffs ]; then rm -f /usr/include/ufs/ffs; fi if [ -h /usr/include/ufs/mfs ]; then rm -f /usr/include/ufs/mfs; fi if [ -h /usr/include/ufs/ufs ]; then rm -f /usr/include/ufs/ufs; fi if [ -h /usr/include/dev/ppbus ]; then rm -f /usr/include/dev/ppbus; fi if [ -h /usr/include/dev/usb ]; then rm -f /usr/include/dev/usb; fi if [ -h /usr/include/machine ]; then rm -f /usr/include/machine; fi mtree -deU -f /usr/src/include/../etc/mtree/BSD.include.dist -p /usr/include cd /usr/src/include/../sys; install -C -o root -g wheel -m 444 cam/*.h /usr/include/cam ELF binary type not known. Use "brandelf" to brand it. Abort trap *** Error code 134 Stop in /usr/src/include. *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src. === - Dmitry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Mon Apr 22 16:44:41 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mailhub.yumyumyum.org (dsl092-171-091.wdc1.dsl.speakeasy.net [66.92.171.91]) by hub.freebsd.org (Postfix) with SMTP id 9074937B754 for ; Mon, 22 Apr 2002 16:43:57 -0700 (PDT) Received: (qmail 24452 invoked from network); 22 Apr 2002 23:43:41 -0000 Received: from dsl092-171-091.wdc1.dsl.speakeasy.net (66.92.171.91) by dsl092-171-091.wdc1.dsl.speakeasy.net with SMTP; 22 Apr 2002 23:43:41 -0000 Date: Mon, 22 Apr 2002 19:43:41 -0400 (EDT) From: Kenneth Culver To: Terry Lambert Cc: freebsd-hackers@FreeBSD.ORG, Subject: Re: implementing linux mmap2 syscall In-Reply-To: <3CC3E619.8AD5EFF9@mindspring.com> Message-ID: <20020422194240.K24428-100000@alpha.yumyumyum.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > Basically, it just wants to bitch when the offset is not page > aligned, and then call the old mmap if it doesn't bitch. > Basically I misunderstood what the linux mmap2 was doing, it recieves an offset as a number of pages, not as bytes, so by definition it's already page aligned. All I have to do is convert the number of pages to a number of bytes and pass it along to FreeBSD's mmap. Thanks! Ken To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Mon Apr 22 16:53:40 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from odusv.oduurl.ru (odusv.oduurl.ru [195.12.73.193]) by hub.freebsd.org (Postfix) with SMTP id 0165B37B4DE for ; Mon, 22 Apr 2002 16:52:39 -0700 (PDT) Received: from maxic.smes.elektra.ru by odusv.oduurl.ru with ESMTP id XAA82190 (8.6.12 for ); Mon, 22 Apr 2002 23:22:05 +0600 Received: (from root@localhost) by maxic.smes.elektra.ru (8.11.1/8.11.6) id g3MGQUT22885 for freebsd-hackers@FreeBSD.org.KAV; Mon, 22 Apr 2002 22:26:30 +0600 (YEKST) (envelope-from kuzn@smes.elektra.ru) Received: from Ohxrrq (ods.smes.elektra.ru [192.168.7.150]) by maxic.smes.elektra.ru (8.11.1/8.11.6) with SMTP id g3MGQQJ22841 for ; Mon, 22 Apr 2002 22:26:26 +0600 (YEKST) (envelope-from kuzn@smes.elektra.ru) Date: Mon, 22 Apr 2002 22:26:26 +0600 (YEKST) Message-Id: <200204221626.g3MGQQJ22841@maxic.smes.elektra.ru> From: mwozniak To: freebsd-hackers@FreeBSD.org Subject: So cool a flash,enjoy it MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=K61yw1Uy9K30TyA1hEb Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Mon Apr 22 17:40:22 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from winston.freebsd.org (adsl-64-173-15-98.dsl.sntc01.pacbell.net [64.173.15.98]) by hub.freebsd.org (Postfix) with ESMTP id 48B4237B428 for ; Mon, 22 Apr 2002 17:40:15 -0700 (PDT) Received: from winston.freebsd.org (jkh@localhost [127.0.0.1]) by winston.freebsd.org (8.12.2/8.12.2) with ESMTP id g3N0dQ7W011314 for ; Mon, 22 Apr 2002 17:39:26 -0700 (PDT) (envelope-from jkh@winston.freebsd.org) Received: (from jkh@localhost) by winston.freebsd.org (8.12.2/8.12.2/Submit) id g3N0dQ8i011313 for hackers@freebsd.org; Mon, 22 Apr 2002 17:39:26 -0700 (PDT) Date: Mon, 22 Apr 2002 17:39:26 -0700 (PDT) From: Jordan Hubbard Message-Id: <200204230039.g3N0dQ8i011313@winston.freebsd.org> To: hackers@freebsd.org Subject: ssh + compiled-in SKEY support considered harmful? Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG We at Apple are noticing a strange problem with newer versions of ssh (which has been upgraded to OpenSSH_3.1p1) and FreeBSD 4.5-STABLE's sshd. This problem did not occur with our older ssh, but it also does not occur with the newer version and *any* other OS other than FreeBSD, e.g. if you ssh to a Linux or Solaris or Mac OS X box, for that matter, you will not see this behavior. What behavior am I talking about? This: jhubbard@wafer-> ssh jkh@winston.freebsd.org otp-md5 114 wi7854 ext S/Key Password: otp-md5 117 wi5044 ext S/Key Password: otp-md5 397 wi0652 ext S/Key Password: jkh@winston.freebsd.org's password: The machine "wafer" is a Mac OS X box running 10.1.3 and winston.freebsd.org is running FreeBSD 4.5-STABLE. The authentication method which tries this S/Key stuff is "keyboard-interactive" and this is tried, for some reason, before the "password" auth method. If you compile sshd on the FreeBSD side without SKEY support built-in, the problem also goes away. My question: Who's "wrong" here, FreeBSD or Mac OS X? If the latter, why doesn't Linux or anything else produce this problem? I ask now because I know that the usage of Mac OS X is growing and there are going to be a lot of annoyed users (like me!) who very quickly get tired of having to wind through all the bogus S/Key password prompts before they can actually type in their real password (and no, skey is not enabled on winston and I have never done a keyinit operation, so I couldn't S/Key authenticate to it if I wanted to). - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Mon Apr 22 17:46: 5 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from tao.org.uk (genius.tao.org.uk [212.135.162.51]) by hub.freebsd.org (Postfix) with ESMTP id 82DFB37B41A for ; Mon, 22 Apr 2002 17:45:57 -0700 (PDT) Received: by tao.org.uk (Postfix, from userid 100) id 82560602; Tue, 23 Apr 2002 01:45:04 +0100 (BST) Date: Tue, 23 Apr 2002 01:45:04 +0100 From: Josef Karthauser To: Jordan Hubbard Cc: hackers@freebsd.org Subject: Re: ssh + compiled-in SKEY support considered harmful? Message-ID: <20020423004504.GA45021@genius.tao.org.uk> References: <200204230039.g3N0dQ8i011313@winston.freebsd.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="x+6KMIRAuhnl3hBn" Content-Disposition: inline In-Reply-To: <200204230039.g3N0dQ8i011313@winston.freebsd.org> User-Agent: Mutt/1.3.28i Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --x+6KMIRAuhnl3hBn Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Apr 22, 2002 at 05:39:26PM -0700, Jordan Hubbard wrote: >=20 > My question: Who's "wrong" here, FreeBSD or Mac OS X? If the latter, > why doesn't Linux or anything else produce this problem? I ask now > because I know that the usage of Mac OS X is growing and there are going > to be a lot of annoyed users (like me!) who very quickly get tired > of having to wind through all the bogus S/Key password prompts before > they can actually type in their real password (and no, skey is not > enabled on winston and I have never done a keyinit operation, so I couldn= 't > S/Key authenticate to it if I wanted to). >=20 I got it sshing from -current to a freshly installed 4.5 box and it continued to happen when I upgraded the 4.5 box to 5.0-DP1. It doesn't happen when I ssh to my regular -stable server, but I've not investigated the reasons why. Joe --x+6KMIRAuhnl3hBn Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjzEro8ACgkQXVIcjOaxUBZQ9ACeONvFxhQQm7kkcNWrB0+HGR8F MTcAoJ5l8O0Rs+RKd2ImaiIQcMWvWwnU =jHxj -----END PGP SIGNATURE----- --x+6KMIRAuhnl3hBn-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Mon Apr 22 18: 4:51 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from guru.mired.org (dsl-64-192-6-133.telocity.com [64.192.6.133]) by hub.freebsd.org (Postfix) with ESMTP id EDAB337B429 for ; Mon, 22 Apr 2002 18:04:47 -0700 (PDT) Received: (from mwm@localhost) by guru.mired.org (8.11.1/8.11.2) id g3N14im24849 for hackers@freebsd.org; Mon, 22 Apr 2002 20:04:44 -0500 (CDT) (envelope-from mwm-dated-1019955884.8b118e@mired.org) X-Authentication-Warning: guru.mired.org: mwm set sender to mwm-dated-1019955884.8b118e@mired.org using -f MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15556.45867.668486.259740@guru.mired.org> Date: Mon, 22 Apr 2002 20:04:43 -0500 To: Jordan Hubbard Cc: hackers@freebsd.org Subject: Re: ssh + compiled-in SKEY support considered harmful? In-Reply-To: <200204230039.g3N0dQ8i011313@winston.freebsd.org> References: <200204230039.g3N0dQ8i011313@winston.freebsd.org> X-Mailer: VM 6.90 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG% *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\ From: Mike Meyer X-Delivery-Agent: TMDA/0.51 (Python 2.2 on FreeBSD/i386) Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In <200204230039.g3N0dQ8i011313@winston.freebsd.org>, Jordan Hubbard typed: > My question: Who's "wrong" here, FreeBSD or Mac OS X? If the latter, Someone decided that FreeBSD should do challengeresponse authentication by default. You can fix it by uncommenting the line "#ChallengeResponseAuthentication no" in /etc/ssh/sshd_config. http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Mon Apr 22 18:39:32 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from slc.edu (weir-01c.slc.edu [207.106.89.46]) by hub.freebsd.org (Postfix) with ESMTP id 7ED0737B417 for ; Mon, 22 Apr 2002 18:39:19 -0700 (PDT) Received: (from anthony@localhost) by slc.edu (8.11.6/8.11.6) id g3N1fKP14662; Mon, 22 Apr 2002 21:41:20 -0400 (EDT) (envelope-from anthony) Date: Mon, 22 Apr 2002 21:41:20 -0400 From: Anthony Schneider To: Mike Meyer Cc: Jordan Hubbard , hackers@FreeBSD.ORG Subject: Re: ssh + compiled-in SKEY support considered harmful? Message-ID: <20020422214120.A14633@mail.slc.edu> References: <200204230039.g3N0dQ8i011313@winston.freebsd.org> <15556.45867.668486.259740@guru.mired.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="vkogqOf2sHV7VnPd" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <15556.45867.668486.259740@guru.mired.org>; from mwm-dated-1019955884.8b118e@mired.org on Mon, Apr 22, 2002 at 08:04:43PM -0500 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --vkogqOf2sHV7VnPd Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Apr 22, 2002 at 08:04:43PM -0500, Mike Meyer wrote: > In <200204230039.g3N0dQ8i011313@winston.freebsd.org>, Jordan Hubbard typed: > > My question: Who's "wrong" here, FreeBSD or Mac OS X? If the latter, >=20 > Someone decided that FreeBSD should do challengeresponse > authentication by default. You can fix it by uncommenting the line > "#ChallengeResponseAuthentication no" in /etc/ssh/sshd_config. >=20 that's what fixxed it for me, too. SkeyAuthentication no also does it. :) -Anthony. ----------------------------------------------- PGP key at: http://www.keyserver.net/ http://www.anthonydotcom.com/gpgkey/key.txt Home: http://www.anthonydotcom.com ----------------------------------------------- --vkogqOf2sHV7VnPd Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjzEu78ACgkQ+rDjkNht5F2mMACfYxbazSOUnrTs0XOk00X1AAND xToAoIGhI8C9EssxCQ6I0ttn2yhiJAuh =z7cs -----END PGP SIGNATURE----- --vkogqOf2sHV7VnPd-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Mon Apr 22 18:40:53 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from fw.wemm.org (12-232-135-171.client.attbi.com [12.232.135.171]) by hub.freebsd.org (Postfix) with ESMTP id BF08337B422 for ; Mon, 22 Apr 2002 18:40:31 -0700 (PDT) Received: from overcee.wemm.org (overcee.wemm.org [10.0.0.3]) by fw.wemm.org (8.11.6/8.11.6) with ESMTP id g3N1eVe28369 for ; Mon, 22 Apr 2002 18:40:31 -0700 (PDT) (envelope-from peter@wemm.org) Received: from wemm.org (localhost [127.0.0.1]) by overcee.wemm.org (Postfix) with ESMTP id 8ACF638CC; Mon, 22 Apr 2002 18:40:31 -0700 (PDT) (envelope-from peter@wemm.org) X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 To: Mike Meyer Cc: Jordan Hubbard , hackers@FreeBSD.ORG Subject: Re: ssh + compiled-in SKEY support considered harmful? In-Reply-To: <15556.45867.668486.259740@guru.mired.org> Date: Mon, 22 Apr 2002 18:40:31 -0700 From: Peter Wemm Message-Id: <20020423014031.8ACF638CC@overcee.wemm.org> Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Mike Meyer wrote: > In <200204230039.g3N0dQ8i011313@winston.freebsd.org>, Jordan Hubbard typed: > > My question: Who's "wrong" here, FreeBSD or Mac OS X? If the latter, > > Someone decided that FreeBSD should do challengeresponse > authentication by default. You can fix it by uncommenting the line > "#ChallengeResponseAuthentication no" in /etc/ssh/sshd_config. AHA! I've been wondering about this too. I cheated and set "Protocol 1,2" to avoid the whole issue. Cheers, -Peter -- Peter Wemm - peter@wemm.org; peter@FreeBSD.org; peter@yahoo-inc.com "All of this is for nothing if we don't go to the stars" - JMS/B5 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Mon Apr 22 18:41:36 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from hermes.galileo.edu (hermes.galileo.edu [168.234.203.13]) by hub.freebsd.org (Postfix) with SMTP id 4DB5737B421 for ; Mon, 22 Apr 2002 18:40:39 -0700 (PDT) Received: (qmail 17531 invoked by uid 1020); 23 Apr 2002 01:44:41 -0000 Date: Mon, 22 Apr 2002 19:44:41 -0600 From: Oscar Bonilla To: Anthony Schneider Cc: Mike Meyer , Jordan Hubbard , hackers@FreeBSD.ORG Subject: Re: ssh + compiled-in SKEY support considered harmful? Message-ID: <20020422194441.A17469@galileo.edu> References: <200204230039.g3N0dQ8i011313@winston.freebsd.org> <15556.45867.668486.259740@guru.mired.org> <20020422214120.A14633@mail.slc.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020422214120.A14633@mail.slc.edu>; from aschneid@mail.slc.edu on Mon, Apr 22, 2002 at 09:41:20PM -0400 X-Mailer: Mutt 1.2i (2000-05-09) Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG shouldn't the default be no skey? On Mon, Apr 22, 2002 at 09:41:20PM -0400, Anthony Schneider wrote: > On Mon, Apr 22, 2002 at 08:04:43PM -0500, Mike Meyer wrote: > > In <200204230039.g3N0dQ8i011313@winston.freebsd.org>, Jordan Hubbard typed: > > > My question: Who's "wrong" here, FreeBSD or Mac OS X? If the latter, > > > > Someone decided that FreeBSD should do challengeresponse > > authentication by default. You can fix it by uncommenting the line > > "#ChallengeResponseAuthentication no" in /etc/ssh/sshd_config. > > > > that's what fixxed it for me, too. > SkeyAuthentication no also does it. :) > -Anthony. > > ----------------------------------------------- > PGP key at: > http://www.keyserver.net/ > http://www.anthonydotcom.com/gpgkey/key.txt > Home: > http://www.anthonydotcom.com > ----------------------------------------------- > -- pgp fingerprint: BC64 2E7A CAEF 39E1 9544 80CA F7D5 784D FB46 16C1 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Mon Apr 22 18:43: 0 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from starbug.ugh.net.au (starbug.ugh.net.au [203.31.238.37]) by hub.freebsd.org (Postfix) with ESMTP id 569A737B400 for ; Mon, 22 Apr 2002 18:42:55 -0700 (PDT) Received: by starbug.ugh.net.au (Postfix, from userid 1000) id E59CFA809; Tue, 23 Apr 2002 11:42:53 +1000 (EST) Received: from localhost (localhost [127.0.0.1]) by starbug.ugh.net.au (Postfix) with ESMTP id E44DA5422; Tue, 23 Apr 2002 11:42:53 +1000 (EST) Date: Tue, 23 Apr 2002 11:42:53 +1000 (EST) From: Andrew To: Jordan Hubbard Cc: hackers@freebsd.org Subject: Re: ssh + compiled-in SKEY support considered harmful? In-Reply-To: <200204230039.g3N0dQ8i011313@winston.freebsd.org> Message-ID: <20020423113925.N45031-100000@starbug.ugh.net.au> X-WonK: *wibble* MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, 22 Apr 2002, Jordan Hubbard wrote: > We at Apple are noticing a strange problem with newer versions of > ssh (which has been upgraded to OpenSSH_3.1p1) and FreeBSD 4.5-STABLE's > sshd. This problem did not occur with our older ssh, but it also does not It's just your settings. Issues like this really belong on -questions ;-) You can put "ChallengeResponseAuthentication no" into ssh{,d}_config on either end. Andrew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Mon Apr 22 19: 1:28 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from winston.freebsd.org (adsl-64-173-15-98.dsl.sntc01.pacbell.net [64.173.15.98]) by hub.freebsd.org (Postfix) with ESMTP id 52EC937B400 for ; Mon, 22 Apr 2002 19:01:23 -0700 (PDT) Received: from winston.freebsd.org (jkh@localhost [127.0.0.1]) by winston.freebsd.org (8.12.2/8.12.2) with ESMTP id g3N21L7W011532; Mon, 22 Apr 2002 19:01:21 -0700 (PDT) (envelope-from jkh@winston.freebsd.org) To: Oscar Bonilla Cc: Anthony Schneider , Mike Meyer , hackers@FreeBSD.ORG Subject: Re: ssh + compiled-in SKEY support considered harmful? In-Reply-To: Message from Oscar Bonilla of "Mon, 22 Apr 2002 19:44:41 MDT." <20020422194441.A17469@galileo.edu> Date: Mon, 22 Apr 2002 19:01:21 -0700 Message-ID: <11531.1019527281@winston.freebsd.org> From: Jordan Hubbard Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG That would be my question as well, especially since "everyone else" seems to use that default. Thanks to all who responded, and so quickly at that - this at least clarified the situation (and gave me a way out!). - Jordan > shouldn't the default be no skey? > > On Mon, Apr 22, 2002 at 09:41:20PM -0400, Anthony Schneider wrote: > > On Mon, Apr 22, 2002 at 08:04:43PM -0500, Mike Meyer wrote: > > > In <200204230039.g3N0dQ8i011313@winston.freebsd.org>, Jordan Hubbard typed: > > > > My question: Who's "wrong" here, FreeBSD or Mac OS X? If the latter, > > > > > > Someone decided that FreeBSD should do challengeresponse > > > authentication by default. You can fix it by uncommenting the line > > > "#ChallengeResponseAuthentication no" in /etc/ssh/sshd_config. > > > > > > > that's what fixxed it for me, too. > > SkeyAuthentication no also does it. :) > > -Anthony. > > > > ----------------------------------------------- > > PGP key at: > > http://www.keyserver.net/ > > http://www.anthonydotcom.com/gpgkey/key.txt > > Home: > > http://www.anthonydotcom.com > > ----------------------------------------------- > > > > > > -- > pgp fingerprint: BC64 2E7A CAEF 39E1 9544 80CA F7D5 784D FB46 16C1 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Mon Apr 22 19:17:22 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from hawk.mail.pas.earthlink.net (hawk.mail.pas.earthlink.net [207.217.120.22]) by hub.freebsd.org (Postfix) with ESMTP id F3C1B37B416; Mon, 22 Apr 2002 19:17:10 -0700 (PDT) Received: from pool0527.cvx21-bradley.dialup.earthlink.net ([209.179.194.17] helo=mindspring.com) by hawk.mail.pas.earthlink.net with esmtp (Exim 3.33 #2) id 16zprg-0007MP-00; Mon, 22 Apr 2002 19:17:09 -0700 Message-ID: <3CC4C408.4B2501F@mindspring.com> Date: Mon, 22 Apr 2002 19:16:40 -0700 From: Terry Lambert X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Kenneth Culver Cc: freebsd-hackers@freebsd.org, freebsd-emulation@freebsd.org Subject: Re: implementing linux mmap2 syscall References: <200204211525.08827.culverk@yumyumyum.org> <3CC3E619.8AD5EFF9@mindspring.com> <200204220923.35667.culverk@yumyumyum.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Kenneth Culver wrote: > > This is too much work. > > > > Basically, it just wants to bitch when the offset is not page > > aligned, and then call the old mmap if it doesn't bitch. > > > OK, I think I can do that, thanks for the help. Will anyone be interested in > patches when/if I get this working? I also implemented ftruncate64 (which > just calls ftruncate). Sure. PR them, and then send email to whoever CVS says touched them last. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Mon Apr 22 19:42: 1 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 5DB3037B417 for ; Mon, 22 Apr 2002 19:41:58 -0700 (PDT) Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.11.6/8.11.6) with SMTP id g3N2f3w54443; Mon, 22 Apr 2002 22:41:04 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Mon, 22 Apr 2002 22:41:02 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Jordan Hubbard Cc: Oscar Bonilla , Anthony Schneider , Mike Meyer , hackers@FreeBSD.ORG Subject: Re: ssh + compiled-in SKEY support considered harmful? In-Reply-To: <11531.1019527281@winston.freebsd.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, 22 Apr 2002, Jordan Hubbard wrote: > That would be my question as well, especially since "everyone else" > seems to use that default. Thanks to all who responded, and so quickly > at that - this at least clarified the situation (and gave me a way > out!). This was discussed fairly extensively regarding -current: basically, s/key is "greedy" and attempts to fake s/key responses even for users who don't have s/key enabled. Nothing is wrong with challenge response -- arguably, that's a cleaner way to handle things as a default in the client, since it means if you connect to a server that does want to use challenge response, it DTRT. The fix in -CURRENT, I believe, was to make s/key "faking" for non-enabled users be an option, and to turn the option off by default. That fix relies on the extensive PAM updates in -CURRENT however; in -STABLE it can probably be similarly replicated via appropriate tweaking of sshd (?). Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Mon Apr 22 19:51:55 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from pintail.mail.pas.earthlink.net (pintail.mail.pas.earthlink.net [207.217.120.122]) by hub.freebsd.org (Postfix) with ESMTP id 7ACB537B41A for ; Mon, 22 Apr 2002 19:51:50 -0700 (PDT) Received: from pool0527.cvx21-bradley.dialup.earthlink.net ([209.179.194.17] helo=mindspring.com) by pintail.mail.pas.earthlink.net with esmtp (Exim 3.33 #2) id 16zqOv-0002Q5-00; Mon, 22 Apr 2002 19:51:29 -0700 Message-ID: <3CC4CC15.6DED09F8@mindspring.com> Date: Mon, 22 Apr 2002 19:51:01 -0700 From: Terry Lambert X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Andrew Cc: Jordan Hubbard , hackers@freebsd.org Subject: Re: ssh + compiled-in SKEY support considered harmful? References: <20020423113925.N45031-100000@starbug.ugh.net.au> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Andrew wrote: > On Mon, 22 Apr 2002, Jordan Hubbard wrote: > > We at Apple are noticing a strange problem with newer versions of > > ssh (which has been upgraded to OpenSSH_3.1p1) and FreeBSD 4.5-STABLE's > > sshd. This problem did not occur with our older ssh, but it also does not > > It's just your settings. Issues like this really belong on -questions ;-) > > You can put "ChallengeResponseAuthentication no" into ssh{,d}_config on > either end. I beg to differ. When the default behaviour is changed, the dicussion belongs here, since here is where the proplr who live who can change it back to The Way It Is Supposed To Be By Default(tm). IMO, you should have to: "Add ``ChallengeResponseAuthentication yes'' to get the new behaviour" NOT: "Add ``ChallengeResponseAuthentication no'' to get the historical behaviour" It's really damn annoying. Maybe the intention was to subtlely harass people who put passwords challenge/response pairs into shell scripts, but the effect has been to unsubtlely harass people who wire their typing of passwords into their medulla. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Mon Apr 22 19:53:11 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from winston.freebsd.org (adsl-64-173-15-98.dsl.sntc01.pacbell.net [64.173.15.98]) by hub.freebsd.org (Postfix) with ESMTP id 6050C37B417; Mon, 22 Apr 2002 19:53:07 -0700 (PDT) Received: from winston.freebsd.org (jkh@localhost [127.0.0.1]) by winston.freebsd.org (8.12.2/8.12.2) with ESMTP id g3N2r67W011671; Mon, 22 Apr 2002 19:53:06 -0700 (PDT) (envelope-from jkh@winston.freebsd.org) To: Robert Watson Cc: Oscar Bonilla , Anthony Schneider , Mike Meyer , hackers@FreeBSD.ORG Subject: Re: ssh + compiled-in SKEY support considered harmful? In-Reply-To: Message from Robert Watson of "Mon, 22 Apr 2002 22:41:02 EDT." Date: Mon, 22 Apr 2002 19:53:06 -0700 Message-ID: <11670.1019530386@winston.freebsd.org> From: Jordan Hubbard Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > That fix relies on the extensive PAM updates in -CURRENT however; in > -STABLE it can probably be similarly replicated via appropriate tweaking > of sshd (?). Why not fix it in stable by the very simple tweaking of the ChallengeResponseAuthentication to no in the sshd config file we ship Trust me, this question is going to come up a _lot_ for us otherwise. :( - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Mon Apr 22 20: 3:41 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from starbug.ugh.net.au (starbug.ugh.net.au [203.31.238.37]) by hub.freebsd.org (Postfix) with ESMTP id CA07A37B417 for ; Mon, 22 Apr 2002 20:03:39 -0700 (PDT) Received: by starbug.ugh.net.au (Postfix, from userid 1000) id 9315DA809; Tue, 23 Apr 2002 13:03:38 +1000 (EST) Received: from localhost (localhost [127.0.0.1]) by starbug.ugh.net.au (Postfix) with ESMTP id 8FB375422; Tue, 23 Apr 2002 13:03:38 +1000 (EST) Date: Tue, 23 Apr 2002 13:03:38 +1000 (EST) From: Andrew To: Terry Lambert Cc: Jordan Hubbard , Subject: Re: ssh + compiled-in SKEY support considered harmful? In-Reply-To: <3CC4CC15.6DED09F8@mindspring.com> Message-ID: <20020423130148.N45031-100000@starbug.ugh.net.au> X-WonK: *wibble* MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, 22 Apr 2002, Terry Lambert wrote: > When the default behaviour is changed, the dicussion belongs here, I was only joking...hence the ;-) on the end. The original question wasn't why did the defualt configuration change but "what changed" anyway. Andrew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Mon Apr 22 20:12:31 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mail.rpi.edu (mail.rpi.edu [128.113.22.40]) by hub.freebsd.org (Postfix) with ESMTP id 1A16937B417 for ; Mon, 22 Apr 2002 20:12:29 -0700 (PDT) Received: from [128.113.24.47] (gilead.acs.rpi.edu [128.113.24.47]) by mail.rpi.edu (8.12.1/8.12.1) with ESMTP id g3N3CG2D561692; Mon, 22 Apr 2002 23:12:27 -0400 Mime-Version: 1.0 X-Sender: drosih@mail.rpi.edu Message-Id: In-Reply-To: <20020423014031.8ACF638CC@overcee.wemm.org> References: <20020423014031.8ACF638CC@overcee.wemm.org> Date: Mon, 22 Apr 2002 23:12:15 -0400 To: Peter Wemm From: Garance A Drosihn Subject: Re: ssh + compiled-in SKEY support considered harmful? Cc: Jordan Hubbard , hackers@FreeBSD.ORG Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Scanned-By: MIMEDefang 2.3 (www dot roaringpenguin dot com slash mimedefang) Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG At 6:40 PM -0700 4/22/02, Peter Wemm wrote: >Mike Meyer wrote: > > Jordan Hubbard typed: > > > My question: Who's "wrong" here, FreeBSD or Mac OS X? If the latter, >> >> Someone decided that FreeBSD should do challengeresponse >> authentication by default. You can fix it by uncommenting the line >> "#ChallengeResponseAuthentication no" in /etc/ssh/sshd_config. > >AHA! I've been wondering about this too. I cheated and set >"Protocol 1,2" to avoid the whole issue. The release notes at: http://www.FreeBSD.org/releases/4.5R/errata.html imply you can also fix this on the client side by adding the line: PreferredAuthentications publickey,password,keyboard-interactive to your own ~/.ssh/config file (useful if you need to connect to some machine where you can't change the /etc/ssh/sshd_config file). Usually I wouldn't know these things, but I just happened to be reading the errata notes a few minutes ago... :-) -- Garance Alistair Drosehn = gad@gilead.netel.rpi.edu Senior Systems Programmer or gad@freebsd.org Rensselaer Polytechnic Institute or drosih@rpi.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Mon Apr 22 20:13:26 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mailhub.yumyumyum.org (dsl092-171-091.wdc1.dsl.speakeasy.net [66.92.171.91]) by hub.freebsd.org (Postfix) with SMTP id 02E1B37B416 for ; Mon, 22 Apr 2002 20:13:12 -0700 (PDT) Received: (qmail 25573 invoked from network); 23 Apr 2002 03:12:54 -0000 Received: from ken.yumyumyum.org (192.168.0.2) by router.yumyumyum.org with SMTP; 23 Apr 2002 03:12:54 -0000 Content-Type: text/plain; charset="iso-8859-1" From: Kenneth Culver To: Andrew Gallatin Subject: Re: implementing linux mmap2 syscall Date: Mon, 22 Apr 2002 23:13:29 -0400 X-Mailer: KMail [version 1.4] References: <200204211525.08827.culverk@yumyumyum.org> <15556.6399.62081.426193@grasshopper.cs.duke.edu> In-Reply-To: <15556.6399.62081.426193@grasshopper.cs.duke.edu> Cc: freebsd-hackers@freebsd.org, freebsd-emulation@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-Id: <200204222313.29181.culverk@yumyumyum.org> Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Monday 22 April 2002 10:06 am, you wrote: > Kenneth Culver writes: > > static inline unsigned long do_mmap(struct file *file, unsigned long > > addr, > > <..> > > > =09=09ret =3D do_mmap_pgoff(file, addr, len, prot, flag, offset >> > > PAGE_SHIFT); out: > > =09return ret; > > } > > > > This is what mmap2 does: > > > > andstatic inline long do_mmap2( > > =09unsigned long addr, unsigned long len, > > =09unsigned long prot, unsigned long flags, > > =09unsigned long fd, unsigned long pgoff) > > <...> > > > =09error =3D do_mmap_pgoff(file, addr, len, prot, flags, pgoff); > > > > > > So what it looks like to me is that mmap2 expects an offset that's > > already page-aligned (I'm not sure if this is the right way to say i= t), > > where mmap doesn't. the FreeBSD code in the linuxulator basically ju= st > > takes the offset > > To me, it looks like mmap2 takes an offset that's a page index, rather > than a byte position. Since linux passes the offset with a 32-bit > long, rather than a 64-bit off_t like we do, they need to do this in > order to be able to map offsets larger than 4GB into a file. > > For linux_mmap2, I'd think we want to do roughly the same things as > linux_mmap, but with bsd_args.pos =3D ctob((off_t)linux_args.pos) > > Drew OK, I found another problem, here it is: static void linux_prepsyscall(struct trapframe *tf, int *args, u_int *code, caddr_t=20 *params) { =09args[0] =3D tf->tf_ebx; =09args[1] =3D tf->tf_ecx; =09args[2] =3D tf->tf_edx; =09args[3] =3D tf->tf_esi; =09args[4] =3D tf->tf_edi; =09*params =3D NULL;=09=09/* no copyin */ } Basically, linux_mmap2 takes 6 args, and this looks here like only 5 args= are=20 making it in... I checked this because the sixth argument to linux_mmap2(= ) in=20 truss was showing 0x6, but when I printed out that arg from the kernel, i= t=20 was showing 0x0. Am I correct here? Ken To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Mon Apr 22 20:29: 1 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mx2.irbs.com (mx2.irbs.com [66.33.113.57]) by hub.freebsd.org (Postfix) with ESMTP id 9840D37B417 for ; Mon, 22 Apr 2002 20:28:58 -0700 (PDT) Received: from localhost (localhost.irbs.com [127.0.0.1]) by mx2.irbs.com (Postfix) with ESMTP id 0440578238 for ; Mon, 22 Apr 2002 23:28:58 -0400 (EDT) Received: by mx2.irbs.com (Postfix, from userid 61) id 33DFA78234; Mon, 22 Apr 2002 23:28:56 -0400 (EDT) From: postmaster@irbs.com To: freebsd-hackers Message-Id: <20020423032856.33DFA78234@mx2.irbs.com> Date: Mon, 22 Apr 2002 23:28:56 -0400 (EDT) X-Virus-Scanned: by Sophos Sweep Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Subject: VIRUS IN YOUR MAIL V I R U S A L E R T Our viruschecker found the 'W32/Klez-G' 'W32/Klez-G' virus(es) in your email. Please check your system for viruses, or ask your system administrator to do so. For your reference, here are the headers from your email: ------------------------- BEGIN HEADERS ----------------------------- Received: from uzdeco.com (unknown [218.30.255.44]) by mx2.irbs.com (Postfix) with ESMTP id A8FAA78201 for ; Mon, 22 Apr 2002 23:28:31 -0400 (EDT) Received: from Zioiupbq (leonid.uzdeco.com [192.168.1.9]) by uzdeco.com (8.9.3/8.8.7) with SMTP id IAA21828 for ; Tue, 23 Apr 2002 08:33:30 +0500 Date: Tue, 23 Apr 2002 08:33:30 +0500 Message-Id: <200204230333.IAA21828@uzdeco.com> From: freebsd-hackers To: jc@irbs.com Subject: Language MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=GBo5i03a6i54ow66T9pu743m3P -------------------------- END HEADERS ------------------------------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Mon Apr 22 20:46:56 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from wantadilla.lemis.com (wantadilla.lemis.com [192.109.197.80]) by hub.freebsd.org (Postfix) with ESMTP id 2849737B417; Mon, 22 Apr 2002 20:46:50 -0700 (PDT) Received: by wantadilla.lemis.com (Postfix, from userid 1004) id 24BB181556; Tue, 23 Apr 2002 13:16:46 +0930 (CST) Date: Tue, 23 Apr 2002 13:16:46 +0930 From: Greg 'groggy' Lehey To: Jordan Hubbard Cc: Robert Watson , Oscar Bonilla , Anthony Schneider , Mike Meyer , hackers@FreeBSD.ORG Subject: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) Message-ID: <20020423131646.I6425@wantadilla.lemis.com> References: <11670.1019530386@winston.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <11670.1019530386@winston.freebsd.org> User-Agent: Mutt/1.3.23i Organization: The FreeBSD Project Phone: +61-8-8388-8286 Fax: +61-8-8388-8725 Mobile: +61-418-838-708 WWW-Home-Page: http://www.FreeBSD.org/ X-PGP-Fingerprint: 9A1B 8202 BCCE B846 F92F 09AC 22E6 F290 507A 4223 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Monday, 22 April 2002 at 19:53:06 -0700, Jordan Hubbard wrote: >> That fix relies on the extensive PAM updates in -CURRENT however; in >> -STABLE it can probably be similarly replicated via appropriate tweaking >> of sshd (?). > > Why not fix it in stable by the very simple tweaking of the > ChallengeResponseAuthentication to no in the sshd config file we ship > Trust me, this question is going to come up a _lot_ for us otherwise. :( I've been noticing a continuing trend for more and more "safe" configurations the default. I spent half a day recently trying to find why I could no longer open windows on my X display, only to discover that somebody had turned off tcp connections by default. I have a problem with this, and as you imply, so will a lot of other people. As a result of this sort of thing, people trying to migrate from other systems will probably just give up. I certainly would have. While it's a laudable aim to have a secure system, you have to be able to use it too. I'd suggest that we do the following: 1. Give the user the choice of these additional features at installation time. Recommend the procedures, but explain that you need to understand the differences. 2. Document these things very well. Both this ssh change and the X without TCP change are confusing. If three core team members were surprised, it's going to surprise the end user a whole lot more. We should at least have had a HEADS UP, and we probably need a security policy document with the distributions. Greg -- See complete headers for address and phone numbers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Mon Apr 22 21:14:36 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from slc.edu (weir-01c.slc.edu [207.106.89.46]) by hub.freebsd.org (Postfix) with ESMTP id 0CBA837B41A; Mon, 22 Apr 2002 21:14:30 -0700 (PDT) Received: (from anthony@localhost) by slc.edu (8.11.6/8.11.6) id g3N4GqJ15199; Tue, 23 Apr 2002 00:16:52 -0400 (EDT) (envelope-from anthony) Date: Tue, 23 Apr 2002 00:16:52 -0400 From: Anthony Schneider To: "Greg 'groggy' Lehey" Cc: Jordan Hubbard , Robert Watson , Oscar Bonilla , Mike Meyer , hackers@FreeBSD.ORG Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) Message-ID: <20020423001652.A15133@mail.slc.edu> References: <11670.1019530386@winston.freebsd.org> <20020423131646.I6425@wantadilla.lemis.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="IS0zKkzwUGydFO0o" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020423131646.I6425@wantadilla.lemis.com>; from grog@FreeBSD.ORG on Tue, Apr 23, 2002 at 01:16:46PM +0930 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --IS0zKkzwUGydFO0o Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable > be able to use it too. I'd suggest that we do the following: >=20 > 1. Give the user the choice of these additional features at > installation time. Recommend the procedures, but explain that you > need to understand the differences. >=20 > 2. Document these things very well. Both this ssh change and the X > without TCP change are confusing. If three core team members were > surprised, it's going to surprise the end user a whole lot more. > We should at least have had a HEADS UP, and we probably need a > security policy document with the distributions. >=20 I disagree somewhat with #1. A "secure by default" policy is by far more favorable than a "not so secure by default, but we'll try to let you know how to make it more secure easily" policy. Consider a move to make telnetd commented out in inetd.conf a default. Many newcomers will of course be baffled, but it is in the long run a better policy, and people will get=20 used to it. =20 This example is somewhat of an *extremely* simplified analogy to adding s/key authentication as a default before password authentication, but it=20 still holds in that a default installation had better be more secure than= =20 not. If FreeBSD were to have installation dialogues with the user=20 suggesting that the user install certain components for security purposes,= =20 the user will likely opt for the default "button," which I assume in this= =20 case would default to have the less secure, more conventional option. =20 I think that #2 alone is the way to go. Make it "clear" (not that that=20 is necessarily an easy task) that the default install of a certain=20 software package no longer follows what has historically been the default,= =20 or at least do so in the case where the software will become unusable to=20 the unknowing user. Perhaps a "SEVERE DIFFERENCES" section of www.freebsd.org is in order? 8D -Anthony. > Greg > -- > See complete headers for address and phone numbers >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message ----------------------------------------------- PGP key at: http://www.keyserver.net/ http://www.anthonydotcom.com/gpgkey/key.txt Home: http://www.anthonydotcom.com ----------------------------------------------- --IS0zKkzwUGydFO0o Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjzE4DQACgkQ+rDjkNht5F3VWgCcD9tLXsA+FtswntwgvJVjCtTt Mb0An0mzxR1HpObecoV7wTi+Q8DJgEj/ =hzuW -----END PGP SIGNATURE----- --IS0zKkzwUGydFO0o-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Mon Apr 22 21:46:27 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from herbelot.dyndns.org (d013.dhcp212-198-27.noos.fr [212.198.27.13]) by hub.freebsd.org (Postfix) with ESMTP id B487637B404 for ; Mon, 22 Apr 2002 21:46:23 -0700 (PDT) Received: from herbelot.com (tulipe.herbelot.nom [192.168.1.5]) by herbelot.dyndns.org (8.9.3/8.9.3) with ESMTP id GAA33809; Tue, 23 Apr 2002 06:46:19 +0200 (CEST) (envelope-from thierry@herbelot.com) Message-ID: <3CC4E71A.265861D5@herbelot.com> Date: Tue, 23 Apr 2002 06:46:18 +0200 From: Thierry Herbelot X-Mailer: Mozilla 4.79 [en] (X11; U; Linux 2.4.2 i386) X-Accept-Language: en MIME-Version: 1.0 To: Marc Heckmann Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: "boot -a" in 4.5-STABLE References: <20020422174455.GA8682@merconic.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Marc Heckmann wrote: > > I've got 4.5-STABLE setup here with vinum as per the Vinum bootstrapping howto > (http://www.freebsd.org/doc/en_US.ISO8859-1/articles/vinum/index.html). > > I have ad0s1a which is "/" and ad2s1a which is mounted on /rootback, it's an > exact copy of the "/" filesystem. ^^^^^ [SNIP] > mountroot> ufs:/dev/ad2s1a > Mounting root from ufs:/dev/ad0s1a <---- NOTE this if the root partitions are identical, the /etc/fstab files are also identical, so you are truing to mount the initial root paartition from the second disk. TfH To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Mon Apr 22 21:52:40 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from rwcrmhc52.attbi.com (rwcrmhc52.attbi.com [216.148.227.88]) by hub.freebsd.org (Postfix) with ESMTP id 25DB537B405; Mon, 22 Apr 2002 21:52:29 -0700 (PDT) Received: from bmah.dyndns.org ([12.233.149.189]) by rwcrmhc52.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020423045228.TLQI1901.rwcrmhc52.attbi.com@bmah.dyndns.org>; Tue, 23 Apr 2002 04:52:28 +0000 Received: from intruder.bmah.org (localhost [127.0.0.1]) by bmah.dyndns.org (8.12.3/8.12.3) with ESMTP id g3N4qScB049304; Mon, 22 Apr 2002 21:52:28 -0700 (PDT) (envelope-from bmah@intruder.bmah.org) Received: (from bmah@localhost) by intruder.bmah.org (8.12.3/8.12.3/Submit) id g3N4qSiK049303; Mon, 22 Apr 2002 21:52:28 -0700 (PDT) Message-Id: <200204230452.g3N4qSiK049303@intruder.bmah.org> X-Mailer: exmh version 2.5+ 20020416 with nmh-1.0.4 To: "Greg 'groggy' Lehey" Cc: hackers@FreeBSD.ORG Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) In-reply-to: <20020423131646.I6425@wantadilla.lemis.com> References: <11670.1019530386@winston.freebsd.org> <20020423131646.I6425@wantadilla.lemis.com> Comments: In-reply-to "Greg 'groggy' Lehey" message dated "Tue, 23 Apr 2002 13:16:46 +0930." From: "Bruce A. Mah" Reply-To: bmah@FreeBSD.ORG X-Face: g~c`.{#4q0"(V*b#g[i~rXgm*w;:nMfz%_RZLma)UgGN&=j`5vXoU^@n5v4:OO)c["!w)nD/!!~e4Sj7LiT'6*wZ83454H""lb{CC%T37O!!'S$S&D}sem7I[A 2V%N&+ X-Image-Url: http://www.employees.org/~bmah/Images/bmah-cisco-small.gif X-Url: http://www.employees.org/~bmah/ Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Mon, 22 Apr 2002 21:52:28 -0700 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG [CC list trimmed] If memory serves me right, "Greg 'groggy' Lehey" wrote: > 2. Document these things very well. Both this ssh change and the X > without TCP change are confusing. If three core team members were > surprised, it's going to surprise the end user a whole lot more. The SSH change happened before 4.5-RELEASE, but wasn't documented. I admit to having been totally unaware of this change at the time. green and I made several attempts at an item for the errata, which, while not perfect, does give some workarounds for the problem, including almost every one mentioned in this thread. So far, it looks like precious few people on this thread actually read it. :-( > We should at least have had a HEADS UP, Having run into the SSH change myself, I agree. I haven't bumped into the "X without TCP" change. > and we probably need a > security policy document with the distributions. Hmmm. Still trying to wrap my mind around this concept, but I'm worried that people won't read *that* document either. In any case, someone needs to maintain it to make sure it doesn't get stale. Cheers, Bruce. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 0:50:38 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from SRDMAIL.SINP.MSU.RU (bigking.sinp.msu.ru [213.131.9.130]) by hub.freebsd.org (Postfix) with ESMTP id 0C06237B417 for ; Tue, 23 Apr 2002 00:50:16 -0700 (PDT) Received: from dima (helo=localhost) by SRDMAIL.SINP.MSU.RU with local-esmtp (Exim 3.34 #1) id 16zv4T-000JlD-00 for freebsd-hackers@FreeBSD.org; Tue, 23 Apr 2002 11:50:41 +0400 Date: Tue, 23 Apr 2002 11:50:41 +0400 (MSD) From: Dmitry Mottl To: freebsd-hackers@FreeBSD.org Subject: make installworld failed on 4.0-RELEASE Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi! I have a problem upgrading 4.0-RELEASE to 4-STABLE from remotely mounted /usr/src and /usr/obj: ELF binary type not known. Use "brandelf" to brand it Why? === # cd /usr/src; make installworld [skipped] -------------------------------------------------------------- >>> Installing everything.. -------------------------------------------------------------- cd /usr/src; make -f Makefile.inc1 install ===> share/info ===> include if [ -h /usr/include/cam ]; then rm -f /usr/include/cam; fi if [ -h /usr/include/msdosfs ]; then rm -f /usr/include/msdosfs; fi if [ -h /usr/include/net ]; then rm -f /usr/include/net; fi if [ -h /usr/include/netatalk ]; then rm -f /usr/include/netatalk; fi if [ -h /usr/include/netatm ]; then rm -f /usr/include/netatm; fi if [ -h /usr/include/netgraph ]; then rm -f /usr/include/netgraph; fi if [ -h /usr/include/netinet ]; then rm -f /usr/include/netinet; fi if [ -h /usr/include/netinet6 ]; then rm -f /usr/include/netinet6; fi if [ -h /usr/include/netipx ]; then rm -f /usr/include/netipx; fi if [ -h /usr/include/netkey ]; then rm -f /usr/include/netkey; fi if [ -h /usr/include/netnatm ]; then rm -f /usr/include/netnatm; fi if [ -h /usr/include/netncp ]; then rm -f /usr/include/netncp; fi if [ -h /usr/include/netns ]; then rm -f /usr/include/netns; fi if [ -h /usr/include/netsmb ]; then rm -f /usr/include/netsmb; fi if [ -h /usr/include/nfs ]; then rm -f /usr/include/nfs; fi if [ -h /usr/include/ntfs ]; then rm -f /usr/include/ntfs; fi if [ -h /usr/include/nwfs ]; then rm -f /usr/include/nwfs; fi if [ -h /usr/include/pccard ]; then rm -f /usr/include/pccard; fi if [ -h /usr/include/posix4 ]; then rm -f /usr/include/posix4; fi if [ -h /usr/include/sys ]; then rm -f /usr/include/sys; fi if [ -h /usr/include/vm ]; then rm -f /usr/include/vm; fi if [ -h /usr/include/fs/smbfs ]; then rm -f /usr/include/fs/smbfs; fi if [ -h /usr/include/isofs/cd9660 ]; then rm -f /usr/include/isofs/cd9660; fi if [ -h /usr/include/ufs/ffs ]; then rm -f /usr/include/ufs/ffs; fi if [ -h /usr/include/ufs/mfs ]; then rm -f /usr/include/ufs/mfs; fi if [ -h /usr/include/ufs/ufs ]; then rm -f /usr/include/ufs/ufs; fi if [ -h /usr/include/dev/ppbus ]; then rm -f /usr/include/dev/ppbus; fi if [ -h /usr/include/dev/usb ]; then rm -f /usr/include/dev/usb; fi if [ -h /usr/include/machine ]; then rm -f /usr/include/machine; fi mtree -deU -f /usr/src/include/../etc/mtree/BSD.include.dist -p /usr/include cd /usr/src/include/../sys; install -C -o root -g wheel -m 444 cam/*.h /usr/include/cam ELF binary type not known. Use "brandelf" to brand it. Abort trap *** Error code 134 Stop in /usr/src/include. *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src. === - Dmitry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 1:15:22 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mail1.home.nl (mail1.home.nl [213.51.129.225]) by hub.freebsd.org (Postfix) with ESMTP id 395E837B405; Tue, 23 Apr 2002 01:15:09 -0700 (PDT) Received: from lisa.CC40670-a.groni1.gr.nl.home.com ([217.123.110.189]) by mail1.home.nl (InterMail vM.4.01.03.00 201-229-121) with ESMTP id <20020423080953.MIVZ1365.mail1.home.nl@lisa.CC40670-a.groni1.gr.nl.home.com>; Tue, 23 Apr 2002 10:09:53 +0200 Content-Type: text/plain; charset="iso-8859-1" From: Jochem Kossen To: "Greg 'groggy' Lehey" Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) Date: Tue, 23 Apr 2002 10:09:51 +0200 X-Mailer: KMail [version 1.4] References: <11670.1019530386@winston.freebsd.org> <20020423131646.I6425@wantadilla.lemis.com> In-Reply-To: <20020423131646.I6425@wantadilla.lemis.com> Cc: hackers@FreeBSD.ORG MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-Id: <200204231009.51297.j.kossen@home.nl> Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tuesday 23 April 2002 05:46, Greg 'groggy' Lehey wrote: > On Monday, 22 April 2002 at 19:53:06 -0700, Jordan Hubbard wrote: > >> That fix relies on the extensive PAM updates in -CURRENT however; > >> in -STABLE it can probably be similarly replicated via appropriate > >> tweaking of sshd (?). > > > > Why not fix it in stable by the very simple tweaking of the > > ChallengeResponseAuthentication to no in the sshd config file we > > ship Trust me, this question is going to come up a _lot_ for us > > otherwise. :( > > I've been noticing a continuing trend for more and more "safe" > configurations the default. I spent half a day recently trying to > find why I could no longer open windows on my X display, only to > discover that somebody had turned off tcp connections by default. *shrug* I was the one who sent in the patch. It was added some time=20 around 2001/10/26 to the XFree86-4 megaport. When the metaport was=20 created, the patch was incorporated too.=20 A simple 'man startx' should have cleared your mind: Except for the '-listen_tcp' option, arguments immediately following the startx command are used to start a client in the same manner as xinit(1). The '-listen_tcp' option of startx enables the TCP/IP transport type which is needed for remote X displays. This is disabled by default for security reasons. > I have a problem with this, and as you imply, so will a lot of other > people. As a result of this sort of thing, people trying to migrate > from other systems will probably just give up. I certainly would > have. While it's a laudable aim to have a secure system, you have to > be able to use it too. I'd suggest that we do the following: > > 1. Give the user the choice of these additional features at > installation time. Recommend the procedures, but explain that > you need to understand the differences. > > 2. Document these things very well. Both this ssh change and the X > without TCP change are confusing. If three core team members > were surprised, it's going to surprise the end user a whole lot more. > We should at least have had a HEADS UP, and we probably need a > security policy document with the distributions. I'd agree with option 2. Except that people trying to use X with tcp=20 connections probably won't look in the security policy document for a=20 solution. In the case of the X patch, i'd add it to the release notes=20 AND the security policy document, since - i think - few people will=20 look in the security policy document for such a problem. I do have to say you're the first one I see who complains about this... Jochem To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 2: 5:10 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from wantadilla.lemis.com (wantadilla.lemis.com [192.109.197.80]) by hub.freebsd.org (Postfix) with ESMTP id CB70437B419 for ; Tue, 23 Apr 2002 02:05:01 -0700 (PDT) Received: by wantadilla.lemis.com (Postfix, from userid 1004) id A3EFC81663; Tue, 23 Apr 2002 18:34:52 +0930 (CST) Date: Tue, 23 Apr 2002 18:34:52 +0930 From: Greg 'groggy' Lehey To: Jochem Kossen Cc: hackers@FreeBSD.ORG Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) Message-ID: <20020423183452.M6425@wantadilla.lemis.com> References: <11670.1019530386@winston.freebsd.org> <20020423131646.I6425@wantadilla.lemis.com> <200204231009.51297.j.kossen@home.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200204231009.51297.j.kossen@home.nl> User-Agent: Mutt/1.3.23i Organization: The FreeBSD Project Phone: +61-8-8388-8286 Fax: +61-8-8388-8725 Mobile: +61-418-838-708 WWW-Home-Page: http://www.FreeBSD.org/ X-PGP-Fingerprint: 9A1B 8202 BCCE B846 F92F 09AC 22E6 F290 507A 4223 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tuesday, 23 April 2002 at 10:09:51 +0200, Jochem Kossen wrote: > On Tuesday 23 April 2002 05:46, Greg 'groggy' Lehey wrote: >> On Monday, 22 April 2002 at 19:53:06 -0700, Jordan Hubbard wrote: >>>> That fix relies on the extensive PAM updates in -CURRENT however; >>>> in -STABLE it can probably be similarly replicated via appropriate >>>> tweaking of sshd (?). >>> >>> Why not fix it in stable by the very simple tweaking of the >>> ChallengeResponseAuthentication to no in the sshd config file we >>> ship Trust me, this question is going to come up a _lot_ for us >>> otherwise. :( >> >> I've been noticing a continuing trend for more and more "safe" >> configurations the default. I spent half a day recently trying to >> find why I could no longer open windows on my X display, only to >> discover that somebody had turned off tcp connections by default. > > *shrug* I was the one who sent in the patch. It was added some time > around 2001/10/26 to the XFree86-4 megaport. When the metaport was > created, the patch was incorporated too. > > A simple 'man startx' should have cleared your mind: Well, yes. But I've been using X for 11 years. Why should I have to read the man page to find changes? How do I know which man page to read? If I did that for everything that happened, I wouldn't get any work done. And you can bet your bottom dollar that somebody coming from another UNIX variant and trying out FreeBSD won't do so. They'll just say that it's broken and wander off again. >> I have a problem with this, and as you imply, so will a lot of other >> people. As a result of this sort of thing, people trying to migrate >> from other systems will probably just give up. I certainly would >> have. While it's a laudable aim to have a secure system, you have to >> be able to use it too. I'd suggest that we do the following: >> >> 1. Give the user the choice of these additional features at >> installation time. Recommend the procedures, but explain that >> you need to understand the differences. >> >> 2. Document these things very well. Both this ssh change and the X >> without TCP change are confusing. If three core team members >> were surprised, it's going to surprise the end user a whole lot more. >> We should at least have had a HEADS UP, and we probably need a >> security policy document with the distributions. > > I'd agree with option 2. Except that people trying to use X with tcp > connections probably won't look in the security policy document for a > solution. Correct. That's why I think option 1 is preferable. > In the case of the X patch, i'd add it to the release notes AND the > security policy document, since - i think - few people will look in > the security policy document for such a problem. I think it shouldn't happen at all unless people agree to it. > I do have to say you're the first one I see who complains about > this... Maybe the others have given up. But since we're on the subject, why? What's so insecure about X TCP connections? Until you explicitly allow connections, the only system that can open the server is the local system. -- See complete headers for address and phone numbers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 2:14: 5 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from taupo.cs.waikato.ac.nz (taupo.cs.waikato.ac.nz [130.217.250.12]) by hub.freebsd.org (Postfix) with ESMTP id 7179137B419; Tue, 23 Apr 2002 02:14:01 -0700 (PDT) Received: (from joerg@localhost) by taupo.cs.waikato.ac.nz (8.11.3/8.11.1) id g3N9Dxh56699; Tue, 23 Apr 2002 21:13:59 +1200 (NZST) (envelope-from joerg) Date: Tue, 23 Apr 2002 21:13:59 +1200 From: Joerg Micheel To: "Greg 'groggy' Lehey" Cc: Jochem Kossen , hackers@freebsd.org Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) Message-ID: <20020423211359.D48271@cs.waikato.ac.nz> References: <11670.1019530386@winston.freebsd.org> <20020423131646.I6425@wantadilla.lemis.com> <200204231009.51297.j.kossen@home.nl> <20020423183452.M6425@wantadilla.lemis.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020423183452.M6425@wantadilla.lemis.com>; from grog@freebsd.org on Tue, Apr 23, 2002 at 06:34:52PM +0930 Operating-System: ... powered by FreeBSD Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, Apr 23, 2002 at 06:34:52PM +0930, Greg 'groggy' Lehey wrote: > Well, yes. But I've been using X for 11 years. Why should I have to > read the man page to find changes? How do I know which man page to > read? If I did that for everything that happened, I wouldn't get any > work done. And you can bet your bottom dollar that somebody coming > from another UNIX variant and trying out FreeBSD won't do so. They'll > just say that it's broken and wander off again. FWIW, I would be extremly pissed about this myself, I just happen to not having installed 4.5 myself yet, for other reasons. I thought there was a policy of the least surprise, it might have been to kernel code, but should be applied here as well. The system has to work right away, when installed out of the box. Period. No when's and if's. And don't tell me that X11 is an add-on and luxury. We are living in the 21st century. Joerg -- Joerg B. Micheel Email: WAND and NLANR MOAT Email: The University of Waikato, CompScience Phone: +64 7 8384794 Private Bag 3105 Fax: +64 7 8585095 Hamilton, New Zealand Plan: PMA, TINE and the DAG's To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 2:36:39 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from infinitive.futureperfectcorporation.com (infinitive.futureperfectcorporation.com [196.25.137.68]) by hub.freebsd.org (Postfix) with SMTP id C6AF837B416 for ; Tue, 23 Apr 2002 02:36:30 -0700 (PDT) Received: (qmail 79057 invoked by uid 0); 23 Apr 2002 09:36:24 -0000 Received: from unknown (HELO gerund.futureperfectcorporation.com) (196.25.137.65) by infinitive.futureperfectcorporation.com with DES-CBC3-SHA encrypted SMTP; 23 Apr 2002 09:36:24 -0000 Received: (qmail 58574 invoked by uid 1001); 23 Apr 2002 09:38:27 -0000 Date: Tue, 23 Apr 2002 11:38:26 +0200 From: Neil Blakey-Milner To: Joerg Micheel Cc: Greg 'groggy' Lehey , Jochem Kossen , hackers@freebsd.org Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) Message-ID: <20020423093826.GA58411@mithrandr.moria.org> References: <11670.1019530386@winston.freebsd.org> <20020423131646.I6425@wantadilla.lemis.com> <200204231009.51297.j.kossen@home.nl> <20020423183452.M6425@wantadilla.lemis.com> <20020423211359.D48271@cs.waikato.ac.nz> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020423211359.D48271@cs.waikato.ac.nz> User-Agent: Mutt/1.3.27i Organization: iTouch Labs X-Operating-System: FreeBSD 4.3-RELEASE i386 X-URL: http://mithrandr.moria.org/nbm/ Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue 2002-04-23 (21:13), Joerg Micheel wrote: > On Tue, Apr 23, 2002 at 06:34:52PM +0930, Greg 'groggy' Lehey wrote: > > Well, yes. But I've been using X for 11 years. Why should I have to > > read the man page to find changes? How do I know which man page to > > read? If I did that for everything that happened, I wouldn't get any > > work done. And you can bet your bottom dollar that somebody coming > > from another UNIX variant and trying out FreeBSD won't do so. They'll > > just say that it's broken and wander off again. > > FWIW, I would be extremly pissed about this myself, I just happen to > not having installed 4.5 myself yet, for other reasons. I thought there > was a policy of the least surprise, it might have been to kernel code, > but should be applied here as well. > > The system has to work right away, when installed out of the box. Period. > No when's and if's. And don't tell me that X11 is an add-on and luxury. > We are living in the 21st century. There are people who will tell people that still use X11 tcp sockets to start living in the 21st century. ssh X11 forwarding still works, it's only the (often much lower security) tcp sockets that are disabled by default. (And if the "none" cipher is available, the overhead would be minimal for even the most underpowered machine.) At least Debian takes this stance, and so many believe it's a sane default. If it were reverted, I'm sure there'll be lots of people re-adding the change to their security regimen. And lots more people scurrying to patch when the next DoS or exploit comes out. Neil -- Neil Blakey-Milner nbm@mithrandr.moria.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 2:39:37 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mail.merconic.com (mail.merconic.com [62.96.220.180]) by hub.freebsd.org (Postfix) with SMTP id 396D137B416 for ; Tue, 23 Apr 2002 02:39:34 -0700 (PDT) Received: (qmail 19191 invoked by uid 306); 23 Apr 2002 09:39:33 -0000 Received: from scotty.ds9 (192.168.2.100) by uhura.ds9 with SMTP; 23 Apr 2002 09:39:31 -0000 Received: by scotty.ds9 (Postfix, from userid 754) id E77DB58374; Tue, 23 Apr 2002 11:39:30 +0200 (CEST) Date: Tue, 23 Apr 2002 11:39:30 +0200 From: Marc Heckmann To: Thierry Herbelot Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: "boot -a" in 4.5-STABLE Message-ID: <20020423093930.GB14225@merconic.com> References: <20020422174455.GA8682@merconic.com> <3CC4E71A.265861D5@herbelot.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3CC4E71A.265861D5@herbelot.com> User-Agent: Mutt/1.3.28i X-Virus-Scanned: by AMaViS perl-11 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi, On Tue, Apr 23, 2002 at 06:46:18AM +0200, Thierry Herbelot wrote: > Marc Heckmann wrote: > > > > I've got 4.5-STABLE setup here with vinum as per the Vinum bootstrapping howto > > (http://www.freebsd.org/doc/en_US.ISO8859-1/articles/vinum/index.html). > > > > I have ad0s1a which is "/" and ad2s1a which is mounted on /rootback, it's an > > exact copy of the "/" filesystem. > ^^^^^ > [SNIP] > > mountroot> ufs:/dev/ad2s1a > > Mounting root from ufs:/dev/ad0s1a <---- NOTE this > > if the root partitions are identical, the /etc/fstab files are also > identical, so you are truing to mount the initial root paartition from > the second disk. correct, the value in /etc/fstab, seems to override whatever I manually tell the kernel to use as the root device. But if I am booting with "-a" and "-s", shouldn't the fstab just be ignored? I should have / on ad2s1a mounted RO at that point so I can manually re-mount RW and edit my fstab. The vinum bootstrap howto also seems to describe that way. What is the expected behavious should be when using the "-a" switch? Thanks in advance -m -- m. heckmann. -- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 3: 6:13 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mail1.home.nl (mail1.home.nl [213.51.129.225]) by hub.freebsd.org (Postfix) with ESMTP id 1A0AD37B41A; Tue, 23 Apr 2002 03:06:05 -0700 (PDT) Received: from lisa.CC40670-a.groni1.gr.nl.home.com ([217.123.110.189]) by mail1.home.nl (InterMail vM.4.01.03.00 201-229-121) with ESMTP id <20020423100603.NOLJ1365.mail1.home.nl@lisa.CC40670-a.groni1.gr.nl.home.com>; Tue, 23 Apr 2002 12:06:03 +0200 Content-Type: text/plain; charset="iso-8859-1" From: Jochem Kossen To: "Greg 'groggy' Lehey" Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) Date: Tue, 23 Apr 2002 12:06:01 +0200 X-Mailer: KMail [version 1.4] References: <200204231009.51297.j.kossen@home.nl> <20020423183452.M6425@wantadilla.lemis.com> In-Reply-To: <20020423183452.M6425@wantadilla.lemis.com> Cc: hackers@FreeBSD.org MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-Id: <200204231206.01451.j.kossen@home.nl> Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tuesday 23 April 2002 11:04, you wrote: [...] > >> > >> I've been noticing a continuing trend for more and more "safe" > >> configurations the default. I spent half a day recently trying to > >> find why I could no longer open windows on my X display, only to > >> discover that somebody had turned off tcp connections by default. > > > > *shrug* I was the one who sent in the patch. It was added some time > > around 2001/10/26 to the XFree86-4 megaport. When the metaport was > > created, the patch was incorporated too. > > > > A simple 'man startx' should have cleared your mind: > > Well, yes. But I've been using X for 11 years. Why should I have to > read the man page to find changes? Because things evolve? :) > How do I know which man page to read? You start X with startx, seems obvious to me. The disabling of tcp=20 connections only applies to startx > If I did that for everything that happened, I wouldn't get any > work done. And you can bet your bottom dollar that somebody coming > from another UNIX variant and trying out FreeBSD won't do so. OK, then i suggest we mention it in the handbook, the security policy=20 document, the manpage AND the release notes :) > They'll just say that it's broken and wander off again. > >> I have a problem with this, and as you imply, so will a lot of > >> other people. As a result of this sort of thing, people trying to > >> migrate from other systems will probably just give up. I > >> certainly would have. While it's a laudable aim to have a secure > >> system, you have to be able to use it too. I'd suggest that we do > >> the following: > >> > >> 1. Give the user the choice of these additional features at > >> installation time. Recommend the procedures, but explain that > >> you need to understand the differences. > >> > >> 2. Document these things very well. Both this ssh change and the > >> X without TCP change are confusing. If three core team members > >> were surprised, it's going to surprise the end user a whole lot > >> more. We should at least have had a HEADS UP, and we probably need > >> a security policy document with the distributions. > > > > I'd agree with option 2. Except that people trying to use X with > > tcp connections probably won't look in the security policy document > > for a solution. > > Correct. That's why I think option 1 is preferable. I was trying to say to not just notify it in the security policy alone.=20 > > In the case of the X patch, i'd add it to the release notes AND the > > security policy document, since - i think - few people will look in > > the security policy document for such a problem. > > I think it shouldn't happen at all unless people agree to it. 3 people did, 0 people did not...read below > > I do have to say you're the first one I see who complains about > > this... > > Maybe the others have given up. LOL > But since we're on the subject, why? What's so insecure about X TCP > connections? Until you explicitly allow connections, the only system > that can open the server is the local system. For the simple reason I don't like useless open ports on my system. I=20 don't use it, _most_ other people don't use it, so i sent in a patch.=20 Peter Pentchev liked the idea, Jean-Marc Zucconi (the maintainer) didn't=20 have any objections, and when I showed the patch to Will Andrews when=20 he was busy with the meta port, he liked it too and integrated it. I=20 haven't seen any other reactions to it. Of course, it was only discussed on the ports@ mailinglist, but it=20 didn't seem like such a big deal to me or apparently the others... Jochem To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 3:13: 8 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mail1.home.nl (mail1.home.nl [213.51.129.225]) by hub.freebsd.org (Postfix) with ESMTP id E81EA37B400 for ; Tue, 23 Apr 2002 03:13:03 -0700 (PDT) Received: from lisa.CC40670-a.groni1.gr.nl.home.com ([217.123.110.189]) by mail1.home.nl (InterMail vM.4.01.03.00 201-229-121) with ESMTP id <20020423101303.NQCP1365.mail1.home.nl@lisa.CC40670-a.groni1.gr.nl.home.com>; Tue, 23 Apr 2002 12:13:03 +0200 Content-Type: text/plain; charset="iso-8859-1" From: Jochem Kossen To: Joerg Micheel Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) Date: Tue, 23 Apr 2002 12:13:00 +0200 X-Mailer: KMail [version 1.4] References: <20020423183452.M6425@wantadilla.lemis.com> <20020423211359.D48271@cs.waikato.ac.nz> In-Reply-To: <20020423211359.D48271@cs.waikato.ac.nz> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-Id: <200204231212.34754.j.kossen@home.nl> Cc: hackers@FreeBSD.org Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tuesday 23 April 2002 11:13, you wrote: > On Tue, Apr 23, 2002 at 06:34:52PM +0930, Greg 'groggy' Lehey wrote: > > Well, yes. But I've been using X for 11 years. Why should I have > > to read the man page to find changes? How do I know which man page > > to read? If I did that for everything that happened, I wouldn't > > get any work done. And you can bet your bottom dollar that > > somebody coming from another UNIX variant and trying out FreeBSD > > won't do so. They'll just say that it's broken and wander off > > again. > > FWIW, I would be extremly pissed about this myself, I just happen to > not having installed 4.5 myself yet, for other reasons. I thought > there was a policy of the least surprise, it might have been to > kernel code, but should be applied here as well. I haven't seen your complaint anywhere... > The system has to work right away, when installed out of the box. > Period. No when's and if's. It does work. But i think you mean the tcp connections. Does that mean you vote for enabling _all_ services? They don't work out=20 of the box as well... > And don't tell me that X11 is an add-on and luxury. I agree, but the tcp connections IS an add-on luxury imho > We are living in the 21st century. That's right, the century of virii, DoS attacks, worms, and=20 scriptkiddiots. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 3:21:15 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from taupo.cs.waikato.ac.nz (taupo.cs.waikato.ac.nz [130.217.250.12]) by hub.freebsd.org (Postfix) with ESMTP id BC55537B417; Tue, 23 Apr 2002 03:21:10 -0700 (PDT) Received: (from joerg@localhost) by taupo.cs.waikato.ac.nz (8.11.3/8.11.1) id g3NAKx560183; Tue, 23 Apr 2002 22:20:59 +1200 (NZST) (envelope-from joerg) Date: Tue, 23 Apr 2002 22:20:58 +1200 From: Joerg Micheel To: Neil Blakey-Milner Cc: "Greg 'groggy' Lehey" , Jochem Kossen , hackers@freebsd.org Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) Message-ID: <20020423222058.B57646@cs.waikato.ac.nz> References: <11670.1019530386@winston.freebsd.org> <20020423131646.I6425@wantadilla.lemis.com> <200204231009.51297.j.kossen@home.nl> <20020423183452.M6425@wantadilla.lemis.com> <20020423211359.D48271@cs.waikato.ac.nz> <20020423093826.GA58411@mithrandr.moria.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020423093826.GA58411@mithrandr.moria.org>; from nbm@mithrandr.moria.org on Tue, Apr 23, 2002 at 11:38:26AM +0200 Operating-System: ... powered by FreeBSD Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, Apr 23, 2002 at 11:38:26AM +0200, Neil Blakey-Milner wrote: > There are people who will tell people that still use X11 tcp sockets to > start living in the 21st century. ssh X11 forwarding still works, it's > only the (often much lower security) tcp sockets that are disabled by > default. (And if the "none" cipher is available, the overhead would be > minimal for even the most underpowered machine.) I may not understand all the issues here, but can the situation be helped by improving the reporting. I.e. if the firewalling prohibits access to the X11 TCP socket, why would the firewall not report this instantly at the first attempt to connect, to be visible at the console and in /var/log/messages. I am sure Greg would have caught that first time around, and it would have safed him from a few hours of useless debugging time. Joerg -- Joerg B. Micheel Email: WAND and NLANR MOAT Email: The University of Waikato, CompScience Phone: +64 7 8384794 Private Bag 3105 Fax: +64 7 8585095 Hamilton, New Zealand Plan: PMA, TINE and the DAG's To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 3:22:50 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from www.example.org (dhcp-nic-val-26-130.cisco.com [64.103.26.130]) by hub.freebsd.org (Postfix) with SMTP id 1FD6637B400 for ; Tue, 23 Apr 2002 03:22:36 -0700 (PDT) Received: (qmail 9451 invoked by uid 1000); 23 Apr 2002 10:22:31 -0000 Message-ID: <20020423102231.9450.qmail@cobweb.example.org> Date: Tue, 23 Apr 2002 12:22:31 +0200 From: Marco Molteni To: hackers@freebsd.org Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) In-Reply-To: <20020423093826.GA58411@mithrandr.moria.org> References: <11670.1019530386@winston.freebsd.org> <20020423131646.I6425@wantadilla.lemis.com> <200204231009.51297.j.kossen@home.nl> <20020423183452.M6425@wantadilla.lemis.com> <20020423211359.D48271@cs.waikato.ac.nz> <20020423093826.GA58411@mithrandr.moria.org> X-Mailer: Sylpheed version 0.7.4 (GTK+ 1.2.10; i386-portbld-freebsd4.5) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, 23 Apr 2002 11:38:26 +0200, Neil Blakey-Milner wrote: > On Tue 2002-04-23 (21:13), Joerg Micheel wrote: [..] > > The system has to work right away, when installed out of the box. Period. > > No when's and if's. And don't tell me that X11 is an add-on and luxury. > > We are living in the 21st century. > > There are people who will tell people that still use X11 tcp sockets to > start living in the 21st century. ssh X11 forwarding still works, it's > only the (often much lower security) tcp sockets that are disabled by > default. (And if the "none" cipher is available, the overhead would be > minimal for even the most underpowered machine.) [..] I completely agree with Neil. Being scared by X11 access mechanisms, I always disabled the TCP listen of the X server, and I always used ssh with X forwarding. marco To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 3:26:41 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from scribble.fsn.hu (scribble.fsn.hu [193.224.40.95]) by hub.freebsd.org (Postfix) with SMTP id C4B0637B400 for ; Tue, 23 Apr 2002 03:26:37 -0700 (PDT) Received: (qmail 25034 invoked by uid 1000); 23 Apr 2002 10:29:03 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 23 Apr 2002 10:29:03 -0000 Date: Tue, 23 Apr 2002 12:29:03 +0200 (CEST) From: Attila Nagy To: hackers@freebsd.org Subject: sendfile() in tftpd? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hello, Would it be possible to use sendfile in tftpd? With an Athlon XP 1600+ I could only get ~40 Mbps out from the machine with 0% idle CPU time (large file transfers from many machines, getting the same file). Thanks, --------[ Free Software ISOs - ftp://ftp.fsn.hu/pub/CDROM-Images/ ]------- Attila Nagy e-mail: Attila.Nagy@fsn.hu Free Software Network (FSN.HU) phone @work: +361 210 1415 (194) cell.: +3630 306 6758 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 3:31:50 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from swan.prod.itd.earthlink.net (swan.mail.pas.earthlink.net [207.217.120.123]) by hub.freebsd.org (Postfix) with ESMTP id 27F3537B417; Tue, 23 Apr 2002 03:31:47 -0700 (PDT) Received: from pool0061.cvx21-bradley.dialup.earthlink.net ([209.179.192.61] helo=mindspring.com) by swan.prod.itd.earthlink.net with esmtp (Exim 3.33 #2) id 16zxaH-0006H5-00; Tue, 23 Apr 2002 03:31:42 -0700 Message-ID: <3CC537F1.7F571CD2@mindspring.com> Date: Tue, 23 Apr 2002 03:31:13 -0700 From: Terry Lambert X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Greg 'groggy' Lehey Cc: Jordan Hubbard , Robert Watson , Oscar Bonilla , Anthony Schneider , Mike Meyer , hackers@FreeBSD.ORG Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) References: <11670.1019530386@winston.freebsd.org> <20020423131646.I6425@wantadilla.lemis.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Greg 'groggy' Lehey wrote: > I've been noticing a continuing trend for more and more "safe" > configurations the default. I spent half a day recently trying to > find why I could no longer open windows on my X display, only to > discover that somebody had turned off tcp connections by default. > > I have a problem with this, and as you imply, so will a lot of other > people. As a result of this sort of thing, people trying to migrate > from other systems will probably just give up. I certainly would > have. While it's a laudable aim to have a secure system, you have to > be able to use it too. I'd suggest that we do the following: I think we need to make an ACPI call in the loader to power off the machine before it becomes dangerously functional. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 3:48:20 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from HAL9000.wox.org (12-232-222-90.client.attbi.com [12.232.222.90]) by hub.freebsd.org (Postfix) with ESMTP id 33D6E37B404; Tue, 23 Apr 2002 03:48:16 -0700 (PDT) Received: (from das@localhost) by HAL9000.wox.org (8.11.6/8.11.6) id g3NALkp00811; Tue, 23 Apr 2002 03:21:46 -0700 (PDT) (envelope-from das) Date: Tue, 23 Apr 2002 03:21:46 -0700 From: David Schultz To: "Greg 'groggy' Lehey" Cc: Jochem Kossen , hackers@FreeBSD.ORG Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) Message-ID: <20020423032146.A490@HAL9000.wox.org> Mail-Followup-To: Greg 'groggy' Lehey , Jochem Kossen , hackers@FreeBSD.ORG References: <11670.1019530386@winston.freebsd.org> <20020423131646.I6425@wantadilla.lemis.com> <200204231009.51297.j.kossen@home.nl> <20020423183452.M6425@wantadilla.lemis.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020423183452.M6425@wantadilla.lemis.com>; from grog@FreeBSD.ORG on Tue, Apr 23, 2002 at 06:34:52PM +0930 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Thus spake Greg 'groggy' Lehey : > work done. And you can bet your bottom dollar that somebody coming > from another UNIX variant and trying out FreeBSD won't do so. They'll > just say that it's broken and wander off again. I agree with this point, in general. FreeBSD shouldn't be like OpenBSD, where everything is so secure by default that you can't get anything done. For example, most people who use X don't know---and don't want to know---how it works. If the defaults are too restrictive, they will be frustrated, and maybe they'll figure out how to make things unrestrictive without understanding what's going on. On the other hand, if the defaults are not cautious enough, the same people will need to apply patches when the next remotely exploitable hole in X is found, and many of them won't bother. I'm a bit more wary of third-party applications, particularly big ones like X, so disabling TCP connections by default seems like a reasonable thing to do. But it should have been documented in a place where people actually look when they upgrade. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 3:49:19 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from gull.prod.itd.earthlink.net (gull.mail.pas.earthlink.net [207.217.120.84]) by hub.freebsd.org (Postfix) with ESMTP id 5BEB437B400; Tue, 23 Apr 2002 03:49:12 -0700 (PDT) Received: from pool0061.cvx21-bradley.dialup.earthlink.net ([209.179.192.61] helo=mindspring.com) by gull.prod.itd.earthlink.net with esmtp (Exim 3.33 #2) id 16zxqu-0003Dp-00; Tue, 23 Apr 2002 03:48:52 -0700 Message-ID: <3CC53BF7.EC99574F@mindspring.com> Date: Tue, 23 Apr 2002 03:48:23 -0700 From: Terry Lambert X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Neil Blakey-Milner Cc: Joerg Micheel , Greg 'groggy' Lehey , Jochem Kossen , hackers@freebsd.org Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) References: <11670.1019530386@winston.freebsd.org> <20020423131646.I6425@wantadilla.lemis.com> <200204231009.51297.j.kossen@home.nl> <20020423183452.M6425@wantadilla.lemis.com> <20020423211359.D48271@cs.waikato.ac.nz> <20020423093826.GA58411@mithrandr.moria.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Neil Blakey-Milner wrote: > > The system has to work right away, when installed out of the box. Period. > > No when's and if's. And don't tell me that X11 is an add-on and luxury. > > We are living in the 21st century. > > There are people who will tell people that still use X11 tcp sockets to > start living in the 21st century. ssh X11 forwarding still works, it's > only the (often much lower security) tcp sockets that are disabled by > default. (And if the "none" cipher is available, the overhead would be > minimal for even the most underpowered machine.) I agree that X11 isn't very forward looking; it'd be nice if the displays were themselves CORBA objects, so you could embed desktops to use any display technology you wanted, so that you could build a desktop compute server for 1000 users without eating 11G of RAM to do it. Until someone writes that though... It's be nice if the ssh X11 forwarding were not the prefered method of remote access to X11. Particularly since I haven't seen any fixes for the MIT shared memory extension going in to stop the inevitable shared memory leaks by Netscape, etc., or anything else that uses it for bitmaps, and is long running, so the resources get used up and never reclaimed. Disabling the workaround -- which is to use network connections, instead of using the UNIX domain socket, thereby disabling the libraries use of the shared memory extension -- isn't my idea of a good approach. All it does is exacerbate the problem, for questionable security ("not listening" is not the same thing as having a firewall, so if TCP is vulnerable for X11, then it's vulnerable for every other port that *is* listening). Forget Debian, what does OpenBSD do? It's the gold standard when it comes to anal default settings. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 3:53:46 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from gull.prod.itd.earthlink.net (gull.mail.pas.earthlink.net [207.217.120.84]) by hub.freebsd.org (Postfix) with ESMTP id 2B2F337B405 for ; Tue, 23 Apr 2002 03:53:42 -0700 (PDT) Received: from pool0061.cvx21-bradley.dialup.earthlink.net ([209.179.192.61] helo=mindspring.com) by gull.prod.itd.earthlink.net with esmtp (Exim 3.33 #2) id 16zxvX-0005Kd-00; Tue, 23 Apr 2002 03:53:40 -0700 Message-ID: <3CC53D18.577A9A67@mindspring.com> Date: Tue, 23 Apr 2002 03:53:12 -0700 From: Terry Lambert X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Attila Nagy Cc: hackers@freebsd.org Subject: Re: sendfile() in tftpd? References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Attila Nagy wrote: > Would it be possible to use sendfile in tftpd? > With an Athlon XP 1600+ I could only get ~40 Mbps out from the machine > with 0% idle CPU time (large file transfers from many machines, getting > the same file). Only if all file transfers were binary, or all ASCII files were stored on the host with line termination, instead of . That's the same reason sendfile() is stupid for POP3, IMAP4, and SMTP servers... -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 4:34:16 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from newsguy.com (smtp.newsguy.com [216.148.53.71]) by hub.freebsd.org (Postfix) with ESMTP id B27D737B400; Tue, 23 Apr 2002 04:34:10 -0700 (PDT) Received: from newsguy.com (cbace203-181-81-164.dial.telebrasilia.net.br [200.181.81.164]) by newsguy.com (8.9.1a/8.9.1) with ESMTP id EAA08424; Tue, 23 Apr 2002 04:34:05 -0700 (PDT) Message-ID: <3CC54677.78F358D9@newsguy.com> Date: Tue, 23 Apr 2002 08:33:11 -0300 From: "Daniel C. Sobral" X-Mailer: Mozilla 4.79 [en] (Win98; U) X-Accept-Language: en,pt-BR,pt,en-GB,en-US,ja MIME-Version: 1.0 To: Jochem Kossen Cc: "Greg 'groggy' Lehey" , hackers@FreeBSD.ORG Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) References: <11670.1019530386@winston.freebsd.org> <20020423131646.I6425@wantadilla.lemis.com> <200204231009.51297.j.kossen@home.nl> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Jochem Kossen wrote: > > *shrug* I was the one who sent in the patch. It was added some time > around 2001/10/26 to the XFree86-4 megaport. When the metaport was > created, the patch was incorporated too. > > A simple 'man startx' should have cleared your mind: > > Except for the '-listen_tcp' option, arguments immediately > following the startx command are used to start a client in > the same manner as xinit(1). The '-listen_tcp' option of > startx enables the TCP/IP transport type which is needed > for remote X displays. This is disabled by default for > security reasons. > ... > > I'd agree with option 2. Except that people trying to use X with tcp > connections probably won't look in the security policy document for a > solution. In the case of the X patch, i'd add it to the release notes > AND the security policy document, since - i think - few people will > look in the security policy document for such a problem. > > I do have to say you're the first one I see who complains about this... Well, since I have only complained, however loudly, on the irc channel, let me pipe in. It is inconvenient, to say the least, to have to exit X after over 40 shell sessions are open because you suddenly realize X just stopped opening the TCP port out of nothing after you last upgraded it. Or because you forgot to use the -listen_tcp option, not unusual since I never needed it before. An changing the script is not good enough either, since a portupgrade -a may change it back. Do you use remote X clients at all? Because I cannot conceive of a person who does and cannot understand how against POLA this change is. The -listen_tcp option is ridiculous to me. You must never *HAVE* to resort to a parameter for a thing which is not only the default but the the _only_ way you want it. The port *SHOULD* indicate that the listen port is no longer the default, and the *MUST* be a way of saying you want it always, either a port option so I can put it in make.conf, or an environment variable so I can put it in login.conf. But security is good. As a matter of fact, I'll change loader not to load a kernel by default, since this is a security hole in case the machine reboots. But don't worry, I'll document it in loader(8). -- Daniel C. Sobral (8-DCS) dcs@newsguy.com dcs@freebsd.org capo@international.bsdconspiracy.net "They did what they could to help her, using human skills -- and then, when that failed, left it in the hands of the gods. In this case," he bowed slightly, "myself. Like it or not," the demon continued, "that is my status in this region. Take it up with my priests if it bothers you." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 4:39:49 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from newsguy.com (smtp.newsguy.com [216.148.53.71]) by hub.freebsd.org (Postfix) with ESMTP id 3249B37B41A; Tue, 23 Apr 2002 04:39:43 -0700 (PDT) Received: from newsguy.com (cbace203-181-81-164.dial.telebrasilia.net.br [200.181.81.164]) by newsguy.com (8.9.1a/8.9.1) with ESMTP id EAA09301; Tue, 23 Apr 2002 04:39:38 -0700 (PDT) Message-ID: <3CC547C7.C1A0DC6D@newsguy.com> Date: Tue, 23 Apr 2002 08:38:47 -0300 From: "Daniel C. Sobral" X-Mailer: Mozilla 4.79 [en] (Win98; U) X-Accept-Language: en,pt-BR,pt,en-GB,en-US,ja MIME-Version: 1.0 To: Terry Lambert Cc: "Greg 'groggy' Lehey" , Jordan Hubbard , Robert Watson , Oscar Bonilla , Anthony Schneider , Mike Meyer , hackers@FreeBSD.ORG Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) References: <11670.1019530386@winston.freebsd.org> <20020423131646.I6425@wantadilla.lemis.com> <3CC537F1.7F571CD2@mindspring.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Terry Lambert wrote: > > Greg 'groggy' Lehey wrote: > > I've been noticing a continuing trend for more and more "safe" > > configurations the default. I spent half a day recently trying to > > find why I could no longer open windows on my X display, only to > > discover that somebody had turned off tcp connections by default. > > > > I have a problem with this, and as you imply, so will a lot of other > > people. As a result of this sort of thing, people trying to migrate > > from other systems will probably just give up. I certainly would > > have. While it's a laudable aim to have a secure system, you have to > > be able to use it too. I'd suggest that we do the following: > > I think we need to make an ACPI call in the loader to power off > the machine before it becomes dangerously functional. I hear that. I'll put it on my list too. -- Daniel C. Sobral (8-DCS) dcs@newsguy.com dcs@freebsd.org capo@international.bsdconspiracy.net "They did what they could to help her, using human skills -- and then, when that failed, left it in the hands of the gods. In this case," he bowed slightly, "myself. Like it or not," the demon continued, "that is my status in this region. Take it up with my priests if it bothers you." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 4:51:53 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from h146n1fls31o859.telia.com (h146n1fls31o859.telia.com [213.66.12.146]) by hub.freebsd.org (Postfix) with SMTP id B546F37B405 for ; Tue, 23 Apr 2002 04:51:44 -0700 (PDT) Received: (qmail 7239 invoked from network); 23 Apr 2002 11:51:35 -0000 Received: from localhost (HELO 127.0.0.1) (root@127.0.0.1) by localhost with SMTP; 23 Apr 2002 11:51:35 -0000 Date: Tue, 23 Apr 2002 13:52:10 +0200 From: Tomas Svensson X-Mailer: The Bat! (v1.60) Reply-To: Tomas Svensson X-Priority: 3 (Normal) Message-ID: <1669828763.20020423135210@gbdev.net> To: Attila Nagy Cc: hackers@freebsd.org Subject: Re: sendfile() in tftpd? In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG AN> Would it be possible to use sendfile in tftpd? AN> With an Athlon XP 1600+ I could only get ~40 Mbps out from the machine AN> with 0% idle CPU time (large file transfers from many machines, getting AN> the same file). No, sendfile() is only for TCP connections, TFTP is using UDP. If you want performance, use something else. -Tomas To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 6:17: 3 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from scribble.fsn.hu (scribble.fsn.hu [193.224.40.95]) by hub.freebsd.org (Postfix) with SMTP id F0F2837B404 for ; Tue, 23 Apr 2002 06:16:55 -0700 (PDT) Received: (qmail 25869 invoked by uid 1000); 23 Apr 2002 13:19:22 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 23 Apr 2002 13:19:22 -0000 Date: Tue, 23 Apr 2002 15:19:21 +0200 (CEST) From: Attila Nagy To: Terry Lambert Cc: hackers@freebsd.org Subject: Re: sendfile() in tftpd? In-Reply-To: <3CC53D18.577A9A67@mindspring.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hello, > Only if all file transfers were binary, or all ASCII files were stored > on the host with line termination, instead of . That's the > same reason sendfile() is stupid for POP3, IMAP4, and SMTP servers... Hmm. Both FTP and TFTP supports ASCII and binary transfers, am I right? In libexec/ftpd this case is handled this way: case TYPE_A: while ((c = getc(instr)) != EOF) { [...] case TYPE_L: [...] while (err != -1 && filesize > 0) { err = sendfile(filefd, netfd, offset, 0, (struct sf_hdtr *) NULL, &cnt, 0); [...] As far as I can determine. In libexec/tftpd there is also a similar possibility to handle each case, because there is "netascii" and "octet". We have a lab here with machines, which have NICs with built-in bootrom (Intel PRO/100) and run bpbatch (http://www.bpbatch.org/). During the startup the user gets a nice menu from which he/she can choose the OS (various Windows versions for the education and Linux). After this the program checks the image on the harddisk and if it fails it gets from the network. And that's what isn't too good. One client can achieve about 15 Mbps but if more than 10 (usually 20-30) clients want to fetch the images the TFTP server first slows down (it eats all the CPU of the server, which is a fast AthlonXP 1600+) then times out. I think this could be improved if TFTP could use sendfile(). (I have a busy FTP server and I know how much sendfile() can speed up things) The main question here seems to be: could sendfile() be used with UDP, or it is just for TCP? BTW, the bpbatch stuff uses binary transfer (according to tcpdump output)... --------[ Free Software ISOs - ftp://ftp.fsn.hu/pub/CDROM-Images/ ]------- Attila Nagy e-mail: Attila.Nagy@fsn.hu Free Software Network (FSN.HU) phone @work: +361 210 1415 (194) cell.: +3630 306 6758 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 6:20:55 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from scribble.fsn.hu (scribble.fsn.hu [193.224.40.95]) by hub.freebsd.org (Postfix) with SMTP id AEB3337B400 for ; Tue, 23 Apr 2002 06:20:49 -0700 (PDT) Received: (qmail 25908 invoked by uid 1000); 23 Apr 2002 13:23:16 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 23 Apr 2002 13:23:16 -0000 Date: Tue, 23 Apr 2002 15:23:16 +0200 (CEST) From: Attila Nagy To: Tomas Svensson Cc: hackers@freebsd.org Subject: Re: sendfile() in tftpd? In-Reply-To: <1669828763.20020423135210@gbdev.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hello, > No, sendfile() is only for TCP connections, TFTP is using UDP. If you > want performance, use something else. It's even in the manpage: Sendfile() sends a regular file specified by descriptor fd out a stream socket specified by descriptor s. Silly me. BTW, I can't use anything else. Are there any alternatives to TFTP for booting machines off the network? (using standard, PC components) Thanks! --------[ Free Software ISOs - ftp://ftp.fsn.hu/pub/CDROM-Images/ ]------- Attila Nagy e-mail: Attila.Nagy@fsn.hu Free Software Network (FSN.HU) phone @work: +361 210 1415 (194) cell.: +3630 306 6758 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 6:45: 2 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from cs.huji.ac.il (cs.huji.ac.il [132.65.16.10]) by hub.freebsd.org (Postfix) with ESMTP id DC72037B417 for ; Tue, 23 Apr 2002 06:44:58 -0700 (PDT) Received: from pampa.cs.huji.ac.il ([132.65.80.32] ident=danny) by cs.huji.ac.il with esmtp (Exim 3.35 #2) id 1700b8-00008i-00; Tue, 23 Apr 2002 16:44:46 +0300 X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 To: Attila Nagy Cc: Tomas Svensson , hackers@freebsd.org, danny@cs.huji.ac.il Subject: Re: sendfile() in tftpd? In-Reply-To: Message from Attila Nagy of "Tue, 23 Apr 2002 15:23:16 +0200." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 23 Apr 2002 16:44:46 +0300 From: Danny Braniss Message-Id: Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG i've had this modified tftpd for some time now, o - it's single threaded - runs as daemon and does not fork new children o - it caches files o - uses mmap o - knows about some of the newer tftp stuff - mainly blocksize. it's been running for some years now, and lately i re-vamped it a bit to run under FreeBSD. ftp://ftp.cs.huji.ac.il/users/danny/tftpd enjoy, danny To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 7: 3:43 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from parhelion.firedrake.org (parhelion.firedrake.org [212.135.138.219]) by hub.freebsd.org (Postfix) with ESMTP id 0581D37B417 for ; Tue, 23 Apr 2002 07:03:39 -0700 (PDT) Received: from float by parhelion.firedrake.org with local (Exim 3.34 #1 (Debian)) id 1700t3-0005NB-00; Tue, 23 Apr 2002 15:03:17 +0100 Date: Tue, 23 Apr 2002 15:03:17 +0100 To: Attila Nagy Cc: hackers@freebsd.org Subject: Re: sendfile() in tftpd? Message-ID: <20020423140317.GA19696@parhelion.firedrake.org> Mail-Followup-To: Attila Nagy , hackers@freebsd.org References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.27i From: void Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, Apr 23, 2002 at 12:29:03PM +0200, Attila Nagy wrote: > Hello, > > Would it be possible to use sendfile in tftpd? > With an Athlon XP 1600+ I could only get ~40 Mbps out from the machine > with 0% idle CPU time (large file transfers from many machines, getting > the same file). Performance and tftp don't really go together. The server sends a part of a file, waits for an ack, sends the next piece, waits for an ack, etc. -- Ben "An art scene of delight I created this to be ..." -- Sun Ra To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 7:15:47 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from duke.cs.duke.edu (duke.cs.duke.edu [152.3.140.1]) by hub.freebsd.org (Postfix) with ESMTP id D5D5C37B417; Tue, 23 Apr 2002 07:15:35 -0700 (PDT) Received: from grasshopper.cs.duke.edu (grasshopper.cs.duke.edu [152.3.145.30]) by duke.cs.duke.edu (8.9.3/8.9.3) with ESMTP id KAA13116; Tue, 23 Apr 2002 10:15:29 -0400 (EDT) Received: (from gallatin@localhost) by grasshopper.cs.duke.edu (8.11.6/8.9.1) id g3NEExq11998; Tue, 23 Apr 2002 10:14:59 -0400 (EDT) (envelope-from gallatin@cs.duke.edu) From: Andrew Gallatin MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15557.27747.802212.659760@grasshopper.cs.duke.edu> Date: Tue, 23 Apr 2002 10:14:59 -0400 (EDT) To: Kenneth Culver Cc: freebsd-hackers@freebsd.org, freebsd-emulation@freebsd.org Subject: Re: implementing linux mmap2 syscall In-Reply-To: <200204222313.29181.culverk@yumyumyum.org> References: <200204211525.08827.culverk@yumyumyum.org> <15556.6399.62081.426193@grasshopper.cs.duke.edu> <200204222313.29181.culverk@yumyumyum.org> X-Mailer: VM 6.75 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Kenneth Culver writes: > OK, I found another problem, here it is: > > static void > linux_prepsyscall(struct trapframe *tf, int *args, u_int *code, caddr_t > *params) > { > args[0] = tf->tf_ebx; > args[1] = tf->tf_ecx; > args[2] = tf->tf_edx; > args[3] = tf->tf_esi; > args[4] = tf->tf_edi; > *params = NULL; /* no copyin */ > } > > Basically, linux_mmap2 takes 6 args, and this looks here like only 5 args are > making it in... I checked this because the sixth argument to linux_mmap2() in > truss was showing 0x6, but when I printed out that arg from the kernel, it > was showing 0x0. Am I correct here? > > Ken Yes. According to http://john.fremlin.de/linux/asm/, linux used to parse only 5 args but now it parses six. Try adding: args[5] = tf->tf_ebp; Drew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 7:37:43 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mailhub.yumyumyum.org (dsl092-171-091.wdc1.dsl.speakeasy.net [66.92.171.91]) by hub.freebsd.org (Postfix) with SMTP id 2AB7137B405 for ; Tue, 23 Apr 2002 07:37:37 -0700 (PDT) Received: (qmail 29001 invoked from network); 23 Apr 2002 14:37:17 -0000 Received: from dsl092-171-091.wdc1.dsl.speakeasy.net (66.92.171.91) by dsl092-171-091.wdc1.dsl.speakeasy.net with SMTP; 23 Apr 2002 14:37:17 -0000 Date: Tue, 23 Apr 2002 10:37:17 -0400 (EDT) From: Kenneth Culver To: Andrew Gallatin Cc: freebsd-hackers@freebsd.org, Subject: Re: implementing linux mmap2 syscall In-Reply-To: <15557.27747.802212.659760@grasshopper.cs.duke.edu> Message-ID: <20020423103655.V28948-100000@alpha.yumyumyum.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > > Basically, linux_mmap2 takes 6 args, and this looks here like only 5 args are > > making it in... I checked this because the sixth argument to linux_mmap2() in > > truss was showing 0x6, but when I printed out that arg from the kernel, it > > was showing 0x0. Am I correct here? > > > > Ken > > Yes. According to http://john.fremlin.de/linux/asm/, linux used to > parse only 5 args but now it parses six. Try adding: > args[5] = tf->tf_ebp; > I don't think that arg is there: Apr 23 10:36:13 ken /kernel: tf->tf_ebp = -1077938040 Ken To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 7:40:15 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from scribble.fsn.hu (scribble.fsn.hu [193.224.40.95]) by hub.freebsd.org (Postfix) with SMTP id 3691C37B405 for ; Tue, 23 Apr 2002 07:40:05 -0700 (PDT) Received: (qmail 26565 invoked by uid 1000); 23 Apr 2002 14:42:32 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 23 Apr 2002 14:42:32 -0000 Date: Tue, 23 Apr 2002 16:42:32 +0200 (CEST) From: Attila Nagy To: Danny Braniss Cc: hackers@freebsd.org Subject: Re: sendfile() in tftpd? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hello, > i've had this modified tftpd for some time now, > o - it's single threaded - runs as daemon and does not fork new children Basically, I don't have any problems with the inetd startup. It can be rate limited, etc. > o - it caches files How? Doesn't leaving this job to the OS a smarter idea? > o - knows about some of the newer tftp stuff - mainly blocksize. I think it's implemented in FreeBSD's tftpd too. (I can get 750 MB images with TFTP easily). My impression about this stuff: compiled and started on an up-to-date FreeBSD STABLE BOX (AthlonXP 1600+, 512MB DDR, two Intel PRO/100 with FEC) The lab consists of 733 MHz Celerons with Intel PRO/100 and 128MB RAM. The switch is a HP4000M. With the FreeBSD tftpd I could only get around 40 Mbps out of this box, the CPU usage was 100%. One client could fetch the stuff with an average speed of 14-15 Mbps. I could stay at this speed with 4-5 machines, fetching the images, after this count the bandwidth usage decreased per machine. With Danny's tftpd I could get 16-17 Mbps with one machine (this is what the client says) and around 4 Mbps per client at a concurrency of 24 machines. That's about 90-96 Mbps. I will try do more benchmarks with an accurate method, once I could figure out what should I use to measure the outgoing traffic to specific IP addresses (a /24 subnet)... BTW, FreeBSD's tftpd doesn't drop connections once it built up, while there are some problems with Danny's implementation in this area, but I am sure that this will be solved very soon. --------[ Free Software ISOs - ftp://ftp.fsn.hu/pub/CDROM-Images/ ]------- Attila Nagy e-mail: Attila.Nagy@fsn.hu Free Software Network (FSN.HU) phone @work: +361 210 1415 (194) cell.: +3630 306 6758 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 7:55:22 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from tinker.exit.com (tinker.exit.com [206.223.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 8E4CB37B416; Tue, 23 Apr 2002 07:55:13 -0700 (PDT) Received: from realtime.exit.com (realtime [206.223.0.5]) by tinker.exit.com (8.12.3/8.12.3) with ESMTP id g3NEtBcN078041; Tue, 23 Apr 2002 07:55:11 -0700 (PDT) (envelope-from frank@exit.com) Received: from realtime.exit.com (localhost [127.0.0.1]) by realtime.exit.com (8.12.2/8.12.2) with ESMTP id g3NEsxwn019647; Tue, 23 Apr 2002 07:54:59 -0700 (PDT) (envelope-from frank@realtime.exit.com) Received: (from frank@localhost) by realtime.exit.com (8.12.2/8.12.2/Submit) id g3NEsxFR019646; Tue, 23 Apr 2002 07:54:59 -0700 (PDT) From: Frank Mayhar Message-Id: <200204231454.g3NEsxFR019646@realtime.exit.com> Subject: Re: Security through obscurity? (and /etc/defaults/rc.conf changes) In-Reply-To: <200204231206.01451.j.kossen@home.nl> To: Jochem Kossen Date: Tue, 23 Apr 2002 07:54:59 -0700 (PDT) Cc: "Greg 'groggy' Lehey" , hackers@FreeBSD.ORG Reply-To: frank@exit.com Organization: Exit Consulting X-Copyright0: Copyright 2002 Frank Mayhar. All Rights Reserved. X-Copyright1: Permission granted for electronic reproduction as Usenet News or email only. X-Mailer: ELM [version 2.4ME+ PL95a (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Jochem Kossen wrote: > Because things evolve? :) You say "evolve." I say "get broken." > > How do I know which man page to read? > You start X with startx, seems obvious to me. The disabling of tcp > connections only applies to startx It's not obvious when one has been starting X with the same command for years and it has never before changed. Gee, seems to seriously violate POLA, eh? > OK, then i suggest we mention it in the handbook, the security policy > document, the manpage AND the release notes :) Just don't do it in the first place. If you must have this, make a _new_ command ("secure-startx," perhaps) and point to it in the release notes. > For the simple reason I don't like useless open ports on my system. I > don't use it, _most_ other people don't use it, so i sent in a patch. Yeah, but unless one is installing a fresh system, one shouldn't care so much. And, by the way, how do you define "useless?" To me, having X listening for TCP connections is far from useless. > Of course, it was only discussed on the ports@ mailinglist, but it > didn't seem like such a big deal to me or apparently the others... This is another case of changing the default in such a way as to violate POLA. I've given this some thought, particularly with respect to the rc.conf changes. My opinion is that, while this kind of thing is a good idea for from-scratch installs (the kind a person new to FreeBSD might be doing), making these changes to a running system is a Really Bad Idea. That means that if you _must_ change the defaults, add overrides at the same time to maintain the old default behavior. Then document the hell out of the new defaults. One shouldn't have to read ancient mail archives or pore over cvs logs to figure out what happened and why. Hey, I'm a kernel programmer (I work on BSD/OS as it happens). I know what it's like to be stuck with obsolete defaults. The fact of the matter is, though, that if I change a default and that upsets our customers, we potentially lose revenue and I potentially lose my job. This gives me real incentive to get it right, and that means not pulling the rug out from under the end user. IMHO, this was botched. Sorry, David, I calls 'em as I see 'em. -- Frank Mayhar frank@exit.com http://www.exit.com/ Exit Consulting http://www.gpsclock.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 7:57:45 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from tinker.exit.com (tinker.exit.com [206.223.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 7938D37B416 for ; Tue, 23 Apr 2002 07:57:38 -0700 (PDT) Received: from realtime.exit.com (realtime [206.223.0.5]) by tinker.exit.com (8.12.3/8.12.3) with ESMTP id g3NEvVcN078052; Tue, 23 Apr 2002 07:57:31 -0700 (PDT) (envelope-from frank@exit.com) Received: from realtime.exit.com (localhost [127.0.0.1]) by realtime.exit.com (8.12.2/8.12.2) with ESMTP id g3NEvKwn020474; Tue, 23 Apr 2002 07:57:20 -0700 (PDT) (envelope-from frank@realtime.exit.com) Received: (from frank@localhost) by realtime.exit.com (8.12.2/8.12.2/Submit) id g3NEvJeL020473; Tue, 23 Apr 2002 07:57:19 -0700 (PDT) From: Frank Mayhar Message-Id: <200204231457.g3NEvJeL020473@realtime.exit.com> Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) In-Reply-To: <200204231212.34754.j.kossen@home.nl> To: Jochem Kossen Date: Tue, 23 Apr 2002 07:57:19 -0700 (PDT) Cc: Joerg Micheel , hackers@FreeBSD.ORG Reply-To: frank@exit.com Organization: Exit Consulting X-Copyright0: Copyright 2002 Frank Mayhar. All Rights Reserved. X-Copyright1: Permission granted for electronic reproduction as Usenet News or email only. X-Mailer: ELM [version 2.4ME+ PL95a (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Jochem Kossen wrote: > It does work. But i think you mean the tcp connections. > Does that mean you vote for enabling _all_ services? They don't work out > of the box as well... This is ridiculous. You know as well as I do that that's _not_ what Greg means. Just don't change stuff out from under the users. > > And don't tell me that X11 is an add-on and luxury. > I agree, but the tcp connections IS an add-on luxury imho Wrong. It's the way it works. > > We are living in the 21st century. > That's right, the century of virii, DoS attacks, worms, and > scriptkiddiots. Then fix the security holes at your end and leave the rest of to fix them the way _we_ want to. Don't impose your "fix" on the rest of us by fiat. -- Frank Mayhar frank@exit.com http://www.exit.com/ Exit Consulting http://www.gpsclock.