Commit Graph

3530 Commits

Author SHA1 Message Date
Jilles Tjoelker
1becbc64f8 sh(1): Remove -c string from set builtin documentation
Altering the -c string at run time does not make sense and is not possible.

MFC after:	1 week
2018-12-08 12:49:19 +00:00
Sevan Janiyan
d7a570379b Clarify that /dev/kmem is not used.
Move cross ref to right place while here.

Submitted by:	kib
MFC after:	7 days
2018-12-03 20:01:51 +00:00
Sevan Janiyan
9588059256 Note these tools use kvm(3) and not procfs as in Solaris.
Obtained from:	NetBSD
MFC after:	7 days
2018-12-03 18:00:46 +00:00
Guangyuan Yang
e4c7371cef Clarify that patterns are extended regular expressions in pkill(1) manual page.
PR:		231060
Submitted by:	naddy
MFC after:	3 days
2018-12-01 05:58:33 +00:00
Maxim Sobolev
dead7b5e47 Replace hand-crafted naive byte-by-byte zero block detection routine
with macro based around memcmp(). The latter is expected to be some
8 times faster on a modern 64-bit architectures.

In practice, throughput of doing conv=sparse from /dev/zero to /dev/null
went up some 5-fold here from 1.9GB/sec to 9.7GB/sec with this change
(bs=128k).

MFC after:	2 weeks
2018-11-29 19:28:01 +00:00
Jilles Tjoelker
468ed39612 sh: Fix ${param?} default error message
If word in ${param?word} is missing, the shell shall write a default error
message. So expanding ${param?} when param is not set should write an error
message like

sh: param: parameter not set

This was broken by r316417.

PR:		233585
2018-11-28 20:03:53 +00:00
Jilles Tjoelker
77da4a95e8 sh: Use 126 and 127 exit status for failures opening a script
This affects scripts named on the command line, named with a '.' special
builtin and found via the PATH %func autoloading mechanism.

PR:		231986
2018-11-27 21:49:59 +00:00
Conrad Meyer
900c4ed3ca rm(1): Formalize non-functional status of -P flag
-P was introduced in 4.4BSD-Lite2 around 1994.  It overwrote file contents
with a pass of 0xff, 0x00, then 0xff, in a low effort attempt to "really
delete" files.

It has no user-visible effect; at the end of the day, the file is unlinked via
the filesystem.  Furthermore, the utility of overwriting files with patterned
data is extremely limited due to caveats at every layer of the stack[0] and
therefore mostly futile.  At the least, three passes is likely wasteful on
modern hardware[1].  It could also be seen as a violation of the "Unix
Philosophy" to do one thing per tiny, composable program.

Since 1994, FreeBSD has left it alone; OpenBSD replaced it with a single
pass of arc4random(3) output in 2012[2]; and NetBSD implemented partial, but
explicitly incomplete support for U.S. DoD 5220.22-M, "National Industrial
Security Program Operating Manual" in 2004[3].

NetBSD's enhanced comment above rm_overwrite makes a strong case for removing
the flag entirely:

> This is an expensive way to keep people from recovering files from your
> non-snapshotted FFS filesystems using fsdb(8).  Really.  No more.
>
> It is impossible to actually conform to the exact procedure given in
> [NISPOM] if one is overwriting a file, not an entire disk, because the
> procedure requires examination and comparison of the disk's defect lists.
> Any program that claims to securely erase *files* while conforming to the
> standard, then, is not correct.
>
> Furthermore, the presence of track caches, disk and controller write
> caches, and so forth make it extremely difficult to ensure that data have
> actually been written to the disk, particularly when one tries to repeatedly
> overwrite the same sectors in quick succession.  We call fsync(), but
> controllers with nonvolatile cache, as well as IDE disks that just plain lie
> about the stable storage of data, will defeat this.
>
> [NISPOM] requires physical media destruction, rather than any technique of
> the sort attempted here, for secret data.

As a first step towards evental removal, make it a placebo.  It's not like
it was serving any security function.  It is not defined in or mentioned by
POSIX.

If you are security conscious and need to erase your files, use a
woodchipper.  At a minimum, the entire disk needs to be overwritten, not
just one file.

[0]: https://www.ru.nl/publish/pages/909282/draft-paper.pdf
[1]: https://commons.erau.edu/cgi/viewcontent.cgi?article=1131&context=jdfsl
[2]: https://github.com/openbsd/src/commit/7c5c57ba81b5fe8ff2d4899ff643af18c
[3]: https://github.com/NetBSD/src/commit/fdf0a7a25e59af958fca1e2159921562cd

Reviewed by:	markj, Daniel O'Connor <darius AT dons.net.au> (previous version)
Differential Revision:	https://reviews.freebsd.org/D17906
2018-11-10 20:26:55 +00:00
Jilles Tjoelker
bb324af62a sh: Unify EXERROR and EXEXEC
The difference between EXERROR and EXEXEC was that EXEXEC passed along
exitstatus and EXERROR set exitstatus to 2 in the handling code.

