Commit Graph

184 Commits

Author SHA1 Message Date
Baptiste Daroussin
a7f8c4eb4c Readd Makefile.inc that were used to include upper level Makefile.inc and
set (among other things) the destination where the binary should be installed
2014-11-28 22:03:35 +00:00
Baptiste Daroussin
c6db8143ed Convert usr.sbin to LIBADD
Reduce overlinking
2014-11-25 16:57:27 +00:00
Bryan Drewery
5608fd23c2 Revert r267233 for now. PIE support needs to be reworked.
1. 50+% of NO_PIE use is fixed by adding -fPIC to INTERNALLIB and other
   build-only utility libraries.
2. Another 40% is fixed by generating _pic.a variants of various libraries.
3. Some of the NO_PIE use is a bit absurd as it is disabling PIE (and ASLR)
   where it never would work anyhow, such as csu or loader. This suggests
   there may be better ways of adding support to the tree. Many of these
   cases can be fixed such that -fPIE will work but there is really no
   reason to have it in those cases.
4. Some of the uses are working around hacks done to some Makefiles that are
   really building libraries but have been using bsd.prog.mk because the code
   is cleaner. Had they been using bsd.lib.mk then NO_PIE would not have
   been needed.

We likely do want to enable PIE by default (opt-out) for non-tree consumers
(such as ports). For in-tree though we probably want to only enable PIE
(opt-in) for common attack targets such as remote service daemons and setuid
utilities. This is also a great performance compromise since ASLR is expected
to reduce performance. As such it does not make sense to enable it in all
utilities such as ls(1) that have little benefit to having it enabled.

Reported by:	kib
2014-08-19 15:04:32 +00:00
Peter Wemm
713c03d57a Check gethostname(2) return code - but even if it succeeds it may not
null terminate.

Temporarily use "From: $user@$hostname" rather than "From: $user".
The latter exposes incompatible behavior if using dma(8).  sendmail(8)
(and other alternatives) canonify either form on submission (even
if masquerading), but dma will leak a non-compliant address to
the internet.
2014-08-05 01:32:09 +00:00
Baptiste Daroussin
01c2b8ac0d use .Mt to mark up email addresses consistently (part2)
PR:		191174
Submitted by:	Franco Fichtner  <franco@lastsummer.de>
2014-06-20 09:57:27 +00:00
Bryan Drewery
864c53ead8 In preparation for ASLR [1] support add WITH_PIE to support building with -fPIE.
This is currently an opt-in build flag. Once ASLR support is ready and stable
it should changed to opt-out and be enabled by default along with ASLR.

Each application Makefile uses opt-out to ensure that ASLR will be enabled by
default in new directories when the system is compiled with PIE/ASLR. [2]

Mark known build failures as NO_PIE for now.

The only known runtime failure was rtld.

[1] http://www.bsdcan.org/2014/schedule/events/452.en.html
Submitted by:		Shawn Webb <lattera@gmail.com>
Discussed between:	des@ and Shawn Webb [2]
2014-06-08 17:29:31 +00:00
Andrey A. Chernov
bc36ff9bc7 Bad timespec_subtract() calculations produce negative tv_nsec on i386
which cause EINVAL returned from nanosleep() which cause loop in
cron_sleep() and making all cron jobs to start about 30 seconds earlier
(which cause f.e. logfiles rotation by newsyslog delayed by 1 hour).

Use simple and proved calculations from kernel's timespecsub() instead.

MFC after:      3 days
2014-01-25 02:16:09 +00:00
Maxim Sobolev
7a5c30c5b6 Second attempt to add @every_second keyword support. Due to multiple
requests, default to the previous 60-seconds scheduling method
unless there is any @every_second entries to conserve CPU cycles and
power.

This change also improves scheduling in the default mode by running
as close to the beginning of the minnute as possible by replacing
sleep(3) with nanosleep(2). Previously, the tasks would run anywhere
within the first second of the minute and that offset drifted back
and forth each time cron(8) was engaged.

MFC after:	1 month
2012-10-25 22:54:29 +00:00
Maxim Sobolev
27858d0bb4 Fully backout latest changes.
Pointy hat to:	sobomax
2012-10-18 06:27:03 +00:00
Maxim Sobolev
8675ac22d6 Remove harmless, but superfluous local change that creeped in along
with the r241649.
2012-10-17 21:26:35 +00:00
Maxim Sobolev
07e9aac098 Revert latest changes to cron, until better version is worked out (I hope).
Requested by:   few
2012-10-17 20:45:48 +00:00
Maxim Sobolev
7bd028861b o Use nanosleep(2) to sleep exact amount of time till the next second,
not multiple of 1 second, which results in actual time to drift back
and forth every run within 1 second of the actual action has
been set for.

Suggested by:   Ian Lepore

o Schedule the first run in 1 second after starting up, not on the
boundary of the next minute, which results in the every_second jobs
not being run.
2012-10-17 00:44:34 +00:00
Maxim Sobolev
890278c188 Properly handle non-keyword case by setting e->second to 0. 2012-10-16 21:34:02 +00:00
Maxim Sobolev
2543786a37 Add per-second scheduling into the cron(8). Right now it's
only available via the new @every_second shortcut. ENOTIME to
implement crontab(5) format extensions to allow more flexible
scheduling.

