Re: [PATCH] ssh: don't make the umask more permissive than the user has set

2022-10-06 Thread Damien Miller
On Tue, 4 Oct 2022, Alex Henrie wrote: > Daniel Kahn Gillmor suggested this exact change on the openssh-unix-dev > mailing list in 2008, but I couldn't find any reply. [1] > > Ignoring the current umask makes it hard to fulfill the Defense > Information Systems Agency's Security Technical Impleme

Re: Change pru_abort() return type to the type of void and make pru_abort optional

2022-10-06 Thread Vitaliy Makkoveev
ping > On 17 Sep 2022, at 22:44, Vitaliy Makkoveev wrote: > > We have no interest on pru_abort() return value. Also we call it only > through soabort() which is dummy pru_abort() wrapper and has no return > value. > > Also only the connection oriented sockets need to implement > (*pru_abort)()

install.sub: leave installurl handling to syspatch(8)

2022-10-06 Thread Klemens Nanni
When upgrading to releases, the installer fills rc.firsttime(8) with a syspatch(8) snippet possibly displaying available patches. That snippet itself checks for a release version as well as an existent installurl(5) file as a precondition for syspatch, see the diff below. syspatch, however, has c

OpenBGPD 7.7 released

2022-10-06 Thread Claudio Jeker
We have released OpenBGPD 7.7, which will be arriving in the OpenBGPD directory of your local OpenBSD mirror soon. This release includes the following changes to the previous release: * Adjust pathid_assign() to be much faster for the common case. * Improve performance for generating updat

Re: snmp: Add support for PF_LIMIT_ANCHORS

2022-10-06 Thread Stuart Henderson
On 2022/10/06 18:20, Martijn van Duren wrote: > Just before lock mbuhl pointed out a new limit placed in pf, not > exported yet over snmp. Here's a diff to add support for > PF_LIMIT_ANCHORS. > > the OPENBSD-PF-MIB.txt DESCRIPTION is adapted from pfLimitMaxTables. > The snmp{,d} parts are there ju

Re: ldomctl: console: add -E escape_char

2022-10-06 Thread Theo de Raadt
I think if we make all the escape options in all the programs changable via an option -- there will be only one person using it: Klemens Nanni. This is 2022. This is not a new problem, multi-layer escape with various characters have been in ssh, cu, tmux, and other things for basicallyt forever.

Re: ldomd: MAKEDEV: crank vdsp to 24

2022-10-06 Thread Mark Kettenis
> Date: Sun, 18 Sep 2022 21:54:34 + > From: Klemens Nanni > > With eight domains and two or more disks per domain it is easy to exceed > the current number of 16 virtual disks. > > I pass at least one miniroot and one root/data disk to every guest, > one domain has additional disk for softra

Re: ldomctl: download: add -s to select afterwards

2022-10-06 Thread Mark Kettenis
> Date: Sun, 18 Sep 2022 19:08:46 + > From: Klemens Nanni > > The T4-2 firmware does NOT select newly downloaded configurations, so > I have to run > > # ldomctl download config-try-3-with-this-feature > [... wait... sometimes it hangs and needs ^C + rerun...] > # ldomctl s

Re: ldomctl/ldom.conf: iodevice: accept NACs as well

2022-10-06 Thread Mark Kettenis
> Date: Sun, 18 Sep 2022 08:43:14 + > From: Klemens Nanni > > Assignable PCIe devices have a root complex path and a more descriptive > I/O slot path; example output from a T4-2: > > # ldomctl list-io > PATH NAME > /@400/@2/@0/@8 /SYS/MB/PCIE0 > /@500/@

Re: ldomctl: console: add -E escape_char

2022-10-06 Thread Mark Kettenis
> Date: Sat, 17 Sep 2022 10:50:46 + > From: Klemens Nanni > > In my case, accessing guest domain consoles always happens through SSH, > ILOM, or conserver, so there's usually one more level to escape. > > Changing cu(1)'s escape character makes things easier to type and harder > to mess up (

Re: sysupgrade: apply bsd.re-config(5) to /bsd.upgrade

2022-10-06 Thread Klemens Nanni
On Tue, Sep 06, 2022 at 03:11:45PM +, Klemens Nanni wrote: > On rare occasions, I need 'disable xxx' in /etc/bsd.re-config to be able to > boot a system, e.g. to ignore quirky devices crashing drivers during attach. > > bsd.re-config(5) currently applies to GENERIC(.MP) /bsd alone, but /bsd.rd

snmp: Add support for PF_LIMIT_ANCHORS

2022-10-06 Thread Martijn van Duren
Just before lock mbuhl pointed out a new limit placed in pf, not exported yet over snmp. Here's a diff to add support for PF_LIMIT_ANCHORS. the OPENBSD-PF-MIB.txt DESCRIPTION is adapted from pfLimitMaxTables. The snmp{,d} parts are there just for pretty printing. OK? martijn@ Index: share/snmp/

Re: malloc: prep for immutable pages

2022-10-06 Thread Theo de Raadt
Marc Espie wrote: > On Wed, Oct 05, 2022 at 07:54:41AM -0600, Theo de Raadt wrote: > > Marc Espie wrote: > > > > > On Tue, Oct 04, 2022 at 10:15:51AM -0600, Theo de Raadt wrote: > > > > A note on why this chance is coming. > > > > > > > > malloc.c (as it is today), does mprotects back and fort

Re: vmd: remove the user quota tracking

2022-10-06 Thread Theo Buehler
On Wed, Oct 05, 2022 at 05:03:16PM -0400, Dave Voutila wrote: > Matthew Martin recently presented a patch on tech@ [1] fixing some missed > scaling from when I converted vmd(8) to use bytes instead of megabytes > everywhere. I finally found time to wade through the code it touches and > am proposin

Re: iostat's four drives by default

2022-10-06 Thread Jan Stary
ping On Sep 18 18:16:45, h...@stare.cz wrote: > Better diff: remove the comment as well. > > > Index: iostat.8 > === > RCS file: /cvs/src/usr.sbin/iostat/iostat.8,v > retrieving revision 1.28 > diff -u -p -r1.28 iostat.8 > --- iosta

eeprom.8: document network-boot-arguments for sparc64 diskless(8)

2022-10-06 Thread Klemens Nanni
The Oracle OpenBoot 4.x Administration Guide[0] documents a few useful options for network boot. Basically do either {ok} setenv network-boot-arguments tftp-retries=0 {ok} boot net ... or {ok} boot net:tftp-retries=0 ... Newer machines like the T4-2 using OpenBoot 4.38.16

Re: malloc: prep for immutable pages

2022-10-06 Thread Marc Espie
On Wed, Oct 05, 2022 at 07:54:41AM -0600, Theo de Raadt wrote: > Marc Espie wrote: > > > On Tue, Oct 04, 2022 at 10:15:51AM -0600, Theo de Raadt wrote: > > > A note on why this chance is coming. > > > > > > malloc.c (as it is today), does mprotects back and forth between RW and > > > R, to prote