Page MenuHomeFreeBSD

a.wolk_fudosecurity.com (Adam Wolk)
User

Projects

User does not belong to any projects.

User Details

User Since
Apr 30 2021, 11:58 AM (12 w, 3 d)

Recent Activity

May 20 2021

a.wolk_fudosecurity.com requested review of D30367: rc.subr: use _pidcmd to determine pid for protect.
May 20 2021, 7:09 PM · rc

May 19 2021

a.wolk_fudosecurity.com added a comment to D30330: rc.conf(5): Add _limits, _loginclass, and _oomprotect.

Unfortunately, some ports like PostgreSQL redefine start_cmd which would make _oomprotect="ALL" silently not work for the database. I am not sure where it would be a good place, but I think it would be worthwhile to document that redefining ${name}_cmd has such a pitfall.

In that particular case, that may not actually be a bad thing, although for the wrong reason. Protecting processes with large or unpredictable memory use is likely to deadlock the system (or close to it) if it runs out of memory, while killing a database server is bad but is likely to be picked up properly by monitoring systems.

May 19 2021, 7:11 AM

May 18 2021

a.wolk_fudosecurity.com updated the diff for D30336: rc.subr.8: document argument_cmd override pitfalls.

Picked the wrong file after regenerating. Sorry, this one has your change.

May 18 2021, 5:07 PM · manpages, docs
a.wolk_fudosecurity.com updated the diff for D30336: rc.subr.8: document argument_cmd override pitfalls.

Updated the diff to your suggestion, which also fixes the mandoc/igor lint.

May 18 2021, 4:59 PM · manpages, docs
a.wolk_fudosecurity.com updated the diff for D30334: protect.1: document existence of _oomprotect.

Fixed one more sentence not started on a new line.

May 18 2021, 4:53 PM · manpages, docs
a.wolk_fudosecurity.com updated the diff for D30334: protect.1: document existence of _oomprotect.

Includes changes suggested by @debdrup and ran the tool against igor and mandoc -T lint fixing reported problems.

May 18 2021, 4:49 PM · manpages, docs
a.wolk_fudosecurity.com added a comment to D30334: protect.1: document existence of _oomprotect.

Have you tested with textproc/igor and mandoc -T lint?

May 18 2021, 4:40 PM · manpages, docs
a.wolk_fudosecurity.com updated the diff for D30334: protect.1: document existence of _oomprotect.

Updated the raw diff using the git show -U999999 <commit-hash> > change.diff method.

May 18 2021, 4:12 PM · manpages, docs
a.wolk_fudosecurity.com updated the diff for D30336: rc.subr.8: document argument_cmd override pitfalls.

Updated the raw diff using the git show -U999999 <commit-hash> > change.diff method. Hope that helps! :)

May 18 2021, 4:09 PM · manpages, docs
a.wolk_fudosecurity.com updated the diff for D30334: protect.1: document existence of _oomprotect.

Make the pid used in ps(1) call match the sample output.

May 18 2021, 3:53 PM · manpages, docs
a.wolk_fudosecurity.com updated the diff for D30336: rc.subr.8: document argument_cmd override pitfalls.

Mixed up diffs between the reviews. Sorry for the noise.

May 18 2021, 3:52 PM · manpages, docs
a.wolk_fudosecurity.com updated the diff for D30336: rc.subr.8: document argument_cmd override pitfalls.
May 18 2021, 3:50 PM · manpages, docs
a.wolk_fudosecurity.com updated the diff for D30334: protect.1: document existence of _oomprotect.

Document how to obtain the current protection status using ps(1).

May 18 2021, 3:35 PM · manpages, docs
a.wolk_fudosecurity.com requested review of D30336: rc.subr.8: document argument_cmd override pitfalls.
May 18 2021, 3:16 PM · manpages, docs
a.wolk_fudosecurity.com added a comment to D30334: protect.1: document existence of _oomprotect.

Yes, it would be good to have a documented method of checking the protected flag, so go ahead and add that.

Once ready, I'll push this along with the other commit.

May 18 2021, 2:37 PM · manpages, docs
a.wolk_fudosecurity.com requested review of D30334: protect.1: document existence of _oomprotect.
May 18 2021, 2:25 PM · manpages, docs
a.wolk_fudosecurity.com accepted D30330: rc.conf(5): Add _limits, _loginclass, and _oomprotect.

lgtm, however please note that I am not a committer.

May 18 2021, 1:38 PM
a.wolk_fudosecurity.com added a comment to D30330: rc.conf(5): Add _limits, _loginclass, and _oomprotect.

It would also be nice to have discoverability from protect(1). Something to the notion of: "Daemons can be automatically protected using _oomprotect in rc.conf(5)" and a SEE ALSO to rc.conf(5).

May 18 2021, 1:17 PM
a.wolk_fudosecurity.com added a comment to D30330: rc.conf(5): Add _limits, _loginclass, and _oomprotect.

I found out the hard way, that an rc script overriding start_cmd ignores some mechanisms. This may be by design. Those ignored are at the least:

May 18 2021, 1:06 PM

Apr 30 2021

a.wolk_fudosecurity.com requested review of D30064: devel/electron11: fix obtaining HOST_NAME_MAX.
Apr 30 2021, 8:11 PM · Ports Committers, Contributor Reviewers (ports)
a.wolk_fudosecurity.com requested review of D30062: www/chromium: fix obtaining HOST_NAME_MAX.
Apr 30 2021, 7:09 PM · Ports Committers, Contributor Reviewers (ports)
a.wolk_fudosecurity.com requested review of D30048: sysutils/lttng-tools: fix obtaining HOST_NAME_MAX.
Apr 30 2021, 3:21 PM · Ports Committers, Contributor Reviewers (ports)
a.wolk_fudosecurity.com added a comment to D30045: net/tigervnc-server: fix obtaining HOST_NAME_MAX.

This is the commit message that phrabricator silently removed:

Apr 30 2021, 1:52 PM · Ports Committers, Contributor Reviewers (ports)
a.wolk_fudosecurity.com requested review of D30045: net/tigervnc-server: fix obtaining HOST_NAME_MAX.
Apr 30 2021, 1:45 PM · Ports Committers, Contributor Reviewers (ports)