it is both uneeded and breaks certain lock-step timing in the rexec
protocol.
Yes, an attacker can "relay" connections using this trick, but a properly
configured firewall that would make this sort of subterfuge necessary in the
first place (instead of direct packet spoofing) would also thwart useful
attacks based on this.
succeeded.
Never allow the reverse channel to be to a privileged port.
Cannidate for: 2.1 and 2.2 branches
Reviewed by: pst (with local cleanups)
Submitted by: Cy Shubert <cy@cwsys.cwent.com>
Obtained from: Jaeger <jaeger@dhp.com> via BUGTRAQ
and YP_SECURE flags so that it can properly add them to newly created
maps when needed. This applies only when using the 'standard' method
for map transfers. When using rpc.ypxfrd, the whole map is copied
verbatim, along with any special entries that may be encoded in it.
Also made -Wall a little quieter for ypxfrd_getmap.c.
the main program, report them directly from the dynamic linker and die
there, rather than returning an error message to crt0.o. This enables
the printing of error messages even for old executables, whose version
of crt0.o is not able to print them.
This fix closes PR bin/1869.
The code in crt0.o for printing error messages from the dynamic linker
is no longer used, because of this change. But it must remain, for
backward compatibility with older dynamic linkers.
When an rsh is denied by rshd because the client is lacking appropriate
.rhosts permission, an error message is formatted for syslog which contains
the client's hostname. The hostname portion of the message relies on a pointer
to a field within gethostbyname()'s internal struct hostent which changes state
between when the pointer is initialized and when it is dereferenced to create th
e
message.
Submitted by: skynyrd@opus.cts.cwu.edu
>Description:
/usr/libexec/mail.local runs as root. As such is can fill up a
mailbox on a quota'd filesystem, and keep going... Makes quota's
almost useless in an ISP environment.
Closes: PR#bin/1111
Submitted by: Charles Henrich <henrich@crh.cl.msu.edu>
or rpc.ypxfrd processes on remote systems that aren't bound to reserved
ports. The servers already do reserved port checks on the clients.
Obtained from: scrutinizing the OpenBSD ypxfr sources. (Note that this
applies to the ypserv check only; OpenBSD doesn't have an rpc.ypxfrd.)
password: ask for it, but don't tell that S/key password required.
It looks like non-s/key system from outside.
Additionally tell that s/key required when it is so for normal case
It happens if 1) regular passwords not allowed, 2) skey database
not activated for given user.
Under some rare circumstanes skey_challenge can return empty
diagnostic or even previous buffer, fix it.
opened. After that, the directories are already present, and there is
no point in adding them again. This doesn't fix any bugs; it's just for
efficiency.
since rt_readenv() already takes care of not setting unsafe variables.
This was part of the changes I submitted to Peter and John during the
review which must have gotten missed.
how I managed to get this out of sync, but I did. I guess that's what I
get for directly committing from different machines that I was testing on.
Pointed out by: Paul Traina <pst@freebsd.org>
configurable fallback search paths, as well as new crt interface version.
Also:
- even faster getenv(), get all environment variable settings in a single
pass.
- ldd printf-like format specifications
- minor code cleanups, one vsprintf -> vsnprintf (harmless)
The library search sequence is a little more complete now. Before,
it'd search $LD_LIBRARY_PATH (by opendir/readdir/closedir), then read
the hints file, then read /usr/lib (again by scanning thr directory). It
would then fail if there was no "found" library.
Now, it does LD_LIBRARY_PATH and the hints file the same, but then uses
a longer fallback path. The -R path is fetched from the executable if
specified at build time, the ldconfig path is appended, and /usr/lib is
appended to that. Duplicates are suppressed. This means that simply
placing a new library in /usr/local/lib will work (the same as it did in
/usr/lib) without needing ldconfig -m. It will find it quicker if the
ldconfig is run though.
Similar changes have been made to the NetBSD ld.so, but ours is rather
different now due to John Polstra's speedups and fixes from a while back.
The ldd printf-like format support came direct from NetBSD.
Reviewed by: nate, jdp
with the -R option and store the path in the dynamic header when specified.
The $LD_RUN_PATH environment variable is not checked yet.
While here, split up the code a bit more to enable more selective replacing
of GPL'ed components that are linked with ld.so with others.
Obtained from: NetBSD (mostly, the breakup is my fault)
Reviewed by: Garrett Wollman <wollman@freebsd.org>
Submitted by: Warner Losh <imp@village.org>
Close PR bin/1145:
Add -s flag to tftpd. This enables the so-called secure mode
of tftpd where it chroots to a given directory before allowing access
to the files. In addition, it runs as nobody when in this mode.
Reviewed a long time ago by Bill and Garrett. Apply my patch from the
pr, and close the PR.
for gcc >= 2.5 and no-ops for gcc >= 2.6. Converted to use __dead2
or __pure2 where it wasn't already done, except in math.h where use
of __pure was mostly wrong.
as atomically as possible.
(Immutable targets can't be renamed without opening a window when
neither the source nor the target is immutable. Perhaps there
should be a rename_immutable syscall to do this if unsetting the
immutable flags would work.)
"." means the object directory, so it is just confusing to use it
when nothing is included from the object directory unless the object
directory is also the source directory. It is confusing for "."
not to mean the source directory anyway, so used `-I.'s should be
replaced by `-I${.OBJDIR}'.
