Commit Graph

6169 Commits

Author SHA1 Message Date
Chris Costello
32f9f49908 Add a SECURITY CONSIDERATIONS example: make note that access to open
file descriptors does not change upon dropping privilege, and include
a likely case of `setuid(non_superuser); exec(...);'.

Sponsored by:	DARPA, NAI Labs
Obtained from:	TrustedBSD Project
2002-07-03 08:13:25 +00:00
Jonathan Mini
16f33a4885 Fix off-by-one error.
PR:		misc/40104
Submitted by:	Neal Fachan <neal@isilon.com>
MFC after:	3 days
2002-07-03 06:28:04 +00:00
Ruslan Ermilov
93c163325e No need to explicitly set NOMAN here.
Reviewed by:	jmallett
2002-07-03 06:25:28 +00:00
Mark Peek
3aaa96958d Fix typo (SIGEV_EVENT -> SIGEV_KEVENT). 2002-07-02 21:05:08 +00:00
Hajimu UMEMOTO
b0f06def52 Cope with 2292bis-01 getaddrinfo (no NI_WITHSCOPEID, always attach
scope identifier).

MFC after:	3 weeks
2002-07-02 11:11:17 +00:00
Hajimu UMEMOTO
f8fa093e82 Cope with 2292bis-01 getaddrinfo (no NI_WITHSCOPEID, always attach
scope identifier).

Approved by:	des
MFC after:	3 weeks
2002-07-02 11:09:02 +00:00
Hajimu UMEMOTO
15e4dafc91 Make NI_WITHSCOPEID a default (always on), to synchronize
with recent 2553bis.

Obtained from:	KAME
MFC after:	3 weeks
2002-07-02 11:05:31 +00:00
Daniel Eischen
c3d580c9a1 Fix a couple of minor nits that prevented this from compiling.
Pointed out by:	julian
2002-07-02 01:26:16 +00:00
Juli Mallett
a7a88ab828 DEBUG is a knob that means something else in FreeBSD, use LIBUFS_DEBUG to
turn on tracing.
2002-07-01 18:20:48 +00:00
Juli Mallett
585e540203 In getino, have our DEBUG message in the unhandled case mention that it
does not know what sort of UFS filesystem this is.

Add some DEBUG(NULL)'s to function entry points.
2002-07-01 18:19:20 +00:00
Chris Costello
de19436f24 Rename CAVEAT' to SECURITY CONSIDERATIONS' and move it up to
the correct location--this section consists solely of security
considerations information.

Sponsored by:	DARPA, NAI Labs
Obtained from:	TrustedBSD Project
2002-07-01 14:41:05 +00:00
Brian Somers
27cc91fbf8 Remove trailing whitespace 2002-07-01 11:19:40 +00:00
Juli Mallett
20938dbf84 Add libufs, a library for dealing with UFS filesystems from userland to
the build.  It is here to compartmentalise functionality currently duplicated
in many notable programs in the base system.  It currently handles block
reads and writes, as well as reading and writing of the filesystem superblock,
and the reading/lookup of inode data.  It supports both UFS and UFS2.  I
will be maintaining it, and porting programs to use it, however for now, it
is simply being built as part of world.
2002-07-01 01:45:03 +00:00
Christian Weisgerber
958a88fbf7 LP64 fix: don't cast pointer to int
Reviewed by:	gallatin, ticso
2002-06-30 23:36:21 +00:00
Julian Elischer
58551c0393 Don't even read in the thread if it is a zombie process. 2002-06-30 20:13:53 +00:00
Julian Elischer
bff4151c28 grow a brain and do this right. 2002-06-30 17:06:46 +00:00
Julian Elischer
6143c38376 Don't follow non existant thread pointers (e.g. for zombies) 2002-06-30 08:11:30 +00:00
David E. O'Brien
3b7de54d68 Use FBSDID 2002-06-30 05:36:49 +00:00
Julian Elischer
e602ba25fd Part 1 of KSE-III
The ability to schedule multiple threads per process
(one one cpu) by making ALL system calls optionally asynchronous.
to come: ia64 and power-pc patches, patches for gdb, test program (in tools)