In order to address some concerns expressed by Terry Lambert
while discussing the topic few years ago, about per-second cron
possibly causing some bad effects on /etc/crontab by stat()ing
it every second instead of every minute now (i.e. atime update),
only check that database needs to be reloaded on every 60-th
loop run. This should be close enough to the current behaviour.

Add "@every_minute" shortcut while I am here.

MFC after:	1 month
2012-10-15 08:21:49 +00:00
Sergey Kandaurov
24e4c29c6e Fix build with LOG_FILE undefined and DEBUGGING disabled. 2012-10-02 09:23:16 +00:00
Sergey Kandaurov
9281629f0e Fix build with DEBUGGING disabled. 2012-10-02 09:19:28 +00:00
Ed Schouten
902d9eafbf Rework all non-contributed files that use `struct timezone'.
This structure is not part of POSIX. According to POSIX, gettimeofday()
has the following prototype:

	int gettimeofday(struct timeval *restrict tp, void *restrict tzp);

Also, POSIX states that gettimeofday() shall return 0 (as long as tzp is
not used). Remove dead error handling code. Also use NULL for a
nul-pointer instead of integer 0.

While there, change all pieces of code that only use tv_sec to use
time(3), as this provides less overhead.
2012-09-01 14:45:15 +00:00
John Baldwin
5cdfc55cab Add a one second sleep before touching the spool directory. If the touch
occurs in the same second as the earlier operations to create the temporary
file and the cron(8) daemon is rescans the spool directory during that
second, then the daemon may miss a cron edit and not properly update its
internal database.

MFC after:	1 month
2012-07-02 20:27:37 +00:00
Glen Barber
f85ad80c6f As cron(8) is started with '-s' by default, timezones that observe
DST should not need to worry about scheduling jobs when the DST time
changes.

Rather than removing the BUGS section in crontab(5) regarding this,
note that disabling '-s' may still cause jobs to be executed twice or
not at all.

PR:		166318
Submitted by:	Florian k Unglaub (f.unglaub%googlemail!com)
MFC After:	1 week
2012-04-28 22:48:00 +00:00
Xin LI
cc427081a7 Drop setuid status while doing file operations to prevent potential
information leak.  This changeset is intended to be a minimal one
to make backports easier.

Reviewed by:	kevlo, remko
MFC after:	1 week
2012-02-27 05:49:00 +00:00
Sean Farley
fd2f39cb85 Since April 2, 2006, Indiana has observed DST.
MFC after:	5 days
2012-01-28 21:06:45 +00:00
Ulrich Spörlein
3df5ecac8c Spelling fixes for usr.sbin/ 2011-12-30 10:58:14 +00:00
Warren Block
df799cbad3 Point out that @reboot runs at every cron startup, not just system
startup.

Discussed on:	hackers@

Approved by:	gjb (mentor)
MFC after:	1 week
2011-11-25 17:41:12 +00:00
Christian Brueffer
0d83258df3 List /var/cron/tabs in FILES and add descriptions for the other entries.
PR:		145912
Submitted by:	Julian H. Stacey <jhs@berklix.com>
Obtained from:	OpenBSD
MFC after:	1 week
2010-05-14 01:25:30 +00:00
Ed Schouten
71ccf09269 The last big commit: let usr.sbin/ use WARNS=6 by default. 2010-01-02 11:07:44 +00:00
Attilio Rao
7a7043c787 Avoid sshd, cron, syslogd and inetd to be killed under high-pressure swap
environments.
Please note that this can't be done while such processes run in jails.

Note: in future it would be interesting to find a way to do that
selectively for any desired proccess (choosen by user himself), probabilly
via a ptrace interface or whatever.

Obtained from:	Sandvine Incorporated
Reviewed by:	emaste, arch@
Sponsored by:	Sandvine Incorporated
MFC:		1 month
2009-11-25 15:12:24 +00:00
Sergey Skvortsov
637fd955fe Fix typo.
Approved by:	ru
2008-12-01 17:39:34 +00:00
Matteo Riondato
c082b52c72 remove a pointless prototype and static-fy the corresponding function
MFC after:	3 days
2008-11-18 01:19:25 +00:00
Matteo Riondato
74c824b081 use WARNS?= instead of WARNS=
MFC after:	3 days
2008-11-18 00:59:26 +00:00
Matteo Riondato
90f43da7ad Be more precise and use sizeof(tn)
Pointed out by: glewis@

MFC after:	3 days
2008-11-18 00:39:50 +00:00
Matteo Riondato
d9e5bb5c20 Use WARNS?= instead of WARNS=
MFC after:	3 days
2008-11-18 00:12:15 +00:00
Matteo Riondato
66d48cdafe Make usr.sbin/cron/crontab and usr.sbin/cron/lib WARNS=3 clean
Tested with: make universe

