multiple vxlan problem with 7.6
hi care someone about this issue ? i send allready an sendbug. with 7.5 was possible to run multiple vxlan interfaces , with 7.6 not. 7.6 crash to ddb when the second vxlan interface got an ifconfig up. fg Holger
Re: How safe are Co language module downloads?
On Tue, Oct 22, 2024 at 05:05:03PM -0600, nisp1953 wrote: > OpenBSD 7.6 AMD64 > > Hi Folks: > > I was going through a Go language tutorial and invoked the command: > > $ go get rsc.io/quote > > To my surprise it downloaded the modules to a newly created directory > ~/go. I thought pledge and unveil were supposed to stop this kind of > behavior? > $ ls -lhd /home/cleetus/go/ > drwxr-xr-x 3 cleetus cleetus 512B Oct 22 16:18 /home/cleetus/go// > > Any advice on this situation would be appreciated. I have no idea how > trustworthy Go modules are. > > -- > Kind regards, > Jonathan > OpenBSD does not do compartmentalization like many would love.. OpenBSD is not QubesOS. The 1st time I heard of pledge/unveil, I thought the same thoughts, but I think that it's 1 search away on a search engine to find out what is. (It more-less is, I tried it right now.) I agree that an ACTUALLY SECURE OS would have perfect compartmentalization, and perhaps the best way to achieve that is hardware-level compartmentalization. The PerfOS/HW project ought to do exactly that and much more. In my eyes, OpenBSD is not a secure OS, but that is only because I have needs that OpenBSD developers don't deem worthy to fuss over, such as: - anything sensitive or required to exist, on /home/*, fuck that any program can have that because: "I, the user, am someone's toy and my data is worth nothing" - anonymity - privacy If you ask me these are needs that everyone has, it's just that OpenBSD devs seemingly haven't reallized yet the dangers that lurk outside of their comfy home. The more someone knows about you, the more they can exploit you. I want to say more, way more, but I have already said too much and I'll be surprised once again, should this e-mail be sent by mail pigeons. -- Anon Loli # This mortal strives for omnisciency. Some tags: perfectionist, minimalist, researcher, scientist, philosopher, developer, autist, anarchist, data hoarder, 99 other tags and interests. I am always up for conversing as long as you meet these requirements: 1. Use PGP encryption for all data shared, 2. Use a open source operating system, NOT Windows, NOT MacOS, 3. Have a open mind - are ready to let go of any and all imperfect views on anything, if they are. Let's change this world for the better, one action at a time signature.asc Description: PGP signature
vmctl send
hi
if id do an
vmctl -v send vpngw | ssh bellab vmctl receive vpngw
i got an
bellab vmd[18629]: denied request 19 from uid 107
on the receiving system.
the _vmd user is changed that he have an shell and an home dir where the
vm image are stored.
the vm.conf part on both machines are
vm "vpngw" {
disk "/home/vmd/vpngw.qcow2"
owner _vmd
interface {
rdomain 10
switch "vswitch10"
lladdr fe:e1:ba:d0:9b:d3
}
memory 1G
enable
}
what do i wrong ?
Holger
Re: How safe are Co language module downloads?
On Thu, Oct 24, 2024 at 12:17:25PM -0600, nisp1953 wrote:
> On Thu, Oct 24, 2024 at 11:32 AM Anon Loli wrote:
> >
> >
> > OpenBSD does not do compartmentalization like many would love..
> > OpenBSD is not QubesOS.
> > The 1st time I heard of pledge/unveil, I thought the same thoughts,
>
>
>
> > In my eyes, OpenBSD is not a secure OS, but that is only because I have
> > needs
> > that OpenBSD developers don't deem worthy to fuss over, such as:
> > - anything sensitive or required to exist, on /home/*,
>
> I solved this problem. I created a user account that cannot log into
> root.(it's not in group wheel).
> I changed the directory and file permissions on my regular user account:
> find . -type d -exec chmod 750 {} \;
> find . -type f -exec chmod 640 {} \;
> Any that need execute bits I go back and chmod them.
> Look, here are commands issued from the guest account, where the Go
> modules are downloaded
> (cleetus is my regular login):
> $ ls /home/cleetus
> ls: /home/cleetus/: Permission denied
> $ cd /home/cleetus
> ksh: cd: /home/cleetus - Permission denied
>
> So that guest account is kind of like a sand box.
> I can login to 2 accounts at the same time on my OpenBSD. I do
> Fn+Alt+Ctl +F2 say and I get a
> login at an xterm. I don't need an X window system to write and compile code.
> EMACS or Vi will do just fine.
What I meant by compartmentalization is not account separation, but
compartmentalization for every program.
There are many many things that a program knows about your computer, including
BUT NOT LIMITED TO:
- what programs you have installed
- what programs you have running
- how frequently and how long you use which programs
- what you use those programs for
- when you run those programs
- dmesg and other hardware information
- hardware access (but thankfully in OpenBSD mic and cam access are denied by
default)
- keylogging
- your IP address amongst other networking-related info (this is more for
anonymity concerns though)
- again, I consider everything sensitive, especially my /home/*
There is probably a 2x list of things a program can know about you without
having to get root access.
One needs root access usually only to modify core stuff, but one can destroy
someone's life easily without root, like the xz source-attack almost defeated
the purpose of open-source software ;).
Of course that source-attack did not work for OpenBSD, but my guess is that
it's only because the attacker wasn't targeting OpenBSD.
