DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
Old 2nd July 2016
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 5,443
Default

Glad you got it sorted. I'd love to know what apmd(8) setting caused the problem.
Reply With Quote
Old 3rd July 2016
staus staus is offline
Port Guard
 
Join Date: May 2014
Posts: 18
Default

I was an idiot. I had two entries in /etc/rc.conf.local
Code:
apmd_flags=
apmd_flags="-A"

Last edited by ocicat; 5th July 2016 at 04:30 AM. Reason: Please use [code] & [/code] tags when posting file contents.
Reply With Quote
Old 3rd July 2016
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 5,443
Default

Thank you, but that provisioning error doesn't appear (to me) to be the root cause. When you have two lines in rc.conf.local, the last definition is used.

I ran a test at 5.9-stable and confirmed that the apmd daemon is started only once by rc(8). A single call is made to /etc/rc.d/apmd with the start option, which sources /etc/rc.d/rc.subr. The rc.subr(8) routine only uses the last definition, searching first through rc.conf then rc.conf.local.
Reply With Quote
Old 4th July 2016
staus staus is offline
Port Guard
 
Join Date: May 2014
Posts: 18
Default

Today. I started the system, and the problem has returned. /dev/sd1i always busy. When I was troubleshooting by disabling apm, hotplug, and toad and then re-enabling them one at a time, I must have turned them back on in an order that fixed the problem. I will have to retry one at a time again, I guess.
Reply With Quote
Old 4th July 2016
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 5,443
Default

You can revise the order with # rcctl order [daemon ...] or by manually editing the pkg_scripts variable assignment in rc.conf.local.

I would guess if you are using the example hotplug scripts provided by sysutils/toad, then toadd should be started before hotplugd.

Consider posting more information, as we can only assist based on what you post. For example, post fstat(1) output for the mount point and the device. If the block device shows it is not-busy, does the raw device?
Code:
$ fstat /dev/sd1i
$ fstat /dev/rsd1i
$ fstat /home/staus/usb
The toad automounter will always mount valid filesystems found if it has been successfully called to action. I am still guessing that your filesystem may have been successfully mounted under /run/media if toad was notified to mount it.
  • What are your /etc/hotplug/attach and /etc/hotplug/detach scripts?
  • What is the contents of your amd mount-map?
Reply With Quote
Old 4th July 2016
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 5,443
Default

As I don't use sysutils/toad, I built a test system with it to learn how to provision it.
  1. On installation, if /etc/hotplug/ is empty (as in a default OS install), the sample scripts will be installed.
  2. The toad script is called by hotplugd, upon device attachment, or by the toadd daemon. The toadd daemon is needed to signal optical device media changes, as hotplugd only executes scripts on device attach/detach.
Both d-bus (the messagebus system-wide daemon) and the consolekit session daemon must be running. In my test, I followed the instructions in /usr/local/share/doc/pkg-readmes for both, to ensure that the session d-bus daemon was launched, and that the consolekit daemon started the window manager.

Upon insertion of a device, the mount completed automatically to mount point /run/media/<user>/<device>, in this case, /run/media/test/cd0, as the user was "test" and I tested toadd with optical media changes.

/etc/rc.conf.local:
Code:
hotplugd_flags=
pkg_scripts=messagebus toadd
sshd_flags=NO
xdm_flags=
/home/test/.xsession
Code:
if [ -x /usr/local/bin/dbus-launch -a -z "${DBUS_SESSION_BUS_ADDRESS}" ]; then
        eval `/usr/local/bin/dbus-launch --sh-syntax --exit-with-session`
fi

/usr/local/bin/ck-launch-session /usr/local/bin/startfluxbox
Reply With Quote
Old 5th July 2016
staus staus is offline
Port Guard
 
Join Date: May 2014
Posts: 18
Default

This morning I discovered a usb mouse problem I didn't know about. After many reboots and trial and error, I got the mouse to work by disabling toadd completely. But still get a device busy on a usb memory stick, even as root. Here are some answers to your questions in the previous two posts.
Thanks again for your help. I now have no idea why I was able to mount usb sticks the other day. The mouse problem took me by surprise. I loaded the wsmoused_flags="" to see if the mouse worked, and the mouse still failed. Deleting this enabled the mouse, I guess. I'm slowly getting more and more lost with the usb problem.

