'sane' standard (not raw) settings before abort/exiting; move
responsibility of setting raw mode for chat-handling out of
chat.c to avoid doing redundant tc{s,g}etattr()s; move DE
pause prior setting standard mode before issue/login prompt to
avoid echoing modem connect strings. Fixed up comment styles
in a couple of places.
Rev 1.16 deraadt:
do not warn about valid options; invalid options correctly quit
Rev 1.15 deraadt:
need not clear options since bad ones cause exit;
provos@ws1.physnet.uni-hamburg.de
Rev 1.14 deraadt:
IPOPT_LSRR/IPOPT_SSRR must exit() due to tcp sequencing; pointed
out by provos@wserver.physnet.uni-hamburg.de. also another 1-char
buffer overflow.
Reviewed by: Peter Wemm
Obtained from: OpenSBD
Rev 1.13 deraadt:
do not warn about valid options; invalid options correctly quit
Rev 1.12 deraadt:
need not clear options since bad ones cause exit;
provos@ws1.physnet.uni-hamburg.de
Rev 1.11 deraadt:
IPOPT_LSRR/IPOPT_SSRR must exit() due to tcp sequencing; pointed
out by provos@wserver.physnet.uni-hamburg.de. also another 1-char
buffer overflow.
Reviewed by: Peter Wemm
Obtained from: OpenSBD
If it is set to a nonempty string, then simply skip any missing
shared libraries. This came up in a discussion long ago as a
potentially useful feature at sysinstall time. For example, an
X11 utility could be used without the X libraries being present,
provided the utility had a mode in which no X functions were actually
called.
- Use MAP_FAILED instead of the constant -1 to indicate
failure (required by POSIX).
- Removed flag arguments of '0' (required by POSIX).
- Fixed code which expected an error return of 0.
- Fixed code which thought any address with the high bit set
was an error.
- Check for failure where no checks were present.
Discussed with: bde
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.
Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.
nonempty string, then function calls are relocated at program start-up
rather than lazily. This variable is standard on Sun and SVR4 systems.
The dlopen() function now supports both lazy and immediate binding, as
determined by its "mode" argument, which can be either 1 (RTLD_LAZY) or
2 (RTLD_NOW). I will add defines of these symbols to <dlfcn.h> as soon
as I've done a little more checking to make sure they won't cause
collisions or bootstrapping problems that would break "make world".
The "LD_*" environment variables which alter dynamic linker behavior are
now treated as unset if they are set to the empty string. This agrees
with the standard SVR4 conventions for the dynamic linker.
Add a work-around for programs compiled with certain buggy versions of
crt0.o. The buggy versions failed to set the "crt_ldso" member of the
interface structure. This caused certain error messages from the
dynamic linker to begin with "(null)" instead of the pathname of the
dynamic linker.
nonempty string, then function calls are relocated at program start-up
rather than lazily. This variable is standard on Sun and SVR4 systems.
The dlopen() function now supports both lazy and immediate binding, as
determined by its "mode" argument, which can be either 1 (RTLD_LAZY) or
2 (RTLD_NOW). I will add defines of these symbols to <dlfcn.h> as soon
as I've done a little more checking to make sure they won't cause
collisions or bootstrapping problems that would break "make world".
more manageable and convenient referencing by login.conf (login
class database) and (e.g.) login.access.
This is the first of a group of commits which implements the login
class capabilities database.
emitting the initial prompt.
This is useful in a number of circumstances :
- you have (a) stupid modem(s) that assert(s) DCD too soon.
- you have dialin users with stupid diallers and poorly
written chatscripts. (esp. some Winsock diallers)
BSD/OS also has this capability.
Submitted by: damian@cablenet.net (Damian Hamill)
matches what's in ypserv/yp_extern.h (which I changed when I added the
async DNS stuff). The conflict broke the build of rpc.yppasswdd.
Pointed out by: bde
do it themselves. (Some of these programs actually depended on this
beyond compiling the definition of struct ifinfo!) Also fix up some
other #include messes while we're at it.
it is both uneeded and breaks certain lock-step timing in the rexec
protocol.
Yes, an attacker can "relay" connections using this trick, but a properly
configured firewall that would make this sort of subterfuge necessary in the
first place (instead of direct packet spoofing) would also thwart useful
attacks based on this.
succeeded.
