Obtained from: Whistle Communications tree
Add an option to the way UFS works dependent on the SUID bit of directories
This changes makes things a whole lot simpler on systems running as
fileservers for PCs and MACS. to enable the new code you must
1/ enable option SUIDDIR on the kernel.
2/ mount the filesystem with option suiddir.
hopefully this makes it difficult enough for people to
do this accidentally.
see the new chmod(2) man page for detailed info.
o start function names in column 1
o sort order of flags in getopt and switch
o don't try to reference progname
o unspam some changes introduced by a 2.2.1-R build box instead of a
-current build box
doc changes:
o document when these commands first appeared
o put email address in angle brakets
o minor mdoc clean up
permissions centrally and a setuid root mount utility just breaks
its security. There was no new breakage in practice because
mfdosfs_mount() still checks the ruid.
fix a few problems with missing headers, warn called with an exit
value, and undeclared getopt vars
these programs now compile -Wall clean (and yes, I know I should use
more than just -Wall) :)
like PAP and CHAP secrets with sppp(4). This is the first utility
using the new SIOC[SG]IFGENERIC ioctls (and the reason for inventing
them in the first place).
plain 0 should be used. This happens to work because we #define
NULL to 0, but is stylistically wrong and can cause problems
for people trying to port bits of code to other environments.
PR: 2752
Submitted by: Arne Henrik Juul <arnej@imf.unit.no>
higher up in memory (0x0800000 upwards) rather than near zero (0x1000
for our qmagic a.out format). The method that mount_mfs uses to allocate
the memory within data size rlimits for the ram disk is entirely too much
of a kludge for my liking. I mean, if it's run as root, surely it makes
sense to just raise the resource limits to infinity or something, and if
it's a non-root user mount (do these work? with mfs?) it could just fail
if it's outside limits.
an export line) is unresolvable, make a note of it via syslog and skip
that individual host instead of skipping the entire line.
PR: 1981, 815
Perused by: joerg
file based on the previous list of directories stored there which
should overcome a weakness of the '-m' switch which can only add
libs. This is an ideal way of updating the hints list after adding
or removing a shlib since it will remove entries that are gone and
doesn't need to have all the directories spelled out each time.
(eg: rm -f /usr/lib/libtcl75*; ldconfig -R) This only works for
version 2 hints files (which we've been generating for a year or
so) which store the path.
fixed. Natd now waits with select(2) for buffer space
to become available if write fails.
- Packet aliasing library upgraded to 2.2.
Submitted by: Ari Suutari <suutari@iki.fi>
non-directory file with more than one link to it, but in a level M > N
dump, the file with the inode number X is a plain file, "restore", when
restoring the level M dump, won't remove all the hard links to the old
file.
Submitted by: guy@netapp.com (Guy Harris)
accommodate the expanded name, the ICMP types bitmap has been
reduced from 256 bits to 32.
A recompile of kernel and user level ipfw is required.
To be merged into 2.2 after a brief period in -current.
PR: bin/4209
Reviewed by: Archie Cobbs <archie@whistle.com>
This isn't necessarily the best statistic, but it is by far the easiest to
calculate. Update the man page to be more explicit about precisely which
statistics are printed out. Revert some of jmg's bogus man page changes from
rev 1.11.
The answer is not really, but almost.
it sent data that was ok, though it was a hack,
but it was bug-compatible with the kernel on receiving them. This also
had been fixed with a hack.. I hacked it better I think.
to do with netmasks.. we fed totally bogus data into the kernel
to do with default routes and it just believed us. this led to:
1/ kernel panics
2/ the default route refusing to be deleted or added
(depending on a number of factors, usually it worked ok.)
better hack in ffs_vfsops.c. The hack here restricted the maximum file
size to 2^39 bytes (512GB). fs_bsize * 2^31 - 1 (16TB for the default
blocksize of 8K) would have been better. There is no good way to remove
this limit on old BSD4.4 file systems.
unreachable hosts. Note that most of this consists of telling SIGINT
and SIGALRM to interrupt the system call, instead of restarting them.
Also try to get rid of some potential races Bruce didn't like; hopefully
they aren't a problem (potential or otherwise) now.
Reviewed by: julian
this is a NO-NO
re-arange to just set a "please die immediatly" flag in the signal handler
and handle this in the normal thread.
also handle ping -f better on slow links by backing off a bit when
we get a ENOBUFFS from the sendto().
to the session list. If the device comes back as unconfigured, just
ignore that line in /etc/ttys. If someone HUP's init, we'll try again.
This change stops getty's from hanging on vty and sio ports that don't
exist, either due to LKM drivers not being loaded, or probes failing.
