From owner-freebsd-security@FreeBSD.ORG Sun Sep 5 10:47:30 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BD67E1065697; Sun, 5 Sep 2010 10:47:30 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42]) by mx1.freebsd.org (Postfix) with ESMTP id 91A728FC13; Sun, 5 Sep 2010 10:47:30 +0000 (UTC) Received: from fledge.watson.org (fledge.watson.org [65.122.17.41]) by cyrus.watson.org (Postfix) with ESMTPS id EA62046B5C; Sun, 5 Sep 2010 06:47:29 -0400 (EDT) Date: Sun, 5 Sep 2010 11:47:29 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Hans Petter Selasky In-Reply-To: <201009011902.06538.hselasky@c2i.net> Message-ID: References: <201009011653.o81Grkm4056064@fire.js.berklix.net> <201009011902.06538.hselasky@c2i.net> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: FreeBSD Stable , Deb Goodkin , security-officer@freebsd.org, gljennjohn@googlemail.com, freebsd security , "Julian H. Stacey" Subject: Re: HEADS UP: FreeBSD 6.4 and 8.0 EoLs coming soon X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Sep 2010 10:47:30 -0000 On Wed, 1 Sep 2010, Hans Petter Selasky wrote: >>> - Or whatever other method to get ISDN back in kernel ? >> >> It seems code exists :-) >> >> http://old.nabble.com/ISDN4BSD-on-8-current-td23919925.html >> ISDN4BSD package has been updated to compile on FreeBSD >> 8-current >> >> http://www.selasky.org/hans_petter/isdn4bsd/ >> >> Apparently needs massaging into main FreeBSD tree. > > I agree that my I4B code should be re-written somewhat before committed. > Possibly we should update the API's present too, to support IP-telephony > aswell. Just to clarify things a little for those following it: the original I4B code was removed for entirely practical reasons: it couldn't run without the Giant lock, and support for the Giant lock over the network stack was removed. I'm happy to see ISDN support reintroduced as long as it will see ongoing maintenance/etc. I'm not familiar with Hans's most recent code, but the integration of his USB stack and his recent receipt of a FreeBSD commit bit suggest a promising future. I would suggest trying to rope in a reveiwer and collaborator (perhaps someone like Bjoern Zeeb?) to work through it before considering a merge, however. This is especially important with projects like VIMAGE, network stack parallelism projects, etc, on-going to make sure that the new ISDN code will be able to support these new features rather than become a potential obstacle (as the old code did for the MPSAFEty work). Robert From owner-freebsd-security@FreeBSD.ORG Tue Sep 7 12:37:31 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BE79810656A4; Tue, 7 Sep 2010 12:37:31 +0000 (UTC) (envelope-from jhs@berklix.com) Received: from tower.berklix.org (tower.berklix.org [83.236.223.114]) by mx1.freebsd.org (Postfix) with ESMTP id 49F288FC18; Tue, 7 Sep 2010 12:37:31 +0000 (UTC) Received: from park.js.berklix.net (p549A4C99.dip.t-dialin.net [84.154.76.153]) (authenticated bits=0) by tower.berklix.org (8.14.2/8.14.2) with ESMTP id o87CbShd060117; Tue, 7 Sep 2010 12:37:29 GMT (envelope-from jhs@berklix.com) Received: from fire.js.berklix.net (fire.js.berklix.net [192.168.91.41]) by park.js.berklix.net (8.13.8/8.13.8) with ESMTP id o87CbMjo013534; Tue, 7 Sep 2010 14:37:22 +0200 (CEST) (envelope-from jhs@berklix.com) Received: from fire.js.berklix.net (localhost [127.0.0.1]) by fire.js.berklix.net (8.14.3/8.14.3) with ESMTP id o87Cb2Ch035190; Tue, 7 Sep 2010 14:37:12 +0200 (CEST) (envelope-from jhs@fire.js.berklix.net) Message-Id: <201009071237.o87Cb2Ch035190@fire.js.berklix.net> To: Andriy Gapon From: "Julian H. Stacey" Organization: http://www.berklix.com BSD Unix Linux Consultancy, Munich Germany User-agent: EXMH on FreeBSD http://www.berklix.com/free/ X-URL: http://www.berklix.com In-reply-to: Your message "Tue, 07 Sep 2010 14:53:10 +0300." <4C8627A6.1090308@icyb.net.ua> Date: Tue, 07 Sep 2010 14:37:02 +0200 Sender: jhs@berklix.com Cc: vadim_nuclight@mail.ru, freebsd-security@freebsd.org, freebsd-stable@freebsd.org Subject: Re: HEADS UP: FreeBSD 6.4 and 8.0 EoLs coming soon X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Sep 2010 12:37:31 -0000 > P.S. why is security@ in cc: ? Original announcement: > Message-id: <4C7E71DC.1040808@freebsd.org> > From: FreeBSD Security Officer > Date: Wed, 01 Sep 2010 08:31:40 -0700 (17:31 CEST) > To: FreeBSD Stable , > freebsd security All respondents (I happened to be first, Wed, 01 Sep 2010 18:09:33 +0200) retained stable@ & security@ Wed, 01 Sep 2010 21:36:02 +0200 I added: > isdn@freebsd.org : I just re-subscribed (used to be on long ago) Now it's know Hans Petter Selasky has a code stack to try, & Robert Watson has posted it'd be welcome ... etc, I guess its up to us ISDN users to install, try, & discuss on a new thread on isdn@ Cheers, Julian -- Julian Stacey: BSD Unix Linux C Sys Eng Consultants Munich http://berklix.com Mail plain text, Not HTML, quoted-printable & base 64 dumped with spam. Avoid top posting, It cripples itemised cumulative responses. From owner-freebsd-security@FreeBSD.ORG Tue Sep 7 12:06:27 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B71951065695 for ; Tue, 7 Sep 2010 12:06:27 +0000 (UTC) (envelope-from avg@icyb.net.ua) Received: from citadel.icyb.net.ua (citadel.icyb.net.ua [212.40.38.140]) by mx1.freebsd.org (Postfix) with ESMTP id 099758FC14 for ; Tue, 7 Sep 2010 12:06:26 +0000 (UTC) Received: from odyssey.starpoint.kiev.ua (alpha-e.starpoint.kiev.ua [212.40.38.101]) by citadel.icyb.net.ua (8.8.8p3/ICyb-2.3exp) with ESMTP id OAA21756; Tue, 07 Sep 2010 14:53:10 +0300 (EEST) (envelope-from avg@icyb.net.ua) Message-ID: <4C8627A6.1090308@icyb.net.ua> Date: Tue, 07 Sep 2010 14:53:10 +0300 From: Andriy Gapon User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.9.2.8) Gecko/20100823 Lightning/1.0b2 Thunderbird/3.1.2 MIME-Version: 1.0 To: vadim_nuclight@mail.ru References: <201009011653.o81Grkm4056064@fire.js.berklix.net> <201009011902.06538.hselasky@c2i.net> In-Reply-To: X-Enigmail-Version: 1.1.2 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Tue, 07 Sep 2010 13:19:49 +0000 Cc: freebsd-security@freebsd.org, freebsd-stable@freebsd.org Subject: Re: HEADS UP: FreeBSD 6.4 and 8.0 EoLs coming soon X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Sep 2010 12:06:27 -0000 on 07/09/2010 13:38 Vadim Goncharov said the following: >> Just to clarify things a little for those following it: the original I4B code >> was removed for entirely practical reasons: it couldn't run without the Giant >> lock, and support for the Giant lock over the network stack was removed. > > But if it was used, removing a component just because of Giant lock is not > practical and is purely ideologic, isn't it? Which part of "support for the Giant lock *over the network stack* was removed" [emphasis mine] do you not understand? The reason is performance for overall network stack, not ideology. BTW, there were advanced notices for users, request for volunteers, etc. So, if you didn't speak up at that time please keep