>From http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/ :
> or desktop environments such as Wine
For some definitions of "desktop environments".
Claire beuserie writes:
> That came out a bit weird: are you saying you knew about the bug for 2 years
> but did not fix it?
Yes. Because the solution sucks. And all others we tried were just not
workable.
Just like we knew that executable stacks can be used for exploits and
didn't fix that for
On Tue, Nov 3, 2009 at 1:52 PM, Henning Brauer wrote:
>
> pfctl -vvsI is what you're after.
>
Thanks Michael Henning :-)
--Siju
Hi all,
since the upgrade to version 4.6 had pf activated by default,
I was confronted with the question wheather it is reasonable to use it
on my desktop computer or not.
I would like to know if someone is using it that way and if it's worth
to invest my time into
the configuration of pf.
Reg
--- Moritz Herrmann [Wed, Nov 04, 2009 at 11:51:52AM +0100]: ---
> Hi all,
> since the upgrade to version 4.6 had pf activated by default,
> I was confronted with the question wheather it is reasonable to use it
> on my desktop computer or not.
> I would like to know if someone is using it that
> > since the upgrade to version 4.6 had pf activated by default,
> > I was confronted with the question wheather it is reasonable to use it
> > on my desktop computer or not.
The question you are "confronted with" has already been solved for you:
yes, it is reasonable - that's why it is the def
> I'm experiencing this problem since a few snapshots now:
> [...]
> While resizing, moving or hovering the xterm window with other windows, the
> xterm window's content is refreshing painfully slowly. If someone else has
> experienced this problem, I would really appreciate some ideas or
> informa
On Wed, Nov 04, 2009 at 02:57:59AM +0100, Claire beuserie wrote:
> Hi,
>
> On Wed, Nov 4, 2009 at 12:58 AM, Theo de Raadt wrote:
>
> > 2) At least three of our developers were aware of this exploitation
> > method going back perhaps two years before than the commit, but we
> > gnashed our te
Dear all
i try install clamav from packages but get error like this , how to solved ?
- i try another mirror still same
- try donwload to local pc still same
# export PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/4.6/packages/i386/
# pkg_add -i clamav
Premature end of archive
On Fri, 30 Oct 2009 07:59:30 + Jacob Meuser
wrote:
> > I still kind of want to trade it in but it's looking like there
> > might not be any other 4in/4out USB soundcard that's suitable
> > (they're all either too complex or appear to be old so probably
> > need custom drivers).
>
> Universal
---
OK-mail
You have received this email because you are a registered member of
OK-mail.co.uk. If you no longer wish to receive emails like
this please see instructions at the bottom of the email.
Make sure you get the best from us by
On Wed, Nov 4, 2009 at 5:49 AM, sonjaya wrote:
> Dear all
> i try install clamav from packages but get error like this , how to solved
?
> - i try another mirror still same
> - try donwload to local pc still same
>
> # export PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/4.6/packages/i386/
> # pkg_a
yes already pkg_delete but still same show up that problem
On Wed, Nov 4, 2009 at 7:11 PM, Nick Guenther wrote:
> On Wed, Nov 4, 2009 at 5:49 AM, sonjaya wrote:
>> Dear all
>> i try install clamav from packages but get error like this , how to solved
?
>> - i try another mirror still same
>>
On Wed, Nov 4, 2009 at 12:49 PM, sonjaya wrote:
> yes already pkg_delete but still same show up that problem
Delete the partial again and try pkg_add -r
Cheers,
Steph
On Wed, 4 Nov 2009 at 1:46 PM, Aaron Mason
wrote:
>On Wed, Nov 4, 2009 at 1:04 PM, Gonzalo Lionel Rodriguez
> wrote:
>> 2009/11/3 Claire beuserie :
>>> Hi,
>>>
>>> On Wed, Nov 4, 2009 at 12:58 AM, Theo de Raadt
>> wrote:
>>>
2) At least three of our developers were aware of this exploitation
Theo wrote:
> For the record, this particular problem was resolved in OpenBSD a
while back, in 2008.