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 8: 2:39 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from duke.cs.duke.edu (duke.cs.duke.edu [152.3.140.1]) by hub.freebsd.org (Postfix) with ESMTP id 003DB37B422 for ; Tue, 23 Apr 2002 08:02:34 -0700 (PDT) Received: from grasshopper.cs.duke.edu (grasshopper.cs.duke.edu [152.3.145.30]) by duke.cs.duke.edu (8.9.3/8.9.3) with ESMTP id LAA14954; Tue, 23 Apr 2002 11:02:33 -0400 (EDT) Received: (from gallatin@localhost) by grasshopper.cs.duke.edu (8.11.6/8.9.1) id g3NF23v12047; Tue, 23 Apr 2002 11:02:03 -0400 (EDT) (envelope-from gallatin@cs.duke.edu) From: Andrew Gallatin MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15557.30571.834026.208654@grasshopper.cs.duke.edu> Date: Tue, 23 Apr 2002 11:02:03 -0400 (EDT) To: Kenneth Culver Cc: freebsd-hackers@freebsd.org Subject: Re: implementing linux mmap2 syscall In-Reply-To: <20020423103655.V28948-100000@alpha.yumyumyum.org> References: <15557.27747.802212.659760@grasshopper.cs.duke.edu> <20020423103655.V28948-100000@alpha.yumyumyum.org> X-Mailer: VM 6.75 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Kenneth Culver writes: > > > Basically, linux_mmap2 takes 6 args, and this looks here like only 5 args are > > > making it in... I checked this because the sixth argument to linux_mmap2() in > > > truss was showing 0x6, but when I printed out that arg from the kernel, it > > > was showing 0x0. Am I correct here? > > > > > > Ken > > > > Yes. According to http://john.fremlin.de/linux/asm/, linux used to > > parse only 5 args but now it parses six. Try adding: > > args[5] = tf->tf_ebp; > > > I don't think that arg is there: > > Apr 23 10:36:13 ken /kernel: tf->tf_ebp = -1077938040 > > Ken My guess is that we're not doing something we should be doing in int0x80_syscall in order to get that last arg. But I do not have enough x86 knowledge to understand how the trapframe is constructed, so I cannot tell what needs to be done. Perhaps somebody with more x86 fu can help. Sorry, Drew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 8:10: 6 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mailhub.yumyumyum.org (dsl092-171-091.wdc1.dsl.speakeasy.net [66.92.171.91]) by hub.freebsd.org (Postfix) with SMTP id 6CF0B37B416 for ; Tue, 23 Apr 2002 08:09:55 -0700 (PDT) Received: (qmail 29197 invoked from network); 23 Apr 2002 15:09:35 -0000 Received: from dsl092-171-091.wdc1.dsl.speakeasy.net (66.92.171.91) by dsl092-171-091.wdc1.dsl.speakeasy.net with SMTP; 23 Apr 2002 15:09:35 -0000 Date: Tue, 23 Apr 2002 11:09:35 -0400 (EDT) From: Kenneth Culver To: Andrew Gallatin Cc: freebsd-hackers@freebsd.org, Subject: Re: implementing linux mmap2 syscall In-Reply-To: <15557.30571.834026.208654@grasshopper.cs.duke.edu> Message-ID: <20020423110747.C29188-100000@alpha.yumyumyum.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > > > > Basically, linux_mmap2 takes 6 args, and this looks here like only 5 args are > > > > making it in... I checked this because the sixth argument to linux_mmap2() in > > > > truss was showing 0x6, but when I printed out that arg from the kernel, it > > > > was showing 0x0. Am I correct here? > > > > > > > > Ken > > > > > > Yes. According to http://john.fremlin.de/linux/asm/, linux used to > > > parse only 5 args but now it parses six. Try adding: > > > args[5] = tf->tf_ebp; > > > > > I don't think that arg is there: > > > > Apr 23 10:36:13 ken /kernel: tf->tf_ebp = -1077938040 > > > > Ken > > My guess is that we're not doing something we should be doing in > int0x80_syscall in order to get that last arg. But I do not have > enough x86 knowledge to understand how the trapframe is constructed, > so I cannot tell what needs to be done. > > Perhaps somebody with more x86 fu can help. > > Sorry, Crap, I don't know what's going on either, I was just looking at the asm in src/sys/i386/i386/exception.s, but I'm not very good with asm either, Can anyone help? I'm cross-posting to -current since nobody on hackers or emulation is able to help. Ken To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 8:14: 1 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id B0F4237B404; Tue, 23 Apr 2002 08:13:53 -0700 (PDT) Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.11.6/8.11.6) with SMTP id g3NFDgw82633; Tue, 23 Apr 2002 11:13:42 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Tue, 23 Apr 2002 11:13:42 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: "Greg 'groggy' Lehey" Cc: Jordan Hubbard , Oscar Bonilla , Anthony Schneider , Mike Meyer , hackers@FreeBSD.org Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) In-Reply-To: <20020423131646.I6425@wantadilla.lemis.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, 23 Apr 2002, Greg 'groggy' Lehey wrote: > On Monday, 22 April 2002 at 19:53:06 -0700, Jordan Hubbard wrote: > >> That fix relies on the extensive PAM updates in -CURRENT however; in > >> -STABLE it can probably be similarly replicated via appropriate tweaking > >> of sshd (?). > > > > Why not fix it in stable by the very simple tweaking of the > > ChallengeResponseAuthentication to no in the sshd config file we ship > > Trust me, this question is going to come up a _lot_ for us otherwise. :( > > I've been noticing a continuing trend for more and more "safe" > configurations the default. I spent half a day recently trying to find > why I could no longer open windows on my X display, only to discover > that somebody had turned off tcp connections by default. A more conservative default configuration results in a material improvement in system security. This is especially the case for older system features that aren't being used by many current users. For example, the choice to move to telnetd turned off by default is particularly justified these days because we have a better option: SSH. There have even been serious discussions about not installing telnetd by default, although personally I see no problem installing it. The risks with telnetd on by default have been felt: witness the telnetd vulnerability that turned up last year. Highly complex server code enabled by default isn't useful, it's a security risk. Given these basic facts, you can then argue about what features fall into this category, and we can go on regarding that for a while. A reasonable set of criteria might include: - There have been past vulnerabilities that were exploitable by having the feature enabled by default. - The complexity and exposure of the feature lends it to future vulnerabilities. - Turning the feature on is difficult or impossible without high levels of expertise. - The feature does/does not have more secure alternatives accepted by the broader community. ... "Security by obscurity" does not refer to the act of selecting a conservative security policy, because "Security by obscurity" already refers to something else: relying on the level of knowledge of the attacker regarding your configuration. Since we can demonstrate disabling telnetd by default improves security, it is by definition not security by obscurity. And frankly, that applies to X11 also. "Security by obscurity" might be argued to include the S/Key behavior in the older sshd, where S/key prompts are displayed for a user even though they could not be used to log in. Frankly, I think such an argument would be reasonable. In fact, so reasonable that in -CURRENT, we don't have this behavior by default: we don't offer the S/Key authentication method to a user unless they can authenticate using S/Key. The old behavior can be turned back on via a pam.d flag for the skey module. BTW, there's a lot to be said for not throwing out the baby with the bathwater: disabling challenge response or S/Key by default isn't the right answer either. The right fix is to remove the counter-intuitive behavior regarding S/Key. > I have a problem with this, and as you imply, so will a lot of other > people. As a result of this sort of thing, people trying to migrate > from other systems will probably just give up. I certainly would have. > While it's a laudable aim to have a secure system, you have to be able > to use it too. I'd suggest that we do the following: > > 1. Give the user the choice of these additional features at > installation time. Recommend the procedures, but explain that you > need to understand the differences. We've spent some time working on this, and will continue to do so. But we also need to avoid over-burdening the install with "Do you want to turn on (this obsolete feature that some FreeBSD hacker loves and no one uses), even though it increases security risk?". Rather, we need a decent management interface. > 2. Document these things very well. Both this ssh change and the X > without TCP change are confusing. If three core team members were > surprised, it's going to surprise the end user a whole lot more. > We should at least have had a HEADS UP, and we probably need a > security policy document with the distributions. Part of your confusion is probably because X11 isn't part of the base system, so events concerning the X11 port don't tend to get discussed much on the general-purpose mailing lists. These kinds of things do get discussed on the release engineering lists, questions, etc. It may be we need a "ports release notes", but that's an effort that's going to have to come out of the ports space. BTW, another reason few people noticed is that at this point, the accepted best practice for X11 forwarding is to use SSH, which can forward TCP-based X11 to the unix domain socket X11 communication primitive. The result is that X11/TCP turned off on your workstation doesn't limit access when you log into remote servers using SSH, as long as you have X11 forwarding enabled for the server you're logging into. BTW, my notion of ease of use for services would be something like the following: a menu with a tree of services organized by category, with easy click options to turn them on and off. I played with looking at something like that for inetd.conf, but the best option was to toss the user into the editor with a bit of warning. So that's what I stuck in sysinstall. Fundamentally, we don't offer a decent management paradigm for the majority of the base system or the applications. That's the problem that needs addressing, and I would argue your effort would be better placed fixing that problem. The choices regarding disabling features and services by default have generally been made carefully, with lots of discussion, and based on a fairly rational process balancing functionality and security. Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 8:23:54 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from tinker.exit.com (tinker.exit.com [206.223.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 3324037B417; Tue, 23 Apr 2002 08:23:50 -0700 (PDT) Received: from realtime.exit.com (realtime [206.223.0.5]) by tinker.exit.com (8.12.3/8.12.3) with ESMTP id g3NFNccN078124; Tue, 23 Apr 2002 08:23:38 -0700 (PDT) (envelope-from frank@exit.com) Received: from realtime.exit.com (localhost [127.0.0.1]) by realtime.exit.com (8.12.2/8.12.2) with ESMTP id g3NFNQwn029650; Tue, 23 Apr 2002 08:23:26 -0700 (PDT) (envelope-from frank@realtime.exit.com) Received: (from frank@localhost) by realtime.exit.com (8.12.2/8.12.2/Submit) id g3NFNQnq029649; Tue, 23 Apr 2002 08:23:26 -0700 (PDT) From: Frank Mayhar Message-Id: <200204231523.g3NFNQnq029649@realtime.exit.com> Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) In-Reply-To: To: Robert Watson Date: Tue, 23 Apr 2002 08:23:26 -0700 (PDT) Cc: "Greg 'groggy' Lehey" , Jordan Hubbard , Oscar Bonilla , Anthony Schneider , Mike Meyer , hackers@FreeBSD.ORG Reply-To: frank@exit.com Organization: Exit Consulting X-Copyright0: Copyright 2002 Frank Mayhar. All Rights Reserved. X-Copyright1: Permission granted for electronic reproduction as Usenet News or email only. X-Mailer: ELM [version 2.4ME+ PL95a (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Robert, it's really, really simple. For new installs, install the new, more secure behavior. Be sure to loudly document this behavior so that those of us who expect the _old_ behavior don't get bitten by the change. And don't change the old behavior in upgrades of existing systems. As I said in my other email, if you _must_ change the defaults, add overrides so the behavior doesn't change. And by "add overrides" I mean something like an /etc/rc.conf.override file that gets pulled in after /etc/defaults/rc.conf but before /etc/rc.conf. (This says nothing about the necessity or desirability of the change itself, by the way. That's an entirely _different_ argument.) When you change defaults on a running system, you piss off a lot of users. Including me. :-) -- Frank Mayhar frank@exit.com http://www.exit.com/ Exit Consulting http://www.gpsclock.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 8:31: 4 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from quic.net (romulus.quic.net [216.23.27.8]) by hub.freebsd.org (Postfix) with SMTP id B112537B400 for ; Tue, 23 Apr 2002 08:30:57 -0700 (PDT) Received: (qmail 20285 invoked by uid 1032); 23 Apr 2002 15:31:04 -0000 From: utsl@quic.net Date: Tue, 23 Apr 2002 11:31:04 -0400 To: Greg 'groggy' Lehey Cc: hackers@FreeBSD.ORG Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) Message-ID: <20020423153104.GB19871@quic.net> References: <11670.1019530386@winston.freebsd.org> <20020423131646.I6425@wantadilla.lemis.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020423131646.I6425@wantadilla.lemis.com> User-Agent: Mutt/1.3.27i Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, Apr 23, 2002 at 01:16:46PM +0930, Greg 'groggy' Lehey wrote: > On Monday, 22 April 2002 at 19:53:06 -0700, Jordan Hubbard wrote: > >> That fix relies on the extensive PAM updates in -CURRENT however; in > >> -STABLE it can probably be similarly replicated via appropriate tweaking > >> of sshd (?). > > > > Why not fix it in stable by the very simple tweaking of the > > ChallengeResponseAuthentication to no in the sshd config file we ship > > Trust me, this question is going to come up a _lot_ for us otherwise. :( > > I've been noticing a continuing trend for more and more "safe" > configurations the default. I spent half a day recently trying to > find why I could no longer open windows on my X display, only to > discover that somebody had turned off tcp connections by default. Debian did this, but they put in a message that tells you that when you install the X server. IIRC, it even tells you what to change, and where. Of course, that might have been because enough people complained... As a sysadmin, I do think this is the right default. (I've worked in environments where people habitually used xhost +) But changing without telling anyone is extremely annoying. > I have a problem with this, and as you imply, so will a lot of other > people. As a result of this sort of thing, people trying to migrate > from other systems will probably just give up. I certainly would > have. While it's a laudable aim to have a secure system, you have to > be able to use it too. I'd suggest that we do the following: > > 1. Give the user the choice of these additional features at > installation time. Recommend the procedures, but explain that you > need to understand the differences. > > 2. Document these things very well. Both this ssh change and the X > without TCP change are confusing. If three core team members were > surprised, it's going to surprise the end user a whole lot more. > We should at least have had a HEADS UP, and we probably need a > security policy document with the distributions. There is a difference: the ssh change doesn't appear to be useful, AFAICS. If anything, it misleads the user into thinking ssh is broken. I'm not sure what, if any, improvement in default security happens as a result. The X change makes it look broken, too, but it really does make a difference in security not to expose your X server to the network by default. Probably more of a difference than what was done to ssh. ---Nathan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 8:50:30 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from rover.village.org (rover.bsdimp.com [204.144.255.66]) by hub.freebsd.org (Postfix) with ESMTP id B067D37B41B for ; Tue, 23 Apr 2002 08:50:23 -0700 (PDT) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.11.3/8.11.3) with ESMTP id g3NFoMH77963; Tue, 23 Apr 2002 09:50:22 -0600 (MDT) (envelope-from imp@village.org) Received: from localhost (warner@rover2.village.org [10.0.0.1]) by harmony.village.org (8.11.6/8.11.6) with ESMTP id g3NFoLb26345; Tue, 23 Apr 2002 09:50:21 -0600 (MDT) (envelope-from imp@village.org) Date: Tue, 23 Apr 2002 09:49:53 -0600 (MDT) Message-Id: <20020423.094953.13280392.imp@village.org> To: frank@exit.com Cc: hackers@FreeBSD.ORG Subject: Re: Security through obscurity? From: "M. Warner Losh" In-Reply-To: <200204231523.g3NFNQnq029649@realtime.exit.com> References: <200204231523.g3NFNQnq029649@realtime.exit.com> X-Mailer: Mew version 2.1 on Emacs 21.1 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG : When you change defaults on a running system, you piss off a lot of users. : Including me. :-) When we fail to take reasonable steps to preclude intruders from gaining access to your system, we'd likely piss you off more if you knew about it :-(. I'll also point out that years ago core created the security-officer to make FreeBSD more secure. One of the charges of the office was to make it more secure out of the box. Now that manmy generations of security officers have made FreeBSD more secure out of the box, you can't go shooting them for doing their job for years :-). The decision to go for a more secure system by default was made years ago. I for one think the Security Officers have done a good job at doing this, but even as far as they have come, I suspect that additional things will be locked down over time. That's the nature of the threats to systems on the internet today. What was acceptible years ago now no longer is acceptible. The attackers are getting more and more sophisticated. The countermeasures for these attacks are necessarily becoming more intrusive as the same sorts of bugs raise their ugly head again and again. BTW, none of this has anything to do with STO. STO is keeping the insecure software in place and relying on attackers to be too stupid to know what to do. That strategy has proven to be bad. The ssh default that started this thread, btw, is stupid, but since I've stepped aside from the SO role, I'll let the current SO deal with it. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 8:59:27 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 737ED37B416; Tue, 23 Apr 2002 08:59:19 -0700 (PDT) Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.11.6/8.11.6) with SMTP id g3NFx3w86511; Tue, 23 Apr 2002 11:59:03 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Tue, 23 Apr 2002 11:59:03 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Frank Mayhar Cc: "Greg 'groggy' Lehey" , Jordan Hubbard , Oscar Bonilla , Anthony Schneider , Mike Meyer , hackers@FreeBSD.ORG Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) In-Reply-To: <200204231523.g3NFNQnq029649@realtime.exit.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, 23 Apr 2002, Frank Mayhar wrote: > Robert, it's really, really simple. For new installs, install the new, > more secure behavior. Be sure to loudly document this behavior so that > those of us who expect the _old_ behavior don't get bitten by the > change. And don't change the old behavior in upgrades of existing > systems. As I said in my other email, if you _must_ change the > defaults, add overrides so the behavior doesn't change. And by "add > overrides" I mean something like an /etc/rc.conf.override file that gets > pulled in after /etc/defaults/rc.conf but before /etc/rc.conf. And I'm saying that in general, we do this for the base system, but we don't have a formalized way of handling that for ports. I suggested that this be something the ports side of the camp needs to work on, perhaps in the form of explicit ports release notes for major ports/widely relevant changes. X11 currently falls into that category, although it doesn't for every system (for example, OpenBSD maintains X11 in-tree with a higher support level, as I understand it). However, I think it's not possible to argue for infinite backward compatibility during upgrades. One minor release is probably the limit of feasibility; major releases are probably not worth dealing with other than via documentation. For example, we make no effort to provide backward compatibility with /etc/sysconfig from the 2.x era. The right model is probably: - For rc.conf, provide limited backward compatibility (1 minor release) - For other configuration files (inetd.conf, for example), simply document the changes During binary upgrades, as well as source-based upgrades, we rely on the administrator to merge the majority of /etc configurations anyway: in general, no change gets made to /etc unless you explicitly perform it. Besides which, backwards compatibility isn't always possible, or desirable. When you upgrade to a new version, you assume that known security vulnerabilities in the old version will be remedied; you expect version increments on various libraries and utilities. This is in many ways no different than normal feature change, it just happens to have a specific motivation that we're generalizing about. > (This says nothing about the necessity or desirability of the change > itself, by the way. That's an entirely _different_ argument.) > > When you change defaults on a running system, you piss off a lot of > users. Including me. :-) When you change defaults on a running system, that's generally a specific administrative choice you've made. By upgrading the system, you accept that system behavior will change: in fact, you're asking for it to change! FreeBSD has some of the best updating/release notes in the open source space--certainly, more work can be done (especially in the area of ports, which is how this discussion started), but I think you don't want to take the "nothing changes, ever" philosophy too far. Upgrading a system accepts feature change--I don't think you'll find any vendor who will promise you that following an upgrade, things will be identical. Vendors focus system software upgrades on providing new feature sets, and providing a "consist" release. Most vendors provide a bumpier feature ride than we do, by virtue of not allowing such fine granularity with upgrades: we permit you to slide slowly forwards on -STABLE, rather than only providing major releases. But by taking advantage of finer granularity and greater access to the in-progress development work, you sacrifice some of the release engineering process. We do have branches that focus on minimal change: those are the release branches that pick up only critical security bugfixes. And even then, you may get feature change. So I'm not disagreeing with you -- I agree, backwards compatibility is important, and that includes the area of configuration files, and especially relating to the last relevant release number. Documentation should be our primary responsibility when it comes to changes, rather than an upgrade path that maintains identical behavior (which is probably not only impossible, but also undesirable). The documented behavior of rc.conf is that if you have a configuration line in there, it's probably paid attention to. If you rely on the system defaults, then when the defaults change, your system changes. If you want to know that a change in defaults won't affect your configuration, explicitly set the setting in rc.conf. We do try to provide compatibility here: for example, there are a number of things in 5.0 that will move from being rc.conf entries to just sysctl.conf entries. However, we're providing backwards compatibility for those settings for at least a minor release. Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 9: 0:29 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from ns.yogotech.com (ns.yogotech.com [206.127.123.66]) by hub.freebsd.org (Postfix) with ESMTP id 57EAE37B405 for ; Tue, 23 Apr 2002 09:00:17 -0700 (PDT) Received: from caddis.yogotech.com (caddis.yogotech.com [206.127.123.130]) by ns.yogotech.com (8.9.3/8.9.3) with ESMTP id KAA07605; Tue, 23 Apr 2002 10:00:15 -0600 (MDT) (envelope-from nate@yogotech.com) Received: (from nate@localhost) by caddis.yogotech.com (8.11.6/8.11.6) id g3NG0Fo64327; Tue, 23 Apr 2002 10:00:15 -0600 (MDT) (envelope-from nate) From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15557.34063.227556.850296@caddis.yogotech.com> Date: Tue, 23 Apr 2002 10:00:15 -0600 To: Attila Nagy Cc: hackers@FreeBSD.ORG Subject: Re: sendfile() in tftpd? In-Reply-To: References: X-Mailer: VM 6.96 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid Reply-To: nate@yogotech.com (Nate Williams) Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > Would it be possible to use sendfile in tftpd? Nope, since as someone else has pointed out, tftp uses UDP and not TCP. The problem with TFTP is the protocol, not the implementation. It's got a window size of 'one', so the speed is limited by the latency between the two hosts. You could have a 1Terrabit pipe, and if it's latency was the same as a 9600 baud modem, your transfer speed would be the same as a modem. Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 9: 7:14 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id CFF3A37B404; Tue, 23 Apr 2002 09:07:09 -0700 (PDT) Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.11.6/8.11.6) with SMTP id g3NG6xw87250; Tue, 23 Apr 2002 12:06:59 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Tue, 23 Apr 2002 12:06:58 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: "Greg 'groggy' Lehey" Cc: Jordan Hubbard , Oscar Bonilla , Anthony Schneider , Mike Meyer , hackers@FreeBSD.org Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) In-Reply-To: <20020423131646.I6425@wantadilla.lemis.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, 23 Apr 2002, Greg 'groggy' Lehey wrote: > On Monday, 22 April 2002 at 19:53:06 -0700, Jordan Hubbard wrote: > >> That fix relies on the extensive PAM updates in -CURRENT however; in > >> -STABLE it can probably be similarly replicated via appropriate tweaking > >> of sshd (?). > > > > Why not fix it in stable by the very simple tweaking of the > > ChallengeResponseAuthentication to no in the sshd config file we ship > > Trust me, this question is going to come up a _lot_ for us otherwise. :( > > I've been noticing a continuing trend for more and more "safe" > configurations the default. I spent half a day recently trying to find > why I could no longer open windows on my X display, only to discover > that somebody had turned off tcp connections by default. BTW, I think this is somewhat of a red herring, and isn't really related to this discussion at all. The issue with S/Key is something that we've already built concensus on: it's a bug for most users, and should be fixed (or at least made optional), which as I indicated, is *already* the strategy taken in -CURRENT. Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 9: 8:11 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from tinker.exit.com (tinker.exit.com [206.223.0.1]) by hub.freebsd.org (Postfix) with ESMTP id B048537B419 for ; Tue, 23 Apr 2002 09:08:04 -0700 (PDT) Received: from realtime.exit.com (realtime [206.223.0.5]) by tinker.exit.com (8.12.3/8.12.3) with ESMTP id g3NG7wcN078232; Tue, 23 Apr 2002 09:07:58 -0700 (PDT) (envelope-from frank@exit.com) Received: from realtime.exit.com (localhost [127.0.0.1]) by realtime.exit.com (8.12.2/8.12.2) with ESMTP id g3NG7kwn045254; Tue, 23 Apr 2002 09:07:46 -0700 (PDT) (envelope-from frank@realtime.exit.com) Received: (from frank@localhost) by realtime.exit.com (8.12.2/8.12.2/Submit) id g3NG7kDh045253; Tue, 23 Apr 2002 09:07:46 -0700 (PDT) From: Frank Mayhar Message-Id: <200204231607.g3NG7kDh045253@realtime.exit.com> Subject: Changing defaults versus increased security. In-Reply-To: <20020423.094953.13280392.imp@village.org> To: "M. Warner Losh" Date: Tue, 23 Apr 2002 09:07:46 -0700 (PDT) Cc: hackers@FreeBSD.ORG Reply-To: frank@exit.com Organization: Exit Consulting X-Copyright0: Copyright 2002 Frank Mayhar. All Rights Reserved. X-Copyright1: Permission granted for electronic reproduction as Usenet News or email only. X-Mailer: ELM [version 2.4ME+ PL95a (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG M. Warner Losh wrote: > : When you change defaults on a running system, you piss off a lot of users. > : Including me. :-) > When we fail to take reasonable steps to preclude intruders from > gaining access to your system, we'd likely piss you off more if you > knew about it :-(. Hey, I intentionally said nothing about the desirability of such a change. I just don't believe that changing the defaults of a running system is a good idea. Perhaps changing the defaults for newly-installed systems _is_ a good idea, about that I have no opinion, but when I do a mergemaster and something very basic stops working, it's not more secure, it's just broken. I don't object to more secure systems (far from it), I just object to sudden changes in systems I run. These systems have _already_ been secured against intrusion; like any administrator worth his salt, I've taken steps to secure the borders of my network(s). Inside my network, though, things are less secure because I know I can trust myself. It seems easy enough to create an /etc/rc.overrides script with a large "Danger Will Robinson" message to annoy a sysadmin into looking at it and containing the old defaults. -- Frank Mayhar frank@exit.com http://www.exit.com/ Exit Consulting http://www.gpsclock.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 9:16:29 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from rover.village.org (rover.bsdimp.com [204.144.255.66]) by hub.freebsd.org (Postfix) with ESMTP id 5FECB37B430 for ; Tue, 23 Apr 2002 09:16:17 -0700 (PDT) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.11.3/8.11.3) with ESMTP id g3NGGGH78121; Tue, 23 Apr 2002 10:16:16 -0600 (MDT) (envelope-from imp@village.org) Received: from localhost (warner@rover2.village.org [10.0.0.1]) by harmony.village.org (8.11.6/8.11.6) with ESMTP id g3NGGFb26553; Tue, 23 Apr 2002 10:16:15 -0600 (MDT) (envelope-from imp@village.org) Date: Tue, 23 Apr 2002 10:16:09 -0600 (MDT) Message-Id: <20020423.101609.32526088.imp@village.org> To: frank@exit.com Cc: hackers@FreeBSD.ORG Subject: Re: Changing defaults versus increased security. From: "M. Warner Losh" In-Reply-To: <200204231607.g3NG7kDh045253@realtime.exit.com> References: <20020423.094953.13280392.imp@village.org> <200204231607.g3NG7kDh045253@realtime.exit.com> X-Mailer: Mew version 2.1 on Emacs 21.1 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In message: <200204231607.g3NG7kDh045253@realtime.exit.com> Frank Mayhar writes: : It seems easy enough to create an /etc/rc.overrides script with a large : "Danger Will Robinson" message to annoy a sysadmin into looking at it : and containing the old defaults. There may be a good way to deal with this problem along these lines... Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 9:35:51 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from ns.aus.com (adsl-64-175-247-99.dsl.sntc01.pacbell.net [64.175.247.99]) by hub.freebsd.org (Postfix) with ESMTP id 88E3037B41B for ; Tue, 23 Apr 2002 09:35:43 -0700 (PDT) Received: from localhost (rsharpe@localhost) by ns.aus.com (8.11.6/8.11.6) with ESMTP id g3NHhQ002664; Wed, 24 Apr 2002 03:13:26 +0930 Date: Wed, 24 Apr 2002 03:13:26 +0930 (CST) From: Richard Sharpe To: Attila Nagy Cc: Tomas Svensson , Subject: Re: sendfile() in tftpd? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, 23 Apr 2002, Attila Nagy wrote: > Hello, > > > No, sendfile() is only for TCP connections, TFTP is using UDP. If you > > want performance, use something else. > It's even in the manpage: > Sendfile() sends a regular file specified by descriptor fd out a stream > socket specified by descriptor s. > > Silly me. BTW, I can't use anything else. Are there any alternatives to > TFTP for booting machines off the network? (using standard, PC components) Multicast! BootIX (nee InCom) have support for this in their BootROMS. it might not be hard to hack into Etherboot et al. Regards ----- Richard Sharpe, rsharpe@ns.aus.com, rsharpe@samba.org, sharpe@ethereal.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 9:40: 0 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mail3.home.nl (mail3.home.nl [213.51.129.227]) by hub.freebsd.org (Postfix) with ESMTP id A3AE937B405; Tue, 23 Apr 2002 09:39:53 -0700 (PDT) Received: from lisa.CC40670-a.groni1.gr.nl.home.com ([217.123.110.189]) by mail3.home.nl (InterMail vM.4.01.03.00 201-229-121) with ESMTP id <20020423163801.VSDP17620.mail3.home.nl@lisa.CC40670-a.groni1.gr.nl.home.com>; Tue, 23 Apr 2002 18:38:01 +0200 Content-Type: text/plain; charset="iso-8859-1" From: Jochem Kossen To: frank@exit.com Subject: Re: Security through obscurity? (and /etc/defaults/rc.conf changes) Date: Tue, 23 Apr 2002 18:39:44 +0200 X-Mailer: KMail [version 1.4] Cc: "Greg 'groggy' Lehey" , hackers@FreeBSD.ORG References: <200204231454.g3NEsxFR019646@realtime.exit.com> In-Reply-To: <200204231454.g3NEsxFR019646@realtime.exit.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-Id: <200204231839.44923.j.kossen@home.nl> Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tuesday 23 April 2002 16:54, Frank Mayhar wrote: > Jochem Kossen wrote: > > Because things evolve? :) > > You say "evolve." I say "get broken." Don't tell me that in 11 years, defaults never change > > > How do I know which man page to read? > > > > You start X with startx, seems obvious to me. The disabling of tcp > > connections only applies to startx > > It's not obvious when one has been starting X with the same command > for years and it has never before changed. Gee, seems to seriously > violate POLA, eh? I agree, but i still wonder why people didn't come up with it sooner > > OK, then i suggest we mention it in the handbook, the security > > policy document, the manpage AND the release notes :) > > Just don't do it in the first place. If you must have this, make a > _new_ command ("secure-startx," perhaps) and point to it in the > release notes. This is a very good idea IMHO, although without the patch 'startx=20 -nolisten_tcp' works too...Then i'd say rip the patch out completely > > For the simple reason I don't like useless open ports on my system. > > I don't use it, _most_ other people don't use it, so i sent in a > > patch. > > Yeah, but unless one is installing a fresh system, one shouldn't care > so much. And, by the way, how do you define "useless?" To me, > having X listening for TCP connections is far from useless. It is useless to _me_ because i don't use it. Like i said in a previous=20 mail, I didn't like the default, so I sent in the patch as a proposal=20 to the ports@ mailinglist, and they all seemed to like it too. Nobody=20 complained, thus the patch was integrated. Simple. I sent in the patch because it seemed obvious to me to send in a patch=20 which people liked. It was just a proposal. The people responsible and=20 a few others liked it too, and integrated it. > > Of course, it was only discussed on the ports@ mailinglist, but it > > didn't seem like such a big deal to me or apparently the others... > > This is another case of changing the default in such a way as to > violate POLA. > > I've given this some thought, particularly with respect to the > rc.conf changes. My opinion is that, while this kind of thing is a > good idea for from-scratch installs (the kind a person new to FreeBSD > might be doing), making these changes to a running system is a Really > Bad Idea. That means that if you _must_ change the defaults, add > overrides at the same time to maintain the old default behavior.=20 > Then document the hell out of the new defaults. One shouldn't have > to read ancient mail archives or pore over cvs logs to figure out > what happened and why. I agree. Next time i send in a patch (doesn't happen often ;)) i'll =20 consider this. > Hey, I'm a kernel programmer (I work on BSD/OS as it happens). I > know what it's like to be stuck with obsolete defaults. The fact of > the matter is, though, that if I change a default and that upsets our > customers, we potentially lose revenue and I potentially lose my job. > This gives me real incentive to get it right, and that means not > pulling the rug out from under the end user. > > IMHO, this was botched. Sorry, David, I calls 'em as I see 'em. David? But ehh...If people really want to change this, could someone file a PR?=20 :) (i can't right now, isp problems... i can only use their mailserver.=20 Besides, i'm not the one complaining) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 9:40:47 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from acl.lanl.gov (acl.lanl.gov [128.165.147.1]) by hub.freebsd.org (Postfix) with SMTP id A506837B429 for ; Tue, 23 Apr 2002 09:40:27 -0700 (PDT) Received: (qmail 2315682 invoked from network); 23 Apr 2002 10:40:26 -0600 Received: from snaresland.acl.lanl.gov (128.165.147.113) by acl.lanl.gov with SMTP; 23 Apr 2002 10:40:26 -0600 Received: (qmail 26976 invoked by uid 3499); 23 Apr 2002 10:40:26 -0600 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 23 Apr 2002 10:40:26 -0600 Date: Tue, 23 Apr 2002 10:40:26 -0600 (MDT) From: Ronald G Minnich X-X-Sender: To: Richard Sharpe Cc: Attila Nagy , Tomas Svensson , Subject: Re: sendfile() in tftpd? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, 24 Apr 2002, Richard Sharpe wrote: > Multicast! BootIX (nee InCom) have support for this in their BootROMS. it > might not be hard to hack into Etherboot et al. bproc now uses multicast for distributing new kernels and init ram disks, if you want to see an example. It's on sourceforge. ron To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 9:42:42 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mailout03.sul.t-online.com (mailout03.sul.t-online.com [194.25.134.81]) by hub.freebsd.org (Postfix) with ESMTP id EB43A37B416 for ; Tue, 23 Apr 2002 09:42:32 -0700 (PDT) Received: from fwd06.sul.t-online.de by mailout03.sul.t-online.com with smtp id 1703N8-0002aY-0E; Tue, 23 Apr 2002 18:42:30 +0200 Received: from frolic.no-support.loc (520094253176-0001@[80.130.207.226]) by fmrl06.sul.t-online.com with esmtp id 1703Mk-05vvRAC; Tue, 23 Apr 2002 18:42:06 +0200 Received: (from bjoern@localhost) by frolic.no-support.loc (8.11.6/8.9.3) id g3NGe5v00813; Tue, 23 Apr 2002 18:40:05 +0200 (CEST) (envelope-from bjoern) From: Bjoern Fischer Date: Tue, 23 Apr 2002 18:40:05 +0200 To: Jordan Hubbard Cc: hackers@FreeBSD.ORG Subject: OT: Better fake challenges [Re: ssh + compiled-in SKEY support considered harmful?] Message-ID: <20020423164005.GB258@frolic.no-support.loc> References: <200204230039.g3N0dQ8i011313@winston.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable In-Reply-To: <200204230039.g3N0dQ8i011313@winston.freebsd.org> User-Agent: Mutt/1.3.25i X-Sender: 520094253176-0001@t-dialin.net Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hello, > jhubbard@wafer-> ssh jkh@winston.freebsd.org > otp-md5 114 wi7854 ext > S/Key Password:=20 > otp-md5 117 wi5044 ext > S/Key Password:=20 > otp-md5 397 wi0652 ext > S/Key Password:=20 > jkh@winston.freebsd.org's password:=20 If anyone is concerned about revealing too much information on valid/invalid OTP login names through S/Key or OPIE fake challanges, here is a proof of concept of a much better stateless fake challenge generator. It shouldn't be possible to distuingish valid from invalid OTP login names by just giving a few login attempts. It would not last a statistical analysis, but that many failed login attempts should show up in the logs and raise an alert condition. -Bj=F6rn =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D #!/usr/bin/perl -w # # It should not be important to have two distinct secrets # my $secret1 =3D "Soylent Green is human!"; my $secret2 =3D "Komm suesser Tod (BWV 471)"; # # The sequence number should not drop beyond 3, since the user needs # a sequence number to reset the counter. # my $init_seq =3D 499; my $min_seq =3D 2; my $max_seq =3D $init_seq - $min_seq; # # get_fake_challenge(const char *login, time_t esec) # # This subroutine computes a sufficiently good fake sequence # for a given login name and a date. # sub get_fake_challenge { my ($login, $esec) =3D @_; # # Assuming, a user logs in a few times a day, we have to use a login # schedule, that is constant (but different) for each user. # my $lognums =3D 2 + (hex substr(`md5 -q -s "$login$secret1"`, 0, 1)) % 7; my $delta =3D int (($esec / ((24 * 60 * 60) / $lognums)) / $max_seq); # # Compute seed and sequence number # my $seed =3D `md5 -q -s "$delta$login$secret2"`; chomp $seed; my $seq =3D $init_seq - ((int ($esec / ((24 * 60 * 60) / $lognums))) % $max_seq); return ($seq, $seed); } # # testcase # my $testlogin =3D "nouser"; $i =3D 1; for ($date =3D 1016265366; $date < 1226000000; $date +=3D 1) { ($seq, $seed) =3D get_fake_challenge ("nouser", $date); ($sec, $min, $hour, $mday, $mon, $year, $wday, $yday, $isdst) =3D localtime($date); printf ("%02u.%02u.%04u %02u:%02u:%02u (%03u, %s)\n", $mday+1, $mon, $year+1900, $hour, $min, $sec, $seq, $seed); if (!($i++ % 40)) { $i =3D 1; print "Press [RETURN]."; <>; } } To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 9:49:13 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mail3.home.nl (mail3.home.nl [213.51.129.227]) by hub.freebsd.org (Postfix) with ESMTP id D575F37B41F for ; Tue, 23 Apr 2002 09:48:53 -0700 (PDT) Received: from lisa.CC40670-a.groni1.gr.nl.home.com ([217.123.110.189]) by mail3.home.nl (InterMail vM.4.01.03.00 201-229-121) with ESMTP id <20020423164705.VUIY17620.mail3.home.nl@lisa.CC40670-a.groni1.gr.nl.home.com>; Tue, 23 Apr 2002 18:47:05 +0200 Content-Type: text/plain; charset="iso-8859-1" From: Jochem Kossen To: frank@exit.com Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) Date: Tue, 23 Apr 2002 18:48:48 +0200 X-Mailer: KMail [version 1.4] Cc: Joerg Micheel , hackers@FreeBSD.ORG References: <200204231457.g3NEvJeL020473@realtime.exit.com> In-Reply-To: <200204231457.g3NEvJeL020473@realtime.exit.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-Id: <200204231848.49001.j.kossen@home.nl> Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tuesday 23 April 2002 16:57, Frank Mayhar wrote: > Jochem Kossen wrote: > > It does work. But i think you mean the tcp connections. > > Does that mean you vote for enabling _all_ services? They don't > > work out of the box as well... > > This is ridiculous. You know as well as I do that that's _not_ what > Greg means. Just don't change stuff out from under the users. True, but this mail wasn't a response to Greg. Over the time i've used=20 FreeBSD, i've seen several services been disabled by default, and i=20 don't see a difference between that and this. Care to explain? > > > And don't tell me that X11 is an add-on and luxury. > > > > I agree, but the tcp connections IS an add-on luxury imho > > Wrong. It's the way it works. Yup, and i didn't like the way it works > > > We are living in the 21st century. > > > > That's right, the century of virii, DoS attacks, worms, and > > scriptkiddiots. > > Then fix the security holes at your end and leave the rest of to fix > them the way _we_ want to. Don't impose your "fix" on the rest of us > by fiat. Excuse me? I thought i sent in a patch which was an improvement. The=20 people responsible thought so too. The patch was a proposal, nothing=20 more, nothing less. I don't care at all wether my patch is in the ports=20 or not, i just thought it was a good idea, so i sent it in. I see=20 nothing wrong in that. If people disagree with the patch, send in a PR and/or remove the patch.=20 That's all there is to it. The patch lives at=20 x11/XFree86-4-libraries/files/patch-startx To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 10:37:51 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from gull.prod.itd.earthlink.net (gull.mail.pas.earthlink.net [207.217.120.84]) by hub.freebsd.org (Postfix) with ESMTP id 0C99537B416 for ; Tue, 23 Apr 2002 10:37:46 -0700 (PDT) Received: from pool0547.cvx22-bradley.dialup.earthlink.net ([209.179.200.37] helo=mindspring.com) by gull.prod.itd.earthlink.net with esmtp (Exim 3.33 #2) id 1704EV-0007Rb-00; Tue, 23 Apr 2002 10:37:39 -0700 Message-ID: <3CC59BC7.1AA75183@mindspring.com> Date: Tue, 23 Apr 2002 10:37:11 -0700 From: Terry Lambert X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Attila Nagy Cc: hackers@freebsd.org Subject: Re: sendfile() in tftpd? References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Attila Nagy wrote: > > Only if all file transfers were binary, or all ASCII files were stored > > on the host with line termination, instead of . That's the > > same reason sendfile() is stupid for POP3, IMAP4, and SMTP servers... > > Hmm. Both FTP and TFTP supports ASCII and binary transfers, am I right? TFTP... sendfile() doesn't work with UDP, anyway. But anyway... by definition, sendfile can't do the requisite end of line terminator conversion ( fro Macintosh, for UNIX, for Windows/MS-DOS) for FTP/TFTP, and it can't do the end of line conversion for message stores or mail transfer (SMTP, POP3, and IMAP4 all specify that lines *shall* be terminated by ). > In libexec/ftpd this case is handled this way: > case TYPE_A: > while ((c = getc(instr)) != EOF) { > [...] > case TYPE_L: > [...] > while (err != -1 && filesize > 0) { > err = sendfile(filefd, netfd, offset, 0, > (struct sf_hdtr *) NULL, &cnt, 0); > [...] > > As far as I can determine. Yep. Wouldn't it be nice if it always worked, instead of only working for binary? > In libexec/tftpd there is also a similar possibility to handle each case, > because there is "netascii" and "octet". Yeah, but the UDP lets it out, anyway. [ ... TFTP booting ... ] > And that's what isn't too good. One client can achieve about 15 Mbps but > if more than 10 (usually 20-30) clients want to fetch the images the TFTP > server first slows down (it eats all the CPU of the server, which is a > fast AthlonXP 1600+) then times out. The answer is probably "boot a small image, and use NFS for the real data, so you don't have to use UDP for the bulk of the data you have to transfer". > I think this could be improved if TFTP could use sendfile(). > (I have a busy FTP server and I know how much sendfile() can speed up > things) FTP is TCP, not UDP. TFTP "magically" implements session state (retransmit/retry) on top of UDP. In other words, it basically implements the stream delivery you would get with TCP, in user space. > The main question here seems to be: could sendfile() be used with UDP, or > it is just for TCP? It could probably be used. The retransmits, though, really need to be built into the protocol, so it's pretty useless for UDP, if ever you drop a signle packet, since you won't be able to recover. You would have to implement the code for it. Probably, the best idea, if you insist on it, is to implement the TFTP retransmit/acknowledge for the reliable data delivery in the kernel... as a stream protocol layer on top of UDP. And then implement sendfile on top of that. > BTW, the bpbatch stuff uses binary transfer (according to tcpdump > output)... All that means is that you won't have to do data conversion in that particular case. UDP datagrams don't really have a window acknowledgement (UDP datagram delivery is, by definition, unreliable), so you can't really self-clock the buffer size on the receiver to ensure that you don't have to do retransmits. You *might* be able to get around this with the "TFTP as a protocol layer" hack, but the window size is one packet, so you're not really going to see a significant speed improvement, after all the hacking is said and done. Maybe 12%. The main win of sendfile() at all is in not eating the window fill latency by going back to user space, when using sendfile() with TCP; actually, the overhead savings for using sendfile() can be had without using sendfile(), for the most port, since the window is generally large enough and the consumption slow enough that you end up disk-bound on the sender, or ack-paced by the receiver's inability to drain the buffer quickly, so you only ever see two round trip latencies over the whole data stream. For UDP, you're going to see the round trip latency for each packet for the individual ACK's, so you're pretty much screwed from the start, if you use a non-wondowed protocol like TFTP over UDP, at all. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 10:40:11 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from gull.prod.itd.earthlink.net (gull.mail.pas.earthlink.net [207.217.120.84]) by hub.freebsd.org (Postfix) with ESMTP id 0C42E37B400 for ; Tue, 23 Apr 2002 10:40:01 -0700 (PDT) Received: from pool0547.cvx22-bradley.dialup.earthlink.net ([209.179.200.37] helo=mindspring.com) by gull.prod.itd.earthlink.net with esmtp (Exim 3.33 #2) id 1704GW-0002jj-00; Tue, 23 Apr 2002 10:39:44 -0700 Message-ID: <3CC59C44.13013A1E@mindspring.com> Date: Tue, 23 Apr 2002 10:39:16 -0700 From: Terry Lambert X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Attila Nagy Cc: Tomas Svensson , hackers@freebsd.org Subject: Re: sendfile() in tftpd? References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Attila Nagy wrote: > > No, sendfile() is only for TCP connections, TFTP is using UDP. If you > > want performance, use something else. > It's even in the manpage: > Sendfile() sends a regular file specified by descriptor fd out a stream > socket specified by descriptor s. > > Silly me. BTW, I can't use anything else. Are there any alternatives to > TFTP for booting machines off the network? (using standard, PC components) USE TFTP to get a tiny image up, and then go TCP. There are also lightweight TCP stacks that fit in 8K or 16K; you could come up with your own protocol, or decide to use FTP instead of TFTP for the download. In general, the faster you get to something TCP based, the happier you will be, so if you *must* use TFTP, then make the boot image really, really small. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 10:44: 1 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from gull.prod.itd.earthlink.net (gull.mail.pas.earthlink.net [207.217.120.84]) by hub.freebsd.org (Postfix) with ESMTP id 64BE137B41D for ; Tue, 23 Apr 2002 10:43:47 -0700 (PDT) Received: from pool0547.cvx22-bradley.dialup.earthlink.net ([209.179.200.37] helo=mindspring.com) by gull.prod.itd.earthlink.net with esmtp (Exim 3.33 #2) id 1704KN-0000iz-00; Tue, 23 Apr 2002 10:43:43 -0700 Message-ID: <3CC59D33.DCF84730@mindspring.com> Date: Tue, 23 Apr 2002 10:43:15 -0700 From: Terry Lambert X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Attila Nagy Cc: Danny Braniss , hackers@freebsd.org Subject: Re: sendfile() in tftpd? References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Attila Nagy wrote: > With Danny's tftpd I could get 16-17 Mbps with one machine (this is what > the client says) and around 4 Mbps per client at a concurrency of 24 > machines. > That's about 90-96 Mbps. > > I will try do more benchmarks with an accurate method, once I could figure > out what should I use to measure the outgoing traffic to specific IP > addresses (a /24 subnet)... The main thing you will see is that the mmap'ed file pages will be LRU'ed out. Unfortunately, there is not one instance per client. You might do well to madvise() the file, as well, based on the expectation of having multiple sequential transfers of the same data. This assumes that you use the same boot image for each machine, which is advisable (IMO). -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 10:46:47 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from ns.yogotech.com (ns.yogotech.com [206.127.123.66]) by hub.freebsd.org (Postfix) with ESMTP id 5DD0F37B405 for ; Tue, 23 Apr 2002 10:46:41 -0700 (PDT) Received: from caddis.yogotech.com (caddis.yogotech.com [206.127.123.130]) by ns.yogotech.com (8.9.3/8.9.3) with ESMTP id LAA08675; Tue, 23 Apr 2002 11:46:36 -0600 (MDT) (envelope-from nate@yogotech.com) Received: (from nate@localhost) by caddis.yogotech.com (8.11.6/8.11.6) id g3NHkZB65613; Tue, 23 Apr 2002 11:46:35 -0600 (MDT) (envelope-from nate) From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15557.40442.852602.681416@caddis.yogotech.com> Date: Tue, 23 Apr 2002 11:46:34 -0600 To: Terry Lambert Cc: Attila Nagy , Tomas Svensson , hackers@FreeBSD.ORG Subject: Re: sendfile() in tftpd? In-Reply-To: <3CC59C44.13013A1E@mindspring.com> References: <3CC59C44.13013A1E@mindspring.com> X-Mailer: VM 6.96 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid Reply-To: nate@yogotech.com (Nate Williams) Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > > > No, sendfile() is only for TCP connections, TFTP is using UDP. If you > > > want performance, use something else. > > It's even in the manpage: > > Sendfile() sends a regular file specified by descriptor fd out a stream > > socket specified by descriptor s. > > > > Silly me. BTW, I can't use anything else. Are there any alternatives to > > TFTP for booting machines off the network? (using standard, PC components) > > USE TFTP to get a tiny image up, and then go TCP. > > There are also lightweight TCP stacks that fit in 8K or 16K; you > could come up with your own protocol, or decide to use FTP instead > of TFTP for the download. > > In general, the faster you get to something TCP based, the happier > you will be, so if you *must* use TFTP, then make the boot image > really, really small. Going to TCP soon assumes that you have a lossless medium in order to transmit packets over. If you're using a lossy medium, TFTP (and other UDP based protocols) can kick their butt because of TCP's assumption that packet loss is a function of congestion, which is often not the case in lossy mediums such as wirless. :( Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 11: 7:59 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from scaup.prod.itd.earthlink.net (scaup.mail.pas.earthlink.net [207.217.120.49]) by hub.freebsd.org (Postfix) with ESMTP id 5FDB137B41A; Tue, 23 Apr 2002 11:07:51 -0700 (PDT) Received: from pool0547.cvx22-bradley.dialup.earthlink.net ([209.179.200.37] helo=mindspring.com) by scaup.prod.itd.earthlink.net with esmtp (Exim 3.33 #2) id 1704hh-0005bD-00; Tue, 23 Apr 2002 11:07:50 -0700 Message-ID: <3CC5A2D9.D9FB84A3@mindspring.com> Date: Tue, 23 Apr 2002 11:07:21 -0700 From: Terry Lambert X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Robert Watson Cc: Greg 'groggy' Lehey , Jordan Hubbard , Oscar Bonilla , Anthony Schneider , Mike Meyer , hackers@FreeBSD.org Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Robert Watson wrote: > A more conservative default configuration results in a material > improvement in system security. I really don't think there's any way to fully protect a security-unconscious user, as if they had spent the time to learn what was necessary, and chosen the right settings for their site. Nothing can replace a system administrator who knows which end is up. I think that trying to do this is doomed to failure, in that it will engender a false sense of security which is, in many cases, unwarranted and dangerous. This is particularly true for FreeBSD, where the first thing anyone ever does with the system is install packages/ports which may themselves have undocumented security vulnerabilities (or even documented ones for which the documentation is ignored). This is particularly true when the system is running X11, as the system *never* *only* runs X11, but instead has all sorts of clients installed, as well, and generally a significant set of unaudited software, such as KDE, which you can attack via CORBA much easier than you could ever hope to directly attack an X11 server, whose defaults already do not permit remote connections through intrinsic access controls in the server ("xhost", et. al.). -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 11:28:37 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from quic.net (romulus.quic.net [216.23.27.8]) by hub.freebsd.org (Postfix) with SMTP id CC2D137B405 for ; Tue, 23 Apr 2002 11:28:32 -0700 (PDT) Received: (qmail 22367 invoked by uid 1032); 23 Apr 2002 18:28:39 -0000 From: utsl@quic.net Date: Tue, 23 Apr 2002 14:28:39 -0400 To: Nate Williams Cc: hackers@FreeBSD.ORG Subject: Re: sendfile() in tftpd? Message-ID: <20020423182839.GA22074@quic.net> References: <3CC59C44.13013A1E@mindspring.com> <15557.40442.852602.681416@caddis.yogotech.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <15557.40442.852602.681416@caddis.yogotech.com> User-Agent: Mutt/1.3.27i Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, Apr 23, 2002 at 11:46:34AM -0600, Nate Williams wrote: > > > > No, sendfile() is only for TCP connections, TFTP is using UDP. If you > > > > want performance, use something else. > > > It's even in the manpage: > > > Sendfile() sends a regular file specified by descriptor fd out a stream > > > socket specified by descriptor s. > > > > > > Silly me. BTW, I can't use anything else. Are there any alternatives to > > > TFTP for booting machines off the network? (using standard, PC components) > > > > USE TFTP to get a tiny image up, and then go TCP. > > > > There are also lightweight TCP stacks that fit in 8K or 16K; you > > could come up with your own protocol, or decide to use FTP instead > > of TFTP for the download. > > > > In general, the faster you get to something TCP based, the happier > > you will be, so if you *must* use TFTP, then make the boot image > > really, really small. > > Going to TCP soon assumes that you have a lossless medium in order to > transmit packets over. If you're using a lossy medium, TFTP (and other > UDP based protocols) can kick their butt because of TCP's assumption > that packet loss is a function of congestion, which is often not the > case in lossy mediums such as wirless. :( tftp in particular probably won't, because it uses the same packet window concept as TCP, but with the window set to 1. It is a protocol that is braindead by design, in order to be simple to implement. It was never pretended that performance was a design goal. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 11:30:11 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from avocet.prod.itd.earthlink.net (avocet.mail.pas.earthlink.net [207.217.120.50]) by hub.freebsd.org (Postfix) with ESMTP id AB48F37B400; Tue, 23 Apr 2002 11:29:44 -0700 (PDT) Received: from pool0547.cvx22-bradley.dialup.earthlink.net ([209.179.200.37] helo=mindspring.com) by avocet.prod.itd.earthlink.net with esmtp (Exim 3.33 #2) id 17052U-0004nn-00; Tue, 23 Apr 2002 11:29:18 -0700 Message-ID: <3CC5A7DC.FD06DC11@mindspring.com> Date: Tue, 23 Apr 2002 11:28:44 -0700 From: Terry Lambert X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Jochem Kossen Cc: frank@exit.com, Greg 'groggy' Lehey , hackers@FreeBSD.ORG Subject: Re: Security through obscurity? (and /etc/defaults/rc.conf changes) References: <200204231454.g3NEsxFR019646@realtime.exit.com> <200204231839.44923.j.kossen@home.nl> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Jochem Kossen wrote: > On Tuesday 23 April 2002 16:54, Frank Mayhar wrote: > > Jochem Kossen wrote: > > > Because things evolve? :) > > > > You say "evolve." I say "get broken." > > Don't tell me that in 11 years, defaults never change When the routing code was changed, back in the mid 1990's, X.25 and ISODE were both broken, for lack of maintenance: the changes were not made globally. X.25 and ISODE were then removed "due to bit rot". The entire idea of "bit rot" is really "the code did not keep ``up to date'' with my changes, which broke the code", which is really a ridiculous position. It really pissed me off when the AHA-1742 support dropped out when CAM came in, but that, at least, was understandable, since it was a trade: something deisrable for something less desirable to the majority of users. You really *can not* blame breaking "something that used to work but which no longer works" on "evolution". > > It's not obvious when one has been starting X with the same command > > for years and it has never before changed. Gee, seems to seriously > > violate POLA, eh? > > I agree, but i still wonder why people didn't come up with it sooner Mostly, because most people don't run -current, and because the X11 distribution is not nearly as modular as it should be, if this type of change is to be generally permitted. > > Just don't do it in the first place. If you must have this, make a > > _new_ command ("secure-startx," perhaps) and point to it in the > > release notes. > > This is a very good idea IMHO, although without the patch 'startx > -nolisten_tcp' works too...Then i'd say rip the patch out completely That handles this particular case, but dodges the general policy issue ...which I guess is the point: "Never put off until tomorrow what you can put off indefinitely" ;^). > It is useless to _me_ because i don't use it. Like i said in a previous > mail, I didn't like the default, so I sent in the patch as a proposal > to the ports@ mailinglist, and they all seemed to like it too. Nobody > complained, thus the patch was integrated. Simple. Not the most likely place for X11 people to see the issue and become involved in a discussion: X11 is unfortunately not a proper port in the common case, but is rather a set of distfiles: a tar archive split into chunks, and managed by "sysinstall". -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 11:34:35 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from ns.yogotech.com (ns.yogotech.com [206.127.123.66]) by hub.freebsd.org (Postfix) with ESMTP id 2DD3437B41B for ; Tue, 23 Apr 2002 11:34:27 -0700 (PDT) Received: from caddis.yogotech.com (caddis.yogotech.com [206.127.123.130]) by ns.yogotech.com (8.9.3/8.9.3) with ESMTP id MAA09117; Tue, 23 Apr 2002 12:34:25 -0600 (MDT) (envelope-from nate@yogotech.com) Received: (from nate@localhost) by caddis.yogotech.com (8.11.6/8.11.6) id g3NIYPf70245; Tue, 23 Apr 2002 12:34:25 -0600 (MDT) (envelope-from nate) From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15557.43312.713502.540548@caddis.yogotech.com> Date: Tue, 23 Apr 2002 12:34:24 -0600 To: utsl@quic.net Cc: Nate Williams , hackers@FreeBSD.ORG Subject: Re: sendfile() in tftpd? In-Reply-To: <20020423182839.GA22074@quic.net> References: <3CC59C44.13013A1E@mindspring.com> <15557.40442.852602.681416@caddis.yogotech.com> <20020423182839.GA22074@quic.net> X-Mailer: VM 6.96 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid Reply-To: nate@yogotech.com (Nate Williams) Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG [ TFTP performance is poor ] > > > USE TFTP to get a tiny image up, and then go TCP. > > > > > > Going to TCP soon assumes that you have a lossless medium in order to > > transmit packets over. If you're using a lossy medium, TFTP (and other > > UDP based protocols) can kick their butt because of TCP's assumption > > that packet loss is a function of congestion, which is often not the > > case in lossy mediums such as wirless. :( > > tftp in particular probably won't, because it uses the same packet > window concept as TCP, but with the window set to 1. Actually, it still tends to kick TCP's butt in very lossy networks, because or resends and other vaguaries of TCP. We've done benchmarks, and when packet loss gets bad, TCP backoff algorithm (which causes window size shrinkage *and* increases in resend delays) cause TCP to slow to a crawl. We've found that TFTP's timeouts tend to work better, although it may be more an issue of having the lower overhead vs. TCP. > It is a protocol that is braindead by design, in order to be simple to > implement. It was never pretended that performance was a design goal. Completely agreed on that point. Another point worth mentioning is that it's rather trivial to add in some extensions to TFTP (that are backwards compatible) to speed it up by increasing the window size to even 2 packets. We were able to do that and it almost halved the transfer times. :) However, it required slight modifications on the part of the sender, and the ability to recognize when the double window size modification had to be disabled because certain (very slow) pieces of hardware couldn't handle even the slight speedup of packets. Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 11:37:16 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from avocet.prod.itd.earthlink.net (avocet.mail.pas.earthlink.net [207.217.120.50]) by hub.freebsd.org (Postfix) with ESMTP id 6C8EF37B41D for ; Tue, 23 Apr 2002 11:37:08 -0700 (PDT) Received: from pool0547.cvx22-bradley.dialup.earthlink.net ([209.179.200.37] helo=mindspring.com) by avocet.prod.itd.earthlink.net with esmtp (Exim 3.33 #2) id 17059d-0006LI-00; Tue, 23 Apr 2002 11:36:42 -0700 Message-ID: <3CC5A999.A1A4D313@mindspring.com> Date: Tue, 23 Apr 2002 11:36:09 -0700 From: Terry Lambert X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Nate Williams Cc: Attila Nagy , Tomas Svensson , hackers@FreeBSD.ORG Subject: Re: sendfile() in tftpd? References: <3CC59C44.13013A1E@mindspring.com> <15557.40442.852602.681416@caddis.yogotech.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Nate Williams wrote: > Going to TCP soon assumes that you have a lossless medium in order to > transmit packets over. If you're using a lossy medium, TFTP (and other > UDP based protocols) can kick their butt because of TCP's assumption > that packet loss is a function of congestion, which is often not the > case in lossy mediums such as wirless. :( THat's true. I can't really think of an example of such a medium, though, that you would still trust to netboot something. 8-). Maybe 802.11b. 8-(. The specific problem here is that "UDP is ``too slow''"; it looks like a classic "Doctor, it hurts when I do this...". 8-) 8-). -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 11:39:14 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from winston.freebsd.org (adsl-64-173-15-98.dsl.sntc01.pacbell.net [64.173.15.98]) by hub.freebsd.org (Postfix) with ESMTP id D517637B41A for ; Tue, 23 Apr 2002 11:39:04 -0700 (PDT) Received: from winston.freebsd.org (jkh@localhost [127.0.0.1]) by winston.freebsd.org (8.12.2/8.12.2) with ESMTP id g3NId17W013640 for ; Tue, 23 Apr 2002 11:39:01 -0700 (PDT) (envelope-from jkh@winston.freebsd.org) Received: (from jkh@localhost) by winston.freebsd.org (8.12.2/8.12.2/Submit) id g3NId1UR013639 for hackers@freebsd.org; Tue, 23 Apr 2002 11:39:01 -0700 (PDT) Date: Tue, 23 Apr 2002 11:39:01 -0700 (PDT) From: Jordan Hubbard Message-Id: <200204231839.g3NId1UR013639@winston.freebsd.org> To: hackers@freebsd.org Subject: Erm, since everyone managed to HIJACK my sshd thread! ;) Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I'm going to commit the following in 48 hours unless someone can convince me that it's a good idea for FreeBSD to be the odd-OS out with respect to this behavior: Index: sshd_config =================================================================== RCS file: /home/ncvs/src/crypto/openssh/sshd_config,v retrieving revision 1.4.2.6 diff -u -r1.4.2.6 sshd_config --- sshd_config 28 Sep 2001 01:33:35 -0000 1.4.2.6 +++ sshd_config 23 Apr 2002 18:38:01 -0000 @@ -48,8 +48,8 @@ PasswordAuthentication yes PermitEmptyPasswords no -# Uncomment to disable s/key passwords -#ChallengeResponseAuthentication no +# Comment out to enable s/key passwords +ChallengeResponseAuthentication no # To change Kerberos options #KerberosAuthentication no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 11:40:21 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from ns.yogotech.com (ns.yogotech.com [206.127.123.66]) by hub.freebsd.org (Postfix) with ESMTP id CFC6E37B420 for ; Tue, 23 Apr 2002 11:40:17 -0700 (PDT) Received: from caddis.yogotech.com (caddis.yogotech.com [206.127.123.130]) by ns.yogotech.com (8.9.3/8.9.3) with ESMTP id MAA09192; Tue, 23 Apr 2002 12:40:06 -0600 (MDT) (envelope-from nate@yogotech.com) Received: (from nate@localhost) by caddis.yogotech.com (8.11.6/8.11.6) id g3NIe5E70331; Tue, 23 Apr 2002 12:40:05 -0600 (MDT) (envelope-from nate) From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15557.43653.372778.443036@caddis.yogotech.com> Date: Tue, 23 Apr 2002 12:40:05 -0600 To: Terry Lambert Cc: Nate Williams , Attila Nagy , Tomas Svensson , hackers@FreeBSD.ORG Subject: Re: sendfile() in tftpd? In-Reply-To: <3CC5A999.A1A4D313@mindspring.com> References: <3CC59C44.13013A1E@mindspring.com> <15557.40442.852602.681416@caddis.yogotech.com> <3CC5A999.A1A4D313@mindspring.com> X-Mailer: VM 6.96 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid Reply-To: nate@yogotech.com (Nate Williams) Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > > Going to TCP soon assumes that you have a lossless medium in order to > > transmit packets over. If you're using a lossy medium, TFTP (and other > > UDP based protocols) can kick their butt because of TCP's assumption > > that packet loss is a function of congestion, which is often not the > > case in lossy mediums such as wireless. :( > > THat's true. I can't really think of an example of such a > medium, though, that you would still trust to netboot something. > 8-). > > Maybe 802.11b. 8-(. Exactly! Or, something that boots remotely over satellite (for easier maintenance). > The specific problem here is that "UDP is ``too slow''"; it looks > like a classic "Doctor, it hurts when I do this...". 8-) 8-). Actually, UDP is actually *faster* than TCP in these sorts of environments, if you know what you are doing. :) :) :) :) Overhead during a demo of my former company was demo'ing a product to a client, while the client was talking to our competitor. 'Hmm, how come your product doesn't do anything, when their product seems to be working fine here.....'. Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 11:46:47 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by hub.freebsd.org (Postfix) with ESMTP id EE83037B422 for ; Tue, 23 Apr 2002 11:46:21 -0700 (PDT) Received: by elvis.mu.org (Postfix, from userid 1192) id C3885AE026; Tue, 23 Apr 2002 11:46:21 -0700 (PDT) Date: Tue, 23 Apr 2002 11:46:21 -0700 From: Alfred Perlstein To: Jordan Hubbard Cc: hackers@freebsd.org Subject: Re: Erm, since everyone managed to HIJACK my sshd thread! ;) Message-ID: <20020423184621.GU38320@elvis.mu.org> References: <200204231839.g3NId1UR013639@winston.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200204231839.g3NId1UR013639@winston.freebsd.org> User-Agent: Mutt/1.3.27i Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG * Jordan Hubbard [020423 11:39] wrote: > I'm going to commit the following in 48 hours unless someone can > convince me that it's a good idea for FreeBSD to be the odd-OS out > with respect to this behavior: Please do it. > > Index: sshd_config > =================================================================== > RCS file: /home/ncvs/src/crypto/openssh/sshd_config,v > retrieving revision 1.4.2.6 > diff -u -r1.4.2.6 sshd_config > --- sshd_config 28 Sep 2001 01:33:35 -0000 1.4.2.6 > +++ sshd_config 23 Apr 2002 18:38:01 -0000 > @@ -48,8 +48,8 @@ > PasswordAuthentication yes > PermitEmptyPasswords no > > -# Uncomment to disable s/key passwords > -#ChallengeResponseAuthentication no > +# Comment out to enable s/key passwords > +ChallengeResponseAuthentication no > > # To change Kerberos options > #KerberosAuthentication no > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message -- -Alfred Perlstein [alfred@freebsd.org] 'Instead of asking why a piece of software is using "1970s technology," start asking why software is ignoring 30 years of accumulated wisdom.' Tax deductible donations for FreeBSD: http://www.freebsdfoundation.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 11:51:46 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 03B8B37B41E; Tue, 23 Apr 2002 11:51:39 -0700 (PDT) Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.11.6/8.11.6) with SMTP id g3NIbDw00612; Tue, 23 Apr 2002 14:37:14 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Tue, 23 Apr 2002 14:37:12 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Terry Lambert Cc: "Greg 'groggy' Lehey" , Jordan Hubbard , Oscar Bonilla , Anthony Schneider , Mike Meyer , hackers@FreeBSD.ORG Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) In-Reply-To: <3CC5A2D9.D9FB84A3@mindspring.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, 23 Apr 2002, Terry Lambert wrote: > Robert Watson wrote: > > A more conservative default configuration results in a material > > improvement in system security. > > I really don't think there's any way to fully protect a > security-unconscious user, as if they had spent the time to learn what > was necessary, and chosen the right settings for their site. Nothing > can replace a system administrator who knows which end is up. I'll agree with the assertion that users unaware of a security threat, or unwilling to address a threat, are hard to prevent from shooting themselves in the feet. > I think that trying to do this is doomed to failure, in that it will > engender a false sense of security which is, in many cases, unwarranted > and dangerous. This is particularly true for FreeBSD, where the first > thing anyone ever does with the system is install packages/ports which > may themselves have undocumented security vulnerabilities (or even > documented ones for which the documentation is ignored). "System programming is hard, let's go shopping". Here I'll disagree with you: we make a concerted effort to produce a system that is safe to use. This involves a number of things, and it doesn't just mean security fixes. I would argue that we have a moral obligation to do so. Sure, we can't fix every port or package, but we do actually make an effort to take a look through the more important/common ones for obvious problems, and we are trying to move to architectures that permit ports that have previously required privilege to run with less privilege. For example, one of the projects Thomas Moestl worked on on the -CURRENT branch was to reduce the reliance on kmem access for system monitoring tools. The result is that base system tools (such as top) can now often run without any extra privilege. But a positive side effect is that many non-base system tools can also run without privilege they previously required. Someone who's unaware or unwilling to address security issues will *still* be safer if we provide a safer system. If they are going maliciously out of their way, sure, there will be problems, but if they don't need telnet, and we disable telnet by default, we have actually produced a safer system for them. And if they do need telnet, it's easy to turn on. > This is particularly true when the system is running X11, as the system > *never* *only* runs X11, but instead has all sorts of clients installed, > as well, and generally a significant set of unaudited software, such as > KDE, which you can attack via CORBA much easier than you could ever hope > to directly attack an X11 server, whose defaults already do not permit > remote connections through intrinsic access controls in the server > ("xhost", et. al.). I think you've correctly identified an area where a lot of future security work is needed. However, that doesn't negate the need for security work in the base system, because without a secure base system, you're building everything else on sand. If you have the time and resources to spend helping to kick KDE and its related dependencies into shape, I welcome your doing that. It's something I haven't had time to work with yet, but have definite future plans to do. Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 11:54: 0 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mailhub.yumyumyum.org (dsl092-171-091.wdc1.dsl.speakeasy.net [66.92.171.91]) by hub.freebsd.org (Postfix) with SMTP id 9B9C737B41D for ; Tue, 23 Apr 2002 11:53:42 -0700 (PDT) Received: (qmail 30479 invoked from network); 23 Apr 2002 18:53:18 -0000 Received: from dsl092-171-091.wdc1.dsl.speakeasy.net (66.92.171.91) by dsl092-171-091.wdc1.dsl.speakeasy.net with SMTP; 23 Apr 2002 18:53:18 -0000 Date: Tue, 23 Apr 2002 14:53:18 -0400 (EDT) From: Kenneth Culver To: Jordan Hubbard Cc: hackers@FreeBSD.ORG Subject: Re: Erm, since everyone managed to HIJACK my sshd thread! ;) In-Reply-To: <200204231839.g3NId1UR013639@winston.freebsd.org> Message-ID: <20020423145307.U30465-100000@alpha.yumyumyum.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG PLEASE commit this :-) It's so annoying. Ken On Tue, 23 Apr 2002, Jordan Hubbard wrote: > I'm going to commit the following in 48 hours unless someone can > convince me that it's a good idea for FreeBSD to be the odd-OS out > with respect to this behavior: > > Index: sshd_config > =================================================================== > RCS file: /home/ncvs/src/crypto/openssh/sshd_config,v > retrieving revision 1.4.2.6 > diff -u -r1.4.2.6 sshd_config > --- sshd_config 28 Sep 2001 01:33:35 -0000 1.4.2.6 > +++ sshd_config 23 Apr 2002 18:38:01 -0000 > @@ -48,8 +48,8 @@ > PasswordAuthentication yes > PermitEmptyPasswords no > > -# Uncomment to disable s/key passwords > -#ChallengeResponseAuthentication no > +# Comment out to enable s/key passwords > +ChallengeResponseAuthentication no > > # To change Kerberos options > #KerberosAuthentication no > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 11:57:37 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from snipe.prod.itd.earthlink.net (snipe.mail.pas.earthlink.net [207.217.120.62]) by hub.freebsd.org (Postfix) with ESMTP id 0BC5837B404; Tue, 23 Apr 2002 11:57:21 -0700 (PDT) Received: from pool0547.cvx22-bradley.dialup.earthlink.net ([209.179.200.37] helo=mindspring.com) by snipe.prod.itd.earthlink.net with esmtp (Exim 3.33 #2) id 1705TX-0000hV-00; Tue, 23 Apr 2002 11:57:16 -0700 Message-ID: <3CC5AE6E.9622AF93@mindspring.com> Date: Tue, 23 Apr 2002 11:56:46 -0700 From: Terry Lambert X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Robert Watson Cc: Greg 'groggy' Lehey , Jordan Hubbard , Oscar Bonilla , Anthony Schneider , Mike Meyer , hackers@FreeBSD.org Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Robert Watson wrote: > "System programming is hard, let's go shopping". This is exactly the phrase that comes to mind every time someone yanks the plug on a service they are afraid might one day have an exploit found for it. > Someone who's unaware or unwilling to address security issues will *still* > be safer if we provide a safer system. If they are going maliciously out > of their way, sure, there will be problems, but if they don't need telnet, > and we disable telnet by default, we have actually produced a safer system > for them. And if they do need telnet, it's easy to turn on. "Securing telnet is hard; let's turn it off and go shopping". 8-). > I think you've correctly identified an area where a lot of future security > work is needed. However, that doesn't negate the need for security work > in the base system, because without a secure base system, you're building > everything else on sand. If you have the time and resources to spend > helping to kick KDE and its related dependencies into shape, I welcome > your doing that. It's something I haven't had time to work with yet, but > have definite future plans to do. No one has *that* much time. Auditing that code base would be on the order of the difficulty of auditing Windows, and we have the source code the KDE. I agree that the base system needs to be secure, but I think you either trust your security model, or you don't: X11 *does* have a security model, even if it doesn't encrypt all the traffic over all its connections by default. If the security model is flawed, then it needs to be fixed, not turned off. I think it's a lot worse to leave a vulnerable telnetd turned off by default but available to be turned on, than to have one that's non-vulnerable turned on by default. The fear that someone is going to find a vulnerability should be balanced by the idea that someone is going to fix it, not balanced by the idea that that you can hide the vulnerability by not running the vulnerable code, "mostly". I guess this is a basica philosophical difference: IMO, exposure equals the probability of a fix. Turning things off belongs in the firewall code. FWIW: I wouldn't object to a firewall rule that disallowed remote TCP connections to the X server by default, if the firewall is enabled. I think we already have this... -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 11:59:42 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from guru.mired.org (dsl-64-192-6-133.telocity.com [64.192.6.133]) by hub.freebsd.org (Postfix) with ESMTP id B43DD37B41D for ; Tue, 23 Apr 2002 11:59:34 -0700 (PDT) Received: (from mwm@localhost) by guru.mired.org (8.11.1/8.11.2) id g3NIxWd37935 for hackers@freebsd.org; Tue, 23 Apr 2002 13:59:32 -0500 (CDT) (envelope-from mwm-dated-1020020372.0106ca@mired.org) X-Authentication-Warning: guru.mired.org: mwm set sender to mwm-dated-1020020372.0106ca@mired.org using -f MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15557.44819.523368.92026@guru.mired.org> Date: Tue, 23 Apr 2002 13:59:31 -0500 To: Jordan Hubbard Cc: hackers@freebsd.org Subject: Re: Erm, since everyone managed to HIJACK my sshd thread! ;) In-Reply-To: <200204231839.g3NId1UR013639@winston.freebsd.org> References: <200204231839.g3NId1UR013639@winston.freebsd.org> X-Mailer: VM 6.90 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG% *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\ From: Mike Meyer X-Delivery-Agent: TMDA/0.51 (Python 2.2 on FreeBSD/i386) Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In <200204231839.g3NId1UR013639@winston.freebsd.org>, Jordan Hubbard typed: > I'm going to commit the following in 48 hours unless someone can > convince me that it's a good idea for FreeBSD to be the odd-OS out > with respect to this behavior: If someone objects, let me know and I'll pay them a visit with a baseball bat and "explain" things to them. Index: sshd_config > =================================================================== > RCS file: /home/ncvs/src/crypto/openssh/sshd_config,v > retrieving revision 1.4.2.6 > diff -u -r1.4.2.6 sshd_config > --- sshd_config 28 Sep 2001 01:33:35 -0000 1.4.2.6 > +++ sshd_config 23 Apr 2002 18:38:01 -0000 > @@ -48,8 +48,8 @@ > PasswordAuthentication yes > PermitEmptyPasswords no > > -# Uncomment to disable s/key passwords > -#ChallengeResponseAuthentication no > +# Comment out to enable s/key passwords > +ChallengeResponseAuthentication no > > # To change Kerberos options > #KerberosAuthentication no > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message > -- Mike Meyer http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 12: 1:30 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from snipe.prod.itd.earthlink.net (snipe.mail.pas.earthlink.net [207.217.120.62]) by hub.freebsd.org (Postfix) with ESMTP id 4B19937B41D for ; Tue, 23 Apr 2002 12:01:15 -0700 (PDT) Received: from pool0547.cvx22-bradley.dialup.earthlink.net ([209.179.200.37] helo=mindspring.com) by snipe.prod.itd.earthlink.net with esmtp (Exim 3.33 #2) id 1705XF-0006B1-00; Tue, 23 Apr 2002 12:01:05 -0700 Message-ID: <3CC5AF54.8FB22B16@mindspring.com> Date: Tue, 23 Apr 2002 12:00:36 -0700 From: Terry Lambert X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Jordan Hubbard Cc: hackers@freebsd.org Subject: Re: Erm, since everyone managed to HIJACK my sshd thread! ;) References: <200204231839.g3NId1UR013639@winston.freebsd.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Jordan Hubbard wrote: > I'm going to commit the following in 48 hours unless someone can > convince me that it's a good idea for FreeBSD to be the odd-OS out > with respect to this behavior: [ ... ] > -# Uncomment to disable s/key passwords > -#ChallengeResponseAuthentication no > +# Comment out to enable s/key passwords > +ChallengeResponseAuthentication no IMO, the default, in the absence of an option, should be "no". So the patch should both set the default in the source code, and change the file, like so: -# Uncomment to disable s/key passwords -#ChallengeResponseAuthentication no +# Uncomment to enable s/key passwords +#ChallengeResponseAuthentication yes -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 12: 6:21 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from guru.mired.org (dsl-64-192-6-133.telocity.com [64.192.6.133]) by hub.freebsd.org (Postfix) with ESMTP id 6AA9A37B421 for ; Tue, 23 Apr 2002 12:06:12 -0700 (PDT) Received: (from mwm@localhost) by guru.mired.org (8.11.1/8.11.2) id g3NJ6Bi38093 for hackers@FreeBSD.org; Tue, 23 Apr 2002 14:06:11 -0500 (CDT) (envelope-from mwm-dated-1020020771.b5d75f@mired.org) X-Authentication-Warning: guru.mired.org: mwm set sender to mwm-dated-1020020771.b5d75f@mired.org using -f MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15557.45217.735707.188605@guru.mired.org> Date: Tue, 23 Apr 2002 14:06:09 -0500 To: Jochem Kossen Cc: "Greg 'groggy' Lehey" , hackers@FreeBSD.org, "Greg 'groggy' Lehey" , hackers@FreeBSD.org Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) In-Reply-To: <20020423032146.A490@HAL9000.wox.org> References: <200204231009.51297.j.kossen@home.nl> <20020423183452.M6425@wantadilla.lemis.com> <200204231206.01451.j.kossen@home.nl> <11670.1019530386@winston.freebsd.org> <20020423131646.I6425@wantadilla.lemis.com> <20020423032146.A490@HAL9000.wox.org> X-Mailer: VM 6.90 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG% *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\ From: Mike Meyer X-Delivery-Agent: TMDA/0.51 (Python 2.2 on FreeBSD/i386) Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In <200204231206.01451.j.kossen@home.nl>, Jochem Kossen typed: > On Tuesday 23 April 2002 11:04, you wrote: > OK, then i suggest we mention it in the handbook, the security policy > document, the manpage AND the release notes :) None of those are things that are on the "Must read" list for people tracking -STABLE, instead of -RELEASE. I believe UPDATING is the only such document. FWIW, I ran into this, and asked about it on -questions. Got the solution, then finally got around to making ssh forward X11 properly so I no longer use it. http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 12: 6:21 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from guru.mired.org (dsl-64-192-6-133.telocity.com [64.192.6.133]) by hub.freebsd.org (Postfix) with ESMTP id 24DD337B41E for ; Tue, 23 Apr 2002 12:06:12 -0700 (PDT) Received: (from mwm@localhost) by guru.mired.org (8.11.1/8.11.2) id g3NJ6BI38085 for hackers@FreeBSD.ORG; Tue, 23 Apr 2002 14:06:11 -0500 (CDT) (envelope-from mwm-dated-1020020771.b5d75f@mired.org) X-Authentication-Warning: guru.mired.org: mwm set sender to mwm-dated-1020020771.b5d75f@mired.org using -f MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15557.45217.735707.188605@guru.mired.org> Date: Tue, 23 Apr 2002 14:06:09 -0500 To: Jochem Kossen Cc: "Greg 'groggy' Lehey" , hackers@FreeBSD.ORG, "Greg 'groggy' Lehey" , hackers@FreeBSD.ORG Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) In-Reply-To: <20020423032146.A490@HAL9000.wox.org> References: <200204231009.51297.j.kossen@home.nl> <20020423183452.M6425@wantadilla.lemis.com> <200204231206.01451.j.kossen@home.nl> <11670.1019530386@winston.freebsd.org> <20020423131646.I6425@wantadilla.lemis.com> <20020423032146.A490@HAL9000.wox.org> X-Mailer: VM 6.90 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG% *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\ From: Mike Meyer X-Delivery-Agent: TMDA/0.51 (Python 2.2 on FreeBSD/i386) Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In <200204231206.01451.j.kossen@home.nl>, Jochem Kossen typed: > On Tuesday 23 April 2002 11:04, you wrote: > OK, then i suggest we mention it in the handbook, the security policy > document, the manpage AND the release notes :) None of those are things that are on the "Must read" list for people tracking -STABLE, instead of -RELEASE. I believe UPDATING is the only such document. FWIW, I ran into this, and asked about it on -questions. Got the solution, then finally got around to making ssh forward X11 properly so I no longer use it. http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 12: 6:51 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from snipe.prod.itd.earthlink.net (snipe.mail.pas.earthlink.net [207.217.120.62]) by hub.freebsd.org (Postfix) with ESMTP id B474A37B404 for ; Tue, 23 Apr 2002 12:06:22 -0700 (PDT) Received: from pool0547.cvx22-bradley.dialup.earthlink.net ([209.179.200.37] helo=mindspring.com) by snipe.prod.itd.earthlink.net with esmtp (Exim 3.33 #2) id 1705c8-0005aK-00; Tue, 23 Apr 2002 12:06:08 -0700 Message-ID: <3CC5B083.B9624E36@mindspring.com> Date: Tue, 23 Apr 2002 12:05:39 -0700 From: Terry Lambert X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Nate Williams Cc: Attila Nagy , Tomas Svensson , hackers@FreeBSD.ORG Subject: Re: sendfile() in tftpd? References: <3CC59C44.13013A1E@mindspring.com> <15557.40442.852602.681416@caddis.yogotech.com> <3CC5A999.A1A4D313@mindspring.com> <15557.43653.372778.443036@caddis.yogotech.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Nate Williams wrote: > > Maybe 802.11b. 8-(. > > Exactly! Or, something that boots remotely over satellite (for easier > maintenance). Or cable modems, booting from the cable plant. Actually, there's a lot of uses, the more you think about it, even though I think you'd have to be pretty insane to let someone dictate what software you run in your network access device. I guess cell phone users put up with it, though... it looks like Verizon and Qualcomm and a couple of others are now writing their contracts so they can download new crap to your phone and rearrrange your menus without your permission, or make you have to scroll through an advertisement before you can dial, etc.. I just keep thinking of some jerk on my cable segment responding to the "boot me" request, and proxying to the real cable plant. 8-(. > > The specific problem here is that "UDP is ``too slow''"; it looks > > like a classic "Doctor, it hurts when I do this...". 8-) 8-). > > Actually, UDP is actually *faster* than TCP in these sorts of > environments, if you know what you are doing. :) :) :) :) > > Overhead during a demo of my former company was demo'ing a product to a > client, while the client was talking to our competitor. > > 'Hmm, how come your product doesn't do anything, when their product > seems to be working fine here.....'. 8-) 8-). I love that when that happens... "Um, uh, er...". -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 12:33:35 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from crufty.research.bell-labs.com (crufty.research.bell-labs.com [204.178.16.49]) by hub.freebsd.org (Postfix) with ESMTP id 417F337B41F; Tue, 23 Apr 2002 12:33:21 -0700 (PDT) Received: from scummy.research.bell-labs.com (H-135-104-2-10.research.bell-labs.com [135.104.2.10]) by crufty.research.bell-labs.com (8.12.2/8.12.2) with ESMTP id g3NJX2Xt045621; Tue, 23 Apr 2002 15:33:02 -0400 (EDT) Received: from aura.research.bell-labs.com (aura.research.bell-labs.com [135.104.46.10]) by scummy.research.bell-labs.com (8.11.6/8.11.6) with ESMTP id g3NJWuk11943; Tue, 23 Apr 2002 15:32:56 -0400 (EDT) Received: from fgupcmh (fgu-pcmh.research.bell-labs.com [135.104.47.121]) by aura.research.bell-labs.com (8.12.2/8.12.2) with SMTP id g3NJWSEJ008018; Tue, 23 Apr 2002 15:32:28 -0400 (EDT) Reply-To: From: "Fengrui Gu" To: , Cc: Subject: Problems with nge driver and copper GbE cards Date: Tue, 23 Apr 2002 15:32:38 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I am evaluating copper GbE cards for our lab. According to previous talk threads, it seems that SMC9462TX has better performance than NetGear cards. I bought two SMC9462TX cards and connect them through a Cat 5e cross-link cable. The machines in use are two dual PIII 733Mhz with 756MB memory. I use 32bit/33Mhz PCI slots. I know PCI bus of 32bit/33Mhz is slow but the major purpose of evaluation is to compare the performance between copper and Fiber GbE cards. There are another two identical dual PIII 733Mhz machines installed NetGear 620 Fiber GbE cards(using ti driver). So it is not an issue. I am using FreeBSD 4.5 and statically link nge driver into the kernel. First, there are a lot of "link up" messages from nge driver. I guess this has been reported. I use a small program to measure TCP performance. Basically, it sends 1G or 2G data over the network and calculate time and bit rate. The link between two copper GbE cards became unavailable after some TCP runs. There is no response from "ping". The kernel didn't report error messages except some new "link up" messages. There is no abnormal from the output of "ifconfig -a". Based on some suggestions(master or slave mode), I issued command "ifconfig nge0 link0". The link would be back sometimes but not always. Did anyone suffer the same problem? Second, it seems that the link is more stable with UDP traffic though it became unavailable now and then. I could manage to collect some UPD performance data: UDP performance(sender) w/o jumbo frame w/ jumbo frame copper GbE 510Mb/s 632Mb/s (SMC9462Tx) Fiber GbE 750Mb/s 856Mb/s (GA 620) (Note: data are from the results of netperf and shared the same parameters). Did anybody knows why copper GbE cards are so slow? Both copper and Fiber GbE cards are in the same kind of PCI slot and identical machines. The extra memory on GA620 should not cause 40-50% difference in my opinion. Third, I had trouble to set half-duplex mode on nge0. If I issued command "ifconfig nge0 media 1000baseTX mediaopt half-duplex", I got the following error message "ifconfig: SIOCSIFMEDIA: Device not configured" I don't have trouble to issue command "ifconfig nge0 media 1000baseTX mediaopt full-duplex". thanks, --Fengrui To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 12:55:30 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from tinker.exit.com (tinker.exit.com [206.223.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 3B61F37B448; Tue, 23 Apr 2002 12:54:32 -0700 (PDT) Received: from realtime.exit.com (realtime [206.223.0.5]) by tinker.exit.com (8.12.3/8.12.3) with ESMTP id g3NJsDcN078908; Tue, 23 Apr 2002 12:54:13 -0700 (PDT) (envelope-from frank@exit.com) Received: from realtime.exit.com (localhost [127.0.0.1]) by realtime.exit.com (8.12.2/8.12.2) with ESMTP id g3NJrxwn025080; Tue, 23 Apr 2002 12:53:59 -0700 (PDT) (envelope-from frank@realtime.exit.com) Received: (from frank@localhost) by realtime.exit.com (8.12.2/8.12.2/Submit) id g3NJrunH025061; Tue, 23 Apr 2002 12:53:56 -0700 (PDT) From: Frank Mayhar Message-Id: <200204231953.g3NJrunH025061@realtime.exit.com> Subject: More about security, X, rc.conf and changing defaults. In-Reply-To: <3CC5AE6E.9622AF93@mindspring.com> To: Terry Lambert Date: Tue, 23 Apr 2002 12:53:56 -0700 (PDT) Cc: Robert Watson , "Greg 'groggy' Lehey" , Jordan Hubbard , Oscar Bonilla , Anthony Schneider , Mike Meyer , hackers@FreeBSD.ORG Reply-To: frank@exit.com Organization: Exit Consulting X-Copyright0: Copyright 2002 Frank Mayhar. All Rights Reserved. X-Copyright1: Permission granted for electronic reproduction as Usenet News or email only. X-Mailer: ELM [version 2.4ME+ PL95a (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Terry Lambert wrote: > FWIW: I wouldn't object to a firewall rule that disallowed remote > TCP connections to the X server by default, if the firewall is > enabled. I think we already have this... Yep, I agree, and whether or not it's in the distributed rc.firewall, I have the ports blocked in my hand-tuned version. As to Stijn's remarks, he is putting up a strawman at best. If a person runs X, it should be their responsibility to make sure that it's secure. Just like if they ran Windows or any other software with potential security holes. X is plastered with warnings as it is, why do we need to cripple a function it supports? Stijn, if it "opens up a hole in your network," that's _your_ problem, not mine. There are many other ways to secure your network than by turning off tcp connections by default in the X server. Hey, I'm not objecting to adding the capability, I'm just objecting to the fact that it was imposed upon everyone else by fiat and (worse) without warning. And before people start saying again that this only affects a port and is irrelevant to the operating system itself, this is one symptom of what I see as a worsening problem. I agree with Warner that the former default should only be supported until the next major release, but that former default _should be supported_. Yeah, it's up to me as a sysadmin to notice this stuff and fix it, but how many people pay that much attention to the stuff in /etc/defaults when they are in the middle of upgrading a bread-and- butter system (to get it closer to the current -stable, so later improvements won't be so difficult to bring in) and are going as fast as they can? Much better, IMNSHO, to create the new /etc/rc.override (or whatever) script and let it bug the admin about the fact that the defaults have changed. And _not_ spring this sort of thing on the FreeBSD world unawares. Not all of us have time to pay attention to the mailing lists (or even _one_ of the mailing lists) to catch this sort of thing before it gets committed. Hey, I'm a software engineer for Wind River (with a fulltime job there), plus sole engineer and sysadmin for my own side business. I barely have time for _sleep_. -- Frank Mayhar frank@exit.com http://www.exit.com/ Exit Consulting http://www.gpsclock.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 12:59:52 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from quic.net (romulus.quic.net [216.23.27.8]) by hub.freebsd.org (Postfix) with SMTP id B159C37B42C for ; Tue, 23 Apr 2002 12:59:40 -0700 (PDT) Received: (qmail 23656 invoked by uid 1032); 23 Apr 2002 19:59:47 -0000 From: utsl@quic.net Date: Tue, 23 Apr 2002 15:59:47 -0400 To: Nate Williams Cc: hackers@FreeBSD.ORG Subject: Re: sendfile() in tftpd? Message-ID: <20020423195947.GA22950@quic.net> References: <3CC59C44.13013A1E@mindspring.com> <15557.40442.852602.681416@caddis.yogotech.com> <20020423182839.GA22074@quic.net> <15557.43312.713502.540548@caddis.yogotech.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <15557.43312.713502.540548@caddis.yogotech.com> User-Agent: Mutt/1.3.27i Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, Apr 23, 2002 at 12:34:24PM -0600, Nate Williams wrote: > [ TFTP performance is poor ] > > > > > USE TFTP to get a tiny image up, and then go TCP. > > > > > > > > > Going to TCP soon assumes that you have a lossless medium in order to > > > transmit packets over. If you're using a lossy medium, TFTP (and other > > > UDP based protocols) can kick their butt because of TCP's assumption > > > that packet loss is a function of congestion, which is often not the > > > case in lossy mediums such as wirless. :( > > > > tftp in particular probably won't, because it uses the same packet > > window concept as TCP, but with the window set to 1. > > Actually, it still tends to kick TCP's butt in very lossy networks, > because or resends and other vaguaries of TCP. We've done benchmarks, > and when packet loss gets bad, TCP backoff algorithm (which causes > window size shrinkage *and* increases in resend delays) cause TCP to > slow to a crawl. We've found that TFTP's timeouts tend to work better, > although it may be more an issue of having the lower overhead vs. TCP. This is an issue with TCP in your situation. You're playing with network equipment TCP wasn't designed for, and noticing that TCP isn't anywhere near perfect. It's relatively simple (see OSI before you disagree...), and optimized for common network technology at the time it was designed. (And sometimes those optimizations work...) There are things it doesn't fit well. A connection-less reliable datagram protocol might have been a better choice for http, for example. > > It is a protocol that is braindead by design, in order to be simple to > > implement. It was never pretended that performance was a design goal. > > Completely agreed on that point. Another point worth mentioning is that > it's rather trivial to add in some extensions to TFTP (that are > backwards compatible) to speed it up by increasing the window size to > even 2 packets. We were able to do that and it almost halved the > transfer times. :) Probably true, but the better solution is to find something else (or make something else) that doesn't completely suck like TFTP does. > However, it required slight modifications on the part of the sender, and > the ability to recognize when the double window size modification had to > be disabled because certain (very slow) pieces of hardware couldn't > handle even the slight speedup of packets. I suspect that you might be better off solving your lossy network issues with a layer under IP, rather than tinkering with the protocols that sit on top. Maybe a module for netgraph that does some retransmit handshaking optimized for your particular needs. ---Nathan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 13: 6: 1 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from winston.freebsd.org (adsl-64-173-15-98.dsl.sntc01.pacbell.net [64.173.15.98]) by hub.freebsd.org (Postfix) with ESMTP id 5BCAE37B425 for ; Tue, 23 Apr 2002 13:05:12 -0700 (PDT) Received: from winston.freebsd.org (jkh@localhost [127.0.0.1]) by winston.freebsd.org (8.12.2/8.12.2) with ESMTP id g3NK597W013904; Tue, 23 Apr 2002 13:05:09 -0700 (PDT) (envelope-from jkh@winston.freebsd.org) To: Terry Lambert Cc: hackers@freebsd.org Subject: Re: Erm, since everyone managed to HIJACK my sshd thread! ;) In-Reply-To: Message from Terry Lambert of "Tue, 23 Apr 2002 12:00:36 PDT." <3CC5AF54.8FB22B16@mindspring.com> Date: Tue, 23 Apr 2002 13:05:09 -0700 Message-ID: <13903.1019592309@winston.freebsd.org> From: Jordan Hubbard Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG FWIW, I agree with you, but I'm more interested in fixing this right now than I am in chasing the OpenSSH maintainers around with patches (unless we've already forked - have we?). I'll also be happy to change this twice if it turns out that getting the change into OpenSSH is easier than I thought, but I don't want just having this be fixed contingent on that. - Jordan > Jordan Hubbard wrote: > > I'm going to commit the following in 48 hours unless someone can > > convince me that it's a good idea for FreeBSD to be the odd-OS out > > with respect to this behavior: > > [ ... ] > > > -# Uncomment to disable s/key passwords > > -#ChallengeResponseAuthentication no > > +# Comment out to enable s/key passwords > > +ChallengeResponseAuthentication no > > IMO, the default, in the absence of an option, should be "no". > > So the patch should both set the default in the source code, and > change the file, like so: > > -# Uncomment to disable s/key passwords > -#ChallengeResponseAuthentication no > +# Uncomment to enable s/key passwords > +#ChallengeResponseAuthentication yes > > -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 13: 8:16 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from ns.yogotech.com (ns.yogotech.com [206.127.123.66]) by hub.freebsd.org (Postfix) with ESMTP id 5093937B431 for ; Tue, 23 Apr 2002 13:07:38 -0700 (PDT) Received: from caddis.yogotech.com (caddis.yogotech.com [206.127.123.130]) by ns.yogotech.com (8.9.3/8.9.3) with ESMTP id OAA10133; Tue, 23 Apr 2002 14:07:33 -0600 (MDT) (envelope-from nate@yogotech.com) Received: (from nate@localhost) by caddis.yogotech.com (8.11.6/8.11.6) id g3NK7Ww71111; Tue, 23 Apr 2002 14:07:32 -0600 (MDT) (envelope-from nate) From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15557.48900.773726.309492@caddis.yogotech.com> Date: Tue, 23 Apr 2002 14:07:32 -0600 To: utsl@quic.net Cc: Nate Williams , hackers@FreeBSD.ORG Subject: Re: sendfile() in tftpd? In-Reply-To: <20020423195947.GA22950@quic.net> References: <3CC59C44.13013A1E@mindspring.com> <15557.40442.852602.681416@caddis.yogotech.com> <20020423182839.GA22074@quic.net> <15557.43312.713502.540548@caddis.yogotech.com> <20020423195947.GA22950@quic.net> X-Mailer: VM 6.96 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid Reply-To: nate@yogotech.com (Nate Williams) Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > > [ TFTP performance is poor ] > > > > > > > USE TFTP to get a tiny image up, and then go TCP. > > > > > > > > > > > > Going to TCP soon assumes that you have a lossless medium in order to > > > > transmit packets over. If you're using a lossy medium, TFTP (and other > > > > UDP based protocols) can kick their butt because of TCP's assumption > > > > that packet loss is a function of congestion, which is often not the > > > > case in lossy mediums such as wirless. :( > > > > > > tftp in particular probably won't, because it uses the same packet > > > window concept as TCP, but with the window set to 1. > > > > Actually, it still tends to kick TCP's butt in very lossy networks, > > because or resends and other vaguaries of TCP. We've done benchmarks, > > and when packet loss gets bad, TCP backoff algorithm (which causes > > window size shrinkage *and* increases in resend delays) cause TCP to > > slow to a crawl. We've found that TFTP's timeouts tend to work better, > > although it may be more an issue of having the lower overhead vs. TCP. > > This is an issue with TCP in your situation. You're playing with network > equipment TCP wasn't designed for, and noticing that TCP isn't anywhere > near perfect. It's relatively simple (see OSI before you disagree...), > and optimized for common network technology at the time it was designed. > (And sometimes those optimizations work...) Yer' preachin to the choir here. :) > There are things it doesn't fit well. A connection-less reliable > datagram protocol might have been a better choice for http, for example. You mean like TTCP? Unfortunately, it wasn't available, and because of inertia, it will probably never happen. :( > > > It is a protocol that is braindead by design, in order to be simple to > > > implement. It was never pretended that performance was a design goal. > > > > Completely agreed on that point. Another point worth mentioning is that > > it's rather trivial to add in some extensions to TFTP (that are > > backwards compatible) to speed it up by increasing the window size to > > even 2 packets. We were able to do that and it almost halved the > > transfer times. :) > > Probably true, but the better solution is to find something else (or > make something else) that doesn't completely suck like TFTP does. Because it's used so rarely, having it suck every once in a while isn't so bad. TFTP is well supported natively in lots of hardware platforms, so rather than re-inventing the wheel over and over again, we chose to continue using what other vendors have used, but we 'optimized' it for our situation. That's called 'good engineering' in my book. :) > > However, it required slight modifications on the part of the sender, and > > the ability to recognize when the double window size modification had to > > be disabled because certain (very slow) pieces of hardware couldn't > > handle even the slight speedup of packets. > > I suspect that you might be better off solving your lossy network issues > with a layer under IP, rather than tinkering with the protocols that sit > on top. Actually, I disagree. IP is all about routing, and since we still want packets routed correctly, something on top of IP *is* the best solution. (Check out your OSI model. :) In any case, even writing my own 'RDP' (Reliable Datagram Protocol) on top of IP was massive overkill. It means messing around with the stack on every OS used in the product (which includes Windoze). Most of the stacks are *NOT* written with extensibility in mind, even assuming you can get your hands on the source code. The amount of resources (both in terms of finding people with enough expertise as well as the time to do proper testing) to do such a task is beyond the scope of almost any hardware vendor. Been there, done that, only going to do it again if it makes sense... Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 13:21:39 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from winston.freebsd.org (adsl-64-173-15-98.dsl.sntc01.pacbell.net [64.173.15.98]) by hub.freebsd.org (Postfix) with ESMTP id 5ED8337B420 for ; Tue, 23 Apr 2002 13:21:30 -0700 (PDT) Received: from winston.freebsd.org (jkh@localhost [127.0.0.1]) by winston.freebsd.org (8.12.2/8.12.2) with ESMTP id g3NKLR7W013966; Tue, 23 Apr 2002 13:21:27 -0700 (PDT) (envelope-from jkh@winston.freebsd.org) To: Kris Kennaway Cc: hackers@FreeBSD.ORG Subject: Re: Erm, since everyone managed to HIJACK my sshd thread! ;) In-Reply-To: Message from Kris Kennaway of "Tue, 23 Apr 2002 12:35:02 PDT." <20020423123502.A77321@xor.obsecurity.org> Date: Tue, 23 Apr 2002 13:21:27 -0700 Message-ID: <13965.1019593287@winston.freebsd.org> From: Jordan Hubbard Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Have we forked OpenSSH? Can I just make the change to our local tree? I really don't want to have to deal with the OpenSSH folks over at openbsd.org. They bite. :) - Jordan > > --6c2NcOVqGQ03X4Wi > Content-Type: text/plain; charset=us-ascii > Content-Disposition: inline > > On Tue, Apr 23, 2002 at 11:39:01AM -0700, Jordan Hubbard wrote: > > I'm going to commit the following in 48 hours unless someone can > > convince me that it's a good idea for FreeBSD to be the odd-OS out > > with respect to this behavior: > > Don't change the defaults in sshd_config, change the defaults in the > sshd code (and update the commented-out entry in sshd_config to match > the new defaults, if appropriate). sshd should work exactly the same > with the default sshd_config file present or without any sshd_config > file at all. > > Kris > > --6c2NcOVqGQ03X4Wi > Content-Type: application/pgp-signature > Content-Disposition: inline > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.6 (FreeBSD) > Comment: For info see http://www.gnupg.org > > iD8DBQE8xbdlWry0BWjoQKURAjVOAKCddmAebajzTioCXRcZWY523gNpZACgz4QQ > ieQJBpKxOwdfcfe9IH9BR+Y= > =hS6R > -----END PGP SIGNATURE----- > > --6c2NcOVqGQ03X4Wi-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 13:24:24 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mta6.snfc21.pbi.net (mta6.snfc21.pbi.net [206.13.28.240]) by hub.freebsd.org (Postfix) with ESMTP id 6AA5037B449; Tue, 23 Apr 2002 13:23:44 -0700 (PDT) Received: from kokeb.ambesa.net ([64.172.24.219]) by mta6.snfc21.pbi.net (iPlanet Messaging Server 5.1 (built May 7 2001)) with ESMTP id <0GV100E9YFBJET@mta6.snfc21.pbi.net>; Tue, 23 Apr 2002 13:23:43 -0700 (PDT) Received: from kokeb.ambesa.net (localhost [127.0.0.1]) by kokeb.ambesa.net (8.12.3/8.12.3) with ESMTP id g3NKSjw0059136; Tue, 23 Apr 2002 13:28:45 -0700 (PDT envelope-from makonnen@pacbell.net) Received: (from mikem@localhost) by kokeb.ambesa.net (8.12.3/8.12.3/Submit) id g3NKSjbt059135; Tue, 23 Apr 2002 13:28:45 -0700 (PDT) Date: Tue, 23 Apr 2002 14:28:45 -0600 From: Mike Makonnen Subject: Re: Problems with nge driver and copper GbE cards In-reply-to: To: gfr@lucent.com Cc: freebsd-hackers@FreeBSD.ORG, freebsd-net@FreeBSD.ORG Message-id: <1019593725.1977.12.camel@kokeb.ambesa.net> MIME-version: 1.0 X-Mailer: Evolution/1.0.2 Content-type: text/plain Content-transfer-encoding: 7BIT References: X-Authentication-warning: kokeb.ambesa.net: mikem set sender to makonnen@pacbell.net using -f Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, 2002-04-23 at 13:32, Fengrui Gu wrote: > > Third, I had trouble to set half-duplex mode on nge0. > If I issued command "ifconfig nge0 media 1000baseTX mediaopt half-duplex", I > got the > following error message > "ifconfig: SIOCSIFMEDIA: Device not configured" > I don't have trouble to issue command "ifconfig nge0 media 1000baseTX > mediaopt full-duplex". > This I can help you with. the correct way of doing it is disabling full-duplex: # iconfig nge0 media 1000baseTX -mediaopt full-duplex cheers, Mike Makonnen To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 13:36: 9 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mail.pcnet.com (pcnet1.pcnet.com [204.213.232.3]) by hub.freebsd.org (Postfix) with ESMTP id DADD837B41C; Tue, 23 Apr 2002 13:36:02 -0700 (PDT) Received: from localhost (eischen@localhost) by mail.pcnet.com (8.12.1/8.12.1) with ESMTP id g3NKZtk7027540; Tue, 23 Apr 2002 16:35:55 -0400 (EDT) Date: Tue, 23 Apr 2002 16:35:55 -0400 (EDT) From: Daniel Eischen To: Frank Mayhar Cc: Terry Lambert , Robert Watson , "Greg 'groggy' Lehey" , Jordan Hubbard , Oscar Bonilla , Anthony Schneider , Mike Meyer , hackers@FreeBSD.ORG Subject: Re: More about security, X, rc.conf and changing defaults. In-Reply-To: <200204231953.g3NJrunH025061@realtime.exit.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, 23 Apr 2002, Frank Mayhar wrote: > Terry Lambert wrote: > > FWIW: I wouldn't object to a firewall rule that disallowed remote > > TCP connections to the X server by default, if the firewall is > > enabled. I think we already have this... > > Yep, I agree, and whether or not it's in the distributed rc.firewall, I > have the ports blocked in my hand-tuned version. > > As to Stijn's remarks, he is putting up a strawman at best. If a person > runs X, it should be their responsibility to make sure that it's secure. > Just like if they ran Windows or any other software with potential security > holes. X is plastered with warnings as it is, why do we need to cripple a > function it supports? Stijn, if it "opens up a hole in your network," > that's _your_ problem, not mine. There are many other ways to secure your > network than by turning off tcp connections by default in the X server. > Hey, I'm not objecting to adding the capability, I'm just objecting to > the fact that it was imposed upon everyone else by fiat and (worse) without > warning. > > And before people start saying again that this only affects a port and is > irrelevant to the operating system itself, this is one symptom of what I > see as a worsening problem. I agree also. Remember what has been stated before, "Tools, not Policy". If we want to disable this by default, then there should be a customary knob _where people expect/can see it_. And if we are lacking the mechanism to do it, then the change should wait until it is present. It shouldn't be hacked into an unexpected place. I would like to see this backed out. -- Dan Eischen To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 13:39:47 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from dirty.research.bell-labs.com (dirty.research.bell-labs.com [204.178.16.6]) by hub.freebsd.org (Postfix) with SMTP id 423BE37B417; Tue, 23 Apr 2002 13:39:37 -0700 (PDT) Received: from scummy.research.bell-labs.com ([135.104.2.10]) by dirty; Tue Apr 23 16:39:37 EDT 2002 Received: from aura.research.bell-labs.com (aura.research.bell-labs.com [135.104.46.10]) by scummy.research.bell-labs.com (8.11.6/8.11.6) with ESMTP id g3NKd7k18795; Tue, 23 Apr 2002 16:39:08 -0400 (EDT) Received: from fgupcmh (fgu-pcmh.research.bell-labs.com [135.104.47.121]) by aura.research.bell-labs.com (8.12.2/8.12.2) with SMTP id g3NKd5EJ012521; Tue, 23 Apr 2002 16:39:07 -0400 (EDT) Reply-To: From: "Fengrui Gu" To: "Mike Makonnen" Cc: , Subject: RE: Problems with nge driver and copper GbE cards Date: Tue, 23 Apr 2002 16:39:16 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <1019593725.1977.12.camel@kokeb.ambesa.net> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG It works. Thanks a lot. So setting half-duplex is to disabe full-duplex.:) I didn't do this before so I was confused in the first place. But the following statement in the man page of nge driver probably may need some changes. =========================================================== The nge driver supports the following media options: full-duplex Force full duplex operation. half-duplex Force half duplex operation. =========================================================== thanks, --Fengrui -----Original Message----- From: Mike Makonnen [mailto:makonnen@pacbell.net] Sent: Tuesday, April 23, 2002 4:29 PM To: gfr@lucent.com Cc: freebsd-hackers@FreeBSD.ORG; freebsd-net@FreeBSD.ORG Subject: Re: Problems with nge driver and copper GbE cards On Tue, 2002-04-23 at 13:32, Fengrui Gu wrote: > > Third, I had trouble to set half-duplex mode on nge0. > If I issued command "ifconfig nge0 media 1000baseTX mediaopt half-duplex", I > got the > following error message > "ifconfig: SIOCSIFMEDIA: Device not configured" > I don't have trouble to issue command "ifconfig nge0 media 1000baseTX > mediaopt full-duplex". > This I can help you with. the correct way of doing it is disabling full-duplex: # iconfig nge0 media 1000baseTX -mediaopt full-duplex cheers, Mike Makonnen To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 13:46:28 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from quic.net (romulus.quic.net [216.23.27.8]) by hub.freebsd.org (Postfix) with SMTP id 52DEC37B405 for ; Tue, 23 Apr 2002 13:46:15 -0700 (PDT) Received: (qmail 24210 invoked by uid 1032); 23 Apr 2002 20:46:22 -0000 From: utsl@quic.net Date: Tue, 23 Apr 2002 16:46:22 -0400 To: Nate Williams Cc: hackers@FreeBSD.ORG Subject: Re: sendfile() in tftpd? Message-ID: <20020423204622.GA23933@quic.net> References: <3CC59C44.13013A1E@mindspring.com> <15557.40442.852602.681416@caddis.yogotech.com> <20020423182839.GA22074@quic.net> <15557.43312.713502.540548@caddis.yogotech.com> <20020423195947.GA22950@quic.net> <15557.48900.773726.309492@caddis.yogotech.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <15557.48900.773726.309492@caddis.yogotech.com> User-Agent: Mutt/1.3.27i Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, Apr 23, 2002 at 02:07:32PM -0600, Nate Williams wrote: > > Probably true, but the better solution is to find something else (or > > make something else) that doesn't completely suck like TFTP does. > > Because it's used so rarely, having it suck every once in a while isn't > so bad. TFTP is well supported natively in lots of hardware platforms, > so rather than re-inventing the wheel over and over again, we chose to > continue using what other vendors have used, but we 'optimized' it for > our situation. That's called 'good engineering' in my book. :) That's what everyone else said, and why that stupid protocol still exists. > > > However, it required slight modifications on the part of the sender, and > > > the ability to recognize when the double window size modification had to > > > be disabled because certain (very slow) pieces of hardware couldn't > > > handle even the slight speedup of packets. > > > > I suspect that you might be better off solving your lossy network issues > > with a layer under IP, rather than tinkering with the protocols that sit > > on top. > > Actually, I disagree. IP is all about routing, and since we still want > packets routed correctly, something on top of IP *is* the best > solution. (Check out your OSI model. :) Why should routing enter into it? Ethernet is a pretty mindless MAC layer, but there are others like PPP or Token Ring that aren't, and IP runs fine over them. LLC2 does something similar to what you'd need, although I don't think it'd be the right choice. > In any case, even writing my own 'RDP' (Reliable Datagram Protocol) on > top of IP was massive overkill. It means messing around with the stack > on every OS used in the product (which includes Windoze). Most of the > stacks are *NOT* written with extensibility in mind, even assuming you > can get your hands on the source code. On Windows, you could put that RDP layer into the network driver, and not mess with the rest of the network stack. Or, perhaps write a driver that sits between an existing network driver and the IP stack. I did something like that with DOS drivers once. > The amount of resources (both in terms of finding people with enough > expertise as well as the time to do proper testing) to do such a task is > beyond the scope of almost any hardware vendor. > > Been there, done that, only going to do it again if it makes sense... Sounds suspiciously like a problem with the standard for your medium. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 13:59:46 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from ns.yogotech.com (ns.yogotech.com [206.127.123.66]) by hub.freebsd.org (Postfix) with ESMTP id 045D737B42C; Tue, 23 Apr 2002 13:58:47 -0700 (PDT) Received: from caddis.yogotech.com (caddis.yogotech.com [206.127.123.130]) by ns.yogotech.com (8.9.3/8.9.3) with ESMTP id OAA10654; Tue, 23 Apr 2002 14:58:46 -0600 (MDT) (envelope-from nate@yogotech.com) Received: (from nate@localhost) by caddis.yogotech.com (8.11.6/8.11.6) id g3NKwjx71332; Tue, 23 Apr 2002 14:58:45 -0600 (MDT) (envelope-from nate) From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15557.51972.914307.703315@caddis.yogotech.com> Date: Tue, 23 Apr 2002 14:58:44 -0600 To: utsl@quic.net Cc: Nate Williams , chat@FreeBSD.ORG Subject: Re: sendfile() in tftpd? In-Reply-To: <20020423204622.GA23933@quic.net> References: <3CC59C44.13013A1E@mindspring.com> <15557.40442.852602.681416@caddis.yogotech.com> <20020423182839.GA22074@quic.net> <15557.43312.713502.540548@caddis.yogotech.com> <20020423195947.GA22950@quic.net> <15557.48900.773726.309492@caddis.yogotech.com> <20020423204622.GA23933@quic.net> X-Mailer: VM 6.96 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid Reply-To: nate@yogotech.com (Nate Williams) Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG [ moved to -chat, since this has no business being in -hackers anymore ] > > > Probably true, but the better solution is to find something else (or > > > make something else) that doesn't completely suck like TFTP does. > > > > Because it's used so rarely, having it suck every once in a while isn't > > so bad. TFTP is well supported natively in lots of hardware platforms, > > so rather than re-inventing the wheel over and over again, we chose to > > continue using what other vendors have used, but we 'optimized' it for > > our situation. That's called 'good engineering' in my book. :) > > That's what everyone else said, and why that stupid protocol still > exists. No, it exists because it's good enough to do the job. It's not optimal, but it's good enough. Optimal for all situations means re-inventing TCP over and over again, which is non-optimal from an engineering point of view, IMO. > > > > However, it required slight modifications on the part of the sender, and > > > > the ability to recognize when the double window size modification had to > > > > be disabled because certain (very slow) pieces of hardware couldn't > > > > handle even the slight speedup of packets. > > > > > > I suspect that you might be better off solving your lossy network issues > > > with a layer under IP, rather than tinkering with the protocols that sit > > > on top. > > > > Actually, I disagree. IP is all about routing, and since we still want > > packets routed correctly, something on top of IP *is* the best > > solution. (Check out your OSI model. :) > > Why should routing enter into it? Because that is what IP does. IP's job is to route packets. No reliability, no streaming, no nothing. It just makes sure a packets gets from point A to point B. (See your ISO layering pictures and descriptions.) > Ethernet is a pretty mindless MAC layer, but there are others like PPP > or Token Ring that aren't, and IP runs fine over them. And your point is? > > In any case, even writing my own 'RDP' (Reliable Datagram Protocol) on > > top of IP was massive overkill. It means messing around with the stack > > on every OS used in the product (which includes Windoze). Most of the > > stacks are *NOT* written with extensibility in mind, even assuming you > > can get your hands on the source code. > > On Windows, you could put that RDP layer into the network driver, and > not mess with the rest of the network stack. Or, perhaps write a > driver that sits between an existing network driver and the IP > stack. I did something like that with DOS drivers once. Yer preaching to the choir. It's *WAY* too much for *WAY* too little gain. On top of it, it's non-portable. > > The amount of resources (both in terms of finding people with enough > > expertise as well as the time to do proper testing) to do such a task is > > beyond the scope of almost any hardware vendor. > > > > Been there, done that, only going to do it again if it makes sense... > > Sounds suspiciously like a problem with the standard for your medium. ??? It's my job to provide optimum solutions to my employer, using the least amount of both my resources and their resources. In other words, if we were in a perfect world, with no time schedules, and infinite resources, a perfect solution as you suggest might be a good idea. But, unfortunately (or fortunately, depending on your perspective), I have to work with what I got, since I've got a zillion others things to do besides trying to perfect a file transfer protocol that is used less than .01% of the time in the lifetime of the product. I'd rather spend my time optimizing the other 99.99% of the functionality of the product, since that's what most of my customer's are more concerned with. Some would call this good engineering, but apparently you aren't in that group. In another product at another company, I messed with perfecting a data transfer protocol that worked over wireless mediums. Like it or not, loss is not only common, it's considered acceptable. In that case, because of design considerations (it must run on legacy hardware running on legacy software, ie; any pc running any version of Win95/98), messing with device drivers is simply unfeasible. So, you work with what you got, which means a standard TCP/IP stack, with no additions. Amazingly enough, both products *work* despite all of the limitations. I know it might be hard for you to believe that one *can* provide a working solution without resorting to OS hacking, but it is not only possible, sometimes it's actually fun. :) Nate ps. I've done my share of kernel hacking, and my current job is *all* kernel hacking, but just because I have a hammer in my toolbox doesn't mean that every problem looks like a nail. :) :) :) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 14:29:32 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mailsrv.otenet.gr (mailsrv.otenet.gr [195.170.0.5]) by hub.freebsd.org (Postfix) with ESMTP id 06A6C37B41A for ; Tue, 23 Apr 2002 14:29:18 -0700 (PDT) Received: from hades.hell.gr (patr530-a197.otenet.gr [212.205.215.197]) by mailsrv.otenet.gr (8.12.2/8.12.2) with ESMTP id g3NLT7Su026284; Wed, 24 Apr 2002 00:29:08 +0300 (EEST) Received: from hades.hell.gr (hades [127.0.0.1]) by hades.hell.gr (8.12.2/8.12.2) with ESMTP id g3NLT88i016948; Wed, 24 Apr 2002 00:29:09 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) Received: (from charon@localhost) by hades.hell.gr (8.12.2/8.12.2/Submit) id g3NLLSKN016804; Wed, 24 Apr 2002 00:21:28 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) Date: Wed, 24 Apr 2002 00:21:26 +0300 From: Giorgos Keramidas To: "M. Warner Losh" Cc: frank@exit.com, hackers@FreeBSD.ORG Subject: Re: Security through obscurity? Message-ID: <20020423212124.GB14808@hades.hell.gr> References: <200204231523.g3NFNQnq029649@realtime.exit.com> <20020423.094953.13280392.imp@village.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020423.094953.13280392.imp@village.org> User-Agent: Mutt/1.3.28i Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 2002-04-23 09:49, M. Warner Losh wrote: > The decision to go for a more secure system by default was made years > ago. I for one think the Security Officers have done a good job at > doing this, but even as far as they have come, I suspect that > additional things will be locked down over time. That's the nature of > the threats to systems on the internet today. What was acceptible > years ago now no longer is acceptible. The attackers are getting more > and more sophisticated. The countermeasures for these attacks are > necessarily becoming more intrusive as the same sorts of bugs raise > their ugly head again and again. Very well said. Cutting functionality for the sake of security is the growing trend in today's unsafe, untrusted environment that we like calling the Internet. Things that were the default years ago are now considered silly at best, dangerous for the entire network at worst. As attacks get more sophisticated, the expected functionality of a ``default'' installation is trimmed down to avoid starting dangerous or exploitable services. This is not the first time that the need to lose part of the flexibility of a Unix system is necessary to avoid problems. Note that years ago, Sendmail would relay mail from anyone in its default installation. That was a useful feature of Unix servers around the world. Today, being an open relay is considered dangerous, and we blacklist those that run open relays. Some times, it's necessary to lose flexibility and functionality in the default installation, for the sake of security. Bearing in mind that TCP connection support is not removed from the X11 servers, but merely disabled, is this so very important? - Giorgos To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 14:29:33 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mail.rpi.edu (mail.rpi.edu [128.113.22.40]) by hub.freebsd.org (Postfix) with ESMTP id 8291437B41C; Tue, 23 Apr 2002 14:29:18 -0700 (PDT) Received: from [128.113.24.47] (gilead.netel.rpi.edu [128.113.24.47]) by mail.rpi.edu (8.12.1/8.12.1) with ESMTP id g3NLTGoh045928; Tue, 23 Apr 2002 17:29:16 -0400 Mime-Version: 1.0 X-Sender: drosih@mail.rpi.edu Message-Id: In-Reply-To: References: Date: Tue, 23 Apr 2002 17:29:14 -0400 To: Robert Watson From: Garance A Drosihn Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) Cc: "Greg 'groggy' Lehey" , hackers@FreeBSD.ORG Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Scanned-By: MIMEDefang 2.3 (www dot roaringpenguin dot com slash mimedefang) Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG At 2:37 PM -0400 4/23/02, Robert Watson wrote: >Here I'll disagree with you: we make a concerted effort to >produce a system that is safe to use. This involves a number >of things, and it doesn't just mean security fixes. I would >argue that we have a moral obligation to do so. I agree that there is this obligation. I also observe that the internet is unquestionably getting to be a more hostile place, and we have to adapt the system to stand up to that hostility. Let me claim that it is fact that we will have to make changes to the default system configuration, and that we will also have to make changes to the "preferred" system configurations when someone is just upgrading. I recognize that some people disagree with that (particularly the second half), but let me claim that for the moment. I think an important component of any such change is making sure the "right people" find out what changed, and that they get this information when they *need* it, and not as part of some 20,000 line "README" file which we know no one will read because it's too damn big. In the case of the sshd change, the change was simply wrong and should be fixed. Just MO... :-) In the case of the 'startx -listen_tcp' option, is there some thing we could set up so a person who *wanted* the former behavior is given quick notification of exactly why things "suddenly stopped working". Note that the person who runs into the problem is not necessarily the same person who did the system upgrade. I think it's doable, if we just took the attitude that it needed to be done. Some of these changes catch me offguard too, and most of the time it is not the change itself which bothers me, it's the six hours I spent trying to find out why something stopped working. (a six-hour period which may not start until a week or two after the system upgrade...) I think that's the part we need to improve on. -- Garance Alistair Drosehn = gad@gilead.netel.rpi.edu Senior Systems Programmer or gad@freebsd.org Rensselaer Polytechnic Institute or drosih@rpi.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 14:31:31 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 2362737B404; Tue, 23 Apr 2002 14:31:20 -0700 (PDT) Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.11.6/8.11.6) with SMTP id g3NLV6w16574; Tue, 23 Apr 2002 17:31:06 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Tue, 23 Apr 2002 17:31:05 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Terry Lambert Cc: "Greg 'groggy' Lehey" , Jordan Hubbard , Oscar Bonilla , Anthony Schneider , Mike Meyer , hackers@FreeBSD.org Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) In-Reply-To: <3CC5AE6E.9622AF93@mindspring.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, 23 Apr 2002, Terry Lambert wrote: > Robert Watson wrote: > > "System programming is hard, let's go shopping". > > This is exactly the phrase that comes to mind every time someone yanks > the plug on a service they are afraid might one day have an exploit > found for it. This isn't about yanking services based on blind speculation; this is about managing risk. We ship a system that has a "moderate" risk trade-off: we focus efforts on reducing risk in two ways. First, we evaluate the risk of components of the system, and focus security development efforts on improving those areas. Second, we evaluate the risk of these same components, and select system defaults in a manner that selects a reasonable balance of service and risk. This is why we've made the following classes of changes: - Changes to address specific known vulnerabilities (performed in a cooperative manner between the security-officer and the broader developer community) - Changes to reduce the privilege level required for management and monitoring applications (largely present in 5.0) - Re-implementation of core authentication components that were previously poorly integrated (PAM, ...) - Investment in improved network stack safety and firewall implementation (DARPA/NAI Labs have a contract with Jonathan Lemon that includes time spent specifically on investigating risks in the IP stack, and reducing them). There's also contract work to Jonathan Lemon to implement improved network crypto hardware integration, which he has a prototype of and will hopefully post when he's back from his current hiatus. - Evaluation of the focus of past vulnerabilities, including their source in the system code, the criticallity of the vulnerability, and the exposure associated with each vulnerability. This includes some time spent looking at how quickly various sorts of vulnerabilities tend to occur following releases, etc. - Investment in new policies and architectures improving flexibility for the administrator. Security is an area of active development in the FreeBSD Project, and we seem to have a strong grasp of a number of areas of the field. > > Someone who's unaware or unwilling to address security issues will *still* > > be safer if we provide a safer system. If they are going maliciously out > > of their way, sure, there will be problems, but if they don't need telnet, > > and we disable telnet by default, we have actually produced a safer system > > for them. And if they do need telnet, it's easy to turn on. > > "Securing telnet is hard; let's turn it off and go shopping". 8-). Or maybe, Few people use telnet any more, so we'll spend some time fixing it, but we'll also disable it by default, since many of the reports of compromise come from people who weren't even using it, but left it turned on since it was the default. > > I think you've correctly identified an area where a lot of future security > > work is needed. However, that doesn't negate the need for security work > > in the base system, because without a secure base system, you're building > > everything else on sand. If you have the time and resources to spend > > helping to kick KDE and its related dependencies into shape, I welcome > > your doing that. It's something I haven't had time to work with yet, but > > have definite future plans to do. > > No one has *that* much time. Auditing that code base would be on the > order of the difficulty of auditing Windows, and we have the source code > the KDE. Certainly an in depth audit of something with the size and complexity of KDE will be a challenge; however, there's a lot of work that can be done without doing it line-by-line. > I agree that the base system needs to be secure, but I think you either > trust your security model, or you don't: X11 *does* have a security > model, even if it doesn't encrypt all the traffic over all its > connections by default. If the security model is flawed, then it needs > to be fixed, not turned off. Security models and vulnerabilities aren't necessarily related issues. Sure, a good model helps in the event there is a vulnerability, but having a good model doesn't mean you'll be invulnerable to implementation flaws, flaws in the model, etc. Personally, I had nothing to do with the choice to turn off X11, but with it now changed, I'm happy with the change. Personally, I'd recommend using SSH and letting it take care of the details. > I think it's a lot worse to leave a vulnerable telnetd turned off by > default but available to be turned on, than to have one that's > non-vulnerable turned on by default. Yeah, the great thing about vulnerabilities is that if you knew they were there you would most likely have fixed them before you released the product. Conservative defaults help you with risk you believe is present, but where you can't necessarily make the material improvement that you'd like to. In the case of telnetd, we accept that the risk exists, we attempt to improve the software, but because it's less and less frequently used and represents an attack channel for a variety of attacks, we disable it by default, but provide an easy way to re-enable it. > The fear that someone is going to find a vulnerability should be > balanced by the idea that someone is going to fix it, not balanced by > the idea that that you can hide the vulnerability by not running the > vulnerable code, "mostly". The reality is that reducing exposure is an important part of any security posture. Any additional exposure increases risk, no matter how minutely. If handled carefully, the risk of vulnerability are low: the chances are small one would be found, and/or the effects of the vulnerability may be contained. However, services that provide full authentication and credential management (such as telnetd) do badly on both fronts: the complexity and age of the code is high, and the involvement of the code in security subsystems is high. The accepted practice in the security community is to disable services presenting risk until they are necessary. The practical mapping of such a policy into FreeBSD is that inetd might be on by default, but all services in it would be disabled by default. Services would then be selectively enabled as they are needed. This is what happens in 5.0-CURRENT; recently there was some discussion regarding whether an MFC was appropriate, but I'm not sure that has worked itself out yet. 5.0-RELEASE will represent a good breaking point for that kind of change. > I guess this is a basica philosophical difference: IMO, exposure equals > the probability of a fix. Turning things off belongs in the firewall > code. In my opinion, we should focus both on reducing exposure and improving the code. I personally have tried to impact both sides of the balance, and would encourage others to do so also :-). > FWIW: I wouldn't object to a firewall rule that disallowed remote TCP > connections to the X server by default, if the firewall is enabled. I > think we already have this... The firewall code serves a useful function, but one of its great detriments is a lack of application awareness. The current placement of the policy seems most reasonable to me, but might be supplemented by such a rule if desired. Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 14:32:31 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from crufty.research.bell-labs.com (crufty.research.bell-labs.com [204.178.16.49]) by hub.freebsd.org (Postfix) with ESMTP id 6676637B41B; Tue, 23 Apr 2002 14:32:05 -0700 (PDT) Received: from grubby.research.bell-labs.com (H-135-104-2-9.research.bell-labs.com [135.104.2.9]) by crufty.research.bell-labs.com (8.12.2/8.12.2) with ESMTP id g3NLW4Xt046794; Tue, 23 Apr 2002 17:32:04 -0400 (EDT) Received: from aura.research.bell-labs.com (aura.research.bell-labs.com [135.104.46.10]) by grubby.research.bell-labs.com (8.11.6/8.11.6) with ESMTP id g3NLVwo89145; Tue, 23 Apr 2002 17:31:58 -0400 (EDT) Received: from fgupcmh (fgu-pcmh.research.bell-labs.com [135.104.47.121]) by aura.research.bell-labs.com (8.12.2/8.12.2) with SMTP id g3NLVvEJ015824; Tue, 23 Apr 2002 17:31:57 -0400 (EDT) Reply-To: From: "Fengrui Gu" To: , , Subject: RE: Problems with nge driver and copper GbE cards Date: Tue, 23 Apr 2002 17:32:07 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG There is something interesting. I accidentally started a ping command(ping data sender side) from data receiver side. As you know, ping will continue running until you stop it. I started netperf again from data sender side. You know what? The link seems more stable with additional ping session on receiver side no matter TCP or UDP traffic. I got the following numbers by running netperf. The performance of TCP w/ jumbo frame Copper GbE 650Mb/s (SMC9462TX) Fiber GbE 660Mb/s (GA 620) (Note: my experience told me that enable/disable jumbo frame will cause 20% performance difference). --Fengrui -----Original Message----- From: Fengrui Gu [mailto:gfr@lucent.com] Sent: Tuesday, April 23, 2002 3:33 PM To: freebsd-hackers@freebsd.org; freebsd-net@freebsd.org Cc: gfr@lucent.com Subject: Problems with nge driver and copper GbE cards I am evaluating copper GbE cards for our lab. According to previous talk threads, it seems that SMC9462TX has better performance than NetGear cards. I bought two SMC9462TX cards and connect them through a Cat 5e cross-link cable. The machines in use are two dual PIII 733Mhz with 756MB memory. I use 32bit/33Mhz PCI slots. I know PCI bus of 32bit/33Mhz is slow but the major purpose of evaluation is to compare the performance between copper and Fiber GbE cards. There are another two identical dual PIII 733Mhz machines installed NetGear 620 Fiber GbE cards(using ti driver). So it is not an issue. I am using FreeBSD 4.5 and statically link nge driver into the kernel. First, there are a lot of "link up" messages from nge driver. I guess this has been reported. I use a small program to measure TCP performance. Basically, it sends 1G or 2G data over the network and calculate time and bit rate. The link between two copper GbE cards became unavailable after some TCP runs. There is no response from "ping". The kernel didn't report error messages except some new "link up" messages. There is no abnormal from the output of "ifconfig -a". Based on some suggestions(master or slave mode), I issued command "ifconfig nge0 link0". The link would be back sometimes but not always. Did anyone suffer the same problem? Second, it seems that the link is more stable with UDP traffic though it became unavailable now and then. I could manage to collect some UPD performance data: UDP performance(sender) w/o jumbo frame w/ jumbo frame copper GbE 510Mb/s 632Mb/s (SMC9462Tx) Fiber GbE 750Mb/s 856Mb/s (GA 620) (Note: data are from the results of netperf and shared the same parameters). Did anybody knows why copper GbE cards are so slow? Both copper and Fiber GbE cards are in the same kind of PCI slot and identical machines. The extra memory on GA620 should not cause 40-50% difference in my opinion. Third, I had trouble to set half-duplex mode on nge0. If I issued command "ifconfig nge0 media 1000baseTX mediaopt half-duplex", I got the following error message "ifconfig: SIOCSIFMEDIA: Device not configured" I don't have trouble to issue command "ifconfig nge0 media 1000baseTX mediaopt full-duplex". thanks, --Fengrui To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 15:31:53 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mailhub.yumyumyum.org (dsl092-171-091.wdc1.dsl.speakeasy.net [66.92.171.91]) by hub.freebsd.org (Postfix) with SMTP id 1C91E37B4B6 for ; Tue, 23 Apr 2002 15:31:20 -0700 (PDT) Received: (qmail 31726 invoked from network); 23 Apr 2002 22:30:58 -0000 Received: from dsl092-171-091.wdc1.dsl.speakeasy.net (66.92.171.91) by dsl092-171-091.wdc1.dsl.speakeasy.net with SMTP; 23 Apr 2002 22:30:58 -0000 Date: Tue, 23 Apr 2002 18:30:58 -0400 (EDT) From: Kenneth Culver To: Andrew Gallatin Cc: freebsd-hackers@freebsd.org, Subject: Re: implementing linux mmap2 syscall In-Reply-To: <15557.27747.802212.659760@grasshopper.cs.duke.edu> Message-ID: <20020423181748.W31638-100000@alpha.yumyumyum.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > Kenneth Culver writes: > > OK, I found another problem, here it is: > > > > static void > > linux_prepsyscall(struct trapframe *tf, int *args, u_int *code, caddr_t > > *params) > > { > > args[0] = tf->tf_ebx; > > args[1] = tf->tf_ecx; > > args[2] = tf->tf_edx; > > args[3] = tf->tf_esi; > > args[4] = tf->tf_edi; > > *params = NULL; /* no copyin */ > > } > > > > Basically, linux_mmap2 takes 6 args, and this looks here like only 5 args are > > making it in... I checked this because the sixth argument to linux_mmap2() in > > truss was showing 0x6, but when I printed out that arg from the kernel, it > > was showing 0x0. Am I correct here? > > > > Ken > > Yes. According to http://john.fremlin.de/linux/asm/, linux used to > parse only 5 args but now it parses six. Try adding: > args[5] = tf->tf_ebp; > > Drew > > OK, I THINK I found what calls the actual kernel syscall handler, and sets it's args first, but I'm not sure: from linux_locore.s NON_GPROF_ENTRY(linux_sigcode) call *LINUX_SIGF_HANDLER(%esp) leal LINUX_SIGF_SC(%esp),%ebx /* linux scp */ movl LINUX_SC_GS(%ebx),%gs movl %esp, %ebx /* pass sigframe */ push %eax /* fake ret addr */ movl $LINUX_SYS_linux_sigreturn,%eax /* linux_sigreturn() */ int $0x80 /* enter kernel with args */ 0: jmp 0b ALIGN_TEXT I think the stuff above copies the args, and whatnot, but I'm not really sure where it does this exactly... It calls LINUX_SIGF_HANDLER, which then calls %esp's sf_handler function. That is where I draw a blank, I don't know which function this is calling, and can't find where it's being set. I think this might be what I want to change though. :-P Does anyone who actually knows assembly have any ideas? Ken To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 16:15: 3 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from wantadilla.lemis.com (wantadilla.lemis.com [192.109.197.80]) by hub.freebsd.org (Postfix) with ESMTP id A06A537B416 for ; Tue, 23 Apr 2002 16:14:46 -0700 (PDT) Received: by wantadilla.lemis.com (Postfix, from userid 1004) id 172B581458; Wed, 24 Apr 2002 08:44:44 +0930 (CST) Date: Wed, 24 Apr 2002 08:44:44 +0930 From: Greg 'groggy' Lehey To: Jochem Kossen Cc: hackers@FreeBSD.org Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) Message-ID: <20020424084444.N6425@wantadilla.lemis.com> References: <200204231009.51297.j.kossen@home.nl> <20020423183452.M6425@wantadilla.lemis.com> <200204231206.01451.j.kossen@home.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200204231206.01451.j.kossen@home.nl> User-Agent: Mutt/1.3.23i Organization: The FreeBSD Project Phone: +61-8-8388-8286 Fax: +61-8-8388-8725 Mobile: +61-418-838-708 WWW-Home-Page: http://www.FreeBSD.org/ X-PGP-Fingerprint: 9A1B 8202 BCCE B846 F92F 09AC 22E6 F290 507A 4223 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tuesday, 23 April 2002 at 12:06:01 +0200, Jochem Kossen wrote: > On Tuesday 23 April 2002 11:04, you wrote: > [...] >>>> >>>> I've been noticing a continuing trend for more and more "safe" >>>> configurations the default. I spent half a day recently trying to >>>> find why I could no longer open windows on my X display, only to >>>> discover that somebody had turned off tcp connections by default. >>> >>> *shrug* I was the one who sent in the patch. It was added some time >>> around 2001/10/26 to the XFree86-4 megaport. When the metaport was >>> created, the patch was incorporated too. >>> >>> A simple 'man startx' should have cleared your mind: >> >> Well, yes. But I've been using X for 11 years. Why should I have to >> read the man page to find changes? > > Because things evolve? :) Not a good reason. If they evolve, the evolution should be more clearly documented. >> How do I know which man page to read? > > You start X with startx, seems obvious to me. The disabling of tcp > connections only applies to startx I don't stay with startx. Next I go to xinit, then to Xwrapper, then to X. All of these work fine. When I try to start an xterm, nothing happens. So I read the haystack of man pages for all these programs looking for a possible needle? That's 4314 lines of man pages (Xwrapper doesn't have a man page, so Murphy says that it's probably in Xwrapper). Based on prior experience, startx would be the last place I would look. In fact, I suspected a networking problem. >> If I did that for everything that happened, I wouldn't get any >> work done. And you can bet your bottom dollar that somebody coming >> from another UNIX variant and trying out FreeBSD won't do so. > > OK, then i suggest we mention it in the handbook, the security policy > document, the manpage AND the release notes :) You've heard my suggestions. >> They'll just say that it's broken and wander off again. I note you don't comment on this one. >>> In the case of the X patch, i'd add it to the release notes AND the >>> security policy document, since - i think - few people will look in >>> the security policy document for such a problem. >> >> I think it shouldn't happen at all unless people agree to it. > > 3 people did, 0 people did not...read below So only 3 people use X? Get real. You just haven't heard any objections up to now. I found out about this several weeks ago, but I didn't complain because I was expecting replies with the perspective you're showing. >>> I do have to say you're the first one I see who complains about >>> this... >> >> Maybe the others have given up. > > LOL THIS IS NO LAUGHING MATTER. It's this kind of change which is going to stop people from using FreeBSD. >> But since we're on the subject, why? What's so insecure about X TCP >> connections? Until you explicitly allow connections, the only system >> that can open the server is the local system. > > For the simple reason I don't like useless open ports on my system. I > don't use it, _most_ other people don't use it, so i sent in a > patch. Fine, I'm not telling you how to run your system. I don't want you telling me how to run my network. I note that you still haven't given a good technical reason for it. > Of course, it was only discussed on the ports@ mailinglist, but it > didn't seem like such a big deal to me or apparently the others... That doesn't help end users. We have a user community out there. Greg -- See complete headers for address and phone numbers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 16:35:16 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from yello.shallow.net (yello.shallow.net [203.18.243.120]) by hub.freebsd.org (Postfix) with ESMTP id 2E7FB37B420 for ; Tue, 23 Apr 2002 16:34:59 -0700 (PDT) Received: by yello.shallow.net (Postfix, from userid 1001) id 46CBB2A93; Wed, 24 Apr 2002 09:34:52 +1000 (EST) Date: Wed, 24 Apr 2002 09:34:52 +1000 From: Joshua Goodall To: Jordan Hubbard Cc: hackers@freebsd.org Subject: Re: Erm, since everyone managed to HIJACK my sshd thread! ;) Message-ID: <20020423233452.GC86692@roughtrade.net> References: <3CC5AF54.8FB22B16@mindspring.com> <13903.1019592309@winston.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <13903.1019592309@winston.freebsd.org> User-Agent: Mutt/1.3.28i Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG We have an openssh maintainer? Right now, policy differs between branches. releng_4's openssh gives a commented alternative in the config, whilst head's gives a commented default. A consistent change to -stable would be: Index: servconf.c =================================================================== RCS file: /cvs/src/crypto/openssh/servconf.c,v retrieving revision 1.3.2.11 diff -u -u -r1.3.2.11 servconf.c --- servconf.c 28 Sep 2001 01:33:34 -0000 1.3.2.11 +++ servconf.c 23 Apr 2002 23:20:43 -0000 @@ -207,7 +207,7 @@ if (options->kbd_interactive_authentication == -1) options->kbd_interactive_authentication = 0; if (options->challenge_reponse_authentication == -1) - options->challenge_reponse_authentication = 1; + options->challenge_reponse_authentication = 0; if (options->permit_empty_passwd == -1) options->permit_empty_passwd = 0; if (options->use_login == -1) Index: sshd_config =================================================================== RCS file: /cvs/src/crypto/openssh/sshd_config,v retrieving revision 1.4.2.6 diff -u -u -r1.4.2.6 sshd_config --- sshd_config 28 Sep 2001 01:33:35 -0000 1.4.2.6 +++ sshd_config 23 Apr 2002 23:20:54 -0000 @@ -48,8 +48,8 @@ PasswordAuthentication yes PermitEmptyPasswords no -# Uncomment to disable s/key passwords -#ChallengeResponseAuthentication no +# Uncomment to enable s/key passwords +#ChallengeResponseAuthentication yes # To change Kerberos options #KerberosAuthentication no and against -current: Index: servconf.c =================================================================== RCS file: /cvs/src/crypto/openssh/servconf.c,v retrieving revision 1.30 diff -u -u -r1.30 servconf.c --- servconf.c 20 Apr 2002 09:26:43 -0000 1.30 +++ servconf.c 23 Apr 2002 23:18:01 -0000 @@ -212,7 +212,7 @@ if (options->kbd_interactive_authentication == -1) options->kbd_interactive_authentication = 0; if (options->challenge_response_authentication == -1) - options->challenge_response_authentication = 1; + options->challenge_response_authentication = 0; if (options->permit_empty_passwd == -1) options->permit_empty_passwd = 0; if (options->use_login == -1) Index: sshd_config =================================================================== RCS file: /cvs/src/crypto/openssh/sshd_config,v retrieving revision 1.19 diff -u -u -r1.19 sshd_config --- sshd_config 2 Apr 2002 21:53:54 -0000 1.19 +++ sshd_config 23 Apr 2002 23:24:54 -0000 @@ -60,8 +60,8 @@ #PasswordAuthentication yes #PermitEmptyPasswords no -# Change to no to disable s/key passwords -#ChallengeResponseAuthentication yes +# Change to yes to enable s/key passwords +#ChallengeResponseAuthentication no # Kerberos options # KerberosAuthentication automatically enabled if keyfile exists On Tue, Apr 23, 2002 at 01:05:09PM -0700, Jordan Hubbard wrote: > FWIW, I agree with you, but I'm more interested in fixing this right > now than I am in chasing the OpenSSH maintainers around with patches > (unless we've already forked - have we?). I'll also be happy to > change this twice if it turns out that getting the change into OpenSSH > is easier than I thought, but I don't want just having this be fixed > contingent on that. > > - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 16:37:30 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from wantadilla.lemis.com (wantadilla.lemis.com [192.109.197.80]) by hub.freebsd.org (Postfix) with ESMTP id EB23B37B417; Tue, 23 Apr 2002 16:36:57 -0700 (PDT) Received: by wantadilla.lemis.com (Postfix, from userid 1004) id B94B88149A; Wed, 24 Apr 2002 09:06:55 +0930 (CST) Date: Wed, 24 Apr 2002 09:06:55 +0930 From: Greg 'groggy' Lehey To: Robert Watson Cc: Jordan Hubbard , Oscar Bonilla , Anthony Schneider , Mike Meyer , hackers@FreeBSD.org Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) Message-ID: <20020424090655.O6425@wantadilla.lemis.com> References: <20020423131646.I6425@wantadilla.lemis.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.23i Organization: The FreeBSD Project Phone: +61-8-8388-8286 Fax: +61-8-8388-8725 Mobile: +61-418-838-708 WWW-Home-Page: http://www.FreeBSD.org/ X-PGP-Fingerprint: 9A1B 8202 BCCE B846 F92F 09AC 22E6 F290 507A 4223 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tuesday, 23 April 2002 at 11:13:42 -0400, Robert Watson wrote: > > On Tue, 23 Apr 2002, Greg 'groggy' Lehey wrote: > >> On Monday, 22 April 2002 at 19:53:06 -0700, Jordan Hubbard wrote: >>>> That fix relies on the extensive PAM updates in -CURRENT however; in >>>> -STABLE it can probably be similarly replicated via appropriate tweaking >>>> of sshd (?). >>> >>> Why not fix it in stable by the very simple tweaking of the >>> ChallengeResponseAuthentication to no in the sshd config file we ship >>> Trust me, this question is going to come up a _lot_ for us otherwise. :( >> >> I've been noticing a continuing trend for more and more "safe" >> configurations the default. I spent half a day recently trying to find >> why I could no longer open windows on my X display, only to discover >> that somebody had turned off tcp connections by default. > > A more conservative default configuration results in a material > improvement in system security. *snip* > A reasonable set of criteria might include: > > - There have been past vulnerabilities that were exploitable by having the > feature enabled by default. Which in this case? > - The complexity and exposure of the feature lends it to future > vulnerabilities. I don't see any relevance here. > - Turning the feature on is difficult or impossible without high levels of > expertise. Fortunately, this is the case here as well. Otherwise it would really have broken X. > - The feature does/does not have more secure alternatives accepted by the > broader community. The broader community hasn't been consulted here. > "Security by obscurity" does not refer to the act of selecting a > conservative security policy, Don't get hung up on terminology. >> I have a problem with this, and as you imply, so will a lot of other >> people. As a result of this sort of thing, people trying to migrate >> from other systems will probably just give up. I certainly would have. >> While it's a laudable aim to have a secure system, you have to be able >> to use it too. I'd suggest that we do the following: >> >> 1. Give the user the choice of these additional features at >> installation time. Recommend the procedures, but explain that you >> need to understand the differences. > > But we also need to avoid over-burdening the install with "Do you > want to turn on (this obsolete feature that some FreeBSD hacker > loves and no one uses), even though it increases security risk?". What I'm talking about here are differences which users of other UNIX systems won't know about and which will make life difficult for them, to the extent that the casual user won't bother to try to solve the problem. In the current issue of AUUGN, the journal of the Australian UNIX User group (http://www.auug.org.au/), we gave away a FreeBSD 4.5 CD-ROM. Based on previous actions, I'm expecting a number of people to try it out. They're mainly experienced UNIX users; they won't want to go reading through 80 pages of man pages when their X fails to work. They'll throw away the CD and go back to what they were using before. >> 2. Document these things very well. Both this ssh change and the X >> without TCP change are confusing. If three core team members were >> surprised, it's going to surprise the end user a whole lot more. >> We should at least have had a HEADS UP, and we probably need a >> security policy document with the distributions. > > Part of your confusion That's not the correct word. > is probably because X11 isn't part of the base system, so events > concerning the X11 port don't tend to get discussed much on the > general-purpose mailing lists. I think the issue here is that individuals make this kind of decision. We need a broader consensus for this kind of change. As Jochem points out, only 3 people were involved in the decision, all of them people with security profiles which weren't affected by this change. > These kinds of things do get discussed on the release engineering > lists, questions, etc. It may be we need a "ports release notes", > but that's an effort that's going to have to come out of the ports > space. There's another issue here. This isn't the first port I've seen which has made gratuitous changes to the original package. By "gratuitous" I mean changes which are not necessary for making the package work under FreeBSD. If people want to modify the behaviour of the package, they should create a second port which clearly identifies that the behaviour has been changed from the default. > BTW, another reason few people noticed is that at this point, the > accepted best practice for X11 forwarding is to use SSH, which can > forward TCP-based X11 to the unix domain socket X11 communication > primitive. The result is that X11/TCP turned off on your > workstation doesn't limit access when you log into remote servers > using SSH, as long as you have X11 forwarding enabled for the server > you're logging into. Have you tried doing that with a Sun 3/60? Or with an AIX box? This fix even stops connections from the same machine if you use a domain name display format (echunga:0.2 instead of :0.2). > BTW, my notion of ease of use for services would be something like the > following: ... My notion of ease of use would be dependent on the securelevel. I run a network which is heavily firewalled (has to be: I have Linux boxes here too :-), and within which the security is very lax. I have yet to see any proof that this is a problem. Sure, set the machine up for secure operation by default, and issue dire warnings about relaxing security, but don't try to know better than the user. Greg -- See complete headers for address and phone numbers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 16:38: 9 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from wantadilla.lemis.com (wantadilla.lemis.com [192.109.197.80]) by hub.freebsd.org (Postfix) with ESMTP id F361837B416; Tue, 23 Apr 2002 16:37:50 -0700 (PDT) Received: by wantadilla.lemis.com (Postfix, from userid 1004) id 30A30814A8; Wed, 24 Apr 2002 09:07:49 +0930 (CST) Date: Wed, 24 Apr 2002 09:07:49 +0930 From: Greg 'groggy' Lehey To: Daniel Eischen Cc: Frank Mayhar , Terry Lambert , Robert Watson , Jordan Hubbard , Oscar Bonilla , Anthony Schneider , Mike Meyer , hackers@FreeBSD.ORG Subject: Re: More about security, X, rc.conf and changing defaults. Message-ID: <20020424090749.P6425@wantadilla.lemis.com> References: <200204231953.g3NJrunH025061@realtime.exit.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.23i Organization: The FreeBSD Project Phone: +61-8-8388-8286 Fax: +61-8-8388-8725 Mobile: +61-418-838-708 WWW-Home-Page: http://www.FreeBSD.org/ X-PGP-Fingerprint: 9A1B 8202 BCCE B846 F92F 09AC 22E6 F290 507A 4223 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tuesday, 23 April 2002 at 16:35:55 -0400, Daniel Eischen wrote: > On Tue, 23 Apr 2002, Frank Mayhar wrote: >> Terry Lambert wrote: >>> FWIW: I wouldn't object to a firewall rule that disallowed remote >>> TCP connections to the X server by default, if the firewall is >>> enabled. I think we already have this... >> >> Yep, I agree, and whether or not it's in the distributed rc.firewall, I >> have the ports blocked in my hand-tuned version. >> >> As to Stijn's remarks, he is putting up a strawman at best. If a person >> runs X, it should be their responsibility to make sure that it's secure. >> Just like if they ran Windows or any other software with potential security >> holes. X is plastered with warnings as it is, why do we need to cripple a >> function it supports? Stijn, if it "opens up a hole in your network," >> that's _your_ problem, not mine. There are many other ways to secure your >> network than by turning off tcp connections by default in the X server. >> Hey, I'm not objecting to adding the capability, I'm just objecting to >> the fact that it was imposed upon everyone else by fiat and (worse) without >> warning. >> >> And before people start saying again that this only affects a port and is >> irrelevant to the operating system itself, this is one symptom of what I >> see as a worsening problem. > > I agree also. Remember what has been stated before, "Tools, not Policy". > If we want to disable this by default, then there should be a customary > knob _where people expect/can see it_. And if we are lacking the > mechanism to do it, then the change should wait until it is present. > It shouldn't be hacked into an unexpected place. Agreed entirely. > I would like to see this backed out. I think it would be reasonable to fix it by tying it to the securelevel. Greg -- See complete headers for address and phone numbers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 16:57:26 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from hawk.mail.pas.earthlink.net (hawk.mail.pas.earthlink.net [207.217.120.22]) by hub.freebsd.org (Postfix) with ESMTP id C01A537B419; Tue, 23 Apr 2002 16:57:19 -0700 (PDT) Received: from pool0099.cvx40-bradley.dialup.earthlink.net ([216.244.42.99] helo=mindspring.com) by hawk.mail.pas.earthlink.net with esmtp (Exim 3.33 #2) id 170A9p-0001Ee-00; Tue, 23 Apr 2002 16:57:13 -0700 Message-ID: <3CC5F4BB.FF231884@mindspring.com> Date: Tue, 23 Apr 2002 16:56:43 -0700 From: Terry Lambert X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Robert Watson Cc: Greg 'groggy' Lehey , Jordan Hubbard , Oscar Bonilla , Anthony Schneider , Mike Meyer , hackers@FreeBSD.org Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Robert Watson wrote: > > "Securing telnet is hard; let's turn it off and go shopping". 8-). > > Or maybe, > > Few people use telnet any more, so we'll spend some time fixing it, but > we'll also disable it by default, since many of the reports of > compromise come from people who weren't even using it, but left it > turned on since it was the default. "Few people will use telnet, particularly after we turn it off and go shopping. We can avoid vulnerability reports by reducing the number of systems running the code." 8-) 8-) 8-). > Conservative defaults help you with risk you believe is present, > but where you can't necessarily make the material improvement that you'd > like to. "Obscuring the location of the password file by putting it in a hidden directory statistically reduces the risk that the password file will be compromised." > The reality is that reducing exposure is an important part of any security > posture. This is an argument for security through obscurity. If we are talking risk reduction, then we can easily achieve it statistically through obscurity. In fact, this is exactly what FreeBSD does through its choice of TCP sequence numbers. > > FWIW: I wouldn't object to a firewall rule that disallowed remote TCP > > connections to the X server by default, if the firewall is enabled. I > > think we already have this... > > The firewall code serves a useful function, but one of its great > detriments is a lack of application awareness. The current placement of > the policy seems most reasonable to me, but might be supplemented by such > a rule if desired. Application state is not necessary for incoming connections which are self-identified by source and destination IP and port; the existing stateless firewall code can handle them completely, without introducing problems. Actually, it would be more useful to concentrate on so-called "stealth firewall" technology, so that OS identification due to port scans, etc., is impossible, and so it looks as if there is no machine there whatsoever, if there are no services actively listening AND access is permitted to the source machine. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 16:59:20 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from hawk.mail.pas.earthlink.net (hawk.mail.pas.earthlink.net [207.217.120.22]) by hub.freebsd.org (Postfix) with ESMTP id 325E737B404; Tue, 23 Apr 2002 16:59:08 -0700 (PDT) Received: from pool0099.cvx40-bradley.dialup.earthlink.net ([216.244.42.99] helo=mindspring.com) by hawk.mail.pas.earthlink.net with esmtp (Exim 3.33 #2) id 170ABd-0003rj-00; Tue, 23 Apr 2002 16:59:06 -0700 Message-ID: <3CC5F52D.707C721A@mindspring.com> Date: Tue, 23 Apr 2002 16:58:37 -0700 From: Terry Lambert X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: gfr@lucent.com Cc: freebsd-hackers@freebsd.org, freebsd-net@freebsd.org Subject: Re: Problems with nge driver and copper GbE cards References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Fengrui Gu wrote: > There is something interesting. I accidentally started a > ping command(ping data sender side) from data receiver side. > As you know, ping will continue running until you stop it. > > I started netperf again from data sender side. You know what? > The link seems more stable with additional ping session on > receiver side no matter TCP or UDP traffic. I got the following > numbers by running netperf. Do a search engine query on "receiver livelock". -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 17: 2: 1 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mail.rpi.edu (mail.rpi.edu [128.113.22.40]) by hub.freebsd.org (Postfix) with ESMTP id 4187537B405; Tue, 23 Apr 2002 17:01:42 -0700 (PDT) Received: from [128.113.24.47] (gilead.netel.rpi.edu [128.113.24.47]) by mail.rpi.edu (8.12.1/8.12.1) with ESMTP id g3O01eoh388910; Tue, 23 Apr 2002 20:01:40 -0400 Mime-Version: 1.0 X-Sender: drosih@mail.rpi.edu Message-Id: In-Reply-To: <20020424084444.N6425@wantadilla.lemis.com> References: <200204231009.51297.j.kossen@home.nl> <20020423183452.M6425@wantadilla.lemis.com> <200204231206.01451.j.kossen@home.nl> <20020424084444.N6425@wantadilla.lemis.com> Date: Tue, 23 Apr 2002 20:01:39 -0400 To: "Greg 'groggy' Lehey" , Jochem Kossen From: Garance A Drosihn Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) Cc: hackers@FreeBSD.ORG Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Scanned-By: MIMEDefang 2.3 (www dot roaringpenguin dot com slash mimedefang) Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG At 8:44 AM +0930 4/24/02, Greg 'groggy' Lehey wrote: >On Tuesday, 23 April 2002 at 12:06:01 +0200, Jochem Kossen wrote: > >>> *shrug* I was the one who sent in the patch. It was added > >>> some time around 2001/10/26 to the XFree86-4 megaport. When > >>> the metaport was created, the patch was incorporated too. > >>> > >>> A simple 'man startx' should have cleared your mind: >>> > >> Well, yes. But I've been using X for 11 years. Why should I > >> have to read the man page to find changes? I think the first thing we need to do, before we get too worked up, is stop taking to Jochem about it. All he did was send in a PR with a suggestion. He's not responsible for the change being committed into the system. > >> How do I know which man page to read? >> > > You start X with startx, seems obvious to me. The disabling > > of tcp connections only applies to startx > >I don't stay with startx. Next I go to xinit, then to Xwrapper, >then to X. All of these work fine. When I try to start an xterm, >nothing happens. This is where we (the freebsd project) need to take a bit more time at when we are making a change like this. I think it makes little difference whether we document the change in UPGRADING, or man pages, or "heads up" on the mailing lists, or errata.html pages on the web site. There will always be some people who are not going to see documentation like that, because it's too far "out of the way" of what they are doing. What we need, in this case, is something which gives the user the information when they do that *xterm* -- ie, at the time of failure, to the person who is seeing the failure. For the case of 'startx -listen_tcp', this might suggest that if a person uses startx without -listen_tcp, then startx should (one way or another) start some process which *does* listen for an incoming connection, and does nothing but tell the user (one way or another...) when that connection comes in. Yes, that's a bit of work. However, it is also a bit of work when someone (like Greg) wastes six hours of a day trying to understand why something "broke". That's a very frustrating six hours of work, and it's also very useless. His six hours of work won't help anyone else when they have to track down the same issue. A simpler solution might be to at least have startx print out a message (somewhere) which mentions the change when it is started up. Maybe print it out only once per userid. I realize that I am being a little vague with these suggestions, but I don't use X all that much, so I'm not sure what the best idea would be. But I do think it is reasonable for FreeBSD to make changes like this, and I do think that *if* we make changes like this then we need to think about how we can best get info about the change to the all people who really *are* effected by the change, and get the info to them when they need it. -- Garance Alistair Drosehn = gad@gilead.netel.rpi.edu Senior Systems Programmer or gad@freebsd.org Rensselaer Polytechnic Institute or drosih@rpi.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 18:24:43 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from sasami.jurai.net (sasami.jurai.net [66.92.160.223]) by hub.freebsd.org (Postfix) with ESMTP id D890A37B404; Tue, 23 Apr 2002 18:24:37 -0700 (PDT) Received: from sasami.jurai.net (sasami.jurai.net [66.92.160.223]) by sasami.jurai.net (8.12.2/8.12.2) with ESMTP id g3O1OU2A051321; Tue, 23 Apr 2002 21:24:30 -0400 (EDT) (envelope-from winter@jurai.net) Date: Tue, 23 Apr 2002 21:24:30 -0400 (EDT) From: "Matthew N. Dodd" To: Terry Lambert Cc: Jochem Kossen , , "Greg 'groggy' Lehey" , Subject: Re: Security through obscurity? (and /etc/defaults/rc.conf changes) In-Reply-To: <3CC5A7DC.FD06DC11@mindspring.com> Message-ID: <20020423212345.M42854-100000@sasami.jurai.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, 23 Apr 2002, Terry Lambert wrote: > It really pissed me off when the AHA-1742 support dropped out when CAM > came in, but that, at least, was understandable, since it was a trade: > something deisrable for something less desirable to the majority of > users. AHA-1742 works again now. Maybe you're talking about Ultrastore 24F support? -- | Matthew N. Dodd | '78 Datsun 280Z | '75 Volvo 164E | FreeBSD/NetBSD | | winter@jurai.net | 2 x '84 Volvo 245DL | ix86,sparc,pmax | | http://www.jurai.net/~winter | For Great Justice! | ISO8802.5 4ever | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 18:44:50 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 2E00A37B41B; Tue, 23 Apr 2002 18:44:43 -0700 (PDT) Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.11.6/8.11.6) with SMTP id g3O1iRw36388; Tue, 23 Apr 2002 21:44:27 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Tue, 23 Apr 2002 21:44:27 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Terry Lambert Cc: "Greg 'groggy' Lehey" , Jordan Hubbard , Oscar Bonilla , Anthony Schneider , Mike Meyer , hackers@FreeBSD.org Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) In-Reply-To: <3CC5F4BB.FF231884@mindspring.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, 23 Apr 2002, Terry Lambert wrote: > > The reality is that reducing exposure is an important part of any security > > posture. > > This is an argument for security through obscurity. > > If we are talking risk reduction, then we can easily achieve it > statistically through obscurity. In fact, this is exactly what FreeBSD > does through its choice of TCP sequence numbers. "Security by obscurity" refers to a behavioral phenomena in system design and delivery, not to a technical design principle. For example, it refers to using a secret algorithm, but does not refer to using a secret key with a published algorithm. So disabling services in a default configuration reduces risk by reducing exposure, but it's not security by obscurity. When shipping third party code, or our own code, we accept that some code is more at risk than other code. That risk might be the result of complexity, privilege, exposure, ... Whatever the reason, it's disingenuous to sweep it under the rug ("all our code is good, so we ship it all turned on") rather than select safe defaults and let people turn on what they need. > > > FWIW: I wouldn't object to a firewall rule that disallowed remote TCP > > > connections to the X server by default, if the firewall is enabled. I > > > think we already have this... > > > > The firewall code serves a useful function, but one of its great > > detriments is a lack of application awareness. The current placement of > > the policy seems most reasonable to me, but might be supplemented by such > > a rule if desired. > > Application state is not necessary for incoming connections which are > self-identified by source and destination IP and port; the existing > stateless firewall code can handle them completely, without introducing > problems. X arguments that disable the X11 protocol over TCP will work regardless of the configured TCP port for XFree86. Firewall rules won't. Also, firewall rules may interfere with other applications, where X11 configuration won't. Both have their place. > Actually, it would be more useful to concentrate on so-called "stealth > firewall" technology, so that OS identification due to port scans, etc., > is impossible, and so it looks as if there is no machine there > whatsoever, if there are no services actively listening AND access is > permitted to the source machine. No doubt an interesting area to explore. Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 18:50:41 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 4793E37B400; Tue, 23 Apr 2002 18:50:30 -0700 (PDT) Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.11.6/8.11.6) with SMTP id g3O1ccw36036; Tue, 23 Apr 2002 21:38:38 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Tue, 23 Apr 2002 21:38:38 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: "Greg 'groggy' Lehey" Cc: Jordan Hubbard , Oscar Bonilla , Anthony Schneider , Mike Meyer , hackers@FreeBSD.ORG Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) In-Reply-To: <20020424090655.O6425@wantadilla.lemis.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, 24 Apr 2002, Greg 'groggy' Lehey wrote: > > A more conservative default configuration results in a material > > improvement in system security. > > *snip* By snipping here, you removed reference to the fact that this was a general discussion of direction and policy, rather than specifically to do with X11, which provides an answer to a number of your questions. > > A reasonable set of criteria might include: > > > > - There have been past vulnerabilities that were exploitable by having the > > feature enabled by default. > > Which in this case? As indicated, not all of these criteria may apply in every case -- this was just a suggested list of criteria that might be applied. There have been a number of vulnerabilities in a number of different X protocol implementations. Many of them require first getting past the normal X access control mechanisms before they may be exploited, but not all. > > - The complexity and exposure of the feature lends it to future > > vulnerabilities. > > I don't see any relevance here. If you think that's a problem, then you didn't read my e-mail. However, there is actually a great deal of relevance here: protocol and implementation complexity have a lot to do with the chances that there will be a serious vulnerability. Likewise, the level of privilege associated with X11 is highly relevant: if you compromise the X server, you've got a lot to play with. > > - Turning the feature on is difficult or impossible without high levels of > > expertise. > > Fortunately, this is the case here as well. Otherwise it would really > have broken X. Sounds good to me. > > - The feature does/does not have more secure alternatives accepted by the > > broader community. > > The broader community hasn't been consulted here. Not entirely clear, but worth discussing. > > "Security by obscurity" does not refer to the act of selecting a > > conservative security policy, > > Don't get hung up on terminology. If you can't use terminology properly, we'll have a lot of trouble holding a useful conversation. I objected to your use of the term, because it has a specific meaning, and that meaning doesn't apply here. If you're not going to use the term, maybe we agree on more than we think. > What I'm talking about here are differences which users of other UNIX > systems won't know about and which will make life difficult for them, to > the extent that the casual user won't bother to try to solve the > problem. > > In the current issue of AUUGN, the journal of the Australian UNIX User > group (http://www.auug.org.au/), we gave away a FreeBSD 4.5 CD-ROM. > Based on previous actions, I'm expecting a number of people to try it > out. They're mainly experienced UNIX users; they won't want to go > reading through 80 pages of man pages when their X fails to work. > They'll throw away the CD and go back to what they were using before. I'm more interested in the general issue here, since you made the general assertion that there was a problem that stretched beyond this one issue. I'm happy to entertain the idea that we discuss this specific issue in more detail. In particular, the decision to not bind the X11 port might take into account this particular implementation (XFree86), and whether we can make this setting more accessible to the administrator (i.e., something that could be mechanically twiddled, rather than through manual editing of scripts...) > >> 2. Document these things very well. Both this ssh change and the X > >> without TCP change are confusing. If three core team members were > >> surprised, it's going to surprise the end user a whole lot more. > >> We should at least have had a HEADS UP, and we probably need a > >> security policy document with the distributions. > > > > Part of your confusion > > That's not the correct word. Not your confusion, rather, the general confusion regarding where the feature change can/should be documented, and how people should be made aware of this kind of change. > > is probably because X11 isn't part of the base system, so events > > concerning the X11 port don't tend to get discussed much on the > > general-purpose mailing lists. > > I think the issue here is that individuals make this kind of decision. > We need a broader consensus for this kind of change. As Jochem points > out, only 3 people were involved in the decision, all of them people > with security profiles which weren't affected by this change. For something like X11, we need a freebsd-x11 mailing list. Or maybe freebsd-xfree86. For most other large third party applications, we either have a single authoritative maintainer, or a mailing list. For example, both Gnome and KDE have these. > > These kinds of things do get discussed on the release engineering > > lists, questions, etc. It may be we need a "ports release notes", > > but that's an effort that's going to have to come out of the ports > > space. > > There's another issue here. This isn't the first port I've seen which > has made gratuitous changes to the original package. By "gratuitous" I > mean changes which are not necessary for making the package work under > FreeBSD. If people want to modify the behaviour of the package, they > should create a second port which clearly identifies that the behaviour > has been changed from the default. We adapt a number of applications for the FreeBSD environment and configuration. A more common way to distinguish our localizations is through a WITH_GRATUITOUS_LOCAL_CHANGES make argument, or via an interactice interface (for example, ghostscript). > > BTW, another reason few people noticed is that at this point, the > > accepted best practice for X11 forwarding is to use SSH, which can > > forward TCP-based X11 to the unix domain socket X11 communication > > primitive. The result is that X11/TCP turned off on your > > workstation doesn't limit access when you log into remote servers > > using SSH, as long as you have X11 forwarding enabled for the server > > you're logging into. > > Have you tried doing that with a Sun 3/60? Or with an AIX box? This > fix even stops connections from the same machine if you use a domain > name display format (echunga:0.2 instead of :0.2). Obsolete hardware is not an excuse for avoiding continued development. The AIX argument is more valid :-). Unfortunately, I got rid of my Sun 3/60 a few years ago. Good for a space heater, though... > > BTW, my notion of ease of use for services would be something like the > > following: ... > > My notion of ease of use would be dependent on the securelevel. I run a > network which is heavily firewalled (has to be: I have Linux boxes here > too :-), and within which the security is very lax. I have yet to see > any proof that this is a problem. Sure, set the machine up for secure > operation by default, and issue dire warnings about relaxing security, > but don't try to know better than the user. Securelevels are a specific security model that doesn't relate to this at all. Arguably, securelevels contribute more to shoot footing than about any other feature we provide easy access to with sysinstall. I'd rather leave securelevels as they are: a model restricting root privilege, and not tangle them into any more features than necessary. Securelevels are *not* a good model for security management, although they might act as a tool in a general security posture. The "security profile" concept has provided for similar confusion and problems -- witness NFS breaking between our platform and others because someone selected the default (cancel) rather than moderate as their security profile, but not to other platforms. Tying a bunch of unrelated security features together rather than just itemizing them causes a lot of confusion, especially when the security feature menus conflict with other menus that toggle the same features (enabling NFS specifically vs. having it turned back off again by sysinstall for a security profile). If we can expose this feature via rc.conf, just make it a seperate rc.conf entry and twiddle it off of the security configuration manu in sysinstall. Is that something we can do easily? Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 19:33:55 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mail.imp.ch (mail.imp.ch [157.161.1.2]) by hub.freebsd.org (Postfix) with ESMTP id 478BF37B419; Tue, 23 Apr 2002 19:33:49 -0700 (PDT) Received: from levais.imp.ch (levais.imp.ch [157.161.4.66]) by mail.imp.ch (8.11.6/8.11.6) with ESMTP id g3O2Xm544321; Wed, 24 Apr 2002 04:33:48 +0200 (CEST) Date: Wed, 24 Apr 2002 04:35:53 +0200 (CEST) From: Martin Blapp To: Cc: Subject: need help: ld final link failed. Memory exhausted Message-ID: <20020424042805.X25548-100000@levais.imp.ch> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi, Now that I finally got the openoffice build running with the stock gcc, the next problem appears. # limits Resource limits (current): cputime infinity secs filesize infinity kb datasize 524288 kb stacksize 65536 kb coredumpsize infinity kb memoryuse infinity kb memorylocked infinity kb maxprocesses 7390 openfiles 14781 sbsize infinity bytes But I get ... /usr/libexec/elf/ld: final link failed: Memory exhausted dmake: Error code 1, while making '../unxfbsd.pro/lib/libsw641fi.so' ---* TG_SLO.MK *--- ERROR: Error 65280 occurred while making /usr/ports/editors/openoffice/work/oo_641d_src/sw/util dmake: Error code 1, while making 'build_all' ---* TG_SLO.MK *--- *** Error code 255 Stop in /usr/ports/editors/openoffice. I wonder if options "MAXDSIZ='(1024 * 1024 * 1024)'" may help in the kernel. Any ideas ? Martin Martin Blapp, ------------------------------------------------------------------ ImproWare AG, UNIXSP & ISP, Zurlindenstrasse 29, 4133 Pratteln, CH Phone: +41 061 826 93 00: +41 61 826 93 01 PGP Fingerprint: B434 53FC C87C FE7B 0A18 B84C 8686 EF22 D300 551E ------------------------------------------------------------------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 19:55:11 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mail.imp.ch (mail.imp.ch [157.161.1.2]) by hub.freebsd.org (Postfix) with ESMTP id EB7CD37B427; Tue, 23 Apr 2002 19:54:30 -0700 (PDT) Received: from levais.imp.ch (levais.imp.ch [157.161.4.66]) by mail.imp.ch (8.11.6/8.11.6) with ESMTP id g3O2sS545805; Wed, 24 Apr 2002 04:54:28 +0200 (CEST) Date: Wed, 24 Apr 2002 04:56:33 +0200 (CEST) From: Martin Blapp To: Cc: Subject: Re: need help: ld final link failed. Memory exhausted Message-ID: <20020424045427.A25548-100000@levais.imp.ch> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi, Setting the max stacksize to 128MB helped. Can we have this as default ? As many users plan to use staroffice, requiring them to recompile kernel just for this would be ... Anyway, is there a reason that the maxstack is 64MB only ? Martin Martin Blapp, ------------------------------------------------------------------ ImproWare AG, UNIXSP & ISP, Zurlindenstrasse 29, 4133 Pratteln, CH Phone: +41 061 826 93 00: +41 61 826 93 01 PGP Fingerprint: B434 53FC C87C FE7B 0A18 B84C 8686 EF22 D300 551E ------------------------------------------------------------------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 19:59:16 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by hub.freebsd.org (Postfix) with ESMTP id A8A4B37B405; Tue, 23 Apr 2002 19:59:11 -0700 (PDT) Received: by elvis.mu.org (Postfix, from userid 1192) id 8242BAE160; Tue, 23 Apr 2002 19:59:11 -0700 (PDT) Date: Tue, 23 Apr 2002 19:59:11 -0700 From: Alfred Perlstein To: Martin Blapp Cc: freebsd-hackers@freebsd.org, tmm@freebsd.org Subject: Re: need help: ld final link failed. Memory exhausted Message-ID: <20020424025911.GA38320@elvis.mu.org> References: <20020424045427.A25548-100000@levais.imp.ch> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020424045427.A25548-100000@levais.imp.ch> User-Agent: Mutt/1.3.27i Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG * Martin Blapp [020423 19:55] wrote: > > Hi, > > Setting the max stacksize to 128MB helped. Can we have this as > default ? > > As many users plan to use staroffice, requiring them to recompile > kernel just for this would be ... > > Anyway, is there a reason that the maxstack is 64MB only ? Because 64MB of stack should be enough for anybody? -- -Alfred Perlstein [alfred@freebsd.org] 'Instead of asking why a piece of software is using "1970s technology," start asking why software is ignoring 30 years of accumulated wisdom.' Tax deductible donations for FreeBSD: http://www.freebsdfoundation.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 20: 2:43 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mail.imp.ch (mail.imp.ch [157.161.1.2]) by hub.freebsd.org (Postfix) with ESMTP id 575E437B405; Tue, 23 Apr 2002 20:02:40 -0700 (PDT) Received: from levais.imp.ch (levais.imp.ch [157.161.4.66]) by mail.imp.ch (8.11.6/8.11.6) with ESMTP id g3O32a546431; Wed, 24 Apr 2002 05:02:37 +0200 (CEST) Date: Wed, 24 Apr 2002 05:04:41 +0200 (CEST) From: Martin Blapp To: Alfred Perlstein Cc: , Subject: Re: need help: ld final link failed. Memory exhausted In-Reply-To: <20020424025911.GA38320@elvis.mu.org> Message-ID: <20020424050345.U25548-100000@levais.imp.ch> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > Because 64MB of stack should be enough for anybody? times have changed ... it seems. The OpenOffice build linking needs definitly more that 64MB. Martin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 20:23:57 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from wantadilla.lemis.com (wantadilla.lemis.com [192.109.197.80]) by hub.freebsd.org (Postfix) with ESMTP id 695ED37B416; Tue, 23 Apr 2002 20:23:48 -0700 (PDT) Received: by wantadilla.lemis.com (Postfix, from userid 1004) id 3D7138149A; Wed, 24 Apr 2002 12:53:45 +0930 (CST) Date: Wed, 24 Apr 2002 12:53:45 +0930 From: Greg 'groggy' Lehey To: Robert Watson Cc: Jordan Hubbard , Oscar Bonilla , Anthony Schneider , Mike Meyer , hackers@FreeBSD.ORG Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) Message-ID: <20020424125345.B50826@wantadilla.lemis.com> References: <20020424090655.O6425@wantadilla.lemis.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.23i Organization: The FreeBSD Project Phone: +61-8-8388-8286 Fax: +61-8-8388-8725 Mobile: +61-418-838-708 WWW-Home-Page: http://www.FreeBSD.org/ X-PGP-Fingerprint: 9A1B 8202 BCCE B846 F92F 09AC 22E6 F290 507A 4223 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tuesday, 23 April 2002 at 21:38:38 -0400, Robert Watson wrote: > > On Wed, 24 Apr 2002, Greg 'groggy' Lehey wrote: > >>> A more conservative default configuration results in a material >>> improvement in system security. >> >> *snip* > > By snipping here, you removed reference to the fact that this was a > general discussion of direction and policy, rather than specifically > to do with X11, which provides an answer to a number of your > questions. Sorry, I wasn't trying to obfuscate anything. I was just trying to limit the message to a manageable length. It didn't come across too well, though. >>> - The feature does/does not have more secure alternatives accepted by the >>> broader community. >> >> The broader community hasn't been consulted here. > > Not entirely clear, but worth discussing. Well, I see the "broader community" as the users. Now it's true that they don't have that much of a say, but what I'm seeing here is that very few people get to make these decisions. >>> "Security by obscurity" does not refer to the act of selecting a >>> conservative security policy, >> >> Don't get hung up on terminology. > > If you can't use terminology properly, we'll have a lot of trouble > holding a useful conversation. In this particular case, the subject line was meant ironically and was mainly intended to catch people's eyes. Until you mentioned it, it didn't occur in the text. > I'm more interested in the general issue here, since you made the > general assertion that there was a problem that stretched beyond > this one issue. Well, we saw the ssh problem as well; that's more than one. We also see things like rsh and rlogin die, maybe due to lack of love. I'm sure there are many more, some of which I have seen and accepted, others which I have seen and couldn't be bothered to complain, and others again that I haven't seen and that may or may not bite me in the future. The issue here is that the choice shouldn't be left to the individual if we're working as a team. > I'm happy to entertain the idea that we discuss this specific issue > in more detail. In particular, the decision to not bind the X11 > port might take into account this particular implementation > (XFree86), and whether we can make this setting more accessible to > the administrator (i.e., something that could be mechanically > twiddled, rather than through manual editing of scripts...) Well, what about checking securelevel before setting --nolisten-tcp? >> I think the issue here is that individuals make this kind of decision. >> We need a broader consensus for this kind of change. As Jochem points >> out, only 3 people were involved in the decision, all of them people >> with security profiles which weren't affected by this change. > > For something like X11, we need a freebsd-x11 mailing list. Or maybe > freebsd-xfree86. For most other large third party applications, we either > have a single authoritative maintainer, or a mailing list. For example, > both Gnome and KDE have these. No, that's only part of the issue, though it's an important one. I've had complaints from Apache people that we're not communicating back enough, for example. >> My notion of ease of use would be dependent on the securelevel. I run a >> network which is heavily firewalled (has to be: I have Linux boxes here >> too :-), and within which the security is very lax. I have yet to see >> any proof that this is a problem. Sure, set the machine up for secure >> operation by default, and issue dire warnings about relaxing security, >> but don't try to know better than the user. > > Securelevels are a specific security model that doesn't relate to this at > all. Arguably, securelevels contribute more to shoot footing than about > any other feature we provide easy access to with sysinstall. I'd rather > leave securelevels as they are: a model restricting root privilege, and > not tangle them into any more features than necessary. Securelevels are > *not* a good model for security management, although they might act as a > tool in a general security posture. The "security profile" concept has > provided for similar confusion and problems -- witness NFS breaking > between our platform and others because someone selected the default > (cancel) rather than moderate as their security profile, but not to other > platforms. Tying a bunch of unrelated security features together rather > than just itemizing them causes a lot of confusion, especially when the > security feature menus conflict with other menus that toggle the same > features (enabling NFS specifically vs. having it turned back off again by > sysinstall for a security profile). If we can expose this feature via > rc.conf, just make it a seperate rc.conf entry and twiddle it off of the > security configuration manu in sysinstall. Is that something we can do > easily? I think the issue is POLA. Sure, we can put in individual knobs to twiddle, but who will do that? I thought that securelevel would have been a suitable solution to say "I want approximately *this* much security". If that's not the case, then we need a few generic statements which can then be further refined. Greg -- See complete headers for address and phone numbers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 20:35: 8 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id D486A37B404; Tue, 23 Apr 2002 20:34:59 -0700 (PDT) Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.11.6/8.11.6) with SMTP id g3O3Ymw44575; Tue, 23 Apr 2002 23:34:48 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Tue, 23 Apr 2002 23:34:47 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: "Greg 'groggy' Lehey" Cc: Jordan Hubbard , Oscar Bonilla , Anthony Schneider , Mike Meyer , hackers@FreeBSD.org Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) In-Reply-To: <20020424125345.B50826@wantadilla.lemis.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, 24 Apr 2002, Greg 'groggy' Lehey wrote: > > I'm more interested in the general issue here, since you made the > > general assertion that there was a problem that stretched beyond > > this one issue. > > Well, we saw the ssh problem as well; that's more than one. We also see > things like rsh and rlogin die, maybe due to lack of love. I'm sure > there are many more, some of which I have seen and accepted, others > which I have seen and couldn't be bothered to complain, and others again > that I haven't seen and that may or may not bite me in the future. The > issue here is that the choice shouldn't be left to the individual if > we're working as a team. The ssh issue is a bug. It has been fixed in -CURRENT, it should be fixed in -STABLE. It's not a sign of a bad trend in design, it should simply be changed. My disagreement with the solution was that the bug was being whacked in the wrong place: rather than fixing the bug, the suggested solution was to disable challenge response authentication entirely (?), or disable S/Key entirely. Neither resolved the real problem, especially if you want to use S/Key for some users, but not for all users. > > I'm happy to entertain the idea that we discuss this specific issue > > in more detail. In particular, the decision to not bind the X11 > > port might take into account this particular implementation > > (XFree86), and whether we can make this setting more accessible to > > the administrator (i.e., something that could be mechanically > > twiddled, rather than through manual editing of scripts...) > > Well, what about checking securelevel before setting --nolisten-tcp? I'm really unhappy with the idea of using securelevel for this. Securelevel if a kernel value that determines the outcome of a certain set of privileged operations, limiting root access. Well, modulo a little bit of abuse in the ipfilter code regarding a kernel callout, but it's arguable that really is abuse. This is a userland issue regarding socket binding choices by an application. > > For something like X11, we need a freebsd-x11 mailing list. Or maybe > > freebsd-xfree86. For most other large third party applications, we either > > have a single authoritative maintainer, or a mailing list. For example, > > both Gnome and KDE have these. > > No, that's only part of the issue, though it's an important one. I've > had complaints from Apache people that we're not communicating back > enough, for example. I'm not all that surprised to here that, but I'm not sure I know enough about the ports community to give direction there, other than to say "this needs fixing". > I think the issue is POLA. Sure, we can put in individual knobs to > twiddle, but who will do that? I thought that securelevel would have > been a suitable solution to say "I want approximately *this* much > security". If that's not the case, then we need a few generic > statements which can then be further refined. I think securelevel is the wrong twiddle. If there aren't better twiddles, they can be created. Personally, I think a twiddle that reads: [X] Enable remote TCP-based access to X11 display, subject to normal X11 access control policy. would make much more sense than keying it to some general knob with diminished meaning. In particular, things like: [ ] Workstation security [ ] Secure workstation security [ ] Firewall security make little or no sense to anyone. I think the primary example of something that could use a better management tool is inetd.conf, but I'm not sure that's happening (see past threads on the topic). Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 20:45:40 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 072D937B41A; Tue, 23 Apr 2002 20:45:35 -0700 (PDT) Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.11.6/8.11.6) with SMTP id g3O3jOw45443; Tue, 23 Apr 2002 23:45:24 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Tue, 23 Apr 2002 23:45:23 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: "Greg 'groggy' Lehey" Cc: Jordan Hubbard , Oscar Bonilla , Anthony Schneider , Mike Meyer , hackers@FreeBSD.org Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) In-Reply-To: <20020424125345.B50826@wantadilla.lemis.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, 24 Apr 2002, Greg 'groggy' Lehey wrote: > I think the issue is POLA. Sure, we can put in individual knobs to > twiddle, but who will do that? I thought that securelevel would have > been a suitable solution to say "I want approximately *this* much > security". If that's not the case, then we need a few generic > statements which can then be further refined. FWIW, the place where this should really go is the X11 configuration tool -- if we extend the configurability of an application, the confuration twiddles for that should live (and be documented) in the normal places for that application, and not have any hooks of this sort in the base system. BTW, one really good reason not to tie securelevel and X11 behavior is that securelevels (when high) specifically break X11, and likewise, other management functionality that you might want to use with X11. Overloading twiddles in this manner is a bad thing :-). Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 20:49:55 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mail.webjockey.net (mail.webjockey.net [208.141.46.3]) by hub.freebsd.org (Postfix) with ESMTP id C6C7237B400 for ; Tue, 23 Apr 2002 20:49:53 -0700 (PDT) Received: from stormspe.outloud.org (ISSA.cm.gscyclone.com [24.206.5.44]) by mail.webjockey.net (8.12.3/8.12.3) with ESMTP id g3O3njhQ096161 for ; Tue, 23 Apr 2002 23:49:49 -0400 (EDT) (envelope-from gary@outloud.org) Message-Id: <5.1.1.2.2.20020423234448.02434dd0@208.141.46.3> X-Sender: ancient@208.141.46.3 (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 5.1.1.3 (Beta) Date: Tue, 23 Apr 2002 23:50:07 -0400 To: freebsd-hackers@FreeBSD.ORG From: Gary Stanley Subject: SB Audigy Driver? Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Anyone know if the current set of FreeBSD pcm drivers support Sound Blaster Audigy? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 21:45:30 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from 12-234-22-238.client.attbi.com (12-234-90-219.client.attbi.com [12.234.90.219]) by hub.freebsd.org (Postfix) with ESMTP id E923537B400 for ; Tue, 23 Apr 2002 21:45:23 -0700 (PDT) Received: from Master.gorean.org (master.gorean.org [10.0.0.2]) by 12-234-22-238.client.attbi.com (8.12.2/8.12.2) with ESMTP id g3O4jMHt079136; Tue, 23 Apr 2002 21:45:22 -0700 (PDT) (envelope-from DougB@FreeBSD.org) Received: from Master.gorean.org (zoot [127.0.0.1]) by Master.gorean.org (8.12.2/8.12.2) with ESMTP id g3O4jPLr066468; Tue, 23 Apr 2002 21:45:25 -0700 (PDT) (envelope-from DougB@FreeBSD.org) Received: from localhost (doug@localhost) by Master.gorean.org (8.12.2/8.12.2/Submit) with ESMTP id g3O4jOc3066465; Tue, 23 Apr 2002 21:45:25 -0700 (PDT) X-Authentication-Warning: Master.gorean.org: doug owned process doing -bs Date: Tue, 23 Apr 2002 21:45:24 -0700 (PDT) From: Doug Barton X-X-Sender: doug@master.gorean.org To: David Xu Cc: freebsd-hackers@FreeBSD.org Subject: Re: fix wrong PNP ID comment In-Reply-To: <20020422090317.76678.qmail@web20901.mail.yahoo.com> Message-ID: <20020423214452.N66402-100000@master.gorean.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Please submit such things as problem reports. Take a look at 'man send-pr' if you need help. -- "We have known freedom's price. We have shown freedom's power. And in this great conflict, ... we will see freedom's victory." - George W. Bush, President of the United States State of the Union, January 28, 2002 Do YOU Yahoo!? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 21:50:11 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from 12-234-22-238.client.attbi.com (12-234-90-219.client.attbi.com [12.234.90.219]) by hub.freebsd.org (Postfix) with ESMTP id 0BDA037B442 for ; Tue, 23 Apr 2002 21:49:53 -0700 (PDT) Received: from Master.gorean.org (master.gorean.org [10.0.0.2]) by 12-234-22-238.client.attbi.com (8.12.2/8.12.2) with ESMTP id g3O4nqHt079180; Tue, 23 Apr 2002 21:49:52 -0700 (PDT) (envelope-from DougB@FreeBSD.org) Received: from Master.gorean.org (zoot [127.0.0.1]) by Master.gorean.org (8.12.2/8.12.2) with ESMTP id g3O4nsLr066476; Tue, 23 Apr 2002 21:49:54 -0700 (PDT) (envelope-from DougB@FreeBSD.org) Received: from localhost (doug@localhost) by Master.gorean.org (8.12.2/8.12.2/Submit) with ESMTP id g3O4nhga066473; Tue, 23 Apr 2002 21:49:54 -0700 (PDT) X-Authentication-Warning: Master.gorean.org: doug owned process doing -bs Date: Tue, 23 Apr 2002 21:49:43 -0700 (PDT) From: Doug Barton X-X-Sender: doug@master.gorean.org To: Dmitry Mottl Cc: freebsd-hackers@FreeBSD.org Subject: Re: make installworld failed on 4.0-RELEASE In-Reply-To: Message-ID: <20020423214905.M66402-100000@master.gorean.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, 22 Apr 2002, Dmitry Mottl wrote: > Hi, I have a problem when installing 4-STABLE on 4.0-RELEASE from remotely > mounted /usr/src and /usr/obj: > ELF binary type not known. Use "brandelf" to brand it You're trying to cross an upgrade boundary that just won't fly. Back up your data and install clean from scratch. Good luck, Doug -- "We have known freedom's price. We have shown freedom's power. And in this great conflict, ... we will see freedom's victory." - George W. Bush, President of the United States State of the Union, January 28, 2002 Do YOU Yahoo!? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 22:23:55 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from HAL9000.wox.org (12-232-222-90.client.attbi.com [12.232.222.90]) by hub.freebsd.org (Postfix) with ESMTP id 3DB2337B41E; Tue, 23 Apr 2002 22:23:51 -0700 (PDT) Received: (from das@localhost) by HAL9000.wox.org (8.11.6/8.11.6) id g3O5NvU03926; Tue, 23 Apr 2002 22:23:57 -0700 (PDT) (envelope-from das) Date: Tue, 23 Apr 2002 22:23:57 -0700 From: David Schultz To: Terry Lambert Cc: Jochem Kossen , frank@exit.com, "Greg 'groggy' Lehey" , hackers@FreeBSD.ORG Subject: Re: Security through obscurity? (and /etc/defaults/rc.conf changes) Message-ID: <20020423222357.D3593@HAL9000.wox.org> Mail-Followup-To: Terry Lambert , Jochem Kossen , frank@exit.com, Greg 'groggy' Lehey , hackers@FreeBSD.ORG References: <200204231454.g3NEsxFR019646@realtime.exit.com> <200204231839.44923.j.kossen@home.nl> <3CC5A7DC.FD06DC11@mindspring.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3CC5A7DC.FD06DC11@mindspring.com>; from tlambert2@mindspring.com on Tue, Apr 23, 2002 at 11:28:44AM -0700 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Thus spake Terry Lambert : > The entire idea of "bit rot" is really "the code did not keep > ``up to date'' with my changes, which broke the code", which > is really a ridiculous position. > > It really pissed me off when the AHA-1742 support dropped out > when CAM came in, but that, at least, was understandable, since > it was a trade: something deisrable for something less desirable > to the majority of users. > > You really *can not* blame breaking "something that used to work > but which no longer works" on "evolution". Aah...we'd better put uucp back in the base system, then. Never mind that it might have security problems that we don't know about. :P To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Tue Apr 23 23:50:23 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from beppo.feral.com (beppo.feral.com [192.67.166.79]) by hub.freebsd.org (Postfix) with ESMTP id 30D2837B405; Tue, 23 Apr 2002 23:50:17 -0700 (PDT) Received: from mailhost.feral.com (mjacob@mailhost.feral.com [192.67.166.1]) by beppo.feral.com (8.11.3/8.11.3) with ESMTP id g3O6oGf31093; Tue, 23 Apr 2002 23:50:16 -0700 (PDT) (envelope-from mjacob@feral.com) Date: Tue, 23 Apr 2002 23:50:16 -0700 (PDT) From: Matthew Jacob X-Sender: mjacob@beppo Reply-To: mjacob@feral.com To: John Baldwin Cc: hackers@FreeBSD.ORG Subject: mutex owned stuff fallible? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG This is a recent i386 SMP kernel: panic: mutex isp not owned at ../../../kern/kern_synch.c:449 cpuid = 0; lapic.id = 00000000 Debugger("panic") Stopped at Debugger+0x41: xorl %eax,%eax db> db> t Debugger(c031189a) at Debugger+0x41 panic(c0310ae8,c030470d,c0312018,1c1,d2d08438) at panic+0xd8 _mtx_assert(d2d0843c,9,c0312018,1c1,69) at _mtx_assert+0x59 msleep(d2d08438,d2d0843c,4c,c0301260,7d0) at msleep+0x157 isp_mboxcmd(d2d08400,d2d19c04,f,d07dee8,0) at isp_mboxcmd+0x19c isp_fw_state(d2d08400,d2d19c54,d2d08400,d2d09000,d2d08400) at isp_fw_state+0x2b isp_fclink_test(d2d08400,1e8480,d2d08400,d2d09000,d2d0843c) at isp_fclink_test+0x5d isp_control(d2d08400,4,d2d19d18) at isp_control+0x28b isp_kthread(d2d08400,d2d19d48,d2d02a3c,c017b25c,0) at isp_kthread+0x6d fork_exit(c017b25c,d2d08400,d2d19d48) at fork_exit+0x88 fork_trampoline() at fork_trampoline+0x37 Examination of the code path shows to me that this has been what it has been for months- isp_lock is grabbed at the top of isp_kthread- various cv_wait && msleeps *should* assure it's still grabbed at the point in time it calls the inline isp_fc_runstate which then calls isp_control...isp_mboxcmd...where isp_mboxcmd calls msleep with isp_lock as the (should be still owned) argument. WTF, O? -matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 1:16:49 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from retaliator.nodes.network.xencor.net (h66-59-162-150.gtconnect.net [66.59.162.150]) by hub.freebsd.org (Postfix) with ESMTP id 5B79A37B41C for ; Wed, 24 Apr 2002 01:16:44 -0700 (PDT) Received: (from neos@localhost) by retaliator.nodes.network.xencor.net (8.11.0/8.11.0) id g3O8GVD19735 for Zak ; Wed, 24 Apr 2002 08:16:31 GMT Date: Wed, 24 Apr 2002 08:16:31 GMT From: Rotwang Message-Id: <200204240816.g3O8GVD19735@retaliator.nodes.network.xencor.net> X-Authentication-Warning: retaliator.nodes.network.xencor.net: neos set sender to rotwang using -f Cc: hackerpx@hotmail.com, hackerr116@aol.com, hackers@FreeBSD.org, hackers@hackers-for-hire.com, hackers@lists.samba.org Subject: Re: Your Acount ID is 215069414 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I have recieved your message dated Wed, 24 Apr 2002 08:16:26 +0000 (zulu). I have scanned the message for spam addresses which will be blocked from future access. Now listen here. Your e-mail appears to amount to nothing more than a worthless spam. You have 36 hours to explain yourself to my satisfaction. If you do not, I shall have no choice but to consider you a spammer, and I shall take whatever steps neccessary to prevent further spammings from you. Now listen here. Your e-mail appears to amount to nothing more than a worthless spam. You have 36 hours to explain yourself to my satisfaction. If you do not, I shall have no choice but to consider you a spammer, and I shall take whatever steps neccessary to prevent further spammings from you. I did not identify any new spammers this time. Goodbye, Zak. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 1:16:57 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from everlast.instigator.nodes.network.xencor.net (CPE006008024071.cpe.net.cable.rogers.com [24.101.113.230]) by hub.freebsd.org (Postfix) with ESMTP id 5B20A37B41A for ; Wed, 24 Apr 2002 01:16:42 -0700 (PDT) Received: from localhost (zak@localhost) by everlast.instigator.nodes.network.xencor.net (8.11.0/8.11.0) with ESMTP id g3O8GRA08675; Wed, 24 Apr 2002 08:16:27 GMT X-Authentication-Warning: everlast.instigator.nodes.network.xencor.net: zak owned process doing -bs Date: Wed, 24 Apr 2002 08:16:26 +0000 (zulu) From: Zak X-Sender: zak@everlast.instigator.nodes.network.xencor.net To: "REACTOR : IDS spam reporting solution" , teen4free@aol.com Cc: hackerpx@hotmail.com, hackerr116@aol.com, hackers@FreeBSD.org, hackers@hackers-for-hire.com, hackers@lists.samba.org Subject: Re: Your Acount ID is 215069414 In-Reply-To: <200204220124.GAA04719@web20.linux-hosting.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG [RESPONSE:] ->Below is the result of your feedback form. It was submitted by -> (teen4free@aol.com) on Monday, April 22, 2002 at 06:24:46 ->--------------------------------------------------------------------------- -> ->:

