freebsd-hackers-digest V5 #750
owner-freebsd-...@freebsd.org
freebsd-hackers-digest Thursday, March 20 2003 Volume 05 : Number 750
In this issue:
Re: mixer for /etc/rc
Re: making CVS more convenient
Re: mixer for /etc/rc
Re: Wireless PCI card
boot without user and password
Re: boot without user and password
Re: boot without user and password
Re: boot without user and password
CerbNG 1.0-RC1 is now avaliable.
generalized mergemaster(8)
----------------------------------------------------------------------
Date: 20 Mar 2003 13:38:47 +1030
From: "Daniel O'Connor" <doco...@gsoft.com.au>
Subject: Re: mixer for /etc/rc
On Thu, 2003-03-20 at 12:48, Norikatsu Shigemura wrote:
> I think that I don't need it if a little machines requires sound.
> But I have many machines (mine or not mine) which use sound (or can
> use it). I almost hate to install these to /etc/rc.local. And even
> I want it, many users want it:-). Different point from setting
> /etc/rc.conf is that anyone always check this file, but /etc/rc.local
> is not so.
You could write a port which did this..
I imagine it would consist only of a file in /usr/local/etc/rc.d :)
You could get it to store the current mixer values on shutdown too.
- --
Daniel O'Connor software and network engineer
for Genesis Software - http://www.gsoft.com.au
"The nice thing about standards is that there
are so many of them to choose from."
-- Andrew Tanenbaum
GPG Fingerprint - 9A8C 569F 685A D928 5140 AE4B 319B 41F4 5D17 FDD5
------------------------------
Date: Wed, 19 Mar 2003 22:37:49 -0500
From: Sergey Babkin <bab...@bellatlantic.net>
Subject: Re: making CVS more convenient
Terry Lambert wrote:
>
> Sergey Babkin wrote:
> > Terry Lambert wrote:
> > > > # OK, let's suppose that our changes are finally complete, and nobody
> > > > # else has committed any other changes in between
> > > > cvs ci
> > >
> > > Suppose someone has? If you are so out of touch with the net you
> > > need a cache, you are probably going to get a conflict, because
> >
> > It's very likely that the conflict can be cured by a simple
> > "cvs update".
>
> How? Your local repository is out of date. You can't update
> your local repository because it's a cache, and the cache contains
> some local changes, and any update will bow those changes away, or
> abort because there's a conflict. This is exactly my "incoherent"
> picture.
No, it does not contain the local changes. The local changes
are in a completely separate repository. (Well, if the same
repository could be made to contain the local changes without
upsetting cvsup and cvs, that would be just as good or better.
But that seems to be too difficult, a completely separate repository
for local changes looks easier). Hope that clarifies the picture.
> You can't make local checkins to the same place CVSup writes to;
> CVS is too stupid, and CVSup is too stupid to handle it. You'd
> need a "multicvs" -- one that could operate a shadow repository.
Yes. I guess we just had terminological difficulties with explaining
this point to each other :-)
- -SB
------------------------------
Date: Thu, 20 Mar 2003 09:00:25 +0100
From: Stijn Hoop <st...@win.tue.nl>
Subject: Re: mixer for /etc/rc
- --tKW2IUtsqtDRztdT
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Thu, Mar 20, 2003 at 11:18:24AM +0900, Norikatsu Shigemura wrote:
> On Wed, 19 Mar 2003 12:58:27 +0100
> Stijn Hoop <st...@win.tue.nl> wrote:
> > On Wed, Mar 19, 2003 at 03:23:07AM -0800, Doug Barton wrote:
> > > > I want to mixer in /etc/rc (setting sound volume on boot).
> > > > I add it to /etc/rc, /etc/defaults/rc.conf, etc...
> > > > Would you review and commit?
> > > Off hand, I'd say this is more of an /etc/rc.local, or /usr/local/etc=
/rc.d
> > > thing. We haven't really started down the road of what I generically =
refer
> > > to as "desktop" configuration items in rc.
> > Why *not*? As long as it behaves when run in a system without sound, I =
don't
> > see any reason to make things easier for users, whether they use the ma=
chine
> > as a server or as a desktop.
> > I'd very much like to see (something like) this in the base -- I haven't
> > even looked at these patches but the idea is IMHO worthwhile.
