Commit Graph

1438 Commits

Author SHA1 Message Date
peter
cc584e743e Attempt to use i386_set_gsbase(), and gracefully fall back to LDT methods
if the direct access methods are not implemented.
2005-04-14 00:04:50 +00:00
dougb
9f905f9a32 The script mistakenly ignores the entropy_save_sz variable from
rc.conf[.local]. Fix this, and leave the default as 2048.

Update the copyright year to include the present.

Update the assignment of the copyright to be me personally,
instead of "The FreeBSD Project" which is not a legal entity,
and therefore not a proper assignee. My intention remains the
same however, that this code continue to be BSD licensed, and
freely available to anyone that wants it under those terms.

PR:		conf/75722
Submitted by:	Nicolas Rachinsky <list@rachinsky.de>
2005-04-11 02:07:33 +00:00
des
60545900ac Revert parts of previous commits and use a temporary variable to avoid
an invalid type pun.
2005-04-08 11:19:50 +00:00
cognet
e5793c22b5 No need to provide atomic_cmpset_32() anymore. 2005-04-07 22:04:49 +00:00
nectar
5ef2c40c86 An array was mistaken for a pointer in the previous commit.
Noticed by:	tinderbox, stefanf
Pointy hat to:	nectar
2005-04-07 19:26:35 +00:00
stefanf
d725ed3ef9 Include gettytab.h before extern.h so that the declarations of struct
gettyflags, gettynums and gettystrs are available.
2005-04-06 17:42:24 +00:00
nectar
61f636fac5 Correct type mismatch introduced in last commit.
Noticed by:	Steve Kargl <sgk@troutmask.apl.washington.edu>
2005-04-05 18:25:27 +00:00
nectar
e3a960f747 DES pointed out that the PAM layer may change the target user name
during authentication.  Thus we need to call getpwnam *after* the user
has been authenticated.  Colin mentioned that we should also move the
check for root in that case.
2005-04-05 14:55:33 +00:00
dfr
28f6ef7207 When allocating TLS and DTV, make sure that any unused slots in the DTV
are initialised to zero. When freeing TLS, don't attempt to free DTV
slots which were not used.

Pointed out by: Joerg Sonnenberger
X-MFC-After: After the branch, probably
2005-03-30 08:28:26 +00:00
nectar
7612195da3 When PAM support was added to rexecd in revision 1.29 (just prior to
5.0-RELEASE), a visually elusive bug was introduced.  A comparison
operator was changed to assignment.  As a result, rexecd behaved
always as if the `-i' option had been specified.  It would allow root
logins.  This commit corrects the situation in the obvious way.

A separate bug was introduced at the same time.  The PAM library
functions are called between the invocation of getpwnam(3) and the use
of the returned static object.  Since many PAM library functions
result in additional getpwnam(3) calls, the contents of the returned
static object could be changed from under rexecd.  With this commit,
getpwnam_r(3) is used instead.

Other PAM-using applications should be reviewed for similar errors in
getpw* usage.

Security:	rexecd's documented default policy of disallowing root
		logins was not enforced.
Reviewed by:	cperciva
2005-03-27 13:59:44 +00:00
cperciva
41e5dc1245 If "dangerous" environment variables (LD_PRELOAD, LD_LIBMAP,
LD_LIBMAP_DISABLE, LD_LIBRARY_PATH) are used, then make sure the
libraries being loaded aren't on a noexec-mounted filesystem.

This is a compromise position: I'm assuming that nobody will be silly
enough to set the noexec mount flag on part of the default library
path, in order to avoid adding extra overhead into the common case
(where those environment variables aren't used).

Discussed with:	csjp, secteam
MFC after:	1 week
2005-03-24 10:12:29 +00:00
das
a3ce0a8f38 Use sysconf(_SC_ARG_MAX) instead of NCARGS. 2005-03-21 08:01:14 +00:00
davidxu
fe92205e51 Add locking code for tls routines. 2005-03-20 23:28:25 +00:00
ru
7a374dd510 Install rlogind(8). Pointy hat is available on request. 2005-03-03 15:59:32 +00:00
trhodes
0c94f7d5b7 Wrap BSD r* commands in NO_RCMDS.
Change NO_RCMDNS to NO_RCMDS and do the switch in bsd.compat.mk.