silence now :-) P.S. why is security@ in cc: ? -- Andriy Gapon From owner-freebsd-security@FreeBSD.ORG Wed Sep 8 04:03:53 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8139010656C3 for ; Wed, 8 Sep 2010 04:03:53 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from mail2.fluidhosting.com (mx21.fluidhosting.com [204.14.89.4]) by mx1.freebsd.org (Postfix) with ESMTP id 26B538FC18 for ; Wed, 8 Sep 2010 04:03:52 +0000 (UTC) Received: (qmail 12643 invoked by uid 399); 8 Sep 2010 03:37:10 -0000 Received: from localhost (HELO ?192.168.0.142?) (dougb@dougbarton.us@127.0.0.1) by localhost with ESMTPAM; 8 Sep 2010 03:37:10 -0000 X-Originating-IP: 127.0.0.1 X-Sender: dougb@dougbarton.us Message-ID: <4C8704E3.5000408@FreeBSD.org> Date: Tue, 07 Sep 2010 20:37:07 -0700 From: Doug Barton Organization: http://SupersetSolutions.com/ User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.9) Gecko/20100825 Thunderbird/3.1.3 MIME-Version: 1.0 To: Vadim Goncharov References: <201009011653.o81Grkm4056064@fire.js.berklix.net> <201009011902.06538.hselasky@c2i.net> <4C8627A6.1090308@icyb.net.ua> In-Reply-To: X-Enigmail-Version: 1.1.1 OpenPGP: id=1A1ABC84 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org, freebsd-stable@freebsd.org Subject: Re: HEADS UP: FreeBSD 6.4 and 8.0 EoLs coming soon X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Sep 2010 04:03:53 -0000 On 09/07/2010 02:31 PM, Vadim Goncharov wrote: > 07.09.10 @ 18:53 Andriy Gapon wrote: > >> on 07/09/2010 13:38 Vadim Goncharov said the following: >>>> Just to clarify things a little for those following it: >>>> the original I4B code was removed > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ (1) >>>> for entirely practical reasons: it couldn't run without the Giant >>>> lock, and support for the Giant lock over the network stack was >>>> removed. >>> >>> But if it was used, removing a component just because of Giant lock >>> is not >>> practical and is purely ideologic, isn't it? >> >> Which part of "support for the Giant lock *over the network stack* was >> removed" >> [emphasis mine] do you not understand? > > No, component removed was (1), I've underlined. > >> The reason is performance for overall network stack, not ideology. > > For a practical reasons, "it works but slow" is better than > "doesn't work at all (due to absence of code in the src tree)". I think you are misunderstanding the situation. It wasn't a case of, "It works but it's slow." The situation was that in order to take performance of the network stack as a whole up to the next level it was necessary to remove the Giant lock. Because the original I4B code didn't work without the Giant lock, and because no one stepped forward to fix that, the code had to be removed. >> BTW, there were advanced notices for users, request for volunteers, etc. >> >> So, if you didn't speak up at that time please keep silence now :-) > > You do not understand the problem. It is not in notices & volunteers, In this case it was 100% about the latter. In addition to the fact that without volunteers there is no project, period; the fact that no one steps forward to maintain/improve a given piece of code is generally a pretty good indicator that it's not widely used. > but rather in the Project's policy - delete something which could still > work. This was not the case here. Doug -- ... and that's just a little bit of history repeating. -- Propellerheads Improve the effectiveness of your Internet presence with a domain name makeover! http://SupersetSolutions.com/ From owner-freebsd-security@FreeBSD.ORG Wed Sep 8 03:18:36 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B485910656D3; Wed, 8 Sep 2010 03:18:36 +0000 (UTC) (envelope-from vadim_nuclight@mail.ru) Received: from fallback4.mail.ru (fallback4.mail.ru [94.100.176.42]) by mx1.freebsd.org (Postfix) with ESMTP id 392218FC18; Wed, 8 Sep 2010 03:18:35 +0000 (UTC) Received: from smtp5.mail.ru (smtp5.mail.ru [94.100.176.47]) by fallback4.mail.ru (mPOP.Fallback_MX) with ESMTP id D5FA6304E04F; Wed, 8 Sep 2010 01:31:49 +0400 (MSD) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mail.ru; s=mail; h=In-Reply-To:Message-ID:Content-Transfer-Encoding:MIME-Version:Content-Type:From:References:Subject:To:Date; bh=PBHkzXMDK7dZaTO1ZoDpS+Qw7jC38g8g4bbwA+NqDp4=; b=4FHDzgsBkg/E2xlCfN6kRwYjU/e8Cn568fTE5b458ghwFA6KnW2FV0AO+eSlk93SQsKsXqv7M0f/KTuL8mhcTnD37i8ukWKktZhiaUq9zRlm+G9O2hl4ZKqQCuYvP29P; Received: from [217.29.94.29] (port=35203 helo=nuclight) by smtp5.mail.ru with asmtp id 1Ot5lb-0005MV-00; Wed, 08 Sep 2010 01:31:48 +0400 Date: Wed, 08 Sep 2010 04:31:46 +0700 To: freebsd-stable@freebsd.org, freebsd-security@freebsd.org References: <201009011653.o81Grkm4056064@fire.js.berklix.net> <201009011902.06538.hselasky@c2i.net> <4C8627A6.1090308@icyb.net.ua> From: "Vadim Goncharov" Organization: AVTF TPU Hostel Content-Type: text/plain; format=flowed; delsp=yes; charset=koi8-r MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-ID: In-Reply-To: <4C8627A6.1090308@icyb.net.ua> User-Agent: Opera M2/7.54 (Win32, build 3865) X-Mras: Ok X-Mailman-Approved-At: Wed, 08 Sep 2010 04:47:30 +0000 Cc: Subject: Re: HEADS UP: FreeBSD 6.4 and 8.0 EoLs coming soon X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Sep 2010 03:18:36 -0000 07.09.10 @ 18:53 Andriy Gapon wrote: > on 07/09/2010 13:38 Vadim Goncharov said the following: >>> Just to clarify things a little for those following it: >>> the original I4B code was removed ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ (1) >>> for entirely practical reasons: it couldn't run without the Giant >>> lock, and support for the Giant lock over the network stack was >>> removed. >> >> But if it was used, removing a component just because of Giant lock is >> not >> practical and is purely ideologic, isn't it? > > Which part of "support for the Giant lock *over the network stack* was > removed" > [emphasis mine] do you not understand? No, component removed was (1), I've underlined. > The reason is performance for overall network stack, not ideology. For a practical reasons, "it works but slow" is better than "doesn't work at all (due to absence of code in the src tree)". "Make it work. Make it right. Make it fast. In that order", know this? Sacrificing "work" for "fast"?.. Hmm, if it is not ideology, then what is it?.. > BTW, there were advanced notices for users, request for volunteers, etc. > > So, if you didn't speak up at that time please keep silence now :-) You do not understand the problem. It is not in notices & volunteers, but rather in the Project's policy - delete something which could still work. Personally, I don't use ISDN, so didn't said anything that time, but now, there are more precedents of removing components from FreeBSD - so, for now, I must say that this policy is harmful. Though I doubt that one man's opinion could change Project's policy until it's too late... -- WBR, Vadim Goncharov From owner-freebsd-security@FreeBSD.ORG Wed Sep 8 05:07:48 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A964610656DD