given for -a did not exist, then newsyslog would always try to create
it, even if -n was specified.
2) When -a processing *does* create the directory, have it check the result
from mkdir(), and immediately error-out if that failed.
PR: bin/46974
MFC after: 3 weeks
specified at runtime, but that filename is not listed in the newsyslog.conf
file. This default-action can be changed by having a line in newsyslog.conf
with the filename of "<default>". Before this change, the program would
quietly ignore the given file. An update to the man page will be written
after I finish some other updates to newsyslog.c.
Reviewed by: no objections from freebsd-arch
MFC after: 3 weeks
instead of allocating another page of kva and mapping it in again. This was
likely an oversight in revision 1.174 (cut and paste from pmap_pinit).
Discussed with: peter, tegge
Sponsored by: DARPA, Network Associates Laboratories
Reading the PCI config space with the wrong (larger) size is not
a problem in this case, but writing can be as it clobbers unrelated
registers. In this case the clobbering is for reserved fields, which
too is mostly harmless... for now. Hence, this change is mostly
preventive in nature.
o Expand on MAC policy enforcement on network interfaces
o Add cross-references to su(1) and setfsmac(8) where appropriate
o Comment out mmap revocation sysctls as they are a bit too experimental
o Add the standard BUGS section
Prompted by: rwatson
Sponsored by: DARPA, Network Associates Laboratories
page directory.
- Use these instead of the magic constants 1 or PAGE_SIZE where appropriate.
There are still numerous assumptions that the page directory is exactly
1 page.
Sponsored by: DARPA, Network Associates Laboratories
without waiting, since they are called from a system-call context only.
This appears to fix all sorts of problems with open("/dev/dsp", O_WRONLY)
randomly returning ENXIO.
Found by: cognet
Security improvements:
- Increase the size of each syncookie secret from 32 to 128 bits
in order to make brute force attacks on the secrets much more
difficult.
- Always return the lowest order dword from the MD5 hash; this
allows us to expose 2 more bits of the cookie and makes ACK
floods which seek to guess the cookie value more difficult.
Performance improvements:
- Increase the lifetime of each syncookie from 4 seconds to 16
seconds. This increases the usefulness of syncookies during
an attack.
- From Yahoo!: Reduce the number of calls to MD5Update; this
results in a ~17% increase in cookie generation time here.
Reviewed by: hsu, jayanth, jlemon, nectar
MFC After: 15 seconds
in massive locking issues on diskless systems.
It is also not clear that this sysctl is non-dangerous in its
requirements for locked down memory on large RAM systems.
into a child process. Rather than closing the discriptors manually,
mark all discriptors as close-on-exec.
PR: 47694
Submitted by: Max Okumoto <okumoto@ucsd.edu>
Obtained from: NetBSD
MFC after: 2 weeks
we don't leak memory. Only one of these two cases (reconfig) actually
causes a leak because the other is usually followed by an exec.
PR: 46845
Reviewed by: David Wang <dsw@juniper.net>
MFC after: 2 weeks