headers
nocfed | 1 May 2006 01:06
Picon

Re: Best firewall for OpenBSD ?

On 4/30/06, S t i n g r a y <fasi_74 <at> yahoo.com> wrote:
> I want to use OpenBSD as the network firewall of my
> network.
> Now which firewall should i use ? i heard people say
> pf is outdated use IP Filter instead.
> what you recommend ?
>
> regards
>
> *:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$
> Tired of spam?  Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
>

No need to reply to this in any way...

<RANT>
I must question the use of the word 'firewall' that everyone throws
around so loosely.  pf is a packet filter, as even said by its name,
which can be used to create a firewall.

It can't only be me that understands it this way.  Especially when
people say that a script is their firewall, when the script only
generates rules for the packet filter on their firewall.
</RANT>
Permalink | Reply | 0 comments |
headers
Dave Feustel | 1 May 2006 04:42
Picon

OpenBSD 3.9: Blob-Busters Interviewed by Federico Biancuzzi

Article at http://www.onlamp.com/lpt/a/6557

(excerpt)

Federico Biancuzzi: I remember that just before releasing 3.8 you had to disable the new behavior of your 
implementation of malloc()/free() that returned SIGSEGV when accessing a freed area. You had to do this 
because too many ports were instable (crashing). Does 3.9 enable it by default?

Otto Moerbeek: I first have to make a correction: we do unmap unused memory, but not very aggressively.
There are too many programs containing "use-after-free" bugs that would stop working if we unmapped
unused memory all the time.

I remember one of my grad school  CS professors mentioning in class one day years ago that
The collected algorithms of the ACM (CACM) contained algorithms that would retrieve data
from the free area of a stack after the data had been popped from the stack. I remember also 
being stunned when I heard that.

Dave Feustel
--

-- 
Lose, v., experience a loss, get rid of, "lose the weight"
Loose, adj., not tight, let go, free, "loose clothing"
Permalink | Reply | 1 comment |
headers
Dave Feustel | 1 May 2006 04:56
Picon

Using OpenBSD article in 'The Jem Report'

This is a very well written article for new users of OpenBSD: 

http://www.softwareinreview.com/cms/content/view/34/1/

One question I have: Is the description in the article of what's 
required to install Java on OpenBSD correct?

Thanks,
Dave Feustel
--

-- 
Lose, v., experience a loss, get rid of, "lose the weight"
Loose, adj., not tight, let go, free, "loose clothing"
Permalink | Reply | 5 comments |
headers
David T Harris | 1 May 2006 04:19
Picon

Re: Using OpenBSD article in 'The Jem Report'

Yes, pretty much.  Having installed Java on OpenBSD 3.8
a few months ago to be able to use the Camera 
Cache simulator (which is written in Java) for school,
you do have to install every version of Java listed
(1.3, 1.4, etc....) depending on the version you want.
If you want just 1.3 then you don't need 1.4 and 1.5
(I think), but if you want 1.5 then yes, you need
to get everything prior to that (1.3, 1.4, etc...) as
well as the BSD patchsets for those versions of Java.

It does take a long time to compile (if you're running
on a computer that's a few years old, like I was),
but it does work quite nicely.  After install
and adjusting your PATH correctly, everything
should work like a charm :).
Permalink | Reply | 1 comment |
headers
Stephen Takacs | 1 May 2006 04:23
Picon

Re: Alternatives to /proc filesystem

> Instead of compiling a custom kernel, what is the best way (in Perl) to
> get the list of current processes?

I was going to suggest the Proc::ProcessTable module, but it looks like
it doesn't support OpenBSD, and looking at the code reveals it uses
/proc in most other OS it works on. :-(

> I have to scan the list every few seconds. A couple of years ago, I
> tried executing an external "ps", but found that it sometimes "freezed".
> I found the scanning of the "/proc" filesystem much more stable...

Perhaps a buffering issue?  Try setting $| to a true value, if you
haven't already done that.

--

-- 
Stephen Takacs   <perlhaq <at> gmail.com>   http://perlguru.net/
    4149 FD56 D078 C988 9027  1EB4 04CC F80F 72CB 09DA
Permalink | Reply | 1 comment |
headers
Steve Shockley | 1 May 2006 04:30
Favicon

Re: Linksys support... hmm

Lasse Bach wrote:
> Wtf is that? How can that be a secret?

Because the WMP54G, at least, isn't manufactured by Linksys, it's a 
rebadged Lite-On?  (Hint: FCC ID)

> Maybe someone on the mailing list can provide me with an answer to:
> 1. Can v5 af the card be used with the ral driver?

If you can find the FCC ID, you can look it up at 
https://gullfoss2.fcc.gov/prod/oet/cf/eas/reports/GenericSearch.cfm, and 
then just look at the internal photos.  I didn't find anything in a 
quick Google, but I'm not looking to buy the card so I didn't work that 
hard.

> 2. Why are such information not available to their customers?