for ; Wed, 8 Sep 2010 05:07:48 +0000 (UTC) (envelope-from jcw@speakeasy.net) Received: from mail2.sea5.speakeasy.net (mail2.sea5.speakeasy.net [69.17.117.41]) by mx1.freebsd.org (Postfix) with ESMTP id 88E6A8FC0C for ; Wed, 8 Sep 2010 05:07:48 +0000 (UTC) Received: (qmail 24460 invoked from network); 8 Sep 2010 04:41:07 -0000 Received: from s4.stradamotorsports.com (HELO g2.stradamotorsports.com) (jcw@[64.81.163.122]) (envelope-sender ) by mail2.sea5.speakeasy.net (qmail-ldap-1.03) with SMTP for ; 8 Sep 2010 04:41:07 -0000 Message-ID: <4C87143A.5080909@speakeasy.net> Date: Tue, 07 Sep 2010 21:42:34 -0700 From: "Jason C. Wells" User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.9.1.10) Gecko/20100808 Lightning/1.0b1 Thunderbird/3.0.5 MIME-Version: 1.0 To: freebsd-security@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: KDC Dumps Core and Other Problems X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Sep 2010 05:07:48 -0000 I did a lot of poking at heimdal tonight trying to discover why I get the error "ASN.1 encoding ended unexpectedly" after upgrading to 8.1-R. Never did find that out. So much pain in such a short period of time... I've discovered a way to get the KDC to dump core. I've also discovered that ktutil will list keys for a keytab that has been deleted unless given the -k option. I had errors about not supporting keytypes when I'm pretty darn sure a keytype is supported. I'm willing to accept that this might be PEBKAC, but I'm fairly sure I've found bugs. At minimum, a user should not be able to get a daemon to core dump. Is Heimdal in 8.1-R at version 1.0? (it is according to some symbols I grepped while trying to understand these errors.) The heimdal world is at 1.3 now. I saw a recently archived discussion where some people were challenging each other to be "counted on" to work on heimdal. Are PRs useful at this point? Maybe newer better heimdal is right around the corner which would negate the usefulness of reporting this evening's problems. I also noted in that discussion some talk of dropping heimdal. I request that we keep heimdal as a part of FreeBSD. I hated secure auth in freebsd before heimdal was included. I hate the way that debian has dueling auth libraries. I like that heimdal and pam and the passwd auth all co-exist peacefully on freebsd. As we are so fond of saying: FreeBSD is an operating system, not a kernel plus packages. A first class auth system that includes kerberos is a good thing. I have etypes leaking out my ears. Regards, Jason C. Wells From owner-freebsd-security@FreeBSD.ORG Wed Sep 8 12:42:37 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2A0D210656E1; Wed, 8 Sep 2010 12:42:37 +0000 (UTC) (envelope-from jhb@freebsd.org) Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42]) by mx1.freebsd.org (Postfix) with ESMTP id EB82B8FC1F; Wed, 8 Sep 2010 12:42:36 +0000 (UTC) Received: from bigwig.baldwin.cx (66.111.2.69.static.nyinternet.net [66.111.2.69]) by cyrus.watson.org (Postfix) with ESMTPSA id 902E646B8E; Wed, 8 Sep 2010 08:42:36 -0400 (EDT) Received: from jhbbsd.localnet (smtp.hudson-trading.com [209.249.190.9]) by bigwig.baldwin.cx (Postfix) with ESMTPSA id A06AD8A050; Wed, 8 Sep 2010 08:42:34 -0400 (EDT) From: John Baldwin To: freebsd-stable@freebsd.org, vadim_nuclight@mail.ru Date: Wed, 8 Sep 2010 08:42:28 -0400 User-Agent: KMail/1.13.5 (FreeBSD/7.3-CBSD-20100819; KDE/4.4.5; amd64; ; ) References: <201009011653.o81Grkm4056064@fire.js.berklix.net> <4C8704E3.5000408@FreeBSD.org> In-Reply-To: