Commit Graph

117 Commits

Author SHA1 Message Date
bdrewery
b619f0c747 Revert r267233 for now. PIE support needs to be reworked.
1. 50+% of NO_PIE use is fixed by adding -fPIC to INTERNALLIB and other
   build-only utility libraries.
2. Another 40% is fixed by generating _pic.a variants of various libraries.
3. Some of the NO_PIE use is a bit absurd as it is disabling PIE (and ASLR)
   where it never would work anyhow, such as csu or loader. This suggests
   there may be better ways of adding support to the tree. Many of these
   cases can be fixed such that -fPIE will work but there is really no
   reason to have it in those cases.
4. Some of the uses are working around hacks done to some Makefiles that are
   really building libraries but have been using bsd.prog.mk because the code
   is cleaner. Had they been using bsd.lib.mk then NO_PIE would not have
   been needed.

We likely do want to enable PIE by default (opt-out) for non-tree consumers
(such as ports). For in-tree though we probably want to only enable PIE
(opt-in) for common attack targets such as remote service daemons and setuid
utilities. This is also a great performance compromise since ASLR is expected
to reduce performance. As such it does not make sense to enable it in all
utilities such as ls(1) that have little benefit to having it enabled.

Reported by:	kib
2014-08-19 15:04:32 +00:00
brooks
ea5a037d1f Replace all uses of libncurses and libtermcap with their wide character
variants.  This allows usable file system images (i.e. those with both a
shell and an editor) to be created with only one copy of the curses library.

Exp-run:	antoine
PR:		189842
Discussed with:	bapt
Sponsored by:	DARPA, AFRL
2014-07-17 18:24:34 +00:00
bdrewery
989e2c6000 In preparation for ASLR [1] support add WITH_PIE to support building with -fPIE.
This is currently an opt-in build flag. Once ASLR support is ready and stable
it should changed to opt-out and be enabled by default along with ASLR.

Each application Makefile uses opt-out to ensure that ASLR will be enabled by
default in new directories when the system is compiled with PIE/ASLR. [2]

Mark known build failures as NO_PIE for now.

The only known runtime failure was rtld.

[1] http://www.bsdcan.org/2014/schedule/events/452.en.html
Submitted by:		Shawn Webb <lattera@gmail.com>
Discussed between:	des@ and Shawn Webb [2]
2014-06-08 17:29:31 +00:00
imp
0ed032933f When building picobsd, define WITHOUT_OPENSSL and WITHOUT_KERBEROS and
remove the now-redundant checks for RELEASE_CRUNCH. This originally
was defined for building smaller sysinstall images, but was later also
used by picobsd builds for a similar purpose. Now that we've moved
away from sysinstall, picobsd is the only remaining consumer of this
interface. Adding these two options reduces the RELEASE_CRUNCH
special cases in the tree by half.
2014-06-06 04:09:07 +00:00
imp
2118f42afd Use src.opts.mk in preference to bsd.own.mk except where we need stuff
from the latter.
2014-05-06 04:22:01 +00:00
ed
c737fde5da Convert telnetd(8) to use posix_openpt(2).
Some time ago I got some reports MPSAFE TTY broke telnetd(8). Even
though it turned out to be a different problem within the TTY code, I
spotted a small issue with telnetd(8). Instead of allocating PTY's using
openpty(3) or posix_openpt(2), it used its own PTY allocation routine.
This means that telnetd(8) still uses /dev/ptyXX-style devices.

I've also increased the size of line[]. Even though 16 should be enough,
we already use 13 bytes ("/dev/pts/999", including '\0'). 32 bytes gives
us a little more freedom.

Also enable -DSTREAMSPTY. Otherwise telnetd(8) strips the PTY's pathname
to the latest slash instead of just removing "/dev/" (e.g. /dev/pts/0 ->
0, instead of pts/0).

Reviewed by:	rink
2008-11-13 19:05:27 +00:00
dfr
be0348cb75 Fix conflicts after heimdal-1.1 import and add build infrastructure. Import
all non-style changes made by heimdal to our own libgssapi.
2008-05-07 13:53:12 +00:00
yar
73ebfe88f6 inetd and telnetd are not included in the standard release
crunched floppies, but they can be included as options in
src/release/picobsd (omitted by default though.)  Therefore
preserve the RELEASE_CRUNCH knob in their Makefiles, but
tell its real purpose in a comment.
2006-07-31 19:15:10 +00:00
yar
fe55b573c0 Stop enforcing dependencies between MK_* options at Makefile level.
All the dependencies are satisfied now in <bsd.own.mk>.
2006-07-31 13:29:36 +00:00
yar
09bab3681d telnetd(8) doesn't really go to the crunched floppies,
so its Makefile needn't test for RELEASE_CRUNCH.

