On Sun, Jul 24, 2005 at 05:51:54PM -0700, Doug Barton wrote:
> entropy_save_num="17" # Number of entropy cache files to save.
>
> And haven't seen any problems with repetitive fortunes in the last 2 days.
Could you inspect old saved entries in setup when the bug is active? Are
they the same a
On Sat, Dec 24, 2011 at 09:14:44PM -0800, Xin LI wrote:
> - Must not break existing and legitimate use of chroot(2), in other
> words no semantics change permitted.
Later POSIX drops chroot() completely, so we can feel free of bound of
the strong legitimacy.
We already have many counterexample
On Thu, Dec 29, 2011 at 11:15:44AM -0800, Xin Li wrote:
> Would you please elaborate how this would be less ugly (e.g. with a
> patch)?
Why doing a patch if you apparently don't care? )
In few words, it less ugly because it 1) will be public API, 2) will
restrict all possibe future dlopen() usage
On Thu, Dec 29, 2011 at 10:26:17AM -0800, Xin Li wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 12/29/11 06:39, John Baldwin wrote:
> > Can you give some more details on why ftpd is triggering a dlopen
> > inside of the chroot? It would appear that that is unrelated to
> > helper
On Thu, Dec 29, 2011 at 12:15:31PM -0800, Xin Li wrote:
> > Instead of total disabling we can (by calling rtld function)
> > restrict dlopen() in ftpd() to absolute path of know safe
> > directories list like "/etc" "/lib" "/usr/lib" etc.
>
> This just came back to the origin!! These "safe" locat
On Thu, Dec 29, 2011 at 12:30:23PM -0800, Xin Li wrote:
> >> On Thu, Dec 29, 2011 at 11:00 AM, John Baldwin
> > Another route might have been set an env
> > var
I already suggest it as one of possible ways.
> Using an environment variable may be not a good idea since it can be
> easily overridde
On Thu, Dec 29, 2011 at 12:54:23PM -0800, Xin Li wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 12/29/11 12:46, Andrey Chernov wrote:
> [...]
> > In case user (more precisely, ftpd) runs any program which resides
> > in /incoming/, nothing helps in
On Thu, Dec 29, 2011 at 04:17:04PM -0500, John Baldwin wrote:
> Presumably one could do a static ls. Even with the built-in ls we
> create a dummy passwd/group file for the anonymous chroot by default.
> I agree a built-in ls is strictly better, however. I would also be
> fine with removing all n
On Mon, Sep 10, 2012 at 01:40:28PM -0700, Doug Barton wrote:
> > 2) reusing entropy seeds is a bad thing - for this I don't have
> > empirical proof. But I have Bruce Schneier's word.
>
> And as I have stated repeatedly, you and David are misapplying what
> you're reading.
Just my 2c.
In case we
On 18.07.2014 3:41, Steven Chamberlain wrote:
> Is there a good reason arc4random_buf() can't take bytes directly from
> /dev/urandom or sysctl KERN_ARND? Therefore no longer needing to seed
> first, periodically reseed, or use any stream cipher?
One of the reason I hear is that true random entro
On 19.07.2014 0:06, Steven Chamberlain wrote:
> It's been pointed out to me that OpenBSD solved that particular issue
> with MAP_INHERIT_ZERO: the state of the arc4random PRNG is zeroed out
> on forking, and it knows to reseed then.
>
> FreeBSD since r227520 (2011-11-15), calls getpid() on every
On 10.07.2016 16:30, Slawa Olhovchenkov wrote:
> I am surprised lack of support GOST in openssl-base.
> Can be this enabled before 11.0 released?
AFAIK openssl maintainers says something like they can't support this
code and it will become rotten shortly with new changes, so they drop it.
___
On 10.07.2016 18:01, Slawa Olhovchenkov wrote:
> On Sun, Jul 10, 2016 at 05:10:04PM +0300, Andrey Chernov wrote:
>
>> On 10.07.2016 16:30, Slawa Olhovchenkov wrote:
>>> I am surprised lack of support GOST in openssl-base.