MIME-Version: 1.0 Message-Id: <201009080842.28495.jhb@freebsd.org> Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0.1 (bigwig.baldwin.cx); Wed, 08 Sep 2010 08:42:35 -0400 (EDT) X-Virus-Scanned: clamav-milter 0.95.1 at bigwig.baldwin.cx X-Virus-Status: Clean X-Spam-Status: No, score=-2.6 required=4.2 tests=AWL,BAYES_00 autolearn=ham version=3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on bigwig.baldwin.cx X-Mailman-Approved-At: Wed, 08 Sep 2010 12:55:59 +0000 Cc: freebsd-security@freebsd.org Subject: Re: Policy for removing working code (Was: HEADS UP: FreeBSD 6.4 and 8.0 EoLs coming soon) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Sep 2010 12:42:37 -0000 On Wednesday, September 08, 2010 6:24:11 am Vadim Goncharov wrote: > > Because the original I4B code didn't > > work without the Giant lock, and because no one stepped forward to fix > > that, the code had to be removed. > > No. The code needn't removal, the stack should be modified to be fast without > I4B and slow for those who wish to compile it with I4B anf Giant. Then slowness > is their problem, not of the Project. No, that would require maintaining two network stacks, not just one. The shims to allow unlocked code to run were not trivial. The choices were this: 1) Moving forward on work to allow the network stack to scale on SMP systems (e.g. modern x86 multi-core servers) and support higher rate protocols such as 10GB, 40GB, and 100GB. 2) Stop all progress on making the network stack scale on SMP. I'm sorry, but 2) just isn't feasible. Not if FreeBSD is to continue to be a modern, relevant system. Also, despite your claims to the contrary, there _was_ adequate notice: http://lists.freebsd.org/pipermail/freebsd-current/2007-June/072977.html This was also documented in the release notes for 7.0: http://www.freebsd.org/releases/7.0R/relnotes.html If you wish to help work on ISDN support, I suggest you offer to test hps@' ISDN stack. hps@ recently became a committer so I think there is a very good chance his code will be brought into the tree. We do have a policy for removing code in that it only gets removed if no one is able to maintain it and/or test patches for it. I locked several of the remaining NIC drivers during the push to remove Giant and a few of them were removed from the system because no one had the hardware around to test the patches to add locking (think of really old ISA NICs that only do 10Mbps). Even in that case, the code will always live on in the source code control repository's history. That means it can always be resurrected if someone shows up who will maintain it and keep it up to date. At this point I think this thread has reached the end of its usefulness. -- John Baldwin From owner-freebsd-security@FreeBSD.ORG Thu Sep 9 03:02:20 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6257010656BC for ; Thu, 9 Sep 2010 03:02:20 +0000 (UTC) (envelope-from jcw@speakeasy.net) Received: from mail7.sea5.speakeasy.net (mail7.sea5.speakeasy.net [69.17.117.52]) by mx1.freebsd.org (Postfix) with ESMTP id 46DA48FC13 for ; Thu, 9 Sep 2010 03:02:20 +0000 (UTC) Received: (qmail 10368 invoked from network); 9 Sep 2010 03:02:12 -0000 Received: from s4.stradamotorsports.com (HELO w16.stradamotorsports.com) (jcw@[64.81.163.122]) (envelope-sender ) by mail7.sea5.speakeasy.net (qmail-ldap-1.03) with SMTP for ; 9 Sep 2010 03:02:12 -0000 Message-ID: <4C884E33.8090709@speakeasy.net> Date: Wed, 08 Sep 2010 20:02:11 -0700 From: "Jason