Never allow the reverse channel to be to a privileged port.
Cannidate for: 2.1 and 2.2 branches
Reviewed by: pst (with local cleanups)
Submitted by: Cy Shubert <cy@cwsys.cwent.com>
Obtained from: Jaeger <jaeger@dhp.com> via BUGTRAQ
and YP_SECURE flags so that it can properly add them to newly created
maps when needed. This applies only when using the 'standard' method
for map transfers. When using rpc.ypxfrd, the whole map is copied
verbatim, along with any special entries that may be encoded in it.
Also made -Wall a little quieter for ypxfrd_getmap.c.
the main program, report them directly from the dynamic linker and die
there, rather than returning an error message to crt0.o. This enables
the printing of error messages even for old executables, whose version
of crt0.o is not able to print them.
This fix closes PR bin/1869.
The code in crt0.o for printing error messages from the dynamic linker
is no longer used, because of this change. But it must remain, for
backward compatibility with older dynamic linkers.
When an rsh is denied by rshd because the client is lacking appropriate
.rhosts permission, an error message is formatted for syslog which contains
the client's hostname. The hostname portion of the message relies on a pointer
to a field within gethostbyname()'s internal struct hostent which changes state
between when the pointer is initialized and when it is dereferenced to create th
e
message.
Submitted by: skynyrd@opus.cts.cwu.edu
>Description:
/usr/libexec/mail.local runs as root. As such is can fill up a
mailbox on a quota'd filesystem, and keep going... Makes quota's
almost useless in an ISP environment.
Closes: PR#bin/1111
Submitted by: Charles Henrich <henrich@crh.cl.msu.edu>
or rpc.ypxfrd processes on remote systems that aren't bound to reserved
ports. The servers already do reserved port checks on the clients.
Obtained from: scrutinizing the OpenBSD ypxfr sources. (Note that this
applies to the ypserv check only; OpenBSD doesn't have an rpc.ypxfrd.)
password: ask for it, but don't tell that S/key password required.
It looks like non-s/key system from outside.
Additionally tell that s/key required when it is so for normal case
It happens if 1) regular passwords not allowed, 2) skey database
not activated for given user.
Under some rare circumstanes skey_challenge can return empty
diagnostic or even previous buffer, fix it.
opened. After that, the directories are already present, and there is
no point in adding them again. This doesn't fix any bugs; it's just for
efficiency.
since rt_readenv() already takes care of not setting unsafe variables.
This was part of the changes I submitted to Peter and John during the
review which must have gotten missed.
how I managed to get this out of sync, but I did. I guess that's what I
get for directly committing from different machines that I was testing on.
Pointed out by: Paul Traina <pst@freebsd.org>
configurable fallback search paths, as well as new crt interface version.
Also:
- even faster getenv(), get all environment variable settings in a single
pass.
- ldd printf-like format specifications
- minor code cleanups, one vsprintf -> vsnprintf (harmless)
The library search sequence is a little more complete now. Before,
it'd search $LD_LIBRARY_PATH (by opendir/readdir/closedir), then read
the hints file, then read /usr/lib (again by scanning thr directory). It
would then fail if there was no "found" library.
Now, it does LD_LIBRARY_PATH and the hints file the same, but then uses
a longer fallback path. The -R path is fetched from the executable if
specified at build time, the ldconfig path is appended, and /usr/lib is
appended to that. Duplicates are suppressed. This means that simply
placing a new library in /usr/local/lib will work (the same as it did in
/usr/lib) without needing ldconfig -m. It will find it quicker if the
ldconfig is run though.
Similar changes have been made to the NetBSD ld.so, but ours is rather
different now due to John Polstra's speedups and fixes from a while back.
The ldd printf-like format support came direct from NetBSD.
Reviewed by: nate, jdp
with the -R option and store the path in the dynamic header when specified.
The $LD_RUN_PATH environment variable is not checked yet.
While here, split up the code a bit more to enable more selective replacing
of GPL'ed components that are linked with ld.so with others.