Nice, but:
"Since 2.6.23, it has been possible to prevent applications from
mapping low pages (to prevent null pointer dereferencing in the
kernel) via the /proc/sys/vm/mmap_min_addr sysctl, whic
On Wed, Nov 04, 2009 at 03:45:33PM +0100, Justin Smith wrote:
> Theo wrote:
>
> > For the record, this particular problem was resolved in OpenBSD a
> while back, in 2008.
>
> Nice, but:
>
> "Since 2.6.23, it has been possible to prevent applications from
> mapping low pages (to prevent null poi
Otto Moerbeek wrote:
On Wed, Nov 04, 2009 at 03:45:33PM +0100, Justin Smith wrote:
Theo wrote:
For the record, this particular problem was resolved in OpenBSD a
while back, in 2008.
Nice, but:
"Since 2.6.23, it has been possible to prevent applications from
mapping low pages
Penned by Justin Smith on 20091104 15:45.33, we have:
| Theo wrote:
|
| > For the record, this particular problem was resolved in OpenBSD a
| while back, in 2008.
|
| Nice, but:
|
| "Since 2.6.23, it has been possible to prevent applications from
| mapping low pages (to prevent null
On Tue, Nov 3, 2009 at 11:44 PM, Bob Beck wrote:
> 2009/11/3 Luis Useche :
>
>>
>> I read in the 4.6 changelog that his was part of the release.
>>
>> Am I missing something? Do I have to recompile? Or this is just a bug?
>
> Yeah you are missing something. Listen to the *whole* presentation and
>
Good day to everyone,
I'm a happy PF user, and have been for over a decade now. I'm writing
to ask some questions about performance now that I've got a system
that needs to handle some real traffic. I've been digging up various
tweaks and settings from the archives (and elsewhere) over the year
On Wed, Nov 04, 2009 at 10:26:50AM -0500, Luis Useche wrote:
>OK. Sorry for the noise. In any case, this change is in the 4.6
>changelog (twice, http://www.openbsd.org/plus46.html):
>
>"Added dynamic buffer cache sizing. The sysctl kern.bufcachepercent
>will allow you to specify a high-water mark a
I don't know what version of plus46.html you are looking at - but that
text doesnt' appear in any version I look at.
Of course it is in the cvs commit log, but that's not the same thing.
That same commit was backed out before 4.6 - and has since gone back
into current.
2009/11/4 Luis Useche :
> O
As I continue to work on my previous issue with my Sun V120 and network
hangs, I decided to install 4.6 release onto an HP DL360 G4 box with the
latest BIOS and firmware updates as a possible replacement for the Sun.
After many hours of load testing and changing configurations, I found that
I alwa
On Wed, Nov 04, 2009 at 01:45:01AM -0800, J.C. Roberts wrote:
> On Fri, 30 Oct 2009 07:59:30 + Jacob Meuser
> wrote:
>
> > > I still kind of want to trade it in but it's looking like there
> > > might not be any other 4in/4out USB soundcard that's suitable
> > > (they're all either too comple
* Jason Healy [2009-11-04 16:37]:
> The systems work great, but are chewing up about 60% of their time on
> interrupts (~9000 according to vmstat, with ~7500 going to the LAN/WAN
> cards). This is fine; everything is working and I know that high
> interrupt load was inevitable at the time. Howev
> > For the record, this particular problem was resolved in OpenBSD a
> while back, in 2008.
>
> Nice, but:
>
> "Since 2.6.23, it has been possible to prevent applications from
> mapping low pages (to prevent null pointer dereferencing in the
> kernel) via the /proc/sys/vm/mmap_min_addr sysctl, w
On Wed, Nov 4, 2009 at 4:14 PM, Todd T. Fries wrote:
> Penned by Justin Smith on 20091104 15:45.33, we have:
> | Theo wrote:
> |
> | > For the record, this particular problem was resolved in OpenBSD a
> | while back, in 2008.