MFC after:	3 days
2008-11-10 06:35:30 +00:00
Matteo Riondato
37f1755cab Revert to previous revision.
I should not commit anything at 3.50 AM.
In addition to danfe's comments, I got others.
I'll work on a better version of the patch.
2008-11-09 09:01:09 +00:00
Matteo Riondato
8037791bf7 Don't leave files in /var/cront/tabs when interrupted
PR:		17363
MFC after:	3 days
2008-11-09 07:34:11 +00:00
Matteo Riondato
2b9f079ca2 Be paranoid and use snprintf
PR:		bin/122137
Submitted by:	Steven Kreuzer <skreuzer@exit2shell.com>
MFC after:	3 days
2008-11-09 06:44:53 +00:00
Matteo Riondato
c11807aca2 Be paranoid and zero out passwd
PR:	122070
Submitted by:	Steven Kreuzer <skreuzer@exit2shell.com>
Reminded by:    gnn@
MFC after:	3 days
2008-11-06 04:53:02 +00:00
Dmitry Morozovsky
1168e5f13b Fix empty mailto (-m "") handling: somehow I missed all checks but the first,
hence output would be written to the wrong filehandle.

Submitted by:	reg
Approved by:	yar (implicit)
MFC after:	ASAP
Pointy hat to:	marck
2008-08-01 08:01:33 +00:00
Dmitry Morozovsky
b75634d238 Add -m option to cron(8), overriding default mail recipient for cron mails,
unless explicitly provided by MAILTO= line in crontab.  This feature can be
useful in massive hosting environment, where most users do not care about
autogenerated mails.

Setting recipient to null string disables default mails at all.

Approved by:	yar
MFC after:	4 weeks
2008-06-29 16:56:18 +00:00
Kevin Lo
784bddbc5b Cleanup of userland __P use 2007-11-07 10:53:41 +00:00
Ruslan Ermilov
0376869747 Fixed static linkage (build with -DNO_SHARED).
Approved by:	re (kensmith)
2007-10-01 18:17:24 +00:00
Yaroslav Tykhiy
997c6eefd8 Add PAM support to cron(8). Now cron(8) will skip commands scheduled
by unavailable accounts, e.g., those locked, expired, not allowed in at
the moment by nologin(5), or whatever, depending on cron's pam.conf(5).
This applies to personal crontabs only, /etc/crontab is unaffected.

In other words, now the account management policy will apply to
commands scheduled by users via crontab(1) so that a user can no
longer use cron(8) to set up a delayed backdoor and run commands
during periods when the admin doesn't want him to.

The PAM check is done just before running a command, not when loading
a crontab, because accounts can get locked, expired, and re-enabled
any time with no changes to their crontabs.  E.g., imagine that you
provide a system with payed access, or better a cluster of such
systems with centralized account management via PAM.  When a user
pays for some days of access, you set his expire field respectively.
If the account expires before its owner pays more, its crontab
commands won't run until the next payment is made.  Then it'll be
enough to set the expire field in future for the commands to run
again.  And so on.

Document this change in the cron(8) manpage, which includes adding
a FILES section and touching the document date.

X-Security: should benefit as users have access to cron(8) by default
2007-06-17 17:25:53 +00:00
Will Andrews
2ba44ac557 Fix a bug where HOME was not allowed to be overridden by an user's crontab
as crontab(5) states it can be.  This is supported by all vixie-cron derived
implementations; not sure why FreeBSD was any different.

PR:		bin/106442
MFC after:	2 weeks
2007-03-08 07:00:42 +00:00
Brian Somers
cf2603700e Behave as documented when reading fields saying "X/Y" where X != *
rather than mis-parsing them as "X".

MFC after: 1 day
2006-09-26 18:06:09 +00:00
Ruslan Ermilov
405a44d326 Use a #define to refer to /etc/crontab. 2006-09-03 17:52:19 +00:00
Stefan Farfeleder
531c70a642 Don't use "implicit int". Move the opening { of the functions to the next
line while there.
2006-07-20 09:11:08 +00:00
Maxim Konovalov
708f27a157 o Finally learn how to spell "privileges".
English trainer:	ceri
2006-06-11 21:13:49 +00:00
Maxim Konovalov
b608e56d62 o Spell "privledges" correctly. Re-style comment. 2006-06-11 20:17:18 +00:00
Maxim Konovalov
bb0aa1a544 o Better be safe than sorry: check return code from setuid(2),
setgid(2), setlogin(2) and initgroups(3).  In theory they could
fail for root with some third party mac(4) policies.

Submitted by:	Kostik Belousov
MFC after:	1 month
2006-06-01 15:03:06 +00:00
Brooks Davis
9896de5a67 /etc/crontab is similar enough to parse as correct if you run
"crontab /etc/crontab", but not the same format due to the who field.
Add some limited anti-foot-shooting support and refuse to load
/etc/crontab as someone's crontab.  Users wishing shoot their foot in
this manner may copy /etc/crontab elsewhere. :)

MFC After:	1 week
2006-01-10 05:56:32 +00:00
Pawel Jakub Dawidek
8b28aef238 Pidfiles should be created with permission preventing users from opening
them for reading. When user can open file for reading, he can also
flock(2) it, which can lead to confusions.

Pointed out by:	green
2005-09-16 11:24:28 +00:00