Discussed with: ru, nectar
2005-03-02 11:53:22 +00:00
ume
a1696604ef correct WARNS=6 fix to use cast to (void *).
use of struct sockaddr_strage * is thought as not good manner. :)
2005-03-01 10:55:06 +00:00
dfr
1657f8ff16 Attempt to free any static TLS space used by a shared library when it
is unloaded. This allows applications which load and unload libraries
like libGL.so.1 several times to work properly.

MFC after: 2 days
2005-02-27 12:55:40 +00:00
cognet
87e5b0734e Only provide the dummy, non-atomic atomic_cmpset_32() if
ARM_HAS_ATOMIC_CMPSET_32 isn't defined.
2005-02-26 22:49:19 +00:00
des
3b0638f2e6 If what we have is a struct sockaddr_storage * and what we want is a
struct sockaddr_storage *, there's no point in casting it prematurely
to a struct sockaddr *.  This unbreaks WARNS=6 on sparc64.
2005-02-23 21:26:55 +00:00
des
1c7aafee6d Make WARNS=6-clean. 2005-02-23 17:13:28 +00:00
yar
d078bd62da Add some consistency checks to the signal-related code.
MFC:	along with rev. 1.202
2005-02-16 11:35:51 +00:00
yar
5ca5328240 A call to maskurg() makes sense only when a transfer is under way,
the function will emit an annoying log message otherwise.

Reported by:	kris
MFC:		along with rev. 1.202
2005-02-16 11:22:20 +00:00
stefanf
7802733c66 - Use socklen_t.
- No need for 'fromlen' to have file scope.
- Remove an unused variable.
2005-02-14 17:59:52 +00:00
stefanf
c15c71c518 Fix most cases where the address of an int is passed to a function expecting a
socklen_t * argument.
2005-02-14 17:42:58 +00:00
ru
1f12ffeb1d Expand contractions. 2005-02-13 23:45:54 +00:00
ru
d65df7068b Expand *n't contractions. 2005-02-13 22:25:33 +00:00
ru
263bd944be Sync program's usage() with manpage's SYNOPSIS. 2005-02-09 20:36:12 +00:00
ru
f5d23034ae Removed Kerberos remnants. 2005-02-09 20:23:36 +00:00
ru
51c51257a1 The only user of this utility (share/man/man0) was removed 2+ years ago. 2005-02-09 19:50:45 +00:00
mdodd
02821e3401 Description from Dan:
Another handy libmap patch.  Lets you do stuff like this:

	LD_LIBMAP="libpthread.so.1=libthr.so.1" mythreadedapp

	If you already have a program-specific override in libmap.conf, note
	that you must use a program-specific override in LD_LIBMAP:

	LD_LIBMAP="[mythreadedapp],libpthread.so.1=libthr.so.1" mythreadedapp

PR:		bin/74471
Submitted by:	Dan Nelson <dnelson AT allantgroup.com>
MFC after:	2 weeks
2005-02-04 02:46:41 +00:00
mdodd
002ed442ea style(9) 2005-02-04 02:13:37 +00:00
ru
16a1b958bd Let bsd.prog.mk set SRCS and MAN to their default values. 2005-01-28 16:08:11 +00:00
yar
fbf5a3b009 Respect the `logging' flag.
Pointed out by:	Nick Leuta
MFC after:	3 days
2005-01-19 10:49:40 +00:00
yar
e23bed61c8 Improve handling SIGURG and OOB commands on the control channel.
The major change is to process STAT sent as an OOB command w/o
breaking the current data transfer.  As a side effect, this gives
better error checking in the code performing data transfers.

A lesser, but in no way cosmetic, change is using the flag `recvurg'
in the only signal-safe way that has been blessed by SUSv3.  The
other flag, `transflag,' becomes private to the SIGURG machinery,
serves debugging purposes only, and may be dropped in the future.

