2) Move incomplete check for / in locale name from env section to
loadlocale(), add check for "." and ".." too.
It allows to check any argument, not env only.
3) Redesing LOAD_CATEGORY macro to eliminate code duplication.
4) Try harder in fallback code: if old locale can't be restored,
load "C" locale
5) White space formatting, long lines, etc.
kernel access control.
Extensions to libc to provide basic MAC label manipulation facilities
for userland. These interface will be replaced in the next month
or two with more flexible interfaces, but provide sufficient support
to allow use of the Biba and MLS policies for user applications.
libc_r wrappers to follow.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
kernel access control.
Provide a library to manage user file system firewall-like rules
supported by the mac_bsdextended.ko security model. The kernel
module exports the current rule set using sysctl, and this
library provides a front end that includes support for retrieving
and setting rules, as well as printing and parsing them.
Note: as with other userland components, this is a WIP. However,
when used in combination with the soon-to-be-committed ugidfw,
it can actually be quite useful in multi-user environments to
allow the administrator to limit inter-user file operations without
resorting to heavier weight labeled security policies.
Obtained form: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
the PAM_ECHO_PASS option on-the-fly is a NOP (though it wasn't with the
old pam_get_pass(3) code). Instead, call pam_prompt(3) directly. This
actually simplifies the code a bit.
MFC after: 3 days
TCP clients. The problem was that a struct netconfig returned by
getnetconfigent() was being treated as a handle for __rpc_getconf(),
which certainly isn't right.
The tirpc-99 code uses __rpc_setconf("udp")/__rpc_getconf() to find
the IPv4 udp netconfig, but our implementation of these functions
seem happy to return IPv6 entries, so we can't use them. By reverting
to the old version, we are hard-coding the name of the udp4 netid.
Tracked down by: Bakul Shah <bakul@bitblocks.com>
This will make the behavior robuster if many addresses are added
after the size estimation of storage at the first sysctl.
Reviewed by: JINMEI Tatuya <jinmei@isl.rdc.toshiba.co.jp>
MFC after: 1 week
- use strlcpy.
- snprintf can return negative value, so cope with it.
- tweak interface index on interface locals (ff01::/16).
- removed unused macros.
- removed a macro that uses only once (in a trivial context).
- explicitly say goodbye to ENI_xxx.
- constify struct afd.
Obtained from: KAME
MFC after: 1 week
completeness and doesn't get us a working libc_r there because libc_r
uses setjmp() and setjmp() cannot be used for context switches on ia64
as-is (or sparc64). Rather than making setjmp/longjmp behave like
the *context() calls, it would be far better to make libc_r use *context()
directly which is what they are for.
Obtained from: marcel
info. This turned out to be rather useful on ia64 for tracking down
malloc/free problems.
Detect duplicate free()'s - otherwise these show up as a guard1 failure
and it looks like corruption instead of something simple like a second
free() where there shouldn't be.
Deal with libz using libc headers and not seeing the malloc/free stuff that
we provide in libstand. Do similar nastiness to what is done for bzlib.
Tested on: i386, ia64 (compile, run)
- add GLOB_NOMATCH return value and use it when we don't get a match
- rename GLOB_ABEND to GLOB_ABORTED and use it instead of returning 1
in some places
- add GLOB_NOESCAPE flag and retire GLOB_QUOTE to compatibility
section
Suggestions/advice on correct usage of POSIX defines: wollman
support creation times such as UFS2) to the value of the
modification time if the value of the modification time is older
than the current creation time. See utimes(2) for further details.
Sponsored by: DARPA & NAI Labs.
Assembler macros are tidied up and made as similar as sanely possible.
The macros are translated into C (__inline static) functions for lint.
Declaration orders are made the same.
Declarations are all ISOfied and tidied up.
Comment contents have gratuitous diffs removed.
The net result is a bunch of crt1.c's that are 90% the same.
It may be possible to now encapsulate the differences in one
MD header, and have only one MI crt1.c file (although the macros
to do this may be ugly).
