Initially, 'acl' (an 'acl_t *') is allocated, and its ACCESS_ACL and
DEFAULT_ACL fields are passed to the 'libc' ACL routines for subsequent
allocation. If the '-m' option (merge existing ACL with a new one) is
specified, then 'set_acl_mask()' will be called and passed one of the
two ACLs. This function, in turn, replaces this given ACL structure by
another, freshly allocated. However, the pointer in the 'acl' variable
in the caller is not updated. The caller then proceeds to free the ACL,
incurring in a double free condition.
Submitted by: Pedro Martelletto <pedro at ambientworks.net>
Approved by: rwatson (mentor)
for the convenience of rc.d. Now it has happily lived there for quite
a while. So move the pkill(1) source files from usr.bin to bin, too.
Approved by: gad
When I imported the MPSAFE TTY code, I added the -p flag to sh(1)'s
ulimit, but I forgot to document it in the appropriate manual page.
Requested by: stefanf
After the MPSAFE TTY import, we have support for the TAB0 and TAB3 flags
to handle tab expansion, while we only used to support OXTABS. Switch
stty(1) to use tab0 and tab3 to print whether tab expansion is turned on
or off. Implement the oxtabs and tabs switches by setting the
appropriate TABx value.
Even though POSIX only lists this as being XSI, we'd better follow it.
The last half year I've been working on a replacement TTY layer for the
FreeBSD kernel. The new TTY layer was designed to improve the following:
- Improved driver model:
The old TTY layer has a driver model that is not abstract enough to
make it friendly to use. A good example is the output path, where the
device drivers directly access the output buffers. This means that an
in-kernel PPP implementation must always convert network buffers into
TTY buffers.
If a PPP implementation would be built on top of the new TTY layer
(still needs a hooks layer, though), it would allow the PPP
implementation to directly hand the data to the TTY driver.
- Improved hotplugging:
With the old TTY layer, it isn't entirely safe to destroy TTY's from
the system. This implementation has a two-step destructing design,
where the driver first abandons the TTY. After all threads have left
the TTY, the TTY layer calls a routine in the driver, which can be
used to free resources (unit numbers, etc).
The pts(4) driver also implements this feature, which means
posix_openpt() will now return PTY's that are created on the fly.
- Improved performance:
One of the major improvements is the per-TTY mutex, which is expected
to improve scalability when compared to the old Giant locking.
Another change is the unbuffered copying to userspace, which is both
used on TTY device nodes and PTY masters.
Upgrading should be quite straightforward. Unlike previous versions,
existing kernel configuration files do not need to be changed, except
when they reference device drivers that are listed in UPDATING.
Obtained from: //depot/projects/mpsafetty/...
Approved by: philip (ex-mentor)
Discussed: on the lists, at BSDCan, at the DevSummit
Sponsored by: Snow B.V., the Netherlands
dcons(4) fixed by: kan
understand which code paths aren't possible.
This commit eliminates 117 false positive bug reports of the form
"allocate memory; error out if pointer is NULL; use pointer".
When I ported most applications away from <sgtty.h>, I noticed none of
them were actually using these definitions. I kept them in place,
because I didn't want to touch tools like pstat(8) and stty(1).
In preparation for the MPSAFE TTY layer, remove these definitions. This
doesn't have any impact with respect to binary compatibility (see
tty_conf.c).
We couldn now add an #error to <sys/ioctl_compat.h> when included
outside the kernel. Unfortunately, kdump's mkioctls includes this file
unconditionally.
Approved by: philip (mentor)
Cast string precision to `int'. amd64 systems warn about the
field precision being `long int' if we don't, and pathnames are
normally short enough to fit in an `int'.
Noticed by: pav
ln(1) checks to see if the source of a symlink, i.e. the file it
should point to actually exists. The default is the old ln
behavior, that does not check, to avoid surprising people who may
be using ln(1) in scripts or other non-interactive places.
PR: bin/7265
Submitted by: Joel Ray Holveck, detlev!joelh at mail.camalott.com
MFC after: 2 weeks
Portability Utilities" option.
Often configure scripts generated by the autotools test if $LINENO works and
refuse to use /bin/sh if not.