Adult Membership Approved
Your Application Has been Processed And ACCEPTED


free gallery membership at TEEN4FREE galleries


>>HERE to enter<<


(if this email was sent in error, please ignore it)

-> -> ->--------------------------------------------------------------------------- -> Zak Power - COO / XENCOR Technologies International E-MAIL : zak@zak-power.com WEB : http://www.zak-power.com MAIL : 599-B Yonge Street #280, Toronto, Ontario, Canada, M4Y-1Z4 TELEPHONE : (416)-841-2840 "Sed quis custodiet ipsos custodes?" (C) 2001 XENCOR Technologies The information in this e-mail is copyrighted material, intended only for the person or entity to which it is addressed. It may contain confidential and / or priviliged material. If someone other than the intended recipient should receive or come into possession of this e-mail, he / she will not be entitled to read, disseminate, disclose or duplicate it. If you receive this e-mail unintentionally, please inform us immediately by "reply" and then delete it from your system. XENCOR shall not be liable for the correct and complete transmission of the contents of a transmitted e-mail, or for any delay in its receipt. This e-mail message does not create any contractual obligations for XENCOR. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 1:22:11 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mail3.home.nl (mail3.home.nl [213.51.129.227]) by hub.freebsd.org (Postfix) with ESMTP id C674A37B419; Wed, 24 Apr 2002 01:21:57 -0700 (PDT) Received: from lisa.CC40670-a.groni1.gr.nl.home.com ([217.123.110.189]) by mail3.home.nl (InterMail vM.4.01.03.00 201-229-121) with ESMTP id <20020424082007.BOKM9830.mail3.home.nl@lisa.CC40670-a.groni1.gr.nl.home.com>; Wed, 24 Apr 2002 10:20:07 +0200 Content-Type: text/plain; charset="iso-8859-1" From: Jochem Kossen To: "Greg 'groggy' Lehey" Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) Date: Wed, 24 Apr 2002 10:21:54 +0200 X-Mailer: KMail [version 1.4] References: <200204231206.01451.j.kossen@home.nl> <20020424084444.N6425@wantadilla.lemis.com> In-Reply-To: <20020424084444.N6425@wantadilla.lemis.com> Cc: hackers@FreeBSD.org MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-Id: <200204241021.54339.j.kossen@home.nl> Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wednesday 24 April 2002 01:14, you wrote: > On Tuesday, 23 April 2002 at 12:06:01 +0200, Jochem Kossen wrote: > > On Tuesday 23 April 2002 11:04, you wrote: > > [...] > > > >>>> I've been noticing a continuing trend for more and more "safe" > >>>> configurations the default. I spent half a day recently trying > >>>> to find why I could no longer open windows on my X display, only > >>>> to discover that somebody had turned off tcp connections by > >>>> default. > >>> > >>> *shrug* I was the one who sent in the patch. It was added some > >>> time around 2001/10/26 to the XFree86-4 megaport. When the > >>> metaport was created, the patch was incorporated too. > >>> > >>> A simple 'man startx' should have cleared your mind: > >> > >> Well, yes. But I've been using X for 11 years. Why should I have > >> to read the man page to find changes? > > > > Because things evolve? :) > > Not a good reason. If they evolve, the evolution should be more > clearly documented. Yep, I agree. It was a mistake to not document it further, so let's=20 solve that problem. > >> How do I know which man page to read? > > > > You start X with startx, seems obvious to me. The disabling of tcp > > connections only applies to startx > > I don't stay with startx. Next I go to xinit, then to Xwrapper, then > to X. All of these work fine. When I try to start an xterm, nothing > happens. So I read the haystack of man pages for all these programs > looking for a possible needle? That's 4314 lines of man pages > (Xwrapper doesn't have a man page, so Murphy says that it's probably > in Xwrapper). Based on prior experience, startx would be the last > place I would look. In fact, I suspected a networking problem. Hmm...yes, you're right about this! > >> If I did that for everything that happened, I wouldn't get any > >> work done. And you can bet your bottom dollar that somebody > >> coming from another UNIX variant and trying out FreeBSD won't do > >> so. > > > > OK, then i suggest we mention it in the handbook, the security > > policy document, the manpage AND the release notes :) > > You've heard my suggestions. Yes, and I still like number 1 best (document it clearly) > >> They'll just say that it's broken and wander off again. > > I note you don't comment on this one. OK, hereby I do: You're talking about users coming from a different UNIX OS. I think it's=20 reasonable for those users to expect differences in a different system.=20 Things like this are normal between different operating systems in my=20 opinion. That it should be documented far better, I agree (but i=20 already said that 1000 times now I believe) I think the issue is mostly an annoying thing for users which already=20 have been using FreeBSD for a while. Suddenly something changes, and=20 stuff doesn't work anymore the way it used to do, just like with you. > >>> In the case of the X patch, i'd add it to the release notes AND > >>> the security policy document, since - i think - few people will > >>> look in the security policy document for such a problem. > >> > >> I think it shouldn't happen at all unless people agree to it. > > > > 3 people did, 0 people did not...read below > > So only 3 people use X? Get real. You just haven't heard any > objections up to now. I found out about this several weeks ago, but > I didn't complain because I was expecting replies with the > perspective you're showing. So what? You avoided the discussion? Apparently quite a few people agree=20 with you. IMHO if people want things to change for the better, people=20 need to speak up. Wether they are wrong or right doesn't really matter.=20 Discussions are a good way to come to a reasonable conclusion/solution. > >>> I do have to say you're the first one I see who complains about > >>> this... > >> > >> Maybe the others have given up. > > > > LOL > > THIS IS NO LAUGHING MATTER. It's this kind of change which is going > to stop people from using FreeBSD. If this kind of thing happens too often(yeah yeah, "once is already too=20 often"), then yes, you're right i guess. > >> But since we're on the subject, why? What's so insecure about X > >> TCP connections? Until you explicitly allow connections, the only > >> system that can open the server is the local system. > > > > For the simple reason I don't like useless open ports on my system. > > I don't use it, _most_ other people don't use it, so i sent in a > > patch. > Fine, I'm not telling you how to run your system. I don't want you > telling me how to run my network. I didn't, and I don't. I changed a default which seemed wrong to me. But let's say you don't like something about FreeBSD, and you make a=20 change. You like the result. You show it to others, who also like the=20 result. What would you do when you think it really is an improvement?=20 send it in, or keep it to yourself? > I note that you still haven't given a good technical reason for it. 1) Other people in the thread have done so (X11 over ssh should be=20 encouraged among other things...) 2) Why would every change have to have a technical reason? I made this=20 patch for security reasons. Security is not only a process of solving problems. It's _mostly_ a=20 process of taking precautions and solving problems BEFORE they occur.=20 IMHO I took a precaution here, which is a good enough reason to me. When i sent in the patch, I didn't have a good _technical_ reason,=20 unless you consider security precautions itself as a technical reason. > > Of course, it was only discussed on the ports@ mailinglist, but it > > didn't seem like such a big deal to me or apparently the others... > > That doesn't help end users. We have a user community out there. True, thus we need to do something about it. So here are a few concrete=20 suggestions, also mentioned by others in the thread: - startx is just a normal shellscript. It could display a message like=20 this whenever you start it without the -listen_tcp option: *** WARNING *** startx has been defaulted to disable TCP connections for security=20 reasons. If you require this, use 'startx -listen_tcp' *************** - Put a message like that in pkg-message - Add an environment variable like "X11TCP" which can be set to YES or=20 NO (I don't like the name "X11TCP" for this, anyone got a better=20 suggestion?) - Document it everywhere reasonable. Someone (I think Robert Watson)=20 mentioned "ports release notes" which sounds like a good thing to me=20 for things like this. Of course, this would only help for one release,=20 since at the next release it won't be in there anymore. Perhaps=20 deciding where to document it needs another -small- discussion on doc@ I'd like your response to the suggestions here...IMHO we should do these=20 all. If it's ok with you and others who read this message, I'll open a=20 PR on ports@ with a revised patch to startx with the pkg-message, the=20 warning when startx starts and startx which looks for the environment=20 variable. If someone else wants to do it, or has better suggestions, please do and=20 let me/us know. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 2:31:16 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from scaup.prod.itd.earthlink.net (scaup.mail.pas.earthlink.net [207.217.120.49]) by hub.freebsd.org (Postfix) with ESMTP id B560737B421; Wed, 24 Apr 2002 02:31:08 -0700 (PDT) Received: from pool0066.cvx21-bradley.dialup.earthlink.net ([209.179.192.66] helo=mindspring.com) by scaup.prod.itd.earthlink.net with esmtp (Exim 3.33 #2) id 170J6X-0001mA-00; Wed, 24 Apr 2002 02:30:25 -0700 Message-ID: <3CC67B14.36034AA8@mindspring.com> Date: Wed, 24 Apr 2002 02:29:56 -0700 From: Terry Lambert X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: "Matthew N. Dodd" Cc: Jochem Kossen , frank@exit.com, Greg 'groggy' Lehey , hackers@FreeBSD.ORG Subject: Re: Security through obscurity? (and /etc/defaults/rc.conf changes) References: <20020423212345.M42854-100000@sasami.jurai.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG "Matthew N. Dodd" wrote: > On Tue, 23 Apr 2002, Terry Lambert wrote: > > It really pissed me off when the AHA-1742 support dropped out when CAM > > came in, but that, at least, was understandable, since it was a trade: > > something deisrable for something less desirable to the majority of > > users. > > AHA-1742 works again now. > > Maybe you're talking about Ultrastore 24F support? No, I was talking about 1742. I know it works again now. It was orphaned for a long time. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 2:40:29 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from scaup.prod.itd.earthlink.net (scaup.mail.pas.earthlink.net [207.217.120.49]) by hub.freebsd.org (Postfix) with ESMTP id 9FC7A37B41D; Wed, 24 Apr 2002 02:40:23 -0700 (PDT) Received: from pool0066.cvx21-bradley.dialup.earthlink.net ([209.179.192.66] helo=mindspring.com) by scaup.prod.itd.earthlink.net with esmtp (Exim 3.33 #2) id 170JDk-0005BN-00; Wed, 24 Apr 2002 02:37:52 -0700 Message-ID: <3CC67CD3.A16A0F66@mindspring.com> Date: Wed, 24 Apr 2002 02:37:23 -0700 From: Terry Lambert X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Robert Watson Cc: Greg 'groggy' Lehey , Jordan Hubbard , Oscar Bonilla , Anthony Schneider , Mike Meyer , hackers@FreeBSD.ORG Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Robert Watson wrote: > On Wed, 24 Apr 2002, Greg 'groggy' Lehey wrote: > > > A more conservative default configuration results in a material > > > improvement in system security. > > > > *snip* > > By snipping here, you removed reference to the fact that this was a > general discussion of direction and policy, rather than specifically to do > with X11, which provides an answer to a number of your questions. People really try to avoid policy decisions; they trap them into doing in the future what they say now that they will do in the future (damned consistency!). > As indicated, not all of these criteria may apply in every case -- this > was just a suggested list of criteria that might be applied. There have > been a number of vulnerabilities in a number of different X protocol > implementations. Many of them require first getting past the normal X > access control mechanisms before they may be exploited, but not all. ??? Which ones don't require that? The only ones I can think of are TCP vulnerabilities (as I said before), and you aren't going to fix a TCP vulnerability unless you turn off *all* TCP-based services, not just X11. > If you think that's a problem, then you didn't read my e-mail. However, > there is actually a great deal of relevance here: protocol and > implementation complexity have a lot to do with the chances that there > will be a serious vulnerability. Likewise, the level of privilege > associated with X11 is highly relevant: if you compromise the X server, > you've got a lot to play with. I keep hearing "complexity := vulnerability". I'd really, really like to see a mathematical proof of this theory. [ ... ] > We adapt a number of applications for the FreeBSD environment and > configuration. A more common way to distinguish our localizations is > through a WITH_GRATUITOUS_LOCAL_CHANGES make argument, or via an > interactice interface (for example, ghostscript). 8-) 8-) I like it. [ ... ] > If we can expose this feature via > rc.conf, just make it a seperate rc.conf entry and twiddle it off of the > security configuration manu in sysinstall. Is that something we can do > easily? I think the way to do this is with firewall rules. Making everything read rc.conf is a pretty useless thing to do. It's also dangerous to make a single rc.conf line apply to more than one thing, since then it permits alternate (potentially conflicting) interpretations of meaning. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 2:49:24 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from hawk.mail.pas.earthlink.net (hawk.mail.pas.earthlink.net [207.217.120.22]) by hub.freebsd.org (Postfix) with ESMTP id 2B4A137B427; Wed, 24 Apr 2002 02:49:12 -0700 (PDT) Received: from pool0066.cvx21-bradley.dialup.earthlink.net ([209.179.192.66] helo=mindspring.com) by hawk.mail.pas.earthlink.net with esmtp (Exim 3.33 #2) id 170JOF-00038s-00; Wed, 24 Apr 2002 02:48:43 -0700 Message-ID: <3CC67F5E.44FC802D@mindspring.com> Date: Wed, 24 Apr 2002 02:48:14 -0700 From: Terry Lambert X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Robert Watson Cc: Greg 'groggy' Lehey , Jordan Hubbard , Oscar Bonilla , Anthony Schneider , Mike Meyer , hackers@FreeBSD.org Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Robert Watson wrote: > On Tue, 23 Apr 2002, Terry Lambert wrote: > > > The reality is that reducing exposure is an important part of any security > > > posture. > > > > This is an argument for security through obscurity. > > > > If we are talking risk reduction, then we can easily achieve it > > statistically through obscurity. In fact, this is exactly what FreeBSD > > does through its choice of TCP sequence numbers. > > "Security by obscurity" refers to a behavioral phenomena in system design > and delivery, not to a technical design principle. For example, it refers > to using a secret algorithm, but does not refer to using a secret key with > a published algorithm. So disabling services in a default configuration > reduces risk by reducing exposure, but it's not security by obscurity. However, if the goal is risk reduction, then "securty by obscurity" arguably reduces risk. > When shipping third party code, or our own code, we accept that some code > is more at risk than other code. That risk might be the result of > complexity, privilege, exposure, ... Whatever the reason, it's > disingenuous to sweep it under the rug ("all our code is good, so we ship > it all turned on") rather than select safe defaults and let people turn on > what they need. This somewhat drops us into the "What is UNIX?" argument. I don't think you want to go there. > > Application state is not necessary for incoming connections which are > > self-identified by source and destination IP and port; the existing > > stateless firewall code can handle them completely, without introducing > > problems. > > X arguments that disable the X11 protocol over TCP will work regardless of > the configured TCP port for XFree86. Firewall rules won't. Also, > firewall rules may interfere with other applications, where X11 > configuration won't. Both have their place. I can run sendmail on another port as well. At some point, you have to accept that there are Schelling points where policy and implementation can rendesvous. It's not reasonable to argue that an external mechanism is unusable because someone *might* start X11 with a different port. They *might* start it with the argument that reenables TCP. The coupling argument you are making here is specious: the default model for firewall protection is "disable everything by default, and enable only that which is explicitly permitted". The point is that there is already a model for TCP service protection, and adding another frob on the side of each server for it really obfuscates the application of a uniform model to the problem. If we grant for a moment your argment "complexity := vulnerability", then this increase of complexity is a problem, isn't it? > > Actually, it would be more useful to concentrate on so-called "stealth > > firewall" technology, so that OS identification due to port scans, etc., > > is impossible, and so it looks as if there is no machine there > > whatsoever, if there are no services actively listening AND access is > > permitted to the source machine. > > No doubt an interesting area to explore. Mostly, it boils down to dropping packets instead of sending RSTs or ACKs. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 2:55:52 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from gate.nentec.de (gate2.nentec.de [194.25.215.66]) by hub.freebsd.org (Postfix) with ESMTP id 17F8837B41D; Wed, 24 Apr 2002 02:55:44 -0700 (PDT) Received: from nenny.nentec.de (root@nenny.nentec.de [153.92.64.1]) by gate.nentec.de (8.11.3/8.9.3) with ESMTP id g3O9sG304711; Wed, 24 Apr 2002 11:54:16 +0200 Received: from nentec.de (andromeda.nentec.de [153.92.64.34]) by nenny.nentec.de (8.11.3/8.11.3/SuSE Linux 8.11.1-0.5) with ESMTP id g3O9sEm12069; Wed, 24 Apr 2002 11:54:14 +0200 Message-ID: <3CC680C6.2020608@nentec.de> Date: Wed, 24 Apr 2002 11:54:14 +0200 From: Andy Sporner User-Agent: Mozilla/5.0 (X11; U; Linux i686; de-AT; rv:0.9.8) Gecko/20020204 X-Accept-Language: de-at, de, en, en-us MIME-Version: 1.0 To: Terry Lambert Cc: Robert Watson , "Greg 'groggy' Lehey" , Jordan Hubbard , Oscar Bonilla , Anthony Schneider , Mike Meyer , hackers@FreeBSD.ORG Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) References: <3CC67F5E.44FC802D@mindspring.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by AMaViS-perl11-milter (http://amavis.org/) Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi, I hate to jump into this fray, but if this is going to be a public thread, will everybody make the reply to the list??? :-) So far I only see Terry's emails. Thanks! Andy Terry Lambert wrote: >Robert Watson wrote: > >>On Tue, 23 Apr 2002, Terry Lambert wrote: >> >>>>The reality is that reducing exposure is an important part of any security >>>>posture. >>>> >>>This is an argument for security through obscurity. >>> >>>If we are talking risk reduction, then we can easily achieve it >>>statistically through obscurity. In fact, this is exactly what FreeBSD >>>does through its choice of TCP sequence numbers. >>> >>"Security by obscurity" refers to a behavioral phenomena in system design >>and delivery, not to a technical design principle. For example, it refers >>to using a secret algorithm, but does not refer to using a secret key with >>a published algorithm. So disabling services in a default configuration >>reduces risk by reducing exposure, but it's not security by obscurity. >> > >However, if the goal is risk reduction, then "securty by >obscurity" arguably reduces risk. > > >>When shipping third party code, or our own code, we accept that some code >>is more at risk than other code. That risk might be the result of >>complexity, privilege, exposure, ... Whatever the reason, it's >>disingenuous to sweep it under the rug ("all our code is good, so we ship >>it all turned on") rather than select safe defaults and let people turn on >>what they need. >> > >This somewhat drops us into the "What is UNIX?" argument. I >don't think you want to go there. > > >>>Application state is not necessary for incoming connections which are >>>self-identified by source and destination IP and port; the existing >>>stateless firewall code can handle them completely, without introducing >>>problems. >>> >>X arguments that disable the X11 protocol over TCP will work regardless of >>the configured TCP port for XFree86. Firewall rules won't. Also, >>firewall rules may interfere with other applications, where X11 >>configuration won't. Both have their place. >> > >I can run sendmail on another port as well. At some point, you >have to accept that there are Schelling points where policy and >implementation can rendesvous. It's not reasonable to argue that >an external mechanism is unusable because someone *might* start >X11 with a different port. They *might* start it with the argument >that reenables TCP. The coupling argument you are making here is >specious: the default model for firewall protection is "disable >everything by default, and enable only that which is explicitly >permitted". > >The point is that there is already a model for TCP service protection, >and adding another frob on the side of each server for it really >obfuscates the application of a uniform model to the problem. > >If we grant for a moment your argment "complexity := vulnerability", >then this increase of complexity is a problem, isn't it? > > >>>Actually, it would be more useful to concentrate on so-called "stealth >>>firewall" technology, so that OS identification due to port scans, etc., >>>is impossible, and so it looks as if there is no machine there >>>whatsoever, if there are no services actively listening AND access is >>>permitted to the source machine. >>> >>No doubt an interesting area to explore. >> > >Mostly, it boils down to dropping packets instead of sending RSTs >or ACKs. > >-- Terry > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-hackers" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 3:17:50 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from hawk.mail.pas.earthlink.net (hawk.mail.pas.earthlink.net [207.217.120.22]) by hub.freebsd.org (Postfix) with ESMTP id 505F437B416; Wed, 24 Apr 2002 03:17:46 -0700 (PDT) Received: from pool0066.cvx21-bradley.dialup.earthlink.net ([209.179.192.66] helo=mindspring.com) by hawk.mail.pas.earthlink.net with esmtp (Exim 3.33 #2) id 170Jpn-0000Iu-00; Wed, 24 Apr 2002 03:17:12 -0700 Message-ID: <3CC6860B.17F10FBA@mindspring.com> Date: Wed, 24 Apr 2002 03:16:43 -0700 From: Terry Lambert X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Robert Watson Cc: Greg 'groggy' Lehey , Jordan Hubbard , Oscar Bonilla , Anthony Schneider , Mike Meyer , hackers@FreeBSD.org Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Robert Watson wrote: > On Wed, 24 Apr 2002, Greg 'groggy' Lehey wrote: > > I think the issue is POLA. Sure, we can put in individual knobs to > > twiddle, but who will do that? I thought that securelevel would have > > been a suitable solution to say "I want approximately *this* much > > security". If that's not the case, then we need a few generic > > statements which can then be further refined. > > FWIW, the place where this should really go is the X11 configuration tool > -- if we extend the configurability of an application, the confuration > twiddles for that should live (and be documented) in the normal places for > that application, and not have any hooks of this sort in the base system. I really disagree with this. It's not an application level issue, it's a protocol level issue, and the knobs belong in the firewall management code, not in the per application code. It's really ridiculous that you can not set a policy for, for example, SMTP port exposure, unless you were to choose a particular MTA implementation, and set the policy in a per MTA configuration specific way. The X11 we are talking about here is not "the default X11", which is a set of distfiles, but a "ports" X11, which is not, but which is likely to be the basis of future distfiles. So we are really talking about an alternate set of code to provide or not provide the TCP "X11 display service". The thing that offended the hell out of everyone way that the decision was made for the future distfiles release (which is used by practically everyone) by sneaking it in the ports back door (which is used by practically no one), which, when viewed disparagingly, looks like an attempt to "pull a fast one". The policy and implementation *must* be seperated. > BTW, one really good reason not to tie securelevel and X11 behavior is > that securelevels (when high) specifically break X11, and likewise, other > management functionality that you might want to use with X11. Overloading > twiddles in this manner is a bad thing :-). THis is an implementation detail. Going to the GGI code for the FreeBSD console eliminates this breakage, by eliminating the need for the X11 server to obtain priviledges to access the hardware I/O and memory space without going through a non-data interface kernel abstraction. It's really not a fair comparison here, to point at secure level interference with X11 services, which are a result of a bad implementation choice. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 3:31:40 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from falcon.prod.itd.earthlink.net (falcon.mail.pas.earthlink.net [207.217.120.74]) by hub.freebsd.org (Postfix) with ESMTP id AE49337B417; Wed, 24 Apr 2002 03:31:35 -0700 (PDT) Received: from pool0066.cvx21-bradley.dialup.earthlink.net ([209.179.192.66] helo=mindspring.com) by falcon.prod.itd.earthlink.net with esmtp (Exim 3.33 #2) id 170K2H-0007It-00; Wed, 24 Apr 2002 03:30:05 -0700 Message-ID: <3CC68910.453A3865@mindspring.com> Date: Wed, 24 Apr 2002 03:29:36 -0700 From: Terry Lambert X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: David Schultz Cc: Jochem Kossen , frank@exit.com, Greg 'groggy' Lehey , hackers@FreeBSD.ORG Subject: Re: Security through obscurity? (and /etc/defaults/rc.conf changes) References: <200204231454.g3NEsxFR019646@realtime.exit.com> <200204231839.44923.j.kossen@home.nl> <3CC5A7DC.FD06DC11@mindspring.com> <20020423222357.D3593@HAL9000.wox.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG David Schultz wrote: > Aah...we'd better put uucp back in the base system, then. Never mind > that it might have security problems that we don't know about. :P I can guarantee you that having a computer booted has security problems that we don't know about, so the logical thing to do, from that persepective, is to power everything off. 8^p back at ya... -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 4: 0:18 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from rwcrmhc54.attbi.com (rwcrmhc54.attbi.com [216.148.227.87]) by hub.freebsd.org (Postfix) with ESMTP id 84DF337B41A; Wed, 24 Apr 2002 04:00:13 -0700 (PDT) Received: from InterJet.elischer.org ([12.232.206.8]) by rwcrmhc54.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020424110013.FABC19669.rwcrmhc54.attbi.com@InterJet.elischer.org>; Wed, 24 Apr 2002 11:00:13 +0000 Received: from localhost (localhost.elischer.org [127.0.0.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id DAA36690; Wed, 24 Apr 2002 03:48:37 -0700 (PDT) Date: Wed, 24 Apr 2002 03:48:36 -0700 (PDT) From: Julian Elischer To: ports@freebsd.org, hackers@freebsd.org Cc: cvs@freebsd.org Subject: HOLY COW! Ports grew by 130MB! Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hey can whoever did the repo copy in the Misc/kde3 stuff blease shoot it? You have just increased the size of the repo tree by 130MB I know that it's normally bad to back out a repo copy but THIS IS RIDCULOUS! I'm here in Australia on the end of a 28.8 (at best) modem link I was wondering why cvsup never finished! 42(!) copies of the same repo-copied stuff is a few too many times considering that each is 3MBytes long! Please remove these files AND THEIR ,v versions and replace them by the 20 KB version that you really need! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 5:22:44 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from HAL9000.wox.org (12-232-222-90.client.attbi.com [12.232.222.90]) by hub.freebsd.org (Postfix) with ESMTP id 4C22C37B421; Wed, 24 Apr 2002 05:22:39 -0700 (PDT) Received: (from das@localhost) by HAL9000.wox.org (8.11.6/8.11.6) id g3OCLnY05353; Wed, 24 Apr 2002 05:21:49 -0700 (PDT) (envelope-from das) Date: Wed, 24 Apr 2002 05:21:49 -0700 From: David Schultz To: Terry Lambert Cc: Jochem Kossen , frank@exit.com, "Greg 'groggy' Lehey" , hackers@FreeBSD.ORG Subject: Re: Security through obscurity? (and /etc/defaults/rc.conf changes) Message-ID: <20020424052149.A5289@HAL9000.wox.org> Mail-Followup-To: Terry Lambert , Jochem Kossen , frank@exit.com, Greg 'groggy' Lehey , hackers@FreeBSD.ORG References: <200204231454.g3NEsxFR019646@realtime.exit.com> <200204231839.44923.j.kossen@home.nl> <3CC5A7DC.FD06DC11@mindspring.com> <20020423222357.D3593@HAL9000.wox.org> <3CC68910.453A3865@mindspring.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3CC68910.453A3865@mindspring.com>; from tlambert2@mindspring.com on Wed, Apr 24, 2002 at 03:29:36AM -0700 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Thus spake Terry Lambert : > David Schultz wrote: > > Aah...we'd better put uucp back in the base system, then. Never mind > > that it might have security problems that we don't know about. :P > > I can guarantee you that having a computer booted has security > problems that we don't know about, so the logical thing to do, > from that persepective, is to power everything off. > > 8^p back at ya... That would, of course, be impractical. If you want to take everything to extremes, the other option is to ignore security entirely. Statistically, it makes sense not to leave potentially insecure fluff lying around unless removing the fluff would be vastly inconvenient. The whole business of what is enabled by default is of particular concern because many FreeBSD users are not Unix gurus. You learned Unix before security was a major concern, but many people don't have that advantage. The defaults should afford a reasonable degree of security, and people should be able to turn on other features as they begin to understand them. I am not proposing to create a system that is virtually unusable by default, a la OpenBSD, but it is not unreasonable to disable by default a feature that most people do not use. People who want and understand the feature can turn it on easily enough. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 5:29:33 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by hub.freebsd.org (Postfix) with ESMTP id BAC0337B41A; Wed, 24 Apr 2002 05:29:28 -0700 (PDT) Received: from madman.nectar.cc (madman.nectar.cc [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id 16766F; Wed, 24 Apr 2002 07:27:59 -0500 (CDT) Received: from madman.nectar.cc (localhost [IPv6:::1]) by madman.nectar.cc (8.12.3/8.11.6) with ESMTP id g3OCRwFM043146; Wed, 24 Apr 2002 07:27:58 -0500 (CDT) (envelope-from nectar@madman.nectar.cc) Received: (from nectar@localhost) by madman.nectar.cc (8.12.3/8.12.3/Submit) id g3OCRtRS043145; Wed, 24 Apr 2002 07:27:55 -0500 (CDT) Date: Wed, 24 Apr 2002 07:27:55 -0500 From: "Jacques A. Vidrine" To: "Greg 'groggy' Lehey" Cc: Robert Watson , Jordan Hubbard , Oscar Bonilla , Anthony Schneider , Mike Meyer , hackers@FreeBSD.org Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) Message-ID: <20020424122754.GC42969@madman.nectar.cc> References: <20020423131646.I6425@wantadilla.lemis.com> <20020424090655.O6425@wantadilla.lemis.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020424090655.O6425@wantadilla.lemis.com> User-Agent: Mutt/1.3.28i X-Url: http://www.nectar.cc/ Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, Apr 24, 2002 at 09:06:55AM +0930, Greg 'groggy' Lehey wrote: > I think the issue here is that individuals make this kind of decision. > We need a broader consensus for this kind of change. As Jochem points > out, only 3 people were involved in the decision, all of them people > with security profiles which weren't affected by this change. What, he should have gotten 30 reviewers? I think what is happening here is exactly what should happen: it seems like a good idea to one guy; he implements it. He shows it to a few more folks; they think it is a good idea, too. It gets committed, and the majority of people either don't notice it or believe it is a good feature. But the majority doesn't rule. The feature sits in the tree and maybe people run into problems with it. If so, it gets fine tuned or backed out. I think this is what is supposed to happen. For my part, I would like to see the change backed out and rethought. I like having the X server not doing TCP by default, but this change loses because: = It breaks existing configurations with no warning. = The option is in the wrong place (startx) and there is apparently no way to override the default. I think it would be better to just put `-nolisten tcp' in /usr/X11R6/lib/X11/xinit/xserverrc for new installations only. Then the system administrator could easily override it for all users; and at least a user can override it for herself. Disclosure: I'm unhappy that after upgrading my laptop yesterday, I found I couldn't run `x2x', and had to restart my X session to remedy the problem. All my X traffic uses IPsec --- there's no need to bring up SSH. Cheers, -- Jacques A. Vidrine http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 6:44:32 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from duke.cs.duke.edu (duke.cs.duke.edu [152.3.140.1]) by hub.freebsd.org (Postfix) with ESMTP id 1608B37B421; Wed, 24 Apr 2002 06:44:21 -0700 (PDT) Received: from grasshopper.cs.duke.edu (grasshopper.cs.duke.edu [152.3.145.30]) by duke.cs.duke.edu (8.9.3/8.9.3) with ESMTP id JAA20625; Wed, 24 Apr 2002 09:41:58 -0400 (EDT) Received: (from gallatin@localhost) by grasshopper.cs.duke.edu (8.11.6/8.9.1) id g3ODfSq92825; Wed, 24 Apr 2002 09:41:28 -0400 (EDT) (envelope-from gallatin@cs.duke.edu) From: Andrew Gallatin MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15558.46600.351433.784766@grasshopper.cs.duke.edu> Date: Wed, 24 Apr 2002 09:41:28 -0400 (EDT) To: Kenneth Culver Cc: freebsd-hackers@freebsd.org, Subject: Re: implementing linux mmap2 syscall In-Reply-To: <20020423181748.W31638-100000@alpha.yumyumyum.org> References: <15557.27747.802212.659760@grasshopper.cs.duke.edu> <20020423181748.W31638-100000@alpha.yumyumyum.org> X-Mailer: VM 6.75 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Kenneth Culver writes: > OK, I THINK I found what calls the actual kernel syscall handler, and > sets it's args first, but I'm not sure: > > from linux_locore.s > > NON_GPROF_ENTRY(linux_sigcode) <...> > Does anyone who actually knows assembly have any ideas? This is the linux sigtramp, or signal trampoline. It is used to wrap a signal handler. Eg, the kernel "calls" it (by returning to it) when it delivers a signal. It calls the apps signal handler. When the handler returns, it calls the linux sigreturn system call. This has essentially nothing to do with system calls. The system call entry point on x86 is int0x80_syscall, which is labled: /* * Call gate entry for FreeBSD ELF and Linux/NetBSD syscall (int 0x80) <..> This then calls syscall2(), which calls the linux prepsyscall. Maybe the argument isn't where you expect it to be, but is there. Can you make a test program which calls mmap2 with its 6th arg as something unique like 0xdeadbeef? Then print out (in hex :) the trapframe from the linux prepsyscall routine & see if you can find the deadbeef. Drew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 6:53: 2 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from energyhq.homeip.net (213-97-200-73.uc.nombres.ttd.es [213.97.200.73]) by hub.freebsd.org (Postfix) with ESMTP id 4DDDC37B417 for ; Wed, 24 Apr 2002 06:52:57 -0700 (PDT) Received: by energyhq.homeip.net (Postfix, from userid 1001) id 6033A3FCBF; Wed, 24 Apr 2002 15:52:18 +0200 (CEST) Date: Wed, 24 Apr 2002 15:52:18 +0200 From: Miguel Mendez To: freebsd-hackers@freebsd.org Subject: graphical frontend for vinum Message-ID: <20020424155218.B71155@energyhq.homeip.net> Mail-Followup-To: freebsd-hackers@freebsd.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="5I6of5zJg18YgZEa" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --5I6of5zJg18YgZEa Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi hackers, After gainning some knowledge of UI coding when doing thefish, I've thought of making a graphical tool for vinum. I've just installed 5.0-DP1 on my main box and took the opportunity to use vinum for the first time, and I must say, after having worked with Veritas VM, that I *love* it. So, what do you guys think. I was thinking, these Solaris guys have the graphical frontend for Veritas Volume Manager, why not us FreeBSD users for Vinum? So far, I find it to be an excellent product (thanks for making it Greg) and would be really pleased to make a GTK/ncurses frontend for it. Any wishes/suggestions/ideas for it? So far people have liked The Fish (much more than I have initially hoped btw). I think having a nice interface for vinum would be nice. Cheers, --=20 Miguel Mendez - flynn@energyhq.homeip.net GPG Public Key :: http://energyhq.homeip.net/files/pubkey.txt EnergyHQ :: http://www.energyhq.tk FreeBSD - The power to serve! --5I6of5zJg18YgZEa Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8xriSnLctrNyFFPERAkAoAJ4564hu0/KxEpIRA0PSSOEYv2IAxQCfXPSt ptREneZ7e3rDR1bnQkzRzMw= =wZIq -----END PGP SIGNATURE----- --5I6of5zJg18YgZEa-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 7: 7:12 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from yello.shallow.net (yello.shallow.net [203.18.243.120]) by hub.freebsd.org (Postfix) with ESMTP id 7D7C337B400 for ; Wed, 24 Apr 2002 07:07:07 -0700 (PDT) Received: by yello.shallow.net (Postfix, from userid 1001) id EA70B2A73; Thu, 25 Apr 2002 00:05:29 +1000 (EST) Date: Thu, 25 Apr 2002 00:05:29 +1000 From: Joshua Goodall To: Miguel Mendez Cc: freebsd-hackers@freebsd.org Subject: Re: graphical frontend for vinum Message-ID: <20020424140529.GD86692@roughtrade.net> References: <20020424155218.B71155@energyhq.homeip.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020424155218.B71155@energyhq.homeip.net> User-Agent: Mutt/1.3.28i Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, Apr 24, 2002 at 03:52:18PM +0200, Miguel Mendez wrote: > Hi hackers, > > After gainning some knowledge of UI coding when doing thefish, I've > thought of making a graphical tool for vinum. I've just installed > 5.0-DP1 on my main box and took the opportunity to use vinum for the > first time, and I must say, after having worked with Veritas VM, that I > *love* it. So, what do you guys think. I was thinking, these Solaris > guys have the graphical frontend for Veritas Volume Manager, why not us > FreeBSD users for Vinum? So far, I find it to be an excellent product > (thanks for making it Greg) and would be really pleased to make a > GTK/ncurses frontend for it. Any wishes/suggestions/ideas for it? However you present the UI, when it comes to making changes, please have it queue up the actual commands which are then visible to the sysadmin for approval, backout, single-stepping, recording etc. Way too many graphical management tools have been corrupted by the microsoft control panel &c. Joshua To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 7:11:22 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from tao.org.uk (genius.tao.org.uk [212.135.162.51]) by hub.freebsd.org (Postfix) with ESMTP id F40D937B405 for ; Wed, 24 Apr 2002 07:11:08 -0700 (PDT) Received: by tao.org.uk (Postfix, from userid 100) id D88FBD5; Wed, 24 Apr 2002 15:01:31 +0100 (BST) Date: Wed, 24 Apr 2002 15:01:31 +0100 From: Josef Karthauser To: Julian Elischer Cc: hackers@freebsd.org Subject: Re: HOLY COW! Ports grew by 130MB! Message-ID: <20020424140131.GD5777@genius.tao.org.uk> References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="JcvBIhDvR6w3jUPA" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.28i Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --JcvBIhDvR6w3jUPA Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Apr 24, 2002 at 03:48:36AM -0700, Julian Elischer wrote: >=20 >=20 > Hey can whoever did the repo copy in the Misc/kde3 stuff blease > shoot it? >=20 > You have just increased the size of the repo tree by 130MB > I know that it's normally bad to back out a repo copy > but THIS IS RIDCULOUS! >=20 This was an oversight, and has now been fixed. Sorry for the waste of bandwidth! My fault. Joe --JcvBIhDvR6w3jUPA Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iEUEARECAAYFAjzGursACgkQXVIcjOaxUBasEACWKMJjgGZr2Xtco8rj+c7g/rgp hQCeImqeDvhFfXhY+ijZphK+h//U1e0= =6QM4 -----END PGP SIGNATURE----- --JcvBIhDvR6w3jUPA-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 7:17:38 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from energyhq.homeip.net (213-97-200-73.uc.nombres.ttd.es [213.97.200.73]) by hub.freebsd.org (Postfix) with ESMTP id 253A637B41D for ; Wed, 24 Apr 2002 07:17:31 -0700 (PDT) Received: by energyhq.homeip.net (Postfix, from userid 1001) id 52EDB3FCBF; Wed, 24 Apr 2002 16:14:44 +0200 (CEST) Date: Wed, 24 Apr 2002 16:14:44 +0200 From: Miguel Mendez To: Joshua Goodall Cc: freebsd-hackers@freebsd.org Subject: Re: graphical frontend for vinum Message-ID: <20020424161444.A71321@energyhq.homeip.net> Mail-Followup-To: Joshua Goodall , freebsd-hackers@freebsd.org References: <20020424155218.B71155@energyhq.homeip.net> <20020424140529.GD86692@roughtrade.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="T4sUOijqQbZv57TR" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020424140529.GD86692@roughtrade.net>; from joshua@roughtrade.net on Thu, Apr 25, 2002 at 12:05:29AM +1000 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --T4sUOijqQbZv57TR Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Apr 25, 2002 at 12:05:29AM +1000, Joshua Goodall wrote: > On Wed, Apr 24, 2002 at 03:52:18PM +0200, Miguel Mendez wrote: > However you present the UI, when it comes to making changes, please > have it queue up the actual commands which are then visible to the > sysadmin for approval, backout, single-stepping, recording etc. > Way too many graphical management tools have been corrupted by the > microsoft control panel &c. Well, if you've used recent versions of the veritas volume manager fronted you'll notice that they give the cli command output in a window, that's what I intend to do. Cheers, --=20 Miguel Mendez - flynn@energyhq.homeip.net GPG Public Key :: http://energyhq.homeip.net/files/pubkey.txt EnergyHQ :: http://www.energyhq.tk FreeBSD - The power to serve! --T4sUOijqQbZv57TR Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8xr3UnLctrNyFFPERApZkAJ9JU63hMEm8sDcY+nbZOnTvL6m6YQCeJ3A8 uSRIu7FnC1YjNUcIOKRpXeU= =TA6G -----END PGP SIGNATURE----- --T4sUOijqQbZv57TR-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 7:18:43 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.86.163]) by hub.freebsd.org (Postfix) with ESMTP id D307337B419 for ; Wed, 24 Apr 2002 07:18:36 -0700 (PDT) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.12.2/8.12.2) with ESMTP id g3OEG0Hx006038; Wed, 24 Apr 2002 16:16:00 +0200 (CEST) (envelope-from phk@critter.freebsd.dk) To: Joshua Goodall Cc: Miguel Mendez , freebsd-hackers@FreeBSD.ORG Subject: Re: graphical frontend for vinum In-Reply-To: Your message of "Thu, 25 Apr 2002 00:05:29 +1000." <20020424140529.GD86692@roughtrade.net> Date: Wed, 24 Apr 2002 16:16:00 +0200 Message-ID: <6037.1019657760@critter.freebsd.dk> From: Poul-Henning Kamp Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG >On Wed, Apr 24, 2002 at 03:52:18PM +0200, Miguel Mendez wrote: >> Hi hackers, >> >> After gainning some knowledge of UI coding when doing thefish, I've >> thought of making a graphical tool for vinum. I've just installed >> 5.0-DP1 on my main box and took the opportunity to use vinum for the >> first time, and I must say, after having worked with Veritas VM, that I >> *love* it. So, what do you guys think. I was thinking, these Solaris >> guys have the graphical frontend for Veritas Volume Manager, why not us >> FreeBSD users for Vinum? So far, I find it to be an excellent product >> (thanks for making it Greg) and would be really pleased to make a >> GTK/ncurses frontend for it. Any wishes/suggestions/ideas for it? You might want to generalize things a bit and make a graphical GUI for GEOM instead. Eventually vinum will either be absorbed into GEOM as one class or (better) be implemented with a set of simple classes in GEOM. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 7:20: 0 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mail.speakeasy.net (mail16.speakeasy.net [216.254.0.216]) by hub.freebsd.org (Postfix) with ESMTP id 9033937B416 for ; Wed, 24 Apr 2002 07:19:51 -0700 (PDT) Received: (qmail 31428 invoked from network); 24 Apr 2002 14:18:47 -0000 Received: from unknown (HELO server.baldwin.cx) ([216.27.160.63]) (envelope-sender ) by mail16.speakeasy.net (qmail-ldap-1.03) with DES-CBC3-SHA encrypted SMTP for ; 24 Apr 2002 14:18:47 -0000 Received: from laptop.baldwin.cx (gw1.twc.weather.com [216.133.140.1]) by server.baldwin.cx (8.11.6/8.11.6) with ESMTP id g3OEIkv06703; Wed, 24 Apr 2002 10:18:46 -0400 (EDT) (envelope-from jhb@FreeBSD.org) Message-ID: X-Mailer: XFMail 1.5.2 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: Date: Wed, 24 Apr 2002 10:17:55 -0400 (EDT) From: John Baldwin To: Matthew Jacob Subject: RE: mutex owned stuff fallible? Cc: hackers@FreeBSD.ORG Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 24-Apr-2002 Matthew Jacob wrote: > > This is a recent i386 SMP kernel: > > > panic: mutex isp not owned at ../../../kern/kern_synch.c:449 > cpuid = 0; lapic.id = 00000000 > Debugger("panic") > Stopped at Debugger+0x41: xorl %eax,%eax > db> > db> t > Debugger(c031189a) at Debugger+0x41 > panic(c0310ae8,c030470d,c0312018,1c1,d2d08438) at panic+0xd8 > _mtx_assert(d2d0843c,9,c0312018,1c1,69) at _mtx_assert+0x59 > msleep(d2d08438,d2d0843c,4c,c0301260,7d0) at msleep+0x157 > isp_mboxcmd(d2d08400,d2d19c04,f,d07dee8,0) at isp_mboxcmd+0x19c > isp_fw_state(d2d08400,d2d19c54,d2d08400,d2d09000,d2d08400) at > isp_fw_state+0x2b > isp_fclink_test(d2d08400,1e8480,d2d08400,d2d09000,d2d0843c) at > isp_fclink_test+0x5d > isp_control(d2d08400,4,d2d19d18) at isp_control+0x28b > isp_kthread(d2d08400,d2d19d48,d2d02a3c,c017b25c,0) at isp_kthread+0x6d > fork_exit(c017b25c,d2d08400,d2d19d48) at fork_exit+0x88 > fork_trampoline() at fork_trampoline+0x37 Is this code that is checked into the tree? If so I can't see where isp_kthread() calls isp_control(). mtx_owned() should always work. If we own the lock then we were the last to write to it, so the value in our cache can't be stale (at least, not the thread value, the contested bit could be set by another CPU, but we mask off that bit when reading the owner, so it's value doesn't matter). If we don't own the lock, it's value but we don't care so long as we don't get a false positive. Since we would have to write out the unowned cookie before another lock could grab it though, we would at least have a value that up to date, so we wouldn't read a stale value that had us owning the lock when we didn't. > Examination of the code path shows to me that this has been what it has been > for months- isp_lock is grabbed at the top of isp_kthread- various cv_wait && > msleeps *should* assure it's still grabbed at the point in time it calls the > inline isp_fc_runstate which then calls isp_control...isp_mboxcmd...where > isp_mboxcmd calls msleep with isp_lock as the (should be still > owned) argument. What is the output of 'show locks' from ddb? (You need witness for it to work.) > WTF, O? > > -matt -- John Baldwin <>< http://www.FreeBSD.org/~jhb/ "Power Users Use the Power to Serve!" - http://www.FreeBSD.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 7:25: 0 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from gate.nentec.de (gate2.nentec.de [194.25.215.66]) by hub.freebsd.org (Postfix) with ESMTP id 25E9037B41D for ; Wed, 24 Apr 2002 07:24:55 -0700 (PDT) Received: from nenny.nentec.de (root@nenny.nentec.de [153.92.64.1]) by gate.nentec.de (8.11.3/8.9.3) with ESMTP id g3OEMV315473; Wed, 24 Apr 2002 16:22:31 +0200 Received: from nentec.de (andromeda.nentec.de [153.92.64.34]) by nenny.nentec.de (8.11.3/8.11.3/SuSE Linux 8.11.1-0.5) with ESMTP id g3OEMSm25213; Wed, 24 Apr 2002 16:22:28 +0200 Message-ID: <3CC6BFA4.8080005@nentec.de> Date: Wed, 24 Apr 2002 16:22:28 +0200 From: Andy Sporner User-Agent: Mozilla/5.0 (X11; U; Linux i686; de-AT; rv:0.9.8) Gecko/20020204 X-Accept-Language: de-at, de, en, en-us MIME-Version: 1.0 To: Miguel Mendez Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: graphical frontend for vinum (The Name Game) References: <20020424155218.B71155@energyhq.homeip.net> <20020424140529.GD86692@roughtrade.net> <20020424161444.A71321@energyhq.homeip.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by AMaViS-perl11-milter (http://amavis.org/) Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi, Some time ago you were looking for a name for "the Fish". Since your work now is including VINUM, perhaps a name would be better "xsysconfig" or "xsysadm" Since the Vinum stuff follows a similar paradyme as I had to solve with my cluster failover stuff. You might want to look at my UI. It features a drag and drop interface. I would think such a thing would be a nice plus for doing Vinum work. Here is the URL: http://www.sporner.com/bsdclusters (go to the download section). I have been promising an update for months. Please be patient! :-) Learning a new language, and handling a full time job doesn't leave much leftover bandwidth for these fun things, however it would be nice to find volunteers to help ;-) Andy To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 7:37:41 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.86.163]) by hub.freebsd.org (Postfix) with ESMTP id 4723937B41A for ; Wed, 24 Apr 2002 07:37:36 -0700 (PDT) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.12.2/8.12.2) with ESMTP id g3OEPAHx006370; Wed, 24 Apr 2002 16:25:10 +0200 (CEST) (envelope-from phk@critter.freebsd.dk) To: Miguel Mendez Cc: Joshua Goodall , freebsd-hackers@FreeBSD.ORG Subject: Re: graphical frontend for vinum In-Reply-To: Your message of "Wed, 24 Apr 2002 16:14:44 +0200." <20020424161444.A71321@energyhq.homeip.net> Date: Wed, 24 Apr 2002 16:25:10 +0200 Message-ID: <6369.1019658310@critter.freebsd.dk> From: Poul-Henning Kamp Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In message <20020424161444.A71321@energyhq.homeip.net>, Miguel Mendez writes: >Well, if you've used recent versions of the veritas volume manager >fronted you'll notice that they give the cli command output in a window, >that's what I intend to do. They did that in 1994... -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 7:44:13 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from pacbell.net (adsl-63-199-179-203.dsl.snfc21.pacbell.net [63.199.179.203]) by hub.freebsd.org (Postfix) with ESMTP id 6A66F37B41E for ; Wed, 24 Apr 2002 07:44:00 -0700 (PDT) Received: (from paleph@localhost) by pacbell.net (8.11.0/8.9.3) id g3OEEhB02234 for freebsd-hackers@Freebsd.org; Wed, 24 Apr 2002 07:14:43 -0700 From: paleph@pacbell.net Message-Id: <200204241414.g3OEEhB02234@pacbell.net> Subject: question on use of kernel memory allocation routines To: freebsd-hackers@Freebsd.org Date: Wed, 24 Apr 2002 07:14:42 -0700 (PDT) X-Mailer: ELM [version 2.5 PL3] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I have a few questions on the kernel memory allocation available in the FreeBSD kernel and also on the process of adding new system calls. I working on adding an audit subsystem to the kernel to support C2 auditing. I have two questions: -------------------------------- 1. What is the correct (standard) way to add a new system call to the kernel so it will be compatible with 4.* and 5.* ? -------------------------------- 2. I notice a large number of memory allocation routines that are used through out the kernel. I tried looking at the FreeBSD archives and also did a google search to see what I could find about their semantics. I did not have very good success. The kernel file comments with these interfaces were not very helpful in determining when they should be used. Is there any documentation on them and when they should be used. I could probably get away with just using malloc() and free(), however it would be nice to understand what these memory allocation functions do in case they are more appropriate. ======== taken from vm/vm_kern.c ======== vm_offset_t kmem_alloc_pageable(map, size) vm_offset_t kmem_alloc_nofault(map, size) vm_offset_t kmem_alloc(map, size) void kmem_free(map, addr, size) vm_map_t kmem_suballoc(parent, min, max, size) vm_offset_t kmem_malloc(map, size, flags) vm_offset_t kmem_alloc_wait(map, size) void kmem_free_wakeup(map, addr, size) void kmem_init(start, end) vm_offset_t start, end; ======= taken from kern/kern_malloc.c ====== void * malloc(size, type, flags) void free(addr, type) ---------------------------------- Any help or pointers to documentation is appreciated Paul Fronberg paleph@pacbell.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 8:27:53 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from energyhq.homeip.net (213-97-200-73.uc.nombres.ttd.es [213.97.200.73]) by hub.freebsd.org (Postfix) with ESMTP id 4363A37B405 for ; Wed, 24 Apr 2002 08:27:41 -0700 (PDT) Received: by energyhq.homeip.net (Postfix, from userid 1001) id 856CE3FCBF; Wed, 24 Apr 2002 17:26:22 +0200 (CEST) Date: Wed, 24 Apr 2002 17:26:22 +0200 From: Miguel Mendez To: Poul-Henning Kamp Cc: Joshua Goodall , freebsd-hackers@FreeBSD.ORG Subject: Re: graphical frontend for vinum Message-ID: <20020424172622.A71820@energyhq.homeip.net> Mail-Followup-To: Poul-Henning Kamp , Joshua Goodall , freebsd-hackers@FreeBSD.ORG References: <20020424140529.GD86692@roughtrade.net> <6037.1019657760@critter.freebsd.dk> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="n8g4imXOkfNTN/H1" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <6037.1019657760@critter.freebsd.dk>; from phk@critter.freebsd.dk on Wed, Apr 24, 2002 at 04:16:00PM +0200 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --n8g4imXOkfNTN/H1 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Apr 24, 2002 at 04:16:00PM +0200, Poul-Henning Kamp wrote: Hi, > You might want to generalize things a bit and make a graphical GUI > for GEOM instead. Eventually vinum will either be absorbed into > GEOM as one class or (better) be implemented with a set of simple > classes in GEOM. Excellent idea Poul, I'm currently gathering info on GEOM and I think that's the way to go. Btw, yeah, the Veritas people introduced console logging long time ago, I just haven't used vxvm for that long :) Cheers, --=20 Miguel Mendez - flynn@energyhq.homeip.net GPG Public Key :: http://energyhq.homeip.net/files/pubkey.txt EnergyHQ :: http://www.energyhq.tk FreeBSD - The power to serve! --n8g4imXOkfNTN/H1 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8xs6enLctrNyFFPERAtJ2AJ9XC6AJrMRi+nZh7oGG1HE+h8bavACeKPH1 51PLLLjY9+k2GbUcBop/ijY= =H5qo -----END PGP SIGNATURE----- --n8g4imXOkfNTN/H1-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 8:31: 1 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mail1.qc.uunet.ca (mail1.qc.uunet.ca [198.168.54.16]) by hub.freebsd.org (Postfix) with ESMTP id 1282037B41C; Wed, 24 Apr 2002 08:30:01 -0700 (PDT) Received: from Xtanbul ([216.94.147.34]) by mail1.qc.uunet.ca (8.10.2/8.10.2) with ESMTP id g3OFT9j07513; Wed, 24 Apr 2002 11:29:10 -0400 Date: Wed, 24 Apr 2002 11:21:29 -0400 Mime-Version: 1.0 (Apple Message framework v481) Cc: The Anarcat , freebsd-libh@FreeBSD.org Message-Id: In-Reply-To: <15558.52046.142372.646281@guru.mired.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Subject: Re: packaging base From: Antoine Beaupre Content-Transfer-Encoding: quoted-printable To: hackers@FreeBSD.org X-Mailer: Apple Mail (2.481) Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Le Mercredi 24 avril 2002, =E0 11:12 , Mike Meyer a =E9crit : > [Replies have been pointed to -hackers to get this off of -stable.] [taken to libh] > In <20020424121651.GA317@lenny.anarcat.dyndns.org>, The Anarcat=20 > typed: >> On Wed Apr 24, 2002 at 12:17:37AM -0500, Mike Meyer wrote: >>> In <20020424050711.GC973@lenny.anarcat.dyndns.org>, The Anarcat=20 >>> typed: >>> That one's not the problem. The problem is catting together many >>> *floppies* to get a package prior to actually installing it. That's >>> not quite so simple. >> I could see a simple shell script deal with that. I think it is quite >> simple. > > Your simple shell script has to prompt for floppies. That needs UI > code. The people who know have decided that the current UI code isn't > up to snuff. Hence libh. Come on.. The current package system and sysinstall are quite good at=20 prompting for a simple yes/no question. The issue is really not there, I=20= think. Libh is developping a UI, fine. But we need to develop a way to package=20= base efficiently. >>>> But guess what: libh won't get through if it's not a drop-in >>>> replacement for sysinstall. >>> What makes you say that? >> FUD. Documentation is written for sysinstall and everyone's used to >> it. > > Considering that the installation process is the one that generates > the most complaints/suggestions/etc., changing it is certainly a > must. Yes, we'll need new documentation. I believe there are plans to > have them both available for a while. But making it a drop-in would > defeat one of the reasons for rewriting it. I originally agreed with you, but I met some resistance in trying to=20 convince people so. >>>> In other words, libh doesn't know about the ports collection or >>>> /usr/src yet, and I don't think it's going to change soon. >>> Yes, but it will change eventually. >> I hope not. I prefer keeping the package management system seperate >> from the source management system. > > Wait - source management? What does libh or sysinstall have to do with > source management, beyond installing the source in the first > place. Ideally, you want that to be just another package. Well, that's what I'm saying: libh or sysinstall shouldn't have anything=20= to do with source management. :) I'm concerned with getting base packaged. It shouldn't be too hard to=20 package base in either libh or classic pkgtools once the framework is in=20= place. I'm concerned that since libh doesn't currently aim at handling the=20 current bin.xx brute-force system, it will need base to be packaged in=20= order to install a running system. And libh will meet resistance not only from being a brand new system,=20 but also at trying to package base, which will break havoc among=20 developpers. That's why I think the libh vs sysinstall and bin.xx vs base.tgz issues=20= must be separated. >>> And yes, it's going to require rewriting the package format to deal >>> with the issues needed for working on the base system. >> I don't think you have proved that point. > > You're right, I haven't. I've been resorting to argument by authority, > which isn't proof. However, I tend to believe the original author of a > software when he says that something needs to be done a specific way > to change that system. If you want to argue with the author, jkh's > address is well-known. I am not sure jkh would say that libh was written to repackage the base=20= system. It seemed kind of implicit in the design documents, wasn't it? A. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 8:34: 0 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from ece.cmu.edu (ECE.CMU.EDU [128.2.136.200]) by hub.freebsd.org (Postfix) with ESMTP id 9679237B4A5; Wed, 24 Apr 2002 08:31:51 -0700 (PDT) Received: from pyanfar.ece.cmu.edu (allbery@PYANFAR.ECE.CMU.EDU [128.2.136.40]) (authenticated) by ece.cmu.edu (8.11.0/8.10.2) with ESMTP id g3OFV9w21160; Wed, 24 Apr 2002 11:31:09 -0400 (EDT) Subject: Re: implementing linux mmap2 syscall From: Brandon S Allbery KF8NH To: Andrew Gallatin Cc: Kenneth Culver , freebsd-hackers@FreeBSD.ORG, FreeBSD-CURRENT List In-Reply-To: <15558.46600.351433.784766@grasshopper.cs.duke.edu> References: <15557.27747.802212.659760@grasshopper.cs.duke.edu> <20020423181748.W31638-100000@alpha.yumyumyum.org> <15558.46600.351433.784766@grasshopper.cs.duke.edu> Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Ximian Evolution 1.0.3 Date: 24 Apr 2002 12:31:08 -0300 Message-Id: <1019662269.6094.1.camel@pyanfar.ece.cmu.edu> Mime-Version: 1.0 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, 2002-04-24 at 10:41, Andrew Gallatin wrote: > Maybe the argument isn't where you expect it to be, but is there. > Can you make a test program which calls mmap2 with its 6th arg as > something unique like 0xdeadbeef? Then print out (in hex :) the trapframe > from the linux prepsyscall routine & see if you can find the deadbeef. My recollection is that beyond 5 arguments, a pointer to the remaining ones is passed. (But my recollection may be wrong and I don't wish to subject myself to the source cesspool at the moment....) -- brandon s. allbery [os/2][linux][solaris][japh] allbery@kf8nh.apk.net system administrator [WAY too many hats] allbery@ece.cmu.edu electrical and computer engineering KF8NH carnegie mellon university ["better check the oblivious first" -ke6sls] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 8:35:12 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mired.org (dsl-64-192-6-133.telocity.com [64.192.6.133]) by hub.freebsd.org (Postfix) with SMTP id A2B3137B500 for ; Wed, 24 Apr 2002 08:32:55 -0700 (PDT) Received: (qmail 55469 invoked by uid 100); 24 Apr 2002 15:12:15 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15558.52046.142372.646281@guru.mired.org> Date: Wed, 24 Apr 2002 10:12:14 -0500 To: The Anarcat Cc: freebsd-stable@freebsd.org, hackers@freebsd.org Reply-To: hackers@freebsd.org Subject: Re: packaging base In-Reply-To: <20020424121651.GA317@lenny.anarcat.dyndns.org> References: <20020424030937.GC323@lenny.anarcat.dyndns.org> <15558.12150.814150.317904@guru.mired.org> <20020424050711.GC973@lenny.anarcat.dyndns.org> <15558.16369.602750.415167@guru.mired.org> <20020424121651.GA317@lenny.anarcat.dyndns.org> X-Mailer: VM 6.90 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG% *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\ From: Mike Meyer X-Delivery-Agent: TMDA/0.52 (Python 2.2 on FreeBSD/i386) Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG [Replies have been pointed to -hackers to get this off of -stable.] In <20020424121651.GA317@lenny.anarcat.dyndns.org>, The Anarcat typed: > On Wed Apr 24, 2002 at 12:17:37AM -0500, Mike Meyer wrote: > > In <20020424050711.GC973@lenny.anarcat.dyndns.org>, The Anarcat typed: > > > On Tue Apr 23, 2002 at 11:07:18PM -0500, Mike Meyer wrote: > > > > In <20020424030937.GC323@lenny.anarcat.dyndns.org>, The Anarcat typed: > > > > > The main issues I see about packaging the base system is [1] how plists > > > > > are to be handled and [2] how configurations files are to be handled. > > > > You missed the biggie: [3] how the base system install is handled. > > > The same way the rest of the system is. [3] = [1] + [2] > > No, it isn't. Ports don't have the requirement to fit on a single > > floppy. > The more we move towards packaging the whole system, the more this > distinction will be blurred, hence [3] = [1] + [2]. Ok, so the biggie is [3] - the ports system needs to handle ports broken up into floppies. > > That one's not the problem. The problem is catting together many > > *floppies* to get a package prior to actually installing it. That's > > not quite so simple. > I could see a simple shell script deal with that. I think it is quite > simple. Your simple shell script has to prompt for floppies. That needs UI code. The people who know have decided that the current UI code isn't up to snuff. Hence libh. > > > But guess what: libh won't get through if it's not a drop-in > > > replacement for sysinstall. > > What makes you say that? > FUD. Documentation is written for sysinstall and everyone's used to > it. Considering that the installation process is the one that generates the most complaints/suggestions/etc., changing it is certainly a must. Yes, we'll need new documentation. I believe there are plans to have them both available for a while. But making it a drop-in would defeat one of the reasons for rewriting it. > > > In other words, libh doesn't know about the ports collection or > > > /usr/src yet, and I don't think it's going to change soon. > > Yes, but it will change eventually. > I hope not. I prefer keeping the package management system seperate > from the source management system. Wait - source management? What does libh or sysinstall have to do with source management, beyond installing the source in the first place. Ideally, you want that to be just another package. > > And yes, it's going to require rewriting the package format to deal > > with the issues needed for working on the base system. > I don't think you have proved that point. You're right, I haven't. I've been resorting to argument by authority, which isn't proof. However, I tend to believe the original author of a software when he says that something needs to be done a specific way to change that system. If you want to argue with the author, jkh's address is well-known. http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 8:35:57 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from rover.village.org (rover.bsdimp.com [204.144.255.66]) by hub.freebsd.org (Postfix) with ESMTP id 2A26237B4B7 for ; Wed, 24 Apr 2002 08:32:01 -0700 (PDT) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.11.3/8.11.3) with ESMTP id g3OFVIH83838; Wed, 24 Apr 2002 09:31:18 -0600 (MDT) (envelope-from imp@village.org) Received: from localhost (warner@rover2.village.org [10.0.0.1]) by harmony.village.org (8.11.6/8.11.6) with ESMTP id g3OFV3b33632; Wed, 24 Apr 2002 09:31:16 -0600 (MDT) (envelope-from imp@village.org) Date: Wed, 24 Apr 2002 09:30:36 -0600 (MDT) Message-Id: <20020424.093036.12367636.imp@village.org> To: davidx@viasoft.com.cn Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: fix wrong pnp id comment From: "M. Warner Losh" In-Reply-To: <00aa01c1e9d8$b3c1b9f0$ef01a8c0@davidwnt> References: <00aa01c1e9d8$b3c1b9f0$ef01a8c0@davidwnt> X-Mailer: Mew version 2.1 on Emacs 21.1 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In message: <00aa01c1e9d8$b3c1b9f0$ef01a8c0@davidwnt> "David Xu" writes: : Current branch, pci_bus.c has wrong PNP ID comment. Committed. Thanks. Usually, however, it is better to file a PR and send that PR number to hackers for trivial changes like this. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 8:38:27 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from soulshock.mail.pas.earthlink.net (soulshock.mail.pas.earthlink.net [207.217.120.130]) by hub.freebsd.org (Postfix) with ESMTP id 7136837B42C for ; Wed, 24 Apr 2002 08:33:22 -0700 (PDT) Received: from hawk.mail.pas.earthlink.net (hawk.mail.pas.earthlink.net [207.217.120.22]) by soulshock.mail.pas.earthlink.net (8.11.6+Sun/8.11.6) with ESMTP id g3OFLY812883 for ; Wed, 24 Apr 2002 08:21:34 -0700 (PDT) Received: from pool0017.cvx22-bradley.dialup.earthlink.net ([209.179.198.17] helo=mindspring.com) by hawk.mail.pas.earthlink.net with esmtp (Exim 3.33 #2) id 170OZx-0005iO-00; Wed, 24 Apr 2002 08:21:10 -0700 Message-ID: <3CC6CD49.19DE7AEA@mindspring.com> Date: Wed, 24 Apr 2002 08:20:41 -0700 From: Terry Lambert X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: paleph@pacbell.net Cc: freebsd-hackers@Freebsd.org Subject: Re: question on use of kernel memory allocation routines References: <200204241414.g3OEEhB02234@pacbell.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG paleph@pacbell.net wrote: > -------------------------------- > 1. What is the correct (standard) way to add a new > system call to the kernel so it will be > compatible with 4.* and 5.* ? You can't use the same code unmodified. %.x requires locking that is implicit in 4.x. System calls are also "special". THe closest you can get is to use a loadable module that adds a system call into one of the reserved slots. For adding actual system calls statically, you have to modify syscalls.master, and then run the per script to recreate the necessary header files (these are checked into the source tree, instead of recreated on each kernel build, which is probably incredibly wrong). You will also have to rebuild libc, so that the stub gets compiled into a system call stub in libc, and, if it deals with a file descriptor, you will have to procide a wrapper for the call for libc_r, so that it can lock the user space threading structure for the fd before it mconverts the blocking call into a non-blocking call plus a thread context switch. > -------------------------------- > 2. I notice a large number of memory allocation routines that > are used through out the kernel. Yes. Incredibly annoying, isn't it? > I tried looking at the > FreeBSD archives and also did a google search to see what > I could find about their semantics. I did not have very good > success. The kernel file comments with these interfaces were > not very helpful in determining when they should be used. They aren't very accurate, either. The zone allocator comments, in particular, are very wrong. They obfuscate what's really going on. In many allocations, you can see that the code required to obtain the backing page(s) recalculates values that you could precalculate at zone definition time, making the allocation much more expensive than it really has to be. Most of this code is replaces in 5.x -current, using Jeff's SLAB allocator code. > Is there any documentation on them and when they should be > used. I could probably get away with just using malloc() and > free(), however it would be nice to understand what these > memory allocation functions do in case they are more appropriate. Use the SLAB code in code intended for use with 5.x, so you can avoid most of the locking issues automatically. > vm_offset_t > kmem_alloc_pageable(map, size) Allocate something that can be paged, and which you guarantee will never be referenced at interrupt time and/or in the paging path. Use this routine, if you can, since it scales to the largest footprint possible, as long as the amount of memory you are using is not a significant fraction of the 32 bit address space (if you have that much physical RAM, it's pretty much not worth doing that, because it puts the allocated memory into contention with user processes for swapping, and even if LRU'ing were a good idea, having the LRU be the same for the UVA and KVA is intrinsically a bad idea). > vm_offset_t > kmem_alloc_nofault(map, size) Alloc such that you won't take a fault to satisfy it. This is for "fast path" allocations that aren't permitted to stall to service the fault. > vm_offset_t > kmem_alloc(map, size) Standard allocation. > void > kmem_free(map, addr, size) Standard free. > vm_map_t > kmem_suballoc(parent, min, max, size) Don't remember. > vm_offset_t > kmem_malloc(map, size, flags) Standard malloc. > vm_offset_t > kmem_alloc_wait(map, size) Allocate, and stall the caller to wait for it, if you have to. Not usable from interrupt mode or traps, useful for system calls; must be done in the context of a current process, so that there is a sleep address available. > void > kmem_free_wakeup(map, addr, size) Wakeup people who are starving for this resource (if any). > void > kmem_init(start, end) Obvious usage. > Any help or pointers to documentation is appreciated See section 9 of the manual page. Don't expect to use the same mechanisms in 4.x and 5.x. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 8:45:35 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from valu.uninet.ee (valu.uninet.ee [194.204.34.51]) by hub.freebsd.org (Postfix) with ESMTP id C29FE37B41F; Wed, 24 Apr 2002 08:45:29 -0700 (PDT) Received: by valu.uninet.ee (Postfix, from userid 1002) id 3D13636420; Wed, 24 Apr 2002 18:44:29 +0300 (EEST) Received: from localhost (localhost [127.0.0.1]) by valu.uninet.ee (Postfix) with ESMTP id 3B7393261B; Wed, 24 Apr 2002 18:44:29 +0300 (EEST) Date: Wed, 24 Apr 2002 18:44:29 +0300 (EEST) From: Taavi Talvik To: "Jacques A. Vidrine" Cc: Greg 'groggy' Lehey , Robert Watson , Jordan Hubbard , Oscar Bonilla , Anthony Schneider , Mike Meyer , Subject: Time for new manpage - ala changes (Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?)) In-Reply-To: <20020424122754.GC42969@madman.nectar.cc> Message-ID: <20020424183625.B5563-100000@valu.uninet.ee> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Maybe it's time for new manpage (surprises, changes, etc.?) describing just differences from some old defaults, changes in behavior etc. Probably this manpage just gives short descriptions what may historical behavior is changed. UPDATING file and tuning(7) man page by Matthew Dillon which serves similiar purpose has allready helped many users. best regards, taavi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 8:48:35 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from duke.cs.duke.edu (duke.cs.duke.edu [152.3.140.1]) by hub.freebsd.org (Postfix) with ESMTP id 2CE4437B419; Wed, 24 Apr 2002 08:48:23 -0700 (PDT) Received: from grasshopper.cs.duke.edu (grasshopper.cs.duke.edu [152.3.145.30]) by duke.cs.duke.edu (8.9.3/8.9.3) with ESMTP id LAA24700; Wed, 24 Apr 2002 11:47:57 -0400 (EDT) Received: (from gallatin@localhost) by grasshopper.cs.duke.edu (8.11.6/8.9.1) id g3OFlRf92953; Wed, 24 Apr 2002 11:47:27 -0400 (EDT) (envelope-from gallatin@cs.duke.edu) From: Andrew Gallatin MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15558.54159.737973.56540@grasshopper.cs.duke.edu> Date: Wed, 24 Apr 2002 11:47:27 -0400 (EDT) To: Brandon S Allbery KF8NH Cc: Kenneth Culver , freebsd-hackers@FreeBSD.ORG, FreeBSD-CURRENT List Subject: Re: implementing linux mmap2 syscall In-Reply-To: <1019662269.6094.1.camel@pyanfar.ece.cmu.edu> References: <15557.27747.802212.659760@grasshopper.cs.duke.edu> <20020423181748.W31638-100000@alpha.yumyumyum.org> <15558.46600.351433.784766@grasshopper.cs.duke.edu> <1019662269.6094.1.camel@pyanfar.ece.cmu.edu> X-Mailer: VM 6.75 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Brandon S Allbery KF8NH writes: > On Wed, 2002-04-24 at 10:41, Andrew Gallatin wrote: > > Maybe the argument isn't where you expect it to be, but is there. > > Can you make a test program which calls mmap2 with its 6th arg as > > something unique like 0xdeadbeef? Then print out (in hex :) the trapframe > > from the linux prepsyscall routine & see if you can find the deadbeef. > > My recollection is that beyond 5 arguments, a pointer to the remaining > ones is passed. (But my recollection may be wrong and I don't wish to > subject myself to the source cesspool at the moment....) > I think that's how it used to work. Apparently, they've changed it recently and they now pass 6 args in registers. Eg, in the linux kernel sources, old_mmap() fetches its args via copy_from_user(), whereas the newer sys_mmap2() doesn't. Drew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 9: 8:59 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from quic.net (romulus.quic.net [216.23.27.8]) by hub.freebsd.org (Postfix) with SMTP id DFF4B37B49C for ; Wed, 24 Apr 2002 09:06:45 -0700 (PDT) Received: (qmail 31770 invoked by uid 1032); 24 Apr 2002 16:06:39 -0000 From: utsl@quic.net Date: Wed, 24 Apr 2002 12:06:39 -0400 To: Miguel Mendez Cc: freebsd-hackers@freebsd.org Subject: Re: graphical frontend for vinum Message-ID: <20020424160639.GB30203@quic.net> References: <20020424155218.B71155@energyhq.homeip.net> <20020424140529.GD86692@roughtrade.net> <20020424161444.A71321@energyhq.homeip.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020424161444.A71321@energyhq.homeip.net> User-Agent: Mutt/1.3.27i Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, Apr 24, 2002 at 04:14:44PM +0200, Miguel Mendez wrote: > On Thu, Apr 25, 2002 at 12:05:29AM +1000, Joshua Goodall wrote: > > On Wed, Apr 24, 2002 at 03:52:18PM +0200, Miguel Mendez wrote: > > However you present the UI, when it comes to making changes, please > > have it queue up the actual commands which are then visible to the > > sysadmin for approval, backout, single-stepping, recording etc. > > Way too many graphical management tools have been corrupted by the > > microsoft control panel &c. > > Well, if you've used recent versions of the veritas volume manager > fronted you'll notice that they give the cli command output in a window, > that's what I intend to do. You might want to look at EVMS on Linux. They have a few good ideas, like building a library and API underneath the user interfaces. From what I can see, that project has some nice underlying concepts, but the user interfaces need to evolve for a few years. (Worst CLI ever, and the GUI is very confusing.) I wonder if that API could interface with vinum? It would be very nice to have a cross-platform library interface to operate on disk volumes. For that, it might even be worth improving the EVMS API, rather than starting from scratch. ---Nathan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 9:14:54 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from beppo.feral.com (beppo.feral.com [192.67.166.79]) by hub.freebsd.org (Postfix) with ESMTP id F41F837B405; Wed, 24 Apr 2002 09:14:45 -0700 (PDT) Received: from mailhost.feral.com (mjacob@mailhost.feral.com [192.67.166.1]) by beppo.feral.com (8.11.3/8.11.3) with ESMTP id g3OGEjf64436; Wed, 24 Apr 2002 09:14:45 -0700 (PDT) (envelope-from mjacob@feral.com) Date: Wed, 24 Apr 2002 09:14:45 -0700 (PDT) From: Matthew Jacob X-Sender: mjacob@beppo Reply-To: mjacob@feral.com To: John Baldwin Cc: hackers@FreeBSD.org Subject: RE: mutex owned stuff fallible? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, 24 Apr 2002, John Baldwin wrote: > > On 24-Apr-2002 Matthew Jacob wrote: > > > > This is a recent i386 SMP kernel: > > > > > > panic: mutex isp not owned at ../../../kern/kern_synch.c:449 > > cpuid = 0; lapic.id = 00000000 > > Debugger("panic") > > Stopped at Debugger+0x41: xorl %eax,%eax > > db> > > db> t > > Debugger(c031189a) at Debugger+0x41 > > panic(c0310ae8,c030470d,c0312018,1c1,d2d08438) at panic+0xd8 > > _mtx_assert(d2d0843c,9,c0312018,1c1,69) at _mtx_assert+0x59 > > msleep(d2d08438,d2d0843c,4c,c0301260,7d0) at msleep+0x157 > > isp_mboxcmd(d2d08400,d2d19c04,f,d07dee8,0) at isp_mboxcmd+0x19c > > isp_fw_state(d2d08400,d2d19c54,d2d08400,d2d09000,d2d08400) at > > isp_fw_state+0x2b > > isp_fclink_test(d2d08400,1e8480,d2d08400,d2d09000,d2d0843c) at > > isp_fclink_test+0x5d > > isp_control(d2d08400,4,d2d19d18) at isp_control+0x28b > > isp_kthread(d2d08400,d2d19d48,d2d02a3c,c017b25c,0) at isp_kthread+0x6d > > fork_exit(c017b25c,d2d08400,d2d19d48) at fork_exit+0x88 > > fork_trampoline() at fork_trampoline+0x37 > > Is this code that is checked into the tree? Yes. > If so I can't see where > isp_kthread() calls isp_control(). isp_fc_runstate is an inline that calls isp_control. > mtx_owned() should always work. If > we own the lock then we were the last to write to it, so the value in our > cache can't be stale (at least, not the thread value, the contested bit > could be set by another CPU, but we mask off that bit when reading the > owner, so it's value doesn't matter). If we don't own the lock, it's > value but we don't care so long as we don't get a false positive. Since > we would have to write out the unowned cookie before another lock could > grab it though, we would at least have a value that up to date, so we > wouldn't read a stale value that had us owning the lock when we didn't. This pp is hard to parse, but I think we're in agreement that this occurrence is 'inconceivable'. I am *very* puzzled. > > > Examination of the code path shows to me that this has been what it has been > > for months- isp_lock is grabbed at the top of isp_kthread- various cv_wait && > > msleeps *should* assure it's still grabbed at the point in time it calls the > > inline isp_fc_runstate which then calls isp_control...isp_mboxcmd...where > > isp_mboxcmd calls msleep with isp_lock as the (should be still > > owned) argument. > > What is the output of 'show locks' from ddb? (You need witness for it to work.) Sigh. In order to be able to compile a kernel this year I turned off witness :-( > > > WTF, O? > > > > -matt > > -- > > John Baldwin <>< http://www.FreeBSD.org/~jhb/ > "Power Users Use the Power to Serve!" - http://www.FreeBSD.org/ > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 9:15:37 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mired.org (dsl-64-192-6-133.telocity.com [64.192.6.133]) by hub.freebsd.org (Postfix) with SMTP id AFBCD37B420 for ; Wed, 24 Apr 2002 09:14:57 -0700 (PDT) Received: (qmail 56707 invoked by uid 100); 24 Apr 2002 16:14:54 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Message-ID: <15558.55806.422744.851621@guru.mired.org> Date: Wed, 24 Apr 2002 11:14:54 -0500 To: Antoine Beaupre Cc: hackers@FreeBSD.org, The Anarcat , freebsd-libh@FreeBSD.org Subject: Re: packaging base In-Reply-To: References: <15558.52046.142372.646281@guru.mired.org> X-Mailer: VM 6.90 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG% *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\ From: Mike Meyer X-Delivery-Agent: TMDA/0.52 (Python 2.2 on FreeBSD/i386) Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In , Antoine Beaup= re typed: > Le Mercredi 24 avril 2002, =E0 11:12 , Mike Meyer a =E9crit : > > [Replies have been pointed to -hackers to get this off of -stable.]= > [taken to libh] Better. > > In <20020424121651.GA317@lenny.anarcat.dyndns.org>, The Anarcat=20 > > typed: > >> On Wed Apr 24, 2002 at 12:17:37AM -0500, Mike Meyer wrote: > >>> In <20020424050711.GC973@lenny.anarcat.dyndns.org>, The Anarcat=20= > >>> typed: > >>> That one's not the problem. The problem is catting together many > >>> *floppies* to get a package prior to actually installing it. That= 's > >>> not quite so simple. > >> I could see a simple shell script deal with that. I think it is qu= ite > >> simple. > > Your simple shell script has to prompt for floppies. That needs UI > > code. The people who know have decided that the current UI code isn= 't > > up to snuff. Hence libh. > Come on.. The current package system and sysinstall are quite good at= =20 > prompting for a simple yes/no question. The issue is really not there= , I=20 > think. I'm not really sure - I haven't poked at the source to see what would have to change to make all that work. > Libh is developping a UI, fine. But we need to develop a way to packa= ge=20 > base efficiently. Correct. I believe that's part of the libh project. You apparently don't. I actually think you could start this project and use the libh list to communicate the work. If you can make it work with the current sysinstall, great. If not - well, you'll at least have the package system ready for when libh gets there. > >>>> But guess what: libh won't get through if it's not a drop-in > >>>> replacement for sysinstall. > >>> What makes you say that? > >> FUD. Documentation is written for sysinstall and everyone's used t= o > >> it. > > Considering that the installation process is the one that generates= > > the most complaints/suggestions/etc., changing it is certainly a > > must. Yes, we'll need new documentation. I believe there are plans = to > > have them both available for a while. But making it a drop-in would= > > defeat one of the reasons for rewriting it. > I originally agreed with you, but I met some resistance in trying to=20= > convince people so. Did you propose running them both for a while? I think that's a critical step to get people to change. Especially if the libh version offers things the old one doesn't, like a consistent interface. > >>>> In other words, libh doesn't know about the ports collection or > >>>> /usr/src yet, and I don't think it's going to change soon. > >>> Yes, but it will change eventually. > >> I hope not. I prefer keeping the package management system seperat= e > >> from the source management system. > > Wait - source management? What does libh or sysinstall have to do w= ith > > source management, beyond installing the source in the first > > place. Ideally, you want that to be just another package. > Well, that's what I'm saying: libh or sysinstall shouldn't have anyth= ing=20 > to do with source management. :) I never said it should. Is someone else making that claim? > I'm concerned that since libh doesn't currently aim at handling the=20= > current bin.xx brute-force system, it will need base to be packaged i= n=20 > order to install a running system. Correct. > And libh will meet resistance not only from being a brand new system,= =20 > but also at trying to package base, which will break havoc among=20 > developpers. How many developers use sysinstall, vs. rebuilding from source? Those are the only ones who are liable to care. If it's done right, then the new sysinstall should have packages defined by the NO* variables in /etc/defaults/make.conf, and should set the appropriate flags in /etc/make.conf for each part you don't load. > That's why I think the libh vs sysinstall and bin.xx vs base.tgz issu= es=20 > must be separated. As I pointed out above, that separation doesn't have to mean pulling the bin.xxx vs. base.tgz stuff out of libh. The two can happen in parallel. > >>> And yes, it's going to require rewriting the package format to de= al > >>> with the issues needed for working on the base system. > >> I don't think you have proved that point. > > You're right, I haven't. I've been resorting to argument by authori= ty, > > which isn't proof. However, I tend to believe the original author o= f a > > software when he says that something needs to be done a specific wa= y > > to change that system. If you want to argue with the author, jkh's > > address is well-known. > I am not sure jkh would say that libh was written to repackage the ba= se=20 > system. It seemed kind of implicit in the design documents, wasn't it= ? No, he wouldn't say libh was written to repackage the base system. He would say that repackaging the base system was one of the goals of the libh project. =09=09=09=09http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more inform= ation. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 9:16:12 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from smtp.comcast.net (smtp.comcast.net [24.153.64.2]) by hub.freebsd.org (Postfix) with ESMTP id 53B1837B405 for ; Wed, 24 Apr 2002 09:16:06 -0700 (PDT) Received: from leto (pcp529856pcs.nash01.tn.comcast.net [68.52.131.181]) by mtaout02.icomcast.net (iPlanet Messaging Server 5.1 HotFix 0.3 (built Apr 8 2002)) with ESMTP id <0GV200L63SGZMQ@mtaout02.icomcast.net> for freebsd-hackers@freebsd.org; Wed, 24 Apr 2002 10:05:23 -0400 (EDT) Date: Wed, 24 Apr 2002 09:00:49 -0500 (CDT) From: "Brandon D. Valentine" Subject: Re: graphical frontend for vinum In-reply-to: <20020424155218.B71155@energyhq.homeip.net> X-X-Sender: bandix@leto.homeportal.2wire.net To: Miguel Mendez Cc: freebsd-hackers@freebsd.org Message-id: <20020424085852.V12598-100000@leto.homeportal.2wire.net> MIME-version: 1.0 Content-type: TEXT/PLAIN; charset=US-ASCII Content-transfer-encoding: 7BIT Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, 24 Apr 2002, Miguel Mendez wrote: >So far people have liked The Fish (much more than I have initially hoped >btw). I think having a nice interface for vinum would be nice. This sounds like a great idea to me. Both thefish and any future vinum configuration tools sound like things that would be best written against libh, should it ever be released, so as to facilitate their easy integration with future versions of sysinstall or whatever it is called at that time. Just a thought. Brandon D. Valentine -- "Time to resign from the human race, wipe those tears from your lovely face. Baby, wave to the man in the ol' red caboose before all hell breaks loose." - Kinky Friedman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 9:36:59 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from quic.net (romulus.quic.net [216.23.27.8]) by hub.freebsd.org (Postfix) with SMTP id B627737B404 for ; Wed, 24 Apr 2002 09:36:50 -0700 (PDT) Received: (qmail 32128 invoked by uid 1032); 24 Apr 2002 16:36:36 -0000 From: utsl@quic.net Date: Wed, 24 Apr 2002 12:36:36 -0400 To: Miguel Mendez Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: graphical frontend for vinum Message-ID: <20020424163636.GC30203@quic.net> References: <20020424140529.GD86692@roughtrade.net> <6037.1019657760@critter.freebsd.dk> <20020424172622.A71820@energyhq.homeip.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020424172622.A71820@energyhq.homeip.net> User-Agent: Mutt/1.3.27i Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, Apr 24, 2002 at 05:26:22PM +0200, Miguel Mendez wrote: > On Wed, Apr 24, 2002 at 04:16:00PM +0200, Poul-Henning Kamp wrote: > > Hi, > > > You might want to generalize things a bit and make a graphical GUI > > for GEOM instead. Eventually vinum will either be absorbed into > > GEOM as one class or (better) be implemented with a set of simple > > classes in GEOM. > > Excellent idea Poul, I'm currently gathering info on GEOM and I think > that's the way to go. Does GEOM provide a better interface than DIOCGDINFO and DIOCGSLICEINFO? I recently wrote a program to list all the slices and partitions, because I couldn't find one already in existance. fdisk and disklabel only seem to work on one disk at a time, and I wanted to see everything. > Btw, yeah, the Veritas people introduced console logging long time ago, > I just haven't used vxvm for that long :) I've used it a lot. It has its good and bad points. Miguel, if you can, you might want to compare the old and new Veritas GUI's. (2.5 and before vs. 2.6 and later) Where I used to work, most of us loved one and hated the other. I liked the old one better, but I was also in the minority that preferred the CLI. One of the major problems most of us had with the newer one was that it made it harder to see the whole system. It was prettier, and it did some things better, but it was also more cluttered, and harder to navigate. ---Nathan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 9:41: 6 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.86.163]) by hub.freebsd.org (Postfix) with ESMTP id 4D97137B419 for ; Wed, 24 Apr 2002 09:41:02 -0700 (PDT) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.12.2/8.12.2) with ESMTP id g3OGeGHx008525; Wed, 24 Apr 2002 18:40:16 +0200 (CEST) (envelope-from phk@critter.freebsd.dk) To: utsl@quic.net Cc: Miguel Mendez , freebsd-hackers@FreeBSD.ORG Subject: Re: graphical frontend for vinum In-Reply-To: Your message of "Wed, 24 Apr 2002 12:36:36 EDT." <20020424163636.GC30203@quic.net> Date: Wed, 24 Apr 2002 18:40:16 +0200 Message-ID: <8524.1019666416@critter.freebsd.dk> From: Poul-Henning Kamp Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In message <20020424163636.GC30203@quic.net>, utsl@quic.net writes: >> Excellent idea Poul, I'm currently gathering info on GEOM and I think >> that's the way to go. > >Does GEOM provide a better interface than DIOCGDINFO and DIOCGSLICEINFO? >I recently wrote a program to list all the slices and partitions, because >I couldn't find one already in existance. fdisk and disklabel only seem >to work on one disk at a time, and I wanted to see everything. Yes :-) -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 10: 2:14 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from isilon.com (isilon.com [65.101.129.58]) by hub.freebsd.org (Postfix) with ESMTP id 70B6537B41A for ; Wed, 24 Apr 2002 10:02:07 -0700 (PDT) Received: (from rob@localhost) by isilon.com (8.11.1/8.11.1) id g3OH1b291992 for freebsd-hackers@freebsd.org; Wed, 24 Apr 2002 10:01:37 -0700 (PDT) (envelope-from rob) Date: Wed, 24 Apr 2002 10:01:37 -0700 (PDT) From: Rob Anderson Message-Id: <200204241701.g3OH1b291992@isilon.com> To: freebsd-hackers@freebsd.org Subject: msleep and spin locks Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I'm trying to debug a deadlock problem I'm seeing in a kernel module, and I wonder if someone could answer some questions I had about spinlocks. We've got a model where we have interrupt threads hand off work entries to kthreads (so that the interrupt threads aren't blocked for too long). The interrupt thread enqueues a work entry for the kthread, then wakes up the kthread. Then, the kthread processes the work entry. The work queue is protected by a spin lock. Unfortunately, the kthread waits for work entries by calling msleep(). msleep() expects a regular sleep lock to be handed in, not a spin lock. I would *expect* that this would result in the kthread blocking interrupts when it calls mtx_lock_spin(), and since msleep() won't re-enable interrupts (as far as I know), I would expect total starvation of the kthread. But that's not what I'm seeing...I'm actually seeing the interrupt thread getting called, but it's blocking on the mtx_lock_spin(). The interrupt callback code looks like: mtx_lock_spin(&spin_lock); <--- blocking here *** /* Add a new work entry */ mtx_unlock_spin(&spin_lock); wakeup(channel); The kthread code looks like: for (;;) { mtx_lock_spin(&spin_lock); while ( /* Work queue is empty */ ) { msleep(channel, &spin_lock, PI_DISK, str, 0); } /* Remove a work entry */ mtx_unlock_spin(&spin_lock); /* Process the work entry we just removed */ } My questions to you: - What are the ill effects of handing a spin lock to msleep? - I noticed that no one seems to use msleep with spin locks, nor have a need to do so. This leads me to believe that this producer/consumer programming model show above is incorrect. Should we be doing this differently? Many thanks, Rob A To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 10: 7:33 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by hub.freebsd.org (Postfix) with ESMTP id 4143037B427 for ; Wed, 24 Apr 2002 10:07:09 -0700 (PDT) Received: by elvis.mu.org (Postfix, from userid 1192) id 186F3AE2FD; Wed, 24 Apr 2002 10:07:09 -0700 (PDT) Date: Wed, 24 Apr 2002 10:07:09 -0700 From: Alfred Perlstein To: Rob Anderson Cc: freebsd-hackers@freebsd.org Subject: Re: msleep and spin locks Message-ID: <20020424170708.GF38320@elvis.mu.org> References: <200204241701.g3OH1b291992@isilon.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200204241701.g3OH1b291992@isilon.com> User-Agent: Mutt/1.3.27i Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG * Rob Anderson [020424 10:03] wrote: > I'm trying to debug a deadlock problem I'm seeing in a kernel module, and > I wonder if someone could answer some questions I had about spinlocks. You shouldn't be using spinlocks. -Alfred To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 10:31:49 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mail.speakeasy.net (mail11.speakeasy.net [216.254.0.211]) by hub.freebsd.org (Postfix) with ESMTP id E7B3737B42F for ; Wed, 24 Apr 2002 10:30:54 -0700 (PDT) Received: (qmail 28273 invoked from network); 24 Apr 2002 17:30:53 -0000 Received: from unknown (HELO server.baldwin.cx) ([216.27.160.63]) (envelope-sender ) by mail11.speakeasy.net (qmail-ldap-1.03) with DES-CBC3-SHA encrypted SMTP for ; 24 Apr 2002 17:30:53 -0000 Received: from laptop.baldwin.cx (gw1.twc.weather.com [216.133.140.1]) by server.baldwin.cx (8.11.6/8.11.6) with ESMTP id g3OHUrv07383; Wed, 24 Apr 2002 13:30:53 -0400 (EDT) (envelope-from jhb@FreeBSD.org) Message-ID: X-Mailer: XFMail 1.5.2 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: Date: Wed, 24 Apr 2002 13:30:01 -0400 (EDT) From: John Baldwin To: Matthew Jacob Subject: RE: mutex owned stuff fallible? Cc: hackers@FreeBSD.org Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 24-Apr-2002 Matthew Jacob wrote: > > > On Wed, 24 Apr 2002, John Baldwin wrote: > >> >> On 24-Apr-2002 Matthew Jacob wrote: >> > >> > This is a recent i386 SMP kernel: >> > >> > >> > panic: mutex isp not owned at ../../../kern/kern_synch.c:449 >> > cpuid = 0; lapic.id = 00000000 >> > Debugger("panic") >> > Stopped at Debugger+0x41: xorl %eax,%eax >> > db> >> > db> t >> > Debugger(c031189a) at Debugger+0x41 >> > panic(c0310ae8,c030470d,c0312018,1c1,d2d08438) at panic+0xd8 >> > _mtx_assert(d2d0843c,9,c0312018,1c1,69) at _mtx_assert+0x59 >> > msleep(d2d08438,d2d0843c,4c,c0301260,7d0) at msleep+0x157 >> > isp_mboxcmd(d2d08400,d2d19c04,f,d07dee8,0) at isp_mboxcmd+0x19c >> > isp_fw_state(d2d08400,d2d19c54,d2d08400,d2d09000,d2d08400) at >> > isp_fw_state+0x2b >> > isp_fclink_test(d2d08400,1e8480,d2d08400,d2d09000,d2d0843c) at >> > isp_fclink_test+0x5d >> > isp_control(d2d08400,4,d2d19d18) at isp_control+0x28b >> > isp_kthread(d2d08400,d2d19d48,d2d02a3c,c017b25c,0) at isp_kthread+0x6d >> > fork_exit(c017b25c,d2d08400,d2d19d48) at fork_exit+0x88 >> > fork_trampoline() at fork_trampoline+0x37 >> >> Is this code that is checked into the tree? > > Yes. > >> If so I can't see where >> isp_kthread() calls isp_control(). > > isp_fc_runstate is an inline that calls isp_control. Ah, ok. >> mtx_owned() should always work. If >> we own the lock then we were the last to write to it, so the value in our >> cache can't be stale (at least, not the thread value, the contested bit >> could be set by another CPU, but we mask off that bit when reading the >> owner, so it's value doesn't matter). If we don't own the lock, it's >> value but we don't care so long as we don't get a false positive. Since >> we would have to write out the unowned cookie before another lock could >> grab it though, we would at least have a value that up to date, so we >> wouldn't read a stale value that had us owning the lock when we didn't. > > This pp is hard to parse, but I think we're in agreement that this occurrence > is 'inconceivable'. Yes. > I am *very* puzzled. Me, too. The next time this happens, try dumping the contents of the mutex structure from ddb. The first argument to mtx_assert() and 2nd arg to msleep() is a pointer to the mutex, so you have the address. (The pointer looks right since the name was right in the panic message at least.) The first bits of the structure will be a struct lock_object which contains 3 pointers, an int, and then 2 more pointers. The next word will be the actual lock contents. You can use 'show pcpu' to get the per-CPU information containing (among other things) curthread. The value of the lock should be curthread (possibly with bits 1 or 2 set). If it is 0x4 (MTX_UNOWNED) it means the lock was released somehow. If that is the case, you can compile KTR into your kernel with lock tracing using: options KTR options KTR_COMPILE=KTR_LOCK options KTR_MASK=KTR_LOCK Then when it breaks do a 'show ktr' in ddb to get a trace of the most recent lock operations. You might want to turn on KTR_PROC as well (s/KTR_LOCK/(KTR_LOCK|KTR_PROC)/ above) so that you see when we switch processes so it is less confusing. This info might be useful to look at anyways. Hmm, I wonder if the mutex is recursed and mtx_assert() isn't printing the right error message? Hmm, nope. -- John Baldwin <>< http://www.FreeBSD.org/~jhb/ "Power Users Use the Power to Serve!" - http://www.FreeBSD.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 10:32:22 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mail.speakeasy.net (mail15.speakeasy.net [216.254.0.215]) by hub.freebsd.org (Postfix) with ESMTP id 700B037B42C for ; Wed, 24 Apr 2002 10:31:06 -0700 (PDT) Received: (qmail 21058 invoked from network); 24 Apr 2002 17:31:05 -0000 Received: from unknown (HELO server.baldwin.cx) ([216.27.160.63]) (envelope-sender ) by mail15.speakeasy.net (qmail-ldap-1.03) with DES-CBC3-SHA encrypted SMTP for ; 24 Apr 2002 17:31:05 -0000 Received: from laptop.baldwin.cx (gw1.twc.weather.com [216.133.140.1]) by server.baldwin.cx (8.11.6/8.11.6) with ESMTP id g3OHV5v07391; Wed, 24 Apr 2002 13:31:05 -0400 (EDT) (envelope-from jhb@FreeBSD.org) Message-ID: X-Mailer: XFMail 1.5.2 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <200204241701.g3OH1b291992@isilon.com> Date: Wed, 24 Apr 2002 13:30:13 -0400 (EDT) From: John Baldwin To: Rob Anderson Subject: RE: msleep and spin locks Cc: freebsd-hackers@freebsd.org Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 24-Apr-2002 Rob Anderson wrote: > I'm trying to debug a deadlock problem I'm seeing in a kernel module, and > I wonder if someone could answer some questions I had about spinlocks. > > We've got a model where we have interrupt threads hand off work entries > to kthreads (so that the interrupt threads aren't blocked for too long). > The interrupt thread enqueues a work entry for the kthread, then wakes > up the kthread. Then, the kthread processes the work entry. The work > queue is protected by a spin lock. You shouldn't be using spin locks for this. You really want a regular mutex. They will adaptively spin at some point when it is profitable to do so. spin mutexes should only be used in very low-level "true" bottom-half code. ithread handlers are not true bottom-half code for this definition. msleep() is not intended to work with spin mutexes, but only with sleep mutexes. I would just use a sleep mutex and a condition variable to do this (you can use msleep/wakeup if you wish though.) > - What are the ill effects of handing a spin lock to msleep? It won't work. If you were had WITNESS turned on it should have panic'd. > - I noticed that no one seems to use msleep with spin locks, nor have a > need to do so. This leads me to believe that this producer/consumer > programming model show above is incorrect. Should we be doing this > differently? Just use a sleep mutex instead of a spin mutex and you will be ok. If you've worked on solaris before, think of spin mutexes as Solaris' dispatcher locks. -- John Baldwin <>< http://www.FreeBSD.org/~jhb/ "Power Users Use the Power to Serve!" - http://www.FreeBSD.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 11:37: 5 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from beppo.feral.com (beppo.feral.com [192.67.166.79]) by hub.freebsd.org (Postfix) with ESMTP id 25B8E37B41E; Wed, 24 Apr 2002 11:37:00 -0700 (PDT) Received: from mailhost.feral.com (mjacob@mailhost.feral.com [192.67.166.1]) by beppo.feral.com (8.11.3/8.11.3) with ESMTP id g3OIaxf88550; Wed, 24 Apr 2002 11:36:59 -0700 (PDT) (envelope-from mjacob@feral.com) Date: Wed, 24 Apr 2002 11:36:59 -0700 (PDT) From: Matthew Jacob X-Sender: mjacob@beppo Reply-To: mjacob@feral.com To: John Baldwin Cc: hackers@FreeBSD.org Subject: RE: mutex owned stuff fallible? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > > Me, too. The next time this happens, try dumping the contents of the > mutex structure from ddb. The first argument to mtx_assert() and 2nd arg > to msleep() is a pointer to the mutex, so you have the address. (The > pointer looks right since the name was right in the panic message at > least.) The first bits of the structure will be a struct lock_object > which contains 3 pointers, an int, and then 2 more pointers. The next > word will be the actual lock contents. You can use 'show pcpu' to get the > per-CPU information containing (among other things) curthread. The value > of the lock should be curthread (possibly with bits 1 or 2 set). If it is > 0x4 (MTX_UNOWNED) it means the lock was released somehow. I actually left the system in DDB, so I still have access. db> show pcpu cpuid = 0 curthread = 0xd2d02a3c: pid 24 "isp1: fc_thrd" curpcb = 0xd2d19da0 fpcurthread = none idlethread = 0xd1e4fa3c: pid 11 "idle: cpu0" currentldt = 0x28 and db> x/x 0xd2d0843c 0xd2d0843c: c035c620 db> 0xd2d08440: c030470d db> 0xd2d08444: c030470d db> 0xd2d08448: 30000 db> 0xd2d0844c: 0 db> 0xd2d08450: 0 db> 0xd2d08454: 4 Looks like you're right and the lock was freed somewhere but not locked again. I'll try your KTR stuff to try and trap what has happened. -matt > If that is the case, you can compile KTR into your kernel with lock > tracing using: > > options KTR > options KTR_COMPILE=KTR_LOCK > options KTR_MASK=KTR_LOCK > > Then when it breaks do a 'show ktr' in ddb to get a trace of the most recent > lock operations. You might want to turn on KTR_PROC as well > (s/KTR_LOCK/(KTR_LOCK|KTR_PROC)/ above) so that you see when we switch > processes so it is less confusing. This info might be useful to look at > anyways. > > Hmm, I wonder if the mutex is recursed and mtx_assert() isn't printing the > right error message? Hmm, nope. > > -- > > John Baldwin <>< http://www.FreeBSD.org/~jhb/ > "Power Users Use the Power to Serve!" - http://www.FreeBSD.org/ > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 13: 3:19 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from freebie.xs4all.nl (freebie.xs4all.nl [213.84.32.253]) by hub.freebsd.org (Postfix) with ESMTP id 4AE1737B41B; Wed, 24 Apr 2002 13:03:14 -0700 (PDT) Received: from freebie.xs4all.nl (localhost [127.0.0.1]) by freebie.xs4all.nl (8.12.2/8.12.2) with ESMTP id g3OK2PWC061471; Wed, 24 Apr 2002 22:03:00 +0200 (CEST) (envelope-from wkb@freebie.xs4all.nl) Received: (from wkb@localhost) by freebie.xs4all.nl (8.12.2/8.12.2/Submit) id g3OK2PYj061470; Wed, 24 Apr 2002 22:02:25 +0200 (CEST) Date: Wed, 24 Apr 2002 22:02:25 +0200 From: Wilko Bulte To: Gregory Neil Shapiro Cc: hackers@FreeBSD.ORG Subject: Re: sendmail complaining about filedescriptors? Message-ID: <20020424220225.C61408@freebie.xs4all.nl> References: <20020422213522.A4465@freebie.xs4all.nl> <15556.29897.695479.817308@horsey.gshapiro.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <15556.29897.695479.817308@horsey.gshapiro.net>; from gshapiro@FreeBSD.ORG on Mon, Apr 22, 2002 at 01:38:33PM -0700 X-OS: FreeBSD 4.5-STABLE X-PGP: finger wilko@freebsd.org Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, Apr 22, 2002 at 01:38:33PM -0700, Gregory Neil Shapiro wrote: > wkb> Apr 22 09:29:50 freebie sendmail[253]: File descriptors missing on startup: stdout, stderr; Bad file descriptor > > sendmail always checks it's first three fd's at startup to avoid the > problem that has just come to light in the FreeBSD security announcement. > This is what is logged if sendmail has problems with them. It can be > ignored as sendmail attaches /dev/null to them. Ah, OK, thanks a lot for the clarification. -- | / o / /_ _ wilko@FreeBSD.org |/|/ / / /( (_) Bulte Arnhem, the Netherlands To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 13:18:48 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mailhub.yumyumyum.org (dsl092-171-091.wdc1.dsl.speakeasy.net [66.92.171.91]) by hub.freebsd.org (Postfix) with SMTP id D58F437B417 for ; Wed, 24 Apr 2002 13:18:42 -0700 (PDT) Received: (qmail 38674 invoked from network); 24 Apr 2002 20:16:02 -0000 Received: from dsl092-171-091.wdc1.dsl.speakeasy.net (66.92.171.91) by dsl092-171-091.wdc1.dsl.speakeasy.net with SMTP; 24 Apr 2002 20:16:02 -0000 Date: Wed, 24 Apr 2002 16:16:02 -0400 (EDT) From: Kenneth Culver To: Brandon S Allbery KF8NH Cc: Andrew Gallatin , , FreeBSD-CURRENT List Subject: Re: implementing linux mmap2 syscall In-Reply-To: <1019662269.6094.1.camel@pyanfar.ece.cmu.edu> Message-ID: <20020424161545.O38664-100000@alpha.yumyumyum.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I tried printing out everything in the trapframe in hex and nothing looke remotely right. Ken On 24 Apr 2002, Brandon S Allbery KF8NH wrote: > On Wed, 2002-04-24 at 10:41, Andrew Gallatin wrote: > > Maybe the argument isn't where you expect it to be, but is there. > > Can you make a test program which calls mmap2 with its 6th arg as > > something unique like 0xdeadbeef? Then print out (in hex :) the trapframe > > from the linux prepsyscall routine & see if you can find the deadbeef. > > My recollection is that beyond 5 arguments, a pointer to the remaining > ones is passed. (But my recollection may be wrong and I don't wish to > subject myself to the source cesspool at the moment....) > > -- > brandon s. allbery [os/2][linux][solaris][japh] allbery@kf8nh.apk.net > system administrator [WAY too many hats] allbery@ece.cmu.edu > electrical and computer engineering KF8NH > carnegie mellon university ["better check the oblivious first" -ke6sls] > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 13:22:31 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mailhub.yumyumyum.org (dsl092-171-091.wdc1.dsl.speakeasy.net [66.92.171.91]) by hub.freebsd.org (Postfix) with SMTP id E724437B41B for ; Wed, 24 Apr 2002 13:22:25 -0700 (PDT) Received: (qmail 38695 invoked from network); 24 Apr 2002 20:19:44 -0000 Received: from dsl092-171-091.wdc1.dsl.speakeasy.net (66.92.171.91) by dsl092-171-091.wdc1.dsl.speakeasy.net with SMTP; 24 Apr 2002 20:19:44 -0000 Date: Wed, 24 Apr 2002 16:19:44 -0400 (EDT) From: Kenneth Culver To: Andrew Gallatin Cc: Brandon S Allbery KF8NH , , FreeBSD-CURRENT List Subject: Re: implementing linux mmap2 syscall In-Reply-To: <15558.54159.737973.56540@grasshopper.cs.duke.edu> Message-ID: <20020424161828.R38664-100000@alpha.yumyumyum.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > > Brandon S Allbery KF8NH writes: > > On Wed, 2002-04-24 at 10:41, Andrew Gallatin wrote: > > > Maybe the argument isn't where you expect it to be, but is there. > > > Can you make a test program which calls mmap2 with its 6th arg as > > > something unique like 0xdeadbeef? Then print out (in hex :) the trapframe > > > from the linux prepsyscall routine & see if you can find the deadbeef. > > > > My recollection is that beyond 5 arguments, a pointer to the remaining > > ones is passed. (But my recollection may be wrong and I don't wish to > > subject myself to the source cesspool at the moment....) > > > > I think that's how it used to work. Apparently, they've changed it > recently and they now pass 6 args in registers. Eg, in the linux > kernel sources, old_mmap() fetches its args via copy_from_user(), > whereas the newer sys_mmap2() doesn't. > > Drew > Yep, according to the docs and source code I looked at in the linux kernel, the sixth arg is in the ebp register. I've looked all over the FreeBSD kernel and the linux emulator for the place that actually sets these, and unfortunately, due to my lack of asm coding knowledge, I can't find anything. Ken To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 14: 5:18 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mail.speakeasy.net (mail12.speakeasy.net [216.254.0.212]) by hub.freebsd.org (Postfix) with ESMTP id E004137B42B for ; Wed, 24 Apr 2002 14:04:53 -0700 (PDT) Received: (qmail 13193 invoked from network); 24 Apr 2002 21:01:53 -0000 Received: from unknown (HELO server.baldwin.cx) ([216.27.160.63]) (envelope-sender ) by mail12.speakeasy.net (qmail-ldap-1.03) with DES-CBC3-SHA encrypted SMTP for ; 24 Apr 2002 21:01:53 -0000 Received: from laptop.baldwin.cx (gw1.twc.weather.com [216.133.140.1]) by server.baldwin.cx (8.11.6/8.11.6) with ESMTP id g3OL1pv08001; Wed, 24 Apr 2002 17:01:51 -0400 (EDT) (envelope-from jhb@FreeBSD.org) Message-ID: X-Mailer: XFMail 1.5.2 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <20020424161828.R38664-100000@alpha.yumyumyum.org> Date: Wed, 24 Apr 2002 17:01:00 -0400 (EDT) From: John Baldwin To: Kenneth Culver Subject: Re: implementing linux mmap2 syscall Cc: FreeBSD-CURRENT List Cc: FreeBSD-CURRENT List , freebsd-hackers@FreeBSD.ORG, Brandon S Allbery KF8NH , Andrew Gallatin Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 24-Apr-2002 Kenneth Culver wrote: >> >> Brandon S Allbery KF8NH writes: >> > On Wed, 2002-04-24 at 10:41, Andrew Gallatin wrote: >> > > Maybe the argument isn't where you expect it to be, but is there. >> > > Can you make a test program which calls mmap2 with its 6th arg as >> > > something unique like 0xdeadbeef? Then print out (in hex :) the >> > > trapframe >> > > from the linux prepsyscall routine & see if you can find the deadbeef. >> > >> > My recollection is that beyond 5 arguments, a pointer to the remaining >> > ones is passed. (But my recollection may be wrong and I don't wish to >> > subject myself to the source cesspool at the moment....) >> > >> >> I think that's how it used to work. Apparently, they've changed it >> recently and they now pass 6 args in registers. Eg, in the linux >> kernel sources, old_mmap() fetches its args via copy_from_user(), >> whereas the newer sys_mmap2() doesn't. >> >> Drew >> > Yep, according to the docs and source code I looked at in the linux > kernel, the sixth arg is in the ebp register. I've looked all over the > FreeBSD kernel and the linux emulator for the place that actually sets > these, and unfortunately, due to my lack of asm coding knowledge, I can't > find anything. libc sets it before it enters the kernel. Then on kernel entry we save ebp in the trapframe. -- John Baldwin <>< http://www.FreeBSD.org/~jhb/ "Power Users Use the Power to Serve!" - http://www.FreeBSD.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 14:21:10 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mailhub.yumyumyum.org (dsl092-171-091.wdc1.dsl.speakeasy.net [66.92.171.91]) by hub.freebsd.org (Postfix) with SMTP id 98D6C37B420 for ; Wed, 24 Apr 2002 14:21:05 -0700 (PDT) Received: (qmail 39007 invoked from network); 24 Apr 2002 21:11:50 -0000 Received: from dsl092-171-091.wdc1.dsl.speakeasy.net (66.92.171.91) by dsl092-171-091.wdc1.dsl.speakeasy.net with SMTP; 24 Apr 2002 21:11:50 -0000 Date: Wed, 24 Apr 2002 17:11:50 -0400 (EDT) From: Kenneth Culver To: John Baldwin Cc: FreeBSD-CURRENT List , FreeBSD-CURRENT List , , Brandon S Allbery KF8NH , Andrew Gallatin Subject: Re: implementing linux mmap2 syscall In-Reply-To: Message-ID: <20020424170721.B38982-100000@alpha.yumyumyum.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > libc sets it before it enters the kernel. Then on kernel entry we save > ebp in the trapframe. So in the case of linux emulation, the glibc that we're using in the linux-ulator isn't setting it properly? I'm using the linux_base-7 port for this, so as far as I can tell, it should work... assuming linux_base-7 is meant to run on a linux-2.4.x kernel (or kernel that's emulating that). I may have screwed up my linux libs somehow or another too... could this be causing the behavior I'm seeing? Ken To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 14:42:22 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mail.speakeasy.net (mail15.speakeasy.net [216.254.0.215]) by hub.freebsd.org (Postfix) with ESMTP id A8D4F37B405 for ; Wed, 24 Apr 2002 14:42:18 -0700 (PDT) Received: (qmail 11897 invoked from network); 24 Apr 2002 21:34:59 -0000 Received: from unknown (HELO server.baldwin.cx) ([216.27.160.63]) (envelope-sender ) by mail15.speakeasy.net (qmail-ldap-1.03) with DES-CBC3-SHA encrypted SMTP for ; 24 Apr 2002 21:34:59 -0000 Received: from laptop.baldwin.cx (gw1.twc.weather.com [216.133.140.1]) by server.baldwin.cx (8.11.6/8.11.6) with ESMTP id g3OLYwv08142; Wed, 24 Apr 2002 17:34:58 -0400 (EDT) (envelope-from jhb@FreeBSD.org) Message-ID: X-Mailer: XFMail 1.5.2 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <20020424170721.B38982-100000@alpha.yumyumyum.org> Date: Wed, 24 Apr 2002 17:34:07 -0400 (EDT) From: John Baldwin To: Kenneth Culver Subject: Re: implementing linux mmap2 syscall Cc: Andrew Gallatin Cc: Andrew Gallatin , Brandon S Allbery KF8NH , freebsd-hackers@FreeBSD.ORG, FreeBSD-CURRENT List Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 24-Apr-2002 Kenneth Culver wrote: >> libc sets it before it enters the kernel. Then on kernel entry we save >> ebp in the trapframe. > > So in the case of linux emulation, the glibc that we're using in the > linux-ulator isn't setting it properly? I'm using the linux_base-7 port > for this, so as far as I can tell, it should work... assuming linux_base-7 > is meant to run on a linux-2.4.x kernel (or kernel that's emulating that). > > I may have screwed up my linux libs somehow or another too... could this > be causing the behavior I'm seeing? Maybe. You could always try finding the mmap2() entry point and dissassembling it to see what it is doing. > Ken -- John Baldwin <>< http://www.FreeBSD.org/~jhb/ "Power Users Use the Power to Serve!" - http://www.FreeBSD.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 15:16:20 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from smtp3.9tel.net (smtp.9tel.net [213.203.124.146]) by hub.freebsd.org (Postfix) with ESMTP id E08DB37B416 for ; Wed, 24 Apr 2002 15:15:59 -0700 (PDT) Received: from ifrance.com (40.105-30-212.9massy1-1-ro-as-i2-2.9tel.net [212.30.105.40]) by smtp3.9tel.net (Postfix) with ESMTP id 477415CD6C; Wed, 24 Apr 2002 23:41:39 +0200 (CEST) Message-ID: <157962002432421436875@ifrance.com> X-EM-Version: 5, 0, 0, 21 X-EM-Registration: #01B0530810E603002D00 X-Priority: 3 Reply-To: sondageexpress3@ifrance.com To: "-" From: "SondageExpress" Subject: Le dernier sondage avant les élections presidentielles 2002 ! Date: Wed, 24 Apr 2002 23:43:06 +0200 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_84815C5ABAF209EF376268C8" Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG ------=_NextPart_84815C5ABAF209EF376268C8 Content-type: text/plain; charset="US-ASCII" ------=_NextPart_84815C5ABAF209EF376268C8 Content-Type: text/html; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable Untitled Document
En=20 partenariat avec
=20
<= /div>
<= font size=3D"6">
     <= /font>
<= b>Le=20 dernier sondage avant le second tour des élections pré= sidentielles=20 2002

