possibility of security holes allowing root penetration.
Inspired by: Mark Handley <M.Handley@cs.ucl.ac.uk> and
Theo de Raadt <deraadt@theos.com> independently
Submitted by: Theo de Raadt <deraadt@theos.com>
since rt_readenv() already takes care of not setting unsafe variables.
This was part of the changes I submitted to Peter and John during the
review which must have gotten missed.
how I managed to get this out of sync, but I did. I guess that's what I
get for directly committing from different machines that I was testing on.
Pointed out by: Paul Traina <pst@freebsd.org>
known to printf(3) and then used printf() to format it... The only
problem what the #define printf out1fmt. The code was behaving differently
when run as a shell builtin since out1fmt() isn't printf(3).
Simple hack. Print to a buffer and fputs (also #defined for sh) the
result. This should fix the printf builtin problem in PR#1673, rather
than leaving the call commented out. (printf.o was being statically linked
in anyway, we might as well use it)
a (now) defunct routine that no longer exists (causing an empty .o file),
and were missing some others. Some of the ones we were missing are no-ops
on the i386, so there are now 4 empty .o files.
(It seems that libc/quad has got some defunct functions now)
configurable fallback search paths, as well as new crt interface version.
Also:
- even faster getenv(), get all environment variable settings in a single
pass.
- ldd printf-like format specifications
- minor code cleanups, one vsprintf -> vsnprintf (harmless)
The library search sequence is a little more complete now. Before,
it'd search $LD_LIBRARY_PATH (by opendir/readdir/closedir), then read
the hints file, then read /usr/lib (again by scanning thr directory). It
would then fail if there was no "found" library.
Now, it does LD_LIBRARY_PATH and the hints file the same, but then uses
a longer fallback path. The -R path is fetched from the executable if
specified at build time, the ldconfig path is appended, and /usr/lib is
appended to that. Duplicates are suppressed. This means that simply
placing a new library in /usr/local/lib will work (the same as it did in
/usr/lib) without needing ldconfig -m. It will find it quicker if the
ldconfig is run though.
Similar changes have been made to the NetBSD ld.so, but ours is rather
different now due to John Polstra's speedups and fixes from a while back.
The ldd printf-like format support came direct from NetBSD.
Reviewed by: nate, jdp
ldconfig path (from NetBSD). I added code to make sure there were no
duplicates in the path when multiple ldconfig -m's were used.
Reviewed by: nate, jdp
Obtained from: NetBSD (partly)
with the -R option and store the path in the dynamic header when specified.
The $LD_RUN_PATH environment variable is not checked yet.
While here, split up the code a bit more to enable more selective replacing
of GPL'ed components that are linked with ld.so with others.
Obtained from: NetBSD (mostly, the breakup is my fault)
and forwards compatable with version 3. This is needed to enable storing
a run-time library path in the dynamic linking headers. The crt startup
tries version 4 first, and falls back to version 3, so an executable that
is linked on -current will work with the ld.so on 2.1.x and less.
Reviewed by: nate, jdp
Obtained from: NetBSD
I.e., "cvs -H init" went ahead and initialized the repository, and did
not print out a usage message. Not nice.
Also added the "init" command to the list that comes out when you type
"cvs --help-commands". There is still not a word about it in the manual
page.
Yes, I am sending these fixes to the FSF.
support LD_HINTS_VERSION_2 that has the ldconfig pathname stored in the
ld.so.hints file (ie: a new library can be installed and used without
needing to run ldconfig -m first)
Reviewed by: nate, jdp
Obtained from: NetBSD (mostly)
.weak as gcc and g++ would like to use.
This includes changes to other architectures mostly for completeness,
I don't expect cross-assemblink would work but I could be wrong.
Obtained from: NetBSD
have it check to see that it doesn't contain any '/' characters. This
prevents possible silliness like ypcat "../../../kernel". We already
test the domain name for this in yp_validdomain(), and ypserv itself
tests the map name in yp_open_db(), but it doesn't hurt to be paranoid
and test for it in the generic access routine too. rpc.ypxfrd does not
test the map name for slashes, but it does call yp_access() with the
map name, so this removes a potential vulnerability from there.
Also make the tests for IPPORT_RESERVED a little more selective: make
sure it trips when map == master.passwd.*, prog == YPPROC and proc ==
YPPROC_XFR, and prog == YPXFRD_FREEBSD_PROG and proc == YPXFRD_GETMAP.
Also use IPPORT_RESERVED instead of hard-coded value.