Contributed by Damien Miller on from the dept.
(Comments are closed)
OpenBSD Journal
Contributed by Damien Miller on from the dept.
(Comments are closed)
Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]
By Hurry-Kane (80.141.217.132) on
By dingo (198.208.251.24) on
https support in ftp!
opencvs!
Comments
By Igor Sobrado (156.35.26.1) on
I believe that they have not switched to OpenCVS yet. At this point, OpenCVS remains in experimental status. They have switched to OpenRCS however. If I am wrong, I will be glad to know. I hope that switching to OpenCVS will be possible before 4.0 is out.
Cheers,
Igor.
By CODOR (67.158.70.109) on
Fix for in-kernel ddb hangman so it counts correct guesses right.
By sthen (81.168.66.242) on
By David Chisnall (137.44.2.39) on
One thing I'm wondering though; systrace has been in the base system for a while, but is it used by default for anything? I could see sendmail as a prime candidate for being run inside systrace.
Comments
By Anonymous Coward (156.34.214.222) on
One of the things I like best about OpenBSD is that vast majority of changes from one release to another are not exciting at all. Most seem to be fixes for bugs I've never encountered and a steady increase in support for (mostly) new hardware I probably don't have. The OpenBSD developers seem to have an exceptional tolerence for what I would consider frustration and drudgery (aka 'an attention to detail'). I admit that I nodded off just reading the change list -- which is just the way I it.
Comments
By Anonymous Coward (156.34.214.222) on
Some of us just don't have an eye for detail. It is a rare gift.
By Anonymous Coward (213.5.161.18) on
>
> One thing I'm wondering though; systrace has been in the base system for a while, but is it used by default for anything? I could see sendmail as a prime candidate for being run inside systrace.
I've never used systrace, but I have heard that it slows down considerably the program that's running through it. Maybe that's one of the reasons that it is not used widely by default.
Comments
By Anonymous Coward (198.208.251.24) on
>
> I've never used systrace, but I have heard that it slows down considerably the program that's running through it. Maybe that's one of the reasons that it is not used widely by default.
You can enable systrace for compiling ports, check mk.conf manpage... if its not in the manpage, i saw the feature USESYSTRACE in one of the .mk include files. I enabled it for a while and I saw it prevent some ports from doing ridiciulously stupid things during configure.
However, I have tried to build entire trees of ports with usesystrace, and it has locked into an infinate memory hogging loop at certain points. Also if you suspend a ports compile with ^Z with systrace enabled, a resume failes (lock up).
Security is nice, but correctness and reliability is more important. Remember correctness is more officialy OpenBSD's goal. Security is just a by-product of that.
This is far different than the glibc stand of, "We don't need safe string functions like OpenBSD has, because it if you handle strings correctly in the first place, you don't need them."
It would be nice to use systrace on everything, but unless it works correctly, it is not worth the risk. Using systrace by default on may be embaressing when it causes your mail services to be unavailable.
Remember when Theo threatened to remove hifn drivers from the tree because of a bug he could not resolve? His words were something along the lines of, "It's embaressing to have this bug in our tree".
I am by no means an expert on systrace, so if I give a false perspective on the reliability or correctness of systrace code, please correct me! This is just my experience
By Kristaps Johnson (62.85.46.110) on
>
> One thing I'm wondering though; systrace has been in the base system for a while, but is it used by default for anything? I could see sendmail as a prime candidate for being run inside systrace.
(shameless plug follows, avert your eyes)
http://sysjail.bsd.lv
This is entirely based upon systrace.
Not in the base system (or an official port, although one may be found at the download page). Gives OpenBSD (and NetBSD) FreeBSD's "jail" functionality. I'm still working on a hardened 1.0 version, so this shouldn't be used in production, but I anticipate release before September.
Be good,
Kristaps
Comments
By Anonymous Coward (68.104.1.58) on
> Not in the base system (or an official port, although one may be found at the download page). Gives OpenBSD (and NetBSD) FreeBSD's "jail" functionality. I'm still working on a hardened 1.0 version, so this shouldn't be used in production, but I anticipate release before September.
>
> Be good,
> Kristaps
>
for a hosting solution, better /dev support would probably be needed so you could run sshd at least.
Comments
By Kristaps Johnson (62.85.46.110) on
If you've suggestions or hacked code, please let me know via e-mail... I can be noodled out from the website's "contacts" page. sshd and terminal devices has long rankled and I've not yet had the time to grok FreeBSD's device re-writes for reference. Thanks, K.
By MotelyFool (134.253.26.6) on
Comments
By Nate (65.94.57.162) on
Maybe noone checked the queue for a couple days?
By Anonymous Coward (67.64.89.177) on
Becasue this one had all the text already written into it. We had several submissions but they were one liners. The more verbose you are the more likely you are to get published.
By Kurt Seifried (68.149.173.71) kurt@seifried.org on http://www.seifried.org/