Without seeing a rule set what should one say?
Am 14. September 2020 15:19:46 GMT+00:00 schrieb Scott Reese
:
>Greetings:
>
>I am troubleshooting an issue: users complaining about network
>performance. The firewall
>is an OpenBSD 6.7 system with patches applied. I've traced the issue
>and I'm se
On Mon, Sep 14, 2020 at 11:19:46AM -0400, Scott Reese wrote:
> Greetings:
>
> I am troubleshooting an issue: users complaining about network performance.
> The firewall
> is an OpenBSD 6.7 system with patches applied. I've traced the issue and I'm
> seeing the
> congestion counter incrementing
Greetings:
- Original Message -
> From: "Uwe Werler"
> To: "misc" , "Scott Reese" , "misc"
>
> Sent: Monday, September 14, 2020 12:47:31 PM
> Subject: [EXTERNAL] Re: Troubleshooting pf congestion
> Without seeing a rule set what should one say?
>
>>
>>If anyone could spare a couple
Greetings:
I am troubleshooting an issue: users complaining about network performance. The
firewall
is an OpenBSD 6.7 system with patches applied. I've traced the issue and I'm
seeing the
congestion counter incrementing on system. The problems that we're seeing fit
with what
I have been able to
Hi Theo,
Theo de Raadt wrote on Mon, Sep 14, 2020 at 07:27:23AM -0600:
> I am happy enough with the diff, and also dislike having a flag.
> Can we get it commited
Done.
> and revisit the situation in 10 years?
I'm sorry, i cannot promise to keep my TODO list in order for ten
years, it often ta
Ingo Schwarze wrote:
> Hi Brian,
>
> Brian Brombacher wrote on Mon, Sep 14, 2020 at 07:55:11AM -0400:
>
> > Love the idea; however, the only drawback is if some Bad Person
> > is twiddling around and leaves a suid or dev around on a file system
> > that is nosuid or nodev, you lose visibility.
On Mon, 14 Sep 2020 13:40:03 +0200, Ingo Schwarze wrote:
> I think that is an interesting idea. That would be the patch below.
> Given that the function find_special_files() looks for SUID, SGID,
> and device files, i suggest this logic: skip a mount point if any
> of the following is true:
>
>
i am planning to buy a desktop in the near future and i would definitely like
to run openbsd on it. so what about a dell optiplex, intel nuc or some
assembled core i5 with tp link 802.11 ac wifi card? any other suggestions
Sent from vivo smartphone
> On Sep 14, 2020, at 8:11 AM, Ingo Schwarze wrote:
>
> Hi Brian,
>
> Brian Brombacher wrote on Mon, Sep 14, 2020 at 07:55:11AM -0400:
>
>> Love the idea; however, the only drawback is if some Bad Person
>> is twiddling around and leaves a suid or dev around on a file system
>> that is nosu
Hi Brian,
Brian Brombacher wrote on Mon, Sep 14, 2020 at 07:55:11AM -0400:
> Love the idea; however, the only drawback is if some Bad Person
> is twiddling around and leaves a suid or dev around on a file system
> that is nosuid or nodev, you lose visibility.
Doesn't look like a problem to me; t
> On Sep 14, 2020, at 7:43 AM, Ingo Schwarze wrote:
>
> Hi Theo,
>
> Theo de Raadt wrote on Mon, Sep 14, 2020 at 04:06:08AM -0600:
>> Ingo Schwarze wrote:
>
>>> are used for. Some such file systems may permit SUID and/or device
>>> files, so not checking them may be a dubious idea.
>
>>
Hi Theo,
Theo de Raadt wrote on Mon, Sep 14, 2020 at 04:06:08AM -0600:
> Ingo Schwarze wrote:
>> are used for. Some such file systems may permit SUID and/or device
>> files, so not checking them may be a dubious idea.
> The script could identify mountpoints with safer mount options and
> reduc
Ingo Schwarze wrote:
> are used for. Some such file systems may permit SUID and/or device
> files, so not checking them may be a dubious idea.
The script could identify mountpoints with safer mount options and
reduce scanning on them.
That will also encourage admins to use restrictive mount op
Hi Todd,
Todd C. Miller wrote on Sun, Sep 13, 2020 at 03:13:04PM -0600:
> On Sun, 13 Sep 2020 09:17:02 -, Rupert Gallagher wrote:
>> Since /usr/libexec/security runs blindly on every attached storage
>> media, it also runs on mounted tape and backup data volumes.
> It might be best to only c
14 matches
Mail list logo