Obtained from: NetBSD (mostly, the breakup is my fault)
Reviewed by: Garrett Wollman <wollman@freebsd.org>
Submitted by: Warner Losh <imp@village.org>
Close PR bin/1145:
Add -s flag to tftpd. This enables the so-called secure mode
of tftpd where it chroots to a given directory before allowing access
to the files. In addition, it runs as nobody when in this mode.
Reviewed a long time ago by Bill and Garrett. Apply my patch from the
pr, and close the PR.
for gcc >= 2.5 and no-ops for gcc >= 2.6. Converted to use __dead2
or __pure2 where it wasn't already done, except in math.h where use
of __pure was mostly wrong.
as atomically as possible.
(Immutable targets can't be renamed without opening a window when
neither the source nor the target is immutable. Perhaps there
should be a rename_immutable syscall to do this if unsetting the
immutable flags would work.)
"." means the object directory, so it is just confusing to use it
when nothing is included from the object directory unless the object
directory is also the source directory. It is confusing for "."
not to mean the source directory anyway, so used `-I.'s should be
replaced by `-I${.OBJDIR}'.
Document the new -R (relax paranoia) option.
From NetBSD/Lite2: code and man page cleanups, Kerberos IV hooks
(relax, we're still exportable), and /etc/ftpchroot feature for
semi-anonymous accounts
or addresses other than the requestor's address. This violates the FTP
protocol (hmm...as I write this, I'm going to change this to a run-time var.)
Require login before PASV and RNTO commands.
Close unused PASV ports so they don't hang around forever.
Do not allow file overwrites via rename or STOR when anonymous
(suspenders).
Clean up buffer utilization.
My code, but heavily inspired by Hobbit's changes to wu-ftpd as pointed out
by Mike Prettejohn and Kit Knox.
hash table size from 256 to 1024.
Generate output that looks more like the SunOS mknetid: uses a space
instead of tabs for white space.
Fix typo in comment in hash.h: Groupit -> Groupid.
which ypxfr links with. (Sorry: left over development bogon.)
Just a reminder: you must rebuild librpcsvc before you build
this program.
Pointed out by: Stephen Hocking
Also generallize the yp_dbwrite functions a little: allow the caller
to specify certain flags. I need this mostly for some changes to
rpc.yppasswdd to allow in-place updates.
Also change Makefile a little to use the same format as ypserv.
been loaded, look for a match by device and inode number if the
traditional pathname comparisons don't find a match. This detects
the case in which a library is requested using two different names
which are really links to the same file, and avoids loading it
twice.
Requested by: peter@freebsd.org
Reviewed by: peter@freebsd.org
- Fix typos in comments in hash.c.
- Remove unneeded and unused member from grouplist struct in hash.h.
(Curiously, the compiler never complained about this even though the
member was of type 'struct grps' which is not defined anywhere in
this program.)
- char ch -> int ch in revnetgroup.c.
- char *argv[0]; -> char *argv[]; also in revnetgroup.c.
- Force the user to specify at least one of the -u or -h flags
and complain if they specify both.
COMPAT_43 cruft. This is supposedly the last core utility that has
been using it! (So now, one should be able to remove this option from
the config files. Be aware that the last officially released xterm
however still requires it.)
The getty has been running now for several weeks on my modem line, so
i feel safe about it.
Obtained from: mostly from the NetBSD vendor-branch
R_NOOVERWRITE flag and process return codes so that we can tell the
difference between a failure due to a duplicate database entry and
failure due to some other error.
descriptions of LD_NO_INTERN_SEARCH and LD_NOSTD_PATH from the manual
page, since they are not supported.
Submitted by: Doug Ambrisko <ambrisko@ambrisko.roble.com>
accepting connections on the FTP port and forking children processes to
handling them. This is lower overhead than spawning ftpd from inetd and
can be a significant win on busy FTP servers. Be sure to disable ftpd in
inetd.conf if you decide to use this option.
These changes are based on similar changes I made to wu-ftpd and have
been in use on wcarchive for several months.
man pages up to mdoc guidelines and fix some minor formatting glitches.
Also fixed a number of man pages to not abuse the .Xr macro to
display functions and path names and a lot of other junk.