Package test run by: pav
to type int.
- Change the type used for arithmetic expansion to intmax_t (ie. 64 bit on all
currently supported FreeBSD architectures). SUSv3 requires at least type
long but allows for larger types. Other shells (eg. bash, zsh, NetBSD's sh)
do that too.
PR: 122659
Submitted by: Jaakko Heinonen (minor modifications by me)
are used to modify the arguments. Not doing so caused random memory reads or
null pointer dereferences when 'getopts' was called again later (SUSv3 says
getopts produces unspecified results in this case).
PR: 48318
- Allow realpath to accept multiple paths on the command line.
- Add -q to suppress warnings if some paths can't be processed, and use
getopt(3) to process flags.
- Print the path being requested rather than a possibly partially
processed path when a failure occurs so that you can tell which of
several passed paths did fail.
MFC after: 1 week
PR: 112920
Submitted by: Ighighi <ighighi@gmail.com>
- Add -v to print file names as they are processed; -vv prints the flags
change as well.
- Add -f to ignore failures with the same semantics as chflags(1), neither
printing an error nor affecting the return code.
- Don't try to set the flags if they won't change.
I made minor cosmetic tweaks to the code in the patch.
MFC after: 1 week
PR: 112827
Submitted by: Ighighi <ighighi at gmail.com>
computes the new path and the second one, updatepwd(), updates the variables
PWD, OLDPWD and the path used for the pwd builtin according to the new
directory. For a logical directory change, chdir() is now called between
those two functions, no longer causing wrong values to be stored in PWD etc. if
it fails.
PR: 64990, 101316, 120571
on platforms with unsigned chars. The comparison in question is there to
determine whether chars are unsigned or not and is based on comparing a
char, initialized to -1, for less than 0. Change the comparison to check
for geater than 0 instead...
and follow the letter of the POSIX specification.
- Moving a directory to an existing non-empty directory will now fail,
as required.
- Improve consistency and remove some style bugs of earlier versions.
This version passes all tests of tools/regression/bin/mv/regress.sh 1.6
Reviewed by: bde
MFC after: 1 month
warning is given when the directory doesn't exist.
PR: bin/50656
Submitted by: Edwin Groothuis <edwin@mavetju.org>
Approved by: grog@
Not reviewed by: grog@
with the same name exists, delete that directory first, before performing
the copy. This ensures that mv(1) across devices follows the semantics
of rename(2), as required by POSIX.
This change could introduce the potential of data loss, even if the
copy fails, violating the atomicity properties of rename(2). This is
(mostly) mitigated by first renaming the destination and obliterating
it only after a succesfull copy.
The above logic also led to the introduction of code that will cleanup
the results of a partial copy, if a cross-device copy fails.
PR: bin/118367
MFC after: 1 month
This fixes its compilation if MK_OPENSSL == no and also obsoletes
release/Makefile rev. 1.192. The latter isn't reverted though as
support for the fixit floppy and the rest of the boot floppies is
scheduled to be deorbited anyway.
Discussed with: kensmith
kthread_add() takes the same parameters as the old kthread_create()
plus a pointer to a process structure, and adds a kernel thread
to that process.
kproc_kthread_add() takes the parameters for kthread_add,
plus a process name and a pointer to a pointer to a process instead of just
a pointer, and if the proc * is NULL, it creates the process to the
specifications required, before adding the thread to it.
All other old kthread_xxx() calls return, but act on (struct thread *)
instead of (struct proc *). One reason to change the name is so that
any old kernel modules that are lying around and expect kthread_create()
to make a process will not just accidentally link.
fix top to show kernel threads by their thread name in -SH mode
add a tdnam formatting option to ps to show thread names.
make all idle threads actual kthreads and put them into their own idled process.
make all interrupt threads kthreads and put them in an interd process
(mainly for aesthetic and accounting reasons)
rename proc 0 to be 'kernel' and it's swapper thread is now 'swapper'
man page fixes to follow.
- p_sflag was mostly protected by PROC_LOCK rather than the PROC_SLOCK or
previously the sched_lock. These bugs have existed for some time.
- Allow swapout to try each thread in a process individually and then
swapin the whole process if any of these fail. This allows us to move
most scheduler related swap flags into td_flags.
