Commit Graph

194 Commits

Author SHA1 Message Date
Mariusz Zaborski
8751b03b19 We return a pointer when we are using cap_init() or cap_service_open()
function, so check if cap_chanel_t is NULL is not enough.
Casper with a normal libc will still fail in capability mote so let's not
enter capability mode without casper support when we need to resolve DNS.

Reviewed by:	cem
Differential Revision:	https://reviews.freebsd.org/D12823
2017-11-12 07:18:10 +00:00
Bryan Drewery
ea825d0274 DIRDEPS_BUILD: Update dependencies.
Sponsored by:	Dell EMC Isilon
2017-10-31 00:07:04 +00:00
Mariusz Zaborski
0b9d37d25f Simplify ping sandbox.
We don't need to check if casper is present, this is done in the library itself.

Reviewed by:	emaste, cem, ed
Differential Revision:	https://reviews.freebsd.org/D8754
2017-10-28 19:39:22 +00:00
Mariusz Zaborski
2560d18180 We use a few different ifdef's names to check if we are using Casper or not,
let's standardize this. Now we are always use WITH_CASPER name.

Discussed with:	emaste@
MFC after:	1 month
2017-09-21 14:41:41 +00:00
Warner Losh
fbbd9655e5 Renumber copyright clause 4
Renumber cluase 4 to 3, per what everybody else did when BSD granted
them permission to remove clause 3. My insistance on keeping the same
numbering for legal reasons is too pedantic, so give up on that point.

Submitted by:	Jan Schaumann <jschauma@stevens.edu>
Pull Request:	https://github.com/freebsd/freebsd/pull/96
2017-02-28 23:42:47 +00:00
Dimitry Andric
a94c074d6a Fix clang 4.0.0 warnings about taking the address of a packed member of
struct ip in ping(8):

sbin/ping/ping.c:1684:53: error: taking address of packed member
'ip_src' of class or structure 'ip' may result in an unaligned pointer
value [-Werror,-Waddress-of-packed-member]
        (void)printf(" %s ", inet_ntoa(*(struct in_addr *)&ip->ip_src.s_addr));
                                                           ^~~~~~~~~~~~~~~~~
sbin/ping/ping.c:1685:53: error: taking address of packed member
'ip_dst' of class or structure 'ip' may result in an unaligned pointer
value [-Werror,-Waddress-of-packed-member]
        (void)printf(" %s ", inet_ntoa(*(struct in_addr *)&ip->ip_dst.s_addr));
                                                           ^~~~~~~~~~~~~~~~~

MFC after:	3 days
2017-01-06 18:41:28 +00:00
Don Lewis
eeb6394364 Check for socket creation success before calling bind().
Reported by:	Coverity
CID:		1194209
2016-05-12 05:43:54 +00:00
Glen Barber
d60840138f MFH
Sponsored by:	The FreeBSD Foundation
2016-04-04 23:55:32 +00:00
Maxim Konovalov
028c7845c0 o Restore some good whitespace killed in the previous commit.
Spotted by:	bjk
2016-03-18 15:44:21 +00:00
Maxim Konovalov
61273736b3 o Kill EoL whitespaces. 2016-03-18 15:07:43 +00:00
Maxim Konovalov
f7fc5c9154 o No need to resolve a mask that we get with ICMP_MASKREPLY,
pass it directly to inet_ntoa(3).
2016-03-18 15:06:50 +00:00
Glen Barber
538354481e MFH
Sponsored by:	The FreeBSD Foundation
2016-03-14 18:54:29 +00:00
Gleb Smirnoff
bb7dfe5e49 Allow minimum and maximum sweep size be the same.
Submitted by:	maxim
2016-03-11 21:06:17 +00:00
Maxim Konovalov
ed5e3d7a83 o Kill EoL whitespaces. No functional changes. 2016-03-11 16:03:47 +00:00
Maxim Konovalov
3c32812b1b o Xr icmp(4). 2016-03-11 15:29:00 +00:00
Maxim Konovalov
4323cae0bd o Document net.inet.icmp.maskfake and net.inet.icmp.tstamprepl sysctls. 2016-03-11 15:26:56 +00:00
Glen Barber
52259a98ad MFH
Sponsored by:	The FreeBSD Foundation
2016-03-02 16:14:46 +00:00
Bryan Drewery
3055a28d44 Update dependencies.
Sponsored by:	EMC / Isilon Storage Division
2016-02-26 22:14:15 +00:00
Mariusz Zaborski
c501d73c7e Convert casperd(8) daemon to the libcasper.
After calling the cap_init(3) function Casper will fork from it's original
process, using pdfork(2). Forking from a process has a lot of advantages:
1. We have the same cwd as the original process.
2. The same uid, gid and groups.
3. The same MAC labels.
4. The same descriptor table.
5. The same routing table.
6. The same umask.
7. The same cpuset(1).
From now services are also in form of libraries.
We also removed libcapsicum at all and converts existing program using Casper
to new architecture.

Discussed with:		pjd, jonathan, ed, drysdale@google.com, emaste
Partially reviewed by:	drysdale@google.com, bdrewery
Approved by:		pjd (mentor)
Differential Revision:	https://reviews.freebsd.org/D4277
2016-02-25 18:23:40 +00:00
Glen Barber
406d87b1c3 Explicitly add more files to the 'runtime' package.
Sponsored by:	The FreeBSD Foundation
2016-02-09 20:19:31 +00:00
Simon J. Gerraty
ccfb965433 Add META_MODE support.
Off by default, build behaves normally.
WITH_META_MODE we get auto objdir creation, the ability to
start build from anywhere in the tree.

Still need to add real targets under targets/ to build packages.