> |
> | Nice, but:
> |
> | "Si
Maurice: Thanks for pointing that out.
Bob: At this point this is probably irrelevant. In any case, I found
it in the officiel webpage http://www.openbsd.org/plus46.html.
Thanks for your help!
Luis
On Wed, Nov 4, 2009 at 10:42 AM, Bob Beck wrote:
> I don't know what version of plus46.html you
Buenos dmas,
?Csmo esta?
Haga como la Mayorma de los Lmderes de Ventas estan haciendo. Venga a pasar
una maqana entera con Mario Borghino, en la conferencia "Gestisn en Ventas"
que se realizara el dma 21 de noviembre en el Hotel Melia Mixico Reforma.
ATENCISN: Mas de 130 personas ya confirmaron s
> -Urspr|ngliche Nachricht-
> Von: "Donald Allen"
> Gesendet: 04.11.09 14:23:04
> An: misc@openbsd.org
> Betreff: Re:
http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/
...
> I realize that I'm preaching to the choir -- you know all this. But I
> think it's a mistake fo
On Wed, Nov 4, 2009 at 10:55 AM, Justin Smith wrote:
> "By default, Ubuntu 8.04 and later with a non-zero
> /proc/sys/vm/mmap_min_addr setting were not vulnerable."
>
> Ubuntu 8.04 released in 2008 april.
Ubuntu 8 also ships with a setuid pulseaudio by default, which renders
the mmap_min_addr pro
Your Email client is not formatted to view HTML emails. We have included the
text email of the message.
Purchase securely here:
iTunes: http://fburls.com/55-l467mT6S
DIABLITO RECORDS
sello indie alterlatino de mexico
distribuido por WARNER MUSIC MEXICO
PROMOCION DIABLITO - UN MP3 GRATIS!
BUSCA EL
> it doesn't want to play nice with USB drives.
Ok: I finally found the problem: my test disks all were a portable
ones -powered from the USB bus-.
Cause that's what I had around the house.
I know the USB port needs to deliver enough juice to make it work, and
I had taken that into
account:
On Wed, Nov 4, 2009 at 5:54 PM, Theo de Raadt
wrote:
>> > For the record, this particular problem was resolved in OpenBSD a
>> while back, in 2008.
>>
>> Nice, but:
>>
>> "Since 2.6.23, it has been possible to prevent applications from
>> mapping low pages (to prevent null pointer dereferencing in
On Wed, Nov 04, 2009 at 04:55:58PM +0100, Justin Smith wrote:
> > And now we get into the fun stuff.
> >
> > Ever heard of 'secure by default' ?
> >
> > This knob is set to '0' by default.
> >
> > How many Linux installations actually read the above paragraph, understood
> > what value it could hav
Running 4.3 GENERIC#698 i386
I have a VPN with a vendor using a I think he said it was a Sonic Wall
FW. We are able to get Phase 1 associations up and happy. But Phase 2
never seems to start, at least not from my side.
If he sends traffic from his side then his device makes a phase 2
propo
On Wed, Nov 04, 2009 at 04:55:58PM +0100, Justin Smith wrote:
> On Wed, Nov 4, 2009 at 4:14 PM, Todd T. Fries wrote:
> > Penned by Justin Smith on 20091104 15:45.33, we have:
> > | Theo wrote:
> > |
> > | > For the record, this particular problem was resolved in
And it is totally on on *all* 90239490234873984 distros right?
On Wed, Nov 04, 2009 at 06:43:14PM +0200, Ross Cameron wrote:
> On Wed, Nov 4, 2009 at 5:54 PM, Theo de Raadt
> wrote:
> >> > For the record, this particular problem was resolved in OpenBSD a
> >> while back, in 2008.
> >>
> >> Nice,
Hi,
On Mon, 2 Nov 2009 21:35:45 -0400
Ted Unangst wrote:
> softraid offers a few advantages.