Suggested by:	ru
2006-07-31 13:20:44 +00:00
yar
856c09a08a Respect MK_INET6_SUPPORT.
Apply style.Makefile(5).
2006-07-27 12:15:37 +00:00
ru
388e590f95 Reimplementation of world/kernel build options. For details, see:
http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html

The src.conf(5) manpage is to follow in a few days.

Brought to you by:	imp, jhb, kris, phk, ru (all bugs are mine)
2006-03-17 18:54:44 +00:00
des
2bb8de20fe Remove kludges intended to support src trees with partial obj trees.
Discussed with:	ru
2005-06-10 06:12:53 +00:00
ru
f4c44b761b NOCRYPT -> NO_CRYPT 2004-12-21 10:16:04 +00:00
cperciva
e629b37603 Join the 21st century: Cryptography is no longer an optional component
of releases.  The -DNOCRYPT build option still exists for anyone who
really wants to build non-cryptographic binaries, but the "crypto"
release distribution is now part of "base", and anyone installing from a
release will get cryptographic binaries.

Approved by:	re (scottl), markm
Discussed on:	freebsd-current, in late April 2004
2004-08-06 07:27:08 +00:00
markm
c26205b553 Make sure that a "make release" (more accurately the bit that makes
the crunched binary) get a non-cryptographic telnet. This is overkill
in that it covers stuff that is not normally used in a crunched binary.
2003-07-24 17:19:15 +00:00
markm
c0c9eb00ee Ensure that for the cryptographic instances of *telnet*, the "crypto"
distribution is used. This only affects release-building.
2003-07-24 07:19:55 +00:00
markm
284105499b Test correct macro for "without crypto" option(s). 2003-07-20 23:29:46 +00:00
markm
d6aec2b6d6 Very big makeover in the way telnet, telnetd and libtelnet are built.
Previously, there were two copies of telnet; a non-crypto version
that lived in the usual places, and a crypto version that lived in
crypto/telnet/. The latter was built in a broken manner somewhat akin
to other "contribified" sources. This meant that there were 4 telnets
competing with each other at build time - KerberosIV, Kerberos5,
plain-old-secure and base. KerberosIV is no longer in the running, but
the other three took it in turns to jump all over each other during a
"make buildworld".

As the crypto issue has been clarified, and crypto _calls_ are not
a problem, crypto/telnet has been repo-copied to contrib/telnet,
and with this commit, all telnets are now "contribified". The contrib
path was chosen to not destroy history in the repository, and differs
from other contrib/ entries in that it may be worked on as "normal"
BSD code. There is no dangerous crypto in these sources, only a
very weak system less strong than enigma(1).

Kerberos5 telnet and Secure telnet are now selected by using the usual
macros in /etc/make.conf, and the build process is unsurprising and
less treacherous.
2003-07-16 20:59:15 +00:00
markm
fc4822f39a Mrege from crypto telnet with "make unifdef". This gets a bunch of
$FreeBSD$ tags and some debug variable safety belts.
2003-05-11 18:27:49 +00:00
charnier
4966efff7b Replace various spelling with FALLTHROUGH which is lint()able 2002-08-25 13:10:45 +00:00
charnier
9639b20db6 The .Nm utility 2002-07-06 19:19:48 +00:00
jmallett
afc38d0730 Don't risk catching a signal while handling a signal for a dying child, as we
can then end up not properly clearing wtmp/utmp entries.

PR:		bin/37934
Submitted by:	Sandeep Kumar <skumar@juniper.net>
Reviewed by:	markm
MFC after:	2 weeks
2002-05-27 08:10:24 +00:00
kris
0e1bb965cc Set WFORMAT=0, overlooked in previous commits to libexec/.
Reported by:	jhay
2002-02-06 11:07:55 +00:00
sheldonh
81cc5956d9 Don't use non-signal-safe functions (exit(3) in this case) in
signal handlers.  In this case, use _exit(2) instead, following
the call to shutdown(2).

