From owner-freebsd-arch Sun Aug 6 10: 9: 1 2000 Delivered-To: freebsd-arch@freebsd.org Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id D573D37B769; Sun, 6 Aug 2000 10:08:57 -0700 (PDT) (envelope-from green@FreeBSD.org) Date: Sun, 6 Aug 2000 12:45:20 -0400 (EDT) From: Brian Fundakowski Feldman X-Sender: green@green.dyndns.org To: Alexander Langer Cc: freebsd-arch@freebsd.org Subject: Re: ln -i ? In-Reply-To: <20000805213903.A3285@cichlids.cichlids.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sat, 5 Aug 2000, Alexander Langer wrote: > Hello! > > Linux's ln(1) has an -i option, which means "interactive" as rm/mv/cp > etc have, too. > > I wonder if that could be an option for our ln(1) as well. > > Could be useful. I agree; I haven't used it on Linux, but as long as it's unambiguous, like $ ln -i foo bar Link bar to foo? I must say that ln is the only utility I regularly have to think about every time I want to use both arguments. After losing a good 5 files to it, I stopped using the -f argument :) Anyway, it makes sense that if rm/mv/cp have -i and -v, ln should, too. > Alex > -- > cat: /home/alex/.sig: No such file or directory > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-arch" in the body of the message -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / green@FreeBSD.org `------------------------------' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Mon Aug 7 0:48:15 2000 Delivered-To: freebsd-arch@freebsd.org Received: from axl.ops.uunet.co.za (axl.ops.uunet.co.za [196.31.2.163]) by hub.freebsd.org (Postfix) with ESMTP id 0546837B9D2; Mon, 7 Aug 2000 00:48:11 -0700 (PDT) (envelope-from sheldonh@axl.ops.uunet.co.za) Received: from sheldonh (helo=axl.ops.uunet.co.za) by axl.ops.uunet.co.za with local-esmtp (Exim 3.16 #1) id 13Lhdn-0001UH-00; Mon, 07 Aug 2000 09:48:07 +0200 From: Sheldon Hearn To: Brian Fundakowski Feldman Cc: Alexander Langer , arch@FreeBSD.org Subject: Re: ln -i ? In-reply-to: Your message of "Sun, 06 Aug 2000 12:45:20 -0400." Date: Mon, 07 Aug 2000 09:48:07 +0200 Message-ID: <5720.965634487@axl.ops.uunet.co.za> Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sun, 06 Aug 2000 12:45:20 -0400, Brian Fundakowski Feldman wrote: > Anyway, it makes sense that if rm/mv/cp have -i and -v, ln should, too. I think that it makes sense. However, please make sure that the special case for link(1) does _not_ take the -i flag. Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Mon Aug 7 2:41:36 2000 Delivered-To: freebsd-arch@freebsd.org Received: from relay.butya.kz (butya-gw.butya.kz [212.154.129.94]) by hub.freebsd.org (Postfix) with ESMTP id 6E5AB37B8FA for ; Mon, 7 Aug 2000 02:41:32 -0700 (PDT) (envelope-from bp@butya.kz) Received: by relay.butya.kz (Postfix, from userid 1000) id 1A0FA28891; Mon, 7 Aug 2000 16:41:15 +0700 (ALMST) Received: from localhost (localhost [127.0.0.1]) by relay.butya.kz (Postfix) with ESMTP id B8C1A28664; Mon, 7 Aug 2000 16:41:15 +0700 (ALMST) Date: Mon, 7 Aug 2000 16:41:15 +0700 (ALMST) From: Boris Popov To: Kelly Yancey Cc: abial@webgiro.com, arch@FreeBSD.ORG Subject: Re: SysctlFS In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, 3 Aug 2000, Kelly Yancey wrote: > Cool. I was thinking that since the issue of a sysctl filesystem comes up > every so often, it would be nice to include an implementation as a port. Would > you be interested in making and maintaining a port of your implementation? If > not, I'll probably finish polishing off the one I was writing and do it. > Then, next time it comes up we can just say "see port XXX" :) Yes, I can maintain my version as port, but it would be interesting to merge good parts from both versions before. -- Boris Popov http://www.butya.kz/~bp/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Mon Aug 7 9:34:18 2000 Delivered-To: freebsd-arch@freebsd.org Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1]) by hub.freebsd.org (Postfix) with ESMTP id 692A137B9A6 for ; Mon, 7 Aug 2000 09:34:16 -0700 (PDT) (envelope-from Jean-Marc.Fenart@france.sun.com) Received: from sunfra.France.Sun.COM ([129.157.188.1]) by mercury.Sun.COM (8.9.3+Sun/8.9.3) with ESMTP id JAA07336 for ; Mon, 7 Aug 2000 09:34:13 -0700 (PDT) Received: from sunchorus.France.Sun.COM (sunchorus [129.157.173.1]) by sunfra.France.Sun.COM (8.8.8+Sun/8.8.8/ENSMAIL,v1.7) with ESMTP id SAA23740 for ; Mon, 7 Aug 2000 18:34:11 +0200 (MET DST) Received: from bagana (bagana [129.157.173.76]) by sunchorus.France.Sun.COM (8.8.8+Sun/8.8.8) with SMTP id SAA23960; Mon, 7 Aug 2000 18:34:10 +0200 (MET DST) Message-Id: <200008071634.SAA23960@sunchorus.France.Sun.COM> Date: Mon, 7 Aug 2000 18:34:10 +0200 (MET DST) From: Jean-Marc Fenart Reply-To: Jean-Marc Fenart Subject: HA-NFS To: freebsd-arch@FreeBSD.org Cc: Jean-Marc.Fenart@france.sun.com MIME-Version: 1.0 Content-Type: TEXT/plain; charset=us-ascii Content-MD5: pf/ud41y1hI+ONJx3MeNbg== X-Mailer: dtmail 1.3.0 @(#)CDE Version 1.3.2 SunOS 5.7 sun4u sparc Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hello I'm looking for an implementation of the HA-NFS (Higly Available Network File Server) on top of a BSD Unix. This is an extension of the standard NFS server implementation which consists in providing a continuation of service for an NFS client, in case of a failure on the NFS server. This is done by using a secondary/backup NFS server which is able in case of a failure on the primary server to (1) takeover the IP address of the failed primary, (2) re-mount the filesystem accessed by the failed primary (to do this requires an underlying disk mirroring provided by instance by a volume manager), (3) update its cache of non-idempotent operations with the state of the primary at the time of the failure (the cache of non idempotent ops can be on a shared disks/logged file system or msg checkpointed between the primary and the secondary...). This is totaly transparent for an NFS client, the NFS protocol on the wire being unchanged and all modifications limited to the servers. The original paper for it is a Usenix-91 (HA-NFS Anuman Bhide and all). Does someone has a knowledge of such an implementation on top of BSD Unix ? Thank's for your help - JM Fenart - To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Wed Aug 9 15:19:19 2000 Delivered-To: freebsd-arch@freebsd.org Received: from alcanet.com.au (mail.alcanet.com.au [203.62.196.10]) by hub.freebsd.org (Postfix) with SMTP id 3E76C37B883 for ; Wed, 9 Aug 2000 15:19:12 -0700 (PDT) (envelope-from jeremyp@gsmx07.alcatel.com.au) Received: by border.alcanet.com.au id <115209>; Thu, 10 Aug 2000 08:19:00 +1000 Content-return: prohibited Date: Thu, 10 Aug 2000 08:18:58 +1000 From: Peter Jeremy Subject: Interface types defined in if_types.h To: arch@FreeBSD.ORG Mail-followup-to: arch@freebsd.org Message-Id: <00Aug10.081900est.115209@border.alcanet.com.au> MIME-version: 1.0 Content-type: text/plain; charset=us-ascii Content-disposition: inline User-Agent: Mutt/1.2.4i Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG (This is prompted by a comment by Garrett Wollman in PR kern/19436 - that FreeBSD needs to define a specific interface type for IEEE 802.1q VLANs). /sys/net/if_types.h describes itself as: * Interface types for benefit of parsing media address headers. * This list is derived from the SNMP list of ifTypes, currently * documented in RFC1573, now maintained as: * * ftp.isi.edu/in-notes/iana/assignments/smi-numbers The current version of smi-numbers lists 115 ifTypes that don't appear in if_types.h (including l2vlan (135) for 802.1q). FreeBSD also defines 4 types (IFT_GIF, IFT_PVC, IFT_FAITH and IFT_STF) that don't match IANA assignments. It would seem to be useful to just import the latest ifTypes list, but the way FreeBSD is using IFT_xxx macros does not perfectly map onto the SNMP ifType. Two groups of mismatches are readily apparent: 1) FreeBSD uses a single type (IFT_ETHER) to represent all Ethernet- like interfaces, whilst ifType defines different types for 100baseTX, 100baseFX, 100baseVG, Gigabit Ethernet and 10Mbps Ethernet. 2) IANA define single softwareLoopback (24) and encapsulation (131, tunnel) interfaces. FreeBSD needs to distinguish between different softwareLoopback devices (lo(4), tun(4)[1] and faith(4)) as well as different encapsulation devices (gif(4) and stf(4)). In the former case, it might be possible to separate out all the different Ethernet media types, but this would add a degree of complexity to each ethernet driver (switching between 10Mbps and 100Mbps would entail changing the if_type value, it would also be necessary to distinguish between the various 100Mbps media types - which may or may not be possible, depending on the PHY), for (IMHO) no gain. In the latter case, FreeBSD must be able to distinguish between different pseudo devices. If they were all mapped onto a single if_type, then a different field would be necessary to distinguish them. How to proceed? Should all the ifTypes be imported - with the understanding that some just won't get used. Should we import and use the ifType name/number where if suits us and ignore the rest? How should we distinguish different pseudo devices - just make up numbers and hope we don't clash? [1] tun(4) currently defines itself as IFT_PPP - whilst this is the most common use, there does not appear to be anything in the device that limits it to PPP. Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Thu Aug 10 12: 4:37 2000 Delivered-To: freebsd-arch@freebsd.org Received: from nothing-going-on.demon.co.uk (nothing-going-on.demon.co.uk [193.237.89.66]) by hub.freebsd.org (Postfix) with ESMTP id 5869837B9F2 for ; Thu, 10 Aug 2000 12:04:27 -0700 (PDT) (envelope-from nik@nothing-going-on.demon.co.uk) Received: from kilt.nothing-going-on.org (root@kilt.nothing-going-on.org [192.168.1.18]) by nothing-going-on.demon.co.uk (8.9.3/8.9.3) with ESMTP id TAA09068 for ; Thu, 10 Aug 2000 19:35:58 +0100 (BST) (envelope-from nik@catkin.nothing-going-on.org) Received: (from nik@localhost) by kilt.nothing-going-on.org (8.9.3/8.9.3) id OAA02668 for arch@freebsd.org; Thu, 10 Aug 2000 14:12:54 GMT (envelope-from nik@catkin.nothing-going-on.org) Date: Thu, 10 Aug 2000 14:12:53 +0000 From: Nik Clayton To: arch@freebsd.org Subject: Turning tcp_extensions back on? Message-ID: <20000810141253.A2550@kilt.nothing-going-on.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i Organization: FreeBSD Project Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi guys, Is there a case for keeping tcp_extensions="NO" in /etc/defaults/rc.conf, or are the vast majority of other systems able to deal with it now? [ Background -- NetCraft, the server statistics people, are about to start producing reports where they figure out the uptime of the server's they're talking to. I was talking to one of their engineers yesterday, and he mentioned that FreeBSD doesn't work well with this, because most of the deployed systems keep tcp_extensions turned off, and they use the RFC1323 extensions to do the report. Obviously, if it's still an issue then we should keep them turned off (and probably prepare some sort of text that NetCraft can send out with the reports which explains why FreeBSD doesn't figure very well in the report. Alternatively, if it's not a problem any more then we should turn them on. ] N -- Internet connection, $19.95 a month. Computer, $799.95. Modem, $149.95. Telephone line, $24.95 a month. Software, free. USENET transmission, hundreds if not thousands of dollars. Thinking before posting, priceless. Somethings in life you can't buy. For everything else, there's MasterCard. -- Graham Reed, in the Scary Devil Monastery To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Thu Aug 10 15: 7:49 2000 Delivered-To: freebsd-arch@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id E3F4837BACA; Thu, 10 Aug 2000 15:07:43 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id QAA05243; Thu, 10 Aug 2000 16:07:42 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id QAA77895; Thu, 10 Aug 2000 16:07:14 -0600 (MDT) Message-Id: <200008102207.QAA77895@harmony.village.org> To: Nik Clayton Subject: Re: Turning tcp_extensions back on? Cc: arch@FreeBSD.ORG In-reply-to: Your message of "Thu, 10 Aug 2000 14:12:53 -0000." <20000810141253.A2550@kilt.nothing-going-on.org> References: <20000810141253.A2550@kilt.nothing-going-on.org> Date: Thu, 10 Aug 2000 16:07:14 -0600 From: Warner Losh Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In message <20000810141253.A2550@kilt.nothing-going-on.org> Nik Clayton writes: : NetCraft can send out with the reports which explains why FreeBSD doesn't : figure very well in the report. Alternatively, if it's not a problem : any more then we should turn them on. ] We should prepare a report anyway, given the number of systems that are deployed. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Thu Aug 10 15:33: 7 2000 Delivered-To: freebsd-arch@freebsd.org Received: from netplex.com.au (adsl-63-207-30-186.dsl.snfc21.pacbell.net [63.207.30.186]) by hub.freebsd.org (Postfix) with ESMTP id C5B9837BB05; Thu, 10 Aug 2000 15:32:44 -0700 (PDT) (envelope-from peter@netplex.com.au) Received: from netplex.com.au (peter@localhost [127.0.0.1]) by netplex.com.au (8.9.3/8.9.3) with ESMTP id PAA87023; Thu, 10 Aug 2000 15:32:24 -0700 (PDT) (envelope-from peter@netplex.com.au) Message-Id: <200008102232.PAA87023@netplex.com.au> X-Mailer: exmh version 2.1.1 10/15/1999 To: Warner Losh Cc: Nik Clayton , arch@FreeBSD.ORG Subject: Re: Turning tcp_extensions back on? In-Reply-To: <200008102207.QAA77895@harmony.village.org> Date: Thu, 10 Aug 2000 15:32:24 -0700 From: Peter Wemm Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Warner Losh wrote: > In message <20000810141253.A2550@kilt.nothing-going-on.org> Nik Clayton write s: > : NetCraft can send out with the reports which explains why FreeBSD doesn't > : figure very well in the report. Alternatively, if it's not a problem > : any more then we should turn them on. ] > > We should prepare a report anyway, given the number of systems that > are deployed. It is my understanding that now Linux has RFC1323 support implemented and turned on by default now. I have long believed that we should have persisted with it on but this would be a good reason to revisit this. Cheers, -Peter -- Peter Wemm - peter@FreeBSD.org; peter@yahoo-inc.com; peter@netplex.com.au "All of this is for nothing if we don't go to the stars" - JMS/B5 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Thu Aug 10 15:43:15 2000 Delivered-To: freebsd-arch@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id F16AC37B51F; Thu, 10 Aug 2000 15:43:13 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id PAA63523; Thu, 10 Aug 2000 15:43:14 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Thu, 10 Aug 2000 15:43:13 -0700 (PDT) From: Kris Kennaway To: Nik Clayton Cc: arch@freebsd.org Subject: Re: Turning tcp_extensions back on? In-Reply-To: <20000810141253.A2550@kilt.nothing-going-on.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, 10 Aug 2000, Nik Clayton wrote: > [ Background -- NetCraft, the server statistics people, are about to start > producing reports where they figure out the uptime of the server's they're > talking to. I was talking to one of their engineers yesterday, and he > mentioned that FreeBSD doesn't work well with this, because most of the > deployed systems keep tcp_extensions turned off, and they use the RFC1323 > extensions to do the report. Obviously, if it's still an issue then we > should keep them turned off (and probably prepare some sort of text that > NetCraft can send out with the reports which explains why FreeBSD doesn't > figure very well in the report. Alternatively, if it's not a problem > any more then we should turn them on. ] Turning them on now won't help servers with 2 year uptimes unless they toggle the sysctl manually (not likely), or, uh, upgrade and reboot ;-) Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Thu Aug 10 15:47:29 2000 Delivered-To: freebsd-arch@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id CD41B37BB22; Thu, 10 Aug 2000 15:47:27 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id PAA64066; Thu, 10 Aug 2000 15:47:27 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Thu, 10 Aug 2000 15:47:27 -0700 (PDT) From: Kris Kennaway To: Nik Clayton Cc: arch@freebsd.org Subject: Re: Turning tcp_extensions back on? In-Reply-To: <20000810141253.A2550@kilt.nothing-going-on.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, 10 Aug 2000, Nik Clayton wrote: > Hi guys, > > Is there a case for keeping > > tcp_extensions="NO" > > in /etc/defaults/rc.conf, or are the vast majority of other systems able > to deal with it now? I'm also curious about how they intend to measure uptimes using RFC 1323 extensions - I just skimmed this and it didn't offer any suggestions as to how that would help (unless it's playing games with sequence numbers or something, which seems dubious) As for the question, the text in rc.conf(5) could do with some justification why it would no longer be a problem: "Some hardware/software out there is known to be broken with respect to these options." Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Thu Aug 10 16:15:10 2000 Delivered-To: freebsd-arch@freebsd.org Received: from Awfulhak.org (tun.AwfulHak.org [194.242.139.173]) by hub.freebsd.org (Postfix) with ESMTP id 535C537BB31; Thu, 10 Aug 2000 16:14:57 -0700 (PDT) (envelope-from brian@Awfulhak.org) Received: from hak.lan.Awfulhak.org (root@hak.lan.awfulhak.org [172.16.0.12]) by Awfulhak.org (8.9.3/8.9.3) with ESMTP id AAA44891; Fri, 11 Aug 2000 00:10:41 +0100 (BST) (envelope-from brian@hak.lan.Awfulhak.org) Received: from hak.lan.Awfulhak.org (brian@localhost [127.0.0.1]) by hak.lan.Awfulhak.org (8.9.3/8.9.3) with ESMTP id AAA28283; Fri, 11 Aug 2000 00:10:38 +0100 (BST) (envelope-from brian@hak.lan.Awfulhak.org) Message-Id: <200008102310.AAA28283@hak.lan.Awfulhak.org> X-Mailer: exmh version 2.1.1 10/15/1999 To: Robert Watson Cc: Isaac Waldron , freebsd-hackers@FreeBSD.org, freebsd-arch@FreeBSD.org, brian@Awfulhak.org Subject: Re: Writing device drivers (ioctl issue) In-Reply-To: Message from Robert Watson of "Thu, 27 Jul 2000 16:13:08 EDT." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 11 Aug 2000 00:10:38 +0100 From: Brian Somers Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > I ran into this same problem when modifying the vmmon VMWare driver for > FreeBSD to support mulitple emulator instances. FreeBSD's VFS does not > have a concept of stateful file access: there are open's and close's, but > the VOP_READ/WRITE operations are not associated with sessions. This [.....] > There are a number of possible solutions to this problem, including the [.....] > My preferred solution, and I actually hacked around with a kernel a bit to > do this, is to make the VFS provide (optional) stateful vnode sessions. > vop_open() would gain an additional call-by-reference argument, probably a > void**. When NULL, the caller would be requesting a stateless vnode open, [.....] > My changes are incomplete as I was working on it on the plane, and > comments on the idea would be welcome. One thing this would allow is for [.....] I think this is something that BSD lacks big-time. It simplifies the way userland opens devices and should be fairly easy to implement. If you haven't got time, I'd be willing to pick this up. Do you have anything worth sending me (patches) ? Cheers. > Robert N M Watson > > robert@fledge.watson.org http://www.watson.org/~robert/ > PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 > TIS Labs at Network Associates, Safeport Network Services -- Brian Don't _EVER_ lose your sense of humour ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Thu Aug 10 16:20: 5 2000 Delivered-To: freebsd-arch@freebsd.org Received: from Awfulhak.org (tun.AwfulHak.org [194.242.139.173]) by hub.freebsd.org (Postfix) with ESMTP id E437937BD54 for ; Thu, 10 Aug 2000 16:19:55 -0700 (PDT) (envelope-from brian@Awfulhak.org) Received: from hak.lan.Awfulhak.org (root@hak.lan.awfulhak.org [172.16.0.12]) by Awfulhak.org (8.9.3/8.9.3) with ESMTP id AAA50805; Fri, 11 Aug 2000 00:16:23 +0100 (BST) (envelope-from brian@hak.lan.Awfulhak.org) Received: from hak.lan.Awfulhak.org (brian@localhost [127.0.0.1]) by hak.lan.Awfulhak.org (8.9.3/8.9.3) with ESMTP id AAA29996; Fri, 11 Aug 2000 00:16:20 +0100 (BST) (envelope-from brian@hak.lan.Awfulhak.org) Message-Id: <200008102316.AAA29996@hak.lan.Awfulhak.org> X-Mailer: exmh version 2.1.1 10/15/1999 To: Brian Dean Cc: Luoqi Chen , bde@zeta.org.au, freebsd-arch@FreeBSD.org, brian@Awfulhak.org Subject: Re: isatty() reports false results In-Reply-To: Message from Brian Dean of "Thu, 27 Jul 2000 19:27:26 EDT." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 11 Aug 2000 00:16:20 +0100 From: Brian Somers Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG [.....] > % /usr/local/bin/pty-redir \ > /usr/bin/ssh -t -e none -o 'Batchmode yes' \ > -i $key -l $user $host > ~/vpndev > % /usr/sbin/pppd `cat ~/vpndev` $localip:$remoteip > > In the above, pty-redir allocates a pty, opens the master side of it, > prints out the name of the slave side, dup2()'s the master side as > stdin and stdout, forks off ssh, then exits. This leaves ssh using > the master side as stdin/stdout. On the remote host, the login shell > for $user is just /usr/sbin/pppd. > > The local invocation of pppd uses the slave side of the pty which > talks to the remote side and establishes the connection. > > [This, btw, shows some of the true elegance of Unix - the ability to > chain together several seemingly unrelated processes in order > instantiate a construct that the original authors of the individual > pieces did not necesarily intend or conceive.] [.....] > The only problem is that, if we don't change either 'isatty()', or > 'ssh', or the pty driver, then others are going to run into this same > problem if, like me, they come across the Linux VPN HOW-TO and use it > for ideas in setting up a VPN on FreeBSD :(. Our pty driver seems to > behave differently in this respect to Linux and NetBSD (and probably > others as well). IMHO pppd's mucking about with ptys is evil. This whole thing is much easier to do from ppp(8), by simply using ``set device "!ssh blah ppp -direct label"'', you get ppp interacting with ssh via a socketpair(). Having said that, can't pppd do it by just using ``ssh -t blah'' ? > -Brian -- Brian Don't _EVER_ lose your sense of humour ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Fri Aug 11 12:56:16 2000 Delivered-To: freebsd-arch@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id EFCD637B917; Fri, 11 Aug 2000 12:55:53 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id NAA10023; Fri, 11 Aug 2000 13:55:51 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id NAA68299; Fri, 11 Aug 2000 13:55:21 -0600 (MDT) Message-Id: <200008111955.NAA68299@harmony.village.org> To: arch@freebsd.org Subject: Re: cvs commit: src/gnu/usr.bin/perl Makefile Cc: cvs-committers@freebsd.org Reply-To: arch@freebsd.org In-reply-to: Your message of "Fri, 11 Aug 2000 12:50:11 PDT." <399458F3.15AC1DE@cup.hp.com> References: <399458F3.15AC1DE@cup.hp.com> <200008111935.NAA36773@harmony.village.org> <20000811152305.C12290@netmonger.net> <20000811144136.A12290@netmonger.net> <20000811141800.A14610@netmonger.net> <20000811144136.A12290@netmonger.net> <200008111857.MAA36439@harmony.village.org> <200008111940.NAA44776@harmony.village.org> Date: Fri, 11 Aug 2000 13:55:21 -0600 From: Warner Losh Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG [[ I'm moving this to arch since it is becoming more involved than I thought initially -- imp ]] In message <399458F3.15AC1DE@cup.hp.com> Marcel Moolenaar writes: : I opt for a wrapper that, if sperl is "disabled", fails with an error : explaining why sperl won't work as expected. Installing sperl without : the expected mods is against POLA. How would the wrapper determine that sperl is disabled? How could the wrapper ensure that the shadow copy of sperl is secure against direct invocation? Suggestions? Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Fri Aug 11 13: 0:32 2000 Delivered-To: freebsd-arch@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 7926537B917; Fri, 11 Aug 2000 13:00:26 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id OAA10055; Fri, 11 Aug 2000 14:00:22 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id NAA78924; Fri, 11 Aug 2000 13:59:51 -0600 (MDT) Message-Id: <200008111959.NAA78924@harmony.village.org> To: arch@freebsd.org Subject: Re: cvs commit: src/gnu/usr.bin/perl Makefile Cc: cvs-committers@freebsd.org Reply-To: arch@freebsd.org In-reply-to: Your message of "Fri, 11 Aug 2000 21:52:24 +0200." <20000811215224.B57942@mithrandr.moria.org> References: <20000811215224.B57942@mithrandr.moria.org> <200008111935.NAA36773@harmony.village.org> <20000811152305.C12290@netmonger.net> <20000811144136.A12290@netmonger.net> <20000811141800.A14610@netmonger.net> <20000811144136.A12290@netmonger.net> <200008111857.MAA36439@harmony.village.org> <200008111940.NAA44776@harmony.village.org> <399458F3.15AC1DE@cup.hp.com> Date: Fri, 11 Aug 2000 13:59:51 -0600 From: Warner Losh Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG [[ moving discussion to arch ]] In message <20000811215224.B57942@mithrandr.moria.org> Neil Blakey-Milner writes: : On Fri 2000-08-11 (12:50), Marcel Moolenaar wrote: : > I opt for a wrapper that, if sperl is "disabled", fails with an error : > explaining why sperl won't work as expected. Installing sperl without : > the expected mods is against POLA. : : If it is documented, you needn't be astonished. Also, I imagine that we : can make suidperl a wrapper which explains the problem, and _also_ : provide it without setuid privilege (or just build it into suidperl, but : that'd mean getting dirty with the contrib code). If we go the wrapper route, we'd need to make sure that the wrapper doesn't introduce any new holes. I think that would make it harder to deal with than just enabling it. The POLA complaint could be answered by changing the suidperl man page. Hmmm, looks like there's not a separate man page for it, so maybe that isn't a good idea. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Fri Aug 11 13:40:21 2000 Delivered-To: freebsd-arch@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 0533E37B6DC; Fri, 11 Aug 2000 13:40:12 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id OAA10234; Fri, 11 Aug 2000 14:40:10 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id OAA52272; Fri, 11 Aug 2000 14:39:39 -0600 (MDT) Message-Id: <200008112039.OAA52272@harmony.village.org> To: arch@freebsd.org Subject: Re: cvs commit: src/gnu/usr.bin/perl Makefile Reply-To: arch@freebsd.org Cc: cvs-committers@freebsd.org In-reply-to: Your message of "Sat, 11 Aug 2000 22:19:51 +0200." <200008112019.e7BKJpP59373@zibbi.mikom.csir.co.za> References: <200008112019.e7BKJpP59373@zibbi.mikom.csir.co.za> Date: Fri, 11 Aug 2000 14:39:39 -0600 From: Warner Losh Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG [[ followups to -arch ]] In message <200008112019.e7BKJpP59373@zibbi.mikom.csir.co.za> John Hay writes: : > Perhaps it's time to add a make.conf variable like SECURE_SUID_ROOT : > (or something) and have *all* but the most essential suid binaries : > conditionalize their installation modes from its setting. Turn it on : > or off by default, I don't really care, just make it easier to have : > things like suidperl without actually mucking with sources. : : Then we will also need its equivalent in sysinstall so that you can : decide at install time what kind of setup you want. :-) I don't think it is time to have that. We already drive to have a minimal set of setuid binaries on the system. suidperl is the largest one we have, has a history of bugs and is hard to audit and isn't that widely used. That's why I didn't want it laying around with setuid bit set on it. It is literally unique in the tree. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Fri Aug 11 14:26:40 2000 Delivered-To: freebsd-arch@freebsd.org Received: from palrel3.hp.com (palrel3.hp.com [156.153.255.226]) by hub.freebsd.org (Postfix) with ESMTP id DFEFE37B52C for ; Fri, 11 Aug 2000 14:26:31 -0700 (PDT) (envelope-from marcel@cup.hp.com) Received: from adlmail.cup.hp.com (adlmail.cup.hp.com [15.0.100.30]) by palrel3.hp.com (Postfix) with ESMTP id 066AA116A for ; Fri, 11 Aug 2000 14:26:31 -0700 (PDT) Received: from cup.hp.com (gauss.cup.hp.com [15.28.97.152]) by adlmail.cup.hp.com (8.9.3 (PHNE_18546)/8.9.3 SMKit7.02) with ESMTP id OAA04196 for ; Fri, 11 Aug 2000 14:26:30 -0700 (PDT) Message-ID: <39946F86.62F0B165@cup.hp.com> Date: Fri, 11 Aug 2000 14:26:30 -0700 From: Marcel Moolenaar Organization: Hewlett-Packard X-Mailer: Mozilla 4.73 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: arch@FreeBSD.ORG Subject: Re: cvs commit: src/gnu/usr.bin/perl Makefile References: <399458F3.15AC1DE@cup.hp.com> <200008111935.NAA36773@harmony.village.org> <20000811152305.C12290@netmonger.net> <20000811144136.A12290@netmonger.net> <20000811141800.A14610@netmonger.net> <20000811144136.A12290@netmonger.net> <200008111857.MAA36439@harmony.village.org> <200008111940.NAA44776@harmony.village.org> <200008111955.NAA68299@harmony.village.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Warner Losh wrote: > > [[ I'm moving this to arch since it is becoming more involved than I > thought initially -- imp ]] [committers removed from CC] > In message <399458F3.15AC1DE@cup.hp.com> Marcel Moolenaar writes: > : I opt for a wrapper that, if sperl is "disabled", fails with an error > : explaining why sperl won't work as expected. Installing sperl without > : the expected mods is against POLA. > > How would the wrapper determine that sperl is disabled? How could the > wrapper ensure that the shadow copy of sperl is secure against direct > invocation? Suggestions? As mentioned in another mail; the wrapper could look at the mods to determine that. I think it should *not* run the sperl if the mods don't have suid. Instead, a message could be given that explains why sperl is not being run. That message could be as verbose as we think is reasonable to explain to the unexpected user why his script isn't running as he/she might be used to. That way we have wrapped the sperl bug of not having the suid bit set into a package that, as a whole, isn't really a bug anymore and can only be slightly inconvenient to those users that have suid perl scripts. -- Marcel Moolenaar mail: marcel@cup.hp.com / marcel@FreeBSD.org tel: (408) 447-4222 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Fri Aug 11 15:34:26 2000 Delivered-To: freebsd-arch@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 8A3CC37B9C7 for ; Fri, 11 Aug 2000 15:34:23 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id QAA10801; Fri, 11 Aug 2000 16:34:09 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id QAA90517; Fri, 11 Aug 2000 16:33:38 -0600 (MDT) Message-Id: <200008112233.QAA90517@harmony.village.org> To: Marcel Moolenaar Subject: Re: cvs commit: src/gnu/usr.bin/perl Makefile Cc: arch@FreeBSD.ORG In-reply-to: Your message of "Fri, 11 Aug 2000 14:26:30 PDT." <39946F86.62F0B165@cup.hp.com> References: <39946F86.62F0B165@cup.hp.com> <399458F3.15AC1DE@cup.hp.com> <200008111935.NAA36773@harmony.village.org> <20000811152305.C12290@netmonger.net> <20000811144136.A12290@netmonger.net> <20000811141800.A14610@netmonger.net> <20000811144136.A12290@netmonger.net> <200008111857.MAA36439@harmony.village.org> <200008111940.NAA44776@harmony.village.org> <200008111955.NAA68299@harmony.village.org> Date: Fri, 11 Aug 2000 16:33:38 -0600 From: Warner