Reyk Floeter wrote:
> Yes, in theory if_index should be fixed and return a consistent number
> between 1 and the number of interfaces. But this is obviously
> difficult and I'm not sure if it's worth the effort. So the "hack"
> that you're going to remove was a best effort. But putting another
Commercial software is the same. They make it clear that no promises are
made that the software is fit for any particular purpose in the EULA. My
assumption is making such a promise would hold them accountable when it
failed, and I doubt any company would find it profitable to invest in
enough QA
> > Not really. Cloneable devices are used to create per-open context.
>
> well, it seems to me that having a limit on the number of devices like usb
> stuff or something is somewhat wasteful. It would probably be nicer if it
> could adjust automatically (note that I have no idea how much more wo
I think you're in trouble. Some of the software on the openbsd CDs was written
by me,
and I never made any promises it's safe to use on an important
server. Not that you should trust me even if I did make such a promise.
It's software you're getting from the Internet. Made by people from the
Int
On Fri, Sep 13, 2013 at 07:24:27PM +0200, Mark Kettenis wrote:
> > Date: Fri, 13 Sep 2013 17:55:17 +0200
> > From: Marc Espie
> >
> > In general, when we don't have enough of a device, we end up with clonable
> > shit or something don't we ?
>
> Not really. Cloneable devices are used to create
People,
Let me mention my sadness at trying to research this.
1. The PCI-DDS v 2.0 pdf is behind a click through that proports to create
a binding legal contract. So the boilerplate looked okay but there was a
warning about the document mayhaps being a controlled munition. I was
irritated and j
> Date: Fri, 13 Sep 2013 17:55:17 +0200
> From: Marc Espie
>
> In general, when we don't have enough of a device, we end up with clonable
> shit or something don't we ?
Not really. Cloneable devices are used to create per-open context.
We've all expressed reasonable doubt. In the US you can be assured
that the USPS will open, scan, read, and deliver your mail. So it's
reasonable to believe that they may also tamper with your openbsd
CD's. Just buy the disks, let this thread die along with the stupidity
of PCI-DSS (which I've danc
In general, when we don't have enough of a device, we end up with clonable
shit or something don't we ?
On Fri, Sep 13, 2013 at 4:01 PM, Kirill Bychkov wrote:
> On Fri, September 13, 2013 13:19, Stuart Henderson wrote:
>> On 2013/09/13 10:59, David Coppa wrote:
>>> On Fri, Sep 13, 2013 at 10:57 AM, Martin Pieuchot
>>> wrote:
>>>
>>> > Out of curiosity, can I see the dmesg for this machine? I'd lik
On Fri, Sep 13, 2013 at 11:13:36AM +0300, Valentin Zagura wrote:
> Security itself is not the primary issue here. The issue is to easily prove
> an assessor "without reasonable doubt" that you are running the right thing.
> They will not worry about governments trying to break in with MITM signed
>
On Fri, September 13, 2013 13:19, Stuart Henderson wrote:
> On 2013/09/13 10:59, David Coppa wrote:
>> On Fri, Sep 13, 2013 at 10:57 AM, Martin Pieuchot
>> wrote:
>>
>> > Out of curiosity, can I see the dmesg for this machine? I'd like to
>> > know which devices attach at ugen(4).
>>
>> ask djm@
On Fri, 13 Sep 2013, Martin Pieuchot wrote:
> > 16097 pcscdNAMI "/dev/ugen2.00"
>
> Out of curiosity, can I see the dmesg for this machine? I'd like to
> know which devices attach at ugen(4).s
It's a Lenovo x61t. Two devices attach to ugen before I plug anything in,
the built-in fingerpri
On Fri, Sep 13, 2013 at 11:19 AM, Stuart Henderson wrote:
> On 2013/09/13 10:59, David Coppa wrote:
>> On Fri, Sep 13, 2013 at 10:57 AM, Martin Pieuchot
>> wrote:
>>
>> > Out of curiosity, can I see the dmesg for this machine? I'd like to
>> > know which devices attach at ugen(4).
>>
>> ask djm@
On 2013/09/13 10:59, David Coppa wrote:
> On Fri, Sep 13, 2013 at 10:57 AM, Martin Pieuchot
> wrote:
>
> > Out of curiosity, can I see the dmesg for this machine? I'd like to
> > know which devices attach at ugen(4).