The more SLOC you have, the bigger chance is that there is evil hidden
somewhere.
All you need sometimes is 1 sneaky line amongst thousands, and sometimes even
millions SLOC.
Imaigne if we all used same core hardware, imagine the amount of issues that
would simply parish.
IMAGINE THAT!
Why am I mentioning that? Because I heard that like 70% of OpenBSD codebase is
hardware compatibility and what-not...
Probably also has to do something with why the Linux kernel has probably over
70 000 000 SLOC by now.
I don't think that even Linus Torvalds understands his own project anymore.
I once upon a time ran a project that had 10 000 SLOC. I knew where what was
and what it did only because I wrote it (copying some code or writing my
own - doesn't matter, it all went trough my hands).
I can't imagine understanding someone else's 10 000 SLOC project... mostly
because I am not experienced in studying other people's projects, but I think
that you get my idea?
BLOAT is everywhere.
I'm sorry if you people think that there is a OS secure (while still usable)
enough out there... but then you cry about xz-like attacks, or spread your legs
to the privacy-invasive programs which are too bloated to be audited *COUGH
COUGH* ALL MODERN WEB BROWSERS!!!
Try auditing source code of Mozilla Firefox ;)))
It will take half a lifetime just downloading all of it's garbage!
Try auditing Vim.
Yes - I'm saying that supporting most if not all of legacy hardware is bad for
software projects because in theory the source code just continues to grow,
because the time is a constant move onwards.
--
Anon Loli
#
This mortal strives for omnisciency. Some tags: perfectionist, minimalist,
researcher, scientist, philosopher, developer, autist, anarchist, data hoarder,
99 other tags and interests.
I am always up for conversing as long as you meet these requirements:
1. Use PGP encryption for all data shared,
2. Use a open source operating system, NOT Windows, NOT MacOS,
3. Have a open mind - are ready to let go of any and all imperfect views on
anything, if they are.
Let's change this world for the better, one action at a time
signature.asc
Description: PGP signature
Re: OpenBSD 7.6: errors while installing packages depending on libxml/glib2
Am Freitag 25 Oktober 2024 um 21:48:11 +0100, schrieb Manuel Kuklinski 2,3K: > - - - - - - - - - - %< - - - - - - - - - - > > - - - - - - - - - - %< - - - - - - - - - - > > System was updated a couple of days ago - did a sysupgrade and pkg_add > -u. Tried removing all packages and re-installing everything - no change :-( pkg_delete'd with the -c argument and rebooted the system: errors are gone! Thank you for your time - sorry for the noise :-( Best wishes.
was: Re: How safe are Co language module downloads?
On 10/25/24 13:35, Anon Loli wrote: [snip] The more SLOC you have, the bigger chance is that there is evil hidden somewhere. All you need sometimes is 1 sneaky line amongst thousands, and sometimes even millions SLOC. Anecdotally autos have over 10,000,000 lines of code. Do you ride in one? Subways? Airplanes? Imaigne if we all used same core hardware, imagine the amount of issues that would simply parish. [snip] So some manufacturer just happens to insert man-in-the-middle attack hardware in your CPU? Oh... one already did. Did someone handle your disk drive... oh! there's a firmware update port. Why look at that network interface! My goodness! Writable firmware! I've got a nice PDP11/45 with some RK05s you'd like.
OpenBSD 7.6: errors while installing packages depending on libxml/glib2
Hi! Today I'm presented with the following: - - - - - - - - - - %< - - - - - - - - - - vm20# pkg_add bitlbee Package database already locked... awaiting release... done! quirks-7.50 signed on 2024-10-24T18:42:56Z Ambiguous: choose package for bitlbee a 0: 1: bitlbee-3.6p2 2: bitlbee-3.6p2-libpurple 3: bitlbee-3.6p2-libpurple-otr 4: bitlbee-3.6p2-otr Your choice: 4 bitlbee-3.6p2-otr:glib2-2.80.4: ok bitlbee-3.6p2-otr: ok Running tags| | 50%ld.so: glib-compile-schemas: can't load library 'libglib-2.0.so.4201.12' Killed system(/bin/sh, -c, /usr/local/bin/glib-compile-schemas /usr/local/share/glib-2.0/schemas >/dev/null) failed: exit(137) Running tags|***|100%ld.so: gio-querymodules: can't load library 'libglib-2.0.so.4201.12' Killed system(/bin/sh, -c, /usr/local/bin/gio-querymodules /usr/local/lib/gio/modules) failed: exit(137) Running tags: ok The following new rcscripts were installed: /etc/rc.d/bitlbee See rcctl(8) for details. New and changed readme(s): /usr/local/share/doc/pkg-readmes/bitlbee /usr/local/share/doc/pkg-readmes/glib2 vm20# pkg_add -z -l packages.txt Running tags| | 50%ld.so: gio-querymodules: can't load library 'libglib-2.0.so.4201.12' Killed system(/bin/sh, -c, /usr/local/bin/gio-querymodules /usr/local/lib/gio/modules) failed: exit(137) Running tags|***|100%ld.so: xmlcatalog: can't load library 'liblzma.so.2.3' Killed Running tags: ok vm20# uname -a OpenBSD vm20.asdfghasdfgh.de 7.6 GENERIC#332 amd64 - - - - - - - - - - %< - - - - - - - - - - System was updated a couple of days ago - did a sysupgrade and pkg_add -u. Tried removing all packages and re-installing everything - no change :-( Happy about helping hands / advices... Best wishes.