- Handle 'empty' maps more gracefully. By empty I mean a valid map that
just happens not to have any entries in it, such as you would get if
you built a map database from an empty file. Previously, trying to
ypxfr such a map would yield an 'NIS map/database error' which is not
the correct behavior.
ypxfr_misc:
- Make sure to free() or xdr_free() dynamically allocated memory in
ypxfr_get_master() as necessary.
It addresses a number of problems that were present in earlier
versions.
The calls to the "init" and "fini" functions of shared libraries
have been reordered, so that they are called in a strictly nested
fashion, as is required for C++ constructors and destructors. In
addition, the "init" functions are called in better order relative
to each other. That makes the system more tolerant of C++ programs
which depend on a library's being initialized before its clients.
The dynamic linker is now more tolerant of shared libraries in
which dependencies on other shared libraries are incompletely
recorded.
Cleanup in the event of errors has been improved throughout the
dynamic linker. A number of memory leaks were eliminated.
The warning message for a shared library whose minor version number
is too old has been clarified.
The code dealing with the "ld.so.hints" file has been cleaned up.
A bug that caused the hints file to be unmapped incompletely has
been fixed. A different bug that could potentially cause the hints
file to be mapped on top of a loaded object has been fixed.
The code that searches for shared libraries has been cleaned up.
The searching is now more compatible with that done by SunOS and
SVR4. Also, some unnecessary and useless searches of both the
hints file and library directories have been eliminated.
Reviewed by: nate@freebsd.org
on a failure, but if we're checking a corrupt map we could also get back
a zero from ypserv without really encountering any actual error. Flag this
condition and generate an meaningful error message.
- Fix transmission of ypxfr_clear to ypserv: error checking was wrong
and we sending YPXFR_YPERR as an error status instead of YPXFR_CLEAR.
- To help avoid a race condition (or at least reduce the likelyhood of
it occuring), use rename() to move a newly transfered map into place
instead of unlink()ing the old one first and then renaming. Da man page
sez that rename should do the unlink() for us. This prevents ypserv
from returning 'no such map in domain' when asked to query a map which
ypxfr has just unlink()ed but not yet replaced.
- Fix a SEGV condition in ypxfr_main.c that reared its ugly head while I
was working on the 'parallel jobs' feature of the new yppush. After we've
completed the map transfer and created a local temporary copy, we check
the order number of the map on ypserv again to make sure it didn't change
while the transfer was in progress (map skew). If for some reason we flat
out fail to get the order number from the server, we flag this as an
error and bail, telling ypxfr_exit() to clean up our temporary files
for us. However, ypxfr_exit() tries to close the database before unkining
it, not realizing that it has already been closed prior to the skew check.
The second attempt to close the database causes a SEGV somewhere inside
the DB code.
(Well, it does on my 2.0.5 machine anyway. I haven't seen anyone modify
the DB library code in ages, so the condition is probably still there.)
To work around this, we deliberately set dbp to NULL after closing the
database and check for the condition in ypxfr_exit(), being careful to
avoid the second close if we see the NULL.
- In yp_dbwrite.c, make yp_open_db_rw() open the database with O_EXLOCK
flag set. This probably won't affect much of anything, but I feel better
having it there.
vector. Now it is called the "symbol caching" vector. This was made
possible and unconfusing by other changes that allowed me to localize
everything having to do with the caching vector in the function
reloc_map().
Switched to alloca() for allocating the caching vector, and eliminated
the special mmap-based allocation routines. Although this was motivated
by performance reasons, it led to significant simplification of the
code, and made it possible to confine the symbol caching code to the
single function reloc_map().
Got rid of the unnecessary and inefficient division loop at the
beginning of rtld().
Reduced the number of calls to getenv("LD_LIBRARY_PATH") to just 1, on
suggestion from <davidg@root.com>.
Added breaks out of the relocation loops when the relocation address is
found to be 0. A relocation address of 0 is caused by an unused
relocation entry. Unused relocation entries are caused by linking a
shared object with the "-Bsymbolic" switch. The runtime linker itself
is linked that way, and the last 40% of its relocation entries are
unused. Thus, breaking out of the loop on the first such entry is a
performance win when ld.so relocates itself. As a side benefit, it
permits removing a test from md_relocate_simple() in
../i386/md-static-funcs.c.