Helpful comments by: obrien, bde
Alpha tested by: des
i386-elf tested by: markm
It's silly to call sysctl() to get the value of _PATH_STDPATH from
<paths.h> when we can just use it directly. This greatly simplifies
the implementation. (This is also part of my grand scheme to get
rid of sysctl's `user' category, which should never have been created.)
Use strlcpy() instead of strncpy() as it has the exact semantics we want.
no punch_fw was used.
Fix another couple of bugs which prevented rules from being
installed properly.
On passing, use IPFW2 instead of NEW_IPFW to compile the new code,
and slightly simplify the instruction generation code.
file descriptors does not change upon dropping privilege, and include
a likely case of `setuid(non_superuser); exec(...);'.
Sponsored by: DARPA, NAI Labs
Obtained from: TrustedBSD Project
the build. It is here to compartmentalise functionality currently duplicated
in many notable programs in the base system. It currently handles block
reads and writes, as well as reading and writing of the filesystem superblock,
and the reading/lookup of inode data. It supports both UFS and UFS2. I
will be maintaining it, and porting programs to use it, however for now, it
is simply being built as part of world.
The ability to schedule multiple threads per process
(one one cpu) by making ALL system calls optionally asynchronous.
to come: ia64 and power-pc patches, patches for gdb, test program (in tools)
Reviewed by: Almost everyone who counts
(at various times, peter, jhb, matt, alfred, mini, bernd,
and a cast of thousands)
NOTE: this is still Beta code, and contains lots of debugging stuff.
expect slight instability in signals..
This code makes use of variable-size kernel representation of rules
(exactly the same concept of BPF instructions, as used in the BSDI's
firewall), which makes firewall operation a lot faster, and the
code more readable and easier to extend and debug.
The interface with the rest of the system is unchanged, as witnessed
by this commit. The only extra kernel files that I am touching
are if_fw.h and ip_dummynet.c, which is quite tied to ipfw. In
userland I only had to touch those programs which manipulate the
internal representation of firewall rules).
The code is almost entirely new (and I believe I have written the
vast majority of those sections which were taken from the former
ip_fw.c), so rather than modifying the old ip_fw.c I decided to
create a new file, sys/netinet/ip_fw2.c . Same for the user
interface, which is in sbin/ipfw/ipfw2.c (it still compiles to
/sbin/ipfw). The old files are still there, and will be removed
in due time.
I have not renamed the header file because it would have required
touching a one-line change to a number of kernel files.
In terms of user interface, the new "ipfw" is supposed to accepts
the old syntax for ipfw rules (and produce the same output with
"ipfw show". Only a couple of the old options (out of some 30 of
them) has not been implemented, but they will be soon.
On the other hand, the new code has some very powerful extensions.
First, you can put "or" connectives between match fields (and soon
also between options), and write things like
ipfw add allow ip from { 1.2.3.4/27 or 5.6.7.8/30 } 10-23,25,1024-3000 to any
This should make rulesets slightly more compact (and lines longer!),
by condensing 2 or more of the old rules into single ones.
Also, as an example of how easy the rules can be extended, I have
implemented an 'address set' match pattern, where you can specify
an IP address in a format like this:
10.20.30.0/26{18,44,33,22,9}
which will match the set of hosts listed in braces belonging to the
subnet 10.20.30.0/26 . The match is done using a bitmap, so it is
essentially a constant time operation requiring a handful of CPU
instructions (and a very small amount of memmory -- for a full /24
subnet, the instruction only consumes 40 bytes).
Again, in this commit I have focused on functionality and tried
to minimize changes to the other parts of the system. Some performance
improvement can be achieved with minor changes to the interface of
ip_fw_chk_t. This will be done later when this code is settled.
The code is meant to compile unmodified on RELENG_4 (once the
PACKET_TAG_* changes have been merged), for this reason
you will see #ifdef __FreeBSD_version in a couple of places.
This should minimize errors when (hopefully soon) it will be time
to do the MFC.
re-read from the stack mid copy. This may help mitigate the recent
Apache buffer overrun and future overruns of the sort.
Reviewed by: jdp
MFC after: 2 days
