On Thu, 09 Apr 2015 08:37:31 +0200, Tim van der Molen wrote:
> This diff makes zmore and zless recognise options starting with + so
> that commands like "zless +G foo.gz" work.
>
> It makes sense to do this for zmore, too, because the less
> implementation of more also supports + options.
Thanks
> Just to make sure I understand what is expected of isssetguid() - could you
> perhaps, in terms of ls -l output with suid programs describe the
> sequence(s) where the value should be 1 - and especially, when they might
> (read should) be 0.
>
> >From memory of what I read (how I understood) the
Hi,
kflag and wflag don't need to be counters; wflag only needs to know if
greater than 0 for its one test case.
Expanded diff context below.
OK?
Thanks,
Okan
Index: ps.c
===
RCS file: /home/open/cvs/src/bin/ps/ps.c,v
retrieving r
I shall look at collecting the in-tree stuff. My servers are in the
netherlands, and I am in austin atm. I have a meeting with the security
team in about 30 minutes and I am going to mention libressl and get a
discussion going.
One of the things I wanted to discuss is about priv escalation.
Just
Below another min() -> ulmin() conversion to prevent integer overflow.
The size (tmp - buf) passed to uiomovei() is essentially bound by the
'count' variable, thus convert to uiomove().
Index: arch/amd64/amd64/nvram.c
===
RCS file: /c
uio_resid may overflow when coerced to u_int, causing lptwrite() to
return early. Also, uiomovei() can be replaced with uiomove(), the size
argument is of type size_t anyway.
Index: dev/ic/lpt.c
===
RCS file: /cvs/src/sys/dev/ic/lpt.c
Struct file again.
f_flag isn’t modified often, so it’s modifacation can be atomic.
f_msgcount and f_rxfer, f_wxfer, f_seek, f_rbytes, f_wbytes can be protected by
rwlock.
f_offset protection is actual for vnodes only.
FIF_MARK and FIF_DEFER flags are used only by unpc garbage collector. This
f
Like vlan(4) and carp(4), bridge(4) also need to be tweaked to still
work during the if_input() transition. Removing the ether_input()
calls in this driver was a bit tricky *because* bridge_input() is
called after ether_input().
See how 3 M_PREPEND() are converted to 1? And soon none will be
req
Stuart Henderson wrote:
> There is a standard (required) hostname scheme, whois.nic.tld, for the
> new gTLDs. For months whois-servers.net didn't list any of the new ones,
> they are starting to catch up but are still behind,
>
> $ unbound-host sucks.whois-servers.net
> Host sucks.whois-servers.ne
Same problem as with vlan(4). carp(4) also need to stop calling
ether_input() directly and that implies having a mbuf with the
correct Ethernet header prepended.
Index: netinet/ip_carp.c
===
RCS file: /cvs/src/sys/netinet/ip_carp.c,v
Right now vlan_input() is called *after* ether_input(). More precisely
it is called after the mbuf has been m_adj(9)'usted to skip the Ethernet
header. This is not a problem in se but...
To make sure vlan(4) keeps working during the if_input() transition, it
has to stop calling ether_input() and
On 8 April 2015 at 19:16, Mike Belopuhov wrote:
> On Sun, Apr 05, 2015 at 12:06 +0200, Alexandr Nedvedicky wrote:
>> Hello,
>>
>> while testing PBR on Solaris we found out the pfi_kif instances
>> are not removed from pfi_ifs table. We took a look at crashdump
>> and have seen pfik_route counter a
> The example I have is one of a cluster of about 50 small machines with
> 16GB flash cards each. Currently the alloc_big scheme is used by
> disklabel for these (as with anything > about 8GB, depending on RAM). On
> a 16GB flash card it will allocate about 17% of total space to /usr/src
> and
On 09/04/15 10:53, Theo de Raadt wrote:
If you have very small disk, disklabel will give you one partition.
No problem. DONE.
If you have ample disk, it will try to give you more partitions,
because the split partition scheme is MORE SECURE. It will stepwise
increase the number of partitions
On 2015/04/09 10:25, Stuart Henderson wrote:
> There is a standard (required) hostname scheme, whois.nic.tld, for the
> new gTLDs. For months whois-servers.net didn't list any of the new ones,
> they are starting to catch up but are still behind,
>
> $ unbound-host sucks.whois-servers.net
> Host s
> But it seems people are expected to build a custom bsd.rd if they
> want something different so I'll bow out of this conversation.
No, the situation is that less than 1% of the user community
apparently have a secret usage case, but never manage to explain it.
Changes done by pseudo-driver *after* ether_ifattach() must be undone
*before* ether_ifdetach(). Otherwise it is impossible to ensure we're
leaving a stacked pseudo-interface in a correct state.
Since I don't want to modify every single driver calling ether_ifdetach()
I'm using a new function, if
There is a standard (required) hostname scheme, whois.nic.tld, for the
new gTLDs. For months whois-servers.net didn't list any of the new ones,
they are starting to catch up but are still behind,
$ unbound-host sucks.whois-servers.net
Host sucks.whois-servers.net not found: 3(NXDOMAIN).
$ unbound
On April 9, 2015 9:33:57 AM GMT+02:00, Stuart Henderson
wrote:
>On 2015/04/09 09:13, Alexander Hall wrote:
>>
>> I don't think tweaking an existing auto label is unnecessary and
>overly . Hardcoding mount points and their sizes should be enough, and
>leave the rest unallocated.
>
>At least, s
On 2015/04/09 09:13, Alexander Hall wrote:
>
> I don't think tweaking an existing auto label is unnecessary and overly .
> Hardcoding mount points and their sizes should be enough, and leave the rest
> unallocated.
At least, specifying in % is pretty important.
But it seems people are expecte
On April 9, 2015 2:44:28 AM GMT+02:00, Stuart Henderson
wrote:
>On 2015/04/09 01:53, Alexander Hall wrote:
>> On April 8, 2015 9:13:27 AM GMT+02:00, Stuart Henderson
>> wrote:
>> >On 2015/04/07 20:02, Alex Wilson wrote:
>> >> On the topic of local tweaks to autoinstall, I was trying to use
>it
21 matches
Mail list logo
