Commit Graph

1413 Commits

Author SHA1 Message Date
Jacques Vidrine
0fcbbd7bea When PAM support was added to rexecd in revision 1.29 (just prior to
5.0-RELEASE), a visually elusive bug was introduced.  A comparison
operator was changed to assignment.  As a result, rexecd behaved
always as if the `-i' option had been specified.  It would allow root
logins.  This commit corrects the situation in the obvious way.

A separate bug was introduced at the same time.  The PAM library
functions are called between the invocation of getpwnam(3) and the use
of the returned static object.  Since many PAM library functions
result in additional getpwnam(3) calls, the contents of the returned
static object could be changed from under rexecd.  With this commit,
getpwnam_r(3) is used instead.

Other PAM-using applications should be reviewed for similar errors in
getpw* usage.

Security:	rexecd's documented default policy of disallowing root
		logins was not enforced.
Reviewed by:	cperciva
2005-03-27 13:59:44 +00:00
Colin Percival
8fe7df9b68 If "dangerous" environment variables (LD_PRELOAD, LD_LIBMAP,
LD_LIBMAP_DISABLE, LD_LIBRARY_PATH) are used, then make sure the
libraries being loaded aren't on a noexec-mounted filesystem.

This is a compromise position: I'm assuming that nobody will be silly
enough to set the noexec mount flag on part of the default library
path, in order to avoid adding extra overhead into the common case
(where those environment variables aren't used).

Discussed with:	csjp, secteam
MFC after:	1 week
2005-03-24 10:12:29 +00:00
David Schultz
13b68b3267 Use sysconf(_SC_ARG_MAX) instead of NCARGS. 2005-03-21 08:01:14 +00:00
David Xu
c5fa3778bb Add locking code for tls routines. 2005-03-20 23:28:25 +00:00
Ruslan Ermilov
24fe1eafe4 Install rlogind(8). Pointy hat is available on request. 2005-03-03 15:59:32 +00:00
Tom Rhodes
c71158d453 Wrap BSD r* commands in NO_RCMDS.
Change NO_RCMDNS to NO_RCMDS and do the switch in bsd.compat.mk.

Discussed with: ru, nectar
2005-03-02 11:53:22 +00:00
Hajimu UMEMOTO
72847b8fff correct WARNS=6 fix to use cast to (void *).
use of struct sockaddr_strage * is thought as not good manner. :)
2005-03-01 10:55:06 +00:00
Doug Rabson
ddab7ee80a Attempt to free any static TLS space used by a shared library when it
is unloaded. This allows applications which load and unload libraries
like libGL.so.1 several times to work properly.

MFC after: 2 days
2005-02-27 12:55:40 +00:00
Olivier Houchard
c6ac5bfcae Only provide the dummy, non-atomic atomic_cmpset_32() if
ARM_HAS_ATOMIC_CMPSET_32 isn't defined.
2005-02-26 22:49:19 +00:00
Dag-Erling Smørgrav
6eece4b5f1 If what we have is a struct sockaddr_storage * and what we want is a
struct sockaddr_storage *, there's no point in casting it prematurely
to a struct sockaddr *.  This unbreaks WARNS=6 on sparc64.
2005-02-23 21:26:55 +00:00
Dag-Erling Smørgrav
9da3e5bad4 Make WARNS=6-clean. 2005-02-23 17:13:28 +00:00
Yaroslav Tykhiy
f9036ce6dc Add some consistency checks to the signal-related code.
MFC:	along with rev. 1.202
2005-02-16 11:35:51 +00:00
Yaroslav Tykhiy
91ae77792e A call to maskurg() makes sense only when a transfer is under way,
the function will emit an annoying log message otherwise.

