Re: Privilege bracketing in Solaris 10

2006-06-15 Thread Graham Toal
> http://www.sun.com/blueprints/0406/819-6320.pdf > > I'm not a C developer so it is mostly Greek to me, but others may find > some concepts therein useful. 30 years after VMS and 40 years after EMAS. Ivan Sutherland sure had it right with his observatiion of the "great wheel of reincarnation" as

Re: slow realloc: alternate method?

2006-06-17 Thread Graham Toal
> Yup, > I used this in (function splitfields) where the delimiter was chosen > with getopt: > > http://etudiant.epitech.net/~veins/sort/sort.c Oh yes, sort... that reminds me... http://www.gtoal.com/wordgames/sort/sort.[ch] - see the above for the epitome of managing store yourself...

Re: slow realloc: alternate method?

2006-06-17 Thread Graham Toal
> Growing your array by only a constant amount each iteration takes > quadratic time. By instead doubling the array size each time as > necessary, you can reduce this to (amortized) linear time. (I believe > the man page's intention was to show how to avoid leaking memory, not > how to write

Re: Recommendations for an OpenBSD-based Backup Solution

2006-03-21 Thread Graham Toal
> Some friends of mine need a backup solution that can > easily handle regular, automated backups from some M$ > Win 2k and Linux workstations as well as an OpenBSD > 3.8 based Samba file server that I had set up for them > a while ago. I'm a little late to this party, and I apologise if what I s

Re: Compilers make a system less secure?

2006-05-02 Thread Graham Toal
> > But what if your system has no compiler? When attacker should compile his > > sploit anywhere, and transfer binary evil code onto your box. E.g. he has > to > > have access to the similar machine, maybe with similas OS version and arch. > > I know not having a compiler has been considered "

HOWTO on spamd+transparent bridge under OpenBSD

2005-10-14 Thread Graham Toal
For anyone who is interested, I've written up a document on how to install OpenBSD, configure it as a transparent bridge, then install spamd on it. It was written primarily for our campus computer center who want to know how to do it if something happens to me (like I get a better job elsewhere fo

Re: HOWTO on spamd+transparent bridge under OpenBSD

2005-10-14 Thread Graham Toal
> You've got a couple of weird things and errors on your page: > - You say OpenBSD doesn't support multiple consoles: ctrl+alt+f2 Yup! Thanks. Linux uses ALT-Fkey which I tried. Didn't try adding CTRL. :-/ Assumed it didn't have it, and too busy getting everything else working to go look for

Re: HOWTO on spamd+transparent bridge under OpenBSD

2005-10-14 Thread Graham Toal
steven mestdagh <[EMAIL PROTECTED]> wrote: > On Fri, Oct 14, 2005 at 03:11:59PM -0500, Graham Toal wrote: > > For anyone who is interested, I've written up a document on > > how to install OpenBSD, configure it as a transparent bridge, > > then install spamd on i

Re: Limiting Shell Access Damage (was Guruness)

2005-10-19 Thread Graham Toal
> Turning this into a learning experience: Does anyone have any hints or > advice about hardening OpenBSD for shell accounts. Do people tweak > things other than the login.conf settings? I have to deal with student > shell accounts where students are learning to program and often create > proble

Re: spamd extension

2005-10-26 Thread Graham Toal
> My experience is that greylisting requires at least 2 failed attempts. > Maybe my pf.conf isn't setup properly. But, there's always 1 'extra' failure > that seems to me should pass through. James is right, it's a design flaw of spamd that two failed attempts are required. This is what happens:

know any neat tricks for 2 * dhclient?

2005-10-26 Thread Graham Toal
I wanted to set up a system which has two ether cards (it's part of a transparent bridge so it'll be inline with someone's connection) such that it'll pick up a DHCP address on *both* cards ... the trick comes from not knowing in advance whether the DHCP server will be on the inside connection or t

Re: know any neat tricks for 2 * dhclient?

2005-10-26 Thread Graham Toal
> I use a bridge and assign the IP to one NIC, albeit statically assigned, > on several "production" OpenBSD 3.5 systems. If I ever switched the IP to > the Other NIC, I would lose connectivity until the ARP tables on the > various LAN hosts updated with the new MAC address. Maybe about 10 minut

Re: know any neat tricks for 2 * dhclient?

2005-10-26 Thread Graham Toal
> Maybe I'm not understanding the problem, but for a tranparent bridge, you > wouldn't want it to be assigned an IP address on either network card. hence > the "transparent" part. You would think so, but you would be wrong. As I was when I started this project. In OpenBSD a bridge must either ha

Re: spamd extension

2005-10-26 Thread Graham Toal
> >The only fix for this is a *major* redesign of spamd (or equivalently > >incorporating spamd's greylisting code into a spamfilter which *does* > >relay connections at the IP level to an MTA - which is actually what I'm > >working on at the moment) > Why start from scratch ? There are enough sea

Re: spamd extension

2005-10-26 Thread Graham Toal
> On 10/26/05, James Harless <[EMAIL PROTECTED]> wrote: > > Chad, > > > > I appreciate the insight. I do realize it's a difficult problem but, > > I think that there's a solution (albeit possibly from someone smarter > > than I). > > Nope there's just not. There is, but not with spamd as currentl

Re: know any neat tricks for 2 * dhclient?