By changing the places that raised EXERROR to set exitstatus to 2, the
handling of EXERROR and EXEXEC becomes the same.
2018-11-09 14:58:24 +00:00
Mariusz Zaborski
377421df96 capsicum: use a new capsicum helpers in tools
Use caph_{rights,ioctls,fcntls}_limit to simplify the code.
2018-11-04 19:24:49 +00:00
Conrad Meyer
d83db3fb6a Drop ed(1) "crypto"
You should not be using DES.  You should not have been using DES for the
past 30 years.

The ed DES-CBC scheme lacked several desirable properties of a sealed
document system, even ignoring DES itself.  In particular, it did not
provide the "integrity" cryptographic property (detection of tampering), and
it treated ASCII passwords as 64-bit keys (instead of using a KDF like
scrypt or PBKDF2).

Some general approaches ed(1) users might consider to replace the removed
DES mode:

1. Full disk encryption with something like AES-XTS.  This is easy to
conceptualize, design, and implement, and it provides confidentiality for
data at rest.  Like CBC, it lacks tampering protection.  Examples include
GELI, LUKS, FileVault2.

2. Encrypted overlay ("stackable") filesystems (EncFS, PEFS?, CryptoFS,
others).

3. Native encryption at the filesystem layer.  Ext4/F2FS, ZFS, APFS, and
NTFS all have some flavor of this.

4. Storing your files unencrypted.  It's not like DES was doing you much
good.

If you have DES-CBC scrambled files produced by ed(1) prior to this change,
you may decrypt them with:

  openssl des-cbc -d -iv 0 -K <key in hex> -in <inputfile> -out <plaintext>

Reviewed by:	allanjude, bapt, emaste
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D17829
2018-11-04 17:56:16 +00:00
Mark Johnston
49618eacb2 Avoid copying a struct stat for acl_from_stat() calls.
CID:		1375584
MFC after:	2 weeks
2018-11-01 17:45:29 +00:00
Mateusz Piotrowski
f11e51a920 ps(1): Pet mandoc and igor
- Use Xr to reference other manual pages.
- Reference execve(2) instead of exec(2) as exec(2) does not exist.
- Remove the deprecated "Tn" macro.
- Improve the formatting of the etime description.

Reviewed by:	bcr
Approved by:	krion (mentor, implicit), mat (mentor, implicit)
MFC after:	3 days
Differential Revision:	https://reviews.freebsd.org/D17780
2018-10-31 17:47:08 +00:00
Mateusz Piotrowski
c97c08de8a ps(1): Add a standard exit status section
Reviewed by:	bcr, eadler
Approved by:	krion (mentor)
MFC after:      3 days
Differential Revision:	https://reviews.freebsd.org/D17146
2018-10-31 16:10:04 +00:00
Jilles Tjoelker
b5532964e7 sh: Use exitstatus instead of exerrno to pass EXEXEC status
No functional change is intended.
2018-10-27 20:17:57 +00:00
Mark Johnston
15e594351a Don't set NFSv4 ACL inheritance flags on non-directories.
They only make sense in the context of directory ACLs, and attempting
to set them on regular files results in errors, causing a recursive
setfacl invocation to abort.

This is derived from patches by Shawn Webb <shawn.webb@hardenedbsd.org>
and Mitchell Horne <mhorne063@gmail.com>.

PR:		155163
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D15061
2018-10-26 21:17:06 +00:00
Mark Johnston
10cb5344fd Don't print pathconf() errors if the target file doesn't exist.
The subsequent acl_get_file(3) call will simply echo the same error.

PR:		229930
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
2018-10-26 19:01:52 +00:00
Mark Johnston
f024dd3bf0 Avoid leaking memory in error paths.
CID:		1390906
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
2018-10-26 18:56:58 +00:00
Conrad Meyer
93806cf9e5 stty.1: Document kern.tty_info_kstacks behavior (r339471)
Reported by:	bdrewery
Reviewed by:	bdrewery
Sponsored by:	Dell EMC Isilon
2018-10-20 18:53:32 +00:00
Kyle Evans
ac5d5b054f dd(1): Correct padding in status=progress
Output padding is specified via outlen, which is set using the return value
of fprintf. Because it's printing that padding plus a trailing byte, it
grows by one each iteration rather than reflecting actual length.