Reported by:	kris
MFC:		along with rev. 1.202
2005-02-16 11:22:20 +00:00
Stefan Farfeleder
4359d8a336 - Use socklen_t.
- No need for 'fromlen' to have file scope.
- Remove an unused variable.
2005-02-14 17:59:52 +00:00
Stefan Farfeleder
78e3eed071 Fix most cases where the address of an int is passed to a function expecting a
socklen_t * argument.
2005-02-14 17:42:58 +00:00
Ruslan Ermilov
36a142c455 Expand contractions. 2005-02-13 23:45:54 +00:00
Ruslan Ermilov
0227791b40 Expand *n't contractions. 2005-02-13 22:25:33 +00:00
Ruslan Ermilov
ee3b44f521 Sync program's usage() with manpage's SYNOPSIS. 2005-02-09 20:36:12 +00:00
Ruslan Ermilov
c13a4b3505 Removed Kerberos remnants. 2005-02-09 20:23:36 +00:00
Ruslan Ermilov
73f9c36206 The only user of this utility (share/man/man0) was removed 2+ years ago. 2005-02-09 19:50:45 +00:00
Matthew N. Dodd
5b08cb0449 Description from Dan:
Another handy libmap patch.  Lets you do stuff like this:

	LD_LIBMAP="libpthread.so.1=libthr.so.1" mythreadedapp

	If you already have a program-specific override in libmap.conf, note
	that you must use a program-specific override in LD_LIBMAP:

	LD_LIBMAP="[mythreadedapp],libpthread.so.1=libthr.so.1" mythreadedapp

PR:		bin/74471
Submitted by:	Dan Nelson <dnelson AT allantgroup.com>
MFC after:	2 weeks
2005-02-04 02:46:41 +00:00
Matthew N. Dodd
d33da23f4c style(9) 2005-02-04 02:13:37 +00:00
Ruslan Ermilov
254dd1666e Let bsd.prog.mk set SRCS and MAN to their default values. 2005-01-28 16:08:11 +00:00
Yaroslav Tykhiy
220223fdf4 Respect the `logging' flag.
Pointed out by:	Nick Leuta
MFC after:	3 days
2005-01-19 10:49:40 +00:00
Yaroslav Tykhiy
4cd51076c5 Improve handling SIGURG and OOB commands on the control channel.
The major change is to process STAT sent as an OOB command w/o
breaking the current data transfer.  As a side effect, this gives
better error checking in the code performing data transfers.

A lesser, but in no way cosmetic, change is using the flag `recvurg'
in the only signal-safe way that has been blessed by SUSv3.  The
other flag, `transflag,' becomes private to the SIGURG machinery,
serves debugging purposes only, and may be dropped in the future.

The `byte_count' global variable is now accounting bytes actually
transferred over the network.  This can give status messages looking
strange, like "X of Y bytes transferred," where X > Y, but that has
more sense than trying to compensate for combinations of data formats
on the server and client when transferring ASCII type data.  BTW,
getting the size of a file in advance is unreliable for a number of
reasons in the first place.  See question 18.8 of the Infrequently
Asked Questions in comp.lang.c for details.

PR:		bin/52072
Tested by:	Nick Leuta (earlier versions), a stress-testing tool (final)
MFC after:	1 month
2005-01-19 10:33:20 +00:00
Ruslan Ermilov
a3ac07a54e Sort sections. 2005-01-18 09:29:40 +00:00
Xin LI
06eda379d4 64-bit clean + WARNS=6:
- Convert the (char *) cast+cast backs magic to
	  memcpy(3).  Without this, the resulting code
	  is potentially risky with higher optimization
	  levels.
	- Avoid same name when calling local variables,
	  as well as global symbols.  This reduces
	  confusion for both human and compiler.
	- Add necessary casts, consts
	- Use new style function defination.
	- Minor style.Makefile(5) tweak
	- Bump WARNS?= from 0 to 6

** for the aout code: changes are intentionally limited
   to ease maintaince.
2005-01-14 12:22:57 +00:00
Tom Rhodes
43d8ef3f27 Restore these files to make ldconfig(8) happy. 2005-01-11 16:40:29 +00:00
Tom Rhodes
290f99bb70 Remove a.out runtime linker. It doesn't build and was removed from the
build over two years ago by peter.

The binary a.out version of ld.so can be obtained from misc/compat22 or
src/lib/compat/compat22.

Discussed on:	-arch
Voted yes:	jhb, ru, linimon, delphij
2005-01-11 06:15:19 +00:00
Yaroslav Tykhiy
1850cfa1c5 Replace err(3) calls when in daemon mode by syslog(3), too.
A daemon has no stderr to send its complains to.