>
> ask djm@
>
> > Makes sense to me, it's not too difficult to have more tha
On Fri, Sep 13, 2013 at 10:45:57AM +0200, Martin Pieuchot wrote:
> > No, that's utterly stupid. The interface index is a value that is
> > supposed to be consistent across the system. How should it be synced
> > with other userland tools? How would you handle it in if_nametoindex
> > and friends
On Fri, Sep 13, 2013 at 10:57 AM, Martin Pieuchot
wrote:
> Out of curiosity, can I see the dmesg for this machine? I'd like to
> know which devices attach at ugen(4).
ask djm@
> Makes sense to me, it's not too difficult to have more than 2 usb
> devices attached as ugen(4) these days, for exam
On 13/09/13(Fri) 10:17, David Coppa wrote:
>
> While debugging a problem with pcscd from security/pcsc-lite
>
> 06361622 hotplug_libusb.c:514:HPAddHotPluggable() Adding USB device: 3:2:0
> 0191 hotplug_libusb.c:558:HPAddHotPluggable() libusb_open failed: -4
>
> We (Damien and me) quickly fou
On 13/09/13(Fri) 10:14, Reyk Floeter wrote:
> On Fri, Sep 13, 2013 at 09:53:03AM +0200, Martin Pieuchot wrote:
> > > -let snmpd (or sth else) make up ifindices just for that purpose
> >
> > That looks like the best solution to me. If a userland program want
> > to expose following numbers, then i
* Reyk Floeter [2013-09-13 10:20]:
> please read the history: if_index _was_ created for SNMP.
I'm not at all certain you got the history right there...
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS Servi
On 2013/09/13 09:53, Martin Pieuchot wrote:
> On 12/09/13(Thu) 18:56, Henning Brauer wrote:
> > -let snmpd (or sth else) make up ifindices just for that purpose
>
> That looks like the best solution to me. If a userland program want
> to expose following numbers, then it probably needs to create
* Valentin Zagura [2013-09-13 10:15]:
> Security itself is not the primary issue here. The issue is to easily prove
> an assessor "without reasonable doubt" that you are running the right thing.
> They will not worry about governments trying to break in with MITM signed
> ssl or about armies break
On Fri, Sep 13, 2013 at 09:53:03AM +0200, Martin Pieuchot wrote:
> > -let snmpd (or sth else) make up ifindices just for that purpose
>
> That looks like the best solution to me. If a userland program want
> to expose following numbers, then it probably needs to create its own
> indexes anyway, e
While debugging a problem with pcscd from security/pcsc-lite
06361622 hotplug_libusb.c:514:HPAddHotPluggable() Adding USB device: 3:2:0
0191 hotplug_libusb.c:558:HPAddHotPluggable() libusb_open failed: -4
We (Damien and me) quickly found that the cause was:
16097 pcscdGIO fd 1 wrote
Security itself is not the primary issue here. The issue is to easily prove
an assessor "without reasonable doubt" that you are running the right thing.
They will not worry about governments trying to break in with MITM signed
ssl or about armies breaking in with the tanks. But they would worry abo
On 12/09/13(Thu) 18:56, Henning Brauer wrote:
> * Mike Belopuhov [2013-09-12 17:54]:
> > it makes no sense whatsoever, reyk. those indices can be easily
> > stolen and nobody guarantees that if you create vlan10, vlan11,
> > then destroy vlan10, create vlan12 and vlan10 that vlan10 will
> > have
On Fri, Sep 13, 2013 at 10:32:43AM +0300, Paul Irofti wrote:
> > Yes, the MITM was DPD. Great currier. I recommand it to everyone. NOT!
>^courier
the two aren't necessarily mutually exclusive ;)
- P
--
Peter N. M. Hansteen, member of the first RFC 1149 implement
On 2013/09/13 09:10, Martin Pieuchot wrote:
> On 12/09/13(Thu) 13:50, Philip Guenther wrote:
> > (I don't get why it's useful for tun0-in-layer3 mode to have the same
> > if_index as tun0-in-layer2 mode. The properties are so different that
> > there doesn't really seem to be continuity of identit
> Yes, the MITM was DPD. Great currier. I recommand it to everyone. NOT!
^courier
> Physical email is as susceptible to MITM attacks as network connections. I
> know a story of laptops entering the mail system and car springs coming
> out the other end in the same box. :-)
Yes, the MITM was DPD. Great currier. I recommand it to everyone. NOT!
On 12/09/13(Thu) 13:50, Philip Guenther wrote:
> On Thu, Sep 12, 2013 at 10:19 AM, Mike Belopuhov wrote:
> ...
> > either way, we need to move forward on this. we want to use if_index
> > for the purpose of looking up the interface w/o a pointer to the ifnet.
>
> This sounds like just using a pi
31 matches
Mail list logo
