Commit Graph

58891 Commits

Author SHA1 Message Date
ache
820a33d7db Activate backward-compatible prototypes 2001-04-12 17:18:46 +00:00
kato
52a17539a6 Merged from options.i386 revision 1.147. 2001-04-12 12:28:42 +00:00
kato
585ed66460 Merged from files.i386 revisions 1.359 and 1.360. 2001-04-12 12:26:40 +00:00
n_hibma
3838000f9c Regen. 2001-04-12 11:08:59 +00:00
n_hibma
542e59d7df TDK ids
Submitted by:	Hidetoshi Shimokawa <simokawa@sat.t.u-tokyo.ac.jp>
2001-04-12 11:04:08 +00:00
n_hibma
fab7b6e4fc From NetBSD 2001-04-12 10:59:30 +00:00
ache
4640eb1887 Back out history.3 link removing - conflict fixed in libreadline instead 2001-04-12 09:57:12 +00:00
ache
1a3245ae3d Install history.3 as rlhistory.3 to not conflict with existing libedit function 2001-04-12 09:54:44 +00:00
ache
5838a80470 Comment out one of many editline.3 MLINKS conflicting with libreadline
(history.3)
2001-04-12 03:33:13 +00:00
rwatson
366237b31f o Replace p_cankill() with p_cansignal(), remove wrappage of p_can()
from signal authorization checking.
o p_cansignal() takes three arguments: subject process, object process,
  and signal number, unlike p_cankill(), which only took into account
  the processes and not the signal number, improving the abstraction
  such that CANSIGNAL() from kern_sig.c can now also be eliminated;
  previously CANSIGNAL() special-cased the handling of SIGCONT based
  on process session.  privused is now deprecated.
o The new p_cansignal() further limits the set of signals that may
  be delivered to processes with P_SUGID set, and restructures the
  access control check to allow it to be extended more easily.
o These changes take into account work done by the OpenBSD Project,
  as well as by Robert Watson and Thomas Moestl on the TrustedBSD
  Project.

Obtained from:  TrustedBSD Project
2001-04-12 02:38:08 +00:00
imp
c46318678b Fix minor typo in comment. 112x -> 12xx 2001-04-11 22:49:00 +00:00
brian
eac81d474b Introduce -osid and -otsid
Submitted by: dd
2001-04-11 22:42:54 +00:00
jedgar
96b8f4bcfe Revamp acl_create_entry() so it actually works.
Obtained from:	TrustedBSD Project
2001-04-11 22:09:51 +00:00
archie
94db785410 Don't reference a node after we dropped a reference to it
(same as in previous checkin, but in a different function).
2001-04-11 22:04:47 +00:00
bp
8dca59cc7b Pull constants from netsmb/smb.h. 2001-04-11 21:35:51 +00:00
rwatson
322fad03bd o Enable -DSETSUGID_SUPPORTED in inter-process authorization regression
test by default, as setugid() is now part of the base kernel (assuming
  (options REGRESSION) has been enabled for the running kernel).

Obtained from: TrustedBSD Project
2001-04-11 20:23:23 +00:00
imp
7ae2f6eb48 Add IBM3765 to newcard's pcic pnp device list 2001-04-11 20:22:16 +00:00
rwatson
ab04223ac6 o Regenerated following introduction of __setugid() system call for
"options REGRESSION".

Obtained from:	TrustedBSD Project
2001-04-11 20:21:37 +00:00
rwatson
af3eb0f5a2 o Introduce a new system call, __setsugid(), which allows a process to
toggle the P_SUGID bit explicitly, rather than relying on it being
  set implicitly by other protection and credential logic.  This feature
  is introduced to support inter-process authorization regression testing
  by simplifying userland credential management allowing the easy
  isolation and reproduction of authorization events with specific
  security contexts.  This feature is enabled only by "options REGRESSION"
  and is not intended to be used by applications.  While the feature is
  not known to introduce security vulnerabilities, it does allow
  processes to enter previously inaccessible parts of the credential
  state machine, and is therefore disabled by default.  It may not
  constitute a risk, and therefore in the future pending further analysis
  (and appropriate need) may become a published interface.