Unused relocation entries in other shared objects (linked with
"-Bsymbolic") caused even bigger problems in previous versions of the
runtime linker. The runtime linker interpreted the unused entries as if
they were valid. That caused it to perform repeated relocations of the
first byte of the shared object. In order to do that, it had to remap
the text segment writable. Breaking out of the loop on the first unused
relocation entry solves that.
Submitted by: John Polstra <jdp@polstra.com>
Implemented symbol memorizing to reduce the number of calls to lookup(),
making relocation go faster. While relocating a given shared object,
the dynamic linker maintains a memorizing vector that is directly
indexed by the symbol number in the relocation entry. The first time a
given symbol is looked up, the memorizing vector is filled in with a
pointer to the symbol table entry, and a pointer to the so_map of the
shared object in which the symbol was defined. On subsequent uses of
the same symbol, that information is retrieved directly from the
memorizing vector, without calling lookup() again.
A symbol that is referenced in a relocation entry is typically
referenced in many relocation entries, so this memorizing reduces the
number of calls to lookup() dramatically. The overall improvement in
the speed of dynamic linking is also dramatic -- as much as a factor of
three for programs that use many shared libaries.
Submitted by: jdp@polstra.com "John Polstra"
Kerberos obtains a network address for the local host from the routing
tables and uses it consistently for all Kerberos transactions. This ensures
that packets only leave the *authenticated* interface. Clients who open
and use their own sockets for encrypted or authenticated correspondance
to kerberos services should bind their sockets to the same address as that
used by kerberos. krb_get_local_addr() and krb_bind_local_addr() allow
clients to obtain the local address or bind a socket to the local address
used by Kerberos respectively.
Reviewed by: Mark Murray <markm>, Garrett Wollman <wollman>
Obtained from: concept by Dieter Dworkin Muller <dworkin@village.org>
shared library. Formerly, the message looked like this:
ld.so: run: libjdp1.so.1.0: Undefined error: 0
The new message looks like this:
ld.so: run: Can't find shared library "libjdp1.so.1.0"
(Where "run" is the name of the program being executed.)
Submitted by: jdp@polstra.com (John Polstra)
symbols.
An easy example to see this is to develop an X program which links
against Xt, but doesn't add -lX11 to the link line. It will link fine,
but cause run-time errors by ld.so because of missing symbols used by Xt
defined in X11. This patch makes the errors more readable.
Submitted by: jdp@polstra.com (John Polstra)
were chopped off of the function call and garbage was passed instead.
The solution involves making some variable globals as well as fixing the
call to have all the arguments.
specified in the top level Makefiles.
Previously I missed dozens of Makefiles that skip the install after
using `cmp -s' to decide that the install isn't necessary.
I get on this topic will go straight to /dev/null. This is absolutely the
last word on this topic you'll see from me. Too much time has already been
wasted.
on dlclose. Also correctly call constructors and destructors for libraries
linked with /usr/lib/c++rt0.o.
Change interpretation of dlopen manpage to call _init() rather than init()
for dlopened objects.
Change c++rt0.o to avoid using atexit to call destructors, allowing dlclose to
call destructors when an object is unloaded.
Change interface between crt0 and ld.so to allow crt0 to call a function on
exit to call destructors for shared libraries explicitly.
These changes are backwards compatible. Old binaries will work with the new
ld.so and new binaries will work with the old ld.so. A version number has
been introduced in the crt0-ld.so interface to allow for future changes.
Reviewed by: GAWollman, Craig Struble <cstruble@singularity.bevc.blacksburg.va.us>
causes some clients that do not support linemode to mis-interpret the return
key (i.e. double returns).
The fix is to only do the state check for binary options if linemode will
be used.
Closes PR#505.
Submitted by: Charles Henrich
- set TCP_NOPUSH to keep from sending short packets at each write(2) boundary
- set SO_SNDBUF to 64k so we have a reasonable amount of buffer space
- for a regular file in binary mode which is not being restarted and is
. smaller than 16 Meg, use mmap(2) and write(2) the whole file in one big
gulp
In the most common circumstances, this should dramatically reduce the
system-call load from ftpd, since the call to write() will not return until
the entire file has been written, rather than writing just a few K at a time
in a loop.
