58944 Commits

Author SHA1 Message Date
mckusick
6a7a6ab20d This checkin adds support in ufs/ffs for the FS_NEEDSFSCK flag.
It is described in ufs/ffs/fs.h as follows:

/*
 * Filesystem flags.
 *
 * Note that the FS_NEEDSFSCK flag is set and cleared only by the
 * fsck utility. It is set when background fsck finds an unexpected
 * inconsistency which requires a traditional foreground fsck to be
 * run. Such inconsistencies should only be found after an uncorrectable
 * disk error. A foreground fsck will clear the FS_NEEDSFSCK flag when
 * it has successfully cleaned up the filesystem. The kernel uses this
 * flag to enforce that inconsistent filesystems be mounted read-only.
 */
#define FS_UNCLEAN    0x01	/* filesystem not clean at mount */
#define FS_DOSOFTDEP  0x02	/* filesystem using soft dependencies */
#define FS_NEEDSFSCK  0x04	/* filesystem needs sync fsck before mount */
2001-04-14 05:26:28 +00:00
dd
efb187afd6 Add `RETURN VALUES'' and `ERRORS'' sections since getpgid(2) can
fail.  Also fix a minor grammar nit (it's -> its).

PR:		26520
2001-04-14 02:34:59 +00:00
obrien
84a105c2da *sigh*... when trying to dike out the ncr' driver, I was getting the sym'
driver too because it had "ncr" in its comment.

Submitted by:	joerg
2001-04-14 02:10:05 +00:00
obrien
58aba6b6c7 Remove the filename_completion_function() extern that conflicts with the
latest version of this fuction in Readline 4.2
2001-04-14 01:49:32 +00:00
mckusick
4cf28ecf05 Do not allow the soft updates flag to be set if the filesystem is dirty.
Because the kernel will allow the mounting of unclean filesystems when
the soft updates flag is set, it is important that only soft updates
style inconsistencies (missing blocks and inodes) be present. Otherwise
a panic may ensue. It is also important that the filesystem be in a clean
state when the soft updates flag is set because the background fsck uses
the fact that the flag is set to indicate that it is safe to run. If
background fsck encounters non-soft updates style inconsistencies, it
will exit with unexpected inconsistencies.
2001-04-13 23:54:49 +00:00
alfred
9c4024b5ed Turn -b (BSD socket compat mode) back on by default, as we don't have TLI/XTI 2001-04-13 23:20:16 +00:00
dd
2ff08a4f59 mdoc(7) police: misc. markup fixes in the DIAGNOSTICS section.
Submitted by:	ru
2001-04-13 20:43:59 +00:00
dd
89302146ee mdoc(7) police: properly use a -diag list in the DIAGNOSTICS section.
Reviewed by:	ru
2001-04-13 19:59:47 +00:00
dd
949740204f mdoc(7) police: rename the DIAGNOSTICS section to ERRORS to match the
content, and correct the parameters to the -tag list therein.

Reviewed by:	ru
2001-04-13 19:49:07 +00:00
wilko
3f65aa42cd Update boot capabilities for Adaptec 2940-series
Obtained from:	axp-list@redhat.com / Jay.Estabrook@compaq.com
2001-04-13 19:47:07 +00:00
jedgar
0575e04a30 Add acl_get_perm_np(3), a non-portable function to check if a
permission is in a permission set, required for third-party
applications such as Samba.

Reviewed by:	rwatson
Obtained from:	TrustedBSD Project
2001-04-13 19:37:04 +00:00
jedgar
9fca9e8cc8 Convert getfacl to the ACL editing library functions. getfacl should
now compile/work on any POSIX.1e-compliant implementation (also tested
against the current Linux patches).

Review by:	rwatson
Obtained from:	TrustedBSD Project
2001-04-13 19:24:28 +00:00
jedgar
430f24915d Add the remaining POSIX.1e ACL definitions:
ACL_UNDEFINED_TAG, ACL_UNDEFINED_ID, ACL_FIRST_ENTRY, ACL_NEXT_ENTRY

Reviewed by:	rwatson
Obtained from:	TrustedBSD Project
2001-04-13 19:14:38 +00:00
jhb
e20549a88c People are still having problems with i586_* on UP machines and SMP
machines, so just hack it to disable them for now until it can be fixed.

Inspired by hair pulling of:	asmodai
2001-04-13 17:14:53 +00:00
rwatson
21239d2a43 o Add a comment identifying the "privileged on privileged" scenario.
Obtained from:	TrustedBSD Project
2001-04-13 16:38:34 +00:00
rwatson
1cb616d497 o Add inter-process authorization uid regression testing for ktrace().
Obtained from:	TrustedBSD Project
2001-04-13 16:25:25 +00:00
bmah
a7a9aad4c4 New release notes: wx(4) supports new cards (submitted by mjacob),
Add missing CMedia and Crystal Semiconductor sound chips (submitted by
orion).

