Displaying 20 results from an estimated 1000 matches similar to: "AuthenticationMethods option."
2012 Dec 11
1
evp_aes_<X>_ctr() vs. EVP_aes_<X>_ctr().
Hi.
OpenSSH currently has its own implementation of AES in counter mode
(cipher-ctr.c). This is probably because it wasn't available in OpenSSL.
From what I see now, recent OpenSSL does implement
EVP_aes_{128,192,256}_ctr() and it would be nice to use it whenever
possible. The gain here is that OpenSSH's version uses software AES
implementation and OpenSSL's version will use AES-NI if
2012 Sep 18
8
Collecting entropy from device_attach() times.
Hi.
I experimented a bit with collecting entropy from the time it takes for
device_attach() to run (in CPU cycles). It seems that those times have
enough variation that we can use it for entropy harvesting. It happens
even before root is mounted, so pretty early.
On the machine I'm testing it, which has minimal kernel plus NIC driver
I see 75 device_attach() calls. I'm being very careful
2013 Jun 08
1
Request for review: Sandboxing dhclient using Capsicum.
Hi.
I have a series of patches to sandbox dhclient using Capsicum
(capability mode and capability rights for descriptors).
As usual, because chroot and setgid/setuid are not sandboxing
mechanisms, there are many problems with the current sandboxing:
- Access to various global namespaces (like process list, network, etc.).
- Access to RAW UDP socket.
- Read/write access to bpf.
- Access to RAW
2015 Nov 19
4
[Bug 2502] New: using AuthenticationMethods to require s/key and pam doesn't work
https://bugzilla.mindrot.org/show_bug.cgi?id=2502
Bug ID: 2502
Summary: using AuthenticationMethods to require s/key and pam
doesn't work
Product: Portable OpenSSH
Version: 7.1p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: sshd
2013 Dec 20
1
sandbox-rlimit and ptrace.
I was wondering if the following attack would be feasible once I'm able
to break into rlimit sandbox.
Because sandboxed process that handles unauthenticated session is
running as the 'sshd' user I was wondering if this could be used to jump
between processes using ptrace(2). For example if I find a bug in the
code executed before authentication I could use ptrace(2) to attach to
2011 Jan 10
0
L2ARC and prefetched data.
Hi.
I can''t reach Brendan Gregg with this question (user unknown, he doesn''t
work for Oracle anymore?), so I''m sending it here:
FreeBSD users report much better performance and lower disk and CPU load
when L2ARC also holds prefetched data (l2arc_noprefetch = B_FALSE).
I was wondering what was the reason to avoid storing prefetched data on
L2ARC vdevs by default.
--
2007 Feb 18
3
Improper use of atomic_add_64().
Hi.
I noticed that when non-64bit variable is given as a second argument to
atomic_add_64() function, the result is invalid.
I found few places where such situation occurs. I wonder how this got
unnoticed with ztest, which fails on me within a few seconds (after I
started to use Solaris atomic operations) on assertions. Maybe this
only doesn''t work when compiled with gcc? Not sure, but
2006 Mar 06
6
gmirror(8) and graid3(8) changes.
Hi.
Here you can find patches with changes to gmirror(8) and graid3(8):
http://people.freebsd.org/~pjd/patches/gmirror.7.patch
http://people.freebsd.org/~pjd/patches/graid3.patch
The patches does the following:
- Significant synchronization speed improvement. Now many parallel
synchronization I/O requests can be used instead of only one before.
Many people requested this.
- Close race
2004 Mar 08
4
Call for review: restricted hardlinks.
Hi.
I've no response from so@ in this topic, probably because leak of time,
so I'll try here.
Here is a patch that I'm planing to commit:
http://people.freebsd.org/~pjd/patches/restricted_hardlinks.patch
It adds two new sysctls:
security.bsd.hardlink_check_uid
security.bsd.hardlink_check_gid
If sysctl security.bsd.hardlink_check_uid is set to 1, unprivileged users
are not
2008 Dec 07
2
zvol_read() and zvol_write().
I can''t find anything using those functions. Can they be removed?
--
Pawel Jakub Dawidek http://www.wheel.pl
pjd at FreeBSD.org http://www.FreeBSD.org
FreeBSD committer Am I Evil? Yes, I Am!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type:
2007 Mar 14
1
Check PRIV_VFS_MOUNT when jailed.