Reviewed by:	Almost everyone who counts
	(at various times, peter, jhb, matt, alfred, mini, bernd,
	and a cast of thousands)

	NOTE: this is still Beta code, and contains lots of debugging stuff.
	expect slight instability in signals..
2002-06-29 17:26:22 +00:00
Peter Wemm
0c079d8c6f To avoid anybody else getting caught out, these two files are really
in /sys/boot/common and are actually used there.
2002-06-29 09:21:14 +00:00
Peter Wemm
08db6efa75 Update from NetBSD 1.3 -> 1.6. Most notable, rev 1.6:
"Make in_cksum work on little endian machines"

This would explain a few things. :-)
2002-06-29 09:00:47 +00:00
David E. O'Brien
2d39517f33 Use __FBSDID. 2002-06-29 03:23:51 +00:00
David E. O'Brien
45d767fbbe Add frexp(3).
Obtained from:	OpenBSD
2002-06-29 03:23:18 +00:00
Andrey A. Chernov
cc1b8dcb1c Add additional field 'overwrite' to login_vars. It mainly needed to handle
"term" according to manpage, i.e. not overwrite it, if already present in
environment.
2002-06-28 14:45:30 +00:00
Daniel Eischen
88127f1a62 Make sigpending and sigsuspend account for signals that are pending on
the process as well as pending on the current thread.

Reported by:	Andrew MacIntyre <andymac@bullseye.apana.org.au>
2002-06-28 13:28:41 +00:00
Daniel Eischen
b4e1c937c7 Add a wrapper for pselect() in order to make it a cancellation point.
Prompted by: wollman
2002-06-28 13:26:02 +00:00
Luigi Rizzo
9758b77ff1 The new ipfw code.
This code makes use of variable-size kernel representation of rules
(exactly the same concept of BPF instructions, as used in the BSDI's
firewall), which makes firewall operation a lot faster, and the
code more readable and easier to extend and debug.

The interface with the rest of the system is unchanged, as witnessed
by this commit. The only extra kernel files that I am touching
are if_fw.h and ip_dummynet.c, which is quite tied to ipfw. In
userland I only had to touch those programs which manipulate the
internal representation of firewall rules).

The code is almost entirely new (and I believe I have written the
vast majority of those sections which were taken from the former
ip_fw.c), so rather than modifying the old ip_fw.c I decided to
create a new file, sys/netinet/ip_fw2.c .  Same for the user
interface, which is in sbin/ipfw/ipfw2.c (it still compiles to
/sbin/ipfw).  The old files are still there, and will be removed
in due time.

I have not renamed the header file because it would have required
touching a one-line change to a number of kernel files.

In terms of user interface, the new "ipfw" is supposed to accepts
the old syntax for ipfw rules (and produce the same output with
"ipfw show". Only a couple of the old options (out of some 30 of
them) has not been implemented, but they will be soon.

On the other hand, the new code has some very powerful extensions.
First, you can put "or" connectives between match fields (and soon
also between options), and write things like

ipfw add allow ip from { 1.2.3.4/27 or 5.6.7.8/30 } 10-23,25,1024-3000 to any

This should make rulesets slightly more compact (and lines longer!),
by condensing 2 or more of the old rules into single ones.

Also, as an example of how easy the rules can be extended, I have
implemented an 'address set' match pattern, where you can specify
an IP address in a format like this:

        10.20.30.0/26{18,44,33,22,9}

which will match the set of hosts listed in braces belonging to the
subnet 10.20.30.0/26 . The match is done using a bitmap, so it is
essentially a constant time operation requiring a handful of CPU
instructions (and a very small amount of memmory -- for a full /24
subnet, the instruction only consumes 40 bytes).

Again, in this commit I have focused on functionality and tried
to minimize changes to the other parts of the system. Some performance
improvement can be achieved with minor changes to the interface of
ip_fw_chk_t. This will be done later when this code is settled.