Note: I have kern.usermount set to 1.

Flash memory plugged in:
Code:
$ fstat /dev/sd1i
USER     CMD          PID   FD MOUNT        INUM MODE       R/W    SZ|DV NAME

$ fstat /dev/rsd1i
USER     CMD          PID   FD MOUNT        INUM MODE       R/W    SZ|DV NAME

$ fstat /home/staus/usb
USER     CMD          PID   FD MOUNT        INUM MODE       R/W    SZ|DV NAME

$ cat /etc/hotplug/attach                                                      
#!/bin/sh
#
# /etc/hotplug/{attach,detach}

DEVCLASS=$1
DEVNAME=$2

case $DEVCLASS in
2)
        /usr/local/libexec/toad ${0##*/} $DEVCLASS $DEVNAME
        ;;
esac


$ cat /etc/hotplug/detach  
#!/bin/sh
#
# /etc/hotplug/{attach,detach}

DEVCLASS=$1
DEVNAME=$2

case $DEVCLASS in
2)
        /usr/local/libexec/toad ${0##*/} $DEVCLASS $DEVNAME
        ;;
esac
I do not know how to determine the amd mount-map.

I am running a lean version of OpenBSD using blackbox without xdm enabled. Here is my rc.conf.local:
Code:
$ cat /etc/rc.conf.local
apmd_flags="-A"
hotplugd_flags=""
multicast_host=YES
pkg_scripts=messagebus
$
I have disabled toadd, because my usb mouse wasn't functioning except for the root user.

My .xinitrc file to start blackbox:
Code:
$ cat ./.xinitrc                                                               
/usr/local/bin/gkrellm &
/usr/local/bin/bbkeys &
exec ck-launch-session blackbox
$
List of daemons ON:
Code:
$ rcctl ls on
apmd
check_quotas
cron
hotplugd
messagebus
ntpd
pf
pflogd
smtpd
sndiod
sshd
syslogd
$
Thanks again for any help. Hope you can make sense out of what I have added.

Last edited by ocicat; 5th July 2016 at 04:29 AM. Reason: Please use [code] & [/code] tags when posting file contents.
Reply With Quote
Old 5th July 2016
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 5,443
Default

My apologies, I misread post #10 - and interpreted "apm" as "amd".

The toadd(8) daemon should not have any impact on USB mice. If it does, it is a problem that should be reported to the port's maintainer, Antoine Jacoutot. His Email address is available from $ pkg_info toad.

The toadd(8) daemon is used to check for media changes occurring in a cd(4) device, and starts toad(8) with an "attach" command when new media is inserted. If you do not have an optical drive, you do not need this daemon.

The toad(8) application requires the use of both consolekit and dbus. Both of these tools need to be configured properly. It's not clear to me that dbus is provisioned per the guidance in its pkg-readme, as you have not provisioned the "session" daemon with dbus-launch.

It appears to me that hotplugd is configured correctly, with the standard scripts that call toad(8) at attach/detach of disk drives devices.
Reply With Quote
Old 17th July 2016
staus staus is offline
Port Guard
 
Join Date: May 2014
Posts: 18
Default

I've been doing more tests, and I'm getting totally lost. More than the usb flash is a problem. The usb mouse sometimes works and I can sometimes mount a flash drive. I thought the problem was related to kern.usermount set to 1. At first boot, the mouse worked for root and the user. But, if I exited the fvm to the main shell, an error would pop up saying the mouse was disconnected, when it wasn't actually. I have no idea what other things to try. Kern.usermount 0 and 1 - no fix. wsmoused on and off - no fix. Various settings of rc.conf.local - no fix.
I really am impressed by the disk encryption, boot speed, and even playing movies with vlc. But, I'm not able to use OpenBSD unless i can reliably get a mouse and usb plugins to work.
Anymore things to try, except to start over without whole disk encryption?
Thanks.
Reply With Quote
Old 17th July 2016
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 5,443
Default

  1. Softraid and USB should not interfere with each other. Dynamically created, pseudo-SCSI devices are created by softraid and by mass storage attached as USB, and sd(4) device assignment is the only intersection.

