- Initialize "rval", which would be used uninitialized
if al or pl options were set.
- Don't pass an empty string to login(1) as a user name
(this could be triggered by entering a name and then killing it
with backspace or ^U.)
- Don't loop endlessly if the al option specifies a bogus (i.e.,
not alphanumeric) auto-login name.
- Don't pass a bogus user name to login(1) if a good name were
entered and then killed with ^U.
- Exit with status 0, not 1, on receiving an EOF character,
since it's not a error condition.
MFC after: 1 week
While I'm here:
- Let lm_add() call strdup() on its own behalf.
- Use a temporary pointer when parsing constraints; only set the
constraint pointer on a totally successful match.
PR: bin/52783
Submitted by: David P. Reese Jr. <daver@gomerbud.com>
Approved by: re (rwatson)
implementation in case default one provided by rtld is
not suitable.
Consolidate various identical MD lock implementation into
a single file using appropriate machine/atomic.h.
Approved by: re (scottl)
DT_NEEDED links is not flexible enough for cases where dynamically
loaded modules form a dependency cycle.
This should fix an infinite recursion problem encountered by Yahoo.
Approved by: re (jhb)
does not exist.
PR: bin/38303
Submitted by: Woei-Luen, Shyu <m8535@cn.ee.ccu.edu.tw>
the committed patch differs from the submitted one, any inaccuracies are mine.
This is an optional feature, disabled by default.
This will be useful to people testing the various POSIX threading
libraries under -CURRENT but can easily serve other needs.
Remove the unused FILE\ *tf from print_mesg args, and the
bogus passing in of an uninitialised FILE* for it.
Call a timeval 'now' instead of 'clock' due to shadowing.
Remove a nested localtime declaration.
Make the delete invite argument match the ID type, u_int32_t.
Use const for pointers to const items.
Cast to long where printing as such.
Include netinet/in.h for htonl/htons.
Reviewed by: imp
objects.
Programs such as sshd depend on two pointers to the same function being
equal in a given process. However, the current ia64 implementation
ensures that they're equal when both the pointers are instantiated in
the same ELF object. The attached patch ensures that they're equal
irrespective of where they're instantiated.
Reviewed by marcel@ (mentor) and kan@
Kernel:
Change statistics to use the *uptime() timescale (ie: relative to
boottime) rather than the UTC aligned timescale. This makes the
device statistics code oblivious to clock steps.
Change timestamps to bintime format, they are cheaper.
Remove the "busy_count", and replace it with two counter fields:
"start_count" and "end_count", which are updated in the down and
up paths respectively. This removes the locking constraint on
devstat.
Add a timestamp argument to devstat_start_transaction(), this will
normally be a timestamp set by the *_bio() function in bp->bio_t0.
Use this field to calculate duration of I/O operations.
Add two timestamp arguments to devstat_end_transaction(), one is
the current time, a NULL pointer means "take timestamp yourself",
the other is the timestamp of when this transaction started (see
above).
Change calculation of busy_time to operate on "the salami principle":
Only when we are idle, which we can determine by the start+end
counts being identical, do we update the "busy_from" field in the
down path. In the up path we accumulate the timeslice in busy_time
and update busy_from.
Change the byte_* and num_* fields into two arrays: bytes[] and
operations[].
Userland:
Change the misleading "busy_time" name to be called "snap_time" and
make the time long double since that is what most users need anyway,
fill it using clock_gettime(CLOCK_MONOTONIC) to put it on the same
timescale as the kernel fields.
Change devstat_compute_etime() to operate on struct bintime.
Remove the version 2 legacy interface: the change to bintime makes
compatibility far too expensive.
Fix a bug in systat's "vm" page where boot relative busy times would
be bogus.
Bump __FreeBSD_version to 500107
Review & Collaboration by: ken
Introduce a new unlink_object() function and call it in
unload_object() instead. Removing the object in unref_dag() is
too early, rtld calls _fini() function after that and shared
objects might fail resolve their own symbols.
Introdice RTLD_SELF special handle and properly process it within
dlsym() and dlinfo() functions.
The intention is to improve our compatibility with Solaris and
to make a Java port easier.
