non-printable characters to sneak into /var/log/messages (e.g.
someone aims a Solaris/Linux RCP exploit at your FreeBSD box and
you end up with his shellcode as part of a log entry). You might
get something like,
host.mydom.org login failures:
Binary file (standard input) matches
In the daily security script as a result. Allowing attackers to
mess with your security script's ability to accurately report
is a Bad Thing. Tell grep(1) to treat /var/log/messages like a
text file even if it has non-printable characters.
Submitted by: Tim Zingelman <zingelman@fnal.gov> on freebsd-security
Approved by: ru
MFC after: 1 week
the default section and into the papchap section.
It's really irritating when you run ppp with no arguments and end up
blowing away your default route !
I get a link error on in6addr_<something> and i cannot find the
symbol in any of the libraries. It might be my mistake, but in any
case the crunched binary would overflow the floppy, so...
This applies to -current only.
Make sure hints are statically compiled into the kernel,
because the bootloader is not available in picobsd and so the
hints file cannot be found at run time.
(This is kind of inconvenient if you have to handle non PnP devices,
but fortunately these days non-PnP ISA cards are disappearing...)
This must have to do with the use of devfs in -CURRENT, but i
have no idea when the devfs is actually mounted (is it a
side effect of mount -t nonfs or what ?) and when /dev/fd0c becomes
available.
For the time being, let's use this hack. Once I understand how devfs
works, this can be reverted back to the previous value, and also the
part of the build script which creates device entries can be nuked.
This is for -current only.
better place to handle dependencies.
Make another step at helping cross-compiling: when the user specifies
an alternate source tree, the script takes care of creating include
files and libraries for the new tree.
Furthermore, build and use a version of the "config" program which
matches the new sources.
It takes a long time to create libraries, and it might even not do
the right thing at once, there might be some dependencies that i
have forgotten. At any rate, with this code i have been able to
build a working picobsd image using -CURRENT sources on -STABLE
MFC after: 3 days
are duplicated by newly defined types/options in RFC3121
- We have no backward compatibility issue. There is no apps in our
distribution which use the above types/options.
Obtained from: KAME
MFC after: 2 weeks
driver itself obviously won't configure such a disk, but the error
returned (EDOM) is more cryptic to the average user than it should be.
Also assert that the argument to -u is in fact a valid unit; don't
just accept any string to mean 0.
Approved by: phk
lock. We now use temporary variables to save the process argument pointer
and just update the pointer while holding the lock. We then perform the
free on the cached pointer after releasing the lock.
. staticize out_fdc(), there's no longer an ft(4) driver sharing its use
. remove in_fdc(), has been used by ft(4) last time, long since obsoleted
by fd_in()
. move the declaration of fd_clone() to where most of the other function
declarations are
. de-__P()ify fd_clone(), it's been the only _P()ed function in the
entire file
something: offset into the first mbuf of the target chain before copying
the source data over.
Make drivers using m_devget() with a first argument "data - ETHER_ALIGN"
to use the offset argument to pass ETHER_ALIGN in. The way it was previously
done is potentially dangerous if the source data was at the top of a page
and the offset caused the previous page to be copied (if the
previous page has not yet been appropriately mapped).
The old `offset' argument in m_devget() is not used anywhere (it's always
0) and dates back to ~1995 (and earlier?) when support for ethernet trailers
existed. With that support gone, it was merely collecting dust.
Tested on alpha by: jlemon
Partially submitted by: jlemon
Reviewed by: jlemon
MFC after: 3 weeks