    I have yet to see a complete dmesg(8) posted, but from your prior posts your USB stick was assigned sd1 when attached. As you have stated you are also using softraid, I assume your softraid drive is sd0 and therefore your underlying physical drive must not be SCSI or ATA -- as that would be physical drive sd0 and the softraid drive would have been assigned sd1 instead. Therefore, either your physical drive is IDE drive wd0 and your softraid drive is sd0, or ... you are not using softraid. Or I have misread or misinterpreted what you have posted here.

    A complete dmesg(8) would add clarity.
  2. Completely unrelated to your problems, kern.usermount is being disabled for the upcoming OpenBSD 6.0 release. As part of that change, the sysutils/toad port will be disabled for 6.0, and toad packages for 6.0 will not be built or available. The Project recommends using doas(1) for mounting by users.
I do not understand the mouse issue. Could you please clarify? It appears from your description that when you exit X11 and return to console mode, you see a USB device detach. Is that a blue and white kernel message?

If this is a kernel message, then yes, there could be a hardware-related issue, such as with the specific USB driver chain. USB 3.0 is relatively new, and if your hardware has USB 3.0, you might have a driver related issue. In that instance, a dmesg(8) may also add clarity.

If the message is not a blue/white kernel message, then perhaps this is comes from your use of wsmoused(8), which is only used for copy/paste functions when X11 is not used.

Last edited by jggimi; 17th July 2016 at 01:15 PM. Reason: corrected news link
Reply With Quote
Old 19th July 2016
staus staus is offline
Port Guard
 
Join Date: May 2014
Posts: 18
Default

Thanks for the continued help. Attached is the dmesg file made after boot up as a user. I deleted toad.
The mouse de-attach message is a blue and white text, if that is any help.
Attached Files
File Type: txt dmesg.txt (7.1 KB, 12 views)
Reply With Quote
Old 21st July 2016
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 5,443
Default

Thank you for posting the dmesg. You have an IDE hard drive (wd0), so I did not misunderstand the storage configuration.

As I mentioned above, both Softraid and USB mass storage will be assigned virtual sd(4) devices as they attach. In this particular dmesg, only a Softraid drive is attached as sd0, there are no USB storage attach / detach messages.

All but 5695 sectors of the underlying physical wd0 drive are allocated to the Softraid drive sd0, as you are using Full Disk Encryption.

Your USB controllers include ehci(4) for USB 2.0 devices, and ohci(4) for 1.1 and 1.0 devices. Your USB mouse is attached via the USB 1.0/1.1 controller ohci0, while your video camera is connected via the USB 2.0 controller ehci0.

I don't see anything problematic in this particular dmesg. Someone with more skills and knowledge might have a different opinion, of course.

---

The kernel driver detaching the mouse on exit from X Windows that you have mentioned is a problem I am unfamiliar with. As it does not occur while using the mouse while you are running X, it is less likely to be a hardware problem with the mouse, and more likely to be a software problem of some kind.

You might consider reporting the problem to the Project. If you use the sendbug(1) script to structure a formal report, it will include usbdevs(8) output in addition to a dmesg which may be helpful to a developer.

http://www.openbsd.org/report.html
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Full Disk Encryption jjstorm OpenBSD Installation and Upgrading 3 30th May 2016 08:19 PM
Full disk encryption in NetBSD 7.0 RC2 bashrules NetBSD Installation and Upgrading 1 18th August 2015 02:11 AM
Disk encryption mfaridi OpenBSD Security 12 2nd March 2015 08:45 PM
whole disk encryption 22decembre OpenBSD Security 6 5th January 2015 09:23 AM
Security: Encryption: Disk Encryption eurovive Other BSD and UNIX/UNIX-like 17 6th March 2010 04:09 AM


All times are GMT. The time now is 04:40 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick