`cat /dev/sndstat`) and consider posting to a more
appropriate list (like freebsd-questions) first.
ALeine
___
WebMail FREE http://mail.austrosearch.net
___
freebsd-hackers@freebs
/sndstat`) and consider posting to a more appropriate
list (such as freebsd-questions) first.
ALeine
___
WebMail FREE http://mail.austrosearch.net
___
freebsd-hackers@freebsd.org mailing list
h
may find helpful is
Robert Watson's FXR site:
http://fxr.watson.org
ALeine
___
WebMail FREE http://mail.austrosearch.net
___
freebsd-hackers@freebsd.org mailing list
http://lists.freeb
StackShield
and StackGuard protection" before making more comments.
http://www.coresecurity.com/files/files/11/StackguardPaper.pdf
ALeine
___
WebMail FREE http://mail.austrosearch.net
__
and random canaries.
As for the original topic, I would prefer the sysctl front-end, IMO it's
more consistent with other BSDs and more clean and direct while extending
open(2) would only appear transparent at the expense of needlessly
increasing the
rting the reason for failure.
Neither getvfsbyname(3) in src/lib/libc/gen/getvfsbyname.c nor
checkvfsname() in src/sbin/mount/vfslist.c have changed in
significant ways that would indicate they could be at fault,
however there might be a prob
gt; As I am pretty new to programming with Free BSD , can you help
> me with some details about equivalent implementation(wait queues
> etc) in Free BSD .
Reading the man pages for asleep(9) / wakeup(9) should give you
ting such questions to
freebsd-questions@freebsd.org in the future as this is not the
most appropriate list for such questions.
ALeine
___
WebMail FREE http://mail.austrosearch.net
___
freebs
like SIGDANGER where every program has to have a special
signal handler in order to benefit from this feature.
ALeine
___
WebMail FREE http://mail.austrosearch.net
___
freebsd-hackers@
if it is already
locked.
1181 */
http://fxr.watson.org/fxr/source/vm/vm_pageout.c?v=RELENG4#L1112
1112 /*
1113 * If we are out of swap and were not able to reach our paging
1114 * target, kill the largest process.
1115 */
ALeine
___
ould return NULL, but I believe that one should not rely
on that.
ALeine
___
WebMail FREE http://mail.austrosearch.net --- src/sbin/gbde/gbde.c.oldWed Mar 30 14:18:37 2005
+++ src/sbin/gbde/gbde.cWed Mar 30 15:11:15 20
all non-vital
processes get killed first) when you run out of swap would be a useful feature,
what do you guys think?
ALeine
___
WebMail FREE http://mail.austrosearch.net
___
freeb
nd that you would also not store sensitive GBDE
information (passphrase, lock sectors, ...) on the same USB flash disk
where you decided to store a copy of the disk password(s).
ALeine
___
WebMail FREE http://mail.austr
all), so at the very
least FreeBSD should issue the freeze lock command if the feature I
described would not be seen as worthwhile.
ALeine
___
WebMail FREE http://mail.austrosearch.net
__
ingle user mode to prevent a simple reboot from rendering a disk
unusable in case of system compromise. How does that sound to you? :-)
The ATA security commands could then be added to atacontrol for those
who need them and in any case I believe more detailed ATA security
info should be repor
g, please review it and commit the fix as
appropriate.
ALeine
___
WebMail FREE http://mail.austrosearch.net --- src/sbin/atacontrol.c.old Sun Apr 3 14:41:32 2005
+++ src/sbin/atacontrol.c Sun Apr 3 14:41:50 2005
@@ -15
I attached an example which shows the DST related changes
this year. I just couldn't resist writing something where
I get to use rare values such as 1112345678 and 1131131131
in a meaningful way. :-)
ALeine
___
WebMail FREE
at most size-1 characters are written with guaranteed NULL
termination, see man 3 snprintf for details.
ALeine
___
WebMail FREE http://mail.austrosearch.net
___
freebsd-hacker
{
fprintf(stderr, "Allocation error!\n");
exit(2);
}
printf("Date: %s\n",localdate);
return localdate;
}
ALeine
___
WebMail FREE http://mail.austrosearch.net
) line in my patched version by mistake. In
that version I replaced the malloc(3) and memset(3) calls in cmd_nuke()
with a single malloc(3) call with the M_ZERO flag set.
Using mlockall(2) to prevent paging and setrlimit(2) to prevent core
from being dumped would also be an improvement for both C
ommit the appropriate
fix in the near future.
ALeine
___
WebMail FREE http://mail.austrosearch.net
___
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freeb
in knowing about this and improving
CGD. You may want to start paying attention and reading before you
post or you could just apply a patch and take your own (TM) advice.
ALeine
___
WebMai
that this kind of sloppy programming can be found in
a piece of software that is supposedly designed to be secure and provide
security. I believe the CGD code should be seriously audited before
anyone considers using it in a production environment.
ALeine
ditional
overhead, the process of deciding which new layout to adopt would take
too much time and energy compared to the benefits gained by adopting
a new layout, at least at this stage of development.