Obtained from:	TrustedBSD Project
2001-04-11 20:20:40 +00:00
imp
c9a0bb442c Add #define for IBM3765.
Fix SWAMPBOX.  It had actiontec's ID.
Reorder pnpids so they are in alphabetical order.
2001-04-11 20:18:29 +00:00
rwatson
e0d9dfbfed o Introduce "options REGRESSION", a kernel option which enables
interfaces and functionality intended for use during correctness and
  regression testing.  Features enabled by "options REGRESSION" may
  in and of themselves introduce security or correctness problems if
  used improperly, and so are not intended for use in production
  systems, only in testing environments.

Obtained from:	TrustedBSD Project
2001-04-11 19:29:24 +00:00
jhb
3588cc574a Stick proc0 in the PID hash table. 2001-04-11 18:50:50 +00:00
rwatson
5091a293b0 o First pass at an inter-process authorization regression testing suite.
This test utility attempts to evaluate the current kernel policy
  for authorization inter-process activities, currently ptrace(),
  kill(, SIGHUP), getpriority(), and setpriority().  The utility creates
  pairs of processes, initializes their credential sets to useful
  cases, and reports on whether the results are in keeping with hard-coded
  safety expectations.

o Currently, this utility relies on the availability of __setugid(),
  an uncomitted system call used for managing the P_SUGID bit.  Due to
  continuing discussion of optional regression testing kernel components
  ("options REGRESSION") I'll hold off on committing that until the
  discussion has reached its natural termination.

o A number of additional testing factors should be taken into account
  in the testing, including tests for different classes of signals,
  interactions with process session characteristics, I/O signalling,
  broadcast activities such as broadcast signalling, mass priority
  setting, and to take into group-related aspects of credentials.
  Additional operations should also be taken into account, such as ktrace,
  debugging attach using procfs, and so on.

o This testing suite is intended to prevent the introduction of bugs
  in the upcoming sets of authorization changes associated with the
  introduction of process capabilities and mandatory access control.

Obtained from: TrustedBSD Project
2001-04-11 17:21:14 +00:00
jhb
4dd39ab878 Rename the IPI API from smp_ipi_* to ipi_* since the smp_ prefix is just
"redundant noise" and to match the IPI constant namespace (IPI_*).

Requested by:	bde
2001-04-11 17:06:02 +00:00
bmah
2f32005825 New release notes: vidcontrol(1) update (submitted by sobomax).
Modified release notes:  Note MFC of gcc-2.95.3, libreadline 4.2.

Clarify Maestro-3/Allegro driver loading issues (submitted by scottl).
2001-04-11 16:23:58 +00:00
jhb
fbaa8935ec Parse the various argument registers in the printtrap() function so that
one doesn't have to go grab a reference manual to decode them by hand every
time the alpha kernel falls over.

Reviewed by:	drew, -alpha
2001-04-11 16:20:11 +00:00
obrien
9f7387d498 The internal declaration for tilde_expand() now conflicts with the one
that was finally added to the readline headers in readline 4.2.

Submitted by:	ache
2001-04-11 16:15:19 +00:00
bp
90fcdf52cf Add forgotten files for NETSMBCRYPTO option (may be DES based encryption
should be enabled by default, not sure).
2001-04-11 09:20:33 +00:00
bp
9487b4dd9b Actually install include/fs/smbfs and include/netsmb directories. 2001-04-11 09:00:09 +00:00
imp
c191775cad Add O2Micro's OZ6872 Cardbus bridge.
Submitted by: Robert Sexton <robert@kudra.com>
2001-04-11 06:40:35 +00:00
obrien
11b2b4beea Missed one in rev 1.608. 2001-04-11 06:16:52 +00:00
ache
6fec02460c Upgrade for readline 4.2 2001-04-11 04:27:10 +00:00
ache
9c43265a0c Remove conflicting readline prototype 2001-04-11 04:07:38 +00:00
ache
fe8256367d Upgrade to 4.2 2001-04-11 03:49:54 +00:00
ache
4b3572c384 Merge local changes 2001-04-11 03:15:56 +00:00
ache
7891d143f5 This commit was generated by cvs2svn to compensate for changes in r75406,
which included commits to RCS files with non-trunk default branches.
2001-04-11 02:33:07 +00:00
ache
e5103242d9 v4.2 initial import 2001-04-11 02:33:07 +00:00
obrien
63ac1d62cc Properly set `KERNEL' w/in the "doSTDKERNEL:" target.
Reviewed by:	jhb
2001-04-11 02:21:13 +00:00
jedgar
512fd8bc5f Correct the following defines to match the POSIX.1e spec:
ACL_PERM_EXEC  -> ACL_EXECUTE
  ACL_PERM_READ  -> ACL_READ
  ACL_PERM_WRITE -> ACL_WRITE

