After calling the cap_init(3) function Casper will fork from it's original
process, using pdfork(2). Forking from a process has a lot of advantages:
1. We have the same cwd as the original process.
2. The same uid, gid and groups.
3. The same MAC labels.
4. The same descriptor table.
5. The same routing table.
6. The same umask.
7. The same cpuset(1).
From now services are also in form of libraries.
We also removed libcapsicum at all and converts existing program using Casper
to new architecture.
Discussed with: pjd, jonathan, ed, drysdale@google.com, emaste
Partially reviewed by: drysdale@google.com, bdrewery
Approved by: pjd (mentor)
Differential Revision: https://reviews.freebsd.org/D4277
network packets that we parse and not against local users trying to gain root
access through ping's set-uid bit - this is handled by dropping privileges very
early in ping.
Submitted by: Mikhail <mp@lenta.ru>
COPTS towards the end of final CFLAGS so that it can be used to
override Makefile and other defaults. Using it in Makefiles risks
having options set using it clobbered when somebody uses it on the
command line.
Approved by: bde
This isn't necessarily the best statistic, but it is by far the easiest to
calculate. Update the man page to be more explicit about precisely which
statistics are printed out. Revert some of jmg's bogus man page changes from
rev 1.11.
Do a better job of argument parsing.
Don't permit ping -f to a multicast address (very antisocial).
Don't permit -L, -I, -T options with unicast addresses.
Ensure that we ask for only AF_INET addresses (should close PR#2584).
Return <sysexits.h> error codes for failures. Document this.
Fix man page to identify the author and put sections in correct order.
