Re: doas -s as a login shell

2015-08-09 Thread Philip Guenther
[I really do need a gmail extension to unbind control-return] On Sun, Aug 9, 2015 at 8:22 PM, Philip Guenther wrote: > On Sun, Aug 9, 2015 at 6:23 PM, trondd wrote: >> Was it a choice to not have 'doas -s' launch the shell as a login shell? That's what sudo -s does, yes? If you're asking for s

Re: doas -s as a login shell

2015-08-09 Thread Philip Guenther
On Sun, Aug 9, 2015 at 6:23 PM, trondd wrote: > Was it a choice to not have 'doas -s' launch the shell as a login shell? > Doing so reloads profiles preserving aliases and prompt variables. > > If a user is allowed to run the shell, the user can source the profile > anyway, so this is just a con

doas -s as a login shell

2015-08-09 Thread trondd
Was it a choice to not have 'doas -s' launch the shell as a login shell? Doing so reloads profiles preserving aliases and prompt variables. If a user is allowed to run the shell, the user can source the profile anyway, so this is just a convenience. Is there a security risk I'm missing? Ti

Re: LibreSSL 2.2.2 release

2015-08-09 Thread Brent Cook
> On Aug 9, 2015, at 10:07 AM, Jan Engelhardt wrote: > >> We have released LibreSSL 2.2.2, which will be arriving in the >> LibreSSL directory of your local OpenBSD mirror soon. > > The .pc files in libressl-2.2.2 upset the package mechanisms at hand, in > particular rpm, where ':' is used to

Re: Brainy: User-Triggerable Kernel Memory Leak in execve()

2015-08-09 Thread Alexey Suslikov
Theo de Raadt cvs.openbsd.org> writes: > I would like to point out the noise is coming from *users* -- not from > actual developers in the project. http://www.imdb.com/title/tt1278449/ you'll get the idea.

Re: Brainy: User-Triggerable Kernel Memory Leak in execve()

2015-08-09 Thread Christian Schulte
Am 08/09/15 um 23:38 schrieb Theo de Raadt: Awful lot of noise wherein people tell someone else what they should need to do with their time and their code. Sorry. It wasn't meant that way. I was just trying to be helpful to someone saying "I don't have time for that" and "this effort is too mu

Re: [PATCH] Fix segmentation fault in ping(8)

2015-08-09 Thread Nayden Markatchev
OK nayden@ On 5 Aug 2015 3:42 pm, "Theo de Raadt" wrote: > > You can reproduce with ping -s 0 host (it crashes if the packet size > > is less than 24). > > > > === > > RCS file: /cvs/src/sbin/ping/ping.c,v > > retrieving revision 1.1

Re: fix typos in plus58.html

2015-08-09 Thread Philip Guenther
On Sun, Aug 9, 2015 at 9:52 AM, Markus Lude wrote: ... > "an" before words not beginning with a vocal occurs quite frequent. > Should I provide a diff to fix them too? Hmm, in a quick scan, the only 'an' that looks incorrect to me is "an u area", which should be "a u-area", as 'u-area' is pronoun

Re: Brainy: User-Triggerable Kernel Memory Leak in execve()

2015-08-09 Thread Theo de Raadt
> Awful lot of noise wherein people tell someone else what they should > need to do with their time and their code. > > > To the best of my knowledge, we've cited and/or thanked Maxime in the > commits fixing the issues he's found, and we're glad to continue to > receive his reports, whether or n

Re: Brainy: User-Triggerable Kernel Memory Leak in execve()

2015-08-09 Thread Philip Guenther
Awful lot of noise wherein people tell someone else what they should need to do with their time and their code. To the best of my knowledge, we've cited and/or thanked Maxime in the commits fixing the issues he's found, and we're glad to continue to receive his reports, whether or not they includ

Re: fix typos in plus58.html

2015-08-09 Thread Jason McIntyre
On Sun, Aug 09, 2015 at 11:05:26AM -0700, Philip Guenther wrote: > On Sun, Aug 9, 2015 at 9:52 AM, Markus Lude wrote: > > attached is a diff to fix different typos in plus58.html. > > With a few tweaks, applied. Thanks! > > > > "use-after-free" is sometimes written as "use after free", I didn'

Re: fix typos in plus58.html

2015-08-09 Thread Philip Guenther
On Sun, Aug 9, 2015 at 9:52 AM, Markus Lude wrote: > attached is a diff to fix different typos in plus58.html. With a few tweaks, applied. Thanks! > "use-after-free" is sometimes written as "use after free", I didn't > include those. I could add a diff to unify them if wanted. I have a mild p

session leakage in httpd

2015-08-09 Thread Arto Jonsson
Hi, while testing the -current (I also see the issue on 5.7) httpd with a fuzzer I noticed that some HTTP requests result in the session not closing properly. I've attached inline a Python script that should demostrate the issue. I've tested the issue locally and from adjacent network. After run

Re: LibreSSL 2.2.2 release

2015-08-09 Thread Jan Engelhardt
>We have released LibreSSL 2.2.2, which will be arriving in the >LibreSSL directory of your local OpenBSD mirror soon. The .pc files in libressl-2.2.2 upset the package mechanisms at hand, in particular rpm, where ':' is used to denote the (ancient concept of) epochs. [ 99s] Invalid versi

fix typos in plus58.html

2015-08-09 Thread Markus Lude
Hello, attached is a diff to fix different typos in plus58.html. "use-after-free" is sometimes written as "use after free", I didn't include those. I could add a diff to unify them if wanted. "an" before words not beginning with a vocal occurs quite frequent. Should I provide a diff to fix them

sys/arch/{hppa,hppa64}/dev/apic.c cosmetics, Was:Re: Brainy: User-Triggerable Kernel Memory Leak in execve()

2015-08-09 Thread Alexey Suslikov
Christian Schulte schulte.it> writes: > _14/ UNINITIALIZED VARIABLE: sys/arch/hppa64/dev/apic.c rev1.8 > At l.176, 'cnt' is not initialized. I came up with the following. --- sys/arch/hppa/dev/apic.c.orig Sun Aug 9 14:16:56 2015 +++ sys/arch/hppa/dev/apic.cSun Aug 9 14:30:47 2

Re: Possible memory leak in sys/dev/ic/ti.c (was: Re: Brainy: User-Triggerable Kernel Memory Leak in execve())

2015-08-09 Thread Sebastien Marie
Hi, On Sat, Aug 08, 2015 at 05:39:07PM +0200, Christian Schulte wrote: > While at it. I cannot test this as I do not have corresponding hardware. > > Index: sys/dev/ic/ti.c > === > RCS file: /cvs/src/sys/dev/ic/ti.c,v > retrieving re