Differential Revision:       D2796
Reviewed by: brooks imp
2015-06-13 19:20:56 +00:00
Simon J. Gerraty
44d314f704 dirdeps.mk now sets DEP_RELDIR 2015-06-08 23:35:17 +00:00
Simon J. Gerraty
98e0ffaefb Merge sync of head 2015-05-27 01:19:58 +00:00
Brooks Davis
5743dcb3c2 Remove "capability mode sandbox enabled" messages.
These messages serve little purpose and break some consumers.

PR:		199855
Differential Revision:	https://reviews.freebsd.org/D2440
Reviewed by:	rwatson
Approved by:	pjd
MFC after:	1 week
Sponsored by:	DARPA, AFRL
2015-05-04 21:44:51 +00:00
Andrey V. Elsukov
ffc610b221 After r270929 RAW IP code assumes that all IP fields are in network
byte order. Fix ping(8) to pass an IP header with converted ip_off
and ip_len fields, when IP_HDRINCL socket option used.
2015-01-23 13:26:35 +00:00
Baptiste Daroussin
13eb765f2d Convert sbin/ to LIBADD
Reduce overlinking
2014-11-25 11:23:12 +00:00
Simon J. Gerraty
9268022b74 Merge from head@274682 2014-11-19 01:07:58 +00:00
Hiroki Sato
7e9489e0f6 WARNS=3 and style fixes. No functionality change. 2014-10-20 00:27:40 +00:00
Simon J. Gerraty
fae50821ae Updated dependencies 2014-05-16 14:09:51 +00:00
Simon J. Gerraty
76b28ad6ab Updated dependencies 2014-05-10 05:16:28 +00:00
Simon J. Gerraty
cc3f4b9965 Merge from head 2014-05-08 23:54:15 +00:00
Warner Losh
c6063d0da8 Use src.opts.mk in preference to bsd.own.mk except where we need stuff
from the latter.
2014-05-06 04:22:01 +00:00
Simon J. Gerraty
3b8f084595 Merge head 2014-04-28 07:50:45 +00:00
Jilles Tjoelker
a4986e9aea Fix statically-linked build (WITHOUT_DYNAMICROOT). 2014-03-16 13:43:06 +00:00
Robert Watson
b881b8be1d Update most userspace consumers of capability.h to use capsicum.h instead.
auditdistd is not updated as I will make the change upstream and then do a
vendor import sometime in the next week or two.

MFC after:	3 weeks
2014-03-16 11:04:44 +00:00
Pawel Jakub Dawidek
49133c6d52 Protect ping(8) using Capsicum and Casper. This is protection against malicious
network packets that we parse and not against local users trying to gain root
access through ping's set-uid bit - this is handled by dropping privileges very
early in ping.

Submitted by:	Mikhail <mp@lenta.ru>
2014-02-04 21:43:53 +00:00
Simon J. Gerraty
7cf3a1c6b2 Updated dependencies 2013-03-11 17:21:52 +00:00
Simon J. Gerraty
f5f7c05209 Updated dependencies 2013-02-16 01:23:54 +00:00
Simon J. Gerraty
23090366f7 Sync from head 2012-11-04 02:52:03 +00:00
Eitan Adler
1d1d4a4727 Check the return error of set[ug]id. While this can never fail in the
current version of FreeBSD, this isn't guarenteed by the API.  Custom
security modules, or future implementations of the setuid and setgid
may fail.

PR:		bin/172289
PR:		bin/172290
PR:		bin/172291
Submittud by:	Erik Cederstrand <erik@cederstrand.dk>
Discussed by:	freebsd-security
Approved by:	cperciva
MFC after:	1 week
2012-10-22 03:31:22 +00:00
Marcel Moolenaar
7750ad47a9 Sync FreeBSD's bmake branch with Juniper's internal bmake branch.
Requested by: Simon Gerraty <sjg@juniper.net>
2012-08-22 19:25:57 +00:00
Xin LI
6959b14df6 Use timeclear() instead of home grown version.
MFC after:	2 weeks
2012-07-02 02:38:27 +00:00
Ed Schouten
fafb8f11c0 Small style fixes:
- ANSIfy prototypes.
- Remove unneeded whitespace.
- Add const keyword to function where it can be used.
2010-06-20 12:52:33 +00:00
Daniel Gerzo
7f220ecf72 - improve readability
Reviewed by:	trhodes, keramida
MFC after:	3 days
2009-01-11 22:36:45 +00:00
Daniel Gerzo
0c868e9061 - rename the RETURN VALUES section to EXIT STATUS
- not bumping a date as this is not a real content change

Approved by:	ru
MFC after:	3 days
2009-01-07 00:51:41 +00:00
George V. Neville-Neil
8409aedfa6 Commit IPv6 support for FAST_IPSEC to the tree.
This commit includes all remaining changes for the time being including
user space updates.

Submitted by:    bz
Approved by:    re
2007-07-01 12:08:08 +00:00
Olivier Houchard
e81f504954 Force the alignment of the chars arrays, as they are casted later to
structs.
gcc 4.2 doesn't do it by default, and that results in unaligned access on
arm.
2007-05-21 14:38:45 +00:00
Ruslan Ermilov
2b46c64c9c Remove alpha left-overs. 2006-08-22 08:03:01 +00:00
Dima Dorfman
aa822c3979 Print packet loss figures with one decimal place. ping6 already does
this, and OpenBSD and NetBSD pings do it too. This is primarily useful
for comparing low levels of packet loss.
2006-08-14 07:54:17 +00:00
Gleb Smirnoff
d6cd14974c Add a new feature to ping(8) - possibility to specify maximum
wait time for a packet. This allows to:

 - Count number of packets received before and after specified
   time.
 - Shorten time of execution of 'ping -c 1' scripts.

Submitted by:	Lytochkin Boris <lytboris gmail.com>
2006-04-05 12:30:42 +00:00