This fixes rare telnetd hangs.

PR:		misc/33672
Submitted by:	Umesh Krishnaswamy <umesh@juniper.net>
MFC after:	1 month
2002-02-05 15:20:02 +00:00
ru
42d152852b MFCrypto: Remove -r, -s, sort -p. 2001-12-14 14:46:51 +00:00
markm
2149facaa0 Merge from master (crypto) telnet. WARNS fixes for alpha. 2001-12-03 12:41:19 +00:00
markm
9d10280c0b Merge the (in)complete ANSIfication work from src/crypto/telnet. 2001-11-30 22:37:28 +00:00
markm
b72e252a01 After running a "make unifdef", commit the resultant diffs.
This code is now a complete sunset of the crypto (master) code.
2001-11-30 22:03:20 +00:00
markm
3962485896 Diff-reduce WRT src/secure/*telnet*/Makefile.
Also, add an "unifdef:" target, so that the telnet sources can
be remade from the crypto sources in src/crypto/telnet.
2001-11-30 21:34:51 +00:00
markm
5987cca2b8 Manually unifdef(1) CRAY, UNICOS, hpux and sun uselsess code. 2001-08-29 14:16:17 +00:00
dd
2c3a92a16f Remove description of an option that only applies to UNICOS < 7.0.
That define may still be present in the source, but I don't think
anyone has plans to try to use it.

Obtained from:	NetBSD
2001-08-25 21:29:12 +00:00
markm
162b7bf01c Feature merging and diff reduction between this code and crypto telnet.
Also remove conditional (AUTHENTICATION) code as we have never compiled
it here, and it is doubtful that it even works in this scenario.
2001-08-20 12:12:27 +00:00
ru
24c7b0a61d mdoc(7) police: s/BSD/.Bx/ where appropriate. 2001-08-14 10:01:54 +00:00
kris
da715e7cac MFcrypto/telnet/telnetd: Correct semantics of output_data*() and netflush()
to ensure deterministic operation
2001-07-23 22:00:51 +00:00
ru
016c529237 MFCrypto: fixed the remote buffer overflow. 2001-07-20 15:14:03 +00:00
dd
a145482cf6 Remove whitespace at EOL. 2001-07-15 07:53:42 +00:00
ru
5e14a6862e mdoc(7) police: removed HISTORY info from the .Os call. 2001-07-10 10:49:54 +00:00
brian
8636b161b3 Fix the type of the NULL arg to execl()
Idea from: Theo de Raadt <deraadt@openbsd.org>
2001-07-09 09:24:06 +00:00
ghelmer
d6ce76b54b Fix the number of bytes allocated by realloc when more space is needed
for the vector of arguments.

MFC after:	1 week
2001-06-07 20:05:18 +00:00
ru
98c6ecb383 Bye-bye /usr/lib/libtelnet.a. This should fix ``make release'' brokeness.
Approved by:	markm
2001-03-28 12:08:22 +00:00
ru
45d92a4319 - Backout botched attempt to intoduce MANSECT feature.
- MAN[1-9] -> MAN.
2001-03-26 14:22:12 +00:00
ru
a23a98f937 Set the default manual section for libexec/ to 8. 2001-03-20 18:10:13 +00:00
asmodai
0f00927ea0 Preceed/preceeding are not english words. Use precede or preceding. 2001-02-18 10:25:42 +00:00
asmodai
5cf198e77a Synch: Properly constify sccsid[].
Replace bcopy() with memmove().
2001-02-07 22:25:56 +00:00
asmodai
dfe4864cef Synch: Prefer memmove() over bcopy(). 2001-02-07 22:22:57 +00:00
asmodai
1393f49cab Synch: Properly constify sccsid[]. 2001-02-07 22:20:44 +00:00
asmodai
248275ca89 Synch: prefer memmove() over bcopy(), since the first is a C-standard
interface, whilst the latter is a BSD'ism.
2001-02-07 22:18:58 +00:00
asmodai
47a2266000 Fix typo: seperate -> separate.
Seperate does not exist in the english language.

Submitted to look at by:	kris
2001-02-06 10:39:38 +00:00
asmodai
e69fe706f1 Fix typo: wierd -> weird.
There is no such thing as wierd in the english language.
2001-02-06 09:25:10 +00:00