>=20
> I think that I don't need it if a little machines requires sound.
> But I have many machines (mine or not mine) which use sound (or can
> use it). I almost hate to install these to /etc/rc.local. And even=20
> I want it, many users want it:-). Different point from setting
> /etc/rc.conf is that anyone always check this file, but /etc/rc.local
> is not so.
Yes, I agree with you. Making a port out of this is imho plain silly, or
is someone actually relying on the mixer being set to a default value on
bootup?
- --Stijn
- --=20
"What if everything you see is more than what you see -- the person next to
you is a warrior and the space that appears empty is a secret door to anoth=
er
world? What if something appears that shouldn't? You either dismiss it, or =
you
accept that there is much more to the world than you think. Perhaps it real=
ly
is a doorway, and if you choose to go inside, you'll find many unexpected
things."
-- Shigeru Miyamoto
- --tKW2IUtsqtDRztdT
Content-Type: application/pgp-signature
Content-Disposition: inline
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)
iD8DBQE+eXUZY3r/tLQmfWcRAvFnAJ0WU+TCF8sRRyEbp/wHy9jNNMaaswCdFda0
mlHjliHLSjrGataYYeM/8HI=
=aB51
- -----END PGP SIGNATURE-----
- --tKW2IUtsqtDRztdT--
------------------------------
Date: Thu, 20 Mar 2003 16:12:12 +0100
From: Andrea Franceschini <andrea.fr...@postecom.it>
Subject: Re: Wireless PCI card
On Fri, Feb 21, 2003 at 10:51:08AM -0800, Terry Lambert wrote:
> Andrea Franceschini wrote:
> > > So... going back to Alfred's question: what did the vendor say about
> > > the PCI card not claiming a memory window?
> > >
> > Who's supposed to reply this question?
> > I could try to contact the Sohoware but, due my poor PCI knowlwdge, I
> > wouldn't know what to ask for.:(
> >
> > Can you give me more details ,about what the problem seems to be?
>
>
> Hello, company who makes the card I bought.
>
> Your card's PCI information seems to indicate that it does
> not need a memory region in order to operate.
>
> How can this be?
>
> Do I have a defective card?
>
> Can I flash the card memory with an updated version of card
> BIOS or something, in order to fix this problem?
>
> If so, where can I obtain a utility to do this?
>
> Thanks,
> Andrea Franceschini
>
> -- Terry
>
Just to not left this thread unfinished.
This is the reply from Sohoware:
"Andrea,
Due to the very limited information you have provided, we are unsure what
you are trying to say. Please provide us with the following information:
1. What OS are you running?
2. What error message are you getting when you are trying to install the
card?
3. Where did you buy the card from?
Regards,
Tech Support "
And this is my answer:
- -----------------------------
> 1. What OS are you running?
I'm running FreeBSD 4.7 which supports Prism2/2.5 based cards.
The card I have is a NCP130 that should be Prism based.Shouldn't it?
>2. What error message are you getting when you are trying to install the
card?
The message i got is:
wi0: No I/O space?!
device_probe_and_attach: wi0 attach returned 6
Usually this problem comes out when the PCI card doesn't claim IO space in
the resource list,while local registers and attribute memory can both be
found.
How's this possible?
Do you have any clue?
Are these informations placed elsewhere?
>3. Where did you buy the card from?
I bought it from E-Bay, the card was still sealed.
>
> Regards,
- ------------------------------
And Finally the obvious Answer :(
- ------------------------------
Andrea,
Yes the NCP130 is has the Prism chipset, but we do not provide drivers or
support for Linux user with the CableFREE II series product.
Regards,
- ------------------------------
I tried asking for further informations but without success...
So I did further investigations on my own and I found out that the linux driver supports that card!
Using the useful informations about PCI programming found in this book http://www.xml.com/ldd/chapter/book/index.html , I managed to modify wi driver to make it recognize the card properly.
And ... It works!
This is the patch ,I applied it against 5.0-current ,but it should work on different RELEASES , 'cause that part of code didn't get modified trough versions.
