Re: Route table leaks
At 10:29 AM -0800 1999/12/9, John Polstra wrote: > Thanks for helping me test it! So far, it looks like it might have fixed the problem. At least, the "InUse" count goes down when a route goes away: Thu Dec 9 20:14:03 CET 1999 netstat -ran | wc -l 123 vmstat -m | grep routetbl | grep K routetbl 25035K 35K 40960K 2600 0 16,32,64,128,256 uptime 8:14PM up 1:23, 1 user, load averages: 1.67, 2.34, 3.27 Thu Dec 9 20:15:03 CET 1999 netstat -ran | wc -l 122 vmstat -m | grep routetbl | grep K routetbl 24834K 35K 40960K 2600 0 16,32,64,128,256 uptime 8:15PM up 1:24, 1 user, load averages: 1.60, 2.19, 3.15 I'll let you know if/when I get any more results. -- These are my opinions -- not to be taken as official Skynet policy |o| Brad Knowles, <[EMAIL PROTECTED]>Belgacom Skynet NV/SA |o| |o| Systems Architect, News & FTP Admin Rue Col. Bourg, 124 |o| |o| Phone/Fax: +32-2-706.11.11/12.49 B-1140 Brussels |o| |o| http://www.skynet.be Belgium |o| \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ Unix is like a wigwam -- no Gates, no Windows, and an Apache inside. Unix is very user-friendly. It's just picky who its friends are. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Re: CRON in malloc(): warning: pointer to wrong page.
On Wed, Dec 08, 1999 at 08:49:15PM -0500, Bosko Milekic wrote: > !>On a probably related matter we had a lot of processes die with signal 4 > !>(one or two a day). We swapped the RAM and I thought it had stopped but > !>one died yesterday (telnetd). Previously running make index in /usr/ports > !>would always die with sig4 but since the RAM swap its been fine... > !> > !>Any suggestions? I assume sig4 indicates that there is corruption in > !>either the memory, cache or bus but I have no idea why or what causes the > !>CRON error. > !> > Well, are the processes dying with signal 4 dumping core? If so, have > you tried debugging from the core dump? > Your malloc() problem could be related to something that you discover > this way. After all, the default action on receipt of signal 4 would be > to dump core. I've got similar problem with CRON, but the system itself is definintively stable with good uptime and no processes dying even at high load rates. I've swapped everything starting from motherboard and ending with RAM - nothing helps. Kinda weird. Any suggestions ? -- Vlad Skvortsov, [EMAIL PROTECTED], [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Re: 3.2 -> 3.3-stable
Theo PAGTZIS writes: This is definetely a paradox... A stable which is not stable...what is it (enigma) ? Give me a break. Everyone makes mistakes. rone -- Insultant: n. Contract worker who gets paid an obscene hourly wage to insult full-time company employees. <[EMAIL PROTECTED]> To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Re: Route table leaks
The patch previously mentioned has completely fixed my problem, as far as I
can tell.
routetbl 13117K 25K 40960K936240 0 16,32,64,128,256
after a day of uptime.
> here's mine..
> this is from a single homed machine, with a default route. it's also a IRC
> server (irc.stanford.edu), with a LOT of filtering of inbound traffic.
>
> FreeBSD 3.3-STABLE #8: Sat Nov 27 17:15:49 PST 1999
>
> 11:33PM up 2 days, 20:41, 1 user, load averages: 0.03, 0.03, 0.00
>
> routetbl 20529K 10489K 10489K 34799600 0 16,32,64,128,256
>
> note that the table maxed out at some point (during a DoS attack.)
>
> root-irc.stanford.edu-[11:34pm-52]#t> netstat -ran | wc
> 70 4094741
>
> looks like it leaked 135 in 2.8 days..