C. Wells" User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.9.1.10) Gecko/20100808 Lightning/1.0b1 Thunderbird/3.0.5 MIME-Version: 1.0 To: freebsd-security@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: 8.1 Heimdal KDC X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Sep 2010 03:02:20 -0000 Could somebody please confirm that they are actually using 8.1-R with heimdal as a KDC successfully? A little confirmation would help me greatly. Thanks, Jason C. Wells From owner-freebsd-security@FreeBSD.ORG Thu Sep 9 09:58:49 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6B44E10656B1 for ; Thu, 9 Sep 2010 09:58:49 +0000 (UTC) (envelope-from john.marshall@riverwillow.com.au) Received: from mail1.riverwillow.net.au (mail1.riverwillow.net.au [203.58.93.36]) by mx1.freebsd.org (Postfix) with ESMTP id DC3168FC14 for ; Thu, 9 Sep 2010 09:58:48 +0000 (UTC) Received: from rwpc12.mby.riverwillow.net.au (rwpc12.mby.riverwillow.net.au [172.25.24.193]) (authenticated bits=0) by mail1.riverwillow.net.au (8.14.4/8.14.4) with ESMTP id o899hf0K070817 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 9 Sep 2010 19:43:42 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=riverwillow.com.au; s=m1001; t=1284025422; bh=nClqd6bzqlq2uIZ24yFIZ3L4pJbljIYPfYmst+v8KlM=; h=Date:From:To:Cc:Subject:Message-ID:References:Mime-Version: Content-Type:In-Reply-To; b=0AXnZCcy5mVstPsWRWKXph3fxYJbB10Mbf/RDkwg0wZNyN3NfMmUi8fn+SGFOyS8h UloVnNyZDEDhDCQMCof0Wuc1ibxov3hChGoz3mUtDe5qebJcc3XKYPsi4w42wNB6+P XkXQZDRBjv2lQnKWN6wvC1de1JzSdvURnGfj8tXA= Received: from rwpc12.mby.riverwillow.net.au (localhost [127.0.0.1]) by rwpc12.mby.riverwillow.net.au (8.14.4/8.14.4) with ESMTP id o899hfJp024244; Thu, 9 Sep 2010 19:43:41 +1000 (AEST) (envelope-from john.marshall@riverwillow.com.au) Received: (from john@localhost) by rwpc12.mby.riverwillow.net.au (8.14.4/8.14.4/Submit) id o899hfpT024243; Thu, 9 Sep 2010 19:43:41 +1000 (AEST) (envelope-from john) Date: Thu, 9 Sep 2010 19:43:41 +1000 From: John Marshall To: "Jason C. Wells" Message-ID: <20100909094341.GI16882@rwpc12.mby.riverwillow.net.au> References: <4C884E33.8090709@speakeasy.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="eRtJSFbw+EEWtPj3" Content-Disposition: inline In-Reply-To: <4C884E33.8090709@speakeasy.net> User-Agent: Mutt/1.4.2.3i OpenPGP: id=A29A84A2 Cc: freebsd-security@freebsd.org Subject: Re: 8.1 Heimdal KDC X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Sep 2010 09:58:49 -0000 --eRtJSFbw+EEWtPj3 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, 08 Sep 2010, 20:02 -0700, Jason C. Wells wrote: > Could somebody please confirm that they are actually using 8.1-R with=20 > heimdal as a KDC successfully? A little confirmation would help me great= ly. I have 8.1-RELEASE running (base system) KDC's on three servers here. The master uses hprop to replicate to the slaves. The version of Heimdal on 8.1-RELEASE is Heimdal 1.1.0 Not all of the Heimdal man pages are installed on FreeBSD. I have found that hunting through man pages under /usr/src/crypto/heimdal helped me with compatibility issues between the Heimdal implementations on FreeBSD 7.n (Heimdal 0.6.3) and FreeBSD 8.n (Heimdal 1.1.0) - particularly the COMPATIBILITY section in /usr/src/crypto/heimdal/lib/gssapi/gssapi.3 --=20 John Marshall --eRtJSFbw+EEWtPj3 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (FreeBSD) iEYEARECAAYFAkyIrE0ACgkQw/tAaKKahKIRbACfajVcxxjeAHh+ONtmw42O9a0/ WyYAoKxlRz1Tpa2Vmv+Mg3jus+28aVc9 =5oUg -----END PGP SIGNATURE----- --eRtJSFbw+EEWtPj3--