John Birrell [Tue, 1 Apr 1997 22:49:58 +0000 (22:49 +0000)]
Make error checking less zealous to handle devices like /dev/null
which don't provide a non-blocking interface.
This is a short term "fix" which changes a half-lose to a half-win.
The thread that accesses a device that does not provide a non-blocking
interface will block for its time slice.
A medium term solution would be to use rfork. A long-term solution
would be some sort of kernel thread/SMP implementation.
Make mount_nfs use reserved ports by default.. Mounts already use
a reserved port, so why not the nfs rpc's themselves?
With user allowed mounts, this perhaps needs a closer look, but
on the other hand, a user could already specify the flag.
If normal users should not be able to use resserved ports, the kernel
should check for the flag at mount time.
Bruce Evans [Tue, 1 Apr 1997 14:15:30 +0000 (14:15 +0000)]
Don't fail when the vfs.nfs.nfs_privport sysctl doesn't exist
(presumably because the kernel is old). Moved the declaration of a
variable realated to this sysctl outside of an unrelated ifdef.
Not fixed:
- this sysctl is badly named (nfs occurs twice).
- it's silly to have for FreeBSD in FreeBSD code, especially when
only half of the FreeBSD-dependent code is ifdefed.
Bruce Evans [Tue, 1 Apr 1997 11:48:30 +0000 (11:48 +0000)]
Use OID_AUTO instead of magic number for the old sysctl debug.rcluster.
The magic number conflicted with the rotting disabled one in ext2fs for
debug.doasyncfree.
Removed messy debugging variable/constant/sysctl debug.doreallocblks.
Lite2 removed it, and we don't use the code that it controls.
Bruce Evans [Tue, 1 Apr 1997 08:39:07 +0000 (08:39 +0000)]
Removed potentially harmful garbage <vm/lock.h> and fixed bogus
use of it. It was actually harmless because the use was null due
to fortuitous include orders and identical (wrong) idempotency
macros.
Bruce Evans [Tue, 1 Apr 1997 08:02:00 +0000 (08:02 +0000)]
Removed nested include of <ufs/ufs/dir.h>. Use the pre-Lite2 hack of
defining doff_t both here and in <ufs/ufs/dir.h> so that this file
is independent of <ufs/ufs/dir.h>. It still has old prerequisites
<sys/param.h> and <ufs/ufs/quota.h>, and a new Lite2 prerequisite of
<sys/lock.h>, sigh.
This might fix lsof, which was broken by namespace pollution giving
conflicting definitions of DIRBLKSIZ.
Brian Somers [Mon, 31 Mar 1997 22:51:00 +0000 (22:51 +0000)]
Remove the syslog stuff, and allow various return values
in uu_lock(). Add uu_lockerr() for turning the results of
uu_lock into something printable. Remove bogus section in man page
about race conditions allowing both processes to get the lock.
Include libutil.h and use uu_lock() correctly where it should.
Peter Wemm [Mon, 31 Mar 1997 16:43:16 +0000 (16:43 +0000)]
Fix the mount_mfs case from the last cleanup. The code was (ab)using
it's internal malloc() implementation to try and avoid overstepping it's
resource limits (yuk!). Remain using libc's malloc(), but check the
resource limits right before trying to malloc the ramdisk space and leave
some spare memory for libc. In Andrey's words, the internal malloc
was "true evil".. Among it's sins is it's ability to allocate less memory
than asked for and still return success. stdio would just love that. :-)
Peter Wemm [Mon, 31 Mar 1997 15:13:33 +0000 (15:13 +0000)]
Implement code for an OpenBSD-style issetuigid().
This is valueable for library code which needs to be able to find out
whether the current process is or *was* set[ug]id at some point in the
past, and may have a "tainted" execution environment. This is especially
a problem with the trend to immediately revoke privs at startup and regain
them for critical sections. One problem with this is that if a cracker
is able to compromise the program while it's still got a saved id, the
cracker can direct the program to regain the privs. Another problem is
that the user may be able to affect the program in some other way (eg:
setting resolver host aliases) and the library code needs to know when it
should disable these sorts of features.
Reviewed by: ache
Inspired by: OpenBSD (but with a different implementation)
Peter Wemm [Mon, 31 Mar 1997 13:36:46 +0000 (13:36 +0000)]
Fully implement the clause in Appendix B.4.2.2 from Posix 1003.1
that allows traditional BSD setuid/setgid behavior.
The only visible difference should be that a non-root setuid program
(eg: inn's "rnews" program) that is setuid to news, can completely
"become" uid news. (ie: setuid(geteuid()) This was allowed in
traditional 4.2/4.3BSD and is now "blessed" by Posix as a special
case of "appropriate privilige".
