Set _PATH_DEFPATH to
/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin. This is the
path in the default class in the default /etc/login.conf,
excluding ~/bin which would not be expanded properly in a string
constant.
For normal logins, _PATH_DEFPATH is overridden by /etc/login.conf,
~/.login_conf or shell startup files. _PATH_DEFPATH is still used as a
default by execlp(), execvp(), posix_spawnp() and sh if PATH is not set, and
by cron. Especially the latter is a common trap (most recently in PR
204813).
PR: 204813
Reviewed by: secteam (delphij), alfred
Off by default, build behaves normally.
WITH_META_MODE we get auto objdir creation, the ability to
start build from anywhere in the tree.
Still need to add real targets under targets/ to build packages.
Differential Revision: D2796
Reviewed by: brooks imp
1. 50+% of NO_PIE use is fixed by adding -fPIC to INTERNALLIB and other
build-only utility libraries.
2. Another 40% is fixed by generating _pic.a variants of various libraries.
3. Some of the NO_PIE use is a bit absurd as it is disabling PIE (and ASLR)
where it never would work anyhow, such as csu or loader. This suggests
there may be better ways of adding support to the tree. Many of these
cases can be fixed such that -fPIE will work but there is really no
reason to have it in those cases.
4. Some of the uses are working around hacks done to some Makefiles that are
really building libraries but have been using bsd.prog.mk because the code
is cleaner. Had they been using bsd.lib.mk then NO_PIE would not have
been needed.
We likely do want to enable PIE by default (opt-out) for non-tree consumers
(such as ports). For in-tree though we probably want to only enable PIE
(opt-in) for common attack targets such as remote service daemons and setuid
utilities. This is also a great performance compromise since ASLR is expected
to reduce performance. As such it does not make sense to enable it in all
utilities such as ls(1) that have little benefit to having it enabled.
Reported by: kib
This is currently an opt-in build flag. Once ASLR support is ready and stable
it should changed to opt-out and be enabled by default along with ASLR.
Each application Makefile uses opt-out to ensure that ASLR will be enabled by
default in new directories when the system is compiled with PIE/ASLR. [2]
Mark known build failures as NO_PIE for now.
The only known runtime failure was rtld.
[1] http://www.bsdcan.org/2014/schedule/events/452.en.html
Submitted by: Shawn Webb <lattera@gmail.com>
Discussed between: des@ and Shawn Webb [2]
requests, default to the previous 60-seconds scheduling method
unless there is any @every_second entries to conserve CPU cycles and
power.
This change also improves scheduling in the default mode by running
as close to the beginning of the minnute as possible by replacing
sleep(3) with nanosleep(2). Previously, the tasks would run anywhere
within the first second of the minute and that offset drifted back
and forth each time cron(8) was engaged.
MFC after: 1 month
only available via the new @every_second shortcut. ENOTIME to
implement crontab(5) format extensions to allow more flexible
scheduling.
In order to address some concerns expressed by Terry Lambert
while discussing the topic few years ago, about per-second cron
possibly causing some bad effects on /etc/crontab by stat()ing
it every second instead of every minute now (i.e. atime update),
only check that database needs to be reloaded on every 60-th
loop run. This should be close enough to the current behaviour.
Add "@every_minute" shortcut while I am here.
MFC after: 1 month
This structure is not part of POSIX. According to POSIX, gettimeofday()
has the following prototype:
int gettimeofday(struct timeval *restrict tp, void *restrict tzp);
Also, POSIX states that gettimeofday() shall return 0 (as long as tzp is
not used). Remove dead error handling code. Also use NULL for a
nul-pointer instead of integer 0.
While there, change all pieces of code that only use tv_sec to use
time(3), as this provides less overhead.
occurs in the same second as the earlier operations to create the temporary
file and the cron(8) daemon is rescans the spool directory during that
second, then the daemon may miss a cron edit and not properly update its
internal database.
MFC after: 1 month
DST should not need to worry about scheduling jobs when the DST time
changes.
Rather than removing the BUGS section in crontab(5) regarding this,
note that disabling '-s' may still cause jobs to be executed twice or
not at all.
PR: 166318
Submitted by: Florian k Unglaub (f.unglaub%googlemail!com)
MFC After: 1 week
"crontab /etc/crontab", but not the same format due to the who field.
Add some limited anti-foot-shooting support and refuse to load
/etc/crontab as someone's crontab. Users wishing shoot their foot in
this manner may copy /etc/crontab elsewhere. :)
MFC After: 1 week
to PRECIOUSLIB from bsd.lib.mk. The side effect of this
is making installing the world under jail(8) possible by
using another knob, NOFSCHG.
Reviewed by: oliver
$ crontab -e
[Add an entry with an error in the crontab file.]
crontab: errors in crontab file, can't install
Do you want to retry the same edit? yes
[Exit the editor without any changes.]
crontab: no changes made to crontab
[Entry is lost.]
Now crontab will loop until the error is fixed, or the
user answers no.