Reyk Floeter wrote:
> I meant: could you use /* */ instead of //?
oh, sure. done.
> Yes, it looks slightly better.
>
> grumble OK reyk
thanks.
Matthew, thanks.
On Wed, May 08, 2019 at 07:05:24PM -0400, Ted Unangst wrote:
> Reyk Floeter wrote:
> > On Wed, May 08, 2019 at 06:44:32PM -0400, Ted Unangst wrote:
> > > Ted Unangst wrote:
> > > > Matthew Martin wrote:
> > > > > I did that originally [1], but Reyk preferred the varargs approach
> > > > > [2],
> >
Ted Unangst wrote:
> ca_exec or ca_system I could go either way, but there's no longer sh involved,
> so that's why I went back to exec.
Even more accurate to name it ca_execv(), since this is a argv[] interface.
Reyk Floeter wrote:
> On Wed, May 08, 2019 at 06:44:32PM -0400, Ted Unangst wrote:
> > Ted Unangst wrote:
> > > Matthew Martin wrote:
> > > > I did that originally [1], but Reyk preferred the varargs approach [2],
> > > > so I changed the patch to match.
> > >
> > > Sorry, only wading into the thr
On Wed, May 08, 2019 at 06:44:32PM -0400, Ted Unangst wrote:
> Ted Unangst wrote:
> > Matthew Martin wrote:
> > > I did that originally [1], but Reyk preferred the varargs approach [2],
> > > so I changed the patch to match.
> >
> > Sorry, only wading into the thread at this point. Seems not every
This feels approximately right to me.
Ted Unangst wrote:
> Matthew Martin wrote:
> > I did that originally [1], but Reyk preferred the varargs approach [2],
> > so I changed the patch to match.
>
> Sorry, only wading into the thread at this point. Seems not everybody has the
> same taste in code... Well, we have the original. Let me b
Matthew Martin wrote:
> I did that originally [1], but Reyk preferred the varargs approach [2],
> so I changed the patch to match.
Sorry, only wading into the thread at this point. Seems not everybody has the
same taste in code... Well, we have the original. Let me bring that back.
Matthew Martin wrote:
> On Wed, May 08, 2019 at 04:22:16PM -0600, Theo de Raadt wrote:
> > Isn't something like better -- to avoid marshalling code to convert
> > arguments -> array?
> >
> > char *pkcs_args[] =
> > PATH_OPENSSL,
> > "pkcs12",
> > "-export",
> > "-caname",
> >
On Wed, May 08, 2019 at 04:22:16PM -0600, Theo de Raadt wrote:
> Isn't something like better -- to avoid marshalling code to convert
> arguments -> array?
>
> char *pkcs_args[] =
> PATH_OPENSSL,
> "pkcs12",
> "-export",
> "-caname",
> ca->caname,
> "-name",
>
Ted Unangst wrote:
> Theo de Raadt wrote:
> > Isn't something like better -- to avoid marshalling code to convert
> > arguments -> array?
>
> this requires mixing declarations and code, but all our compilers are c99
> compliant now, and this does make ca_system simpler.
I dislike mixing decl an
Theo de Raadt wrote:
> Isn't something like better -- to avoid marshalling code to convert
> arguments -> array?
this requires mixing declarations and code, but all our compilers are c99
compliant now, and this does make ca_system simpler.
>
> char *pkcs_args[] =
> PATH_OPENSSL,
>
Ted Unangst wrote:
> Matthew Martin wrote:
> > ping
> >
> > On Thu, Apr 25, 2019 at 11:21:00PM -0500, Matthew Martin wrote:
> > > On Thu, Apr 25, 2019 at 08:59:56PM -0600, Theo de Raadt wrote:
> > > > > + argv = alloca((n + 1) * sizeof(*argv));
> > > >
> > > > Our source tree is exceeding
On Wed, May 08, 2019 at 01:06:30PM -0500, Matthew Martin wrote:
> ping
>
The diff looks good now. I otherwise agree with tedu.
OK reyk@
> On Thu, Apr 25, 2019 at 11:21:00PM -0500, Matthew Martin wrote:
> > On Thu, Apr 25, 2019 at 08:59:56PM -0600, Theo de Raadt wrote:
> > > > + argv = al
Matthew Martin wrote:
> ping
>
> On Thu, Apr 25, 2019 at 11:21:00PM -0500, Matthew Martin wrote:
> > On Thu, Apr 25, 2019 at 08:59:56PM -0600, Theo de Raadt wrote:
> > > > + argv = alloca((n + 1) * sizeof(*argv));
> > >
> > > Our source tree is exceedingly sparing in the use of alloca().
>
ping
On Thu, Apr 25, 2019 at 11:21:00PM -0500, Matthew Martin wrote:
> On Thu, Apr 25, 2019 at 08:59:56PM -0600, Theo de Raadt wrote:
> > > + argv = alloca((n + 1) * sizeof(*argv));
> >
> > Our source tree is exceedingly sparing in the use of alloca().
