As discussed on -current, there is no sensitive info in /sbin/init
to prevent reading it from non-privileged users, nor any reason to
remove the 'x' bit as the first thing the program does is check the
uid and exit if it is not run by root.
Instead (and this is why i make the change), mode 500 prevents
operation when exporting the partition without -maproot=0 to diskless
clients.
All previuos releases are affected by the same problem, so a merge
to RELENG_6 at least would be appropriate (after proper re@ approval
of course).
o multiple modules can be unloaded at once (specified either by id or be
module name)
o exit with EX_USAGE after usage() is called.
o remove unused variables, since we keep command line flags as bitmask,
in 'opt'.
o 'kldload -n ...' does nothing. Add comment to this options.
Additionally:
o Update manual page to conform new functionality.
o Increace WARNS to 6. Because we can.
Approved by: cognet (mentor)
MFC after: 1 week
in the buffer. This isn't exactly the patch that Stephen submitted, but
is based on one of his suggestions.
PR: 93841
Submitted by: Stephen Montgomery-Smith <stephen@math.missouri.edu>
MFC after: 2 weeks
o Also, fdisk_pc98 appears to support -i, so add it to the man page.
o Ditto -v
o Change the name from PC partition table maintenance program to NEC PC-98x1
partition table maintenance program, since it is possible to have a DOS MBR
formatted disk on FreeBSD/pc98 now (although we don't install any tools for
this).
o Merge the -I switch from i386 verison to initialize the partition table
to use the maximum amount possible for a single FreeBSD table.
o Improve warning when the geom method fails (which I think it
always will until geom_pc98 is updated to respond to this ctl message)
o when writing out the boot sector, we have to write out a minimum of
1024 bytes or the sector size. This is different than the i386 case where
we need to write out a minimum of 512 bytes (which is also the minimum
sector size). We already handle this difference on reading, but didn't
in writing, so attempting to write a new partition table would fail.
o Add MID to the -s output, since pc98 users are likely interested in
both of these parameters.
# I can now initialize disks on my pc98 machine either by -I or by
# manually entering the parameters. I don't know if fdisk -B works or not,
# since I'm not willing to risk my only working boot disk to test it..
additional -r (read-only) flag or or -w (read-write) flag,
then assume we want, mount -u -w.
When doing a mount update, this will implicitly pass a "noro" mount
option down to the VFS layer.
vfs_mergeopts() in vfs_mount.c will then remove the "ro" mount option
if it exists in the mount options for a mounted file system.
This means that "mount -u" works the same as "mount -u -w"
and will convert a read-only mount to read-write.
- mount(8) now calls the nmount(2) system call directly, not mount(2)
- specifying a filesystem type with -t will not automatically
invoke an external /sbin/mount_XXXX program....this only happens for
certain file system types. For all other file system types, nmount(2)
is called directly.
doesn't exist or add one that is already present, if the -q flag
is set. Useful for "ipfw -q /dev/stdin" when the command above is
invoked from something like python or TCL to feed commands
down the throat of ipfw.
MFC in: 1 week
supported for a moment.
- Don't allow to use -i when no passphrase is given. Now if iterations is
equal to -1 (not set), we know that we should not ask for the passphrase
on boot.
It still doesn't handle situation when one key is protected with
passphrase and the other is not. There is no quick fix for this.
The complete solution will be to make number of iterations a per-key
value. Because this need metadata format change and is only needed for
devices attached on boot, I'll leave it as it is for now.
MFC after: 3 days
makes it practical to use GBDE for "something you have plus something
you know" security together with a USB flash drive.
Reviewed by: phk
MFC after: 7 days
Presently, ifconfig callbacks are used for L2 configuration, media
and vlan, so actions associated with address assignment, like sending
out a gratuitous ARP, should go when L2 is running already.
This also should fix the problem with setting up vlan interfaces
from rc.conf, when both IP and vlan+vlandev parameters are passed
to ifconfig at once.
Future work: Consider introducing several ifconfig callback lists
to invoke callbacks orderly.
MFC after: 1 week
/tmp may not be writeable yet when dhclient is first run via
/etc/rc.d/netif so using it may not work. Also, writing to a
predictable file in /tmp as root is a really bad idea since a malicious
user may be able to win a race and insert a symlink which will allow
them to cause any file to be overwritten. To solve these problems,
create the tempory file in /var/run which will exist this early and is
writable only by root.
Security: Local risk if users can cause dhclient to run on demand
(such as by unplugging and replugging the network cable).
system is mounted. This prevevents duplicated mounts.
The change I made against the original patch is to fall back to the given
path on realpath(2) failure instead of exiting with an error.
Submitted by: Andreas Kohn <andreas@syndrom23.de>
PR: bin/89782
MFC after: 3 days