Partially submitted by: phantom
associated lists:
remove RTLD_GLOBAL objects from global objects list;
remove the parent object from dldags list of its children.
Previosly we were doing that only to the top-level object OF the DAG
being unloaded and all its dependencies were ignored, leading to
mysterious crashes later.
Submitted by: peter (partially)
This makes such natural commands as "MKD ~user/newdir" or "STOR ~/newfile"
do what they are supposed to instead of failing miserably with the
"File not found" error.
This involves a bit of code reorganization. Namely, the code doing
glob(3) expansion has been separated to a function; a new function
has been introduced to do tilde expansion; the latter function is
invoked on a pathname before the former one. Thus behaviour mimicing
that of the Bourne shell has been achieved.
if allowed by their filesystem permissions.
This doesn't break anything since using sendfile(2)
is triggered later by a separate S_ISREG conditional.
PR: bin/20824
MFC after: 1 week
separating its part around chroot(2) from that around initial
chdir(2). This makes the below changes really easy.
Move seteuid(to user's uid) to before calling chdir(2). There are
two goals to achieve by that. First, NFS mounted home directories
with restrictive permissions become accessible (local superuser
can't access them if not mapped to uid 0 on the remote side
explicitly.) Second, all the permissions to the home directory
pathname components become effective; previously a user could be
carried to any local directory despite its permissions since the
chdir(2) was done with euid 0. This reduces possible impact from
FTP server misconfiguration, e.g., assigning a wrong home directory
to a user.
Implement the "/./" feature. Now a guest or user subject to chrooting
may have "/./" in his login directory, which separates his chroot
directory from his home directory inside the chrooted environment.
This works for ftpchroot(5) as well.
PR: bin/17843 bin/23944
directory can be specified for a user or a group.
Add the manpage ftpchroot(5) since the file's format has grown
complex enough.
PR: bin/45327
Portions submitted by: Hideki SAKAMOTO <sakamoto@hlla.is.tsukuba.ac.jp>
MFC after: 1 week
to listen at in daemon mode.
- Use the port by 1 less than the control port as the default
data port instead of always using hard-coded port 20.
Submitted by: roam
MFC after: 1 week
to a pathname that contains '\r' or '\n'.
Together with the earlier STAT bugfix, this must solve
the problem of such pathnames appearing in the FTP control
stream.
up port 20 for an extended period of time and thus lock out all other
users from establishing PORT data connections. Don't hold on to the
bind() while we loop around waiting to see if we can make our
connection.
Being a DoS, it has security implications, giving it a short MFC
time.
MFC after: 1 day
in question is PPP-only line, i.e. no PPP-sequence detection is necessary and
PPP login program referenced by `pp' should be started automatically instead of
login(1)
Feature suggested and sponsored by: United Networks of Ukraine
No reply from: re
MFC after: 2 weeks
in the output to the "STAT file" request.
This closes one discrepancy with RFC 959 (page 36.)
See also http://www.kb.cert.org/vuls/id/328867
Obtained from: OpenBSD
to Solaris, it is in /usr/libexec) to perform the handing over of tty nodes
to the user being granted the pty.
Submitted by: Ryan Younce <ryany@pobox.com>
Reviewed by: security-officer@, standards@, mike@
skipping read-only pages, which can result in valuable non-text-related
data not getting dumped, the ELF loader and the dynamic loader now mark
read-only text pages NOCORE and the coredump code only checks (primarily) for
complete inaccessibility of the page or NOCORE being set.
Certain applications which map large amounts of read-only data will
produce much larger cores. A new sysctl has been added,
debug.elf_legacy_coredump, which will revert to the old behavior.
This commit represents collaborative work by all parties involved.
The PR contains a program demonstrating the problem.
PR: kern/45994
Submitted by: "Peter Edwards" <pmedwards@eircom.net>, Archie Cobbs <archie@dellroad.org>
Reviewed by: jdp, dillon
MFC after: 7 days
Properly sort options, spell "file system" correctly, expand contraction.
Catch up to the src/etc/syslog.conf,v 1.23 change: ftpd(8) session logs
are now by default get logged to /var/log/xferlog.
