properly, clean up quota(1). quota(1) has the ability to query
quotas either directly from the kernel, or if that fails, by reading
the quota.user or quota.group files specified for the file system
in /etc/fstab. The setuid bit existed solely (apparently) to let
non-operator users query their quotas and consumption when quotas
weren't enabled for the file system.
o Remove the setuid bit from quota(1).
o Remove the logic used by quota(1) when running setuid to prevent
users from querying the quotas of other users or groups. Note
that this papered over previously broken kernel access control;
if you queried directly using the system call, you could access
some of the data "restricted" by quota(1).
In the new world order, the ability to inspect the (live) quotas of
other uids and gids via the kernel is controlled by the privilege
requirement sysctl. The ability to query via the file is controlled
by the file permissions on the quota database backing files
(root:operator, group readable by default).
properly, clean up quota(1). quota(1) has the ability to query
quotas either directly from the kernel, or if that fails, by reading
the quota.user or quota.group files specified for the file system
in /etc/fstab. The setuid bit existed solely (apparently) to let
non-operator users query their quotas and consumption when quotas
weren't enabled for the file system.
o Remove the setuid bit from quota(1).
o Remove the logic used by quota(1) when running setuid to prevent
users from querying the quotas of other users or groups. Note
that this papered over previously broken kernel access control.
read at least 1 byte from the input file without problems. This
fixes a bug in uncompress(1) that causes the accidental removal
of files that happen to have the same name as the output file,
even when the uncompression fails and is aborted, i.e.:
$ echo hello world > hello
$ touch hello.Z
$ ls -l hello*
-rw-rw-r-- 1 giorgos giorgos 12 Jun 14 13:33 hello
-rw-rw-r-- 1 giorgos giorgos 0 Jun 14 13:33 hello.Z
$ ./uncompress -f hello
uncompress: hello.Z: Inappropriate file type or format
$ ls -l hello*
-rw-rw-r-- 1 giorgos giorgos 0 Jun 14 13:33 hello.Z
$
PR: 46787
Submitted by: keramida
- Don't fail if we can't open /dev/null since this can happen if
xargs is jail'ed or chroot'ed.
These fixes were submitted by Todd Miller from the OpenBSD project.
There was one problem in those fixes that broke -o, which is corrected
here and should be committed to the OpenBSD repo by Todd soon.
MFC in: 3 days
This is a style bug. err() is declared is non-returning so that every
use of it doesn't need to be encrufted with NOTREACHED. It's too bad
that only gcc understands the declaration.
Asked by: bde@
userland, and the kernel. In the kernel by way of the 'ident[]' variable
akin to all the other stuff generated by newvers.sh. In userland it is
available to sysctl consumers via KERN_IDENT or 'kern.ident'. It is exported
by uname(1) by the -i flag.
Reviewed by: hackers@
Alan Eldridge
Born December 15, 1961 in Iowa
Died June 6, 2003 in Denver, Colorado
Thank you for your contributions, you
will be greatly missed.
http://freebsd.kde.org/memoriam/alane.php
(This change suggested by ru@ - thanks).
cat ${.ALLSRC} > ${.TARGET}
rather than
ln -sf ${.ALLSRC} ${.TARGET}
not to depends on absolute-path of symbolic links.
Commented by: marcel, obrien, bde
whose true and false clauses were equivalent with a check that we are
not about to stumble off the end of the line.
Reported by: peter
Pointy hat to: fanf
There are two bugs: in the s///g case, the substitution didn't occur
at the end of the line; in the s///N case, the code didn't count
forwards along the line properly. See the sg, s3, s4, and s5 tests
in src/tools/regression/usr.bin/sed/.
Reviewed by: tjr
1) add a "-p pid", which is rather useful for selecting a single pid in
a combined trace file (eg: with ktrace -i).
2) display binary genio data in a more precise format.
the last csh script needed for a buildworld. You should now be able
to buildworld on a system that was compiled with NO_TCSH=true.
Verified to produce the same result for the one file being generated
during buildworld, share/doc/papers/kernmalloc/appendix.ms.
Reviewed by: hackers@
MFC after: 2 weeks
The -l option is deprecated (hence undocumented in usage() and
SYNOPSIS), as was threatened in the commitlog accompanying rev.
1.10 of main.c.
Approved by: re (blanket)
the preformatted files are compressed with the same program
as the source, and if the source files are uncompressed, the
preformatted files are also uncompressed.
PR: bin/52213
Submitted by: Krister Joas <krister@gazonk.net>, ru
Approved by: re (jhb)
prime objectives are:
o Implement a syscall path based on the epc inststruction (see
sys/ia64/ia64/syscall.s).
o Revisit the places were we need to save and restore registers
and define those contexts in terms of the register sets (see
sys/ia64/include/_regset.h).