- ---- CUT HERE ----
diff -crN wi/if_wi_pci.c wi.new/if_wi_pci.c
*** wi/if_wi_pci.c Wed Jan 15 21:11:31 2003
- --- wi.new/if_wi_pci.c Sat Mar 15 18:50:36 2003
***************
*** 101,106 ****
- --- 101,107 ----
{0x16ab, 0x1102, WI_BUS_PCI_PLX, "Linksys WDT11"},
{0x1385, 0x4100, WI_BUS_PCI_PLX, "Netgear MA301"},
{0x1638, 0x1100, WI_BUS_PCI_PLX, "PRISM2STA WaveLAN"},
+ {0x15E8, 0x0131, WI_BUS_PCI_ASIC, "Prism II InstantWave HR PCI card"},
{0x111a, 0x1023, WI_BUS_PCI_PLX, "Siemens SpeedStream"},
{0x16ec, 0x3685, WI_BUS_PCI_PLX, "US Robotics 2415"},
{0, 0, 0, NULL}
***************
*** 150,162 ****
}
if (sc->wi_bus_type != WI_BUS_PCI_NATIVE) {
! error = wi_alloc(dev, WI_PCI_IORES);
! if (error)
! return (error);
!
! /* Make sure interrupts are disabled. */
! CSR_WRITE_2(sc, WI_INT_EN, 0);
! CSR_WRITE_2(sc, WI_EVENT_ACK, 0xFFFF);
/* We have to do a magic PLX poke to enable interrupts */
sc->local_rid = WI_PCI_LOCALRES;
- --- 151,168 ----
}
if (sc->wi_bus_type != WI_BUS_PCI_NATIVE) {
! if (sc->wi_bus_type == WI_BUS_PCI_ASIC ) {
! error = wi_alloc(dev, WI_PCI_MEMRES); /* with TMC7160 ioaddress is at BAR2 */
! } else {
! error = wi_alloc(dev, WI_PCI_IORES);
! }
! if (error)
! return (error);
!
! /* Make sure interrupts are disabled. */
! CSR_WRITE_2(sc, WI_INT_EN, 0);
! CSR_WRITE_2(sc, WI_EVENT_ACK, 0xFFFF);
!
/* We have to do a magic PLX poke to enable interrupts */
sc->local_rid = WI_PCI_LOCALRES;
***************
*** 164,202 ****
&sc->local_rid, 0, ~0, 1, RF_ACTIVE);
sc->wi_localtag = rman_get_bustag(sc->local);
sc->wi_localhandle = rman_get_bushandle(sc->local);
! command = bus_space_read_4(sc->wi_localtag, sc->wi_localhandle,
! WI_LOCAL_INTCSR);
! command |= WI_LOCAL_INTEN;
! bus_space_write_4(sc->wi_localtag, sc->wi_localhandle,
! WI_LOCAL_INTCSR, command);
bus_release_resource(dev, SYS_RES_IOPORT, sc->local_rid,
sc->local);
sc->local = NULL;
! sc->mem_rid = WI_PCI_MEMRES;
! sc->mem = bus_alloc_resource(dev, SYS_RES_MEMORY, &sc->mem_rid,
! 0, ~0, 1, RF_ACTIVE);
! if (sc->mem == NULL) {
! device_printf(dev, "couldn't allocate memory\n");
! wi_free(dev);
! return (ENXIO);
! }
! sc->wi_bmemtag = rman_get_bustag(sc->mem);
! sc->wi_bmemhandle = rman_get_bushandle(sc->mem);
!
! /*
! * From Linux driver:
! * Write COR to enable PC card
! * This is a subset of the protocol that the pccard bus code
! * would do.
! */
! CSM_WRITE_1(sc, WI_COR_OFFSET, WI_COR_VALUE);
! reg = CSM_READ_1(sc, WI_COR_OFFSET);
! if (reg != WI_COR_VALUE) {
! device_printf(dev, "CSM_READ_1(WI_COR_OFFSET) "
! "wanted %d, got %d\n", WI_COR_VALUE, reg);
! wi_free(dev);
! return (ENXIO);
}
} else {
error = wi_alloc(dev, WI_PCI_LMEMRES);
- --- 170,225 ----
&sc->local_rid, 0, ~0, 1, RF_ACTIVE);
sc->wi_localtag = rman_get_bustag(sc->local);
sc->wi_localhandle = rman_get_bushandle(sc->local);
!