Additionally, iec was sized improperly for scaling up similarly to si.
Fixing this revealed that the humanize_number(3) call to populate persec
was using the wrong width.

Submitted by:	Thomas Hurst <tom@hur.st>
Reviewed by:	imp
Approved by:	re (kib)
Differential Revision:	https://reviews.freebsd.org/D16960
2018-09-13 14:54:46 +00:00
Ed Maste
19b4f0dca0 Fix unlink(1) for files starting with -
Restore the original behavior of unlink(1), passing the provided filename
directly to unlink(2), handling the first argument being "--" correctly.

This fixes "unlink -foo", broken in r97533.

PR:		228448
Submitted by:	Brennan Vincent <brennan@umanwizard.com> (original version)
Submitted by:	Yuri Pankov
Reported by:	Brennan Vincent <brennan@umanwizard.com>
Reviewed by:	emaste, kevans, vangyzen, 0mp
Approved by:	re (delphij)
Differential Revision: https://reviews.freebsd.org/D17132
2018-09-12 19:41:16 +00:00
Jilles Tjoelker
4269bba2eb sh: Fix formal overflow in pointer arithmetic
The intention is to lower the value of the pointer, which according to ubsan
cannot be done by adding an unsigned quantity.

Reported by:	kevans
Approved by:	re (kib)
MFC after:	1 week
2018-09-05 19:16:09 +00:00
Brad Davis
94ec7ec758 Finish moving dot.cshrc and dot.profile to bin/csh/ and bin/sh/.
Approved by:	re (gjb), will (mentor)
Differential Revision:	https://reviews.freebsd.org/D16770
2018-08-29 16:59:19 +00:00
Brad Davis
b4d1ec6c69 Fix the install of /root/.login missed as part of r337849.
Approved by:	re (rgrimes)
2018-08-28 22:51:45 +00:00
Kyle Evans
517d0a9043 ls(1): Gate the do_color_* definitions behind COLORLS
Pointy hat to:	me
2018-08-18 21:03:19 +00:00
Kyle Evans
041e6eb1c5 ls(1): Support other aliases for --color arguments used by GNU ls(1)
These aliases are supported and documented in the man page. For now, they
will not be mentioned in the error when an invalid argument is encountered,
instead keeping that list to the shorter 'preferred' names of each argument.

Reported by:	rgrimes
2018-08-18 20:55:20 +00:00
Kyle Evans
e10ba80063 ls(1): Add --color=when
--color may be set to one of: 'auto', 'always', and 'never'.

'auto' is the default behavior- output colors only if -G or COLORTERM are
set, and only if stdout is a tty.

'always' is a new behavior- output colors always. termcap(5) will be
consulted unless TERM is unset or not a recognized terminal, in which case
ls(1) will fall back to explicitly outputting ANSI escape sequences.

'never' to turn off any environment variable and -G usage.

Reviewed by:	cem, 0mp (both modulo last-minute manpage changes
Differential Revision:	https://reviews.freebsd.org/D16741
2018-08-17 04:15:51 +00:00
Kyle Evans
7db2f1fe08 ls(1): Fix color env var checking
CLICOLOR will behavior as always- if present at all in the environment,
allow colors.

COLORTERM, recently enforced, will have to be both present and not empty.

Submitted by:	imp
2018-08-16 01:27:16 +00:00
Brad Davis
3349f8bb8f Revert parts of r337849 and r337857
This fixes the build and I will redo these changes as part of a future review
that organizes them differently.  The way I tried to do it here could be done
better.  Sorry for the noise.

Approved by:	will (mentor)
Differential Revision:	https://reviews.freebsd.org/D16737
2018-08-15 23:18:34 +00:00
Kyle Evans
eceaf4e3c6 dd(1): Kill off duplicate progress definition following r337865
Reported by:	mmacy
2018-08-15 20:50:38 +00:00
Kyle Evans
8acbb227d9 dd: Incorporate some changes from imp for status=progress
Notable changes from what landed in r337505:
- sigalarm handler isn't setup unless we're actually using it
- Humanized versions of the amount of data transferred in the progress
  update

Submitted by:	imp
Reviewed by:	kevans
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D16642
2018-08-15 19:46:13 +00:00
Brad Davis
1da0bddb6d Fix build after r337849
This moves the symlink creation to after where the files are installed.

This also inverts the shell change so that it only happens if MK_TCSH is on.

Approved by:	will (mentor)
Differential Revision:	https://reviews.freebsd.org/D16725
2018-08-15 16:22:12 +00:00
Brad Davis
b26c7f7fee Move all sh and csh files into bin/sh/ or bin/csh/
This simplifies pkgbase by migrating these to CONFS so they are properly
tagged as config files.