Approved by: re
memory area would arise. Only an addrinfo list from an earlier
call to getaddrinfo() should be freed there because it will be
substituted by the current list referenced by "res".
Reported by: John Long <fbsd1@pruam.com>
MFC after: 5 days
MAC labels are set if MAC is enabled and configured for the user
logging in.
Note that lukemftpd is not considered a supported application when
MAC is enabled, as it does not use the standard system interfaces for
managing user contexts; if lukemftpd is used with labeled MAC policies,
it will not properly give up privileges when switching to the user
account.
Approved by: re
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
than the LOMAC-specific interfaces for listing MAC labels. This permits
ls to view MAC labels in a manner similar to getfmac, when ls is used
with the -l argument. Next generation LOMAC will use the MAC Framework
so should "just" work with this and other policies. Not the prettiest
code in the world, but then, neither is ls(1).
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
before referencing object's DAG. This makes it possible for
C++ exceptions to work across shared libraries and brings
us closer to the search order used by Solaris/Linux.
Reviewed by: jdp
Approved by: obrien
MFC after: 1 month
even if there was no error occured (when trying to dlopen(3) object that
already linked into executable which does dlopen(3) call). This is more
proper fix for `ldd /usr/lib/libc.so' problem, because the new behaviour
conforms to documentation.
Remove workaround from ldd.c (rev.1.32).
PR: 35099
Submitted by: Nathan Hawkins <utsl@quic.net>
MFC after: 1 week
under way to move the remnants of the a.out toolchain to ports. As the
comment in src/Makefile said, this stuff is deprecated and one should not
expect this to remain beyond 4.0-REL. It has already lasted WAY beyond
that.
Notable exceptions:
gcc - I have not touched the a.out generation stuff there.
ldd/ldconfig - still have some code to interface with a.out rtld.
old as/ld/etc - I have not removed these yet, pending their move to ports.
some includes - necessary for ldd/ldconfig for now.
Tested on: i386 (extensively), alpha
o Don't free(3) memory occupied by host structures
already in the host list.
o Set hrp->hostinfo to NULL if a host record has to stay in
the host list, but is to be ignored. Selecthost() knows that.
o Reduce the pollution with excessive NULL checks.
o Close a couple of memory leaks.
MFC after: 1 week
for the DT_IA64_PLT_RESERVE dynamic table entry. When a shared object
does not have any PLT relocations, the linker apparently doesn't find
it necessary to actually reserve the space for the BOR (Bind On
Reference) entries as pointed to by the DTE. As a result, relocatable
data in the PLT was overwritten, causing some unexpected control flow
with annoyingly predictable outcome: coredump.
To reproduce:
% echo 'int main() { return 0; }' > foo.c
% cc -o foo foo.c -lxpg4
o check getaddrinfo(3) return value, not result pointer
o getaddrinfo(3) returns int, not pointer
o don't leak memory allocated for hostnames and hostinfo structures
o initialize pointers that will be checked for NULL somewhere
MFC after: 1 week
(I skipped those in contrib/, gnu/ and crypto/)
While I was at it, fixed a lot more found by ispell that I
could identify with certainty to be errors. All of these
were in comments or text, not in actual code.
Suggested by: bde
MFC after: 3 days
o Remove the race between stat(2) & fopen(3) when creating
a unique file.
o Improve bound checking when generating a unique name from
a given pathname.
o Ignore REST marker on APPE. No RFC specifies this case,
but the idea of resuming APPE's implies this.
o By default, deny upload resumes and appends by anonymous users.
Previously these commands were translated to STOU silently,
which led to broken files on server without any notification
to the user.
o Add an option, -m, to allow anonymous users to modify
existing files (e.g., to resume uploads) if filesystem
permissions permit.
Portions obrainded from: OpenBSD
MFC after: 3 weeks
objects' reference counts. This function is called by the atexit
mechanism at program shutdown. I don't think the locking is necessary
here. It caused OpenOffice builds to hang more often than not.
Credit to Martin Blapp and Matt Dillon for helping to diagnose this
problem and for testing the fix.
Earlier, a decimal number (e.g., 890) could be passed
for mode, leading to dangerous permissions set:
-1, that is, 07777.
Obtained from: OpenBSD
MFC after: 1 week