with telnetd. This should really be done with a positive filter - i.e.
only allow through a configured list of variables.
Also do some buffer-safety cleanups while I'm here - I don't think these
are exploitable.
terminated and the data_len field is no longer necessary.
Add ASCII2BINARY and BINARY2ASCII capabilities.
The old format is still understood and dealt with, but can't do
the ASCII2BINARY and BINARY2ASCII stuff.
Approved by: archie
current implementation, jail neither virtualizes the Sys V IPC namespace,
nor provides inter-jail protections on IPC objects.
o Support for System V IPC can be enabled by setting jail.sysvipc_allowed=1
using sysctl.
o This is not the "real fix" which involves virtualizing the System V
IPC namespace, but prevents processes within jail from influencing those
outside of jail when not approved by the administrator.
Reported by: Paulo Fragoso <paulo@nlink.com.br>
standard or serial. This change needs to be done to the entire system that
depends on this. This way we don't have some code using OnVTY checks
and other doing
strcmp(variable_get(VAR_FIXIT_TTY), "standard") == 0
checks. Also we need to set VAR_FIXIT_TTY to "serial" if we come up on
a serial console.
Also fixed a dialog problem in that dialog was used when dialog was
disabled causing some troubles such as not letting the cursor keys
work when exiting the fixit mode on media (ie. not the fixit shell but
for example fixit on a floppy).
Submitted by: Doug Ambrisko <ambrisko@whistle.com>
PR: 22352
in the p_candebug() function. Synchronize with sef's CHECKIO()
macro from the old procfs, which seems to be a good source of security
checks.
Obtained from: TrustedBSD Project
in <sys/signal.h>.
This might be a shortterm fix until the manpage is updated towards
POSIX terminology. And maybe not...
PR: 21542
Submitted by: Ronald F. Guilmette <rfg@monkeys.com>
cosmetic changes
use /etc/pccard_ether for Xircom CreditCard Netwave
and 3Com Corporation" "3C562" (BUT NOT SUPPORTED).
fix `card line' of RATOC REX-5572 (as SCSI only)
use `config auto' for RATOC REX-5536AM, REX-9836A,
ICM PSC-2401 SCSI
PPTP links are no longer dropped by simple (and inappropriate in this
case) "inactivity timeout" procedure, only when requested through the
control connection.
It is now possible to have multiple PPTP servers running behind NAT.
Just redirect the incoming TCP traffic to port 1723, everything else
is done transparently.
Problems were reported and the fix was tested by:
Michael Adler <Michael.Adler@compaq.com>,
David Andersen <dga@lcs.mit.edu>