Secundairy objectives:
o Remove the requirement to use contigmalloc for kernel stacks.
o Better handling of the high FP registers for SMP systems.
o Switch to the new cpu_switch() and cpu_throw() semantics.
o Add a good unwinder to reconstruct contexts for the rare
cases we need to (see sys/contrib/ia64/libuwx)
Many files are affected by this change. Functionally it boils
down to:
o The EPC syscall doesn't preserve registers it does not need
to preserve and places the arguments differently on the stack.
This affects libc and truss.
o The address of the kernel page directory (kptdir) had to
be unstaticized for use by the nested TLB fault handler.
The name has been changed to ia64_kptdir to avoid conflicts.
The renaming affects libkvm.
o The trapframe only contains the special registers and the
scratch registers. For syscalls using the EPC syscall path
no scratch registers are saved. This affects all places where
the trapframe is accessed. Most notably the unaligned access
handler, the signal delivery code and the debugger.
o Context switching only partly saves the special registers
and the preserved registers. This affects cpu_switch() and
triggered the move to the new semantics, which additionally
affects cpu_throw().
o The high FP registers are either in the PCB or on some
CPU. context switching for them is done lazily. This affects
trap().
o The mcontext has room for all registers, but not all of them
have to be defined in all cases. This mostly affects signal
delivery code now. The *context syscalls are as of yet still
unimplemented.
Many details went into the removal of the requirement to use
contigmalloc for kernel stacks. The details are mostly CPU
specific and limited to exception_save() and exception_restore().
The few places where we create, destroy or switch stacks were
mostly simplified by not having to construct physical addresses
and additionally saving the virtual addresses for later use.
Besides more efficient context saving and restoring, which of
course yields a noticable speedup, this also fixes the dreaded
SMP bootup problem as a side-effect. The details of which are
still not fully understood.
This change includes all the necessary backward compatibility
code to have it handle older userland binaries that use the
break instruction for syscalls. Support for break-based syscalls
has been pessimized in favor of a clean implementation. Due to
the overall better performance of the kernel, this will still
be notived as an improvement if it's noticed at all.
Approved by: re@ (jhb)
netstat(1) not display it for now because its effects are not yet
completely implemented and we're about to cut 5.2-RELEASE.
This is temporary.
Approved by: re (scottl, rwatson)
inode birthtime display, and quite a bit of mdoc cleanup, which brings
it much more in line with our mdoc style.
Approved by: re (bmah)
Obtained from: Andrew Brown <atatat@NetBSD.org> (content), Grant Beattie <grant@NetBSD.org> (mdoc)
the new inode birthtime field, a few other small cleanups, and
synchronization with our #include <sys/types.h>.
Approved by: re (bmah)
Obtained from: Andrew Brown <atatat@NetBSD.org>
65536 / (sizeof(int) * CHAR_BITS) `int's instead of
65536 / (sizeof(int) * CHAR_BITS) bytes to avoid a possible
segmentation fault if ports above 16383 are specified via the
-p option on a platform with 4 byte wide ints.
Approved by: re (bmah)
Reported by: Marco Wertejuk <wertejuk@mwcis.com>
"login_prompt". This makes more sense than "prompt" which is what
login actually used, so change the code to match the documentation.
PR: docs/51396
MFC in: 3 days
when it could not determine the source of the user's passwd(5) entry,
it might be somewhat confusing now that we can have sources that are
not compiled into libc.
Of particular interest is the fact that LC_COLLATE affects how uniq
determines whether lines are equal. This was the subject of a fairly heated
debate a year or so ago, and it turns out that the current behaviour is
correct and that the standard contained an error.
Now that the standard has been corrected by Cor. 1-2002, refer to 1003.1-2001
instead of the 1992 edition in the Standards section.
o Add jexec(8) to execute a command in an existing jail.
o Add -j option for killall(1) to kill all processes in a specified
jail.
o Add -i option to jail(8) to output jail ID of newly created jail.
- Bump shared library version on libusbhid.
- Retire libusbhid.h; it is called usbhid.h now.
- hid_start_parse() takes a third argument.
- hid_locate() takes a fifth argument.
- hid_report_size() order of arguments changes.
- Other changes, including formatting and whitespace.
Bump __FreeBSD_version.
This change will break all third party applications that rely on previous
FreeBSD specific behavior.
- if operating "as them" (su -l), use pam_{open,close}_session()
- allow PAM to override $HOME (pam_chroot needs this)
- chdir early, because later on we may be chrooted and chdir will fail
Also use pid_t instead of int where applicable.
FreeBSD. This method attempts to centralize all the necessary hacks
or work arounds in one of two places in the tree (src/Makefile.inc1
and src/tools/build). We build a small compatibility library
(libbuild.a) as well as selectively installing necessary include
files. We then include this directory when building host binaries.