Sondage Express réalise le dernier sondage ava= nt le=20 second tour des élections présidentielles=2E Les r&eac= ute;sultats=20 seront envoyés par e-mail à tous les participants avan= t les=20 24 et 26 avril et le 3 mai 2002 à minuit par e-mail=2E=

Pour quel candidat allez vous voter le dimanche 5 mai 2002 ?
=20
=09 =09
=20 =20
=20 =20
=20 Jacques=20 Chirac
•=20 Parti politique : Rassemblement pour la Ré= ;publique
•=20 Âge : 69 ans
•=20 Situation de famille : Marié et pè= re de=20 deux filles
•=20 Métier d'origine : Haut-fonctionnaire
=
•=20 Mandat en cours : Président de la R&eacut= e;publique=20 depuis 1995
=20 =20
=20 Jean-Marie=20 Le Pen
•=20 Parti politique : Front national
•=20 Âge : 73 ans
•=20 Situation de famille : Père de trois fill= es
•=20 Métier d’origine : Chef d’entre= prise
•=20 Mandats en cours : Député europ&ea= cute;en=20 depuis 1984
       
=20
=20 Je=20 ne voterai pas
=20
=20 = NSP
=20

=20 =20
=20 Je=20 suis certain de mon choix
=20 Mon=20 choix n'est pas encore définitif

Pour=20 quel candidat avez vous voté au 1er tour ?= =20

=20
Votre=20 civilité : =20 Année=20 de naissance : =20 Votre=20 situation : =20

Si vous=20 souhaitez recevoir le resultat du sondage par mail, precisez votre= Email=20 :


=20

Attention=20 : ce sondage non nominatif est adressé à un panel de 1= 00 000=20 internautes=2E Il ne peut en aucun cas être considér&ea= cute;=20 comme représentatif de la population française et ne d= oit=20 en aucun cas porter une influence quelconque sur les votes ré= els=20 des élections présidentielles du dimanche 5 mai 2002=2E= Aucun=20 fichier informatique nominatif n'est constitué par Sondage Ex= press®=2E
Résultat pris en compte jusqu'au vendredi 3 mai à 18h0= 0=2E

       
=09
Pour ne=20 plus participer aux sondages express, indiquez votre email dans le= champs=20 ci-dessous et validez :
Email :
=20
------=_NextPart_84815C5ABAF209EF376268C8-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 15:17:38 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mailsrv.otenet.gr (mailsrv.otenet.gr [195.170.0.5]) by hub.freebsd.org (Postfix) with ESMTP id A2B0637B404; Wed, 24 Apr 2002 15:17:32 -0700 (PDT) Received: from hades.hell.gr (patr530-a180.otenet.gr [212.205.215.180]) by mailsrv.otenet.gr (8.12.2/8.12.2) with ESMTP id g3OMFfQ9022331; Thu, 25 Apr 2002 01:15:45 +0300 (EEST) Received: from hades.hell.gr (hades [127.0.0.1]) by hades.hell.gr (8.12.2/8.12.2) with ESMTP id g3OMFfRH003447; Thu, 25 Apr 2002 01:15:41 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) Received: (from charon@localhost) by hades.hell.gr (8.12.2/8.12.2/Submit) id g3OMCunD002902; Thu, 25 Apr 2002 01:12:56 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) Date: Thu, 25 Apr 2002 01:12:55 +0300 From: Giorgos Keramidas To: Robert Watson Cc: hackers@FreeBSD.ORG, "Greg 'groggy' Lehey" , Jordan Hubbard , Oscar Bonilla , Anthony Schneider , Mike Meyer Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) Message-ID: <20020424221255.GB1334@hades.hell.gr> References: <20020424090655.O6425@wantadilla.lemis.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.28i Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 2002-04-23 21:38, Robert Watson wrote: > I'm more interested in the general issue here, since you made the general > assertion that there was a problem that stretched beyond this one issue. > I'm happy to entertain the idea that we discuss this specific issue in > more detail. In particular, the decision to not bind the X11 port might > take into account this particular implementation (XFree86), and whether we > can make this setting more accessible to the administrator (i.e., > something that could be mechanically twiddled, rather than through manual > editing of scripts...) Did I hear anyone say startx & startx.safe ? This might be a good idea. To have a default startx that is full of bells and whistles and anything that the newcomer to Unix will find amusing, and yet another startx.safe script that will have more tight defaults. Then, we should just add a paragraph to the startx manpage shortly stating their differences and update the SYNONPSIS section to include both scripts. What do you all think? - Giorgos To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 16:22:50 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from smtp3.9tel.net (smtp.9tel.net [213.203.124.146]) by hub.freebsd.org (Postfix) with ESMTP id 5ACE037B405; Wed, 24 Apr 2002 16:21:38 -0700 (PDT) Received: from ifrance.com (40.105-30-212.9massy1-1-ro-as-i2-2.9tel.net [212.30.105.40]) by smtp3.9tel.net (Postfix) with ESMTP id 093B85DD7B; Thu, 25 Apr 2002 00:15:22 +0200 (CEST) Message-ID: <2586720024324221649562@ifrance.com> X-EM-Version: 5, 0, 0, 21 X-EM-Registration: #01B0530810E603002D00 X-Priority: 3 Reply-To: sondageexpress3@ifrance.com To: "-" From: "SondageExpress" Subject: Le dernier sondage avant les élections presidentielles 2002 ! Date: Thu, 25 Apr 2002 00:16:49 +0200 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_84815C5ABAF209EF376268C8" Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG ------=_NextPart_84815C5ABAF209EF376268C8 Content-type: text/plain; charset="US-ASCII" ------=_NextPart_84815C5ABAF209EF376268C8 Content-Type: text/html; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable Untitled Document
En=20 partenariat avec
=20
<= /div>
<= font size=3D"6">
     <= /font>
<= b>Le=20 dernier sondage avant le second tour des élections pré= sidentielles=20 2002

Sondage Express réalise le dernier sondage ava= nt le=20 second tour des élections présidentielles=2E Les r&eac= ute;sultats=20 seront envoyés par e-mail à tous les participants avan= t les=20 24 et 26 avril et le 3 mai 2002 à minuit par e-mail=2E=

Pour quel candidat allez vous voter le dimanche 5 mai 2002 ?
=20
=09 =09
=20 =20
=20 =20
=20 Jacques=20 Chirac
•=20 Parti politique : Rassemblement pour la Ré= ;publique
•=20 Âge : 69 ans
•=20 Situation de famille : Marié et pè= re de=20 deux filles
•=20 Métier d'origine : Haut-fonctionnaire
=
•=20 Mandat en cours : Président de la R&eacut= e;publique=20 depuis 1995
=20 =20
=20 Jean-Marie=20 Le Pen
•=20 Parti politique : Front national
•=20 Âge : 73 ans
•=20 Situation de famille : Père de trois fill= es
•=20 Métier d’origine : Chef d’entre= prise
•=20 Mandats en cours : Député europ&ea= cute;en=20 depuis 1984
       
=20
=20 Je=20 ne voterai pas
=20
=20 = NSP
=20

=20 =20
=20 Je=20 suis certain de mon choix
=20 Mon=20 choix n'est pas encore définitif

Pour=20 quel candidat avez vous voté au 1er tour ?= =20

=20
Votre=20 civilité : =20 Année=20 de naissance : =20 Votre=20 situation : =20

Si vous=20 souhaitez recevoir le resultat du sondage par mail, precisez votre= Email=20 :


=20

Attention=20 : ce sondage non nominatif est adressé à un panel de 1= 00 000=20 internautes=2E Il ne peut en aucun cas être considér&ea= cute;=20 comme représentatif de la population française et ne d= oit=20 en aucun cas porter une influence quelconque sur les votes ré= els=20 des élections présidentielles du dimanche 5 mai 2002=2E= Aucun=20 fichier informatique nominatif n'est constitué par Sondage Ex= press®=2E
Résultat pris en compte jusqu'au vendredi 3 mai à 18h0= 0=2E