>
> 1. Better crypto. The crypto algorithm currently used by softraid is
> designed a little better. It could, in theory, also use hardware,
> except the choice of algorithm actually prevents that.
Ross Cameron wrote:
> Actually no it was turned on.
This is from the commit to the Linux kernel:
"The amount of space protected is indicated by the new proc tunable
proc/sys/vm/mmap_min_addr and defaults to 0, preserving existing behavior."
It was turned off, 0 means no protection.
Matthias Kilian wrote:
> And if you install something like wine, the knob is set back to 0,
> probably without any notice (at least in ubuntu-8.10).
That can explain why it's off on my system (karmic koala).
By the way, this is from the debian wiki:
Debian 5.0.3 ships with a default mmap_min_add
Hi all,
I have full installation of i386 snapshot from 1.11.2009 (latest on
mirrors) and I can't use X. When I try startx either as root or normal
user I get :
$ startx
xauth: can't load library 'libXdmcp.so.10.0'
xauth: can't load library 'libXdmcp.so.10.0'
xauth: can't load library 'libXdmcp.so
On Wed, Nov 4, 2009 at 5:18 AM, Donald Allen wrote:
[SNIP]
> I realize that I'm preaching to the choir -- you know all this. But I
> think it's a mistake for (especially) the OpenBSD community to speak
> of OpenBSD as just about security, when it's so much more than that.
I think I would rephra
Hi, try this
# ldconfig -m /usr/X11R6/lib/
Saludos
2009/11/4 TomC!E! BodE>C!r
> Hi all,
>
> I have full installation of i386 snapshot from 1.11.2009 (latest on
> mirrors) and I can't use X. When I try startx either as root or normal
> user I get :
>
> $ startx
> xauth: can't load library 'libX
On Wed, Nov 4, 2009 at 1:48 PM, Henry Sieff wrote:
> On Wed, Nov 4, 2009 at 5:18 AM, Donald Allen wrote:
>
> [SNIP]
>
>> I realize that I'm preaching to the choir -- you know all this. But I
>> think it's a mistake for (especially) the OpenBSD community to speak
>> of OpenBSD as just about securi
On 2009-11-04, Dag Richards wrote:
> Running 4.3 GENERIC#698 i386
>
> I have a VPN with a vendor using a I think he said it was a Sonic Wall
> FW. We are able to get Phase 1 associations up and happy. But Phase 2
> never seems to start, at least not from my side.
>
> If he sends traffic from h
On Wed, 4 Nov 2009 13:46:26 +1100
Aaron Mason wrote:
> Wine is a good idea, but it's stifling an even better idea - making
> applications compatible across multiple OSes, something that hasn't
> needed to be done in the M$ world because of the stranglehold they
> had/have over the consumer market
Greetings,
Can PF be programmed to block skype ? Provided we have port 80 and 443
Opened to the world, and perhaps DNS port too... skype finds any open
port to connect to.
Regards,
David Taveras
On Wed, 4 Nov 2009 13:46:26 +1100
Aaron Mason wrote:
> Wine is a good idea, but it's stifling an even better idea - making
> applications compatible across multiple OSes, something that hasn't
> needed to be done in the M$ world because of the stranglehold they
> had/have over the consumer market
On 04/11/2009 20:48, David Taveras wrote:
Greetings,
Can PF be programmed to block skype ? Provided we have port 80 and 443
Opened to the world, and perhaps DNS port too... skype finds any open
port to connect to.
Regards,
David Taveras
Hi,
Why having your users directly natted to the 'evil
David Taveras wrote:
> Can PF be programmed to block skype? Provided we have port 80
> and 443 Opened to the world, and perhaps DNS port too... skype
> finds any open port to connect to.
I don't think so. But if you install snort you can. Google for
snort and skype and you'll find quite a few dece
Your saying that a skype client can proxy itself through another skype
client on the same network?