Pointed out by:	Nick Leuta
MFC after:	1 week
2005-01-10 12:19:11 +00:00
Ruslan Ermilov
b5b0bba4df NOPAM -> NO_PAM 2004-12-21 12:49:24 +00:00
Ruslan Ermilov
731db6a428 NOINET6 -> NO_INET6 2004-12-21 10:49:29 +00:00
Ruslan Ermilov
a216173556 NOCRYPT -> NO_CRYPT 2004-12-21 10:16:04 +00:00
Ruslan Ermilov
ab7a294721 NODOCCOMPRESS -> NO_DOCCOMPRESS
NOINFO -> NO_INFO
NOINFOCOMPRESS -> NO_INFOCOMPRESS
NOLINT -> NO_LINT
NOPIC -> NO_PIC
NOPROFILE -> NO_PROFILE
2004-12-21 09:33:47 +00:00
Ruslan Ermilov
e653b48c80 Start the dreaded NOFOO -> NO_FOO conversion.
OK'ed by:	core
2004-12-21 08:47:35 +00:00
Yaroslav Tykhiy
bcd2618483 Do a small style(9) fix before I'm hacking the code itself. 2004-12-16 07:27:28 +00:00
Yaroslav Tykhiy
8efc8b18e5 free(3) is void already. 2004-12-16 07:17:56 +00:00
Yaroslav Tykhiy
6c98f40194 Never emit a message to stderr: use syslog instead.
When in inetd mode, this prevents bogus messages from
appearing on the control channel.  When running as a
daemon, we shouldn't write to the terminal we used to
have at all.

PR:		bin/74823
MFC after:	1 week
2004-12-12 17:30:28 +00:00
Olivier Houchard
25a252899e Implement a dummy atomic_cmpset_32(). It should be safe to use it in rtld as
the signals are masked anyway.
2004-11-23 16:32:34 +00:00
Yaroslav Tykhiy
ebd83647a4 When looking for a virtual host to handle the connection,
stop the search on the first match for efficiency.

Submitted by:	Nick Leuta
2004-11-22 11:10:04 +00:00
Yaroslav Tykhiy
4cbc4ad644 Calling pam_chauthtok() isn't really needed since
an FTP user has no chance to change password anyway.

Submitted by:	Nick Leuta
2004-11-22 11:02:42 +00:00
Yaroslav Tykhiy
e897216f45 Don't log the chroot dir on every command since it's constant for a session.
Log it once at the beginning of the session instead.  OTOH, log wd each
time for the sake of better auditing and consistent log format.

Proposed by:	Nick Leuta <skynick -at- mail.sc.ru>
2004-11-22 10:48:29 +00:00
Yaroslav Tykhiy
7cdd3cb70b Always log remote IP.
PR:		bin/59773
2004-11-22 10:27:16 +00:00
Yaroslav Tykhiy
04683b2c35 Treat host name buffers consistently. 2004-11-22 10:16:43 +00:00
Yaroslav Tykhiy
215a9f9de5 Make chrootdir global and use it in log messages
regarding restricted users.

MFC after:	2 weeks
2004-11-18 14:15:32 +00:00
Yaroslav Tykhiy
2b7eb1c076 Nitpicking on style(9) and whitespace.
Tested with:	md5(1)
2004-11-18 13:55:15 +00:00
Yaroslav Tykhiy
0c4b401f76 Use __FBSDID. 2004-11-18 13:46:29 +00:00
Yaroslav Tykhiy
405e2987ca Don't say, "file: permission denied," if the operation
is disabled entirely.
2004-11-18 11:50:01 +00:00
Yaroslav Tykhiy
02c9749295 Use uniform punctuation, capitalization, and language style
in server messages wherever this doesn't contradict to a particular
message format.
2004-11-18 11:45:13 +00:00
Yaroslav Tykhiy
eb5b2bb3ae Apply __printflike() to the appendf() prototype so the compiler
can detect format errors.
2004-11-18 11:32:35 +00:00