! if (sc->wi_bus_type != WI_BUS_PCI_ASIC ) {
! command = bus_space_read_4(sc->wi_localtag, sc->wi_localhandle,
! WI_LOCAL_INTCSR);
! command |= WI_LOCAL_INTEN;
! bus_space_write_4(sc->wi_localtag, sc->wi_localhandle,
! WI_LOCAL_INTCSR, command);
! } else {
! bus_space_write_1(sc->wi_localtag, sc->wi_localhandle,0,0x45);
!
! DELAY(500000);
!
! command = bus_space_read_1(sc->wi_localtag, sc->wi_localhandle,0);
! if (command!= 0x45) {
! device_printf(dev, "Initialize the TMC7160 failed. \n");
! wi_free(dev);
! return (ENXIO);
! }
! }
!
bus_release_resource(dev, SYS_RES_IOPORT, sc->local_rid,
sc->local);
sc->local = NULL;
! if (sc->wi_bus_type != WI_BUS_PCI_ASIC ) {
! sc->mem_rid = WI_PCI_MEMRES;
! sc->mem = bus_alloc_resource(dev, SYS_RES_MEMORY, &sc->mem_rid,
! 0, ~0, 1, RF_ACTIVE);
! if (sc->mem == NULL) {
! device_printf(dev, "couldn't allocate memory\n");
! wi_free(dev);
! return (ENXIO);
! }
! sc->wi_bmemtag = rman_get_bustag(sc->mem);
! sc->wi_bmemhandle = rman_get_bushandle(sc->mem);
!
! /*
! * From Linux driver:
! * Write COR to enable PC card
! * This is a subset of the protocol that the pccard bus code
! * would do.
! */
! CSM_WRITE_1(sc, WI_COR_OFFSET, WI_COR_VALUE);
! reg = CSM_READ_1(sc, WI_COR_OFFSET);
! if (reg != WI_COR_VALUE) {
! device_printf(dev, "CSM_READ_1(WI_COR_OFFSET) "
! "wanted %d, got %d\n", WI_COR_VALUE, reg);
! wi_free(dev);
! return (ENXIO);
! }
}
} else {
error = wi_alloc(dev, WI_PCI_LMEMRES);
diff -crN wi/if_wireg.h wi.new/if_wireg.h
*** wi/if_wireg.h Wed Jan 15 21:11:31 2003
- --- wi.new/if_wireg.h Tue Mar 11 23:42:01 2003
***************
*** 97,102 ****
- --- 97,103 ----
#define WI_BUS_PCCARD 0 /* pccard device */
#define WI_BUS_PCI_PLX 1 /* PCI card w/ PLX PCI/PCMICA bridge */
#define WI_BUS_PCI_NATIVE 2 /* native PCI device (Prism 2.5) */
+ #define WI_BUS_PCI_ASIC 3 /* PCI card w/ TMD7160 (ASIC) */
/*
* register space access macros
- --- CUT HERE ---
This should work also with other cards of the same breed (TMC7160 based).
I didn't test it thorougly so it may have some problems with particular configurations.
Actually it may have some problems on the init/reset code and it could require some adjustment,but it works for me as it is so... :)
Bye.
------------------------------
Date: Thu, 20 Mar 2003 16:18:43 +0000
From: "Emilio Manuel" <curio...@hotmail.com>
Subject: boot without user and password
I want to know how a FreeBSD box, just after finish booting process, can
start automatically a session with a predeterminate user without doing the
normal login process (ie, without typing user and password).
I wan to do this under Xwindows because I pretend to use this box as a "dumb
X terminal" that can display messages send from another UNIX machine.
Security themes don't bother me, cause I use this box in a small local
network without conflictive users.
Thank you in advance.
- ----------------------------------------------------
Quisiera saber como una máquina FreeBSD, justo despues de terminar el
proceso de arranque, podría arrancar una sesión automáticamente con un
usuario predeterminado, sin pasar por el proceso normal de conexión (es
decir, sin teclear el usuario y la contraseña).
Quiero hacer esto con Xwindows porque pretendo usar esta máquina como
"terminal tonto" que muestre mensajes enviados desde otras máquinas.