       
=09
Pour ne=20 plus participer aux sondages express, indiquez votre email dans le= champs=20 ci-dessous et validez :
Email :
=20
------=_NextPart_84815C5ABAF209EF376268C8-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 16:28:39 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from falcon.prod.itd.earthlink.net (falcon.mail.pas.earthlink.net [207.217.120.74]) by hub.freebsd.org (Postfix) with ESMTP id 8B2FF37B400; Wed, 24 Apr 2002 16:28:27 -0700 (PDT) Received: from pool0275.cvx22-bradley.dialup.earthlink.net ([209.179.199.20] helo=mindspring.com) by falcon.prod.itd.earthlink.net with esmtp (Exim 3.33 #2) id 170WA9-0002zb-00; Wed, 24 Apr 2002 16:27:02 -0700 Message-ID: <3CC73F29.1C6B1DA2@mindspring.com> Date: Wed, 24 Apr 2002 16:26:33 -0700 From: Terry Lambert X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Antoine Beaupre Cc: hackers@FreeBSD.org, The Anarcat , freebsd-libh@FreeBSD.org Subject: Re: packaging base References: Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Antoine Beaupre wrote: > Le Mercredi 24 avril 2002, =E0 11:12 , Mike Meyer a =E9crit : > > Your simple shell script has to prompt for floppies. That needs UI > > code. The people who know have decided that the current UI code isn't= > > up to snuff. Hence libh. > = > Come on.. The current package system and sysinstall are quite good at > prompting for a simple yes/no question. The issue is really not there, = I > think. Actually, the prompting is problematic. All such questions should, by definition, be front-loaded. Otherwise, you have to babysit the installation process, which is never a good thing. But that's beside the point: basically, any HCI (Human Computer Interaction) is, by definition, through a UI. > Libh is developping a UI, fine. But we need to develop a way to package= > base efficiently. A good first start would be to have it be composed of packages instead of distfiles, and to have a mandatory/optional flag. Actually, wasn't Eric Melville already dealing with this? > I'm concerned with getting base packaged. It shouldn't be too hard to > package base in either libh or classic pkgtools once the framework is i= n > place. > = > I'm concerned that since libh doesn't currently aim at handling the > current bin.xx brute-force system, it will need base to be packaged in > order to install a running system. That's an incredibly positive thing (IMO). -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 16:32:28 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mailhub.yumyumyum.org (dsl092-171-091.wdc1.dsl.speakeasy.net [66.92.171.91]) by hub.freebsd.org (Postfix) with SMTP id D004937B41E for ; Wed, 24 Apr 2002 16:32:15 -0700 (PDT) Received: (qmail 39676 invoked from network); 24 Apr 2002 23:31:07 -0000 Received: from dsl092-171-091.wdc1.dsl.speakeasy.net (66.92.171.91) by dsl092-171-091.wdc1.dsl.speakeasy.net with SMTP; 24 Apr 2002 23:31:07 -0000 Date: Wed, 24 Apr 2002 19:31:07 -0400 (EDT) From: Kenneth Culver To: John Baldwin Cc: FreeBSD-CURRENT List , FreeBSD-CURRENT List , , Brandon S Allbery KF8NH , Andrew Gallatin Subject: Re: implementing linux mmap2 syscall In-Reply-To: <20020424170721.B38982-100000@alpha.yumyumyum.org> Message-ID: <20020424192820.P39664-100000@alpha.yumyumyum.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > > libc sets it before it enters the kernel. Then on kernel entry we save > > ebp in the trapframe. > > So in the case of linux emulation, the glibc that we're using in the > linux-ulator isn't setting it properly? I'm using the linux_base-7 port > for this, so as far as I can tell, it should work... assuming linux_base-7 > is meant to run on a linux-2.4.x kernel (or kernel that's emulating that). > > I may have screwed up my linux libs somehow or another too... could this > be causing the behavior I'm seeing? > > Ken > > OK, I removed the linux_base packages that I had on here, and made some changes to the linux-ulator (added the arg[5] = tf->tf_ebp, and then re-installed the linux_base-7.1 package, and now things are working... winex is working fine now. :-) I'll clean up my changes to the linux-ulator, and submit them as a pr. Ken To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 16:35:54 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mailhub.yumyumyum.org (dsl092-171-091.wdc1.dsl.speakeasy.net [66.92.171.91]) by hub.freebsd.org (Postfix) with SMTP id CD5FB37B41F for ; Wed, 24 Apr 2002 16:35:47 -0700 (PDT) Received: (qmail 39720 invoked from network); 24 Apr 2002 23:33:34 -0000 Received: from dsl092-171-091.wdc1.dsl.speakeasy.net (66.92.171.91) by dsl092-171-091.wdc1.dsl.speakeasy.net with SMTP; 24 Apr 2002 23:33:34 -0000 Date: Wed, 24 Apr 2002 19:33:34 -0400 (EDT) From: Kenneth Culver To: John Baldwin Cc: FreeBSD-CURRENT List , FreeBSD-CURRENT List , , Brandon S Allbery KF8NH , Andrew Gallatin Subject: Re: implementing linux mmap2 syscall In-Reply-To: <20020424192820.P39664-100000@alpha.yumyumyum.org> Message-ID: <20020424193252.S39698-100000@alpha.yumyumyum.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > > > libc sets it before it enters the kernel. Then on kernel entry we save > > > ebp in the trapframe. > > > > So in the case of linux emulation, the glibc that we're using in the > > linux-ulator isn't setting it properly? I'm using the linux_base-7 port > > for this, so as far as I can tell, it should work... assuming linux_base-7 > > is meant to run on a linux-2.4.x kernel (or kernel that's emulating that). > > > > I may have screwed up my linux libs somehow or another too... could this > > be causing the behavior I'm seeing? > > > > Ken > > > > > OK, I removed the linux_base packages that I had on here, and made some > changes to the linux-ulator (added the arg[5] = tf->tf_ebp, and then > re-installed the linux_base-7.1 package, and now things are working... > winex is working fine now. :-) I'll clean up my changes to the > linux-ulator, and submit them as a pr. > I'm actually still not seeing a match between what's in truss, and what's in my printed-out args, but it seems to be working anyway... Ken To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 16:50:49 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mailhub.yumyumyum.org (dsl092-171-091.wdc1.dsl.speakeasy.net [66.92.171.91]) by hub.freebsd.org (Postfix) with SMTP id 442C337B41B for ; Wed, 24 Apr 2002 16:50:42 -0700 (PDT) Received: (qmail 39804 invoked from network); 24 Apr 2002 23:47:47 -0000 Received: from dsl092-171-091.wdc1.dsl.speakeasy.net (66.92.171.91) by dsl092-171-091.wdc1.dsl.speakeasy.net with SMTP; 24 Apr 2002 23:47:47 -0000 Date: Wed, 24 Apr 2002 19:47:47 -0400 (EDT) From: Kenneth Culver To: John Baldwin Cc: FreeBSD-CURRENT List , FreeBSD-CURRENT List , , Brandon S Allbery KF8NH , Andrew Gallatin Subject: Re: implementing linux mmap2 syscall In-Reply-To: <20020424193252.S39698-100000@alpha.yumyumyum.org> Message-ID: <20020424194250.Y39769-100000@alpha.yumyumyum.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > I'm actually still not seeing a match between what's in truss, and what's > in my printed-out args, but it seems to be working anyway... > Argh, it's not working again... It was working on an install of ms office, but it won't work on some old windows game.. (winex) and it's still not setting the last arg (or register properly): truss output: linux_mmap2(0x65430000,0x100000,0x3,0x11,0x9,0x6) = 1698889728 (0x65430000) notice that the last arg is 0x6, that's the page offset... what the kernel prints for the same call: mmap2(0x65430000, 1048576, 3, 0x00000011, 9, 0) notice that they both have all the same values until you get to the last one... at which point the value is wrong... Apparently this only causes problems on some windows programs that one may try to execute, and not on others... So, where can I force this to get set? Ken To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 16:54:31 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from wantadilla.lemis.com (wantadilla.lemis.com [192.109.197.80]) by hub.freebsd.org (Postfix) with ESMTP id 7861637B41D for ; Wed, 24 Apr 2002 16:54:23 -0700 (PDT) Received: by wantadilla.lemis.com (Postfix, from userid 1004) id F12CC81494; Thu, 25 Apr 2002 09:21:51 +0930 (CST) Date: Thu, 25 Apr 2002 09:21:51 +0930 From: Greg 'groggy' Lehey To: utsl@quic.net Cc: Miguel Mendez , freebsd-hackers@freebsd.org Subject: Re: graphical frontend for vinum Message-ID: <20020425092151.M6486@wantadilla.lemis.com> References: <20020424155218.B71155@energyhq.homeip.net> <20020424140529.GD86692@roughtrade.net> <20020424161444.A71321@energyhq.homeip.net> <20020424160639.GB30203@quic.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020424160639.GB30203@quic.net> User-Agent: Mutt/1.3.23i Organization: The FreeBSD Project Phone: +61-8-8388-8286 Fax: +61-8-8388-8725 Mobile: +61-418-838-708 WWW-Home-Page: http://www.FreeBSD.org/ X-PGP-Fingerprint: 9A1B 8202 BCCE B846 F92F 09AC 22E6 F290 507A 4223 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wednesday, 24 April 2002 at 12:06:39 -0400, utsl@quic.net wrote: > On Wed, Apr 24, 2002 at 04:14:44PM +0200, Miguel Mendez wrote: >> On Thu, Apr 25, 2002 at 12:05:29AM +1000, Joshua Goodall wrote: >>> On Wed, Apr 24, 2002 at 03:52:18PM +0200, Miguel Mendez wrote: >>> However you present the UI, when it comes to making changes, please >>> have it queue up the actual commands which are then visible to the >>> sysadmin for approval, backout, single-stepping, recording etc. >>> Way too many graphical management tools have been corrupted by the >>> microsoft control panel &c. >> >> Well, if you've used recent versions of the veritas volume manager >> fronted you'll notice that they give the cli command output in a window, >> that's what I intend to do. > > You might want to look at EVMS on Linux. They have a few good ideas, > like building a library and API underneath the user interfaces. From > what I can see, that project has some nice underlying concepts, but the > user interfaces need to evolve for a few years. (Worst CLI ever, and the > GUI is very confusing.) To be fair to the EVMS people, the tools are still evolving. I'd certainly like to see more documentation, though. > I wonder if that API could interface with vinum? I don't think so. User interface maybe, but Vinum and EVMS have a very different API. > It would be very nice to have a cross-platform library interface to > operate on disk volumes. Yes, we've discussed that in the past. The problem is that EVMS, AIX LVM and Linux LVM have different objects from VERITAS and Vinum. I can't see an easy way of bringing them to a common denominator. It's hard enough explaining the two concepts in the first place. > For that, it might even be worth improving the EVMS API, rather than > starting from scratch. If you want to help work on EVMS, I know people would love the help. Personally I'd prefer to see work on Vinum, of course :-) Greg -- See complete headers for address and phone numbers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 17: 1:48 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from fw.wemm.org (12-232-135-171.client.attbi.com [12.232.135.171]) by hub.freebsd.org (Postfix) with ESMTP id 14F2837B419; Wed, 24 Apr 2002 17:01:26 -0700 (PDT) Received: from overcee.wemm.org (overcee.wemm.org [10.0.0.3]) by fw.wemm.org (8.11.6/8.11.6) with ESMTP id g3ONxle36582; Wed, 24 Apr 2002 16:59:47 -0700 (PDT) (envelope-from peter@wemm.org) Received: from wemm.org (localhost [127.0.0.1]) by overcee.wemm.org (Postfix) with ESMTP id 0B67E38FD; Wed, 24 Apr 2002 16:59:47 -0700 (PDT) (envelope-from peter@wemm.org) X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 To: Kenneth Culver Cc: John Baldwin , FreeBSD-CURRENT List , freebsd-hackers@FreeBSD.ORG, Brandon S Allbery KF8NH , Andrew Gallatin Subject: Re: implementing linux mmap2 syscall In-Reply-To: <20020424194250.Y39769-100000@alpha.yumyumyum.org> Date: Wed, 24 Apr 2002 16:59:47 -0700 From: Peter Wemm Message-Id: <20020424235947.0B67E38FD@overcee.wemm.org> Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Kenneth Culver wrote: > > I'm actually still not seeing a match between what's in truss, and what's > > in my printed-out args, but it seems to be working anyway... > > > Argh, it's not working again... It was working on an install of ms office, > but it won't work on some old windows game.. (winex) and it's still not > setting the last arg (or register properly): > > truss output: > > linux_mmap2(0x65430000,0x100000,0x3,0x11,0x9,0x6) = 1698889728 > (0x65430000) > > notice that the last arg is 0x6, that's the page offset... > > what the kernel prints for the same call: > > mmap2(0x65430000, 1048576, 3, 0x00000011, 9, 0) > > notice that they both have all the same values until you get to the last > one... at which point the value is wrong... Apparently this only causes > problems on some windows programs that one may try to execute, and not on > others... > > So, where can I force this to get set? > > Ken Try this: RCS file: /home/ncvs/src/sys/i386/linux/linux_sysvec.c,v retrieving revision 1.99 diff -u -2 -r1.99 linux_sysvec.c --- linux_sysvec.c 4 Apr 2002 17:49:46 -0000 1.99 +++ linux_sysvec.c 24 Apr 2002 23:57:23 -0000 @@ -711,4 +711,5 @@ args[3] = tf->tf_esi; args[4] = tf->tf_edi; + args[5] = tf->tf_ebp; *params = NULL; /* no copyin */ } Cheers, -Peter -- Peter Wemm - peter@wemm.org; peter@FreeBSD.org; peter@yahoo-inc.com "All of this is for nothing if we don't go to the stars" - JMS/B5 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 17: 8:59 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mailhub.yumyumyum.org (dsl092-171-091.wdc1.dsl.speakeasy.net [66.92.171.91]) by hub.freebsd.org (Postfix) with SMTP id 2862937B404 for ; Wed, 24 Apr 2002 17:08:53 -0700 (PDT) Received: (qmail 39930 invoked from network); 25 Apr 2002 00:06:09 -0000 Received: from dsl092-171-091.wdc1.dsl.speakeasy.net (66.92.171.91) by dsl092-171-091.wdc1.dsl.speakeasy.net with SMTP; 25 Apr 2002 00:06:09 -0000 Date: Wed, 24 Apr 2002 20:06:09 -0400 (EDT) From: Kenneth Culver To: Peter Wemm Cc: Andrew Gallatin , Brandon S Allbery KF8NH , , FreeBSD-CURRENT List Subject: Re: implementing linux mmap2 syscall In-Reply-To: <20020424235122.263FB38FD@overcee.wemm.org> Message-ID: <20020424195920.D39879-100000@alpha.yumyumyum.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > Here's where it happens: > sys/i386/linux/linux_sysvec.c > > static void > linux_prepsyscall(struct trapframe *tf, int *args, u_int *code, caddr_t *params) > { > args[0] = tf->tf_ebx; > args[1] = tf->tf_ecx; > args[2] = tf->tf_edx; > args[3] = tf->tf_esi; > args[4] = tf->tf_edi; > *params = NULL; /* no copyin */ > } > > You probably want to add: > args[5] = tf->tf_ebp; > so that it ends up in the syscallargs struct. Yeah, I did that... it still doesn't work, tf_ebp isn't getting set... So I'm thinking that either I have a glibc that's too old, or something else is wrong... > > For FreeBSD syscalls, we copy this from the top of stack for the number of > 32 bit words specified in the syscall table in i386/trap.c: > if (params && (i = narg * sizeof(int)) && > (error = copyin(params, (caddr_t)args, (u_int)i))) { > (narg comes from the syscall table). > OK, that gives me an idea... Ken To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 17:10:17 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mailhub.yumyumyum.org (dsl092-171-091.wdc1.dsl.speakeasy.net [66.92.171.91]) by hub.freebsd.org (Postfix) with SMTP id 4D77C37B41B for ; Wed, 24 Apr 2002 17:10:10 -0700 (PDT) Received: (qmail 39946 invoked from network); 25 Apr 2002 00:07:22 -0000 Received: from dsl092-171-091.wdc1.dsl.speakeasy.net (66.92.171.91) by dsl092-171-091.wdc1.dsl.speakeasy.net with SMTP; 25 Apr 2002 00:07:22 -0000 Date: Wed, 24 Apr 2002 20:07:22 -0400 (EDT) From: Kenneth Culver To: Peter Wemm Cc: John Baldwin , FreeBSD-CURRENT List , , Brandon S Allbery KF8NH , Andrew Gallatin Subject: Re: implementing linux mmap2 syscall In-Reply-To: <20020424235947.0B67E38FD@overcee.wemm.org> Message-ID: <20020424200635.J39942-100000@alpha.yumyumyum.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > RCS file: /home/ncvs/src/sys/i386/linux/linux_sysvec.c,v > retrieving revision 1.99 > diff -u -2 -r1.99 linux_sysvec.c > --- linux_sysvec.c 4 Apr 2002 17:49:46 -0000 1.99 > +++ linux_sysvec.c 24 Apr 2002 23:57:23 -0000 > @@ -711,4 +711,5 @@ > args[3] = tf->tf_esi; > args[4] = tf->tf_edi; > + args[5] = tf->tf_ebp; > *params = NULL; /* no copyin */ > } > > Cheers, > -Peter > -- > Peter Wemm - peter@wemm.org; peter@FreeBSD.org; peter@yahoo-inc.com > "All of this is for nothing if we don't go to the stars" - JMS/B5 > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-current" in the body of the message > > yeah, I did that already, and have been running with that since yesterday :-P still not working right though... I think it has something to do with that nargs thing... I'm checking that out now... Ken To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 17:15:57 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from fw.wemm.org (12-232-135-171.client.attbi.com [12.232.135.171]) by hub.freebsd.org (Postfix) with ESMTP id 91BF537B404; Wed, 24 Apr 2002 17:15:47 -0700 (PDT) Received: from overcee.wemm.org (overcee.wemm.org [10.0.0.3]) by fw.wemm.org (8.11.6/8.11.6) with ESMTP id g3ONpMe36529; Wed, 24 Apr 2002 16:51:22 -0700 (PDT) (envelope-from peter@wemm.org) Received: from wemm.org (localhost [127.0.0.1]) by overcee.wemm.org (Postfix) with ESMTP id 263FB38FD; Wed, 24 Apr 2002 16:51:22 -0700 (PDT) (envelope-from peter@wemm.org) X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 To: Kenneth Culver Cc: Andrew Gallatin , Brandon S Allbery KF8NH , freebsd-hackers@FreeBSD.ORG, FreeBSD-CURRENT List Subject: Re: implementing linux mmap2 syscall In-Reply-To: <20020424161828.R38664-100000@alpha.yumyumyum.org> Date: Wed, 24 Apr 2002 16:51:22 -0700 From: Peter Wemm Message-Id: <20020424235122.263FB38FD@overcee.wemm.org> Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Kenneth Culver wrote: > > > > Brandon S Allbery KF8NH writes: > > > On Wed, 2002-04-24 at 10:41, Andrew Gallatin wrote: > > > > Maybe the argument isn't where you expect it to be, but is there. > > > > Can you make a test program which calls mmap2 with its 6th arg as > > > > something unique like 0xdeadbeef? Then print out (in hex :) the trapf rame > > > > from the linux prepsyscall routine & see if you can find the deadbeef. > > > > > > My recollection is that beyond 5 arguments, a pointer to the remaining > > > ones is passed. (But my recollection may be wrong and I don't wish to > > > subject myself to the source cesspool at the moment....) > > > > > > > I think that's how it used to work. Apparently, they've changed it > > recently and they now pass 6 args in registers. Eg, in the linux > > kernel sources, old_mmap() fetches its args via copy_from_user(), > > whereas the newer sys_mmap2() doesn't. > > > > Drew > > > Yep, according to the docs and source code I looked at in the linux > kernel, the sixth arg is in the ebp register. I've looked all over the > FreeBSD kernel and the linux emulator for the place that actually sets > these, and unfortunately, due to my lack of asm coding knowledge, I can't > find anything. Here's where it happens: sys/i386/linux/linux_sysvec.c static void linux_prepsyscall(struct trapframe *tf, int *args, u_int *code, caddr_t *params) { args[0] = tf->tf_ebx; args[1] = tf->tf_ecx; args[2] = tf->tf_edx; args[3] = tf->tf_esi; args[4] = tf->tf_edi; *params = NULL; /* no copyin */ } You probably want to add: args[5] = tf->tf_ebp; so that it ends up in the syscallargs struct. For FreeBSD syscalls, we copy this from the top of stack for the number of 32 bit words specified in the syscall table in i386/trap.c: if (params && (i = narg * sizeof(int)) && (error = copyin(params, (caddr_t)args, (u_int)i))) { (narg comes from the syscall table). Cheers, -Peter -- Peter Wemm - peter@wemm.org; peter@FreeBSD.org; peter@yahoo-inc.com "All of this is for nothing if we don't go to the stars" - JMS/B5 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 18:19:25 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mailhub.yumyumyum.org (dsl092-171-091.wdc1.dsl.speakeasy.net [66.92.171.91]) by hub.freebsd.org (Postfix) with SMTP id EA58937B41C for ; Wed, 24 Apr 2002 18:19:07 -0700 (PDT) Received: (qmail 40305 invoked from network); 25 Apr 2002 01:16:04 -0000 Received: from dsl092-171-091.wdc1.dsl.speakeasy.net (66.92.171.91) by dsl092-171-091.wdc1.dsl.speakeasy.net with SMTP; 25 Apr 2002 01:16:04 -0000 Date: Wed, 24 Apr 2002 21:16:04 -0400 (EDT) From: Kenneth Culver To: Peter Wemm Cc: John Baldwin , FreeBSD-CURRENT List , , Brandon S Allbery KF8NH , Andrew Gallatin Subject: Re: implementing linux mmap2 syscall In-Reply-To: <20020424200635.J39942-100000@alpha.yumyumyum.org> Message-ID: <20020424210936.S40254-100000@alpha.yumyumyum.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > yeah, I did that already, and have been running with that since yesterday > :-P > > still not working right though... I think it has something to do with that > nargs thing... I'm checking that out now... > Ehh, apparently sy_narg is getting set correctly too: struct linux_mmap2_args { l_ulong addr; char addr_[PAD_(l_ulong)]; l_ulong len; char len_[PAD_(l_ulong)]; l_ulong prot; char prot_[PAD_(l_ulong)]; l_ulong flags; char flags_[PAD_(l_ulong)]; l_ulong fd; char fd_[PAD_(l_ulong)]; l_ulong pgoff; char pgoff_[PAD_(l_ulong)]; }; #define AS(name) (sizeof(struct name) / sizeof(register_t)) { AS(linux_mmap2_args), (sy_call_t *)linux_mmap2 } not that it really matters, the linux_prepsyscall is setting the params to null: static void linux_prepsyscall(struct trapframe *tf, int *args, u_int *code, caddr_t *params){ args[0] = tf->tf_ebx; args[1] = tf->tf_ecx; args[2] = tf->tf_edx; args[3] = tf->tf_esi; args[4] = tf->tf_edi; args[5] = tf->tf_ebp; *params = NULL; /* no copyin */ } so the code in syscall2 will not even bother to try to copy in the args... it just uses whatever linux_prepsyscall tells it to use, and completely ignores nargs... at least as far as I can tell... Ken To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 18:52:18 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 758FE37B41B for ; Wed, 24 Apr 2002 18:52:08 -0700 (PDT) Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.11.6/8.11.6) with SMTP id g3P1okw43680; Wed, 24 Apr 2002 21:50:46 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Wed, 24 Apr 2002 21:50:46 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Jordan Hubbard Cc: hackers@freebsd.org Subject: Re: Erm, since everyone managed to HIJACK my sshd thread! ;) In-Reply-To: <200204231839.g3NId1UR013639@winston.freebsd.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Sigh. I responded privately, but I see a plethora of mis-informed response also. Please commit the fix to the S/Key code, rather than disabling challenge response protocol behavior. There's nothing wrong with supporting the challenge/response parts of the protocol, and it's even desirable from a PAM perspective. Go fix it properly. Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services On Tue, 23 Apr 2002, Jordan Hubbard wrote: > I'm going to commit the following in 48 hours unless someone can > convince me that it's a good idea for FreeBSD to be the odd-OS out > with respect to this behavior: > > Index: sshd_config > =================================================================== > RCS file: /home/ncvs/src/crypto/openssh/sshd_config,v > retrieving revision 1.4.2.6 > diff -u -r1.4.2.6 sshd_config > --- sshd_config 28 Sep 2001 01:33:35 -0000 1.4.2.6 > +++ sshd_config 23 Apr 2002 18:38:01 -0000 > @@ -48,8 +48,8 @@ > PasswordAuthentication yes > PermitEmptyPasswords no > > -# Uncomment to disable s/key passwords > -#ChallengeResponseAuthentication no > +# Comment out to enable s/key passwords > +ChallengeResponseAuthentication no > > # To change Kerberos options > #KerberosAuthentication no > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 19: 4: 5 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mailhub.yumyumyum.org (dsl092-171-091.wdc1.dsl.speakeasy.net [66.92.171.91]) by hub.freebsd.org (Postfix) with SMTP id 1D66637B41F for ; Wed, 24 Apr 2002 19:03:56 -0700 (PDT) Received: (qmail 40581 invoked from network); 25 Apr 2002 02:02:12 -0000 Received: from dsl092-171-091.wdc1.dsl.speakeasy.net (66.92.171.91) by dsl092-171-091.wdc1.dsl.speakeasy.net with SMTP; 25 Apr 2002 02:02:12 -0000 Date: Wed, 24 Apr 2002 22:02:12 -0400 (EDT) From: Kenneth Culver To: Peter Wemm Cc: John Baldwin , FreeBSD-CURRENT List , , Brandon S Allbery KF8NH , Andrew Gallatin Subject: Re: implementing linux mmap2 syscall In-Reply-To: <20020424210936.S40254-100000@alpha.yumyumyum.org> Message-ID: <20020424215718.F40543-100000@alpha.yumyumyum.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Alright, so I got tired of trying to figure out if glibc is doing something wierd or wrong so I downloaded the source for it, and I'm looking at it now... (for version 2.2.2 which is what we have on FreeBSD's linux_base-7) and here's what I'm seeing: pushl %ebp pushl %ebx pushl %esi pushl %edi movl OFFLO(%esp), %edx movl OFFHI(%esp), %ecx testl $0xfff, %edx jne L(einval) shrdl $12, %ecx, %edx /* mmap2 takes the offset in pages. */ shrl $12, %ecx jne L(einval) movl %edx, %ebp So above I'm seeing the offset arg get into register %ebp, which is what we expect... movl ADDR(%esp), %ebx movl LEN(%esp), %ecx movl PROT(%esp), %edx movl FLAGS(%esp), %esi movl FD(%esp), %edi Then I'm seeing all the other args getting put into the registers they belong in... (which matches up with our linux_prepsyscall() function) movl $SYS_ify(mmap2), %eax /* System call number in %eax. */ /* Do the system call trap. */ L(do_syscall): int $0x80 Now I'm seeing the int 0x80 trap.... /* Restore registers. */ popl %edi popl %esi popl %ebx popl %ebp So, as far as I can tell, this version of glibc is doing the Right Thing, and the ebp register is getting messed up somewhere along the line in either the assembly code that handles the 0x80 trap in FreeBSD, or in syscall2 (I think it's probably the asm that handles the 0x80 trap)... Can anyone confirm this? Ken To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 19:28:49 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from wantadilla.lemis.com (wantadilla.lemis.com [192.109.197.80]) by hub.freebsd.org (Postfix) with ESMTP id 6F8FC37B41A; Wed, 24 Apr 2002 19:28:43 -0700 (PDT) Received: by wantadilla.lemis.com (Postfix, from userid 1004) id 7B9D88143D; Thu, 25 Apr 2002 11:57:03 +0930 (CST) Date: Thu, 25 Apr 2002 11:57:03 +0930 From: Greg 'groggy' Lehey To: Terry Lambert Cc: Robert Watson , Jordan Hubbard , Oscar Bonilla , Anthony Schneider , Mike Meyer , hackers@FreeBSD.org Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) Message-ID: <20020425115703.A79657@wantadilla.lemis.com> References: <3CC6860B.17F10FBA@mindspring.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3CC6860B.17F10FBA@mindspring.com> User-Agent: Mutt/1.3.23i Organization: The FreeBSD Project Phone: +61-8-8388-8286 Fax: +61-8-8388-8725 Mobile: +61-418-838-708 WWW-Home-Page: http://www.FreeBSD.org/ X-PGP-Fingerprint: 9A1B 8202 BCCE B846 F92F 09AC 22E6 F290 507A 4223 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wednesday, 24 April 2002 at 3:16:43 -0700, Terry Lambert wrote: > > The X11 we are talking about here is not "the default X11", which is > a set of distfiles, but a "ports" X11, which is not, but which is > likely to be the basis of future distfiles. Correct. > So we are really talking about an alternate set of code to provide > or not provide the TCP "X11 display service". More to the point, we're telling people that this is XFree86, a platform-independent package which we also supply. But it's not quite XFree86 because we've modified it. The modification in this case is very small but very far-reaching, and a newcomer would suspect the operating system, not XFree86, when he has problems. > The thing that offended the hell out of everyone way that the > decision was made for the future distfiles release (which is used by > practically everyone) by sneaking it in the ports back door (which > is used by practically no one), which, when viewed disparagingly, > looks like an attempt to "pull a fast one". Hmm. No, I for one wasn't "offended the hell". And I really don't see any malice here: it was done with the best of intentions, but I think without a proper understanding of the consequences. Greg -- See complete headers for address and phone numbers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 19:34:29 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from wantadilla.lemis.com (wantadilla.lemis.com [192.109.197.80]) by hub.freebsd.org (Postfix) with ESMTP id 4713137B41B; Wed, 24 Apr 2002 19:34:24 -0700 (PDT) Received: by wantadilla.lemis.com (Postfix, from userid 1004) id DB38F8143D; Thu, 25 Apr 2002 12:02:59 +0930 (CST) Date: Thu, 25 Apr 2002 12:02:59 +0930 From: Greg 'groggy' Lehey To: "Jacques A. Vidrine" Cc: Robert Watson , Jordan Hubbard , Oscar Bonilla , Anthony Schneider , Mike Meyer , hackers@FreeBSD.org Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) Message-ID: <20020425120259.B79657@wantadilla.lemis.com> References: <20020423131646.I6425@wantadilla.lemis.com> <20020424090655.O6425@wantadilla.lemis.com> <20020424122754.GC42969@madman.nectar.cc> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020424122754.GC42969@madman.nectar.cc> User-Agent: Mutt/1.3.23i Organization: The FreeBSD Project Phone: +61-8-8388-8286 Fax: +61-8-8388-8725 Mobile: +61-418-838-708 WWW-Home-Page: http://www.FreeBSD.org/ X-PGP-Fingerprint: 9A1B 8202 BCCE B846 F92F 09AC 22E6 F290 507A 4223 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wednesday, 24 April 2002 at 7:27:55 -0500, Jacques A. Vidrine wrote: > On Wed, Apr 24, 2002 at 09:06:55AM +0930, Greg 'groggy' Lehey wrote: >> I think the issue here is that individuals make this kind of decision. >> We need a broader consensus for this kind of change. As Jochem points >> out, only 3 people were involved in the decision, all of them people >> with security profiles which weren't affected by this change. > > What, he should have gotten 30 reviewers? I think what is happening > here is exactly what should happen: it seems like a good idea to one > guy; he implements it. He shows it to a few more folks; they think it > is a good idea, too. It gets committed, and the majority of people > either don't notice it or believe it is a good feature. > > But the majority doesn't rule. > > The feature sits in the tree and maybe people run into problems with > it. If so, it gets fine tuned or backed out. I think this is what is > supposed to happen. > > For my part, I would like to see the change backed out and rethought. > I like having the X server not doing TCP by default, but this change > loses because: > > = It breaks existing configurations with no warning. > = The option is in the wrong place (startx) and there is apparently > no way to override the default. > > I think it would be better to just put `-nolisten tcp' in > /usr/X11R6/lib/X11/xinit/xserverrc for new installations only. Then > the system administrator could easily override it for all users; and > at least a user can override it for herself. If he knew about it. Look at my last message to Terry: we're talking about a package we don't control here. If somebody comes to FreeBSD from another system and X doesn't work the way he expects, he'll blame FreeBSD, not X. > Disclosure: I'm unhappy that after upgrading my laptop yesterday, I > found I couldn't run `x2x', Because of this issue? > and had to restart my X session to remedy the problem. At least you knew what the problem was. Greg -- See complete headers for address and phone numbers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 20:22:25 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 648E937B405 for ; Wed, 24 Apr 2002 20:22:06 -0700 (PDT) Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.11.6/8.11.6) with SMTP id g3P20Fw44288; Wed, 24 Apr 2002 22:00:15 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Wed, 24 Apr 2002 22:00:15 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Jordan Hubbard Cc: hackers@FreeBSD.ORG Subject: Re: Erm, since everyone managed to HIJACK my sshd thread! ;) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG BTW, what I'm suggesting here is the equivilent of the "no_fake_prompts" setting in pam_opie.so found in -CURRENT. Basically, if the flag is set, then OPIE doesn't generate fake prompts for users that don't have OPIE enabled. If the flag is disabled, OPIE will generate prompts for the users to hide the fact that OPIE isn't present. Some people like the fake prompts, but I think disabling them in the OPIE code is the right choice for a default, and is what we're doing in -CURRENT. Your fix doesn't address the case where some users have SKEY/OPIE enabled, and others don't. It also makes it a lot harder to enable OPIE if you want to. Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services On Wed, 24 Apr 2002, Robert Watson wrote: > Sigh. I responded privately, but I see a plethora of mis-informed response > also. Please commit the fix to the S/Key code, rather than disabling > challenge response protocol behavior. There's nothing wrong with > supporting the challenge/response parts of the protocol, and it's even > desirable from a PAM perspective. Go fix it properly. > > Robert N M Watson FreeBSD Core Team, TrustedBSD Project > robert@fledge.watson.org NAI Labs, Safeport Network Services > > On Tue, 23 Apr 2002, Jordan Hubbard wrote: > > > I'm going to commit the following in 48 hours unless someone can > > convince me that it's a good idea for FreeBSD to be the odd-OS out > > with respect to this behavior: > > > > Index: sshd_config > > =================================================================== > > RCS file: /home/ncvs/src/crypto/openssh/sshd_config,v > > retrieving revision 1.4.2.6 > > diff -u -r1.4.2.6 sshd_config > > --- sshd_config 28 Sep 2001 01:33:35 -0000 1.4.2.6 > > +++ sshd_config 23 Apr 2002 18:38:01 -0000 > > @@ -48,8 +48,8 @@ > > PasswordAuthentication yes > > PermitEmptyPasswords no > > > > -# Uncomment to disable s/key passwords > > -#ChallengeResponseAuthentication no > > +# Comment out to enable s/key passwords > > +ChallengeResponseAuthentication no > > > > # To change Kerberos options > > #KerberosAuthentication no > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-hackers" in the body of the message > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 21: 7:52 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from winston.freebsd.org (adsl-64-173-15-98.dsl.sntc01.pacbell.net [64.173.15.98]) by hub.freebsd.org (Postfix) with ESMTP id 7A35737B405; Wed, 24 Apr 2002 21:07:47 -0700 (PDT) Received: from winston.freebsd.org (jkh@localhost [127.0.0.1]) by winston.freebsd.org (8.12.2/8.12.2) with ESMTP id g3P45t7W017570; Wed, 24 Apr 2002 21:05:55 -0700 (PDT) (envelope-from jkh@winston.freebsd.org) To: Robert Watson Cc: hackers@freebsd.org Subject: Re: Erm, since everyone managed to HIJACK my sshd thread! ;) In-Reply-To: Message from Robert Watson of "Wed, 24 Apr 2002 21:50:46 EDT." Date: Wed, 24 Apr 2002 21:05:55 -0700 Message-ID: <17569.1019707555@winston.freebsd.org> From: Jordan Hubbard Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Provide me a diff and I'll be happy to review it. I'm not really sure what you're talking about here and a context diff would remove any ambiguity. - Jordan > Sigh. I responded privately, but I see a plethora of mis-informed response > also. Please commit the fix to the S/Key code, rather than disabling > challenge response protocol behavior. There's nothing wrong with > supporting the challenge/response parts of the protocol, and it's even > desirable from a PAM perspective. Go fix it properly. > > Robert N M Watson FreeBSD Core Team, TrustedBSD Project > robert@fledge.watson.org NAI Labs, Safeport Network Services > > On Tue, 23 Apr 2002, Jordan Hubbard wrote: > > > I'm going to commit the following in 48 hours unless someone can > > convince me that it's a good idea for FreeBSD to be the odd-OS out > > with respect to this behavior: > > > > Index: sshd_config > > =================================================================== > > RCS file: /home/ncvs/src/crypto/openssh/sshd_config,v > > retrieving revision 1.4.2.6 > > diff -u -r1.4.2.6 sshd_config > > --- sshd_config 28 Sep 2001 01:33:35 -0000 1.4.2.6 > > +++ sshd_config 23 Apr 2002 18:38:01 -0000 > > @@ -48,8 +48,8 @@ > > PasswordAuthentication yes > > PermitEmptyPasswords no > > > > -# Uncomment to disable s/key passwords > > -#ChallengeResponseAuthentication no > > +# Comment out to enable s/key passwords > > +ChallengeResponseAuthentication no > > > > # To change Kerberos options > > #KerberosAuthentication no > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-hackers" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 21: 9:31 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from winston.freebsd.org (adsl-64-173-15-98.dsl.sntc01.pacbell.net [64.173.15.98]) by hub.freebsd.org (Postfix) with ESMTP id 614DF37B417; Wed, 24 Apr 2002 21:09:26 -0700 (PDT) Received: from winston.freebsd.org (jkh@localhost [127.0.0.1]) by winston.freebsd.org (8.12.2/8.12.2) with ESMTP id g3P4887W017608; Wed, 24 Apr 2002 21:08:08 -0700 (PDT) (envelope-from jkh@winston.freebsd.org) To: Robert Watson Cc: hackers@FreeBSD.ORG Subject: Re: Erm, since everyone managed to HIJACK my sshd thread! ;) In-Reply-To: Message from Robert Watson of "Wed, 24 Apr 2002 22:00:15 EDT." Date: Wed, 24 Apr 2002 21:08:08 -0700 Message-ID: <17607.1019707688@winston.freebsd.org> From: Jordan Hubbard Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > BTW, what I'm suggesting here is the equivilent of the "no_fake_prompts" > setting in pam_opie.so found in -CURRENT. Basically, if the flag is set, Again, by all means, generate some diffs and we'll look 'em over. I'm far less interest in debating this in abstract terms and at least Joshua provided a better implementation than what I was suggesting, which is why I'm now just going to take his proposed change unless someone gives me something better yet. - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 21:31:15 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from quic.net (romulus.quic.net [216.23.27.8]) by hub.freebsd.org (Postfix) with SMTP id 6B4BA37B41D for ; Wed, 24 Apr 2002 21:31:11 -0700 (PDT) Received: (qmail 5290 invoked by uid 1032); 25 Apr 2002 04:28:09 -0000 From: utsl@quic.net Date: Thu, 25 Apr 2002 00:28:08 -0400 To: Greg 'groggy' Lehey Cc: Miguel Mendez , freebsd-hackers@freebsd.org Subject: Re: graphical frontend for vinum Message-ID: <20020425042808.GB1482@quic.net> References: <20020424155218.B71155@energyhq.homeip.net> <20020424140529.GD86692@roughtrade.net> <20020424161444.A71321@energyhq.homeip.net> <20020424160639.GB30203@quic.net> <20020425092151.M6486@wantadilla.lemis.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020425092151.M6486@wantadilla.lemis.com> User-Agent: Mutt/1.3.27i Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, Apr 25, 2002 at 09:21:51AM +0930, Greg 'groggy' Lehey wrote: > On Wednesday, 24 April 2002 at 12:06:39 -0400, utsl@quic.net wrote: > > You might want to look at EVMS on Linux. They have a few good ideas, > > like building a library and API underneath the user interfaces. From > > what I can see, that project has some nice underlying concepts, but the > > user interfaces need to evolve for a few years. (Worst CLI ever, and the > > GUI is very confusing.) > > To be fair to the EVMS people, the tools are still evolving. I'd > certainly like to see more documentation, though. True. And it beats the regular Linux LVM. I'm looking forward to being able to get my main systems on to Vinum someday, but that's further away than I'd like. > > I wonder if that API could interface with vinum? > > I don't think so. User interface maybe, but Vinum and EVMS have a > very different API. I figured that. You're most likely right, you would know. But I may take a look, anyway. If nothing else, the comparison should be educational. > > It would be very nice to have a cross-platform library interface to > > operate on disk volumes. > > Yes, we've discussed that in the past. The problem is that EVMS, AIX > LVM and Linux LVM have different objects from VERITAS and Vinum. I > can't see an easy way of bringing them to a common denominator. It's > hard enough explaining the two concepts in the first place. Yes, I know what you mean. I was kind of the local Veritas guru at my last job. Vinum feels more familiar. At this point, I'm reasonably familiar with both concepts. From what I can see, EVMS is closer to being flexible enough to include Vinum's concepts than the others are. Might not be close enough though, and I just noticed that they GPL'ed the libraries. That wasn't nice. > > For that, it might even be worth improving the EVMS API, rather than > > starting from scratch. > > If you want to help work on EVMS, I know people would love the help. > Personally I'd prefer to see work on Vinum, of course :-) Naturally. I'm stuck dealing with Linux, but I'd like to move more of my systems to FreeBSD. However, I'm probably never going to be totally off of Linux, so things that make them interoperate better are good. ---Nathan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 21:47:39 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from bingnet2.cc.binghamton.edu (bingnet2.cc.binghamton.edu [128.226.1.18]) by hub.freebsd.org (Postfix) with ESMTP id F35F737B405 for ; Wed, 24 Apr 2002 21:47:36 -0700 (PDT) Received: from onyx ([128.226.182.171]) by bingnet2.cc.binghamton.edu (8.11.6/8.11.6) with ESMTP id g3ONGNg25643 for ; Wed, 24 Apr 2002 19:16:23 -0400 (EDT) Date: Wed, 24 Apr 2002 19:16:22 -0400 (EDT) From: Zhihui Zhang X-Sender: zzhang@onyx To: freebsd-hackers@freebsd.org Subject: Is it a file system code bug? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In routine ffs_balloc(), after we have determined that the block is already there, we use the following statement to read the block in: if (flags & B_CLRBUF) { error = bread(vp, lbn, (int)fs->fs_bsize, NOCRED, &nbp); if (error) { brelse(nbp); goto fail; } } else { nbp = getblk(vp, lbn, fs->fs_bsize, 0, 0); nbp->b_blkno = fsbtodb(fs, nb); } The semantics of B_CLRBUF is confusing here. Even if it is allowed to be twisted a little bit, what about the case when we are writing a FULL block? Do we still have to read its old contents back which is going to be erased entirely? Note that ufs_write() always sets B_CLRBUF. Thanks for any enlightenment. -Zhihui To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Wed Apr 24 23: 2:23 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from winston.freebsd.org (adsl-64-173-15-98.dsl.sntc01.pacbell.net [64.173.15.98]) by hub.freebsd.org (Postfix) with ESMTP id EB03237B405 for ; Wed, 24 Apr 2002 23:02:17 -0700 (PDT) Received: from winston.freebsd.org (jkh@localhost [127.0.0.1]) by winston.freebsd.org (8.12.2/8.12.2) with ESMTP id g3P62B7W017846; Wed, 24 Apr 2002 23:02:12 -0700 (PDT) (envelope-from jkh@winston.freebsd.org) To: Joshua Goodall Cc: hackers@freebsd.org Subject: Re: Erm, since everyone managed to HIJACK my sshd thread! ;) In-Reply-To: Message from Joshua Goodall of "Wed, 24 Apr 2002 09:34:52 +1000." <20020423233452.GC86692@roughtrade.net> Date: Wed, 24 Apr 2002 23:02:11 -0700 Message-ID: <17845.1019714531@winston.freebsd.org> From: Jordan Hubbard Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > Right now, policy differs between branches. releng_4's openssh gives > a commented alternative in the config, whilst head's gives a commented > default. Thanks, these changes look good (and better than what I was proposing). Since they're both somewhat different, I'll commit them in tandem but use the "MFC" keyword though it's somewhat inaccurate in this case. I've received almost nothing but universal support for this change, the only other comments from Robert Watson being tangental from everything I can see. If he comes up with a better solution, he's certainly welcome to commit it. - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Thu Apr 25 2:45:45 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from yello.shallow.net (yello.shallow.net [203.18.243.120]) by hub.freebsd.org (Postfix) with ESMTP id 058E537B419; Thu, 25 Apr 2002 02:45:36 -0700 (PDT) Received: by yello.shallow.net (Postfix, from userid 1001) id 089BD2A6D; Thu, 25 Apr 2002 19:45:29 +1000 (EST) Date: Thu, 25 Apr 2002 19:45:28 +1000 From: Joshua Goodall To: Jordan Hubbard Cc: Robert Watson , hackers@FreeBSD.ORG Subject: Re: Erm, since everyone managed to HIJACK my sshd thread! ;) Message-ID: <20020425094528.GE86692@roughtrade.net> References: <17607.1019707688@winston.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <17607.1019707688@winston.freebsd.org> User-Agent: Mutt/1.3.28i Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, Apr 24, 2002 at 09:08:08PM -0700, Jordan Hubbard wrote: > > BTW, what I'm suggesting here is the equivilent of the "no_fake_prompts" > > setting in pam_opie.so found in -CURRENT. Basically, if the flag is set, > > Again, by all means, generate some diffs and we'll look 'em over. I'm > far less interest in debating this in abstract terms and at least > Joshua provided a better implementation than what I was suggesting, > which is why I'm now just going to take his proposed change unless > someone gives me something better yet. n.b. this is actually an OPIE challenge, despite saying S/Key. Unfortunately the openssh in -stable totally ignores pam and talks directly to libopie, so we have to work inside sshd. Committing to -current was almost certainly unnecessary and regressing since the version there honours pam.d/sshd which doesn't have pam_opie on by default, and if you do put it in, you can use the no_fake_prompts option. I recommend backing that out. The following patch to -stable is opie & rwatson friendly, won't give a challenge unless you actually have an entry in /etc/opiepasswd, and has a knob for toggling fake challenges (which is off by default). Hopefully that satisfies everyone! Joshua Index: auth-chall.c =================================================================== RCS file: /cvs/src/crypto/openssh/auth-chall.c,v retrieving revision 1.2.2.1 diff -u -r1.2.2.1 auth-chall.c --- auth-chall.c 28 Sep 2001 01:33:33 -0000 1.2.2.1 +++ auth-chall.c 25 Apr 2002 09:28:16 -0000 @@ -28,6 +28,9 @@ #include "auth.h" #include "log.h" +#include "servconf.h" + +extern ServerOptions options; #ifdef BSD_AUTH char * @@ -77,9 +80,12 @@ { static char challenge[1024]; struct opie opie; + if (opie_haskey(authctxt->user) == 1 && + options.fake_challenge != 1) + return NULL; if (opiechallenge(&opie, authctxt->user, challenge) == -1) return NULL; - strlcat(challenge, "\nS/Key Password: ", sizeof challenge); + strlcat(challenge, "\nOPIE Password: ", sizeof challenge); return challenge; } int Index: servconf.c =================================================================== RCS file: /cvs/src/crypto/openssh/servconf.c,v retrieving revision 1.3.2.12 diff -u -r1.3.2.12 servconf.c --- servconf.c 25 Apr 2002 05:58:53 -0000 1.3.2.12 +++ servconf.c 25 Apr 2002 08:36:02 -0000 @@ -88,6 +88,7 @@ options->password_authentication = -1; options->kbd_interactive_authentication = -1; options->challenge_reponse_authentication = -1; + options->fake_challenge = -1; options->permit_empty_passwd = -1; options->use_login = -1; options->allow_tcp_forwarding = -1; @@ -207,7 +208,9 @@ if (options->kbd_interactive_authentication == -1) options->kbd_interactive_authentication = 0; if (options->challenge_reponse_authentication == -1) - options->challenge_reponse_authentication = 0; + options->challenge_reponse_authentication = 1; + if (options->fake_challenge == -1) + options->fake_challenge = 0; if (options->permit_empty_passwd == -1) options->permit_empty_passwd = 0; if (options->use_login == -1) @@ -248,7 +251,7 @@ #ifdef AFS sKrb4TgtPassing, sAFSTokenPassing, #endif - sChallengeResponseAuthentication, + sChallengeResponseAuthentication, sFakeChallenge, sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress, sPrintMotd, sPrintLastLog, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, @@ -302,6 +305,7 @@ { "kbdinteractiveauthentication", sKbdInteractiveAuthentication }, { "challengeresponseauthentication", sChallengeResponseAuthentication }, { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */ + { "fakechallenge", sFakeChallenge }, { "checkmail", sCheckMail }, { "listenaddress", sListenAddress }, { "printmotd", sPrintMotd }, @@ -647,6 +651,10 @@ case sChallengeResponseAuthentication: intptr = &options->challenge_reponse_authentication; + goto parse_flag; + + case sFakeChallenge: + intptr = &options->fake_challenge; goto parse_flag; case sPrintMotd: Index: servconf.h =================================================================== RCS file: /cvs/src/crypto/openssh/servconf.h,v retrieving revision 1.3.2.5 diff -u -r1.3.2.5 servconf.h --- servconf.h 28 Sep 2001 01:33:34 -0000 1.3.2.5 +++ servconf.h 25 Apr 2002 06:49:12 -0000 @@ -99,6 +99,7 @@ * authentication. */ int kbd_interactive_authentication; /* If true, permit */ int challenge_reponse_authentication; + int fake_challenge; int permit_empty_passwd; /* If false, do not permit empty * passwords. */ int use_login; /* If true, login(1) is used */ Index: sshd.8 =================================================================== RCS file: /cvs/src/crypto/openssh/sshd.8,v retrieving revision 1.5.2.7 diff -u -r1.5.2.7 sshd.8 --- sshd.8 28 Sep 2001 01:33:35 -0000 1.5.2.7 +++ sshd.8 25 Apr 2002 09:39:50 -0000 @@ -414,6 +414,17 @@ can be used as wildcards in the patterns. Only user names are valid; a numerical user ID isn't recognized. By default login is allowed regardless of the user name. +.It Cm FakeChallenge +Specifies whether OPIE challenges should be attempted (and thus +randomly generated) if a user does not have an OPIE key setup +and ChallengeResponseAuthentication is set to +.Dq yes . +The argument must be +.Dq yes +or +.Dq no . +The default is +.Dq no . .It Cm GatewayPorts Specifies whether remote hosts are allowed to connect to ports forwarded for the client. Index: sshd_config =================================================================== RCS file: /cvs/src/crypto/openssh/sshd_config,v retrieving revision 1.4.2.7 diff -u -r1.4.2.7 sshd_config --- sshd_config 25 Apr 2002 05:58:53 -0000 1.4.2.7 +++ sshd_config 25 Apr 2002 08:36:19 -0000 @@ -48,8 +48,10 @@ PasswordAuthentication yes PermitEmptyPasswords no -# Uncomment to enable s/key passwords -#ChallengeResponseAuthentication yes +# Uncomment to disable s/key passwords +#ChallengeResponseAuthentication no +# Uncomment to generate fake s/key challenges +#FakeChallenge yes # To change Kerberos options #KerberosAuthentication no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Thu Apr 25 4: 1:17 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from topaz.mdcc.cx (topaz.mdcc.cx [212.204.230.141]) by hub.freebsd.org (Postfix) with ESMTP id 84A2637B41E for ; Thu, 25 Apr 2002 04:01:11 -0700 (PDT) Received: from k7.mavetju.org (topaz.mdcc.cx [212.204.230.141]) by topaz.mdcc.cx (Postfix) with ESMTP id 5463C2B83B for ; Thu, 25 Apr 2002 13:01:05 +0200 (CEST) Received: by k7.mavetju.org (Postfix, from userid 1001) id 3250348A; Thu, 25 Apr 2002 21:02:02 +1000 (EST) Date: Thu, 25 Apr 2002 21:02:02 +1000 From: Edwin Groothuis To: freebsd-hackers@freebsd.org Subject: missing libraries, and how to find them. Message-ID: <20020425210202.A49377@k7.mavetju.org> Mail-Followup-To: Edwin Groothuis , freebsd-hackers@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Greetings, Last night I had troubles running glade because in an earlier stage this week I had to upgrade libfreetype from so.6 to so.9. Running ldd on it did work a little bit, I found out that it couldn't find a libfreetype.so.6 (which I already knew :-), but couldn't tell me where it was coming from: [~] edwin@k7>ldd `which glade` /usr/X11R6/bin/glade: [...] libfreetype.so.6 => Not found I recompiled it, again the message: Shared object "libfreetype.so.6" not found. It must have been one of the other libraries. Unfortunatly glade uses all the gnome-libraries, so I had to recompile all of them... At the end, it was gtkhtml which was holding the old libfreetype.so.6, but it had cost me the whole evening to find out. Why didn't ldd tell me which lib it was which was failing? With this idea in mind I've submitted PR bin/37448: [PATCH] ldd/rtld support for more information of linked libraries. It patches ldd.c and rtld.c to understand the -s option (that parameter is also used under Solaris I've been told). With this option it does display the name of the program/library ldd is displayed (so not only the first occurance) and the libs being looked for: [~] edwin@k7>ldd -s `which glade` /usr/X11R6/bin/glade: /usr/X11R6/bin/glade libintl.so.2 => /usr/local/lib/libintl.so.2 (0x2812b000) libgda-common.so.0 => /usr/X11R6/lib/libgda-common.so.0 (0x28132000) [...] /usr/local/lib/libintl.so.2 libiconv.so.3 => /usr/local/lib/libiconv.so.3 (0x28d4b000) libc.so.4 => /usr/lib/libc.so.4 (0x28e1f000) /usr/X11R6/lib/libgda-common.so.0 libgthread12.so.3 => /usr/local/lib/libgthread12.so.3 (0x28167000) libgconf-1.so.1 => /usr/X11R6/lib/libgconf-1.so.1 (0x2844e000) libbonobo.so.2 => /usr/X11R6/lib/libbonobo.so.2 (0x284f4000) [...] Yes it will output much more data (281 lines for ldd -s glade vs 48 for ldd glade), but at least it gives you the ability to see what libraries are used by the program and its libraries. I hope somebody considers this a usefull patch and wants to commit it. The patch itself is against a 4.5 system (but not that difficult, it was more a matter of finding out where to put it). Thanks, Edwin -- Edwin Groothuis | Personal website: http://www.MavEtJu.org edwin@mavetju.org | Interested in MUDs? Visit Fatal Dimensions: bash$ :(){ :|:&};: | http://www.FatalDimensions.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Thu Apr 25 4:57:19 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from www.example.org (dhcp-nic-val-26-90.cisco.com [64.103.26.90]) by hub.freebsd.org (Postfix) with SMTP id 1346337B426 for ; Thu, 25 Apr 2002 04:57:09 -0700 (PDT) Received: (qmail 49789 invoked by uid 1000); 25 Apr 2002 11:57:06 -0000 Message-ID: <20020425115706.49788.qmail@cobweb.example.org> Date: Thu, 25 Apr 2002 13:57:06 +0200 From: Marco Molteni To: freebsd-hackers@freebsd.org Subject: Re: missing libraries, and how to find them. In-Reply-To: <20020425210202.A49377@k7.mavetju.org> References: <20020425210202.A49377@k7.mavetju.org> X-Mailer: Sylpheed version 0.7.4 (GTK+ 1.2.10; i386-portbld-freebsd4.5) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, 25 Apr 2002 21:02:02 +1000, Edwin Groothuis wrote: [..] > them... At the end, it was gtkhtml which was holding the old > libfreetype.so.6, but it had cost me the whole evening to find out. > > Why didn't ldd tell me which lib it was which was failing? > With this idea in mind I've submitted PR bin/37448: [PATCH] ldd/rtld > support for more information of linked libraries. It patches ldd.c > and rtld.c to understand the -s option (that parameter is also used > under Solaris I've been told). With this option it does display the > name of the program/library ldd is displayed (so not only the first > occurance) and the libs being looked for: [..] I ran in similar problems more than once. I *love* this patch! Marco To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Thu Apr 25 5: 2:54 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from energyhq.homeip.net (213-97-200-73.uc.nombres.ttd.es [213.97.200.73]) by hub.freebsd.org (Postfix) with ESMTP id 6835237B423 for ; Thu, 25 Apr 2002 05:02:48 -0700 (PDT) Received: by energyhq.homeip.net (Postfix, from userid 1001) id 342443FCA9; Thu, 25 Apr 2002 14:02:44 +0200 (CEST) Date: Thu, 25 Apr 2002 14:02:44 +0200 From: Miguel Mendez To: Edwin Groothuis Cc: freebsd-hackers@freebsd.org Subject: Re: missing libraries, and how to find them. Message-ID: <20020425140244.A77165@energyhq.homeip.net> Mail-Followup-To: Edwin Groothuis , freebsd-hackers@freebsd.org References: <20020425210202.A49377@k7.mavetju.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="dDRMvlgZJXvWKvBx" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020425210202.A49377@k7.mavetju.org>; from edwin@mavetju.org on Thu, Apr 25, 2002 at 09:02:02PM +1000 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --dDRMvlgZJXvWKvBx Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Apr 25, 2002 at 09:02:02PM +1000, Edwin Groothuis wrote: Hi, Interesting patch, I like it :) >[...] > libintl.so.2 =3D> /usr/local/lib/libintl.so.2 (0x2812b000) > libgda-common.so.0 =3D> /usr/X11R6/lib/libgda-common.so.0 (0x28132000) > [...] > /usr/local/lib/libintl.so.2 > libiconv.so.3 =3D> /usr/local/lib/libiconv.so.3 (0x28d4b000) > libc.so.4 =3D> /usr/lib/libc.so.4 (0x28e1f000) > /usr/X11R6/lib/libgda-common.so.0 > libgthread12.so.3 =3D> /usr/local/lib/libgthread12.so.3 (0x281670= 00) > libgconf-1.so.1 =3D> /usr/X11R6/lib/libgconf-1.so.1 (0x2844e000) > libbonobo.so.2 =3D> /usr/X11R6/lib/libbonobo.so.2 (0x284f4000) > [...] =20 >=20 For what is worth, that can be easily replicated with a simple shell script: kajsa% for i in `ldd /usr/X11R6/bin/xmms|grep -v :|awk '{ print $3}'`; do ldd $i;done /usr/lib/libc_r.so.5: /usr/X11R6/lib/libSM.so.6: libICE.so.6 =3D> /usr/X11R6/lib/libICE.so.6 (0x28129000) /usr/X11R6/lib/libICE.so.6: /usr/X11R6/lib/libxmms.so.3: libgtk12.so.2 =3D> /usr/X11R6/lib/libgtk12.so.2 (0x2812b000) libgdk12.so.2 =3D> /usr/X11R6/lib/libgdk12.so.2 (0x2825a000) [...] Anyway, a nice patch I hope will be commited soon. Cheers, --=20 Miguel Mendez - flynn@energyhq.homeip.net GPG Public Key :: http://energyhq.homeip.net/files/pubkey.txt EnergyHQ :: http://www.energyhq.tk FreeBSD - The power to serve! --dDRMvlgZJXvWKvBx Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8x/BjnLctrNyFFPERApDPAJ0X56u7vgeX05MXk3aVe1T4+8LMogCeP2XJ lXw8Py+ck4aBczYNeXabpTs= =bqE4 -----END PGP SIGNATURE----- --dDRMvlgZJXvWKvBx-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Thu Apr 25 7:22:28 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from duke.cs.duke.edu (duke.cs.duke.edu [152.3.140.1]) by hub.freebsd.org (Postfix) with ESMTP id 7E49037B42C; Thu, 25 Apr 2002 07:22:15 -0700 (PDT) Received: from grasshopper.cs.duke.edu (grasshopper.cs.duke.edu [152.3.145.30]) by duke.cs.duke.edu (8.9.3/8.9.3) with ESMTP id KAA26894; Thu, 25 Apr 2002 10:22:04 -0400 (EDT) Received: (from gallatin@localhost) by grasshopper.cs.duke.edu (8.11.6/8.9.1) id g3PELYj94848; Thu, 25 Apr 2002 10:21:34 -0400 (EDT) (envelope-from gallatin@cs.duke.edu) From: Andrew Gallatin MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15560.4334.821343.177003@grasshopper.cs.duke.edu> Date: Thu, 25 Apr 2002 10:21:34 -0400 (EDT) To: Kenneth Culver Cc: Peter Wemm , John Baldwin , freebsd-hackers@FreeBSD.ORG Subject: pushal & ebp In-Reply-To: <20020424215718.F40543-100000@alpha.yumyumyum.org> References: <20020424210936.S40254-100000@alpha.yumyumyum.org> <20020424215718.F40543-100000@alpha.yumyumyum.org> X-Mailer: VM 6.75 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Kenneth Culver writes: > So, as far as I can tell, this version of glibc is doing the Right Thing, > and the ebp register is getting messed up somewhere along the line in > either the assembly code that handles the 0x80 trap in FreeBSD, or in > syscall2 (I think it's probably the asm that handles the 0x80 trap)... > > Can anyone confirm this? I just looked at the NetBSD code & like linux, they use a macro which individually pushes the registers onto the stack rather than using pushal (which I assume is the same as what intel calls PUSHAD in their x86 instruction set ref. manual). NetBSD stopped using pushal in 1994 in rev 1.85 of their arch/i386/i386/locore.s in a commit helpfully documented "Don't use pusha and popa." Does anybody know why the other OSes push the registers individually, rather than using pushal? Could our using pushal be causing Kenneth's ebp to get lost, or is this just a red herring? Thanks, Drew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Thu Apr 25 7:33:17 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id EEF2C37B434 for ; Thu, 25 Apr 2002 07:33:02 -0700 (PDT) Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.11.6/8.11.6) with SMTP id g3PEWTw80677; Thu, 25 Apr 2002 10:32:29 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Thu, 25 Apr 2002 10:32:28 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Joshua Goodall Cc: Jordan Hubbard , hackers@FreeBSD.ORG Subject: Re: Erm, since everyone managed to HIJACK my sshd thread! ;) In-Reply-To: <20020425094528.GE86692@roughtrade.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, 25 Apr 2002, Joshua Goodall wrote: > On Wed, Apr 24, 2002 at 09:08:08PM -0700, Jordan Hubbard wrote: > > > BTW, what I'm suggesting here is the equivilent of the "no_fake_prompts" > > > setting in pam_opie.so found in -CURRENT. Basically, if the flag is set, > > > > Again, by all means, generate some diffs and we'll look 'em over. I'm > > far less interest in debating this in abstract terms and at least > > Joshua provided a better implementation than what I was suggesting, > > which is why I'm now just going to take his proposed change unless > > someone gives me something better yet. > > n.b. this is actually an OPIE challenge, despite saying S/Key. > Unfortunately the openssh in -stable totally ignores pam and talks > directly to libopie, so we have to work inside sshd. > > Committing to -current was almost certainly unnecessary and regressing > since the version there honours pam.d/sshd which doesn't have pam_opie > on by default, and if you do put it in, you can use the no_fake_prompts > option. I recommend backing that out. Ack, if it was committed, it should definetely be backed out, since the sole effect would be to break OPIE, and there would really be no redeeming effect at all. A little bit of testing should have demonstrated as much; if not, well, more fixes might be required. > The following patch to -stable is opie & rwatson friendly, won't give a > challenge unless you actually have an entry in /etc/opiepasswd, and has > a knob for toggling fake challenges (which is off by default). > Hopefully that satisfies everyone! My only comment would be that you use the term "s/key" in the description in the configuration file, and that should probably read "OPIE" for all the reasons you identified. I realize this will make the source code look even more inconsistent, but who knows.. :-) Thanks for working through this one, Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services > Index: auth-chall.c > =================================================================== > RCS file: /cvs/src/crypto/openssh/auth-chall.c,v > retrieving revision 1.2.2.1 > diff -u -r1.2.2.1 auth-chall.c > --- auth-chall.c 28 Sep 2001 01:33:33 -0000 1.2.2.1 > +++ auth-chall.c 25 Apr 2002 09:28:16 -0000 > @@ -28,6 +28,9 @@ > > #include "auth.h" > #include "log.h" > +#include "servconf.h" > + > +extern ServerOptions options; > > #ifdef BSD_AUTH > char * > @@ -77,9 +80,12 @@ > { > static char challenge[1024]; > struct opie opie; > + if (opie_haskey(authctxt->user) == 1 && > + options.fake_challenge != 1) > + return NULL; > if (opiechallenge(&opie, authctxt->user, challenge) == -1) > return NULL; > - strlcat(challenge, "\nS/Key Password: ", sizeof challenge); > + strlcat(challenge, "\nOPIE Password: ", sizeof challenge); > return challenge; > } > int > Index: servconf.c > =================================================================== > RCS file: /cvs/src/crypto/openssh/servconf.c,v > retrieving revision 1.3.2.12 > diff -u -r1.3.2.12 servconf.c > --- servconf.c 25 Apr 2002 05:58:53 -0000 1.3.2.12 > +++ servconf.c 25 Apr 2002 08:36:02 -0000 > @@ -88,6 +88,7 @@ > options->password_authentication = -1; > options->kbd_interactive_authentication = -1; > options->challenge_reponse_authentication = -1; > + options->fake_challenge = -1; > options->permit_empty_passwd = -1; > options->use_login = -1; > options->allow_tcp_forwarding = -1; > @@ -207,7 +208,9 @@ > if (options->kbd_interactive_authentication == -1) > options->kbd_interactive_authentication = 0; > if (options->challenge_reponse_authentication == -1) > - options->challenge_reponse_authentication = 0; > + options->challenge_reponse_authentication = 1; > + if (options->fake_challenge == -1) > + options->fake_challenge = 0; > if (options->permit_empty_passwd == -1) > options->permit_empty_passwd = 0; > if (options->use_login == -1) > @@ -248,7 +251,7 @@ > #ifdef AFS > sKrb4TgtPassing, sAFSTokenPassing, > #endif > - sChallengeResponseAuthentication, > + sChallengeResponseAuthentication, sFakeChallenge, > sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress, > sPrintMotd, sPrintLastLog, sIgnoreRhosts, > sX11Forwarding, sX11DisplayOffset, > @@ -302,6 +305,7 @@ > { "kbdinteractiveauthentication", sKbdInteractiveAuthentication }, > { "challengeresponseauthentication", sChallengeResponseAuthentication }, > { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */ > + { "fakechallenge", sFakeChallenge }, > { "checkmail", sCheckMail }, > { "listenaddress", sListenAddress }, > { "printmotd", sPrintMotd }, > @@ -647,6 +651,10 @@ > > case sChallengeResponseAuthentication: > intptr = &options->challenge_reponse_authentication; > + goto parse_flag; > + > + case sFakeChallenge: > + intptr = &options->fake_challenge; > goto parse_flag; > > case sPrintMotd: > Index: servconf.h > =================================================================== > RCS file: /cvs/src/crypto/openssh/servconf.h,v > retrieving revision 1.3.2.5 > diff -u -r1.3.2.5 servconf.h > --- servconf.h 28 Sep 2001 01:33:34 -0000 1.3.2.5 > +++ servconf.h 25 Apr 2002 06:49:12 -0000 > @@ -99,6 +99,7 @@ > * authentication. */ > int kbd_interactive_authentication; /* If true, permit */ > int challenge_reponse_authentication; > + int fake_challenge; > int permit_empty_passwd; /* If false, do not permit empty > * passwords. */ > int use_login; /* If true, login(1) is used */ > Index: sshd.8 > =================================================================== > RCS file: /cvs/src/crypto/openssh/sshd.8,v > retrieving revision 1.5.2.7 > diff -u -r1.5.2.7 sshd.8 > --- sshd.8 28 Sep 2001 01:33:35 -0000 1.5.2.7 > +++ sshd.8 25 Apr 2002 09:39:50 -0000 > @@ -414,6 +414,17 @@ > can be used as wildcards in the patterns. > Only user names are valid; a numerical user ID isn't recognized. > By default login is allowed regardless of the user name. > +.It Cm FakeChallenge > +Specifies whether OPIE challenges should be attempted (and thus > +randomly generated) if a user does not have an OPIE key setup > +and ChallengeResponseAuthentication is set to > +.Dq yes . > +The argument must be > +.Dq yes > +or > +.Dq no . > +The default is > +.Dq no . > .It Cm GatewayPorts > Specifies whether remote hosts are allowed to connect to ports > forwarded for the client. > Index: sshd_config > =================================================================== > RCS file: /cvs/src/crypto/openssh/sshd_config,v > retrieving revision 1.4.2.7 > diff -u -r1.4.2.7 sshd_config > --- sshd_config 25 Apr 2002 05:58:53 -0000 1.4.2.7 > +++ sshd_config 25 Apr 2002 08:36:19 -0000 > @@ -48,8 +48,10 @@ > PasswordAuthentication yes > PermitEmptyPasswords no > > -# Uncomment to enable s/key passwords > -#ChallengeResponseAuthentication yes > +# Uncomment to disable s/key passwords > +#ChallengeResponseAuthentication no > +# Uncomment to generate fake s/key challenges > +#FakeChallenge yes > > # To change Kerberos options > #KerberosAuthentication no > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Thu Apr 25 8:13: 3 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mail.rapidsite.net (mail.rapidsite.net [207.158.192.62]) by hub.freebsd.org (Postfix) with SMTP id 0A88837B42A for ; Thu, 25 Apr 2002 08:12:56 -0700 (PDT) Received: from r00.nat.boca.verio.net (208.55.254.110) by mail.rapidsite.net (RS ver 1.0.63s) with SMTP id 06516901; Thu, 25 Apr 2002 11:12:41 -0400 (EDT) Received: from shade.nectar.cc (shade.nectar.cc [127.0.0.1]) by shade.nectar.cc (8.12.3/8.12.3) with ESMTP id g3PFDf0i007853; Thu, 25 Apr 2002 10:13:41 -0500 (CDT) (envelope-from nectar@shade.nectar.cc) Received: (from nectar@localhost) by shade.nectar.cc (8.12.3/8.12.3/Submit) id g3PFDdSa007852; Thu, 25 Apr 2002 10:13:39 -0500 (CDT) Date: Thu, 25 Apr 2002 10:13:39 -0500 From: "Jacques A. Vidrine" To: "Greg 'groggy' Lehey" Cc: Robert Watson , Jordan Hubbard , Oscar Bonilla , Anthony Schneider , Mike Meyer , hackers@FreeBSD.org Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) Message-ID: <20020425151339.GB7802@shade.nectar.cc> References: <20020423131646.I6425@wantadilla.lemis.com> <20020424090655.O6425@wantadilla.lemis.com> <20020424122754.GC42969@madman.nectar.cc> <20020425120259.B79657@wantadilla.lemis.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020425120259.B79657@wantadilla.lemis.com> User-Agent: Mutt/1.3.28i X-Url: http://www.nectar.cc/ X-Loop-Detect: 1 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, Apr 25, 2002 at 12:02:59PM +0930, Greg 'groggy' Lehey wrote: > > I think it would be better to just put `-nolisten tcp' in > > /usr/X11R6/lib/X11/xinit/xserverrc for new installations only. Then > > the system administrator could easily override it for all users; and > > at least a user can override it for herself. > > If he knew about it. It's the old documentation trick. > Look at my last message to Terry: we're talking > about a package we don't control here. If somebody comes to FreeBSD > from another system and X doesn't work the way he expects, he'll blame > FreeBSD, not X. Well then we are sunk. I object to breaking currently working installations. I think it's OK to use better defaults for new installations. This is a hard issue for me to argue, because I consider this particular change to be of questionable value. > > Disclosure: I'm unhappy that after upgrading my laptop yesterday, I > > found I couldn't run `x2x', > > Because of this issue? > Right. > > and had to restart my X session to remedy the problem. > > At least you knew what the problem was. Well, I've been running X for 10+ years. I guess I know what to look for. Cheers, -- Jacques A. Vidrine http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Thu Apr 25 9:23:46 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mailhub.yumyumyum.org (dsl092-171-091.wdc1.dsl.speakeasy.net [66.92.171.91]) by hub.freebsd.org (Postfix) with SMTP id 38E7A37B426 for ; Thu, 25 Apr 2002 09:23:27 -0700 (PDT) Received: (qmail 44826 invoked from network); 25 Apr 2002 16:22:55 -0000 Received: from dsl092-171-091.wdc1.dsl.speakeasy.net (66.92.171.91) by dsl092-171-091.wdc1.dsl.speakeasy.net with SMTP; 25 Apr 2002 16:22:55 -0000 Date: Thu, 25 Apr 2002 12:22:55 -0400 (EDT) From: Kenneth Culver To: Andrew Gallatin Cc: Peter Wemm , John Baldwin , Subject: Re: pushal & ebp In-Reply-To: <15560.4334.821343.177003@grasshopper.cs.duke.edu> Message-ID: <20020425115941.C44727-100000@alpha.yumyumyum.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > I just looked at the NetBSD code & like linux, they use a macro which > individually pushes the registers onto the stack rather than using > pushal (which I assume is the same as what intel calls PUSHAD in their > x86 instruction set ref. manual). > > NetBSD stopped using pushal in 1994 in rev 1.85 of their > arch/i386/i386/locore.s in a commit helpfully documented > "Don't use pusha and popa." > > Does anybody know why the other OSes push the registers individually, > rather than using pushal? Could our using pushal be causing Kenneth's > ebp to get lost, or is this just a red herring? > > Thanks, > > Drew > > > according to the intel docs, pushad (or what I'm assuming is pushal in our case) pushes eax, ecx, edx, ebx then pushes some temporary value (the original esp I think) then pushes ebp, esi, and edi: this is from the documentation for pushad IF OperandSize = 32 (* PUSHAD instruction *) THEN Temp (ESP); Push(EAX); Push(ECX); Push(EDX); Push(EBX); Push(Temp); Push(EBP); Push(ESI); Push(EDI); so could this be the problem? Ken To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Thu Apr 25 9:41: 7 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id 045FF37B427 for ; Thu, 25 Apr 2002 09:41:05 -0700 (PDT) Received: by flood.ping.uio.no (Postfix, from userid 2602) id 157005309; Thu, 25 Apr 2002 18:41:02 +0200 (CEST) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: Jordan Hubbard Cc: hackers@freebsd.org Subject: Re: Erm, since everyone managed to HIJACK my sshd thread! ;) References: <200204231839.g3NId1UR013639@winston.freebsd.org> From: Dag-Erling Smorgrav Date: 25 Apr 2002 18:41:02 +0200 In-Reply-To: <200204231839.g3NId1UR013639@winston.freebsd.org> Message-ID: Lines: 11 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.1 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Jordan Hubbard writes: > I'm going to commit the following in 48 hours unless someone can > convince me that it's a good idea for FreeBSD to be the odd-OS out > with respect to this behavior: -hackers is not the appropriate forum for code review. The patch is incorrect and should be backed out. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Thu Apr 25 9:56:18 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id 7A04D37B41F for ; Thu, 25 Apr 2002 09:56:14 -0700 (PDT) Received: by flood.ping.uio.no (Postfix, from userid 2602) id A7D935309; Thu, 25 Apr 2002 18:56:12 +0200 (CEST) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: Jordan Hubbard Cc: hackers@freebsd.org Subject: Re: Erm, since everyone managed to HIJACK my sshd thread! ;) References: <200204231839.g3NId1UR013639@winston.freebsd.org> From: Dag-Erling Smorgrav Date: 25 Apr 2002 18:56:11 +0200 In-Reply-To: Message-ID: Lines: 9 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.1 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Dag-Erling Smorgrav writes: > -hackers is not the appropriate forum for code review. The patch is > incorrect and should be backed out. Never mind, I did it myself. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Thu Apr 25 10:13:34 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from duke.cs.duke.edu (duke.cs.duke.edu [152.3.140.1]) by hub.freebsd.org (Postfix) with ESMTP id A096837B41D for ; Thu, 25 Apr 2002 10:13:24 -0700 (PDT) Received: from grasshopper.cs.duke.edu (grasshopper.cs.duke.edu [152.3.145.30]) by duke.cs.duke.edu (8.9.3/8.9.3) with ESMTP id NAA02625; Thu, 25 Apr 2002 13:13:24 -0400 (EDT) Received: (from gallatin@localhost) by grasshopper.cs.duke.edu (8.11.6/8.9.1) id g3PHCsn95014; Thu, 25 Apr 2002 13:12:54 -0400 (EDT) (envelope-from gallatin@cs.duke.edu) From: Andrew Gallatin MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15560.14613.989930.797068@grasshopper.cs.duke.edu> Date: Thu, 25 Apr 2002 13:12:53 -0400 (EDT) To: Kenneth Culver Cc: Subject: Re: pushal & ebp In-Reply-To: <20020425115941.C44727-100000@alpha.yumyumyum.org> References: <15560.4334.821343.177003@grasshopper.cs.duke.edu> <20020425115941.C44727-100000@alpha.yumyumyum.org> X-Mailer: VM 6.75 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Kenneth Culver writes: > > I just looked at the NetBSD code & like linux, they use a macro which > > individually pushes the registers onto the stack rather than using > > pushal (which I assume is the same as what intel calls PUSHAD in their > > x86 instruction set ref. manual). > > > > NetBSD stopped using pushal in 1994 in rev 1.85 of their > > arch/i386/i386/locore.s in a commit helpfully documented > > "Don't use pusha and popa." > > > > Does anybody know why the other OSes push the registers individually, > > rather than using pushal? Could our using pushal be causing Kenneth's > > ebp to get lost, or is this just a red herring? > > > > Thanks, > > > > Drew > > > > > > > according to the intel docs, pushad (or what I'm assuming is pushal in our > case) pushes eax, ecx, edx, ebx then pushes some temporary value (the > original esp I think) then pushes ebp, esi, and edi: > > this is from the documentation for pushad > > IF OperandSize = 32 (* PUSHAD instruction *) > THEN > Temp (ESP); > Push(EAX); > Push(ECX); > Push(EDX); > Push(EBX); > Push(Temp); > Push(EBP); > Push(ESI); > Push(EDI); > > so could this be the problem? > > Ken I don't think so. The temp its pushing is the stack pointer. If you look at the layout of the trap frame, then you'll see tf_isp comes between tf_ebp & tf_ebx. I assume tf_isp is the stack pointer, so that should be OK.. Drew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Thu Apr 25 10:14:53 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mail.speakeasy.net (mail12.speakeasy.net [216.254.0.212]) by hub.freebsd.org (Postfix) with ESMTP id CD2A737B419 for ; Thu, 25 Apr 2002 10:14:45 -0700 (PDT) Received: (qmail 596 invoked from network); 25 Apr 2002 17:14:44 -0000 Received: from unknown (HELO server.baldwin.cx) ([216.27.160.63]) (envelope-sender ) by mail12.speakeasy.net (qmail-ldap-1.03) with DES-CBC3-SHA encrypted SMTP for ; 25 Apr 2002 17:14:44 -0000 Received: from laptop.baldwin.cx (gw1.twc.weather.com [216.133.140.1]) by server.baldwin.cx (8.11.6/8.11.6) with ESMTP id g3PHEiv11043; Thu, 25 Apr 2002 13:14:44 -0400 (EDT) (envelope-from jhb@FreeBSD.org) Message-ID: X-Mailer: XFMail 1.5.2 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <15560.14613.989930.797068@grasshopper.cs.duke.edu> Date: Thu, 25 Apr 2002 13:13:53 -0400 (EDT) From: John Baldwin To: Andrew Gallatin Subject: Re: pushal & ebp Cc: freebsd-hackers@FreeBSD.ORG, Kenneth Culver Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 25-Apr-2002 Andrew Gallatin wrote: > > Kenneth Culver writes: > > > I just looked at the NetBSD code & like linux, they use a macro which > > > individually pushes the registers onto the stack rather than using > > > pushal (which I assume is the same as what intel calls PUSHAD in their > > > x86 instruction set ref. manual). > > > > > > NetBSD stopped using pushal in 1994 in rev 1.85 of their > > > arch/i386/i386/locore.s in a commit helpfully documented > > > "Don't use pusha and popa." > > > > > > Does anybody know why the other OSes push the registers individually, > > > rather than using pushal? Could our using pushal be causing Kenneth's > > > ebp to get lost, or is this just a red herring? > > > > > > Thanks, > > > > > > Drew > > > > > > > > > > > according to the intel docs, pushad (or what I'm assuming is pushal in our > > case) pushes eax, ecx, edx, ebx then pushes some temporary value (the > > original esp I think) then pushes ebp, esi, and edi: > > > > this is from the documentation for pushad > > > > IF OperandSize = 32 (* PUSHAD instruction *) > > THEN > > Temp (ESP); > > Push(EAX); > > Push(ECX); > > Push(EDX); > > Push(EBX); > > Push(Temp); > > Push(EBP); > > Push(ESI); > > Push(EDI); > > > > so could this be the problem? > > > > Ken > > I don't think so. The temp its pushing is the stack pointer. If you > look at the layout of the trap frame, then you'll see tf_isp comes > between tf_ebp & tf_ebx. I assume tf_isp is the stack pointer, so > that should be OK.. Right. > Drew -- John Baldwin <>< http://www.FreeBSD.org/~jhb/ "Power Users Use the Power to Serve!" - http://www.FreeBSD.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Thu Apr 25 10:25:49 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mired.org (dsl-64-192-6-133.telocity.com [64.192.6.133]) by hub.freebsd.org (Postfix) with SMTP id 9DD8B37B419 for ; Thu, 25 Apr 2002 10:25:39 -0700 (PDT) Received: (qmail 72350 invoked by uid 100); 25 Apr 2002 17:25:36 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15560.15376.527441.682769@guru.mired.org> Date: Thu, 25 Apr 2002 12:25:36 -0500 To: Edwin Groothuis Cc: freebsd-hackers@freebsd.org Subject: Re: missing libraries, and how to find them. In-Reply-To: <20020425210202.A49377@k7.mavetju.org> References: <20020425210202.A49377@k7.mavetju.org> X-Mailer: VM 6.90 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG% *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\ From: Mike Meyer X-Delivery-Agent: TMDA/0.52 (Python 2.2 on FreeBSD/i386) Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In <20020425210202.A49377@k7.mavetju.org>, Edwin Groothuis typed: > Why didn't ldd tell me which lib it was which was failing? > With this idea in mind I've submitted PR bin/37448: [PATCH] ldd/rtld My version of this - bin/30908 - has already been committed to -CURRENT. I just sent a note to the person who committed it asking them to MFC it. I wasn't aware that Solaris already used a flag; you might want to submit a patch that changes the name of the flag. http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Thu Apr 25 10:26:57 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mailhub.yumyumyum.org (dsl092-171-091.wdc1.dsl.speakeasy.net [66.92.171.91]) by hub.freebsd.org (Postfix) with SMTP id F24ED37B41D for ; Thu, 25 Apr 2002 10:26:47 -0700 (PDT) Received: (qmail 45290 invoked from network); 25 Apr 2002 17:26:16 -0000 Received: from dsl092-171-091.wdc1.dsl.speakeasy.net (66.92.171.91) by dsl092-171-091.wdc1.dsl.speakeasy.net with SMTP; 25 Apr 2002 17:26:16 -0000 Date: Thu, 25 Apr 2002 13:26:16 -0400 (EDT) From: Kenneth Culver To: Andrew Gallatin Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: pushal & ebp In-Reply-To: <15560.14613.989930.797068@grasshopper.cs.duke.edu> Message-ID: <20020425132419.A45267-100000@alpha.yumyumyum.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, 25 Apr 2002, Andrew Gallatin wrote: > > Kenneth Culver writes: > > > I just looked at the NetBSD code & like linux, they use a macro which > > > individually pushes the registers onto the stack rather than using > > > pushal (which I assume is the same as what intel calls PUSHAD in their > > > x86 instruction set ref. manual). > > > > > > NetBSD stopped using pushal in 1994 in rev 1.85 of their > > > arch/i386/i386/locore.s in a commit helpfully documented > > > "Don't use pusha and popa." > > > > > > Does anybody know why the other OSes push the registers individually, > > > rather than using pushal? Could our using pushal be causing Kenneth's > > > ebp to get lost, or is this just a red herring? > > > > > > Thanks, > > > > > > Drew > > > > > > > > > > > according to the intel docs, pushad (or what I'm assuming is pushal in our > > case) pushes eax, ecx, edx, ebx then pushes some temporary value (the > > original esp I think) then pushes ebp, esi, and edi: > > > > this is from the documentation for pushad > > > > IF OperandSize = 32 (* PUSHAD instruction *) > > THEN > > Temp (ESP); > > Push(EAX); > > Push(ECX); > > Push(EDX); > > Push(EBX); > > Push(Temp); > > Push(EBP); > > Push(ESI); > > Push(EDI); > > > > so could this be the problem? > > > > Ken > > I don't think so. The temp its pushing is the stack pointer. If you > look at the layout of the trap frame, then you'll see tf_isp comes > between tf_ebp & tf_ebx. I assume tf_isp is the stack pointer, so > that should be OK.. > > Drew > > > hrmm, well then it looks like pushal should be doing the right thing... but I thought though that esp was the stack pointer... it's pushing the original stack pointer onto isp, and then pushing ebp... I don't see why this would screw anything up... Ken To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Thu Apr 25 10:31: 1 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mired.org (dsl-64-192-6-133.telocity.com [64.192.6.133]) by hub.freebsd.org (Postfix) with SMTP id 9037737B448 for ; Thu, 25 Apr 2002 10:27:44 -0700 (PDT) Received: (qmail 72424 invoked by uid 100); 25 Apr 2002 17:27:42 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15560.15502.213147.169455@guru.mired.org> Date: Thu, 25 Apr 2002 12:27:42 -0500 To: Miguel Mendez Cc: Edwin Groothuis , freebsd-hackers@freebsd.org Subject: Re: missing libraries, and how to find them. In-Reply-To: <20020425140244.A77165@energyhq.homeip.net> References: <20020425210202.A49377@k7.mavetju.org> <20020425140244.A77165@energyhq.homeip.net> X-Mailer: VM 6.90 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG% *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\ From: Mike Meyer X-Delivery-Agent: TMDA/0.52 (Python 2.2 on FreeBSD/i386) Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In <20020425140244.A77165@energyhq.homeip.net>, Miguel Mendez typed: > For what is worth, that can be easily replicated with a simple shell > script: > > kajsa% for i in `ldd /usr/X11R6/bin/xmms|grep -v :|awk '{ print $3}'`; > do ldd $i;done > /usr/lib/libc_r.so.5: > /usr/X11R6/lib/libSM.so.6: > libICE.so.6 => /usr/X11R6/lib/libICE.so.6 (0x28129000) > /usr/X11R6/lib/libICE.so.6: > /usr/X11R6/lib/libxmms.so.3: > libgtk12.so.2 => /usr/X11R6/lib/libgtk12.so.2 (0x2812b000) > libgdk12.so.2 => /usr/X11R6/lib/libgdk12.so.2 (0x2825a000) > [...] > Anyway, a nice patch I hope will be commited soon. As I stated just a minute ago, my version of that was committed a while ago, and will hopefully be MFC's soon. But your script doesn't do the same thing. It only tells you what libraries the libraries your command includes. It doesn't go to the third third - or further - levels if required. http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Thu Apr 25 10:51:25 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from energyhq.homeip.net (213-97-200-73.uc.nombres.ttd.es [213.97.200.73]) by hub.freebsd.org (Postfix) with ESMTP id C5D2337B400 for ; Thu, 25 Apr 2002 10:51:16 -0700 (PDT) Received: by energyhq.homeip.net (Postfix, from userid 1001) id 05FAE3FCC0; Thu, 25 Apr 2002 19:51:17 +0200 (CEST) Date: Thu, 25 Apr 2002 19:51:16 +0200 From: Miguel Mendez To: Mike Meyer Cc: Edwin Groothuis , freebsd-hackers@freebsd.org Subject: Re: missing libraries, and how to find them. Message-ID: <20020425195116.A80026@energyhq.homeip.net> Mail-Followup-To: Mike Meyer , Edwin Groothuis , freebsd-hackers@freebsd.org References: <20020425210202.A49377@k7.mavetju.org> <20020425140244.A77165@energyhq.homeip.net> <15560.15502.213147.169455@guru.mired.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="k+w/mQv8wyuph6w0" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <15560.15502.213147.169455@guru.mired.org>; from mwm-dated-1020187662.12a903@mired.org on Thu, Apr 25, 2002 at 12:27:42PM -0500 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --k+w/mQv8wyuph6w0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Apr 25, 2002 at 12:27:42PM -0500, Mike Meyer wrote: Hi, > As I stated just a minute ago, my version of that was committed a > while ago, and will hopefully be MFC's soon. Good, I didn't know someone else had already submitted a patch before. > But your script doesn't do the same thing. It only tells you what > libraries the libraries your command includes. It doesn't go to the > third third - or further - levels if required. Well, not exactly. When you link program a with lib b, and lib b depends on lib c, ldd a shows both libs, so my script works as it will ldd all libs: Let's see: flynn@kajsa# echo "void foo() { bar(); }" > foo.c flynn@kajsa# echo "void bar() { baz(); }" > baz.c flynn@kajsa# echo "void baz() { }" >=20 flynn@kajsa# echo "void bar() { baz(); }" > bar.c flynn@kajsa# echo "void baz() { }" > baz.c flynn@kajsa# cc -o libbaz.so -shared baz.c flynn@kajsa# cc -o libbar.so -L/tmp/foo -lbaz -shared bar.c flynn@kajsa# cc -o libfoo.so -L/tmp/foo -lbar -shared foo.c flynn@kajsa# echo "int main() { foo(); }" > main.c flynn@kajsa# cc -o main main.c -L/tmp/foo -lfoo flynn@kajsa# ldd main main: libfoo.so =3D> /tmp/foo/libfoo.so (0x28068000) libc.so.5 =3D> /usr/lib/libc.so.5 (0x2806a000) libbar.so =3D> /tmp/foo/libbar.so (0x2811d000) libbaz.so =3D> /tmp/foo/libbaz.so (0x2811f000) =09 QED :-) Cheers, --=20 Miguel Mendez - flynn@energyhq.homeip.net GPG Public Key :: http://energyhq.homeip.net/files/pubkey.txt EnergyHQ :: http://www.energyhq.tk FreeBSD - The power to serve! --k+w/mQv8wyuph6w0 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8yEIUnLctrNyFFPERAtlDAJ4rG6Gqu9TmRDQtPuHX/j4ym6fDuwCfdosr 1+kW5eieqrXgRK6D3k8mGCY= =1QBe -----END PGP SIGNATURE----- --k+w/mQv8wyuph6w0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Thu Apr 25 11: 1:17 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mired.org (dsl-64-192-6-133.telocity.com [64.192.6.133]) by hub.freebsd.org (Postfix) with SMTP id DB10B37B41B for ; Thu, 25 Apr 2002 11:01:05 -0700 (PDT) Received: (qmail 72869 invoked by uid 100); 25 Apr 2002 18:01:05 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15560.17504.878501.315464@guru.mired.org> Date: Thu, 25 Apr 2002 13:01:04 -0500 To: Miguel Mendez Cc: Edwin Groothuis , freebsd-hackers@freebsd.org Subject: Re: missing libraries, and how to find them. In-Reply-To: <20020425195116.A80026@energyhq.homeip.net> References: <20020425210202.A49377@k7.mavetju.org> <20020425140244.A77165@energyhq.homeip.net> <15560.15502.213147.169455@guru.mired.org> <20020425195116.A80026@energyhq.homeip.net> X-Mailer: VM 6.90 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG% *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\ From: Mike Meyer X-Delivery-Agent: TMDA/0.52 (Python 2.2 on FreeBSD/i386) Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In <20020425195116.A80026@energyhq.homeip.net>, Miguel Mendez typed: > On Thu, Apr 25, 2002 at 12:27:42PM -0500, Mike Meyer wrote: > > Hi, > > > As I stated just a minute ago, my version of that was committed a > > while ago, and will hopefully be MFC's soon. > > Good, I didn't know someone else had already submitted a patch before. > > > But your script doesn't do the same thing. It only tells you what > > libraries the libraries your command includes. It doesn't go to the > > third third - or further - levels if required. > > Well, not exactly. When you link program a with lib b, and lib b depends > on lib c, ldd a shows both libs, so my script works as it will ldd all > libs: Yes, but when lib c depends on lib d, your script won't pick it up. The patches to ldd will. They will recurse on down forever. http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Thu Apr 25 12:14:23 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from resnet.uoregon.edu (resnet.uoregon.edu [128.223.122.47]) by hub.freebsd.org (Postfix) with ESMTP id 1817C37B41D for ; Thu, 25 Apr 2002 12:14:12 -0700 (PDT) Received: from localhost (dwhite@localhost) by resnet.uoregon.edu (8.11.3/8.10.1) with ESMTP id g3PJE8O65721; Thu, 25 Apr 2002 12:14:08 -0700 (PDT) Date: Thu, 25 Apr 2002 12:14:08 -0700 (PDT) From: Doug White To: hackers@freebsd.org Cc: Miguel Mendez , Edwin Groothuis Subject: Re: missing libraries, and how to find them. In-Reply-To: <15560.17504.878501.315464@guru.mired.org> Message-ID: <20020425121126.V65107-100000@resnet.uoregon.edu> X-All-Your-Base: are belong to us MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Sorry to break the reply chain. Mike: 'mired.org' has some bogus DNS entries floating around. Is it a new domain? I can't send mail to it since it has no records at all. On Thu, 25 Apr 2002, Mike Meyer wrote: > Yes, but when lib c depends on lib d, your script won't pick it up. > The patches to ldd will. They will recurse on down forever. I realize this is probably extremely rare, but does it catch circular dependencies? You don't want it looping off into forever. Doug White | FreeBSD: The Power to Serve dwhite@resnet.uoregon.edu | www.FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Thu Apr 25 12:49:15 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mired.org (dsl-64-192-6-133.telocity.com [64.192.6.133]) by hub.freebsd.org (Postfix) with SMTP id 31DBE37B404 for ; Thu, 25 Apr 2002 12:49:05 -0700 (PDT) Received: (qmail 76482 invoked by uid 100); 25 Apr 2002 19:49:02 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15560.23981.666822.907348@guru.mired.org> Date: Thu, 25 Apr 2002 14:49:01 -0500 To: Doug White Cc: hackers@freebsd.org, Miguel Mendez , Edwin Groothuis Subject: Re: missing libraries, and how to find them. In-Reply-To: <20020425121126.V65107-100000@resnet.uoregon.edu> References: <15560.17504.878501.315464@guru.mired.org> <20020425121126.V65107-100000@resnet.uoregon.edu> X-Mailer: VM 6.90 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG% *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\ From: Mike Meyer X-Delivery-Agent: TMDA/0.52 (Python 2.2 on FreeBSD/i386) Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In <20020425121126.V65107-100000@resnet.uoregon.edu>, Doug White typed: > Mike: 'mired.org' has some bogus DNS entries floating around. Is it a new > domain? I can't send mail to it since it has no records at all. No, it's not a new domain. It's over two years old. I find entries for it on servers that are totally unrelated to it: guru% dig @ns.idiom.com mired.org ; <<>> DiG 8.3 <<>> @ns.idiom.com mired.org ; (1 server found) ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3 ;; QUERY SECTION: ;; mired.org, type = A, class = IN ;; ANSWER SECTION: mired.org. 20M IN A 64.192.6.133 [Authority and additional sections deleted] > On Thu, 25 Apr 2002, Mike Meyer wrote: > > > Yes, but when lib c depends on lib d, your script won't pick it up. > > The patches to ldd will. They will recurse on down forever. > I realize this is probably extremely rare, but does it catch circular > dependencies? You don't want it looping off into forever. It lists both libraries once, showing the dependencies between them. When it finds a library, it adds it to the list if it isn't already on it. It keeps listing what's in a library until all of them are listed. http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Thu Apr 25 12:54: 4 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from smtp06.wxs.nl (smtp06.wxs.nl [195.121.6.58]) by hub.freebsd.org (Postfix) with ESMTP id 141A237B430 for ; Thu, 25 Apr 2002 12:53:51 -0700 (PDT) Received: from there ([80.60.248.65]) by smtp06.wxs.nl (Netscape Messaging Server 4.15) with SMTP id GV539P01.AM4 for ; Thu, 25 Apr 2002 21:53:49 +0200 Content-Type: text/plain; charset="iso-8859-1" From: "Peter J. Blok" To: freebsd-hackers@freebsd.org Subject: Updating to stable Date: Thu, 25 Apr 2002 21:53:48 +0200 X-Mailer: KMail [version 1.3.2] MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: <20020425195351.141A237B430@hub.freebsd.org> Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi, I recently installed a 4.5-RELEASE system on intel and cvsup'ed it to 4.5-STABLE. The make buildworld failed because it was not able to find certain defines in the include files. This is no the first time I have encountered this. The work-around is to copy the include files to /usr/include and do the buildworld again. Sometimes you have to copy complete libraries to make it work. Once I have installed everything with an installworld and repeat the process, everything works fine. Am I doing something wrong? I have seen some postings about cross-compiling and in my opinion the dependancy on /usr/include could be deadly. On the system I use right now I cvsup on a regular bases and I don't have the problem. However I always do a buildworld and installworld twice. Thought? Opinions? Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Thu Apr 25 13:14:51 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mailout.informatik.tu-muenchen.de (mailout.informatik.tu-muenchen.de [131.159.0.5]) by hub.freebsd.org (Postfix) with ESMTP id 60B4537B404 for ; Thu, 25 Apr 2002 13:14:47 -0700 (PDT) Received: from mailrelay1.informatik.tu-muenchen.de (mailrelay.informatik.tu-muenchen.de [131.159.2.33]) by mailout.informatik.tu-muenchen.de (Postfix) with ESMTP id 60BC261C8 for ; Thu, 25 Apr 2002 22:14:46 +0200 (MEST) Received: from atrbg11.informatik.tu-muenchen.de (atrbg11.informatik.tu-muenchen.de [131.159.24.91]) by mailrelay1.informatik.tu-muenchen.de (Postfix) with ESMTP id 464357946 for ; Thu, 25 Apr 2002 22:14:46 +0200 (MEST) Received: by atrbg11.informatik.tu-muenchen.de (Postfix, from userid 20455) id E1111139B3; Thu, 25 Apr 2002 22:14:45 +0200 (CEST) Date: Thu, 25 Apr 2002 22:14:45 +0200 From: Daniel Lang To: freebsd-hackers@freebsd.org Subject: Re: 4.5-STABLE panicks ... KVA_PAGES the solution? Message-ID: <20020425201445.GA87785@atrbg11.informatik.tu-muenchen.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.27i X-Geek: GCS/CC d-- s: a- C++$ UBS++++$ P+++$ L- E-(---) W+++(--) N++ o K w--- O? M? V? PS+(++) PE--(+) Y+ PGP+ t++ 5+++ X R+(-) tv+ b+ DI++ D++ G++ e+++ h---(-) r++>+++ y+ Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi, "Marc G. Fournier" wrote, [..] > So, I have plenty of swapspace left, lots of idle CPU and a whole whack > > Someone suggested setting KVA_PAGES higher then the default for > this, but, as this is a production server, and its not something I've ever > played with, I'd like to know what the ramifications are ... > > The server has 3Gig of RAM now ... according to opt_global.h, > KVA_PAGES is set to 256 (1G) right now ... but if its 1G by default, how > does a system withi <1G of RAM in it "work"? Or does this limit something > else altogether? I'm not finding any good 'reading material' on this so > far, but from waht I found through a search, it seems that its recommended > to be set to 768(3G) vs 256(1G)? [..] KVA_PAGES only determines the kernels _address space_, and thus limits the amount of memory the kernel can use. If you have lower system memory (which does not mean you don't have less virtual memory, but even then...) its not a problem. If you raise the KVA_PAGES to 3 GB, you have only 1GB left for userland (again, address space, not memory), since 32bit architectures can only address 4GB of memory. I'm not sure about your problem, maybe an increase of KVA_SPACE could be a solution. Try 512 first, so you have 2GB for kernel and userland each. HTH, Daniel -- IRCnet: Mr-Spock - Cool people don't move, they just hang around. - Daniel Lang * dl@leo.org * ++49 89 289 25735 * http://www.leo.org/~dl/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Thu Apr 25 14:12: 7 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from topaz.mdcc.cx (topaz.mdcc.cx [212.204.230.141]) by hub.freebsd.org (Postfix) with ESMTP id 7A9A137B41C for ; Thu, 25 Apr 2002 14:11:55 -0700 (PDT) Received: from k7.mavetju.org (topaz.mdcc.cx [212.204.230.141]) by topaz.mdcc.cx (Postfix) with ESMTP id D5C772B83B; Thu, 25 Apr 2002 23:11:50 +0200 (CEST) Received: by k7.mavetju.org (Postfix, from userid 1001) id 1A5A3138; Fri, 26 Apr 2002 07:12:54 +1000 (EST) Date: Fri, 26 Apr 2002 07:12:54 +1000 From: Edwin Groothuis To: Doug White Cc: hackers@freebsd.org Subject: Re: missing libraries, and how to find them. Message-ID: <20020426071254.A56545@k7.mavetju.org> References: <15560.17504.878501.315464@guru.mired.org> <20020425121126.V65107-100000@resnet.uoregon.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020425121126.V65107-100000@resnet.uoregon.edu>; from dwhite@resnet.uoregon.edu on Thu, Apr 25, 2002 at 12:14:08PM -0700 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, Apr 25, 2002 at 12:14:08PM -0700, Doug White wrote: > On Thu, 25 Apr 2002, Mike Meyer wrote: > > > Yes, but when lib c depends on lib d, your script won't pick it up. > > The patches to ldd will. They will recurse on down forever. > > I realize this is probably extremely rare, but does it catch circular > dependencies? You don't want it looping off into forever. It does. Well, rtld.c did it already. All this patch is adding a little more output, I've done nothing with the for-constructions in it. Edwin -- Edwin Groothuis | Personal website: http://www.MavEtJu.org edwin@mavetju.org | Interested in MUDs? Visit Fatal Dimensions: bash$ :(){ :|:&};: | http://www.FatalDimensions.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Thu Apr 25 14:15:33 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from topaz.mdcc.cx (topaz.mdcc.cx [212.204.230.141]) by hub.freebsd.org (Postfix) with ESMTP id AE25B37B41A for ; Thu, 25 Apr 2002 14:15:22 -0700 (PDT) Received: from k7.mavetju.org (topaz.mdcc.cx [212.204.230.141]) by topaz.mdcc.cx (Postfix) with ESMTP id 4D9492B83B; Thu, 25 Apr 2002 23:15:20 +0200 (CEST) Received: by k7.mavetju.org (Postfix, from userid 1001) id 5B814AD; Fri, 26 Apr 2002 07:16:23 +1000 (EST) Date: Fri, 26 Apr 2002 07:16:23 +1000 From: Edwin Groothuis To: Mike Meyer Cc: freebsd-hackers@freebsd.org Subject: Re: missing libraries, and how to find them. Message-ID: <20020426071623.B56545@k7.mavetju.org> Mail-Followup-To: Edwin Groothuis , Mike Meyer , freebsd-hackers@freebsd.org References: <20020425210202.A49377@k7.mavetju.org> <15560.15376.527441.682769@guru.mired.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <15560.15376.527441.682769@guru.mired.org>; from mwm-dated-1020187536.d5d33f@mired.org on Thu, Apr 25, 2002 at 12:25:36PM -0500 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, Apr 25, 2002 at 12:25:36PM -0500, Mike Meyer wrote: > In <20020425210202.A49377@k7.mavetju.org>, Edwin Groothuis typed: > > Why didn't ldd tell me which lib it was which was failing? > > With this idea in mind I've submitted PR bin/37448: [PATCH] ldd/rtld > > My version of this - bin/30908 - has already been committed to > -CURRENT. I just sent a note to the person who committed it asking > them to MFC it. I wasn't aware that Solaris already used a flag; you > might want to submit a patch that changes the name of the flag. Aha, that one does the same, seems mine can be closed already :-) Edwin -- Edwin Groothuis | Personal website: http://www.MavEtJu.org edwin@mavetju.org | Interested in MUDs? Visit Fatal Dimensions: bash$ :(){ :|:&};: | http://www.FatalDimensions.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Thu Apr 25 14:31:17 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from winston.freebsd.org (adsl-64-173-15-98.dsl.sntc01.pacbell.net [64.173.15.98]) by hub.freebsd.org (Postfix) with ESMTP id 207E537B41F for ; Thu, 25 Apr 2002 14:31:13 -0700 (PDT) Received: from winston.freebsd.org (jkh@localhost [127.0.0.1]) by winston.freebsd.org (8.12.2/8.12.2) with ESMTP id g3PLV67W003976; Thu, 25 Apr 2002 14:31:06 -0700 (PDT) (envelope-from jkh@winston.freebsd.org) To: Dag-Erling Smorgrav Cc: hackers@freebsd.org Subject: Re: Erm, since everyone managed to HIJACK my sshd thread! ;) In-Reply-To: Message from Dag-Erling Smorgrav of "25 Apr 2002 18:56:11 +0200." Date: Thu, 25 Apr 2002 14:31:06 -0700 Message-ID: <3975.1019770266@winston.freebsd.org> From: Jordan Hubbard Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG That was uncalled for. > Dag-Erling Smorgrav writes: > > -hackers is not the appropriate forum for code review. The patch is > > incorrect and should be backed out. > > Never mind, I did it myself. > > DES > -- > Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Thu Apr 25 16:38:11 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from tomts6-srv.bellnexxia.net (tomts6.bellnexxia.net [209.226.175.26]) by hub.freebsd.org (Postfix) with ESMTP id 4616537B404; Thu, 25 Apr 2002 16:38:01 -0700 (PDT) Received: from shall.anarcat.dyndns.org ([65.94.187.200]) by tomts6-srv.bellnexxia.net (InterMail vM.5.01.04.05 201-253-122-122-105-20011231) with ESMTP id <20020425233800.DOFI7852.tomts6-srv.bellnexxia.net@shall.anarcat.dyndns.org>; Thu, 25 Apr 2002 19:38:00 -0400 Received: from lenny.anarcat.dyndns.org (lenny.anarcat.dyndns.org [192.168.0.4]) by shall.anarcat.dyndns.org (Postfix) with SMTP id 607EB56; Thu, 25 Apr 2002 19:37:17 -0400 (EDT) Received: by lenny.anarcat.dyndns.org (sSMTP sendmail emulation); Thu, 25 Apr 2002 19:36:57 -0400 Date: Thu, 25 Apr 2002 19:36:57 -0400 From: The Anarcat To: Terry Lambert Cc: Antoine Beaupre , hackers@FreeBSD.org, freebsd-libh@FreeBSD.org Subject: Re: packaging base Message-ID: <20020425233657.GE14538@lenny.anarcat.dyndns.org> Mail-Followup-To: The Anarcat , Terry Lambert , Antoine Beaupre , hackers@FreeBSD.org, freebsd-libh@FreeBSD.org References: <3CC73F29.1C6B1DA2@mindspring.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="o0ZfoUVt4BxPQnbU" Content-Disposition: inline In-Reply-To: <3CC73F29.1C6B1DA2@mindspring.com> User-Agent: Mutt/1.3.27i Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --o0ZfoUVt4BxPQnbU Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed Apr 24, 2002 at 04:26:33PM -0700, Terry Lambert wrote: > Antoine Beaupre wrote: > > Le Mercredi 24 avril 2002, =E0 11:12 , Mike Meyer a =E9crit : > > > Your simple shell script has to prompt for floppies. That needs UI > > > code. The people who know have decided that the current UI code isn't > > > up to snuff. Hence libh. > >=20 > > Come on.. The current package system and sysinstall are quite good at > > prompting for a simple yes/no question. The issue is really not there, I > > think. >=20 > Actually, the prompting is problematic. All such questions should, > by definition, be front-loaded. Otherwise, you have to babysit the > installation process, which is never a good thing. Yes. But right now, that's how it's made anyways. My point is that it's not related to packaging base. =20 > But that's beside the point: basically, any HCI (Human Computer > Interaction) is, by definition, through a UI. >=20 > > Libh is developping a UI, fine. But we need to develop a way to package > > base efficiently. >=20 > A good first start would be to have it be composed of packages > instead of distfiles, and to have a mandatory/optional flag. Yes. If the base Makfiles were setup to generate packages instead of distros, I think a lot of people would be much happier. > Actually, wasn't Eric Melville already dealing with this? You're probably referring to the binup project? Well I haven't seen much come out of the project lately, so I wonder... > > I'm concerned with getting base packaged. It shouldn't be too hard to > > package base in either libh or classic pkgtools once the framework is in > > place. > >=20 > > I'm concerned that since libh doesn't currently aim at handling the > > current bin.xx brute-force system, it will need base to be packaged in > > order to install a running system. >=20 > That's an incredibly positive thing (IMO). Yup. A. --=20 Why bother building more nukes until we use the ones we already have? --o0ZfoUVt4BxPQnbU Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjzIkxgACgkQttcWHAnWiGdH+gCeIuzRtvmLng7Af4UV7uUXKsGH ursAn2hQN9lUOR274cN/iSW7Ux3BAuyl =qY7M -----END PGP SIGNATURE----- --o0ZfoUVt4BxPQnbU-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Thu Apr 25 16:43:30 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from dignus.com (sdsl-64-32-254-102.dsl.iad.megapath.net [64.32.254.102]) by hub.freebsd.org (Postfix) with ESMTP id B97EC37B400 for ; Thu, 25 Apr 2002 16:43:25 -0700 (PDT) Received: from lakes.dignus.com (lakes.dignus.com [10.0.0.3]) by dignus.com (8.11.6/8.11.3) with ESMTP id g3PNdKA04113; Thu, 25 Apr 2002 19:39:20 -0400 (EDT) (envelope-from rivers@dignus.com) Received: (from rivers@localhost) by lakes.dignus.com (8.11.6/8.11.3) id g3PNetf53604; Thu, 25 Apr 2002 19:40:55 -0400 (EDT) (envelope-from rivers) Date: Thu, 25 Apr 2002 19:40:55 -0400 (EDT) From: Thomas David Rivers Message-Id: <200204252340.g3PNetf53604@lakes.dignus.com> To: freebsd-hackers@freebsd.org, t.pagtzis@cs.ucl.ac.uk Subject: Re: locale problems with linux 7.1 base upgrade In-Reply-To: <3CB68933.B3171843@cs.ucl.ac.uk> Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Theo Pagtzis wrote: > > Hi all, > > I upgraded to linux 7.1 base successfully for the purposes of getting > linux java 1.4. The upgrade has created a consistent problem with the > locale for any application that I am running. > > These applications are so far, Netscape and java 1.4 runtime. I have > tried to set the XNLSPATH to some nls folder while I also tried a couple > of en_US locales setup with LANG env var. > > Does somebody have any tips as to how to resolve this problem since it > is a major showstopper for any application that makes use of locales, > i.e. the application crashes as soon as it is run. > > I am running 4.5 STABLE and netscape is either 4.76 4.78 4.79 (the last > two are linux based) Was there any resolution to this issue? I'm having exactly the same problem on 4.5-RELEASE (and XF86 4.2.) If someone actually _is_ using Netscape on 4.5-RELEASE with XF86 4.2, could they let me in on how they accomplished it? - Thanks! - - Dave Rivers - -- rivers@dignus.com Work: (919) 676-0847 Get your mainframe programming tools at http://www.dignus.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Thu Apr 25 22:54:31 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from bells.cs.ucl.ac.uk (bells.cs.ucl.ac.uk [128.16.5.31]) by hub.freebsd.org (Postfix) with SMTP id 0B8DC37B417 for ; Thu, 25 Apr 2002 22:54:28 -0700 (PDT) Received: from bohemian.cs.ucl.ac.uk by bells.cs.ucl.ac.uk with local SMTP id ; Fri, 26 Apr 2002 06:54:03 +0100 Message-ID: <3CC8EB7B.F38F10A8@cs.ucl.ac.uk> Date: Fri, 26 Apr 2002 06:54:03 +0100 From: Theo Pagtzis Reply-To: t.pagtzis@cs.ucl.ac.uk Organization: UCL/Mobile Systems Group X-Mailer: Mozilla 4.76 [en] (X11; U; FreeBSD 4.4-STABLE i386) X-Accept-Language: el, en MIME-Version: 1.0 To: Thomas David Rivers Cc: freebsd-hackers@freebsd.org Subject: Re: locale problems with linux 7.1 base upgrade References: <200204252340.g3PNetf53604@lakes.dignus.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Have not seen a solution so far but then again I could be missing something. If anybody has solved the problem please let me know as it is a bit annoying.. Cheers Theo Thomas David Rivers wrote: > > Theo Pagtzis wrote: > > > > Hi all, > > > > I upgraded to linux 7.1 base successfully for the purposes of getting > > linux java 1.4. The upgrade has created a consistent problem with the > > locale for any application that I am running. > > > > These applications are so far, Netscape and java 1.4 runtime. I have > > tried to set the XNLSPATH to some nls folder while I also tried a couple > > of en_US locales setup with LANG env var. > > > > Does somebody have any tips as to how to resolve this problem since it > > is a major showstopper for any application that makes use of locales, > > i.e. the application crashes as soon as it is run. > > > > I am running 4.5 STABLE and netscape is either 4.76 4.78 4.79 (the last > > two are linux based) > > > Was there any resolution to this issue? I'm having exactly > the same problem on 4.5-RELEASE (and XF86 4.2.) > > If someone actually _is_ using Netscape on 4.5-RELEASE with XF86 4.2, > could they let me in on how they accomplished it? > > - Thanks! - > - Dave Rivers - > > -- > rivers@dignus.com Work: (919) 676-0847 > Get your mainframe programming tools at http://www.dignus.com > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Fri Apr 26 2:24:36 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65]) by hub.freebsd.org (Postfix) with ESMTP id 1403C37B405 for ; Fri, 26 Apr 2002 02:24:26 -0700 (PDT) Received: (from ru@localhost) by whale.sunbay.crimea.ua (8.11.6/8.11.2) id g3Q9Nnn25337; Fri, 26 Apr 2002 12:23:49 +0300 (EEST) (envelope-from ru) Date: Fri, 26 Apr 2002 12:23:49 +0300 From: Ruslan Ermilov To: Dmitry Mottl Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: make installworld failed on 4.0-RELEASE Message-ID: <20020426092349.GB18917@sunbay.com> References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="TakKZr9L6Hm6aLOc" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.27i Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --TakKZr9L6Hm6aLOc Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Apr 23, 2002 at 11:50:41AM +0400, Dmitry Mottl wrote: > Hi! > I have a problem upgrading 4.0-RELEASE to 4-STABLE from remotely > mounted /usr/src and /usr/obj: > ELF binary type not known. Use "brandelf" to brand it >=20 > Why? >=20 Hmm, I saw this problem earlier, but a bit later in installworld, after /bin/sh was already installed. The problem is install(1) is using /bin/sh directly, not the correct "sh" from $PATH. The workaround was to temporarily exclude "sh" from the SUBDIR list in src/bin/Makefile. The solution is to fix install(1), and I'm working on this. The next stopper was makewhatis(1) script which also suffers from executing /usr/bin/perl (with incompatible ELF branding when upgrading from 4.0). Unfortunately, there's not an easy solution to this, but this "breakage" is harmless, as it is executed as the last part of installworld, and is not essential. > =3D=3D=3D > # cd /usr/src; make installworld >=20 > [skipped] > -------------------------------------------------------------- > >>> Installing everything.. > -------------------------------------------------------------- > cd /usr/src; make -f Makefile.inc1 install > =3D=3D=3D> share/info > =3D=3D=3D> include > if [ -h /usr/include/cam ]; then rm -f /usr/include/cam; fi > if [ -h /usr/include/msdosfs ]; then rm -f /usr/include/msdosfs; fi > if [ -h /usr/include/net ]; then rm -f /usr/include/net; fi > if [ -h /usr/include/netatalk ]; then rm -f /usr/include/netatalk; fi > if [ -h /usr/include/netatm ]; then rm -f /usr/include/netatm; fi > if [ -h /usr/include/netgraph ]; then rm -f /usr/include/netgraph; fi > if [ -h /usr/include/netinet ]; then rm -f /usr/include/netinet; fi > if [ -h /usr/include/netinet6 ]; then rm -f /usr/include/netinet6; fi > if [ -h /usr/include/netipx ]; then rm -f /usr/include/netipx; fi > if [ -h /usr/include/netkey ]; then rm -f /usr/include/netkey; fi > if [ -h /usr/include/netnatm ]; then rm -f /usr/include/netnatm; fi > if [ -h /usr/include/netncp ]; then rm -f /usr/include/netncp; fi > if [ -h /usr/include/netns ]; then rm -f /usr/include/netns; fi > if [ -h /usr/include/netsmb ]; then rm -f /usr/include/netsmb; fi > if [ -h /usr/include/nfs ]; then rm -f /usr/include/nfs; fi > if [ -h /usr/include/ntfs ]; then rm -f /usr/include/ntfs; fi > if [ -h /usr/include/nwfs ]; then rm -f /usr/include/nwfs; fi > if [ -h /usr/include/pccard ]; then rm -f /usr/include/pccard; fi > if [ -h /usr/include/posix4 ]; then rm -f /usr/include/posix4; fi > if [ -h /usr/include/sys ]; then rm -f /usr/include/sys; fi > if [ -h /usr/include/vm ]; then rm -f /usr/include/vm; fi > if [ -h /usr/include/fs/smbfs ]; then rm -f /usr/include/fs/smbfs; fi > if [ -h /usr/include/isofs/cd9660 ]; then rm -f > /usr/include/isofs/cd9660; fi > if [ -h /usr/include/ufs/ffs ]; then rm -f /usr/include/ufs/ffs; fi > if [ -h /usr/include/ufs/mfs ]; then rm -f /usr/include/ufs/mfs; fi > if [ -h /usr/include/ufs/ufs ]; then rm -f /usr/include/ufs/ufs; fi > if [ -h /usr/include/dev/ppbus ]; then rm -f /usr/include/dev/ppbus; > fi > if [ -h /usr/include/dev/usb ]; then rm -f /usr/include/dev/usb; fi > if [ -h /usr/include/machine ]; then rm -f /usr/include/machine; fi > mtree -deU -f /usr/src/include/../etc/mtree/BSD.include.dist -p > /usr/include > cd /usr/src/include/../sys; install -C -o root -g wheel -m 444 cam/*.h > /usr/include/cam > ELF binary type not known. Use "brandelf" to brand it. > Abort trap > *** Error code 134 >=20 > Stop in /usr/src/include. > *** Error code 1 >=20 > Stop in /usr/src. > *** Error code 1 >=20 > Stop in /usr/src. > *** Error code 1 >=20 > Stop in /usr/src. > *** Error code 1 >=20 > Stop in /usr/src. > =3D=3D=3D --=20 Ruslan Ermilov Sysadmin and DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age --TakKZr9L6Hm6aLOc Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8yRylUkv4P6juNwoRAku0AJwNyLIw16vlTCdk88ZvfbzOjVcfpACdGvLb Osd0PMUrlP9BIgAshyhN2dk= =a+sq -----END PGP SIGNATURE----- --TakKZr9L6Hm6aLOc-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Fri Apr 26 6: 9:41 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from dignus.com (sdsl-64-32-254-102.dsl.iad.megapath.net [64.32.254.102]) by hub.freebsd.org (Postfix) with ESMTP id 1C93337B416 for ; Fri, 26 Apr 2002 06:09:31 -0700 (PDT) Received: from lakes.dignus.com (lakes.dignus.com [10.0.0.3]) by dignus.com (8.11.6/8.11.3) with ESMTP id g3QD5WA08900; Fri, 26 Apr 2002 09:05:32 -0400 (EDT) (envelope-from rivers@dignus.com) Received: (from rivers@localhost) by lakes.dignus.com (8.11.6/8.11.3) id g3QD7BX61912; Fri, 26 Apr 2002 09:07:11 -0400 (EDT) (envelope-from rivers) Date: Fri, 26 Apr 2002 09:07:11 -0400 (EDT) From: Thomas David Rivers Message-Id: <200204261307.g3QD7BX61912@lakes.dignus.com> To: freebsd-hackers@freebsd.org, rivers@dignus.com Subject: pptp client? Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I posted something on -questions, and got no reply... so, let me try here... Has _anyone_ been successfull at getting a pptp client connection to a Microsoft VPN server? I've - at last - gotten through two of the big hurdles, 1) Clearing the firewall to allow this to pass and 2) Getting the CHAP authentication to work. Now - right after it authenticates, I have the following in /var/log/ppp.log... and, as you can see, the link simply dies. My /etc/ppp/ppp.conf has: label: enable MSChap set authname XXXX set authkey YYYY set timeout 0 set ifaddr 0 0 alias enable yes And, here's the /var/log/ppp.log. *Any* pointers would be greatly appreciated! - Thanks! - - Dave Rivers - Apr 26 08:57:54 office ppp[294]: tun1: LCP: deflink: SendIdent(1) state = Opened Apr 26 08:57:54 office ppp[294]: tun1: Phase: bundle: Authenticate Apr 26 08:57:54 office ppp[294]: tun1: Phase: deflink: his = CHAP 0x80, mine = CHAP 0x80 Apr 26 08:57:54 office ppp[294]: tun1: Phase: Chap Output: CHALLENGE Apr 26 08:57:54 office ppp[294]: tun1: Phase: Chap Input: CHALLENGE (8 bytes from USRSVPN1) Apr 26 08:57:54 office ppp[294]: tun1: Phase: Chap Output: RESPONSE (XXXX) Apr 26 08:57:55 office ppp[294]: tun1: Phase: Chap Input: SUCCESS Apr 26 08:57:55 office ppp[294]: tun1: LCP: deflink: RecvConfigReq(4) state = Opened Apr 26 08:57:55 office ppp[294]: tun1: LCP: deflink: LayerDown Apr 26 08:57:55 office ppp[294]: tun1: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x80) Apr 26 08:57:55 office ppp[294]: tun1: LCP: MAGICNUM[6] 0x25240cb9 Apr 26 08:57:55 office ppp[294]: tun1: LCP: PROTOCOMP[2] Apr 26 08:57:55 office ppp[294]: tun1: LCP: ACFCOMP[2] Apr 26 08:57:55 office ppp[294]: tun1: LCP: CALLBACK[3] CBCP Apr 26 08:57:55 office ppp[294]: tun1: LCP: MRRU[4] 1614 Apr 26 08:57:55 office ppp[294]: tun1: LCP: ENDDISC[9] MAC 00:80:5f:95:ae:21 Apr 26 08:57:55 office ppp[294]: tun1: LCP: LDBACP[4] 1fac Apr 26 08:57:55 office ppp[294]: tun1: LCP: deflink: SendConfigReq(2) state = Opened Apr 26 08:57:55 office ppp[294]: tun1: LCP: ACFCOMP[2] Apr 26 08:57:55 office ppp[294]: tun1: LCP: PROTOCOMP[2] Apr 26 08:57:55 office ppp[294]: tun1: LCP: ACCMAP[6] 0x00000000 Apr 26 08:57:55 office ppp[294]: tun1: LCP: MRU[4] 1500 Apr 26 08:57:55 office ppp[294]: tun1: LCP: MAGICNUM[6] 0xb6abbad9 Apr 26 08:57:55 office ppp[294]: tun1: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x80) Apr 26 08:57:55 office ppp[294]: tun1: LCP: deflink: SendConfigRej(4) state = Opened Apr 26 08:57:55 office ppp[294]: tun1: LCP: CALLBACK[3] CBCP Apr 26 08:57:55 office ppp[294]: tun1: LCP: MRRU[4] 1614 Apr 26 08:57:55 office ppp[294]: tun1: LCP: LDBACP[4] 1fac Apr 26 08:57:55 office ppp[294]: tun1: LCP: Sending ident magic b6abbad9 text user-ppp 2.3.2 (built Sep 18 2001) Apr 26 08:57:55 office ppp[294]: tun1: LCP: deflink: SendIdent(2) state = Opened Apr 26 08:57:55 office ppp[294]: tun1: LCP: deflink: State change Opened --> Req-Sent Apr 26 08:57:55 office ppp[294]: tun1: LCP: deflink: RecvConfigRej(2) state = Req-Sent Apr 26 08:57:55 office ppp[294]: tun1: LCP: Sending ident magic b6abbad9 text user-ppp 2.3.2 (built Sep 18 2001) Apr 26 08:57:55 office ppp[294]: tun1: LCP: deflink: SendIdent(3) state = Req-Sent Apr 26 08:57:55 office ppp[294]: tun1: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x80) Apr 26 08:57:55 office ppp[294]: tun1: LCP: deflink: SendConfigReq(3) state = Req-Sent Apr 26 08:57:55 office ppp[294]: tun1: LCP: ACFCOMP[2] Apr 26 08:57:55 office ppp[294]: tun1: LCP: PROTOCOMP[2] Apr 26 08:57:55 office ppp[294]: tun1: LCP: ACCMAP[6] 0x00000000 Apr 26 08:57:55 office ppp[294]: tun1: LCP: MRU[4] 1500 Apr 26 08:57:55 office ppp[294]: tun1: LCP: MAGICNUM[6] 0xb6abbad9 Apr 26 08:57:55 office ppp[294]: tun1: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x80) Apr 26 08:57:55 office ppp[294]: tun1: LCP: deflink: RecvConfigReq(5) state = Req-Sent Apr 26 08:57:55 office ppp[294]: tun1: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x80) Apr 26 08:57:55 office ppp[294]: tun1: LCP: MAGICNUM[6] 0x25240cb9 Apr 26 08:57:55 office ppp[294]: tun1: LCP: PROTOCOMP[2] Apr 26 08:57:55 office ppp[294]: tun1: LCP: ACFCOMP[2] Apr 26 08:57:55 office ppp[294]: tun1: LCP: ENDDISC[9] MAC 00:80:5f:95:ae:21 Apr 26 08:57:55 office ppp[294]: tun1: LCP: deflink: SendConfigAck(5) state = Req-Sent Apr 26 08:57:55 office ppp[294]: tun1: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x80) Apr 26 08:57:55 office ppp[294]: tun1: LCP: MAGICNUM[6] 0x25240cb9 Apr 26 08:57:55 office ppp[294]: tun1: LCP: PROTOCOMP[2] Apr 26 08:57:55 office ppp[294]: tun1: LCP: ACFCOMP[2] Apr 26 08:57:55 office ppp[294]: tun1: LCP: ENDDISC[9] MAC 00:80:5f:95:ae:21 Apr 26 08:57:55 office ppp[294]: tun1: LCP: deflink: State change Req-Sent --> Ack-Sent Apr 26 08:57:55 office ppp[294]: tun1: LCP: deflink: RecvConfigRej(3) state = Ack-Sent Apr 26 08:57:55 office ppp[294]: tun1: LCP: Sending ident magic b6abbad9 text user-ppp 2.3.2 (built Sep 18 2001) Apr 26 08:57:55 office ppp[294]: tun1: LCP: deflink: SendIdent(4) state = Ack-Sent Apr 26 08:57:55 office ppp[294]: tun1: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x80) Apr 26 08:57:55 office ppp[294]: tun1: LCP: deflink: SendConfigReq(4) state = Ack-Sent Apr 26 08:57:55 office ppp[294]: tun1: LCP: ACFCOMP[2] Apr 26 08:57:55 office ppp[294]: tun1: LCP: PROTOCOMP[2] Apr 26 08:57:55 office ppp[294]: tun1: LCP: ACCMAP[6] 0x00000000 Apr 26 08:57:55 office ppp[294]: tun1: LCP: MRU[4] 1500 Apr 26 08:57:55 office ppp[294]: tun1: LCP: MAGICNUM[6] 0xb6abbad9 Apr 26 08:57:55 office ppp[294]: tun1: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x80) Apr 26 08:57:55 office ppp[294]: tun1: LCP: deflink: RecvConfigRej(4) state = Ack-Sent Apr 26 08:57:55 office ppp[294]: tun1: LCP: Sending ident magic b6abbad9 text user-ppp 2.3.2 (built Sep 18 2001) Apr 26 08:57:55 office ppp[294]: tun1: LCP: deflink: SendIdent(5) state = Ack-Sent Apr 26 08:57:55 office ppp[294]: tun1: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x80) Apr 26 08:57:55 office ppp[294]: tun1: LCP: deflink: SendConfigReq(5) state = Ack-Sent Apr 26 08:57:55 office ppp[294]: tun1: LCP: ACFCOMP[2] Apr 26 08:57:55 office ppp[294]: tun1: LCP: PROTOCOMP[2] Apr 26 08:57:55 office ppp[294]: tun1: LCP: ACCMAP[6] 0x00000000 Apr 26 08:57:55 office ppp[294]: tun1: LCP: MRU[4] 1500 Apr 26 08:57:55 office ppp[294]: tun1: LCP: MAGICNUM[6] 0xb6abbad9 Apr 26 08:57:55 office ppp[294]: tun1: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x80) Apr 26 08:57:55 office ppp[294]: tun1: LCP: deflink: RecvConfigRej(5) state = Ack-Sent Apr 26 08:57:55 office ppp[294]: tun1: LCP: Sending ident magic b6abbad9 text user-ppp 2.3.2 (built Sep 18 2001) Apr 26 08:57:55 office ppp[294]: tun1: LCP: deflink: SendIdent(6) state = Ack-Sent Apr 26 08:57:55 office ppp[294]: tun1: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x80) Apr 26 08:57:55 office ppp[294]: tun1: LCP: deflink: SendConfigReq(6) state = Ack-Sent Apr 26 08:57:55 office ppp[294]: tun1: LCP: ACFCOMP[2] Apr 26 08:57:55 office ppp[294]: tun1: LCP: PROTOCOMP[2] Apr 26 08:57:55 office ppp[294]: tun1: LCP: ACCMAP[6] 0x00000000 Apr 26 08:57:55 office ppp[294]: tun1: LCP: MRU[4] 1500 Apr 26 08:57:55 office ppp[294]: tun1: LCP: MAGICNUM[6] 0xb6abbad9 Apr 26 08:57:55 office ppp[294]: tun1: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x80) Apr 26 08:57:55 office ppp[294]: tun1: LCP: deflink: RecvConfigRej(6) state = Ack-Sent Apr 26 08:57:55 office ppp[294]: tun1: LCP: Sending ident magic b6abbad9 text user-ppp 2.3.2 (built Sep 18 2001) Apr 26 08:57:55 office ppp[294]: tun1: LCP: deflink: SendIdent(7) state = Ack-Sent Apr 26 08:57:55 office ppp[294]: tun1: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x80) Apr 26 08:57:55 office ppp[294]: tun1: LCP: deflink: SendConfigReq(7) state = Ack-Sent Apr 26 08:57:55 office ppp[294]: tun1: LCP: ACFCOMP[2] Apr 26 08:57:55 office ppp[294]: tun1: LCP: PROTOCOMP[2] Apr 26 08:57:55 office ppp[294]: tun1: LCP: ACCMAP[6] 0x00000000 Apr 26 08:57:55 office ppp[294]: tun1: LCP: MRU[4] 1500 Apr 26 08:57:55 office ppp[294]: tun1: LCP: MAGICNUM[6] 0xb6abbad9 Apr 26 08:57:55 office ppp[294]: tun1: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x80) Apr 26 08:57:55 office ppp[294]: tun1: LCP: deflink: RecvTerminateReq(6) state = Ack-Sent Apr 26 08:57:55 office ppp[294]: tun1: LCP: deflink: SendTerminateAck(6) state = Ack-Sent Apr 26 08:57:55 office ppp[294]: tun1: LCP: deflink: State change Ack-Sent --> Req-Sent Apr 26 08:57:58 office ppp[294]: tun1: LCP: deflink: SendConfigReq(7) state = Req-Sent Apr 26 08:57:58 office ppp[294]: tun1: LCP: ACFCOMP[2] Apr 26 08:57:58 office ppp[294]: tun1: LCP: PROTOCOMP[2] Apr 26 08:57:58 office ppp[294]: tun1: LCP: ACCMAP[6] 0x00000000 Apr 26 08:57:58 office ppp[294]: tun1: LCP: MRU[4] 1500 Apr 26 08:57:58 office ppp[294]: tun1: LCP: MAGICNUM[6] 0xb6abbad9 Apr 26 08:57:58 office ppp[294]: tun1: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x80) Apr 26 08:58:01 office ppp[294]: tun1: LCP: deflink: SendConfigReq(7) state = Req-Sent Apr 26 08:58:01 office ppp[294]: tun1: LCP: ACFCOMP[2] Apr 26 08:58:01 office ppp[294]: tun1: LCP: PROTOCOMP[2] Apr 26 08:58:01 office ppp[294]: tun1: LCP: ACCMAP[6] 0x00000000 Apr 26 08:58:01 office ppp[294]: tun1: LCP: MRU[4] 1500 Apr 26 08:58:01 office ppp[294]: tun1: LCP: MAGICNUM[6] 0xb6abbad9 Apr 26 08:58:01 office ppp[294]: tun1: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x80) Apr 26 08:58:04 office ppp[294]: tun1: LCP: deflink: SendConfigReq(7) state = Req-Sent Apr 26 08:58:04 office ppp[294]: tun1: LCP: ACFCOMP[2] Apr 26 08:58:04 office ppp[294]: tun1: LCP: PROTOCOMP[2] Apr 26 08:58:04 office ppp[294]: tun1: LCP: ACCMAP[6] 0x00000000 Apr 26 08:58:04 office ppp[294]: tun1: LCP: MRU[4] 1500 Apr 26 08:58:04 office ppp[294]: tun1: LCP: MAGICNUM[6] 0xb6abbad9 Apr 26 08:58:04 office ppp[294]: tun1: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x80) Apr 26 08:58:07 office ppp[294]: tun1: LCP: deflink: SendConfigReq(7) state = Req-Sent Apr 26 08:58:07 office ppp[294]: tun1: LCP: ACFCOMP[2] Apr 26 08:58:07 office ppp[294]: tun1: LCP: PROTOCOMP[2] Apr 26 08:58:07 office ppp[294]: tun1: LCP: ACCMAP[6] 0x00000000 Apr 26 08:58:07 office ppp[294]: tun1: LCP: MRU[4] 1500 Apr 26 08:58:07 office ppp[294]: tun1: LCP: MAGICNUM[6] 0xb6abbad9 Apr 26 08:58:07 office ppp[294]: tun1: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x80) Apr 26 08:58:10 office ppp[294]: tun1: LCP: deflink: LayerFinish Apr 26 08:58:10 office ppp[294]: tun1: LCP: deflink: State change Req-Sent --> Stopped Apr 26 08:58:10 office ppp[294]: tun1: LCP: deflink: State change Stopped --> Closed Apr 26 08:58:10 office ppp[294]: tun1: LCP: deflink: State change Closed --> Initial Apr 26 08:58:10 office ppp[294]: tun1: Phase: deflink: Disconnected! Apr 26 08:58:10 office ppp[294]: tun1: Phase: deflink: Connect time: 20 secs: 519 octets in, 1440 octets out Apr 26 08:58:10 office ppp[294]: tun1: Phase: deflink: : 13 packets in, 26 packets out Apr 26 08:58:10 office ppp[294]: tun1: Phase: total 97 bytes/sec, peak 343 bytes/sec on Fri Apr 26 08:58:10 2002 Apr 26 08:58:10 office ppp[294]: tun1: Phase: deflink: lcp -> closed Apr 26 08:58:10 office ppp[294]: tun1: Phase: bundle: Dead Apr 26 08:58:10 office ppp[294]: tun1: Phase: PPP Terminated (normal). To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Fri Apr 26 6:29:54 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from lugano.procergs.com.br (lugano.procergs.com.br [200.198.128.131]) by hub.freebsd.org (Postfix) with ESMTP id 0D43737B404; Fri, 26 Apr 2002 06:29:46 -0700 (PDT) Received: from localhost.localdomain (unknown [172.28.6.101]) by lugano.procergs.com.br (Postfix) with ESMTP id C8E6A4FEF6; Fri, 26 Apr 2002 10:29:48 -0300 (BRT) Subject: loader From: O Senhor To: freebsd-hackers@freebsd.org Cc: freebsd-questions@freebsd.org Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Ximian Evolution 1.0.3 Date: 26 Apr 2002 10:29:38 -0300 Message-Id: <1019827778.1220.81.camel@ws-tor-004> Mime-Version: 1.0 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG hi, i'm brazilian, and i have one problem that i guess, you can help... i have one freebsd diskless box, running fine! (4.5) but the machine are booting with rom image from floppy. i wanna boot from my hard drive...yes! i have one.. :) i don't wanna download the kernel by the ethernet. then, i did install one freebsd in my hard drive (minimun intallation), and did put my diskless kernel overwrite the old one. i did think that this would works fine... the kernel would be loaded, and the remain procedures would continue working... but do not! the kernel load, run, and ask for the root filesystem... the dhcp server respond, but the root filesystem remains pointing to ufs:/dev/ad0s1a... then, i had tried to boot without loader... directly by the boot2. it works fine. but the top, systat and other programs do not! (FAQ) warning the loader metadata is missing. then, now i now that the loader is the bad guy. it is telling to kernel that the root filesystem is ufs:/dev/ad0s1a... but the boot2 are too. it do not load the metadatas. :) then i had tryed set the variables rootdev and another things in /boot/loader.conf... but do not work! then i boot by loader and before the kernel to be loaded, i press one key, and typed: boot -a then, the kernel ask me for the root filesystem. i type: nfs:10.124.66.21:raiz. and works!!! how can i do this procedure automated???? this fix the problem!!! or to make the boot2 to load the metadata... or another thing.. i did removed the /boot directory and the configurations files to loader... i did let only the loader program... and the ufs:/dev/ad0s1a remains... then, i guess that the variables in loader.conf and defaults/loader.conf are not working. help me! thanks in advance. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Fri Apr 26 7:23:17 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from chiark.greenend.org.uk (chiark.greenend.org.uk [212.22.195.2]) by hub.freebsd.org (Postfix) with ESMTP id 7D6BC37B400 for ; Fri, 26 Apr 2002 07:23:10 -0700 (PDT) Received: from fanf by chiark.greenend.org.uk with local (Exim 3.12 #1) id 1716cc-0006Lw-00 (Debian); Fri, 26 Apr 2002 15:22:50 +0100 Date: Fri, 26 Apr 2002 15:22:50 +0100 From: Tony Finch To: freebsd-hackers@freebsd.org Cc: dot@dotat.at Subject: improved unifdef(1) Message-ID: <20020426152250.B18410@chiark.greenend.org.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG The unifdef in the system is not suited to heavyweight tasks like (say) xterm's main.c or wu-ftpd for a number of reasons: * it has a very low limit on the number of command-line arguments that it can cope with (100) -- I've sumbitted PR#37454 about this. * it doesn't have the slightest clue about #elif * it doesn't attempt to handle #if Because I needed an unifdef with a bit more oomph and couldn't find a better one, I have done my own tune-up job on the BSD one, starting from the NetBSD sources (which seemed to have a mostly-superset of the changes made by the other BSDs). It's available from . The detailed change list is below. Note that only a very limited subset of #if expressions are understood, involving just defined(), !, &&, ||, and brackets. If anyone is interested I'd appreciate some testing, and it would be nice to get it committed eventually. Tony. -- f.a.n.finch http://dotat.at/ NORTH UTSIRE SOUTH UTSIRE: SOUTHEASTERLY VEERING WESTERLY 6 OR 7, OCCASIONALLY GALE 8 IN NORTH UTSIRE. RAIN THEN SHOWERS. MODERATE BECOMING GOOD. 2002/04/25 14:50:23 fanf import from NetBSD 2002/04/25 14:52:54 fanf revert to the CSRG copyright/sccs rubric and add $dotat$ 2002/04/25 14:55:27 fanf remove __P 2002/04/25 14:57:56 fanf remove BSS cruft 2002/04/25 14:59:59 fanf allow a reasonable number of symbols 2002/04/25 15:02:48 fanf move #endif comments to a better place 2002/04/25 15:31:28 fanf deal with -Dsym=value 2002/04/25 15:37:25 fanf sensible else if formatting 2002/04/25 15:51:42 fanf another formatting improvement 2002/04/25 16:03:16 fanf use err() 2002/04/25 16:04:55 fanf style: #include ordering; variable alignment 2002/04/25 16:05:30 fanf remove spurious fflush() 2002/04/25 16:11:54 fanf add a function that will evaluate if expressions 2002/04/25 16:12:23 fanf fix location of a { 2002/04/25 16:16:26 fanf allow whitespace before # 2002/04/25 18:10:00 fanf Initial version of #if handling. Symbol 0 is used for tracking the state of #if/#else activity. TODO: #elif, nested #if 2002/04/25 18:15:23 fanf use __RCSID for the sccs id and remove redundant #ifndef lint lines 2002/04/25 18:17:09 fanf Restore the requirement that at least one -D or -U must be present on the command line, which was broken when #if handling was added. 2002/04/25 18:45:54 fanf purge LT_OTHER since it's a synonym for LT_IF 2002/04/25 19:59:46 fanf Simplify doif()'s inif argument to just a boolean, since the IN_ELSE value isn't very different from IN_IF, and the idea doesn't work well with #elif. 2002/04/25 20:20:05 fanf Move the gall to getlin() up to doif() so that it will be able to examine the same line more than once. 2002/04/25 20:24:16 fanf Remove the inif argument to doif() entirely, since inif == (depth != 0). 2002/04/25 21:19:55 fanf remove an unnecessary variable inside doif() 2002/04/25 21:43:07 fanf Change the "unknown symbol" return value from findsym() from -1 to 0. 2002/04/25 21:44:51 fanf fix a comment to reflect the previous change 2002/04/25 23:02:51 fanf simplify error handling 2002/04/25 23:25:31 fanf simplify error line number handling 2002/04/25 23:27:40 fanf remove redundant stline variable 2002/04/25 23:46:55 fanf partial implementation of #elif and properly nesting #ifs. 2002/04/26 13:51:41 fanf Finish implementation of #elif and nesting. This version passes some initial tests. 2002/04/26 13:54:16 fanf put the newline on the #endif that replaces #elif lines To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Fri Apr 26 8:25:14 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from quebec.procergs.com.br (quebec.procergs.com.br [200.198.128.236]) by hub.freebsd.org (Postfix) with ESMTP id DC51637B41E; Fri, 26 Apr 2002 08:25:07 -0700 (PDT) Received: from localhost.localdomain (unknown [172.28.6.101]) by quebec.procergs.com.br (Postfix) with ESMTP id B52C6F0F30; Fri, 26 Apr 2002 12:24:08 -0300 (BRT) Subject: loader From: O Senhor To: freebsd-hackers@freebsd.org Cc: freebsd-questions@freebsd.org Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Ximian Evolution 1.0.3 Date: 26 Apr 2002 12:24:02 -0300 Message-Id: <1019834643.1220.88.camel@ws-tor-004> Mime-Version: 1.0 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG why anybody reply my messages?? i guess hat somebody knows how shoul i fix the problem... thanks again!!! hi, i'm brazilian, and i have one problem that i guess, you can help... i have one freebsd diskless box, running fine! (4.5) but the machine are booting with rom image from floppy. i wanna boot from my hard drive...yes! i have one.. :) i don't wanna download the kernel by the ethernet. then, i did install one freebsd in my hard drive (minimun intallation), and did put my diskless kernel overwrite the old one. i did think that this would works fine... the kernel would be loaded, and the remain procedures would continue working... but do not! the kernel load, run, and ask for the root filesystem... the dhcp server respond, but the root filesystem remains pointing to ufs:/dev/ad0s1a... then, i had tried to boot without loader... directly by the boot2. it works fine. but the top, systat and other programs do not! (FAQ) warning the loader metadata is missing. then, now i now that the loader is the bad guy. it is telling to kernel that the root filesystem is ufs:/dev/ad0s1a... but the boot2 are too. it do not load the metadatas. :) then i had tryed set the variables rootdev and another things in /boot/loader.conf... but do not work! then i boot by loader and before the kernel to be loaded, i press one key, and typed: boot -a then, the kernel ask me for the root filesystem. i type: nfs:10.124.66.21:raiz. and works!!! how can i do this procedure automated???? this fix the problem!!! or to make the boot2 to load the metadata... or another thing.. i did removed the /boot directory and the configurations files to loader... i did let only the loader program... and the ufs:/dev/ad0s1a remains... then, i guess that the variables in loader.conf and defaults/loader.conf are not working. help me! thanks in advance. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Fri Apr 26 9: 0:39 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from storm.FreeBSD.org.uk (storm.FreeBSD.org.uk [194.242.139.170]) by hub.freebsd.org (Postfix) with ESMTP id 6F20337B41F for ; Fri, 26 Apr 2002 09:00:13 -0700 (PDT) Received: from storm.FreeBSD.org.uk (uucp@localhost [127.0.0.1]) by storm.FreeBSD.org.uk (8.12.2/8.12.2) with ESMTP id g3QFxp1R074668; Fri, 26 Apr 2002 16:59:51 +0100 (BST) (envelope-from mark@grimreaper.grondar.org) Received: (from uucp@localhost) by storm.FreeBSD.org.uk (8.12.2/8.12.2/Submit) with UUCP id g3QFxpc1074667; Fri, 26 Apr 2002 16:59:51 +0100 (BST) Received: from grimreaper.grondar.org (localhost [127.0.0.1]) by grimreaper.grondar.org (8.12.3/8.12.3) with ESMTP id g3QFwWoI001525; Fri, 26 Apr 2002 16:58:32 +0100 (BST) (envelope-from mark@grimreaper.grondar.org) Message-Id: <200204261558.g3QFwWoI001525@grimreaper.grondar.org> To: Tony Finch Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: improved unifdef(1) References: <20020426152250.B18410@chiark.greenend.org.uk> In-Reply-To: <20020426152250.B18410@chiark.greenend.org.uk> ; from Tony Finch "Fri, 26 Apr 2002 15:22:50 BST." Date: Fri, 26 Apr 2002 16:58:32 +0100 From: Mark Murray Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > The unifdef in the system is not suited to heavyweight tasks like > (say) xterm's main.c or wu-ftpd for a number of reasons: > > * it has a very low limit on the number of command-line arguments > that it can cope with (100) -- I've sumbitted PR#37454 about this. > > * it doesn't have the slightest clue about #elif > > * it doesn't attempt to handle #if I am in violent agreement :-). > Because I needed an unifdef with a bit more oomph and couldn't > find a better one, I have done my own tune-up job on the BSD > one, starting from the NetBSD sources (which seemed to have > a mostly-superset of the changes made by the other BSDs). > It's available from . > The detailed change list is below. Note that only a very > limited subset of #if expressions are understood, involving > just defined(), !, &&, ||, and brackets. > > If anyone is interested I'd appreciate some testing, and it > would be nice to get it committed eventually. Ooooh! :-) Yes please! I'll look at this. M -- o Mark Murray \_ O.\_ Warning: this .sig is umop ap!sdn #text/plain; name=cv.doc [Mark Murray CV Plain Text] cv.doc #application/octet-stream; name=cv.pdf [Mark Murray CV PDF] cv.pdf To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Fri Apr 26 10:17: 6 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from pintail.mail.pas.earthlink.net (pintail.mail.pas.earthlink.net [207.217.120.122]) by hub.freebsd.org (Postfix) with ESMTP id 6129237B416; Fri, 26 Apr 2002 10:17:03 -0700 (PDT) Received: from pool0026.cvx21-bradley.dialup.earthlink.net ([209.179.192.26] helo=mindspring.com) by pintail.mail.pas.earthlink.net with esmtp (Exim 3.33 #2) id 1719Kk-00046t-00; Fri, 26 Apr 2002 10:16:34 -0700 Message-ID: <3CC98B55.32AA7923@mindspring.com> Date: Fri, 26 Apr 2002 10:16:05 -0700 From: Terry Lambert X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: O Senhor Cc: freebsd-hackers@freebsd.org, freebsd-questions@freebsd.org Subject: Re: loader References: <1019834643.1220.88.camel@ws-tor-004> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG O Senhor wrote: > > why anybody reply my messages?? > i guess hat somebody knows how shoul i fix the problem... > thanks again!!! dd the floppy image onto the hard drive. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Fri Apr 26 10:23:40 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from quebec.procergs.com.br (quebec.procergs.com.br [200.198.128.236]) by hub.freebsd.org (Postfix) with ESMTP id 589B437B41A; Fri, 26 Apr 2002 10:23:26 -0700 (PDT) Received: from localhost.localdomain (unknown [172.28.6.101]) by quebec.procergs.com.br (Postfix) with ESMTP id 7A476F0FD0; Fri, 26 Apr 2002 14:22:48 -0300 (BRT) Subject: Re: loader From: O Senhor To: freebsd-hackers@freebsd.org Cc: freebsd-questions@freebsd.org In-Reply-To: <200204261554.g3QFsjoI001415@grimreaper.grondar.org> References: <1019834643.1220.88.camel@ws-tor-004> <200204261554.g3QFsjoI001415@grimreaper.grondar.org> Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Ximian Evolution 1.0.3 Date: 26 Apr 2002 14:22:42 -0300 Message-Id: <1019841762.1223.120.camel@ws-tor-004> Mime-Version: 1.0 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Thanks! thanks very much! If you can read my message, i hope, i have the answer to my question. The pontuation, well, here in Brasil, we don't worry about that in mailing lists... informal mail. But i know that help to understand. I fix my problem changing my /etc/fstab. I don't know why loader force the rootdev to disk1sa1. The boot2 and the etherboot image don't do that. Then, i did changed my root fs in /etc/fstab to point to nfs server, and works. Thanks again. On Fri, 2002-04-26 at 12:54, markm@freebsd.org wrote: > > why anybody reply my messages?? > > Because > > 1) only 2 hours passed between your original query and this (rather > rude) duplicate. > > 2) this message is hard to read. I accept that english is not your > first language, but at least put some effort into paragraph > layout. Also, please try to use full sentences, capitalise > the appropriate words and reduce the ammount of slang (like > "wanna") and use off "..." and "!". > > 3) You change things in files, please include those files, clearly > labelled. > > Also - please do not cross-post. This should go to questions@freebsd.org > _only_. > > M > > > i guess hat somebody knows how shoul i fix the problem... > > thanks again!!! > > > > hi, > > i'm brazilian, and i have one problem that i guess, you can help... > > i have one freebsd diskless box, running fine! (4.5) > > but the machine are booting with rom image from floppy. i wanna boot > > from my hard drive...yes! i have one.. :) > > i don't wanna download the kernel by the ethernet. > > then, i did install one freebsd in my hard drive (minimun intallation), > > and did put my diskless kernel overwrite the old one. i did think that > > this would works fine... the kernel would be loaded, and the remain > > procedures would continue working... but do not! > > the kernel load, run, and ask for the root filesystem... the dhcp server > > respond, but the root filesystem remains pointing to ufs:/dev/ad0s1a... > > then, i had tried to boot without loader... directly by the boot2. it > > works fine. but the top, systat and other programs do not! (FAQ) > > warning the loader metadata is missing. > > then, now i now that the loader is the bad guy. it is telling to kernel > > that the root filesystem is ufs:/dev/ad0s1a... but the boot2 are too. it > > do not load the metadatas. :) > > then i had tryed set the variables rootdev and another things in > > /boot/loader.conf... but do not work! > > then i boot by loader and before the kernel to be loaded, i press one > > key, and typed: boot -a > > then, the kernel ask me for the root filesystem. i type: > > nfs:10.124.66.21:raiz. and works!!! > > how can i do this procedure automated???? > > this fix the problem!!! > > or to make the boot2 to load the metadata... or another thing.. > > i did removed the /boot directory and the configurations files to > > loader... i did let only the loader program... and the ufs:/dev/ad0s1a > > remains... > > then, i guess that the variables in loader.conf and defaults/loader.conf > > are not working. help me! > > thanks in advance. > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-hackers" in the body of the message > -- > o Mark Murray > \_ > O.\_ Warning: this .sig is umop ap!sdn > #text/plain; name=cv.doc [Mark Murray CV Plain Text] cv.doc > #application/octet-stream; name=cv.pdf [Mark Murray CV PDF] cv.pdf > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Fri Apr 26 10:36:20 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from dragon.flowstorm.com (flowstorm.ten-net.org [208.131.80.226]) by hub.freebsd.org (Postfix) with ESMTP id 5B7BE37B404; Fri, 26 Apr 2002 10:36:09 -0700 (PDT) Received: from KOROUSH (koroush [172.16.1.101]) by dragon.flowstorm.com (8.11.3/8.11.3) with ESMTP id g3QHa3k37308; Fri, 26 Apr 2002 10:36:04 -0700 (PDT) (envelope-from koroush@pacbell.net) Message-ID: <000a01c1ed49$3dadf250$650110ac@KOROUSH> From: "Koroush Saraf" To: , Cc: Subject: Window Recording in FreeBSD (*) Date: Fri, 26 Apr 2002 10:38:54 -0700 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0007_01C1ED0E.905773E0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG This is a multi-part message in MIME format. ------=_NextPart_000_0007_01C1ED0E.905773E0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi All, I have a Pentium box with FreeBSD 4.5 installed. I like to capture the cotents of a window for a few seconds and make an = mpg or avi out of it. For example I like to make 10 sec clips of Doom while I'm playing. I've = heard of screencorder for windows; but what's the solution for FreeBSD? Thanks in advance, ~koroush ------=_NextPart_000_0007_01C1ED0E.905773E0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hi All,
 