Losh Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In message <39946F86.62F0B165@cup.hp.com> Marcel Moolenaar writes: : [committers removed from CC] Thank you. : As mentioned in another mail; the wrapper could look at the mods to : determine that. I think it should *not* run the sperl if the mods don't : have suid. Instead, a message could be given that explains why sperl is : not being run. That message could be as verbose as we think is : reasonable to explain to the unexpected user why his script isn't : running as he/she might be used to. : : That way we have wrapped the sperl bug of not having the suid bit set : into a package that, as a whole, isn't really a bug anymore and can only : be slightly inconvenient to those users that have suid perl scripts. If the internal checks in sperl will allow this, then this might be the best way to go. I want to think about this a little before doing that. Peter shot down other wrappers for these. The good news is that my mods to install it mode 0 seem to work. I'm not going to commit anything until we can get consensus on what to do. And I honestly thought this would be an uncontroversial change. That's what I get for thinking. :-( Warer To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Fri Aug 11 15:37:30 2000 Delivered-To: freebsd-arch@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 5E2EC37B5A3 for ; Fri, 11 Aug 2000 15:37:28 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id QAA10816; Fri, 11 Aug 2000 16:37:27 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id QAA90562; Fri, 11 Aug 2000 16:36:56 -0600 (MDT) Message-Id: <200008112236.QAA90562@harmony.village.org> To: Marcel Moolenaar Subject: Re: cvs commit: src/gnu/usr.bin/perl Makefile Cc: arch@freebsd.org In-reply-to: Your message of "Fri, 11 Aug 2000 13:37:03 PDT." <399463EF.A0F38A72@cup.hp.com> References: <399463EF.A0F38A72@cup.hp.com> <39945275.F1C94C13@cup.hp.com> <20000811144136.A12290@netmonger.net> <20000811141800.A14610@netmonger.net> <20000811144136.A12290@netmonger.net> <200008111857.MAA36439@harmony.village.org> <20000811210827.A57382@mithrandr.moria.org> <200008111949.NAA61158@harmony.village.org> Date: Fri, 11 Aug 2000 16:36:56 -0600 From: Warner Losh Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In message <399463EF.A0F38A72@cup.hp.com> Marcel Moolenaar writes: : We should at least emit an error or warning if sperl is being run while : it doesn't have the proper permissions... Hmmmm. There's already a warning that's issued, but it is cryptic. We could expand the warning, at the expense of bringing the file off the vendor branch. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Fri Aug 11 16: 3:18 2000 Delivered-To: freebsd-arch@freebsd.org Received: from palrel3.hp.com (palrel3.hp.com [156.153.255.226]) by hub.freebsd.org (Postfix) with ESMTP id DB56A37BC2B for ; Fri, 11 Aug 2000 16:03:16 -0700 (PDT) (envelope-from marcel@cup.hp.com) Received: from adlmail.cup.hp.com (adlmail.cup.hp.com [15.0.100.30]) by palrel3.hp.com (Postfix) with ESMTP id B0172C54; Fri, 11 Aug 2000 16:03:15 -0700 (PDT) Received: from cup.hp.com (gauss.cup.hp.com [15.28.97.152]) by adlmail.cup.hp.com (8.9.3 (PHNE_18546)/8.9.3 SMKit7.02) with ESMTP id QAA07959; Fri, 11 Aug 2000 16:03:15 -0700 (PDT) Message-ID: <39948633.ECC027D2@cup.hp.com> Date: Fri, 11 Aug 2000 16:03:15 -0700 From: Marcel Moolenaar Organization: Hewlett-Packard X-Mailer: Mozilla 4.73 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: Warner Losh Cc: arch@FreeBSD.ORG Subject: Re: cvs commit: src/gnu/usr.bin/perl Makefile References: <399463EF.A0F38A72@cup.hp.com> <39945275.F1C94C13@cup.hp.com> <20000811144136.A12290@netmonger.net> <20000811141800.A14610@netmonger.net> <20000811144136.A12290@netmonger.net> <200008111857.MAA36439@harmony.village.org> <20000811210827.A57382@mithrandr.moria.org> <200008111949.NAA61158@harmony.village.org> <200008112236.QAA90562@harmony.village.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Warner Losh wrote: > > In message <399463EF.A0F38A72@cup.hp.com> Marcel Moolenaar writes: > : We should at least emit an error or warning if sperl is being run while > : it doesn't have the proper permissions... > > Hmmmm. There's already a warning that's issued, but it is cryptic. > We could expand the warning, at the expense of bringing the file off > the vendor branch. We might want to add an explicit test for the mods for that. The error/warning currently emitted might not cover this fact properly. I didn't really look in detail at the code, so I may as well be wrong. At least I think it should be a hard error and not just a warning. Other than that, I don't have a problem with it. -- Marcel Moolenaar mail: marcel@cup.hp.com / marcel@FreeBSD.org tel: (408) 447-4222 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Fri Aug 11 18:17: 3 2000 Delivered-To: freebsd-arch@freebsd.org Received: from smtp.bsdhome.com (unknown [24.25.2.13]) by hub.freebsd.org (Postfix) with ESMTP id E0FB037BA48 for ; Fri, 11 Aug 2000 18:17:00 -0700 (PDT) (envelope-from bsd@bsdhome.com) Received: from vger.bsdhome.com (vger [192.168.220.2]) by smtp.bsdhome.com (8.9.3/8.9.3) with ESMTP id VAA00784; Fri, 11 Aug 2000 21:16:47 -0400 (EDT) (envelope-from bsd@bsdhome.com) Received: from localhost (bsd@localhost) by vger.bsdhome.com (8.9.3/8.9.3) with ESMTP id VAA00939; Fri, 11 Aug 2000 21:16:46 -0400 (EDT) (envelope-from bsd@vger.bsdhome.com) Date: Fri, 11 Aug 2000 21:16:16 -0400 (EDT) From: Brian Dean To: Brian Somers Cc: freebsd-arch@FreeBSD.ORG Subject: Re: isatty() reports false results In-Reply-To: <200008102316.AAA29996@hak.lan.Awfulhak.