ALeine
___
d Be Nice (TM), but it's not
practical.
ALeine
___
WebMail FREE http://mail.austrosearch.net
___
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hack
ant to address the protection of lock sectors on cold disks
that can be accessed at regular intervals for differential analysis. The
improved hot disk protection in terms of obscuring write patterns as a
result of this mechanism is just a beneficial side-effect and not the main
goal.
ALeine
_
e could choose to scrub
the lock sectors first in a series of larger randomly sized block
rewrites as described above.
ALeine
___
WebMail FREE http://mail.austrosearch.net
___
freebsd-hackers@fr
m times during a user specified interval
(up to x rewrites within n seconds) in order to further obscure the write
pattern and provide additional protection for lock sectors.
ALeine
___
WebMail FREE http://mail.austrosearch.net
_
omething does not
imply that one should or that one would do that, it only implies that
an option exists. So you falsely assumed that I assumed when I was in
fact only addressing the other poster's false assumption that users
would do nothing. :-> They might do no
you could guess a lot,
the data entropy is not zero.
ALeine
___
WebMail FREE http://mail.austrosearch.net
___
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinf
oaches I described
above would make any kind of differential analysis very difficult
and no longer practical.
Who is clutching at straws now? :->
ALeine
___
WebMail FREE http://mail.austrosearch.net
_
, perhaps
> there can be some useful discussion.
Perfer et obdura, dolor hic tibi proderit olim. :-)) Go check if
that is in Wikipedia. :-)) You can email me for the translation
if you cannot find it online. :->
ALeine
___
W
[EMAIL PROTECTED] wrote:
> Your disk has 2^128 sectors? Where can I buy one of those?
In the same movie I referenced in the post you took that from. :->
Either there or in the dream I referenced a bit later. :->
ng as a
key-key sector, there are only key sectors, data sectors, lock
sectors, the master key, generated key-keys and sector keys.
ALeine
___
WebMail FREE http://mail.austrosearch.net
_
an reading and you probably talk
a lot because you enjoy hearing the sound of your own voice. Maybe
a radio show would be something for you to consider? :->
> It does mean that if I invented a new mode for using a set of
> ciphers, I would
rstand what was said.
> To wit:
>
> On Thursday 03 March 2005 02:43, ALeine wrote:
> > At any time half of all the people are wrong about something,
> > it's only a matter of time when your time will come to be in the
> > wrong half or rather the right half to be w
t them.
Those who are afraid of making mistakes are sentenced to regretting
that mistake and living in the past.
ALeine
___
WebMail FREE http://mail.austrosearch.net
___
freebsd-hackers@f
[EMAIL PROTECTED] wrote:
> On Wed, Mar 02, 2005 at 04:33:16PM -0800, ALeine wrote:
> > [EMAIL PROTECTED] wrote:
> > > It is _plainly_obvious_ that if you encrypt 2^30 sectors each
> > > with a different 128 bit key then there are at most 2^158
> > > differ
?
> In general, geeks are meritocratic. Crypto people are not unlike
> other geeks. If you find that crypto people laugh at you, it is
> probably not because you don't know the right people, but because
> you put your foot in your mouth and swallowed hard.
In general, all genera
about how it does encryption if you want to have
any kind of realistic chance of breaking it. In the paper I
mentioned PHK analyzed the attack vectors and what kind of threat
each one of them represents. You act as if you could j
r mentor before he
retires and everyone who dismisses everyone else who does not
have the same pedigree of a proper cryptographer is welcome
to join the crypto community, of course.
IMHO, the academic community looks at the IT industry with
sc
:-> Seriously, this discussion is only making me
more eager to implement my ideas, I know exactly what I want to
implement, it just might take me more time than you seasoned kernel
programmers who live the code. :-)
ALeine
__
rs. I prefer jackets, they also keep you warm. Besides,
wearing a bag would be silly, but some people might decide it's their
style. :->
ALeine
___
WebMail FREE http://mail.austrosearch.net
even if it is 256 bits, is a safe
> design.
Neither can I, which is why I will base my work on GBDE.
ALeine
P.S.: All you people cross-posting out there please cross-post
properly (CC me). :->
___
WebMail FREE http://mail.
:-)
Journaling would definitely cause more seeks, but the question
is how well that can be compensated for by the reduction of
writes gained from using the other speedup mechanisms I proposed.
I might try implementing this in GBDE first
f speed and assumed
security.
If all this were implemented I believe the performance on volumes
initialized to take advantage of the possible speedups would not
be worse than with the current implementation of GBDE. Comments?
ALeine
___
/security/vncrypt), only implementing the main principles found
in GBDE.
ALeine
___
WebMail FREE http://mail.austrosearch.net
___
freebsd-hackers@freebsd.org mailing list
http://lists.fr
you'll make the wrong tradeoffs.