- Keep ki_sflag for backwards compat but change all in source tools to
use the new and more correct location of P_INMEM.
Reported by: pho
Reviewed by: attilio, kib
Approved by: re (kensmith)
setenv(3) by tracking the size of the memory allocated instead of using
strlen() on the current value.
Convert all calls to POSIX from historic BSD API:
- unsetenv returns an int.
- putenv takes a char * instead of const char *.
- putenv no longer makes a copy of the input string.
- errno is set appropriately for POSIX. Exceptions involve bad environ
variable and internal initialization code. These both set errno to
EFAULT.
Several patches to base utilities to handle the POSIX changes from
Andrey Chernov's previous commit. A few I re-wrote to use setenv()
instead of putenv().
New regression module for tools/regression/environ to test these
functions. It also can be used to test the performance.
Bump __FreeBSD_version to 700050 due to API change.
PR: kern/99826
Approved by: wes
Approved by: re (kensmith)
handling is that fd = open(foo) is -1. This bug is harmless since
close(-1) just returns an error (which the code ignores).
Found by: Coverity Prevent(tm)
CID: 1503 (in userland test run)
Not because I admit they are technically wrong and not because of bug
reports (I receive nothing). But because I surprisingly meets so
strong opposition and resistance so lost any desire to continue that.
Anyone who interested in POSIX can dig out what changes and how
through cvs diffs.
1) Under POSIX unsetenv("foo=bar") is explicit error and not equal
to unsetenv("foo")
2) Prepare for upcomig POSIXed putenv() rewrite: make putenv() calls
portable and conforming to standard.
Before this fix the -h flag was ignored (i.e. setfacl
always set the ACL on the file pointed to by the symbolic
link even when the -h flag requested that the ACL be set
on the symbolic link itself).
either -v or -V) if a file with a slash in the name doesn't exist (if there is
no slash we already did that).
Additionally, suppress the error message for command -v for files with a slash.
PR: 107674
Submitted by: Martin Kammerhofer
This allows script compatibility with Linux, whose
"hostname" is the same as BSD "hostname -s".
With this change, "hostname -f" is the same on
both systems.
MFC after: 7 days
issue a syntax error immediately but save the information that it is erroneous
for later when the parameter expansion is actually done. This means eg. "false
&& ${}" will not generate an error which seems to be required by POSIX.
Include the invalid parameter expansion in the error message (sometimes
abbreviated with ... because recovering it would require a lot of code).
PR: 105078
Submitted by: emaste
instead of removing the file and issue a warning about
the removal, do not do any operation at all in case -P
is specified when the dinode has hard links.
With -f and -P specified together, we assume that the
user wants rm to overwrite the contents of the file
and remove it (destroy the contents of file but leave
its hard links as is).
The reason of doing it this way is that, in case where
a hard link is created by a malicious user (currently
this is permitted even if the user has no access to the
file). Losing the link can potentially mean that the
actual owner would lose control completely to the user
who wants to obtain access in a future day.
Discussed with: Peter Jermey
is hard links. Overwritting when links > 1 would cause data
loss, which is usually undesired.
Inspired by: discussion on -hackers@
Suggested by: elessar at bsdforen de
Obtained from: OpenBSD
compatible with old -r behavior with regards to -L. You can now copy fifos
and other special files with -r.
Reviewed by: -standards (long ago), das, bde
Approved by: bde (recently)
process leader for each job. Now the last specified option for the output
format (-l, -p or -s) wins, previously -s trumped -l.
PR: 99926
Submitted by: Ed Schouten and novel (patches modified by me)
current implementation of df(1) is does not properly format the output under
certain conditions. Right now -kP and -Pk are not the same thing. Further,
when we set the BLOCKSIZE environment variable, we use "1k" instead of "1024",
making the header display incorrectly.
To quote the specification:
"When both the -k and -P options are specified, the following header line
shall be written (in the POSIX locale):
"Filesystem 1024-blocks Used Available Capacity Mounted on\n"
- If -P has been specified, check to make sure that -k has not already been
specified, if so, simply break instead of clobbering the previous blocksize
- Use 1024 instead of 1k to make the header POSIX compliant
Reported by: Andriy Gapon
Discussed with: bde, ru
MFC after: 1 week
the header title string "bar" extends to the end of the argument
even if it contains commas or spaces, unlike in RELENG_4 or earlier.