They don't want their customers to know their "brand differentiation" 
consists of a sticker?
Permalink | Reply | 0 comments |
headers
Dave Feustel | 1 May 2006 06:26
Picon

Re: Using OpenBSD article in 'The Jem Report'

On Sunday 30 April 2006 21:19, David T Harris wrote:
> Yes, pretty much.  Having installed Java on OpenBSD 3.8
> a few months ago to be able to use the Camera 
> Cache simulator (which is written in Java) for school,
> you do have to install every version of Java listed
> (1.3, 1.4, etc....) depending on the version you want.
> If you want just 1.3 then you don't need 1.4 and 1.5
> (I think), but if you want 1.5 then yes, you need
> to get everything prior to that (1.3, 1.4, etc...) as
> well as the BSD patchsets for those versions of Java.
> 
> It does take a long time to compile (if you're running
> on a computer that's a few years old, like I was),
> but it does work quite nicely.  After install
> and adjusting your PATH correctly, everything
> should work like a charm :).

I have avoided Java like the plague for years, but now
I am getting interested in using it. I probably will try
installing it sometime after I get a newer and (much) 
faster computer with a AMD revision F cpu in it.

Dave Feustel 

--

-- 
Lose, v., experience a loss, get rid of, "lose the weight"
Loose, adj., not tight, let go, free, "loose clothing"
Permalink | Reply | 0 comments |
headers
Dave Feustel | 1 May 2006 07:08
Picon

(PC video card memory aperture !=0) =>OS Rootability?

After looking at the slides for Loic Duffet's presentation
http://72.14.203.104/search?q=cache:y-G4z3W2zuQJ:www.cansecwest.com/slides06/csw06-duflot.ppt+%27Lo%C3%AFc+Duflot%27&hl=en&gl=us&ct=clnk&cd=1&ie=UTF-8
on x86 hardware vulnerabilities at CanSecWest,
I'm wondering if *any* OS that allows the video card to
access PC memory can be 'rooted'.

Is this a correct conclusion from Loic's presentation?

Is simply running run X windows sufficient to permit 'rooting'
of OpenBSD, or must the memory aperture of the video card
be non-zero as well?

What changes would have to be made to PC hardware
architecture to plug the security holes Loic has identified?

Thanks,
Dave Feustel
--

-- 
Lose, v., experience a loss, get rid of, "lose the weight"
Loose, adj., not tight, let go, free, "loose clothing"
Permalink | Reply | 3 comments |
headers
Leonardo Rodrigues | 1 May 2006 06:47
Picon

Re: OpenBSD's LIBC C99 missing %a string format support

I've been tinkering with the code a bit, and found a dirty workaround.
I changed all the snprintf's and sscanf's calls using %a to %f. Things
compiled and installed fine, and the app (window manager enlightenment
dr17, code from CVS) seems to be working fine as far as I have tested,
though I am quite sure I'll experience problems sooner or later =)
I'll try to link libtrio and use trio_snprintf and trio_sscanf with
the %a flag instead of using the %f flag and see if it works better or
whatever...

Still... its quite interesting that things are working like they
should. %a should give me an hexadecimal fractional while %f should
give me a decimal fractional. Things should be really messed up on
E17... Well, let's wait and see.

On 4/28/06, Giancarlo Razzolini <linux-fan <at> onda.com.br> wrote:
> Otto Moerbeek wrote:
> > On Fri, 28 Apr 2006, Gustavo Rios wrote:
> >
> >> I could suggest one to avoid ANSI C functions as much as possible.
> >> Write his/her own ones. Why? The motivation has been stated by you:
> >> portability concerns.
> >
> > Only if you believe the code you produce is better than the result of
> > the effort of hundreds of people over a period of more than 20 years.
> >
> > People inventing the wheel over and over is nothing more than a waste
> > of effort and a endless source of bugs.  Effort that instead could
> > have been spent on providing more C99 features to our libc.
> >
> >       -Otto
(Continue reading)

Permalink | Reply | 0 comments |
headers
Dunceor | 1 May 2006 06:55
Picon

Re: OpenBSD 3.9: Blob-Busters Interviewed by Federico Biancuzzi

You are aware that the main part of the people reading misc <at>  also reads
undeadly?

On 5/1/06, Dave Feustel <dfeustel <at> mindspring.com> wrote:
>
> Article at http://www.onlamp.com/lpt/a/6557
>
> (excerpt)
>
> Federico Biancuzzi: I remember that just before releasing 3.8 you had to
> disable the new behavior of your
> implementation of malloc()/free() that returned SIGSEGV when accessing a
> freed area. You had to do this
> because too many ports were instable (crashing). Does 3.9 enable it by
> default?
>
> Otto Moerbeek: I first have to make a correction: we do unmap unused
> memory, but not very aggressively.
> There are too many programs containing "use-after-free" bugs that would
> stop working if we unmapped
> unused memory all the time.
>
> I remember one of my grad school  CS professors mentioning in class one
> day years ago that
> The collected algorithms of the ACM (CACM) contained algorithms that would
> retrieve data
> from the free area of a stack after the data had been popped from the
> stack. I remember also
> being stunned when I heard that.
>
(Continue reading)

Permalink | Reply | 0 comments |

Gmane