Re: Spool contents (smtpd offline) owner/perm check?

2016-11-06 Thread lists
> > I don't think it is reasonable. > > > > First of all there shouldn't be a case where the permissions needs to be > > fixed in the first place, if something hits queue with wrong permissions > > there is something really worrying that shouldn't be fixed without admin > > deciding to do so. > >

xenodm: privilege separation for the greeter window

2016-11-06 Thread Matthieu Herrb
Hi, The (preliminary) patch below implements privilege separation for the xenodm (XDM replacement) greeter window. Instead of running the greeter as root, xenodm will fork a new process that will revoke its priveges by switch to the _x11 user and communicate with the parent xdm process with a pip

Re: Spool contents (smtpd offline) owner/perm check?

2016-11-06 Thread Theo de Raadt
> On Sat, Nov 05, 2016 at 10:03:32AM +0200, li...@wrant.com wrote: > > Hi tech@, > > > > While investigating missing system mail, I found out the messages were in > > > > /var/spool/smtpd/offline > > > > One of them actually contains the explanation for why these were missing: > > > > == >

Re: Spool contents (smtpd offline) owner/perm check?

2016-11-06 Thread Gilles Chehade
On Sat, Nov 05, 2016 at 10:03:32AM +0200, li...@wrant.com wrote: > Hi tech@, > > While investigating missing system mail, I found out the messages were in > > /var/spool/smtpd/offline > > One of them actually contains the explanation for why these were missing: > > == > /etc/mtree/4.4BSD.di

Superfluous DMA sync in HC drivers

2016-11-06 Thread Martin Pieuchot
Since rev1.85 of dev/usb/usbdi.c the USB stack does DMA synchronization in usb_transfer_complete(). That mean we can now remove some code from the HC drivers that were performing this synchronization. ok? Index: ehci.c === RCS file:

.depend permissions for libraries

2016-11-06 Thread Theo Buehler
The lib/*/obj/.depend files end up having permissions 600 since they are created as tempfiles and then moved to the obj directory. I think that there is no deeper reason for such restrictive permissions and it gets in the way of having a dedicated build user. If we copy the files and then remove