Obtained from:	TrustedBSD
2001-04-11 02:19:01 +00:00
murray
2c672eefad Source rc.conf so that named.restart can restart named with the correct
flags.

PR:		misc/25049
Submitted by:	Richard Roderick <richard@gohome.net>
2001-04-11 02:12:14 +00:00
peter
8b9d89e1e4 Create debug.hashstat.[raw]nchash and debug.hashstat.[raw]nfsnode to
enable easy access to the hash chain stats.  The raw prefixed versions
dump an integer array to userland with the chain lengths.  This cheats
and calls it an array of 'struct int' rather than 'int' or sysctl -a
faithfully dumps out the 128K array on an average machine.  The non-raw
versions return 4 integers: count, number of chains used, maximum chain
length, and percentage utilization (fixed point, multiplied by 100).
The raw forms are more useful for analyzing the hash distribution, while
the other form can be read easily by humans and stats loggers.
2001-04-11 00:39:20 +00:00
iedowse
d212e20c86 Fix a typo relating to the "-U" (force UDP for mount protocol)
option. When specified, make sure to use the correct netid for the
getnetconfigent() call, and also in error messages.
2001-04-11 00:21:16 +00:00
obrien
686317c48c Remove MIPS support.
It has rotted quite badly and no one has provided updates for it.
2001-04-11 00:12:48 +00:00
obrien
bac4e84974 Removed these old 2.9.x files. 2001-04-10 23:53:32 +00:00
brian
e47f3b7b9f o The -s limit is ARG_MAX - 4K, not ARG_MAX - 2K.
o Mention that the current environment is part of the -s calculation.
o Add a BUGS section that warns against executing a program that increases
  the size of the argument list or the size of the environment.

  I have wondered for a while what the difference is between

    get a big list | xargs sudo command

  which fails and

    get a big list | sudo xargs command

  which succeeds.  The answer is that in the first case, sudo expands
  the environment and pushes the amount of data passed into execve over
  the E2BIG threshold.
2001-04-10 23:16:55 +00:00
jhb
3a77bccdbb Remove constants defining the bitmasks of the old giant kernel lock. 2001-04-10 22:22:01 +00:00
jhb
33d37b3b97 Remove the old APIC I/O higher level IPI API in favor of the newer MI
API for IPI's that isn't tied to the Intel APIC.  MD code can still use
the apic_ipi() function or dink with the apic directly if needed to send
MD IPI's.
2001-04-10 22:18:21 +00:00
jhb
5ede69a603 Catch up to the dirpref changes by copying new fields in the alternate
superblock from the original superblock so that differences in those new
fields are ignored.
2001-04-10 22:11:01 +00:00
iedowse
07990b1abd Split out all the RPC code into a separate function and address a
number of issues:

- Fix background mounts; these were broken in revision 1.40.
- Don't give up before trying all addresses returned by getaddrinfo().
- Use protocol-independent routines where possible.
- Improve error reporting for RPC errors.
- In non-background mode, give up after trying all protocols once.
- Use daemon(3) instead of rolling our own version.
- Never go ahead with the mount() syscall until we have received
  a reply from the remote nfsd; this is especially important with
  non-interruptible mounts, as otherwise a mistyped command might
  require a reboot to correct.

Reviewed by:	alfred, Martin Blapp <mb@imp.ch>
2001-04-10 22:05:47 +00:00
jhb
ee034b0be2 Remove the BETTER_CLOCK #ifdef's. The code is on by default and is here
to stay for the foreseeable future.

OK'd by:	peter (the idea)
2001-04-10 21:34:13 +00:00