The code is meant to compile unmodified on RELENG_4 (once the
PACKET_TAG_* changes have been merged), for this reason
you will see #ifdef __FreeBSD_version in a couple of places.
This should minimize errors when (hopefully soon) it will be time
to do the MFC.
2002-06-27 23:02:18 +00:00
David E. O'Brien
95190a2df6 Add these libs from the 4.6-RELEASE.
libstdc++ was bumped with the switch to Gcc 3.1, and libpam was bumped with
the switch to OpenPAM.
2002-06-27 18:53:50 +00:00
David E. O'Brien
d320e50003 Add these libs from the 4.6-RELEASE.
libstdc++ was bumped with the switch to Gcc 3.1, and libpam was bumped with
the switch to OpenPAM.
2002-06-27 18:44:05 +00:00
Mike Silbersack
11289efd80 Fix style bugs I added in last commit.
Spotted by:	bde
2002-06-27 14:16:21 +00:00
Daniel Eischen
eee80fbd9c Remove pselect from application namespace and instead use a weak reference
to the actual implementation.  This is to allow libc_r to override
pselect() making it a cancellation point.

Prompted by: wollman
2002-06-27 13:23:46 +00:00
Daniel Eischen
53154da089 Remove improper use of <namespace.h>.
Remove fmtcheck from application name space (fix the weak reference).
2002-06-27 13:20:54 +00:00
Daniel Eischen
c40995b36a Remove improper use of <namespace.h> 2002-06-27 13:18:27 +00:00
Mike Silbersack
1228a1c634 Modify bcopy (and memcpy/memmove) so that the length value is not
re-read from the stack mid copy.  This may help mitigate the recent
Apache buffer overrun and future overruns of the sort.

Reviewed by:	jdp
MFC after:	2 days
2002-06-27 03:55:36 +00:00
Warner Losh
ecddb03f1e Remove two lines that were cvs merged that shouldn't have been. This
fixes the build.

Reported by: dillon.
2002-06-26 18:03:31 +00:00
Warner Losh
145ec10619 Remove two stray lines that snuck in the cvs merge 2002-06-26 14:18:36 +00:00
Maxim Sobolev
07a1fb30e3 Backout previous delta (addition of -I${.CURDIR}/../../sys).
Submitted by:	bde
2002-06-26 13:25:23 +00:00
Maxim Sobolev
af244dd67c Add -I${.CURDIR}/../../sys into CFLAGS, which should fix the world broken
by RLIMIT_VMEM addition.
2002-06-26 10:33:10 +00:00
Jacques Vidrine
9a370b24b5 Initialize a pointer that was left uninitialized with the previous
commit.
2002-06-26 08:48:34 +00:00
Warner Losh
d6af58f572 Include more robust checking of end of buffer that more completely
plugs the hole.
2002-06-26 08:18:05 +00:00
Warner Losh
4cbd2472b3 Don't allow buffer overflow here either. 2002-06-26 06:31:06 +00:00
Warner Losh
fda8311189 Fix a minor last, minute issue that came in after I committed.
Noticed by: nectar
2002-06-26 06:23:22 +00:00
Warner Losh
4cf0747073 Avoid remote buffer overflow on hostbuf[].
Submitted by: joost Pol <joost@pine.nl>
2002-06-26 06:04:46 +00:00
Matthew Dillon
b5c7be5728 Add documentation for vmemoryuse 2002-06-26 03:58:31 +00:00
Matthew Dillon
67577126f9 Make libutil aware of vmemoryuse in its login.conf cap processing (aka
sshd, /usr/bin/login, etc)
2002-06-26 03:54:18 +00:00
David E. O'Brien
c02ba8a8d2 WARNS=6'ify.
Style nits.
2002-06-25 18:05:16 +00:00
David E. O'Brien
ad275bd760 Prototype _start.
Submitted by:	markm

Mark some _start formal parameters __unused.
2002-06-25 18:01:12 +00:00
David E. O'Brien
cf99709c16 Update our compat libs to the 4.6-RELEASE level. 2002-06-25 04:59:48 +00:00
David E. O'Brien
05e3d9f7fc Add the [Linux] PAM modules that are still used in RELENG_4, but not -CURRENT.
These are at the 4.6-RELEASE level.

Requested by:	des
2002-06-25 04:55:07 +00:00
David E. O'Brien
7ca89f08b7 Fix a typo. 2002-06-25 04:51:12 +00:00