The modern syntax agrees with SUSv3.
MFC after: 3 days
"feature" doesn't seem to be in the standards or elsewhere, and
it is against what we are used to in C and sh(1), so put the
paragraph under BUGS.
Pointed out by: dougb
MFC after: 3 days
Utilities option. Its value is printed at the beginning of the line if tracing
(-x) is active. PS4 defaults to the string "+ " which is compatible with the
old behaviour to always print "+ ".
We still need to expand variables in PS1, PS2 and PS4.
PR: 46441 (part of)
Submitted by: schweikh
Obtained from: NetBSD
.//dir as /dir. Rather strip it only for the purpose of checking if the
directory path should be printed.
PR: 88813
Submitted by: Josh Elsasser
Patch from: NetBSD (cd.c rev 1.38)
MFC after: 2 weeks
next read filename overwrite previous one, resulting in acl being
applied only to the last name in the list.
Submitted by: Oleg Lomaka <oleg.lomaka at gmail com>
MFC after: 1 week
Approved by: kan (mentor)
wording makes it look like pax archives > 32256 bytes are not
POSIX-compliant! Correct this to state that pax archives with
block sizes > 32256 are not POSIX compliant...and settle our fears.
PR: docs/97059
Reviewed by: Giorgos Keramidas <keramida>
own buffer. Interactively typing in long lines (>1023 characters)
previously overflowed the buffer. Unlike the NetBSD people I don't see the
need to subtract 8 from BUFSIZ, so I just used BUFSIZ-1.
Obtained from: NetBSD
PR: 91110
I would have chosen the EOF markers, but they are no longer available
AFAICS, so output "<<HERE" and "<<XHERE" instead.
(NOTE: These changes only affect DEBUG output.)
demanded by POSIX.
- A redirection error is only fatal (meaning the execution of a shell script is
terminated) for special built-ins. Previously it was fatal for all shell
builtins, causing problems like the one reported in PR 88845.
- Variable assignments remain in effect for special built-ins.
- Option or operand errors are only fatal for special built-ins.
This change also makes errors from 'fc' non-fatal (I could not find any reasons
for this behaviour).
Somewhat independently from the above down-grade the error handling in the
shift built-in if the operand is bigger than $# from an error() call (which is
now fatal) to a return 1. I'm not sure if this should be considered a POSIX
"operand error", however this change is needed for now as we trigger that error
while building libncurses. Comparing with other shells, zsh does the same as
our sh before this change (write a diagnostic, return 1), bash behaves as our
sh after this commit (no diagnostic, return 1) and ksh93 and NetBSD's sh treat
it as a fatal error.
all column-headers to print in lowercase by default. I was in too
much of a rush in committing 1.75, and didn't notice that the case
had changed. This time I did considerably more testing, and used
'diff' instead of just quickly eyeballing the results...
Apologies. I expect this means the dunce cap is mine for awhile.
If this doesn't work, I'll just drop back to 1.72 and hide under
my desk for awhile.
the user specifies a keyword which is an alias to some other keyword.
E.g.: stat (for state) or pcpu (for %cpu)..
Submitted by: Kostik Belousov
MFC plans: "soon"
is just ". file" according to POSIX, however many other shells allow
arguments to be passed after the file. For compatibility (we even use that
feature in buildworld) additional arguments are not considered to be an
error, even though this shell does not do anything with the arguments at all.
new member to struct builtincmd and set it to 1 if -s was specified. This
is done because there are cases where special builtins must be treated
differently from other builtins.
Obtained from: NetBSD (builtins.def part)
flag to use a time other than modtime (-c, -u, or -U), the output would
actually be sorted by the specified time rather than size. This does
alter the behavior in the case where both -S and -t are specified. Now,
-S is always preferred. Previously, -t was preferred if one of -c, -u, or
-U was specified, and -S was preferred otherwise. Perhaps -S and -t should
override each other (last one specified wins).