Los temas de seguridad no me preocupan, pues la red local es pequeña y los
usuarios no son conflictivos.
Gracias de antemano.
_________________________________________________________________
Charla con tus amigos en línea mediante MSN Messenger:
http://messenger.yupimsn.com/
------------------------------
Date: Thu, 20 Mar 2003 11:40:12 -0500
From: Anthony Schneider <ant...@x-anthony.com>
Subject: Re: boot without user and password
- --82I3+IH0IqGh5yIs
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
if you are trying to do what i think you're trying to do, you can put=20
something like the following in /etc/rc.local or in a script in=20
/usr/local/etc/rc.d:
su username -c xinit
where username is the name of the user you want to start X with.
- -Anthony.
On Thu, Mar 20, 2003 at 04:18:43PM +0000, Emilio Manuel wrote:
> I want to know how a FreeBSD box, just after finish booting process, can=
=20
> start automatically a session with a predeterminate user without doing th=
e=20
> normal login process (ie, without typing user and password).
>=20
> I wan to do this under Xwindows because I pretend to use this box as a=20
> "dumb X terminal" that can display messages send from another UNIX machin=
e.
>=20
> Security themes don't bother me, cause I use this box in a small local=20
> network without conflictive users.
>=20
> Thank you in advance.
>=20
> ----------------------------------------------------
> Quisiera saber como una m?quina FreeBSD, justo despues de terminar el=20
> proceso de arranque, podr?a arrancar una sesi?n autom?ticamente con un=20
> usuario predeterminado, sin pasar por el proceso normal de conexi?n (es=
=20
> decir, sin teclear el usuario y la contrase?a).
>=20
> Quiero hacer esto con Xwindows porque pretendo usar esta m?quina como=20
> "terminal tonto" que muestre mensajes enviados desde otras m?quinas.
>=20
> Los temas de seguridad no me preocupan, pues la red local es peque?a y lo=
s=20
> usuarios no son conflictivos.
>=20
> Gracias de antemano.
>=20
>=20
> _________________________________________________________________
> Charla con tus amigos en l?nea mediante MSN Messenger:=20
> http://messenger.yupimsn.com/
>=20
>=20
> To Unsubscribe: send mail to majo...@FreeBSD.org
> with "unsubscribe freebsd-hackers" in the body of the message
- --82I3+IH0IqGh5yIs
Content-Type: application/pgp-signature
Content-Disposition: inline
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (FreeBSD)
iD8DBQE+ee7rKUeW47UGY2kRAoJTAJ9ntbHbzAl+TMPO+W9jLTpUboLdjwCfVuRi
NdmYD435ME43L33iECsr/+s=
=mOBC
- -----END PGP SIGNATURE-----
- --82I3+IH0IqGh5yIs--
------------------------------
Date: Thu, 20 Mar 2003 20:17:44 +0000
From: void <fl...@firedrake.org>
Subject: Re: boot without user and password
On Thu, Mar 20, 2003 at 11:40:12AM -0500, Anthony Schneider wrote:
> if you are trying to do what i think you're trying to do, you can put
> something like the following in /etc/rc.local or in a script in
> /usr/local/etc/rc.d:
>
> su username -c xinit
>
> where username is the name of the user you want to start X with.
And if you're not using X, you could try this -- it's untested but I
think it will work. Replace this line in /etc/ttys:
ttyv0 "/usr/libexec/getty Pc" cons25 on secure
with this:
ttyv0 "login -f username" cons25 on secure
> On Thu, Mar 20, 2003 at 04:18:43PM +0000, Emilio Manuel wrote:
> > I want to know how a FreeBSD box, just after finish booting process, can
> > start automatically a session with a predeterminate user without doing the
> > normal login process (ie, without typing user and password).
> >
> > I wan to do this under Xwindows because I pretend to use this box as a
> > "dumb X terminal" that can display messages send from another UNIX machine.
> >
> > Security themes don't bother me, cause I use this box in a small local
> > network without conflictive users.
> >
> > Thank you in advance.
> >
> > ----------------------------------------------------
> > Quisiera saber como una m?quina FreeBSD, justo despues de terminar el
> > proceso de arranque, podr?a arrancar una sesi?n autom?ticamente con un
> > usuario predeterminado, sin pasar por el proceso normal de conexi?n (es
> > decir, sin teclear el usuario y la contrase?a).