Hi.
I'd like to commit this patch:
http://people.freebsd.org/~pjd/patches/vfs_mount.c.9.patch
It currently should change nothing, but will be needed once we allow to
grant privileges for jails. I'd like to commit it now, so I can
experiment easier with my ZFS improvements.
--
Pawel Jakub Dawidek http://www.wheel.pl
pjd@FreeBSD.org
2008 Jul 29
2
Unexpected b_hdr change.
Hi.
We''re testing the most recent ZFS version from OpenSolaris ported to
FreeBSD. Kris (CCed) observed strange situation. In function arc_read()
he had a panic on assertion that we try to unlock a lock which is not
beeing held:
rw_enter(&pbuf->b_hdr->b_datalock, RW_READER);
err = arc_read_nolock(pio, spa, bp, done, private, priority,
flags, arc_flags, zb);
2007 Apr 06
11
ZFS committed to the FreeBSD base.
Hi.
I''m happy to inform that the ZFS file system is now part of the FreeBSD
operating system. ZFS is available in the HEAD branch and will be
available in FreeBSD 7.0-RELEASE as an experimental feature.
Commit log:
Please welcome ZFS - The last word in file systems.
ZFS file system was ported from OpenSolaris operating system. The code
in under CDDL license.
I''d
2006 Aug 25
4
Looking for confirmation.
Hi.
I''ve almost all file system functions working.
I started to run some heavy file system regression tests. They work. fsx
wasn''t able to break my port, but the test you can find here:
http://people.freebsd.org/~kan/fsstress.tar.gz
broke it. My kernel panics on this assertion (zfs_dir.c):
749: mutex_exit(&dzp->z_lock);
750:
751: error =
2007 Sep 21
4
ZFS (and quota)
I''m CCing zfs-discuss at opensolaris.org, as this doesn''t look like
FreeBSD-specific problem.
It looks there is a problem with block allocation(?) when we are near
quota limit. tank/foo dataset has quota set to 10m:
Without quota:
FreeBSD:
# dd if=/dev/zero of=/tank/test bs=512 count=20480
time: 0.7s
Solaris:
# dd if=/dev/zero of=/tank/test bs=512 count=20480
time: 4.5s
2005 May 24
1
Jail support for mac_portacl(4).
Hi.
When we don't have too many IP addresses available and we want to run
for example www server inside a jail, but use the same IP address as
the main system, we need to actually use an internal IP address and
forward http port with firewall from external IP to jail's IP.
In that way we know that if somebody breaks into out jail, he cannot
run sshd server (we have keys, I know) or any
2008 May 04
3
Some bugs/inconsistencies.
Hi.
I''m working on getting the most recent ZFS to the FreeBSD''s CVS. Because
of the huge amount of changes, I decided to work on ZFS regression
tests, so I''m more or less sure nothing broke in the meantime.
(Yes, I know about ZFS testsuite, but unfortunately I wasn''t able to
port it to FreeBSD, it was just too much work. I''m afraid it is too
2007 Sep 21
3
The ZFS-Man.
Hi.
I gave a talk about ZFS during EuroBSDCon 2007, and because it won the
the best talk award and some find it funny, here it is:
http://youtube.com/watch?v=o3TGM0T1CvE
a bit better version is here:
http://people.freebsd.org/~pjd/misc/zfs/zfs-man.swf
BTW. Inspired by ZFS demos from OpenSolaris page I created few demos of
ZFS on FreeBSD:
2005 Mar 07
2
New entropy source proposal.
Hi.
I've been playing a bit with "use sound card as an entropy source" idea.
This simple program does what I wanted:
http://people.freebsd.org/~pjd/misc/sndrand.tbz
The program is very simple, it should be run with two arguments:
% sndtest /dev/dspW 1048576 > rand.data
This command will generate 1MB of random data.
With my sound card:
pcm0: <Intel ICH3 (82801CA)>
2006 Nov 02
11
ZFS and memory usage.
ZFS works really stable on FreeBSD, but I''m biggest problem is how to
control ZFS memory usage. I''ve no idea how to leash that beast.
FreeBSD has a backpresure mechanism. I can register my function so it
will be called when there are memory problems, which I do. I using it
for ARC layer.
Even with this in place under heavy load the kernel panics, because
memory with KM_SLEEP