On Fri, May 13, 2016 at 10:52:34PM +0200, Theo Buehler wrote:
> opendev(3) should not be called by pledged processes, so the pledge of
> dumpfs(8) needs to be redone:
I agree.
> opendev is called in a loop over argv.
>
> As dumpfs spews a whole lot of potentially untrusted data to stdout,
> fork
> I think you are totally missing the point that Theo just made.
> Marking partitions as read-only is useful, when and only when
> appropriate.
> I have:
> /var/www/var
> /home
> /home/user1
> /home/user2
> /usr/local
>
> all marked as read-only.
> Why, because when the power fails, no data is los
Still looking for some tests on r600 and powerpc for this.
Note that the majors of libGL and libOSMesa are cranked due
to removed symbols. Minors of libGLESv2 and libglapi.
> The report is fairly easy to reproduce. Make the /usr filesystem
> read-only in /etc/fstab, go to single user mode and exit back to
> multi-user. I've appended a transcript.
This does not matter. It is your configuration. It is not the default.
Can you make /usr readonly on 90% of other ope
>I think it comes down to this. If you want read-only /etc, you'll have to
>modify /etc/rc, if you still want the mitigation.
I want to no readable files in /usr/lib!
PLEASE, the make-programs-run migitation is killing me!
I think you are totally missing the point that Theo just made.
Marking partitions as read-only is useful, when and only when
appropriate.
I have:
/var/www/var
/home
/home/user1
/home/user2
/usr/local
all marked as read-only.
Why, because when the power fails, no data is lost and I'm quickly back
u
RD Thrush [openbsd-t...@thrush.com] wrote:
> On 05/13/16 11:07, Theo de Raadt wrote:
> >> Since the anti-ROP mechanism in libc [2] was added in late April, -current
> >> with read-only /usr produces something like the following message:
> >> re-ordering libraries:install: /usr/lib/INS@OPOjn7ck17:
Sent from my iPhone
> On May 13, 2016, at 4:16 PM, RD Thrush wrote:
>
> On 05/13/16 11:07, Theo de Raadt wrote:
>>> Since the anti-ROP mechanism in libc [2] was added in late April, -current
>>> with read-only /usr produces something like the following message:
>>> re-ordering libraries:insta
On 05/13/16 11:07, Theo de Raadt wrote:
>> Since the anti-ROP mechanism in libc [2] was added in late April, -current
>> with read-only /usr produces something like the following message:
>> re-ordering libraries:install: /usr/lib/INS@OPOjn7ck17: Read-only file system
>
> Look, your statement is
On Fri, May 13, 2016 at 02:06:36PM -0700, Bryan Vyhmeister wrote:
> This patch updates the boot command from 5.6 to 5.9.
fixed, thanks!
This patch updates the boot command from 5.6 to 5.9.
Bryan
Index: macppc.html
===
RCS file: /cvs/www/macppc.html,v
retrieving revision 1.248
diff -u -p -r1.248 macppc.html
--- macppc.html 8 Apr 2016 01:58:04 - 1.248
+++ ma
opendev(3) should not be called by pledged processes, so the pledge of
dumpfs(8) needs to be redone: opendev is called in a loop over argv.
As dumpfs spews a whole lot of potentially untrusted data to stdout,
fork, read the data in the child and pipe it to the pledged parent
that writes it to stdo
On Fri, 13 May 2016 15:00:22 -0400, "Ted Unangst" wrote:
> overzealous use of errx() hides useful information about the error.
OK millert@
- todd
ok
Ted Unangst(t...@tedunangst.com) on 2016.05.13 15:00:22 -0400:
> overzealous use of errx() hides useful information about the error.
>
>
> Index: bioctl.c
> ===
> RCS file: /cvs/src/sbin/bioctl/bioctl.c,v
> retrieving revision 1.
overzealous use of errx() hides useful information about the error.
Index: bioctl.c
===
RCS file: /cvs/src/sbin/bioctl/bioctl.c,v
retrieving revision 1.130
diff -u -p -r1.130 bioctl.c
--- bioctl.c4 Feb 2016 08:31:26 - 1
View this email with images.
2016 CUSTOMER SERVICE REPORT RESULTS Call Today! 866-732-9800
WE IDENTIFY OUTSTANDING BUSINESSES
[IMAGE]
BISTRO AT THE OLD FORT INN IS BEING HONORED AS A WINNER OF THE 2016
SPECTRUM AWARD FOR SERVICE EXCELLENCE!
Congratulations are in order to you and your team
> Since the anti-ROP mechanism in libc [2] was added in late April, -current
> with read-only /usr produces something like the following message:
> re-ordering libraries:install: /usr/lib/INS@OPOjn7ck17: Read-only file system
Look, your statement is false. I can install a snapshot right now,
and
Since the anti-ROP mechanism in libc [2] was added in late April, -current with
read-only /usr produces something like the following message:
re-ordering libraries:install: /usr/lib/INS@OPOjn7ck17: Read-only file system
I thought I was following best practice by mounting /usr, /usr/X11R6, and
/u
That seems a bit excessive to crash the program when all you may want to do
is track the exit of a child. Does the pledge proc flag dictate that you
can't do wait() as well?
Mark,
What does it mean if SEL0002 at acpi0 not configured does not show up
when you boot? I haven't tried it yet, but I don't expect that it will
print out this message.
Thanks,
Chase
On Wed, May 4, 2016 at 4:25 PM, Mark Kettenis wrote:
>> Authentication-Results: xs4all.nl; spf=pass smtp.mailf
20 matches
Mail list logo