Reviewed by: bde
This makes configuration of mfs /tmp on diskless clients more intuitive
for people like me, that have used this feature on NetBSD and SunOS.
Using the -T option and /dev/null, while already supported,
is neither intuitive nor documented in the handbook.
Obtained from: NetBSD
- use new getvfsbyname() interface.
- new -A option, like -a except only mounted file systems are unmounted.
All non-cosmetic FreeBSD changes in umount.c, except ignoring of
realpath() failures, went away because they are done better in Lite2.
realpath() failures must be ignored so that non-pathnames like
"<above>:/foo" and "host:/bar" get as far as mount(2).
Reviewed by: dfr
Any existing config files (using the -f option) will need
to be changed although using the old files will usually result
in an error (partition 0 is invalid).
these are quite extensive additions to the ipfw code.
they include a change to the API because the old method was
broken, but the user view is kept the same.
The new code allows a particular match to skip forward to a particular
line number, so that blocks of rules can be
used without checking all the intervening rules.
There are also many more ways of rejecting
connections especially TCP related, and
many many more ...
see the man page for a complete description.
place rather than updating the main loop's index variables from within
a subroutine and other revolting things like that. Move some more
globals into local variables.
program and it's use of global variables. Somehow, I managed to miss the
most obvious case.. "ifconfig ed0 10.0.0.1" failed (no "inet")
Submitted by: dfr
family inet if not specified. (eg: "ifconfig ed0" down would fail because
no family was specified, even though the up/down status is not per family)
Pointed out by: Wolfgang Helbig <helbig@MX.BA-Stuttgart.De>
- parse command options using getopt for consistancy
- sanitise the command parsing so that it's less like spaghetti
- implement a "-l" option (idea from NetBSD - just list names)
- attempt to clean up the sysctl parsing loop some more. It still needs
to be taken out the back and shot though.
- cut down on global usage, but there's a lot more scope for this.
- make usage string a bit closer to reality (it was missing lots of things)
Unfortunately, I did this for the second time but with the memory of
the NetBSD version still recently in my mind. It's hard to redo simple
changes or getopt stuff without making it look like what you've been
working with a few hours ago.
mount. It is possible to have v3 MOUNT but only v2 NFS, for instance for
a custom user-mode server like CFS.
Reviewed by: "Louis A. Mamakos" <louie@TransSys.COM>
Instead, reverse the order of the testing, so if a symbolic name starts with
a digit, we'll see if we can make a network address out of it first. If
that fails, then we'll call getnet...
options one would normally expect to set the realm, enable encryption,
and whatnot, but this actually is able to contact the remote server,
so at least it's a start. (As a bonus, the stripped static binary is
unquestionably exportable.)
now by default mount the last data track (thus last session), as
opposed to the very first session it has been mounting previously.
This is consistent with the ISO9660 multi-session idea, and the way
other operating systems are working.
There's support to mount arbitrary sessions using the -s option. This
way, you can simulate multi-session CDs on something like vn devices
that don't support CDIO* ioctl commands. You can also force the
historic behaviour with
mount -t cd9660 -o -s=0 /dev/cd0a /cdrom
nfs requests from non-privileged ports.
Change mountd such that it does never set this variable, but only clears
it when run with -n. Also document this in the man page.
a reserved port, so why not the nfs rpc's themselves?
With user allowed mounts, this perhaps needs a closer look, but
on the other hand, a user could already specify the flag.
If normal users should not be able to use resserved ports, the kernel
should check for the flag at mount time.
(presumably because the kernel is old). Moved the declaration of a
variable realated to this sysctl outside of an unrelated ifdef.
Not fixed:
- this sysctl is badly named (nfs occurs twice).
- it's silly to have for FreeBSD in FreeBSD code, especially when
only half of the FreeBSD-dependent code is ifdefed.
in uu_lock(). Add uu_lockerr() for turning the results of
uu_lock into something printable. Remove bogus section in man page
about race conditions allowing both processes to get the lock.
Include libutil.h and use uu_lock() correctly where it should.
Suggested by: ache@freebsd.org
it's internal malloc() implementation to try and avoid overstepping it's
resource limits (yuk!). Remain using libc's malloc(), but check the
resource limits right before trying to malloc the ramdisk space and leave
some spare memory for libc. In Andrey's words, the internal malloc
was "true evil".. Among it's sins is it's ability to allocate less memory
than asked for and still return success. stdio would just love that. :-)
Reviewed by: ache
I was not sure whether the fs_id fields should be printed in the clear
in case of sniffing over a network login etc. It might be an idea
to have somebody with spare time go through and find any other missing
fields that should be reported.
Definate 2.2.x/2.1.x candidate since it breaks the build.