Fix estimate of 5.0-RELEASE release date (submitted by dd).

ntpd(8) security fix cross-reference to SA-01:31.

Fix typo: s/maestreo3/maestro3/.
2001-04-13 16:11:20 +00:00
rwatson
d0cc80f445 o s/debug/ptrace/ since shortly there will be tests involving other
forms of debugging.

Obtained from:	TrustedBSD Project
2001-04-13 16:09:40 +00:00
nate
9ddf0bb57d - Newer versions of bind log denied secondary zone tranfers with
'denied AXFR', not 'unapproved AXFR'.

This is an MFC candidate.

PR:		misc/26529
Submitted by:	duwde@duwde.com.br
2001-04-13 15:13:15 +00:00
rwatson
2603acd499 o Since uid checks in p_cansignal() are now identical between P_SUGID
and non-P_SUGID cases, simplify p_cansignal() logic so that the
  P_SUGID masking of possible signals is independent from uid checks,
  removing redundant code and generally improving readability.

Reviewed by:	tmm
Obtained from:	TrustedBSD Project
2001-04-13 14:33:45 +00:00
bp
592766811b Add smbfs module. Currently it includes smbfs, netsmb and DES parts.
Kernel should be compiled with options LIBMCHAIN and LIBICONV.
2001-04-13 12:11:19 +00:00
bp
f9931b90b2 Move VT_SMBFS definition to the proper place. Undefine VI_LOCK/VI_UNLOCK. 2001-04-13 11:26:54 +00:00
alfred
7e6ce027ec if/panic -> KASSERT 2001-04-13 11:15:40 +00:00
bp
3bdd87f1b9 All NETSMB* options should use opt_netsmb.h file (the joy of multiple repos). 2001-04-13 10:53:56 +00:00
bp
aa8c9d1d7c This file also depends on sys/types.h and sys/ioccom.h.
Remove some old junk.

Submitted by:	bde
2001-04-13 10:50:48 +00:00
alfred
bbee48d66d protect pbufs and associated counts with a mutex 2001-04-13 10:23:32 +00:00
alfred
bcfbf5a27d use %p for pointer printf, include sys/systm.h for printf proto 2001-04-13 10:22:14 +00:00
alfred
f5211e7a6c convert if/panic -> KASSERT, explain what triggered the assertion 2001-04-13 10:15:53 +00:00
markm
3709643556 Make this more lint-friendly. This file seems to be invoked in just
about any .c file that includes a .h, and lint produces copious
whining because of the asm ...; stuff.
2001-04-13 09:46:54 +00:00
murray
b31a55145f Generate useful error messages. 2001-04-13 09:37:25 +00:00
ru
2d4534ab26 mdoc(7) police: Fixed markup. 2001-04-13 09:33:03 +00:00
markm
0efbb4e263 Handle a rare but fatal race invoked sometimes when SIGSTOP is
invoked.
2001-04-13 09:29:34 +00:00
ru
35e3c41f01 mdoc(7) police: Fixed markup in rev.1.5. 2001-04-13 09:17:56 +00:00
ru
00852eaaa7 mdoc(7) police: Fixed typo and markup in rev.1.11. 2001-04-13 09:15:16 +00:00
ru
8e59fdc98e mdoc(7) police: removed hard sentence breaks introduced in rev.1.10. 2001-04-13 08:49:52 +00:00
jhb
c987a9115b - Add a comment at the start of the spin locks list.
- The alpha SMP code uses an "ap boot" spinlock as well.
2001-04-13 08:31:38 +00:00
ru
cbfd1f0c04 Document /usr/include/fs/smbfs and /usr/include/netsmb.
Submitted by:	bp
2001-04-13 08:14:58 +00:00
alfred
7dcb59378d Use a macro wrapper over printf along with KASSERT to reduce the amount
of code here.
2001-04-13 08:07:37 +00:00
ru
5db636c8e1 People, please read the README file!!!
: These files use 4 space indentation, and other than in the header
: comments, should not contain any tabs.
2001-04-13 06:56:16 +00:00
dd
fb1146362f Back out most of revision 1.28: lists of diagnostics must use -diag,
not -tag.  Instead, put a period after the error messages to aide
those using dumb terminals not capable of properly displaying markup.