2005-10-26 Thread Graham Toal
> It *ought* to be possible to configure both hostname.xl0 and hostname.fxp1 > as dhcp, and whichever one comes up first, will then bridge through the > DHCP server for the other. Unfortunately it just happens by luck of > alphabetical order, that the one which comes up first is *not* looking > at

Re: know any neat tricks for 2 * dhclient?

2005-10-26 Thread Graham Toal
> Assuming that the problem turns out to be that the dhcp request for > fxp1 is always routed out of fxp1 (makes sense, right?) what can I do > to have it routed out the other interface via bridging? (Remembering > that the solution has to work symmetrically, if in some other deployment > it is th

Re: know any neat tricks for 2 * dhclient?

2005-10-26 Thread Graham Toal
> From: Kevin Frand <[EMAIL PROTECTED]> > > Why not start the system with one interface down (so you know which way > to route to) then "up" it at the end of the boot sequence and start the > dhclient? Because DHCP isn't a routable protocol, so knowing that information doesn't help. (Although y

Re: know any neat tricks for 2 * dhclient?

2005-10-26 Thread Graham Toal
> > What I expected was that the first would sleep for a > > short time then ask again, and get it OK. I haven't seen that happen - > > about 30 minutes later and the interface still has no IP. > > [This goes vastly OT, I know:] > > I am blank astonished that it seems to be impossible to get two >

Re: know any neat tricks for 2 * dhclient?

2005-10-27 Thread Graham Toal
(description of why it can't work deleted for brevity) > Now, your "bridge" should bridge this dhcp-packet from one interface to the > other? That doesn't work: its sending this packet out through that > interface, it can't send it out on all other interfaces. So there's no solution? I see now t

Re: know any neat tricks for 2 * dhclient?

2005-10-27 Thread Graham Toal
> I'm still confused. > > Why do you need to succed in getting a DHCP address for _both_ interfaces? > Wouldn't it be OK if jsut the one that hapened to face the DHCP server came > up? This would still give you remote access. I can get away with DHCP on one side only, but having actually tried thi

Re: know any neat tricks for 2 * dhclient?

2005-10-27 Thread Graham Toal
> i am confused as to why anyone would want to make a setup like > this, unless they were being shady. if you are going to be Yeah, it does make a perfect man-in-the-middle attack kit I must admit, but no, that's not what I'm working on :-) > installing a transparent filter/proxy/etc., shouldn't

Re: spamd extension

2005-10-28 Thread Graham Toal
> From: Hannah Schroeter <[EMAIL PROTECTED]> > And there's no mailout pool with shared queue involved, and if the > envelope sender address is always the same (i.e. no VERP, no SES, > no self-signed SRS, no SRS-enabled forwards, etc.). Surprisingly few. > >problem? During the initial weeks of u

Re: OpenBSD is popular as a VM image

2005-12-22 Thread Graham Toal
> Just an update on the popularity of the OpenBSD 3.8 VM image: > Since it was posted on Dec 19 (4 days ago), apache logs have shown 2826 > hits on the file with just over 277 gigs of traffic created by those > downloads. > Not bad for only a few days. I hope this isn't too OT for this list, but..

Re: OpenBSD VMWare image too popular

2006-01-05 Thread Graham Toal
If it's that popular it's worth setting up a torrent! G

Re: uuencode

2006-01-24 Thread Graham Toal
uuencode test.txt < test.txt The parameter is not the file name, it's what is written after the begin (ie the ouyput file name) G

Re: Backup MX server

2006-03-01 Thread Graham Toal
Although I know where David is coming from with this slightly contentious comment, he's wrong. The argument is that most senders will do their own back-off, and the hassle of setting up a *good* backup MX server is so high that the benefit scarcely justifies it. However where he is wrong is not i

Re: Backup MX server

2006-03-02 Thread Graham Toal
> NO - it does not! Well, not unless the sending MTA is broken. To quote > from Postfix documentation referring to not getting an MX record from > DNS: > " By default, the Postfix SMTP client defers delivery and tries again > after some delay. This behavior is required by the SMTP standard." Yes i

Re: Backup MX server

2006-03-02 Thread Graham Toal
> $ host -t mx stonehenge.com > stonehenge.com mail is handled by 666 spamtrap.stonehenge.com. > stonehenge.com mail is handled by 5 blue.stonehenge.com. > > Any mail delivered to spamtrap gets the following response: > > 450 Violation of RFC2821 Section 5 Paragraph 8 correlates highly with > sp