about the risks of enabling raw sockets in prisons.
Because raw sockets can be used to configure and interact
with various network subsystems, extra caution should be
used where privileged access to jails is given out to
untrusted parties. As such, by default this option is disabled.
A few others and I are currently auditing the kernel
source code to ensure that the use of raw sockets by
privledged prison users is safe.
Approved by: bmilekic (mentor)
explicitly fsynced after kernel messages are logged. This option
should be syntax compatible with a similar option in Linux syslogd.
I've made some small changes to Pekka's patch, hoepfully I haven't
goofed anything.
PR: 66790
Submitted by: Pekka Savola <pekkas@netcore.fi>
Obtained from: Martin Schulze's syslogd
MFC after: 1 month
Syslogd should ensure that f_file is a valid file descriptor when
f_type is FILE, CONSOLE, TTY and for a PIPE where f_pid > 0. If the
descriptor is closed/invalid then the type should be set to UNUSED
or the pid should be set to 0.
To this end:
1) Don't close(f->f_file) if we can't send a message to a remote
host because the file descriptor used for remote logging is
stored in finet, not in f->f_file. f->f_file is probably
uninitialised, so I guess we usually end up closing fd 0.
2) Don't close PIPE file descriptors if they are invalid.
3) If the call to p_open fails, don't set the pid.
The OpenBSD patches in this area set f_file to -1 after the fd is
closed and then avoids calling close if f_file < 0. I haven't done
this, but it might be a good idea too.
Inspired by: PR 67139/OpenBSD
1) Use strncpy on strings out of utmp.
2) Avoid running off the start of one string while removing white space.
(I've used slightly different code to OpenBSD here.)
3) Ignore trailing spaces in the priority.
PR: 67139
Submitted by: Xin LI <delphij@FreeBSD.org.cn>
Obtained from: OpenBSD
1) Don't check for getopt returning '?', we have a default case.
2) Check if the priority is LOG_KERN correctly - in practice
LOG_KERN is 0, so it makes no difference. OpenBSD fixed a
different nearby bug that we don't have 'cos our definition
of LOG_MAKEPRI is different to OpenBSD's.
Copy a comment from OpenBSD, observing that LOG_KERN is 0.
Inspired by PR: 67139
_PATH_DEV will never change. In the un-likely event that _PATH_DEV
should ever change, watch(8) would have broke because of a
mis-generated device name.
Approved by: bmilekic (mentor)
Pointed out by: Yvan Boily
o getpwnam(3) returns NULL and does not set errno when the user does
not exist. Bail out with "no such user" instead of "Unknown error: 0".
PR: bin/67262
Submitted by: demon (-U flag)
MFC after: 3 weeks
trying to exclude the top end of the range since it should hurt to overlap
by 4 bytes in the off-chance the RSDP signature appears incorrectly at the
very top of our search space.
the value for "unknown" 0xffffffff. The underlying kernel drivers should
be updated to only return 255 but the ABI is used by too many userland
utilities.
Also, make this WARNS 6 compatible.
stored in EEPROM or NVRAM. It's inspired by the NetBSD eeprom(8) and
the SunOS/Solaris eeprom(1M) utilities. Currently, this eeprom(8)
only supports systems equipped with Open Firmware and is only tested
on Sun machines but should work on any platform using Open Firmware.
A bit more specific, eeprom(8) can be used on these systems to do the
same under FreeBSD as can be done using the printenv and setenv
commandos in the boot monitor. One thing that only hardly can be done
using the boot monitor but easily with eeprom(8) is to write a logo
to the "oem-logo" property. eeprom(8) may also be useful to recover
the boot monitor password (in the default configuration only as root,
of course), i.e. when the boot monitor allows you to boot but you
can't alter the configuration because the password is unknown. The
man page may also be a useful reference of the various configuration
variables.
The idea of eeprom(8) is that handlers can be written to add support
for any firmware that stores such configuration in EEPROM or NVRAM;
sort of e.g. eeprom(1M) on Solaris/x86 is used to turn PAE-support
on and off (stored in a file then, not hardware). In FreeBSD, a
candidate for this would be a handler for the EFI boot environment
for FreeBSD/ia64.
eeprom(8) uses some code from NetBSD (eeprom.c and the base for
eeprom.8), the handler for the Open Firmware /options node
(ofw_options.[c,h]) was written using ofw_util.[c,h] from ofwdump(8).
Reviewed by: ru (slightly earlier version of the man page)
- Make the code use the new OFIOCMAXVALUE instead of defining the maximum
length of property values locally.
- Move the application specific parts from ofw_util.c to ofwdump.c in
order to make ofw_util.c more library-like. While ofw_dump_properties()
could be made non-specific to ofwdump(8) it's currently optimized for
use in ofwdump(8) and making it a library-like function would just
complicate the code unnecessarily.
- Minor clean-up in ofw_util.c, e.g. make its use of getopt(3) the way
it's described in style(9), make its usage() static, etc.
- Add a comment in ofw_util.c about why it doesn't call usage() when
neither the "-a" option nor a node-name where given.
- Add ofw_optnode() and ofw_setprop(), helper functions for the
OFIOCGETOPTNODE and OFIOCSET ioctls respectively, to ofw_util.[c,h].
- Be consistent with the use of 'const' in ofw_util.[c,h] and add 'const'
to the function arguments that are acutally const but weren't declared
as such.
- Mark WARNS=6 clean.
Approved by: tmm
installation as far as most people are concerned but both 'Standard' and
'Select' begin with S and 'Select' is winning. This makes it so 'Select'
is not select-able using a keystroke but that is probably for the best
and the text on the screen adequately describes how to move back and forth
between 'Select' and 'Exit'.
Adapted from work by: josef@
PR: i386/37999
MFC after: 1 week
. forward declare all static functions
. add a couple of redundant parens in return statements where they've
been missing
. remove the space after exit since it's a function
the maximum amount of time jitter for root and other users, respectively.
Before starting a job, cron(8) will sleep a random number of seconds,
from 0 to the amount specified. This can help to smooth down load spikes
when a lot of jobs are to start at the beginning of a particular minute
(e.g., the first minute of an hour.)
PR: bin/66474
Submitted by: Dmitry Morozovsky <marck <@> rinet.ru>
