Correct insecure temporary file usage in ee. [06:02]
Correct a race condition when setting file permissions, sanitize file
names by default, and fix a buffer overflow when handling files
larger than 4GB in cpio. [06:03]
Fix an error in the handling of IP fragments in ipfw which can cause
a kernel panic. [06:04]
Security: FreeBSD-SA-06:01.texindex
Security: FreeBSD-SA-06:02.ee
Security: FreeBSD-SA-06:03.cpio
Security: FreeBSD-SA-06:04.ipfw
$ su
% kill -STOP $$
where su is executing (t)csh. csh's job handling is a little more
special than that of (a)sh, bash and even zsh and blows up a little
more spectacularly. This modification restores the original mucking
about with the tty pgrp, but is careful to only do it when su (or
su's child) is the foreground process.
While I'm here, fix a STDERR_FILENO spelling as suggested by bde.
su isn't the foreground process. Hopefully this won't break PAM,
but I couldn't find any useful information about ache's theory
that it will.
Specifically, this change fixes the following:
# sh
# echo $$
# su - root -c id &
# echo $$
The PID output changes as su seems to be kill -STOP'ing itself
and catching the parent shell in the process. This is especially
bad if you add a ``su - user -c command &'' to an rc script!
Sponsored by: Sophos/Activestate
Not objected to by: des
type which is a String type that has no -s limitations applied to it.
Change most Strings in the code to Names and add a few extra syscalls,
namely munmap, read, rename and symlink. This was enough to facilitate
following file descriptor allocations in the code more easily and
getting a hint at what's being read/written from/to files. More
syscalls should really be added.
While here, fix an off-by-one bug in the buffer truncation code and
add a fflush so that truss's output reflects the syscall that the
program is stuck in.
Sponsored by: Sophos/Activestate
MFC after: 2 weeks
but don't expect a proper ASCII string to exist right here right now, don't
use strcmp(3) which checks for a NUL. As we're still building the argument
up, the next character might be garbage. It would probably be just as safe to
temporarily write a NUL there, but if we've reached the end of argument memory
that might not be the best idea, I think. It's unclear.
Doing it this way seems to meet the most with the original intent.
PR: 85696
Prodded by: stefanf
with upper and lower case letters from the English alphabet. Change
the number of possible file names mktemp will return from 26**6
to (10+26+26)**6 instead. This keeps things consistent with mkstemp(3)
with FAST_IPSEC rather than the KAME IPSEC stack.
Note that the output of "netstat -s -p ipsec" differs depending on which
stack is compiled into the kernel since they each keep different stats.
This delta also adds the "esp", "ah", and "ipcomp" protocol stats, which
are also available when the kernel is compiled with the FAST_IPSEC stack
(e.g. "netstat -s -p esp").
Submitted by: Matt Titus <titus at nttmcl dot com>
MFC after: 3 days
holiday is now celebrated on December 1st. From the PR:
December 1 was adopted as National Day in 1990, being the day of
celebration of the Great Assembly of Alba Iulia which voted for the
union of Transylvania with Romania and which symbolise the union of all
Romanians within a single state and the achievement of the unity of
Romanian national state. [1]
[1] LAW Number 10 from July 31st, 1990
Regarding the proclamation of the National Day of Romania
http://www.1decembrie.ro/en/index.php?option=com_content&task=view&id=1&Itemid=4
PR: docs/90673
Submitted by: Ion-Mihai "IOnut" Tetcu
Originally pointed out by: Cornel Ilie <cornel dot c punkt ilie at gmail punkt com>
means:
o Remove Elf64_Quarter,
o Redefine Elf64_Half to be 16-bit,
o Redefine Elf64_Word to be 32-bit,
o Add Elf64_Xword and Elf64_Sxword for 64-bit entities,
o Use Elf_Size in MI code to abstract the difference between
Elf32_Word and Elf64_Word.
o Add Elf_Ssize as the signed counterpart of Elf_Size.
MFC after: 2 weeks
case. It seems entries are in reverse order when read from the kernel
memory but in the right order when read from a file (i.e. ALQ). Handle
both cases.
MFC after: 1 day
option is undocumented because it does nothing. It does nothing
because bsdtar never needs it. It is accepted because gnutar does
sometimes need it and many scripts use it.
Reported by: Pawel Jakub Dawidek
time_t and times will look incorrect on machines with 64bit time_t.
PR: 88788
Submitted by: Keith White <Keith.White -at- site.uottawa.ca>
MFC after: 1 week