In any case, iam sure there must be a way if cisco can do it, pf can.
--David
On Wed, Nov 4, 2009 at 2:12 PM, Yamidt Henao wrote:
> It is impossible, skype application, can connect through other c
Skype is crap, but really good in going trough firewalls so if you
want to block this and you're company then prepare rules about using
of ICT for users and they must sign it. If they break those rules then
use sanctions against them. Of course that this will not stop experts.
Or if you want to be
Ok to add more idiotic ideas to debate about Linux/MS and
interoperability and so on why not add this one?
http://www.computerworlduk.com/community/blogs/index.cfm?entryid=2620&blogid=
14
EU Wants to Re-define b�Closedb� as b�Nearly Openb�
'.While there is a correlation between openness
But Cisco can do it on Application layer. I'm not sure about pf, but
last time I read man page about pf and pf.conf it wasn't able to do
that. I think that there was some post about it on Undeadly too.
On Wed, Nov 4, 2009 at 9:21 PM, David Taveras wrote:
> Your saying that a skype client can prox
Not sure if this is any good, looks like it is opensource though.
http://www.lynanda.com/products/software-for-corporations/traffic-filtering/l
ynanda-skype-filter
Mark
2009/11/4 TomC!E! BodE>C!r
> But Cisco can do it on Application layer. I'm not sure about pf, but
> last time I read man
Hello,
Is there any particular problem with installing OpenBSD on a SSD HD ? I
once could on one machine but on my actual machine it simply does'nt work.
After a while, the SSD disk becomes like overloaded and unavailable to
continue the installing process of 4.6.
Regards
On Wednesday 04 November 2009 16:10:06 Jean-Frangois SIMON wrote:
> Hello,
> Is there any particular problem with installing OpenBSD on a SSD HD ? I
> once could on one machine but on my actual machine it simply does'nt work.
> After a while, the SSD disk becomes like overloaded and unavailable t
Excelent answer.
Also try blocking skype netblock.
-Mensagem original-
De: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] Em nome de Laurent
CARON
Enviada em: quarta-feira, 4 de novembro de 2009 18:08
Para: misc@openbsd.org
Cc: David Taveras
Assunto: Re: Can be PF block skype?
O
Jean-Frangois SIMON schrieb:
> ...
> Is there any particular problem with installing OpenBSD on a SSD HD ? I
Hello,
it is like for any OS on SSD HD. Make sure, you are using
no swap partition!
And if you are using an application, which is writing
a lot of things into files, put the respective d
2009/11/4 Roger Schreiter :
> it is like for any OS on SSD HD. Make sure, you are using
> no swap partition!
This is ridiculous advice.
> And if you are using an application, which is writing
> a lot of things into files, put the respective dirs into
> ramdisks!
Combined with this is even dumber
On Thu, Nov 5, 2009 at 9:12 AM, Ted Unangst wrote:
> 2009/11/4 Roger Schreiter :
>> it is like for any OS on SSD HD. Make sure, you are using
>> no swap partition!
>
> This is ridiculous advice.
>
>> And if you are using an application, which is writing
>> a lot of things into files, put the respe
Hello,
I'm using a 32 GB SSD drive from approximatly one year with openBSD 4.4 into
a SOEKRIS and no troubles with that, the great think is NO NOISE, NO HEAT.
I used the soekris as firewall and the uptime is approximatly 178 days.
Regards
2009/11/4 Jean-Frangois SIMON
> Hello,
> Is there any p
Hello,
Is there any particular problem with installing OpenBSD on a SSD HD ?
I once could on one machine but on my actual machine it simply does'nt work.
After a while, the SSD disk becomes like overloaded and unavailable to
continue the installing process of 4.6.
Regards
2009/11/5 Jean-Frangois SIMON :
> Hello,
> Is there any particular problem with installing OpenBSD on a SSD HD ? I
> once could on one machine but on my actual machine it simply does'nt work.