> >
> > Quiero hacer esto con Xwindows porque pretendo usar esta m?quina como
> > "terminal tonto" que muestre mensajes enviados desde otras m?quinas.
> >
> > Los temas de seguridad no me preocupan, pues la red local es peque?a y los
> > usuarios no son conflictivos.
> >
> > Gracias de antemano.
> >
> >
> > _________________________________________________________________
> > Charla con tus amigos en l?nea mediante MSN Messenger:
> > http://messenger.yupimsn.com/
> >
> >
> > To Unsubscribe: send mail to majo...@FreeBSD.org
> > with "unsubscribe freebsd-hackers" in the body of the message
- --
Ben
"An art scene of delight
I created this to be ..." -- Sun Ra
------------------------------
Date: Thu, 20 Mar 2003 15:24:45 -0500
From: Leo Bicknell <bick...@ufp.org>
Subject: Re: boot without user and password
- --n8g4imXOkfNTN/H1
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
In a message written on Thu, Mar 20, 2003 at 04:18:43PM +0000, Emilio Manue=
l wrote:
> I wan to do this under Xwindows because I pretend to use this box as a=20
> "dumb X terminal" that can display messages send from another UNIX machin=
e.
If you really want to use it as an xterminal, you probably want to look
into the man page for Xserver, some sample command lines for you to try:
Start a session on a remote host:
X -query other-host.your.net
Find all machines on the local network that will accept a session:
X -broadcast
Ask another host on the network for a list of servers to start a session
with:
X -indirect other-host.your.net
For the last option you may need to configure the "chooser" on the other
server, and all options may require changing some access permissions on
the other boxes you want to query.
Once you find what you like you can put it in a startup script
somewhere.
- --=20
Leo Bicknell - bick...@ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
Read TMBG List - tmbg-lis...@tmbg.org, www.tmbg.org
- --n8g4imXOkfNTN/H1
Content-Type: application/pgp-signature
Content-Disposition: inline
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org
iD8DBQE+eiONNh6mMG5yMTYRAvuBAJ9EZv+y+gsrue2EJZa/IxJe9hN3ugCbBMCl
f/nJ8XYCvQmu/wDp5h7FKOg=
=YN88
- -----END PGP SIGNATURE-----
- --n8g4imXOkfNTN/H1--
------------------------------
Date: Fri, 21 Mar 2003 01:58:38 +0100
From: Pawel Jakub Dawidek <ni...@garage.freebsd.pl>
Subject: CerbNG 1.0-RC1 is now avaliable.
- --/8Xxy37xq6kDVsli
Content-Type: text/plain; charset=iso-8859-2
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Good news everyone. After six months of hard work, many hundreds CVS commits
and lots of lost nights we would like to proudly announce, that the CerbNG
project released first generally available version (1.0-RC1) of it's kernel
security module.
It is hard to write some terse words of encouragement for using/testing
a program which we have worked on for so long. Nevertheless, we will try to
do it in this message.
CerbNG is a kernel module for FreeBSD version 4.x (5.x version soon to come=
).
Our main purpose is providing the administrator with tools for enforcing fi=
ne
grained control for critical system applications/processes/environments, i.=
e.
privileged daemons (not only those running with uid 0), and setuid programs.
But it is just a small part of CerbNG functionality.
Lead principles in CerbNG development are transparency and flexibility.
Sysadmins often do not have time and resources to patch all buggy applicati=
ons,
even for security related vulnerabilities.
For defining the system protecting rules, we use a flexible language vaguely
similar to C. Some basic CerbNG capabilities are:
- detailed control and validation of selected system calls and
their arguments
- ability of changing syscall arguments and returned values
- possibility of modifying process properties and environment
- modifying sysctls during process runtime depending on process
behavior and context
- precise and configurable logging
- intuitive, flexible and powerful rule description language
Tarball for Version 1.0-RC1 contains some example policy files
described below:
openssh.cb - Controls sshd(8) (if sshd is running when
the policy is being loaded, it has to be
restarted). The policy degrades sshd
privileges after it's been started to uid
and gid for user/group sshd. CerbNG elevates
sshd rights for performing privileged
operations only.
passwd.cb - Controls passwd(1). Similarly to openssh.cb,
privileges of the passwd process are changed
to those of user running this program.
