similar to: working around TOE bug

Couple of little things I noticed with a new RELENG_7 AMD64 box (as of yesterday) ifstat from the ports cannot seem to find interfaces for some reason ? It works fine on i386 [ns8]# ifstat -b ifstat: no interfaces to monitor! [ns8]# [ns8]# ifconfig em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500

We are in the process of migrating one of our embedded apps to use uart by default instead of sio in RELENG_7 in prep for the day when sio eventually disappears. Unfortunately, the application doesnt want to work with uart with puc backed devices, but still works with sio. Stranger still, the app works with the uart driver when uart attaches to the built in com port on the isa bus. However,

Other than cranking up logging to debug2, is there a way to better tune logging on a server to see if I am running into max sessions ? On FreeBSD RELENG11 I am periodically seeing connections being refused- 3way handshake not completing or completing and then FINs. Typically, I have a hundred or so connections at one time, but they can bounce up to a few hundred on occasion. Without leaving the

I have a somewhat busy sftp server where the users are all chrooted into their home directory. In order to log all the commands they enter, I have to create a /dev/log entry and hard link in their home directory so that syslog works for their commands Match user * ForceCommand internal-sftp -f local1 -l verbose Everything works, but its a bit of a pain if someone restarts syslogd and forgets

On 7/24/2017 8:39 PM, Nico Kadel-Garcia wrote: > > Why are the targets of the hardlinks evaporating on rebooting? Is that > a FreeBSD'ism? Its when syslogd stops/starts. The hardlinks need to be recreated for some reason. ---Mike -- ------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike at sentex.net Providing Internet services since 1994

The box has a fairly heavy UDP load. Its RELENG_7 as of today and took 3hrs for it to dump core. Fatal trap 12: page fault while in kernel mode cpuid = 1; apic id = 01 fault virtual address = 0x68 fault code = supervisor read, page not present instruction pointer = 0x20:0xc0637146 stack pointer = 0x28:0xe766eaac frame pointer = 0x28:0xe766eb54 code segment

I gave the AMD64 version of 7.2 RC2 a spin and all installed as expected off the dvd INTEL S3200SHV MB, Core2Duo, 4G of RAM In the past it had been suggested that for zfs tuning, something like vm.kmem_size_max="1073741824" vm.kmem_size="1073741824" vfs.zfs.prefetch_disable=1 However doing a simple test with bonnie and dd, there does not seem to be very much difference in

On a rather full customer web server, I am trying to track down whose web site script is trying to make outbound network connections when they should not be. In /etc/security/audit_control, I added to the flags line dir:/var/audit flags:lo,aa,-nt minfree:5 to log failed network connection. When I try an make an outbound connection to something that is blocked in pf, it seems to sometimes work.

Does anyone know the practicality of this attack ? i.e. is this trivial to do ? ---Mike -------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet since 1994 www.sentex.net Cambridge, Ontario Canada

Hi, Just got some of the new Soekris 1401 VPN cards based on the hifn 7955 chip. hifn0 mem 0xe8510000-0xe8517fff,0xe8518000-0xe8519fff,0xe851a000-0xe851afff irq 5 at device 0.0 on pci1 hifn0: Hifn 7955, rev 0, 32KB dram, 64 sessions vs hifn0 mem 0xeb902000-0xeb902fff,0xeb901000-0xeb901fff irq 10 at device 8.0 on pci0 hifn0: Hifn 7951, rev 0, 128KB sram, 193 sessions When it says "n

An interesting paper http://www.acm.org/sigcomm/sigcomm2003/papers/p75-kuzmanovic.pdf ---Mike -------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet since 1994 www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike

Any chance someone can look at / commit the fix in PR 52349 before 4.9R ? Its a simple fix. As it is to netstat, I dont know of anyone who 'owns' that program to bug other than to make a general plea :-) ---Mike -------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications,

I am getting an odd error on a recent i386 releng9 while trying to build a nanobsd image. It dies during installworld in cd /usr/src/etc/../share/man; /usr/obj/nanobsd.full//usr/src/make.i386/make makedb makewhatis /usr/obj/nanobsd.full//_.w/usr/share/man makewhatis /usr/obj/nanobsd.full//_.w/usr/share/openssl/man rm: /tmp/install.bqKyLzJg: Directory not empty *** [installworld] Error code 1 1

While I was tying down a supernet to the discard interface, the box crashed on me. Its a STABLE box from June 4th. I was in zebra at the time and thought I would route a /24 to ds0 instead of to the IP on ds0 (which I had done for a number of other aggregate routes). The only other "strange" thing about the box is that ds0 is loaded via kld. I will see if I can reproduce it on a

Is the version in FreeBSD vulnerable ? http://www.openssh.com/txt/release-4.4 I know version 1 is disabled by default, but if its not, does it impact the daemon ? ---Mike -------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing

Cisco released an advisory about their ntp client and server having a bug http://www.cisco.com/warp/public/707/NTP-pub.shtml Is there a common code base at all that would have relevance to the code in FreeBSD ? I noticed in the COPYRIGHT file cisco has made some contributions. ---Mike -------------------------------------------------------------------- Mike Tancsa,

I wrote a small app that monitors a Back-UPS ES500 UPS via the uhid0 interface. I want to run the daemon with as little privs as possible. gastest# ls -l /dev/uhid0 crw-rw---- 1 root operator 122, 0 Nov 12 05:26 /dev/uhid0 gastest# Is it safe to chmod o+r /dev/uhid0 ? Or is there a better way to drop privs of the daemon yet still be able to read from the device ? All I am doing is

Has anyone around here heard of this ? ---Mike >Subject: Re: [Full-Disclosure] new ssh exploit? >From: christopher neitzert <chris@neitzert.com> >Reply-To: chris@neitzert.com >To: full-disclosure@lists.netsys.com >X-Mailer: Ximian Evolution 1.4.3.99 >Sender: full-disclosure-admin@lists.netsys.com >X-BeenThere: full-disclosure@lists.netsys.com

FYI >To: misc@openbsd.org >Subject: FreeBSD hiding security stuff >Date: Fri, 04 Mar 2005 03:51:42 -0700 >From: Theo de Raadt <deraadt@cvs.openbsd.org> > >A few FreeBSD developers apparently have found some security issue >of some sort affecting i386 operating systems in some cases. > >They have refused to give us real details. > >A promise is now being

Does anyone know off hand what the longest known serious security issue (i.e. remote compromise) has been with FreeBSD that went unpatched ? e.g. security hole is reported to security-officer@FreeBSD.org. X days later, fix and advisory committed. What has been the largest X ? My jaw dropped when I saw http://www.eeye.com/html/Research/Upcoming/index.html ---Mike