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Fri, 11 Aug 2000, Brian Somers wrote: > IMHO pppd's mucking about with ptys is evil. This whole thing is > much easier to do from ppp(8), by simply using ``set device "!ssh > blah ppp -direct label"'', you get ppp interacting with ssh via a > socketpair(). Perhaps. I haven't tried this method. I'm a long time user of 'pppd' and tend to stick with what I know and what I've had success with previously. Now that I've done a pretty close read of your man-page for ppp, I may give this a try and see how it works out. > Having said that, can't pppd do it by just using ``ssh -t blah'' ? I didn't find a way to do this. The '-t' option only instructs the local ssh client to request that the remote sshd server allocate a pty for the command that it spawns, but otherwise doesn't really do anything on the local side. Thanks for the tip on using 'set device "!foo"'. I kind'a like that :) You may have a convert yet! -Brian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Sat Aug 12 0: 2:26 2000 Delivered-To: freebsd-arch@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 7BA4337B509 for ; Sat, 12 Aug 2000 00:02:22 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id BAA12163; Sat, 12 Aug 2000 01:02:19 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id BAA92741; Sat, 12 Aug 2000 01:01:47 -0600 (MDT) Message-Id: <200008120701.BAA92741@harmony.village.org> To: Mark Murray Subject: Re: cvs commit: src/gnu/usr.bin/perl Makefile Cc: arch@freebsd.org In-reply-to: Your message of "Sat, 12 Aug 2000 08:55:41 +0200." <200008120655.IAA18409@grimreaper.grondar.za> References: <200008120655.IAA18409@grimreaper.grondar.za> <20000811215224.B57942@mithrandr.moria.org> Date: Sat, 12 Aug 2000 01:01:47 -0600 From: Warner Losh Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In message <200008120655.IAA18409@grimreaper.grondar.za> Mark Murray writes: : If you reset the suid-bit on sperl5, then trying to run a suidperl script : results in: : : [greenpeace] ~/work $ ./test.pl : Can't do setuid Maybe it would be wise to expand this warning to include the reason it can't do the setuid and provide a solution (chmod). Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Sat Aug 12 4:13:33 2000 Delivered-To: freebsd-arch@freebsd.org Received: from grimreaper.grondar.za (grimreaper.grondar.za [196.7.18.138]) by hub.freebsd.org (Postfix) with ESMTP id 549B437B86C for ; Sat, 12 Aug 2000 04:13:26 -0700 (PDT) (envelope-from mark@grondar.za) Received: from grimreaper.grondar.za (localhost [127.0.0.1]) by grimreaper.grondar.za (8.9.3/8.9.3) with ESMTP id NAA19104; Sat, 12 Aug 2000 13:13:40 +0200 (SAST) (envelope-from mark@grimreaper.grondar.za) Message-Id: <200008121113.NAA19104@grimreaper.grondar.za> To: Warner Losh Cc: arch@freebsd.org Subject: Re: cvs commit: src/gnu/usr.bin/perl Makefile References: <200008120701.BAA92741@harmony.village.org> In-Reply-To: <200008120701.BAA92741@harmony.village.org> ; from Warner Losh "Sat, 12 Aug 2000 01:01:47 CST." Date: Sat, 12 Aug 2000 13:13:40 +0200 From: Mark Murray Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > In message <200008120655.IAA18409@grimreaper.grondar.za> Mark Murray writes: > : If you reset the suid-bit on sperl5, then trying to run a suidperl script > : results in: > : > : [greenpeace] ~/work $ ./test.pl > : Can't do setuid > > Maybe it would be wise to expand this warning to include the reason it > can't do the setuid and provide a solution (chmod). Spiffy. I'll add it to the list. M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Sat Aug 12 13:24:28 2000 Delivered-To: freebsd-arch@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id DCB0637BAF4 for ; Sat, 12 Aug 2000 13:24:13 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id OAA15876; Sat, 12 Aug 2000 14:24:01 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id OAA98798; Sat, 12 Aug 2000 14:23:25 -0600 (MDT) Message-Id: <200008122023.OAA98798@harmony.village.org> To: Mark Murray Subject: Re: cvs commit: src/gnu/usr.bin/perl Makefile Cc: arch@FreeBSD.ORG In-reply-to: Your message of "Sat, 12 Aug 2000 13:13:40 +0200." <200008121113.NAA19104@grimreaper.grondar.za> References: <200008121113.NAA19104@grimreaper.grondar.za> <200008120701.BAA92741@harmony.village.org> Date: Sat, 12 Aug 2000 14:23:25 -0600 From: Warner Losh Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In message <200008121113.NAA19104@grimreaper.grondar.za> Mark Murray writes: : > In message <200008120655.IAA18409@grimreaper.grondar.za> Mark Murray writes: : > : If you reset the suid-bit on sperl5, then trying to run a suidperl script : > : results in: : > : : > : [greenpeace] ~/work $ ./test.pl : > : Can't do setuid : > : > Maybe it would be wise to expand this warning to include the reason it : > can't do the setuid and provide a solution (chmod). : : Spiffy. I'll add it to the list. OK. That tells me that it would be safe to change the install mode from 0 (in my tree) to 511 so that the error message is actually seen when people try to run the setuid perl scripts. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Sat Aug 12 22: 9:50 2000 Delivered-To: freebsd-arch@freebsd.org Received: from dragon.nuxi.com (trang.nuxi.com [209.152.133.57]) by hub.freebsd.org (Postfix) with ESMTP id E0C3C37BF12 for ; Sat, 12 Aug 2000 22:09:44 -0700 (PDT) (envelope-from obrien@dragon.nuxi.com) Received: (from obrien@localhost) by dragon.nuxi.com (8.9.3/8.9.1) id WAA78312 for arch@freebsd.org; Sat, 12 Aug 2000 22:09:42 -0700 (PDT) (envelope-from obrien) Date: Sat, 12 Aug 2000 22:09:42 -0700 From: "David O'Brien" To: arch@freebsd.org Subject: Re: cvs commit: src/gnu/usr.bin/perl Makefile Message-ID: <20000812220942.B77195@dragon.nuxi.com> Reply-To: obrien@freebsd.org References: <200008111949.MAA26238@pike.osd.bsdi.com> <200008111951.NAA64094@harmony.village.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <200008111951.NAA64094@harmony.village.org>; from imp@village.org on Fri, Aug 11, 2000 at 01:51:28PM -0600 X-Operating-System: FreeBSD 5.0-CURRENT Organization: The NUXI BSD group X-Pgp-Rsa-Fingerprint: B7 4D 3E E9 11 39 5F A3 90 76 5D 69 58 D9 98 7A X-Pgp-Rsa-Keyid: 1024/34F9F9D5 Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Fri, Aug 11, 2000 at 01:51:28PM -0600, Warner Losh wrote: > : With this change, however, you probably don't want to use BUILD_SUIDPERL > : as the tweakable knob as we would still be building it. Perhaps just > : 'SUIDPERL' would be a better option name, but that is another bikeshed > : that can be painted later. > > 'ENABLE_SUIDPERL' might be a better shade for that bikeshed. Why not put ``ENABLE_SUIDPERL="NO"'' in /etc/defautls/rc.conf. Then in /etc/rc, right after /usr is mounted, check the value of `ENABLE_SUIDPERL' and either "u+s" or "u-s" it. -- -- David (obrien@FreeBSD.org) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Sat Aug 12 22:51: 3 2000 Delivered-To: freebsd-arch@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id EB39737B5DE; Sat, 12 Aug 2000 22:50:58 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id