I have a Pentium box with FreeBSD = 4.5=20 installed.
I like to capture the cotents of a = window for a few=20 seconds and make an mpg or avi out of it.
For example I like to make 10 sec clips = of Doom=20 while I'm playing.  I've heard of screencorder for windows; but = what's the=20 solution for FreeBSD?
 
Thanks in advance,
~koroush
------=_NextPart_000_0007_01C1ED0E.905773E0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Fri Apr 26 13:22:49 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from chiark.greenend.org.uk (chiark.greenend.org.uk [212.22.195.2]) by hub.freebsd.org (Postfix) with ESMTP id ABD9537B416 for ; Fri, 26 Apr 2002 13:22:42 -0700 (PDT) Received: from fanf by chiark.greenend.org.uk with local (Exim 3.12 #1) id 171CEm-0001tL-00 (Debian); Fri, 26 Apr 2002 21:22:36 +0100 Date: Fri, 26 Apr 2002 21:22:36 +0100 From: Tony Finch To: freebsd-hackers@freebsd.org Cc: dot@dotat.at, mark@grondar.za Subject: Re: improved unifdef(1) Message-ID: <20020426212236.B24271@chiark.greenend.org.uk> References: <20020426152250.B18410@chiark.greenend.org.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020426152250.B18410@chiark.greenend.org.uk>; from dot@dotat.at on Fri, Apr 26, 2002 at 03:22:50PM +0100 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Fri, Apr 26, 2002 at 03:22:50PM +0100, Tony Finch wrote: > > It's available from . There's now a manual page too, . Tony. -- f.a.n.finch http://dotat.at/ BISCAY: NORTHWESTERLY BACKING SOUTHWESTERLY 5 TO 7, BECOMING VARIABLE 3 OR 4 IN SOUTH. SHOWERS. GOOD. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Fri Apr 26 20:47:22 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mail.webjockey.net (mail.webjockey.net [208.141.46.3]) by hub.freebsd.org (Postfix) with ESMTP id B8ED737B423 for ; Fri, 26 Apr 2002 20:47:18 -0700 (PDT) Received: from stormspe.outloud.org (ISSA.cm.gscyclone.com [24.206.5.44]) by mail.webjockey.net (8.12.3/8.12.3) with ESMTP id g3R3lChQ017875 for ; Fri, 26 Apr 2002 23:47:13 -0400 (EDT) (envelope-from gary@outloud.org) Message-Id: <5.1.1.2.2.20020426234504.029f7c30@208.141.46.3> X-Sender: ancient@208.141.46.3 (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 5.1.1.3 (Beta) Date: Fri, 26 Apr 2002 23:47:25 -0400 To: freebsd-hackers@FreeBSD.ORG From: Gary Stanley Subject: load balancing with 2 nic cards possible? Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Is it possible to split the load of IP traffic with 2 ethernet cards on a 4.x machine? I'm new to "load balancing" in a sense, however, I'd like to try something that seems more "robust" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Fri Apr 26 23: 7:41 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from pintail.mail.pas.earthlink.net (pintail.mail.pas.earthlink.net [207.217.120.122]) by hub.freebsd.org (Postfix) with ESMTP id 0AEDC37B404 for ; Fri, 26 Apr 2002 23:07:39 -0700 (PDT) Received: from pool0329.cvx22-bradley.dialup.earthlink.net ([209.179.199.74] helo=mindspring.com) by pintail.mail.pas.earthlink.net with esmtp (Exim 3.33 #2) id 171LMn-0006ru-00; Fri, 26 Apr 2002 23:07:29 -0700 Message-ID: <3CCA4004.B9A8D57A@mindspring.com> Date: Fri, 26 Apr 2002 23:07:00 -0700 From: Terry Lambert X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Gary Stanley Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: load balancing with 2 nic cards possible? References: <5.1.1.2.2.20020426234504.029f7c30@208.141.46.3> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Gary Stanley wrote: > Is it possible to split the load of IP traffic with 2 ethernet cards on a > 4.x machine? I'm new to "load balancing" in a sense, however, I'd like to > try something that seems more "robust" http://people.freebsd.org/~wpaul/FEC/4.x/ -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Sat Apr 27 9:16:12 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from tesla.foo.is (tesla.reverse-bias.org [217.151.166.96]) by hub.freebsd.org (Postfix) with ESMTP id 352D437B417; Sat, 27 Apr 2002 09:16:08 -0700 (PDT) Received: from there (eniac.foo.is [192.168.1.25]) by tesla.foo.is (Postfix) with SMTP id CC4CF2744; Sat, 27 Apr 2002 16:15:58 +0000 (GMT) Content-Type: text/plain; charset="iso-8859-1" From: Baldur Gislason To: Terry Lambert Subject: Re: load balancing with 2 nic cards possible? Date: Sat, 27 Apr 2002 16:14:59 +0000 X-Mailer: KMail [version 1.3.2] References: <5.1.1.2.2.20020426234504.029f7c30@208.141.46.3> <3CCA4004.B9A8D57A@mindspring.com> In-Reply-To: <3CCA4004.B9A8D57A@mindspring.com> Cc: freebsd-hackers@freebsd.org, freebsd-net@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: <20020427161558.CC4CF2744@tesla.foo.is> Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I have tried that fec driver, no luck. I get the interface up, but when I try to transmit packets over it I get "invalid argument" or something like that, I had the network cards hooked to a Cisco catalyst and I had grouped the ports, and I've tried two types of network cards, 3com 905C and Intel EtherExpress 100 Baldur Gislason On Saturday 27 April 2002 06:07, you wrote: > Gary Stanley wrote: > > Is it possible to split the load of IP traffic with 2 ethernet cards on a > > 4.x machine? I'm new to "load balancing" in a sense, however, I'd like to > > try something that seems more "robust" > > http://people.freebsd.org/~wpaul/FEC/4.x/ > > -- Terry > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Sat Apr 27 11:53:55 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from resnet.uoregon.edu (resnet.uoregon.edu [128.223.122.47]) by hub.freebsd.org (Postfix) with ESMTP id 20A1C37B41F for ; Sat, 27 Apr 2002 11:53:52 -0700 (PDT) Received: from localhost (dwhite@localhost) by resnet.uoregon.edu (8.11.3/8.10.1) with ESMTP id g3RIroZ69883; Sat, 27 Apr 2002 11:53:50 -0700 (PDT) Date: Sat, 27 Apr 2002 11:53:50 -0700 (PDT) From: Doug White To: Mike Meyer Cc: hackers@FreeBSD.ORG, Miguel Mendez , Edwin Groothuis Subject: Re: missing libraries, and how to find them. In-Reply-To: <15560.23981.666822.907348@guru.mired.org> Message-ID: <20020427115334.F69346-100000@resnet.uoregon.edu> X-All-Your-Base: are belong to us MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, 25 Apr 2002, Mike Meyer wrote: > It lists both libraries once, showing the dependencies between > them. When it finds a library, it adds it to the list if it isn't > already on it. It keeps listing what's in a library until all of them > are listed. Sounds like a good solution. :) Doug White | FreeBSD: The Power to Serve dwhite@resnet.uoregon.edu | www.FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Sat Apr 27 11:54:52 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from resnet.uoregon.edu (resnet.uoregon.edu [128.223.122.47]) by hub.freebsd.org (Postfix) with ESMTP id 3589C37B419 for ; Sat, 27 Apr 2002 11:54:47 -0700 (PDT) Received: from localhost (dwhite@localhost) by resnet.uoregon.edu (8.11.3/8.10.1) with ESMTP id g3RIsir69895; Sat, 27 Apr 2002 11:54:45 -0700 (PDT) Date: Sat, 27 Apr 2002 11:54:44 -0700 (PDT) From: Doug White To: "Peter J. Blok" Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: Updating to stable In-Reply-To: <20020425195351.141A237B430@hub.freebsd.org> Message-ID: <20020427115410.J69346-100000@resnet.uoregon.edu> X-All-Your-Base: are belong to us MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, 25 Apr 2002, Peter J. Blok wrote: > I recently installed a 4.5-RELEASE system on intel and cvsup'ed it to > 4.5-STABLE. The make buildworld failed because it was not able to find > certain defines in the include files. This is no the first time I have > encountered this. > > The work-around is to copy the include files to /usr/include and do the > buildworld again. Sometimes you have to copy complete libraries to make it > work. The canonical way to do this is to run 'make includes' from /usr/src. Incompatible changes do happen to -stable, I hate it when it happens too, but sometimes they are necessary. Doug White | FreeBSD: The Power to Serve dwhite@resnet.uoregon.edu | www.FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Sat Apr 27 15:43:19 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from web14402.mail.yahoo.com (web14402.mail.yahoo.com [216.136.174.59]) by hub.freebsd.org (Postfix) with SMTP id CACD637B419 for ; Sat, 27 Apr 2002 15:43:16 -0700 (PDT) Message-ID: <20020427224315.64485.qmail@web14402.mail.yahoo.com> Received: from [128.111.185.134] by web14402.mail.yahoo.com via HTTP; Sat, 27 Apr 2002 15:43:15 PDT Date: Sat, 27 Apr 2002 15:43:15 -0700 (PDT) From: Marcelo Carvalho Subject: Clock granularity, dummynet & netperf To: freebsd-hackers@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi, I'm trying to use the netperf benchmark to measure the throughput for a TCP connection whose propagation delay is controlled by dummynet. I'm running these experiments on FreeBSD 4.4 machines. According to my first results (even a simple ping shows it), the delays are not properly set by dummynet. Ok, the HZ option is set initially to 100. Following Luigi's recommendations, I've increased HZ to 1000. It turns out that I'm now getting segmentation faults when I run netperf! I've tried to play around with the quantum clock as well without success... I've increased it and the measurements get really wild, totally inconsistent. I've read Luigi's previous message about the impact on select() behavior on softwares that are not aware of this. So, considering that so many people have played around with the HZ option and could perform measurements without no problem, is there a patch to netperf that overcomes this problem or a better software for performance evaluation as good (or better) than netperf??? In case not, is anybody here familiar with this problem and has fixed it in the past? I would really appreciate any help, comments, etc. Thanks, Marcelo. __________________________________________________ Do You Yahoo!? Yahoo! Health - your guide to health and wellness http://health.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Sat Apr 27 18:28:37 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from rwcrmhc52.attbi.com (rwcrmhc52.attbi.com [216.148.227.88]) by hub.freebsd.org (Postfix) with ESMTP id 81D1E37B41C for ; Sat, 27 Apr 2002 18:28:30 -0700 (PDT) Received: from max ([12.254.136.195]) by rwcrmhc52.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with SMTP id <20020428012830.UBGL12183.rwcrmhc52.attbi.com@max>; Sun, 28 Apr 2002 01:28:30 +0000 Message-ID: <025801c1ee54$0a6661f0$0900a8c0@max> From: "John Nielsen" To: , "Gary Stanley" References: <5.1.1.2.2.20020426234504.029f7c30@208.141.46.3> Subject: Re: load balancing with 2 nic cards possible? Date: Sat, 27 Apr 2002 19:28:45 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG ----- Original Message ----- From: "Gary Stanley" To: Sent: Friday, April 26, 2002 9:47 PM Subject: load balancing with 2 nic cards possible? > Is it possible to split the load of IP traffic with 2 ethernet cards on a > 4.x machine? I'm new to "load balancing" in a sense, however, I'd like to > try something that seems more "robust" The netgraph one2many framework allows you to aggregate 2 or 4 NICs together even on an unmanaged switch. Obviously, this is only really beneficial if the machine is serving several clients attached to the same switch or if there is another machine set up similarly (also on the same switch), since unmanaged switches generally only have one uplink port. See the ng_one2many(4) manpage for details. Following is a script I use to set this up (I call it from rc.local). fxp0 is the "primary" interface and rl0 is the "secondary". JN --------------------- #!/bin/sh ifconfig rl0 up kldload /modules/ng_ether.ko kldload /modules/ng_one2many.ko ngctl mkpeer fxp0: one2many upper one ngctl connect fxp0: fxp0:upper lower many0 ngctl connect rl0: fxp0:upper lower many1 ngctl msg rl0: setpromisc 1 ngctl msg rl0: setautosrc 0 ngctl msg fxp0:upper setconfig "{xmitAlg=1 failAlg=1 enabledLinks =[ 1 1 ] }" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Sat Apr 27 20: 2:23 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from amun.isnic.is (amun.isnic.is [193.4.58.10]) by hub.freebsd.org (Postfix) with ESMTP id E212737B41B; Sat, 27 Apr 2002 20:02:16 -0700 (PDT) Received: from amun.isnic.is (oli@localhost [127.0.0.1]) by amun.isnic.is (8.12.3/8.12.3/isnic) with ESMTP id g3S322P2053428; Sun, 28 Apr 2002 03:02:02 GMT (envelope-from oli@amun.isnic.is) Received: (from oli@localhost) by amun.isnic.is (8.12.3/8.12.3/Submit) id g3S320Au053426; Sun, 28 Apr 2002 03:02:00 GMT (envelope-from oli) Date: Sun, 28 Apr 2002 03:02:00 +0000 From: Olafur Osvaldsson To: Baldur Gislason Cc: Terry Lambert , freebsd-hackers@FreeBSD.ORG, freebsd-net@FreeBSD.ORG, wpaul@FreeBSD.ORG Subject: Re: load balancing with 2 nic cards possible? Message-ID: <20020428030200.GA51568@isnic.is> References: <5.1.1.2.2.20020426234504.029f7c30@208.141.46.3> <3CCA4004.B9A8D57A@mindspring.com> <20020427161558.CC4CF2744@tesla.foo.is> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20020427161558.CC4CF2744@tesla.foo.is> User-Agent: Mutt/1.3.28i Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG The FEC works for me doing the following on 4.5-STABLE: # cd /usr/src/sys # tar -zxvf /fec.tar.gz # cd modules/netgrah/fec && make install # kldload ng_fec.ko # ngctl mkpeer fec dummy fec # ngctl msg fec0: add_iface '"fxp0"' # ngctl msg fec0: add_iface '"fxp1"' # ngctl msg fec0: set_mode_inet then it usually needs a "ifconfig fec0 up" to start moving packets. Uplink is to a Cisco 3534 with the two ports setup with "port group 1 distribution source", using "distribution destination" gives me countless duplicates obviously because the same mac-address is on both interfaces. I also added the mac-address to forward to both interfaces using "mac-address-table static" With this setup the max throughput from one remote machine is the capacity of one interface, but that is enaugh for me. /Oli Þann 27. April 2002, ritaði Baldur Gislason eitthvað á þessa leið: > I have tried that fec driver, no luck. I get the interface up, but when I try > to transmit packets over it I get "invalid argument" or something like that, > I had the network cards hooked to a Cisco catalyst and I had grouped the > ports, and I've tried two types of network cards, 3com 905C and Intel > EtherExpress 100 > > Baldur Gislason > > On Saturday 27 April 2002 06:07, you wrote: > > Gary Stanley wrote: > > > Is it possible to split the load of IP traffic with 2 ethernet cards on a > > > 4.x machine? I'm new to "load balancing" in a sense, however, I'd like to > > > try something that seems more "robust" > > > > http://people.freebsd.org/~wpaul/FEC/4.x/ > > > > -- Terry > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-hackers" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message -- Ólafur Osvaldsson Kerfisstjóri Internet á Íslandi hf. Sími: 525-5291 Email: oli@isnic.is To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message From owner-freebsd-hackers Sat Apr 27 23:26: 4 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from iguana.icir.org (iguana.icir.org [192.150.187.36]) by hub.freebsd.org (Postfix) with ESMTP id 5B11037B419 for ; Sat, 27 Apr 2002 23:26:01 -0700 (PDT) Received: (from rizzo@localhost) by iguana.icir.org (8.11.6/8.11.3) id g3S6Q0W63426; Sat, 27 Apr 2002 23:26:00 -0700 (PDT) (envelope-from rizzo) Date: Sat, 27 Apr 2002 23:26:00 -0700 From: Luigi Rizzo To: Marcelo Carvalho Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: Clock granularity, dummynet & netperf Message-ID: <20020427232600.E63189@iguana.icir.org> References: <20020427224315.64485.qmail@web14402.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020427224315.64485.qmail@web14402.mail.yahoo.com> User-Agent: Mutt/1.3.23i Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sat, Apr 27, 2002 at 03:43:15PM -0700, Marcelo Carvalho wrote: ... > According to my first results (even a simple ping > shows it), the delays are not properly set by > dummynet. Ok, the HZ option is set initially to 100. actually you should give a more detailed description of what goes wrong or it is impossible to comment what you are seeing. same for netperf. cheers luigi > Following Luigi's recommendations, I've increased HZ > to 1000. It turns out that I'm now getting > segmentation faults when I run netperf! > > I've tried to play around with the quantum clock as > well without success... I've increased it and the > measurements get really wild, totally inconsistent. > > I've read Luigi's previous message about the impact > on select() behavior on softwares that are not aware > of this. So, considering that so many people have > played around with the HZ option and could perform > measurements without no problem, is there a patch to > netperf that overcomes this problem or a better > software for performance evaluation as good (or > better) than netperf??? > > In case not, is anybody here familiar with this > problem and has fixed it in the past? I would really > appreciate any help, comments, etc. > > Thanks, > Marcelo. > > > > > > __________________________________________________ > Do You Yahoo!? > Yahoo! Health - your guide to health and wellness > http://health.yahoo.com > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message