Approved by:	will (mentor)
Differential Revision:	https://reviews.freebsd.org/D16708
2018-08-15 14:41:24 +00:00
Kyle Evans
33ce7acbb0 ls(1): Enable colors with COLORTERM is set in the environment
COLORTERM is the de facto standard, while CLICOLOR is generally specific to
FreeBSD and ls(1).

PR:		230101
Submitted by:	D Green <dfrg@xsmail.com> (with manpage additions by myself)
Reviewed by:	cem ("LGTM" in PR; pre-manpage changes)
MFC after:	1 week
2018-08-08 21:51:19 +00:00
Kyle Evans
4767c42c11 dd: add status=progress support
This reports the current status on a single line every second, mirroring
similar functionality in GNU dd, and carefully interacts with SIGINFO.

PR:		229615
Submitted by:	Thomas Hurst <tom@hur.st> (modified for style(9) nits by me)
MFC after:	1 week
2018-08-08 21:37:02 +00:00
Conrad Meyer
2c77ec5419 date(1): Add ISO 8601 formatting option
The new flag is named '-I'.  It is documented in the manual page and covered
by basic unit tests.
2018-08-04 21:54:30 +00:00
Mateusz Piotrowski
17e98da88e Describe how to prevent *.core files from being created using ulimit.
While here, pet mandoc.

Reviewed by:	eadler (previous revision), jilles (previous revision), mat (mentor)
Approved by:	manpages (jilles), mat (mentor)
Differential Revision:	https://reviews.freebsd.org/D15609
2018-07-19 13:09:29 +00:00
Jilles Tjoelker
4600b569bb sh: Don't treat % specially in CDPATH 2018-07-15 21:55:17 +00:00
Jilles Tjoelker
7d6f6a3532 sh: Don't use padvance() for MAIL/MAILPATH
Using padvance() requires undoing its append of '/' and prevents adjusting
its '%' logic to allow most directories with '%' in PATH.

No functional change is intended.
2018-07-15 09:14:30 +00:00
Bryan Drewery
d717a1d4bc Stop building intermediate .o files.
These are not used to link the final tool anymore.  At some point in the past
the suffix rules changed to not link these in.  The original reason for this in
r19176 is unclear but seems to be related to mkdep.  The .depend handling is
still broken here as it is for all build tool patterns like this.

Sponsored by:	Dell EMC
2018-06-27 21:36:49 +00:00
Bryan Drewery
96a0acc4ce Don't use CCACHE for linking.
MFC after:	2 weeks
Sponsored by:	Dell EMC
2018-06-27 19:29:15 +00:00
Mariusz Zaborski
7672a0148f Convert cap_enter() < 0 && errno != ENOSYS to caph_enter() < 0.
No functional change intended.
2018-06-19 23:43:14 +00:00
Eitan Adler
377da67109 pwd: mark usage as dead 2018-06-17 05:14:50 +00:00
Eitan Adler
c6a5ff7153 ps(1): fix some nits
- fracmem and mempages are double. ki_rssize should be too
- remove default case that is fully covered by all existing cases
- mark usage as dead
2018-06-13 00:45:35 +00:00
Edward Tomasz Napierala
bc0d110222 Add an example to the chflags(1) man page.
MFC after:	2 weeks
2018-06-12 16:44:13 +00:00
Conrad Meyer
3181398b92 Update other man pages to match leap second reality
Missed these in r334501; see justification there:

https://svnweb.freebsd.org/base?view=revision&revision=334501

Sponsored by:	Dell EMC Isilon
2018-06-01 22:37:59 +00:00
Jilles Tjoelker
dc0dbd74c4 sh: Split CNL syntax category to avoid a check on state[level].syntax
No functional change is intended.
2018-05-21 21:52:48 +00:00
Jilles Tjoelker
29988d0ef0 sh: Allow unquoted newlines in word in ${param+word} etc.
POSIX requires accepting unquoted newlines in word in parameter expansions
like ${param+word}, ${param#word}, although the Bourne shell did not support
it, it is not commonly used and might make it harder to find a missing
closing brace.

It was also strange that something like

foo="${bar#
}"

was rejected.

Reported by:	Martijn Dekker via Robert Elz
2018-05-20 17:25:52 +00:00
Jilles Tjoelker
0c6c134f79 sh: Test that backslash-newline within single-quotes is not special
This works correctly, but the test may be helpful when modifying the parser.
2018-05-11 21:56:01 +00:00
Jilles Tjoelker
4d7f36eea5 sh: Don't have [ match any [[:class:]]
Submitted by:	Robert Elz
MFC after:	3 days
2018-04-29 17:46:08 +00:00