> > This will not do.
>
> Was staying
On Thu, Apr 25, 2019 at 08:59:56PM -0600, Theo de Raadt wrote:
> > + argv = alloca((n + 1) * sizeof(*argv));
>
> Our source tree is exceedingly sparing in the use of alloca().
> This will not do.
Was staying as close as possible to exec.c, but avoiding alloca is
preferable; replaced with re
> + argv = alloca((n + 1) * sizeof(*argv));
Our source tree is exceedingly sparing in the use of alloca().
This will not do.
ping after unlock
diff --git usr.sbin/ikectl/ikeca.c usr.sbin/ikectl/ikeca.c
index bac76ab9c2f..09df5066820 100644
--- usr.sbin/ikectl/ikeca.c
+++ usr.sbin/ikectl/ikeca.c
@@ -18,11 +18,13 @@
#include
#include
+#include
#include
#include
#include
#include
#include
+#include
#incl
ping
On Fri, Mar 8, 2019 at 8:52 PM Matthew Martin wrote:
>
> On Fri, Mar 8, 2019 at 3:39 AM Reyk Floeter wrote:
> >
> > On Wed, Mar 06, 2019 at 10:42:15PM -0600, Matthew Martin wrote:
> > > I had sent a similar patch a while back. There seemed to me some
> > > interest, but it was never comitte
On Fri, Mar 8, 2019 at 3:39 AM Reyk Floeter wrote:
>
> On Wed, Mar 06, 2019 at 10:42:15PM -0600, Matthew Martin wrote:
> > I had sent a similar patch a while back. There seemed to me some
> > interest, but it was never comitted. Updated to apply to -current.
> >
>
> I vaguely remember that there w
On Wed, Mar 06, 2019 at 10:42:15PM -0600, Matthew Martin wrote:
> I had sent a similar patch a while back. There seemed to me some
> interest, but it was never comitted. Updated to apply to -current.
>
I vaguely remember that there was a diff that had issues that I didn't
like for different reaso
On Thu, Mar 7, 2019 at 4:53 AM Stuart Henderson wrote:
>
> On 2019/03/06 22:20, Theo de Raadt wrote:
> > I'm not sure why this matters.
> >
> > Fundamentally system is fork+exec via a shell. So you write it as
> > minimal fork+exec.
> >
> > What is the particular benefit you see here, is it secur
On 2019/03/06 22:20, Theo de Raadt wrote:
> I'm not sure why this matters.
>
> Fundamentally system is fork+exec via a shell. So you write it as
> minimal fork+exec.
>
> What is the particular benefit you see here, is it security -- and if
> so, what is the security benefit? Have you identified
I'm not sure why this matters.
Fundamentally system is fork+exec via a shell. So you write it as
minimal fork+exec.
What is the particular benefit you see here, is it security -- and if
so, what is the security benefit? Have you identified a quoting problem?
Can you pinpoint the issue and expla
I had sent a similar patch a while back. There seemed to me some
interest, but it was never comitted. Updated to apply to -current.
Apologies for the attachment; gmail still isn't sending emails sent
via mutt, but I suspect the patch in the body will be mangled.
- Matthew Martin"
diff --git ikec
On Thu, Jun 08, 2017 at 10:39:08PM +1000, Jonathan Gray wrote:
> This would be simpler if the 'run' style function just took a NULL
> terminated array. Closer to how other things work and could then
> be passed directly to an exec call.
Like so?
Not sure if the indentation is correct or if it's
On Fri, May 19, 2017 at 12:32:16AM -0500, Matthew Martin wrote:
> ikectl errors in a number of situations where shell special characters
> are used. For example:
>
> % doas ikectl ca test create password \'
> [...]
> subject=/C=DE/ST=Lower Saxony/L=Hanover/O=OpenBSD/OU=iked/CN=VPN
> CA/emailAddre
On Fri, May 19, 2017 at 09:56:14AM +0100, Stuart Henderson wrote:
> On 2017/05/19 00:32, Matthew Martin wrote:
> > ikectl errors in a number of situations where shell special characters
> > are used. For example:
> >
> > % doas ikectl ca test create password \'
> > [...]
> > subject=/C=DE/ST=Lower
On 2017/05/19 00:32, Matthew Martin wrote:
> ikectl errors in a number of situations where shell special characters
> are used. For example:
>
> % doas ikectl ca test create password \'
> [...]
> subject=/C=DE/ST=Lower Saxony/L=Hanover/O=OpenBSD/OU=iked/CN=VPN
> CA/emailAddress=r...@openbsd.org
>
ikectl errors in a number of situations where shell special characters
are used. For example:
% doas ikectl ca test create password \'
[...]
subject=/C=DE/ST=Lower Saxony/L=Hanover/O=OpenBSD/OU=iked/CN=VPN
CA/emailAddress=r...@openbsd.org
Getting Private key
sh: no closing quote
This is because
31 matches
Mail list logo