The `byte_count' global variable is now accounting bytes actually
transferred over the network.  This can give status messages looking
strange, like "X of Y bytes transferred," where X > Y, but that has
more sense than trying to compensate for combinations of data formats
on the server and client when transferring ASCII type data.  BTW,
getting the size of a file in advance is unreliable for a number of
reasons in the first place.  See question 18.8 of the Infrequently
Asked Questions in comp.lang.c for details.

PR:		bin/52072
Tested by:	Nick Leuta (earlier versions), a stress-testing tool (final)
MFC after:	1 month
2005-01-19 10:33:20 +00:00
ru
a39443efdf Sort sections. 2005-01-18 09:29:40 +00:00
delphij
3f08064c9b 64-bit clean + WARNS=6:
- Convert the (char *) cast+cast backs magic to
	  memcpy(3).  Without this, the resulting code
	  is potentially risky with higher optimization
	  levels.
	- Avoid same name when calling local variables,
	  as well as global symbols.  This reduces
	  confusion for both human and compiler.
	- Add necessary casts, consts
	- Use new style function defination.
	- Minor style.Makefile(5) tweak
	- Bump WARNS?= from 0 to 6

** for the aout code: changes are intentionally limited
   to ease maintaince.
2005-01-14 12:22:57 +00:00
trhodes
8a8433aa34 Restore these files to make ldconfig(8) happy. 2005-01-11 16:40:29 +00:00
trhodes
76622446bb Remove a.out runtime linker. It doesn't build and was removed from the
build over two years ago by peter.

The binary a.out version of ld.so can be obtained from misc/compat22 or
src/lib/compat/compat22.

Discussed on:	-arch
Voted yes:	jhb, ru, linimon, delphij
2005-01-11 06:15:19 +00:00
yar
89aa09f5c4 Replace err(3) calls when in daemon mode by syslog(3), too.
A daemon has no stderr to send its complains to.

Pointed out by:	Nick Leuta
MFC after:	1 week
2005-01-10 12:19:11 +00:00
ru
c86259f3a1 NOPAM -> NO_PAM 2004-12-21 12:49:24 +00:00
ru
220424258f NOINET6 -> NO_INET6 2004-12-21 10:49:29 +00:00
ru
9ab6c40553 NOCRYPT -> NO_CRYPT 2004-12-21 10:16:04 +00:00
ru
fa418ada13 NODOCCOMPRESS -> NO_DOCCOMPRESS
NOINFO -> NO_INFO
NOINFOCOMPRESS -> NO_INFOCOMPRESS
NOLINT -> NO_LINT
NOPIC -> NO_PIC
NOPROFILE -> NO_PROFILE
2004-12-21 09:33:47 +00:00
ru
54d390266a Start the dreaded NOFOO -> NO_FOO conversion.
OK'ed by:	core
2004-12-21 08:47:35 +00:00
yar
4095278a2b Do a small style(9) fix before I'm hacking the code itself. 2004-12-16 07:27:28 +00:00
yar
30b9a2308f free(3) is void already. 2004-12-16 07:17:56 +00:00
yar
ef08c4e2d3 Never emit a message to stderr: use syslog instead.
When in inetd mode, this prevents bogus messages from
appearing on the control channel.  When running as a
daemon, we shouldn't write to the terminal we used to
have at all.

PR:		bin/74823
MFC after:	1 week
2004-12-12 17:30:28 +00:00
cognet
fadebd106a Implement a dummy atomic_cmpset_32(). It should be safe to use it in rtld as
the signals are masked anyway.
2004-11-23 16:32:34 +00:00
yar
3f1014b4f0 When looking for a virtual host to handle the connection,
stop the search on the first match for efficiency.

Submitted by:	Nick Leuta
2004-11-22 11:10:04 +00:00
yar
639a06b313 Calling pam_chauthtok() isn't really needed since
an FTP user has no chance to change password anyway.

Submitted by:	Nick Leuta
2004-11-22 11:02:42 +00:00