>
> It's worth noting that there is a very real threat not addressed
> here: detecting unauthorized changes to an encrypted disk. For a very
> elegant solution, see
> http://www.isoc.org/isoc/conferences/ndss/05/proceedings/papers/storageint.pdf
ho have are
very well respected, like Lucky Green, for example. I hope you will find
the time to write an analysis of the weaknesses you found, I would be
very interested in seeing if they would apply to what I have in mind.
ALeine
__
to see just how big the difference would be. What do you guys think of
this solution?
ALeine
___
WebMail FREE http://mail.austrosearch.net
___
freebsd-hackers@freebsd.org mailing lis
[EMAIL PROTECTED] wrote:
> [ cc'ing [EMAIL PROTECTED], because there has been talk
> of GBDE there in the past.]
>
> Well, I thought that since I saw this:
>
> ALeine wrote a while ago:
> >[EMAIL PROTECTED] wrote:
> >>
> >> Wouldn't b
. :-) Can you verify that this problem does
not occur on 5.x without upgrading (by using a FreeSBIE LiveCD)?
ALeine
___
WebMail FREE http://mail.austrosearch.net
___
freebsd-hackers
ble in sys/cam/scsi/scsi_da.c with an
entry like this:
{
/*
* SanDisk Cruzer Mini 512MB
*/
{T_DIRECT, SIP_MEDIA_REMOVABLE, "SanDisk" , "Cruzer Mini", "*"},
/*quirks*/ DA_Q_NO_SYNC_CACHE
}
ALeine
__
[EMAIL PROTECTED] wrote:
> Could you please point me to the place where "GEOM
> gstat" is implemented ? I don't seem to find it :-(
You can find gstat in src/usr.sbin/gstat if you have the
source tree on your disk or online at:
http://www.freebsd.org/cgi/cvsweb.cgi/src/us
amming book at:
http://www.khmere.com/freebsd_book/html/ch01.html
Reading about the alternatives might be a good idea as well:
http://developers.slashdot.org/article.pl?sid=05/01/29/2033230
ALeine
___
WebMail FRE
x27;dbi:mysql:database=;host=;port=3306',
'user', 'passwd', { RaiseError => 1, AutoCommit => 1 }
);
Otherwise if you are running 4.10 you might want to use sysctl to set
net.inet.ip.portrange.randomized to 0.
Use may also want to use sockstat to make sure your sc
> After further investigation and digging, I uncovered the true cause of
> the error: connect() returning ECONNREFUSED.
You are probably exhausting the queue of pending connections, you may want
to read man 2 listen and use sysctl to set kern.ipc.somaxconn accordingly.
ause it
is pointing to a relative path, again the directory containing the
symbolic link is used as the base directory, meaning your symbolic
link is pointing to $HOME/a/b, which is what you want.
Reading man 1 ln and using ls -al to check where your symbolic links
are pointing w
nflybsd.org/mailarchive/kernel/2005-02/msg00037.html
ALeine
___
WebMail FREE http://mail.austrosearch.net
___
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listi
log messages and the kernel boot
> messages. Any ideas as to what the problem may be?
Try turning TCP SACK off by putting net.inet.tcp.sack.enable=0 in sysctl.conf.
ALeine
___
WebMail FREE http://m
t while directly
addressing someone you claim should learn some manners is not the
best way to show manners, at least not in Austria.
ALeine
___
WebMail FREE http://mail.austrosearch.net
___
because I believe he better than anyone else embodies
the spirit of the Project, he is always very informative,
thorough, helpful, friendly, polite, willing to share his
vast knowledge and experience and offer his insight, unlike
certain former Security
litely disagree with the direction in which the project is
heading. :-)
ALeine
___
WebMail FREE http://mail.austrosearch.net
___
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.
so be a good idea to use an automated spell-check on your
pages,
I've noticed a number of typos such as "divelopers" and similar.
ALeine
___
WebMail FREE http://mail.austrosearch.net
_
n takes 10 minutes to set up and other than a fair
amount of CPU time and a few GB of disk space for the generated documentation
it requires nothing special. :-) It will not interfere with anyone's work, but
it will make the development process ea
er reason why I think I should isolate the whole thing
by creating a cryptographic character device driver (cvn(4)). It would
also make it easier to port to DragonFly BSD.
ALeine
___
WebMail FREE http://mail.austrosearch.net
___
so been working on NCryptFS, which seems quite promising:
http://filesystems.org/docs/ncryptfs/ncryptfs.html
The problem with NCryptFS is that so far no code has been released and
since it looks like it might get released a day after Duke Nuke 'em
Forever I thought I would see what I can do ab
ally need in 4.x. Would this be something
the Core members would like to see committed to RELENG_4?
I would also appreciate it very much if you could give me some
pointers on deGEOMifying GBDE.
Thank you,
ALeine
___
W
27;ve only done some minor
work on a couple of kernel modules.
I do understand that this would be quite an undertaking, so I would
also like to hear from others who would be willing to work on
backporting GEOM to the 4.x branch and having the port integrated
into DragonFly BSD.
Thank you,
A
& best regards,
ALeine
___
WebMail FREE http://mail.austrosearch.net
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send
70 matches
Mail list logo