XAA17085; Sat, 12 Aug 2000 23:50:57 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id XAA06630; Sat, 12 Aug 2000 23:50:22 -0600 (MDT) Message-Id: <200008130550.XAA06630@harmony.village.org> To: obrien@FreeBSD.ORG Subject: Re: cvs commit: src/gnu/usr.bin/perl Makefile Cc: arch@FreeBSD.ORG In-reply-to: Your message of "Sat, 12 Aug 2000 22:09:42 PDT." <20000812220942.B77195@dragon.nuxi.com> References: <20000812220942.B77195@dragon.nuxi.com> <200008111949.MAA26238@pike.osd.bsdi.com> <200008111951.NAA64094@harmony.village.org> Date: Sat, 12 Aug 2000 23:50:22 -0600 From: Warner Losh Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In message <20000812220942.B77195@dragon.nuxi.com> "David O'Brien" writes: : On Fri, Aug 11, 2000 at 01:51:28PM -0600, Warner Losh wrote: : > : With this change, however, you probably don't want to use BUILD_SUIDPERL : > : as the tweakable knob as we would still be building it. Perhaps just : > : 'SUIDPERL' would be a better option name, but that is another bikeshed : > : that can be painted later. : > : > 'ENABLE_SUIDPERL' might be a better shade for that bikeshed. : : Why not put ``ENABLE_SUIDPERL="NO"'' in /etc/defautls/rc.conf. Then in : /etc/rc, right after /usr is mounted, check the value of : `ENABLE_SUIDPERL' and either "u+s" or "u-s" it. I'm not sure I like having setuid automatically enabling or disabling at boot. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Sat Aug 12 23: 6:49 2000 Delivered-To: freebsd-arch@freebsd.org Received: from dragon.nuxi.com (trang.nuxi.com [209.152.133.57]) by hub.freebsd.org (Postfix) with ESMTP id 4D68F37B5EF for ; Sat, 12 Aug 2000 23:06:41 -0700 (PDT) (envelope-from obrien@dragon.nuxi.com) Received: (from obrien@localhost) by dragon.nuxi.com (8.9.3/8.9.1) id XAA78758 for arch@FreeBSD.ORG; Sat, 12 Aug 2000 23:06:40 -0700 (PDT) (envelope-from obrien) Date: Sat, 12 Aug 2000 23:06:40 -0700 From: "David O'Brien" To: arch@FreeBSD.ORG Subject: Re: cvs commit: src/gnu/usr.bin/perl Makefile Message-ID: <20000812230640.A78736@dragon.nuxi.com> Reply-To: arch@FreeBSD.ORG References: <20000812220942.B77195@dragon.nuxi.com> <200008111949.MAA26238@pike.osd.bsdi.com> <200008111951.NAA64094@harmony.village.org> <20000812220942.B77195@dragon.nuxi.com> <200008130550.XAA06630@harmony.village.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <200008130550.XAA06630@harmony.village.org>; from imp@village.org on Sat, Aug 12, 2000 at 11:50:22PM -0600 X-Operating-System: FreeBSD 5.0-CURRENT Organization: The NUXI BSD group X-Pgp-Rsa-Fingerprint: B7 4D 3E E9 11 39 5F A3 90 76 5D 69 58 D9 98 7A X-Pgp-Rsa-Keyid: 1024/34F9F9D5 Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sat, Aug 12, 2000 at 11:50:22PM -0600, Warner Losh wrote: > : Why not put ``ENABLE_SUIDPERL="NO"'' in /etc/defautls/rc.conf. Then in > : /etc/rc, right after /usr is mounted, check the value of > : `ENABLE_SUIDPERL' and either "u+s" or "u-s" it. > > I'm not sure I like having setuid automatically enabling or disabling > at boot. Its the only automatic way I can think of to turn on suidperl and later turn it back off (easily) when I replace that last suidperl script. IMHO, it isn't that much different than turning on the various daemons that run as root. Rod's SUIDPERL_MODE would also be a fine rather than ENABLE_SUIDPERL. -- -- David (obrien@FreeBSD.org) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Sat Aug 12 23:29:38 2000 Delivered-To: freebsd-arch@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 2499137B5CB for ; Sat, 12 Aug 2000 23:29:36 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id AAA17201 for ; Sun, 13 Aug 2000 00:29:33 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id AAA06887 for ; Sun, 13 Aug 2000 00:28:58 -0600 (MDT) Message-Id: <200008130628.AAA06887@harmony.village.org> To: arch@FreeBSD.ORG Subject: Re: cvs commit: src/gnu/usr.bin/perl Makefile In-reply-to: Your message of "Sat, 12 Aug 2000 23:06:40 PDT." <20000812230640.A78736@dragon.nuxi.com> References: <20000812230640.A78736@dragon.nuxi.com> <20000812220942.B77195@dragon.nuxi.com> <200008111949.MAA26238@pike.osd.bsdi.com> <200008111951.NAA64094@harmony.village.org> <20000812220942.B77195@dragon.nuxi.com> <200008130550.XAA06630@harmony.village.org> Date: Sun, 13 Aug 2000 00:28:58 -0600 From: Warner Losh Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In message <20000812230640.A78736@dragon.nuxi.com> "David O'Brien" writes: : Its the only automatic way I can think of to turn on suidperl and later : turn it back off (easily) when I replace that last suidperl script. : IMHO, it isn't that much different than turning on the various daemons : that run as root. I guess I worry about an attacker replacing rc.conf and/or suidperl with something nasty. Of course, if it is rc.conf, you are SOL, so I'll not worry about that case. Replacing one binary in /usr/bin is likely to be tantamount to giving the person who could make that replacement root. So I guess these worries are not big deals because the rest of the system already is vulnerable (but so is everybody else, except for the md5 signed crowd of TrustedBSD (or is that SecureBSD)). It just makes me nervous to potentially turn on and off the setuid bit of an arbitrary file (even if it is well named) at boot time. I think it violates POLA in that we expect to store the permissions of the files in the file system. I'm not sure, so I'll need to cook on this overnight and see what my subconscious spits up overnight. : Rod's SUIDPERL_MODE would also be a fine rather than ENABLE_SUIDPERL. Boiled down, I think that's the HOW vs WHAT argument. AFAIK, There's only really two different modes for suidperl. Working (4511) and nonworking (444, 511, etc). One cannot control the ownership of the program, because then it can't do its thing. Since it is a binary choice, I thought ENABLE_SUIDPERL would be better. If we needed to do other things to enable/disable suidperl, then suidperl_mode would need a friend, maybe, or we'd have to check for the setuid bit. In addition, you control the permissions of access to the setuid perl stuff via the permissions on the setuid shell scripts that you have. I think that the current scheme (modulo bugs) with an enhanced warning/explaination about how to enable suidperl is the right way of going. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message