Privileges are degraded regardless of the
setuid bit on /usr/bin/passwd.
ping.cb, su.cb - Similar privilege degradation examples.
noexec-by-group.cb - Noexec for all users but root and members of
exec group. Additionally environment
variables with names beginning with LD_ are
checked.
degrade-unknown-sugids.cb - All setuid/setgid files, which are not
controlled by Cerb are denied elevated
privileges and run with credentials of
user performing the execve(2) syscall.
restricted-debug.cb - Using ptrace(2) and ktrace(2) syscalls will
be limited to root user and members of 'debug'
group.
restricted-link.cb - Non-root users will be denied the right to
create hard links to other users' files.
log-exec.cb - All execve(2) calls performed by
non-privileged users will be logged.
We encourage all interested members of FreeBSD community to testing, sharing
ideas/comments and last but not least - reporting bugs. We hope, that CerbNG
becomes another useful tool for improving security of servers running FreeB=
SD.
CerbNG CVS repository and latest tarballs are available at:
http://sourceforge.net/projects/cerber/
For detailed installation instructions see INSTALL file, or HOWTO.html at:
http://cerber.sourceforge.net/docs/HOWTO.html
Project HomePage:
http://cerber.sourceforge.net/
We invite all interested users and would-be users to subscription of
our mailing lists. To subscribe those lists, visit:
http://lists.sourceforge.net/mailman/listinfo/cerber-list
http://lists.sourceforge.net/mailman/listinfo/cerber-commits
CerbNG authors are:
Pawel Jakub Dawidek <ni...@garage.freebsd.pl>
Cerb project initiator, head programmer, kernel part
developer, polish documentation author.
Slawek Zak <za...@era.pl>
Designer of CerbNG configuration language syntax and
compiler structure, author of userland policy compiler,
documentation translator.
PS. We are also preparing a technical document for BSDCon 2003.
- --=20
Pawel Jakub Dawidek
UNIX Systems Administrator
http://garage.freebsd.pl
Am I Evil? Yes, I Am.
- --/8Xxy37xq6kDVsli
Content-Type: application/pgp-signature
Content-Disposition: inline
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (FreeBSD)
iQCVAwUBPnpjvj/PhmMH/Mf1AQFm1wP/US9IrHODuZaa5Y0F+IU40N9UazkqgdE/
QqIxX4ww8SR9X0X3BcQvqkT1uqvtU18NhD1nhAJ8vTVZ7y6c1y81AaJsrnVsM1Jd
AjE0XzFb7E8+DCVdKf+RR7Q9faTkAYpKy0YUfuX0TacqEY+fN94IikUG1MSa2gs4
SJaTsFyDlhY=
=tScJ
- -----END PGP SIGNATURE-----
- --/8Xxy37xq6kDVsli--
------------------------------
Date: Thu, 20 Mar 2003 22:15:48 -0600
From: "Brandon D. Valentine" <bra...@dvalentine.com>
Subject: generalized mergemaster(8)
I have encountered a situation in which it would be extremely handy to
have a generalized version of mergemaster(8) which is less specific to
the task of merging /etc. I need to recursively merge two directories
of source files in which I wish to preserve some original files, install
some replacement files outright, and only actually go to the trouble of
sdiff(1)ing those files that from the preview udiff look like they are
need of a merge. Has anyone already done the work of generalizing
mergemaster to this more general task? And if not, is there interest in
this? If nobody has done it I'm probably about to. My inclination is
to extend the existing mergemaster script to support this general
functionality while maintaining support for the specific case of an /etc
merge. mergemaster(8) is already fairly applicable to this task but it
currently makes some assumptions about what your $Id$ looks like and
that you will in fact be running make(1) somewhere to generate your
temproot.
Thoughts?
Brandon D. Valentine
- --
bra...@dvalentine.com http://www.geekpunk.net
Pseudo-Random Googlism: valentine is her husband
------------------------------
End of freebsd-hackers-digest V5 #750
*************************************
To Unsubscribe: send mail to majo...@FreeBSD.org
with unsubscribe freebsd-hackers-digest in the body of the message