Requested by:	ru
2001-04-13 06:54:05 +00:00
ru
029dfd12d6 Update comment to match ipfw/ipfw.c,v 1.95. 2001-04-13 06:49:47 +00:00
alfred
d6216a6396 Make SOMAXCONN a kernel option.
Submitted by: Terry Lambert <terry@lambert.org>
2001-04-13 03:50:37 +00:00
rwatson
c11aa73a4b o Disallow two "allow this" exceptions in p_cansignal() restricting
the ability of unprivileged processes to deliver arbitrary signals
  to daemons temporarily taking on unprivileged effective credentials
  when P_SUGID is not set on the target process:
  Removed:
     (p1->p_cred->cr_ruid != ps->p_cred->cr_uid)
     (p1->p_ucred->cr_uid != ps->p_cred->cr_uid)
o Replace two "allow this" exceptions in p_cansignal() restricting
  the ability of unprivileged processes to deliver arbitrary signals
  to daemons temporarily taking on unprivileged effective credentials
  when P_SUGID is set on the target process:
  Replaced:
     (p1->p_cred->p_ruid != p2->p_ucred->cr_uid)
     (p1->p_cred->cr_uid != p2->p_ucred->cr_uid)
  With:
     (p1->p_cred->p_ruid != p2->p_ucred->p_svuid)
     (p1->p_ucred->cr_uid != p2->p_ucred->p_svuid)
o These changes have the effect of making the uid-based handling of
  both P_SUGID and non-P_SUGID signal delivery consistent, following
  these four general cases:
     p1's ruid equals p2's ruid
     p1's euid equals p2's ruid
     p1's ruid equals p2's svuid
     p1's euid equals p2's svuid
  The P_SUGID and non-P_SUGID cases can now be largely collapsed,
  and I'll commit this in a few days if no immediate problems are
  encountered with this set of changes.
o These changes remove a number of warning cases identified by the
  proc_to_proc inter-process authorization regression test.
o As these are new restrictions, we'll have to watch out carefully for
  possible side effects on running code: they seem reasonable to me,
  but it's possible this change might have to be backed out if problems
  are experienced.

Submitted by:		src/tools/regression/security/proc_to_proc/testuid
Reviewed by:		tmm
Obtained from:	TrustedBSD Project
2001-04-13 03:06:22 +00:00
peter
d74956ff51 Remove the 'DO NOT EDIT THIS FILE' crud that we spit out with 'crontab -l'.
Otherwise, "crontab -l > file; vi file; crontab file" adds an extra set
of "DO NOT EDIT" markers each and every time which is a bit silly.
2001-04-13 01:45:22 +00:00
gshapiro
9aaff3ecb1 With the recent change to ip6fw, it is safe to return to using ${fw6cmd}
which may include the -q flag.
2001-04-13 01:40:27 +00:00
gshapiro
1e64929334 Match ip6fw's command line options to those of ipfw (specifically, added
the ability to use a preprocessor, use the -q (quiet) flag when reading
from a file).  The source used is from ipfw.

Clean up exit codes while I am here.

KAME has been informed and plans on integrating these patches into their
own source as well.
2001-04-13 01:31:17 +00:00
rwatson
e767472b72 o Disable two "allow this" exceptions in p_cansched()m retricting the
ability of unprivileged processes to modify the scheduling properties
  of daemons temporarily taking on unprivileged effective credentials.
  These cases (p1->p_cred->p_ruid == p2->p_ucred->cr_uid) and
  (p1->p_ucred->cr_uid == p2->p_ucred->cr_uid), respectively permitting
  a subject process to influence the scheduling of a daemon if the subject
  process has the same real uid or effective uid as the daemon's effective
  uid.  This removes a number of the warning cases identified by the
  proc_to_proc iner-process authorization regression test.
o As these are new restrictions, we'll have to watch out carefully for
  possible side effects on running code: they seem reasonable to me,
  but it's possible this change might have to be backed out if problems
  are experienced.

Reported by:	src/tools/regression/security/proc_to_proc/testuid
Obtained from:	TrustedBSD Project
2001-04-12 22:46:07 +00:00
alfred
229635845b remove truncated part from commment 2001-04-12 21:50:03 +00:00
rwatson
6a5eb15d6e o Make kqueue's filt_procattach() function use the error value returned
by p_can(...P_CAN_SEE), rather than returning EACCES directly.  This
  brings the error code used here into line with similar arrangements
  elsewhere, and prevents the leakage of pid usage information.

Reviewed by:	jlemon
Obtained from:	TrustedBSD Project
2001-04-12 21:32:02 +00:00
rwatson
9ba6e18ce6 o Limit process information leakage by introducing a p_can(...P_CAN_SEE...)
in rtprio()'s RTP_LOOKIP implementation.

Obtained from:	TrustedBSD Project
2001-04-12 20:46:26 +00:00