>
>
>-- Welcome My Son, Welcome To The Machine --
> Bob Vaughan | techie@{w6yx|tantivy}.stanford.edu | [EMAIL PROTECTED]
>| P.O. Box 9792, Stanford, Ca 94309-9792
> -- I am Me, I am only Me, And no one else is Me, What could be simpler? --
>
--
... Joe
---
Joe Greco - Systems Administrator [EMAIL PROTECTED]
Solaria Public Access UNIX - Milwaukee, WI 414/342-4847
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-stable" in the body of the message
RE: 3.2 -> 3.3-stable
Which reminds me. Now that -RC is coming. I remember someone was trying to co-ordinate some beta testing. Alas, I forgot who that was an if he (or she) was still co-ordinating it? If so, I wonder if there is anything I could do, other than "make world" that would be of use? -Chris > -Original Message- > From: Kris Kennaway [SMTP:[EMAIL PROTECTED]] > Sent: Wednesday, December 08, 1999 8:51 PM > To: Sameer R. Manek > Cc: Jose Marques; [EMAIL PROTECTED] > Subject: RE: 3.2 -> 3.3-stable > > On Wed, 8 Dec 1999, Sameer R. Manek wrote: > > > Biggest one would be if you cvsup tonight, you'll jump to 3.4-RC. 3.4-RC > is > > a release canidate, aka beta for 3.4-RELEASE. You might want to wait > until > > 3.4-RELEASE, the source tree can get a little unstable just before > -RELEASE, > > as the developers scramble to get patches commited before the code > freeze. > > > > 3.4-RELEASE is scheduled to come out right around the same time Santa > does, > > so might as well wait a few days, and have some eggnog. > > Or you could do it now, and help with the beta-testing, instead of doing > it later and finding a bug which could have been prevented from shipping > :) > > For general updating issues, see /usr/src/UPDATING after cvsup (or use > the cvsweb page on freebsd.org and find the most recent 3.x version). > > Kris > > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-stable" in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Re: NO! Re: [PATCHES] Two fixes for lpd/lpc for review and test
On Thu, 9 Dec 1999, Andre Albsmeier wrote:
> > On Tue, 7 Dec 1999, Warner Losh wrote:
> >
> > > I've been reviewing this patch with someone and I think the last
> > > version is ready to commit. I'll take a look at my tree to make
> > > sure.
> >
> On Tue, 07-Dec-1999 at 14:55:37 -0800, Alfred Perlstein wrote:
> > please do not, the patch in PR 11997 introduces a major security flaw.
> >
> > someone can hardlink to any file and clobber it with a file owned by
> > them:
> >
>
> I think the (really big) security hole can be closed by not doing
> the chown/chmod commands. I inserted them because I wanted the
> file in the spool directory to appear exactly as if lpr would
> have copied it.
> I am currently running the patch with the chown/chmod removed and
> lpd doesn't seem to have any problems with it. The side effect now
> is that the file in the spool directory keeps it's permissions.
> I don't think that this is a problem because if the file was
> set to 666 by the creator before, he doesn't care a lot about
> it anyway :-)
>
> What do people think about this? Alfred, Warner ?
>
> For better reference, here is the current patch:
>
> *** lpr.c.ORI Thu Dec 9 15:30:18 1999
> --- lpr.c Thu Dec 9 15:30:35 1999
> ***
> *** 370,375
> --- 370,405
> }
> if (sflag)
> printf("%s: %s: not linked, copying instead\n", name, arg);
> + /*
> + * If lpr was invoked with -r we try to move the file to
> + * be printed instead of copying and deleting it later.
> + * This works if the file and lpd's spool directory are
> + * on the same filesystem as it is often the case for files
> + * printed by samba or pcnfsd. In this case, a lot of I/O
> + * and temporary disk space can be avoided. Otherwise, we
> + * will continue normally.
> + */
> + if (f) {/* file should be deleted */
> + seteuid(euid); /* needed for rename() */
> + if (!rename(arg, dfname)) {
> + int i;
> + #if 0
> + chown(dfname, userid, getegid());
> + chmod(dfname, S_IRUSR | S_IWUSR |
> + S_IRGRP | S_IWGRP);
> + #endif
> + seteuid(uid); /* restore old uid */
> + if (format == 'p')
> + card('T', title ? title : arg);
> + for (i = 0; i < ncopies; i++)
> + card(format, &dfname[inchar-2]);
> + card('U', &dfname[inchar-2]);
> + card('N', arg);
> + nact++;
> + continue;
> + }
> + seteuid(uid); /* restore old uid */
> + }
> if ((i = open(arg, O_RDONLY)) < 0) {
> printf("%s: cannot open %s\n", name, arg);
> } else {
>
>
I don't have too much time to think about this, argue me this:
why should I allow a user to print any file on the system?
the race condition is still there.