>>> Can be this enabled before 11.0
On 10.07.2016 18:12, Andrey Chernov wrote:
> On 10.07.2016 18:01, Slawa Olhovchenkov wrote:
>> On Sun, Jul 10, 2016 at 05:10:04PM +0300, Andrey Chernov wrote:
>>
>>> On 10.07.2016 16:30, Slawa Olhovchenkov wrote:
>>>> I am surprised lack of support GOST in op
On 10.07.2016 18:13, Andrey Chernov wrote:
> On 10.07.2016 18:12, Andrey Chernov wrote:
>> On 10.07.2016 18:01, Slawa Olhovchenkov wrote:
>>> On Sun, Jul 10, 2016 at 05:10:04PM +0300, Andrey Chernov wrote:
>>>
>>>> On 10.07.2016 16:30, Slawa Olhovchenkov wrot
On 10.07.2016 18:28, Andrey Chernov wrote:
> On 10.07.2016 18:13, Andrey Chernov wrote:
>> On 10.07.2016 18:12, Andrey Chernov wrote:
>>> On 10.07.2016 18:01, Slawa Olhovchenkov wrote:
>>>> On Sun, Jul 10, 2016 at 05:10:04PM +0300, Andrey Chernov wrote:
>>
On 11.07.2016 19:29, Slawa Olhovchenkov wrote:
> On Mon, Jul 11, 2016 at 11:04:33AM -0500, Mark Felder wrote:
>
>>
>>
>> On Mon, Jul 11, 2016, at 05:29, Slawa Olhovchenkov wrote:
>>>
>>> I.e. GOST will be available in openssl.
>>> Under BSD-like license.
>>> Can be this engine import in base syste
On 11.07.2016 19:54, Andrei wrote:
> On Mon, 11 Jul 2016 18:39:34 +0200
> Kurt Jaeger wrote:
>
>> As far as I know, GOST is a standardized crypto algo in .ru, it's
>> suggested (required?) by the government in .ru. So, if FreeBSD does
>> not want to alienate the .ru userbase, GOST probably should
On 11.07.2016 23:13, Slawa Olhovchenkov wrote:
> On Mon, Jul 11, 2016 at 07:48:44PM +0300, Andrey Chernov wrote:
>
>> On 11.07.2016 19:29, Slawa Olhovchenkov wrote:
>>> On Mon, Jul 11, 2016 at 11:04:33AM -0500, Mark Felder wrote:
>>>
>>>>
>&
On 11.07.2016 21:07, Andrei wrote:
> On Mon, 11 Jul 2016 20:09:35 +0300
> Andrey Chernov wrote:
>> Unfortunately, it affects normal people and organizations here,
>> including internet providers f.e. and not affects Putin or government
>> in any way. Documents workflow re
On 11.07.2016 21:41, Slawa Olhovchenkov wrote:
> On Mon, Jul 11, 2016 at 02:28:45PM -0400, Jung-uk Kim wrote:
>
>> On 07/10/16 10:10 AM, Andrey Chernov wrote:
>>> On 10.07.2016 16:30, Slawa Olhovchenkov wrote:
>>>> I am surprised lack of support GOST in opens
On 12.07.2016 1:44, Andrey Chernov wrote:
> On 11.07.2016 21:41, Slawa Olhovchenkov wrote:
>> On Mon, Jul 11, 2016 at 02:28:45PM -0400, Jung-uk Kim wrote:
>>
>>> On 07/10/16 10:10 AM, Andrey Chernov wrote:
>>>> On 10.07.2016 16:30, Slawa Olhovchenkov wrote:
On 12.07.2016 8:48, Kevin Oberman wrote:
> >> May be need file PR for dns/bind910?
> >>
> >> # grep -3 BROK /poudriere/ports/default/dns/bind910/Makefile
> >> .include http://bsd.port.pre.mk>>
> >>
> >> .if ( ${PORT_OPTIONS:MGOST} || ${PORT_OPTIONS:MGOST_ASN1} ) &&
> ${S
On 12.07.2016 12:16, Andrey Chernov wrote:
> On 12.07.2016 8:48, Kevin Oberman wrote:
>> >> May be need file PR for dns/bind910?
>> >>
>> >> # grep -3 BROK /poudriere/ports/default/dns/bind910/Makefile
>> >> .inclu
On 15.03.2017 16:06, Steven Chamberlain wrote:
> Also it is great to see INHERIT_ZERO was added to mmap(2)!
It is not so great. For a program which forks very often zeroing even
one page will be slowdown. It will be better and faster to implement it
as fork syscall wrapper setting single variable,
On 16.03.2017 20:24, Xin LI wrote:
> On Wed, Mar 15, 2017 at 1:13 PM, Andrey Chernov wrote:
>> On 15.03.2017 16:06, Steven Chamberlain wrote:
>>> Also it is great to see INHERIT_ZERO was added to mmap(2)!
>>
>> It is not so great. For a program which forks very often
26 matches
Mail list logo