Also, be much more careful with the P_SUGID flag so that we can use it
for issetugid() - only set it if something changed.
Peter Wemm [Mon, 31 Mar 1997 13:21:37 +0000 (13:21 +0000)]
Make setgroups(0, xxx) behave as it does on SYSV, namely clear the groups
vector except for the egid in groups[0]. There is a risk that programs
that come from SYSV/Linux that expect this to work and don't check for
error returns may accidently pass root's groups on to child processes.
We now do what is least suprising (to non BSD programs/programmers) in
this scenario, and nothing is changed for programs written with BSD groups
rules in mind.
Peter Wemm [Mon, 31 Mar 1997 13:03:49 +0000 (13:03 +0000)]
Activate the -h flag which tells chown/chgrp to work on the symlink itself
using lchown(). Most of the code was already here, the option was
recognised but ignored for SYSV/POSIX.2(?) compatability.
David Greenman [Mon, 31 Mar 1997 12:30:01 +0000 (12:30 +0000)]
In accept1(), falloc() is called after the process has awoken, but prior
to removing the connection from the queue. The problem here is that
falloc() may block and this would allow another process to accept the
connection instead. If this happens to leave the queue empty, then the
system will panic with an "accept: nothing queued".
Also changed a wakeup() to a wakeup_one() to avoid the "thundering herd"
problem on new connections in Apache (or any other application that has
multiple processes blocked in accept() for the same socket).
Peter Wemm [Mon, 31 Mar 1997 12:02:53 +0000 (12:02 +0000)]
Treat symlinks as first class citizens with their own uid/gid rather than
as shadows of their containing directory. This should solve the problem
of users not being able to delete their symlinks from /tmp once and for
all.
Symlinks do not have modes though, they are accessable to everything that
can read the directory (as before). They are made to show this fact at
lstat time (they appear as mode 0777 always, since that's how the the
lookup routines in the kernel treat them).
More commits will follow, eg: add a real lchown() syscall and man pages.
David Greenman [Mon, 31 Mar 1997 11:11:26 +0000 (11:11 +0000)]
Changed the way that the exec image header is read to be filesystem-
centric rather than VM-centric to fix a problem with errors not being
detectable when the header is read.
Killed exech_map as a result of these changes.
There appears to be no performance difference with this change.
Marc G. Fournier [Mon, 31 Mar 1997 05:30:16 +0000 (05:30 +0000)]
Remove ${MAKEFLAGS} on recommendation by Bruce, mainly because the reason
for adding it was so that -j3 carried through on a make -j3 world, but found
at least one circumstance where it breaks 'make depend'
Warner Losh [Mon, 31 Mar 1997 04:51:13 +0000 (04:51 +0000)]
Revert my last few changes. They were bogus. Replaced them with
the original text plus a statement saying that if strftime fails,
the results are undefined.
David E. O'Brien [Sun, 30 Mar 1997 11:01:43 +0000 (11:01 +0000)]
JKH says:
Change "Found end of tape. Load next tape ..." messages to say
"volume" instead of tape. Running cpio off of /dev/fd0 and having
it say "give me the next tape" is kind of ludicrous.. :-)
David E. O'Brien [Sun, 30 Mar 1997 10:50:01 +0000 (10:50 +0000)]
Don't set the umask until after we have processed the arguments
and opened the archive file. This allows "cpio -o -O output_file"
to create the output file with the callers proper umask.
Closed PR# 1391
David E. O'Brien [Sun, 30 Mar 1997 10:42:21 +0000 (10:42 +0000)]
- Correct the recommended option for "find" from "-depth" to "-d".
- Fix gross spelling and typographical errors pointed out by Keith Bostic.
- Mention -l, --link is only usable with "-p".
David E. O'Brien [Sun, 30 Mar 1997 10:34:16 +0000 (10:34 +0000)]
Output a zero rdev except for bdevs, cdevs, fifos and sockets. This
stops regular files with unrepresentable rdevs from being rejected
and makes the output independent of unpreservable metadata.
Don't output a file if the major, minor or totality of its rdev would be
truncated. Print a message about the skipped files to stderr but don't
report the error in the exit status. cpio's abysmal error handling doesn't
allow continuing after an error, and the rdev checks had to be misplaced
to avoid the problem of returning an error code from routines that return
void.
Minor numbers are limited to 21 bits in pax's ustar format and to 18
bits in archives created by gnu tar (gnu tar wastes 3 bits for padding).
pax's and cpio's ustar format is incompatible with gnu tar's ustar
format for other reasons (see cpio/README).