-Alfred
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-stable" in the body of the message
RE: 3.2 -> 3.3-stable
Is there somewhere I can download disk images and to a full network install? I have a cablemodem so minimal install should be quick and painless. On Thu, 9 Dec 1999, Christopher Michaels wrote: > Which reminds me. Now that -RC is coming. I remember someone was trying to > co-ordinate some beta testing. Alas, I forgot who that was an if he (or > she) was still co-ordinating it? > > If so, I wonder if there is anything I could do, other than "make world" > that would be of use? > > -Chris > > > -Original Message- > > From: Kris Kennaway [SMTP:[EMAIL PROTECTED]] > > Sent: Wednesday, December 08, 1999 8:51 PM > > To: Sameer R. Manek > > Cc: Jose Marques; [EMAIL PROTECTED] > > Subject:RE: 3.2 -> 3.3-stable > > > > On Wed, 8 Dec 1999, Sameer R. Manek wrote: > > > > > Biggest one would be if you cvsup tonight, you'll jump to 3.4-RC. 3.4-RC > > is > > > a release canidate, aka beta for 3.4-RELEASE. You might want to wait > > until > > > 3.4-RELEASE, the source tree can get a little unstable just before > > -RELEASE, > > > as the developers scramble to get patches commited before the code > > freeze. > > > > > > 3.4-RELEASE is scheduled to come out right around the same time Santa > > does, > > > so might as well wait a few days, and have some eggnog. > > > > Or you could do it now, and help with the beta-testing, instead of doing > > it later and finding a bug which could have been prevented from shipping > > :) > > > > For general updating issues, see /usr/src/UPDATING after cvsup (or use > > the cvsweb page on freebsd.org and find the most recent 3.x version). > > > > Kris > > > > > > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > > with "unsubscribe freebsd-stable" in the body of the message > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-stable" in the body of the message > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Re: Route table leaks
so can it be committed?
On Thu, 9 Dec 1999, Joe Greco wrote:
> The patch previously mentioned has completely fixed my problem, as far as I
> can tell.
>
> routetbl 13117K 25K 40960K936240 0 16,32,64,128,256
>
> after a day of uptime.
>
> > here's mine..
> > this is from a single homed machine, with a default route. it's also a IRC
> > server (irc.stanford.edu), with a LOT of filtering of inbound traffic.
> >
> > FreeBSD 3.3-STABLE #8: Sat Nov 27 17:15:49 PST 1999
> >
> > 11:33PM up 2 days, 20:41, 1 user, load averages: 0.03, 0.03, 0.00
> >
> > routetbl 20529K 10489K 10489K 34799600 0 16,32,64,128,256
> >
> > note that the table maxed out at some point (during a DoS attack.)
> >
> > root-irc.stanford.edu-[11:34pm-52]#t> netstat -ran | wc
> > 70 4094741
> >
> > looks like it leaked 135 in 2.8 days..
> >
> >
> >-- Welcome My Son, Welcome To The Machine --
> > Bob Vaughan | techie@{w6yx|tantivy}.stanford.edu | [EMAIL PROTECTED]
> > | P.O. Box 9792, Stanford, Ca 94309-9792
> > -- I am Me, I am only Me, And no one else is Me, What could be simpler? --
> >
>
>
>
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-stable" in the body of the message
Re: Route table leaks
At 8:56 PM +0100 1999/12/9, Brad Knowles wrote: > So far, it looks like it might have fixed the problem. At least, > the "InUse" count goes down when a route goes away: Things continue to look good: Thu Dec 9 20:59:15 CET 1999 netstat -ran | wc -l 122 vmstat -m | grep routetbl | grep K routetbl 24834K 35K 40960K 2600 0 16,32,64,128,256 uptime 8:59PM up 2:08, 0 users, load averages: 2.13, 2.11, 2.16 Thu Dec 9 21:00:16 CET 1999 netstat -ran | wc -l 121 vmstat -m | grep routetbl | grep K routetbl 24634K 35K 40960K 2600 0 16,32,64,128,256 uptime 9:00PM up 2:09, 0 users, load averages: 3.18, 2.50, 2.31 [ ... deletia ... ] Thu Dec 9 21:56:40 CET 1999 netstat -ran | wc -l 121 vmstat -m | grep routetbl | grep K routetbl 24634K 35K 40960K 2600 0 16,32,64,128,256 uptime 9:56PM up 3:05, 0 users, load averages: 2.79, 2.87, 3.08 Thu Dec 9 21:57:40 CET 1999 netstat -ran | wc -l 120 vmstat -m | grep routetbl | grep K routetbl 24434K 35K 40960K 2600 0 16,32,64,128,256 uptime 9:57PM up 3:06, 0 users, load averages: 2.90, 2.93, 3.09 -- These are my opinions -- not to be taken as official Skynet policy |o| Brad Knowles, <[EMAIL PROTECTED]>Belgacom Skynet NV/SA |o| |o| Systems Architect, News & FTP Admin Rue Col. Bourg, 124 |o| |o| Phone/Fax: +32-2-706.11.11/12.49 B-1140 Brussels |o| |o| http://www.skynet.be Belgium |o| \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ Unix is like a wigwam -- no Gates, no Windows, and an Apache inside. Unix is very user-friendly. It's just picky who its friends are. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Re: Route table leaks
At 3:00 PM -0800 1999/12/9, Julian Elischer wrote: > so can it be committed? In -CURRENT, I would say that this could probably be committed, if John feels safe. I am not yet convinced that it should be committed to -STABLE, although things do look good so far. -- These are my opinions -- not to be taken as official Skynet policy |o| Brad Knowles, <[EMAIL PROTECTED]>Belgacom Skynet NV/SA |o| |o| Systems Architect, News & FTP Admin Rue Col. Bourg, 124 |o| |o| Phone/Fax: +32-2-706.11.11/12.49 B-1140 Brussels |o| |o| http://www.skynet.be Belgium |o| \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ Unix is like a wigwam -- no Gates, no Windows, and an Apache inside. Unix is very user-friendly. It's just picky who its friends are. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Re: NO! Re: [PATCHES] Two fixes for lpd/lpc for review and test
Note: I'm sending this to just the -current list, since it's pretty clear that this change won't be ready for -stable anytime this year... (hopefully Alfred is in -current?) At 3:02 PM -0800 12/9/99, Alfred Perlstein wrote: >On Thu, 9 Dec 1999, Andre Albsmeier wrote: > > On Tue, 07-Dec-1999 at 14:55:37 -0800, Alfred Perlstein wrote: > > > please do not, the patch in PR 11997 introduces a major security flaw. > > > > > > someone can hardlink to any file and clobber it with a file owned by > > > them: > > > > I think the (really big) security hole can be closed by not doing > > the chown/chmod commands. I inserted them because I wanted the > > file in the spool directory to appear exactly as if lpr would > > have copied it. > >I don't have too much time to think about this, argue me this: > > why should I allow a user to print any file on the system? > >the race condition is still there. I think the general goal of the patch is a good idea (ie, doing a 'mv' instead of a 'cp & rm' when we can). And, in fact, I'd like the chown/chmod's to be done so the file is owned and permitted the same way as if it was cp'ed. I don't have any time to really look at the patch right now though (it's end-of-semester, things breaking, students around here in a frenzy, etc, etc). I might try to suggest something this weekend, depending on how things go. I think we can afford to do whatever checking is necessary to get this right, as the checking can't possibly be more expensive than copying the whole file and removing the old one. (in my environment we have people printing thru samba or CAP, and who are sending >100meg files. If I can use 'mv' instead of 'cp', that has to save a lot of cpu time!). Of course, the security implications of such a change are also pretty important in our environment here... --- Garance Alistair Drosehn = [EMAIL PROTECTED] Senior Systems Programmer or [EMAIL PROTECTED] Rensselaer Polytechnic Institute To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
RE: 3.2 -> 3.3-stable
On Thu, 9 Dec 1999, Mr. K. wrote: > Is there somewhere I can download disk images and to a full network > install? I have a cablemodem so minimal install should be quick and > painless. ftp.freebsd.org? :) Kris To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Re: Route table leaks
Brad Knowles wrote: > > In -CURRENT, I would say that this could probably be committed, > if John feels safe. I am not yet convinced that it should be > committed to -STABLE, although things do look good so far. Just to clarify, I committed it to -current already this morning. John To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