This removes all the past release compatibilty hacks from various
places in the tree. We still build on tip of stable and current. I
will work with those that want to support more, although I anticipate
it will just work.
Many thanks to ru@, obrien@ and jhb@ for providing valuable input at
various stage of implementation, as well as for working together to
positively effect a change for the better.
print a warning, and set the idletime variable for the entry to -1;
then pick up the -1 later in sprint() and lprint() and ignore those
idle times by printing just whitespace. When third party applications,
such as kdm, insert utmp entries, they sometimes use strings like ":0",
which can't be stat()'d and currently result in warnings that are
not helpful to the user.
(See: ftp://ftp.rfc-editor.org/in-notes/rfc3514.txt)
This fulfills the host requirements for userland support by
way of the setsockopt() IP_EVIL_INTENT message.
There are three sysctl tunables provided to govern system behavior.
net.inet.ip.rfc3514:
Enables support for rfc3514. As this is an
Informational RFC and support is not yet widespread
this option is disabled by default.
net.inet.ip.hear_no_evil
If set the host will discard all received evil packets.
net.inet.ip.speak_no_evil
If set the host will discard all transmitted evil packets.
The IP statistics counter 'ips_evil' (available via 'netstat') provides
information on the number of 'evil' packets recieved.
For reference, the '-E' option to 'ping' has been provided to demonstrate
and test the implementation.
signal never affects su directly, some shells changes its pgrp at running
or suspended time, so a broadcast SIGTSTP from child will mess up su's job
control.
Discussed with: bde
the child process, before executing the command. This is very useful
when you do stuff like ``find ... | xargs interactive_application''.
Without -o, the application would inherit the pipe as its stdin, and
you thus lose any control over it.
This flag has been carefully chosen to not conflit with other options
of other xargs utilities like GNU xargs.
Reviewed by: jmallett
careless users vulnerable to terminal control sequence attacks,
since they expect uudecode to just drop (or overwrite) a file in
the current directory. POSIX also says that the full pathname from
the input should be used when writing a file, which we only do if
the -s (shoot me in the foot) option is specified; therefore this
revision means that you now need to use -s for standard /dev/stdout
handling.
Kernel:
Change statistics to use the *uptime() timescale (ie: relative to
boottime) rather than the UTC aligned timescale. This makes the
device statistics code oblivious to clock steps.
Change timestamps to bintime format, they are cheaper.
Remove the "busy_count", and replace it with two counter fields:
"start_count" and "end_count", which are updated in the down and
up paths respectively. This removes the locking constraint on
devstat.
Add a timestamp argument to devstat_start_transaction(), this will
normally be a timestamp set by the *_bio() function in bp->bio_t0.
Use this field to calculate duration of I/O operations.
Add two timestamp arguments to devstat_end_transaction(), one is
the current time, a NULL pointer means "take timestamp yourself",
the other is the timestamp of when this transaction started (see
above).
Change calculation of busy_time to operate on "the salami principle":
Only when we are idle, which we can determine by the start+end
counts being identical, do we update the "busy_from" field in the
down path. In the up path we accumulate the timeslice in busy_time
and update busy_from.
Change the byte_* and num_* fields into two arrays: bytes[] and
operations[].
Userland:
Change the misleading "busy_time" name to be called "snap_time" and
make the time long double since that is what most users need anyway,
fill it using clock_gettime(CLOCK_MONOTONIC) to put it on the same
timescale as the kernel fields.
Change devstat_compute_etime() to operate on struct bintime.
Remove the version 2 legacy interface: the change to bintime makes
compatibility far too expensive.
Fix a bug in systat's "vm" page where boot relative busy times would
be bogus.
Bump __FreeBSD_version to 500107
Review & Collaboration by: ken
This option is present on most uuidgen(1) implementations even
though normal file redirection can be used to achieve the same.
Submitted by: Hiten Pandya <hiten@unixdaemons.com>
int, long int or u_int32_t. This changes the interface of
all the CRC calculation and output functions from cksum.
- Print variables of type off_t as intmax_t using a cast and %jd.
- Use the standardized uint32_t type instead of u_int32_t.
To have uint32_t defined, include <stdint.h> where necessary.
Style(9):
- Move #include directives where they belong (esp. crc32.c).
- Add empty lines between #include directives of system headers,
standard library headers and local headers.
- Test a pointer value against NULL.
- Put a space after the return keyword.
PR: bin/48424
KTR_DROP set in its header, then we output an extra line to stdout to
indicate that events were dropped between the previous record and this
record. It is a bit trickier because we need to always notify the user
if events are dropped even if KTR_DROP is set on a record of a type that
we aren't interested in since kdump(8) doesn't know if the dropped events
were of the types that the user has requested. To avoid outputting
multiple events dropped notices in between actual event logs, a state
variable is set whenever a drop is logged and cleared whenever an actual
record is output.
Requested by: phk