> After a while, the SSD disk becomes like overloaded and unavailable to
> continue the installing proces
Ted Unangst schrieb:
> ...
>> no swap partition!
>
> This is ridiculous advice.
> ...
>> a lot of things into files, put the respective dirs into
>> ramdisks!
>
> Combined with this is even dumber.
Hi,
anyway, intensive swapping onto SDD HD will destroy your SDD HD.
If RAM is the limiting res
On Wed, 04 Nov 2009 23:00:39 +0100
Roger Schreiter wrote:
> Jean-Frangois SIMON schrieb:
> > ...
> > Is there any particular problem with installing OpenBSD on a SSD
> > HD ? I
>
> Hello,
>
> it is like for any OS on SSD HD. Make sure, you are using
> no swap partition!
>
> And if you are usi
2009/11/4 Jean-Frangois SIMON :
> Hello,
> Is there any particular problem with installing OpenBSD on a SSD HD ? I
> once could on one machine but on my actual machine it simply does'nt work.
> After a while, the SSD disk becomes like overloaded and unavailable to
> continue the installing proces
On Wed, Nov 4, 2009 at 5:44 PM, K K wrote:
> This *was* reasonable advice for the older generations of
> CompactFlash, but may no longer be a consideration with newer
> flash/SSD drives.
>
> I have run many embedded servers (mostly OpenBSD on Soekris) without
> swap, never had any problems traceab
hmm, on Wed, Nov 04, 2009 at 07:43:33PM +0100, TomC!E! BodE>C!r said that
> Hi all,
>
> I have full installation of i386 snapshot from 1.11.2009 (latest on
> mirrors) and I can't use X. When I try startx either as root or normal
> user I get :
>
> $ startx
> xauth: can't load library 'libXdmcp.so
Hello community,
I have a LAN of 10 users connected to a box that nats them all through
the external NIC and thus the default servers public IP. THat box has
several public IPs. Is there anyway I can NAT a specific user to use a
specific IP as their translated IP?
Thank you.
-- David
David Taveras wrote:
> Can PF be programmed to block skype? Provided we have port 80
> and 443 Opened to the world, and perhaps DNS port too... skype
> finds any open port to connect to.
It has been discussed earlier. The short answer is yes with a little
help
http://lists.grok.org.uk/pipermail/
It's all in here man.
http://www.openbsd.org/faq/pf/nat.html
Basically:
nat on $ext_if from $your_user to any -> 1.2.3.4
On Wed, Nov 4, 2009 at 3:51 PM, David Taveras wrote:
> Hello community,
>
> I have a LAN of 10 users connected to a box that nats them all through
> the external NIC and thu
On Wed, Nov 4, 2009 at 12:02 PM, umaxx wrote:
> I have one advantage to mention:
> I have done some comparison measurements (with bonnie benchmark) and
> some self-written dd scripts under 4.5 - result: in my setup svnd seems to be
> much faster.
> I think this is maybe related to the 1. point be
Boletmn Cientmfico Coband
Si utiliza Gmail o no ve correctamente este boletmn puede acceder a la versisn
online
_
2005-2009
4 aqos promoviendo el avance de la ciencia psicolsgica en Argentina
El Proyecto COBAND es una asociacisn cientmfica sin fines de lucro formad
Dear sweetheart,
On Thu, Nov 05, 2009 at 01:12:58AM +0100, Claire beuserie wrote:
> Yes, I know, I was present in the room when Illja gave the talk in 2006 at
> the CCC Kongress and the two OpenBSD developers in the room decided to
> completely ignore the exploit he showed until Miod reproduced it
On Wed, Nov 04, 2009 at 07:02:54PM -0500, Brad Tilley wrote:
> ...Only /,
> /usr and /var are clear text on my laptops and I'm OK with that. /home
> is encrypted, swap in encrypted and /tmp is in memory. So I still have
> some privacy.
Did you forget /var/tmp? :)
78 matches
Mail list logo
