Warner Losh [Fri, 22 Mar 2002 22:36:23 +0000 (22:36 +0000)]
Use int (ioctl)(...) rather than int ioctl(...) so that ioctl can be defined
as a macro w/o messing things up. This is really an abuse and we will back
this out as soon as the abusers have been fixed. Add a comment to this
effect.
John Baldwin [Fri, 22 Mar 2002 21:02:02 +0000 (21:02 +0000)]
Use explicit Giant locks and unlocks for rather than instrumented ones for
code that is still not safe. suser() reads p_ucred so it still needs
Giant for the time being. This should allow kern.giant.proc to be set
to 0 for the time being.
Alfred Perlstein [Fri, 22 Mar 2002 20:02:54 +0000 (20:02 +0000)]
Use char foo[] = "BAR" to avoid direct assignment of const char * into char *.
rpcgen can't really make those fields const because the remote side might
want to munge them, so we need to pass non-const in. Hackish, but should
work.
Robert Watson [Fri, 22 Mar 2002 19:57:41 +0000 (19:57 +0000)]
Merge from TrustedBSD MAC branch:
Move the network code from using cr_cansee() to check whether a
socket is visible to a requesting credential to using a new
function, cr_canseesocket(), which accepts a subject credential
and object socket. Implement cr_canseesocket() so that it does a
prison check, a uid check, and add a comment where shortly a MAC
hook will go. This will allow MAC policies to seperately
instrument the visibility of sockets from the visibility of
processes.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
Ruslan Ermilov [Fri, 22 Mar 2002 18:34:52 +0000 (18:34 +0000)]
This library uses its own versions of some of the system headers.
Protect against CFLAGS having -I/usr/include listed explicitly.
The real solution would be to fix the library. XXX
Ruslan Ermilov [Fri, 22 Mar 2002 16:45:54 +0000 (16:45 +0000)]
Prevent icmp_reflect() from calling ip_output() with a NULL route
pointer which will then result in the allocated route's reference
count never being decremented. Just flood ping the localhost and
watch refcnt of the 127.0.0.1 route with netstat(1).
Submitted by: jayanth
Back out ip_output.c,v 1.143 and ip_mroute.c,v 1.69 that allowed
ip_output() to be called with a NULL route pointer. The previous
paragraph shows why this was a bad idea in the first place.
Robert Watson [Fri, 22 Mar 2002 14:58:27 +0000 (14:58 +0000)]
In sysctl, req->td is believed always to be non-NULL, so there's no need
to test req->td for NULL values and then do somewhat more bizarre things
relating to securelevel special-casing and suser checks. Remove the
testing and conditional security checks based on req->td!=NULL, and insert
a KASSERT that td != NULL. Callers to sysctl must always specify the
thread (be it kernel or otherwise) requesting the operation, or a
number of current sysctls will fail due to assumptions that the thread
exists.
Robert Watson [Fri, 22 Mar 2002 14:49:12 +0000 (14:49 +0000)]
Since cred never appears to be passed into the securelevel calls as
NULL, turn warning printf's into panic's, since this call has been
restructured such that a NULL cred would result in a page fault anyway.
There appears to be one case where NULL is explicitly passed in in the
sysctl code, and this is believed to be in error, so will be modified.
Securelevels now always require a credential context so that per-jail
securelevels are properly implemented.
Ruslan Ermilov [Fri, 22 Mar 2002 09:59:16 +0000 (09:59 +0000)]
Revision 1.45 of gnu/usr.bin/man/man.c obviated the need to link
manpages in machine-specific subdirectories (like man4/i386/) to
"../". This change didn't propagate here resulting in a loss of
whatis(1) database entries. Fix this.
Bill Paul [Fri, 22 Mar 2002 06:45:40 +0000 (06:45 +0000)]
Teach the bge driver about the BCM5701 (specifically, the 3Com
3c996B-T, with the 5701 rev B5 ASIC). One thing that confuses me
still is that the 'link state change' bit in the status block seems
to change state an awful lot. I have a workaround for this in place
now, but it needs more investigation. For the moment though, this
is enough to get the driver to work with this card.
Instead of dealing with the endless requests to provide more DNS based
black lists in the default config, give a pointer to a non-static list.
I was convinced this was the right thing to do after getting a PR
asking to add ORBZ the day before ORBZ went off the air.
Andrew R. Reiter [Fri, 22 Mar 2002 04:56:09 +0000 (04:56 +0000)]
- Back out the commit to make the linker_load_file() securelevel check
made aware in jail environments. Supposedly something is broken, so
this should be backed out until further investigation proves otherwise,
or a proper fix can be provided.
Mike Silbersack [Fri, 22 Mar 2002 03:28:11 +0000 (03:28 +0000)]
Change the ephemeral port range from 1024-5000 to 49152-65535.
This increases the number of concurrent outgoing connections from ~4000
to ~16000. Other OSes (Solaris, OS X, NetBSD) and many other NAT
products have already made this change without ill effects, so we
should not run into any problems.
Robert Watson [Fri, 22 Mar 2002 02:28:26 +0000 (02:28 +0000)]
Break out the "see_other_uids" policy check from the various
method-based inter-process security checks. To do this, introduce
a new cr_seeotheruids(u1, u2) function, which encapsulates the
"see_other_uids" logic. Call out to this policy following the
jail security check for all of {debug,sched,see,signal} inter-process
checks. This more consistently enforces the check, and makes the
check easy to modify. Eventually, it may be that this check should
become a MAC policy, loaded via a module.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
Matt Jacob [Thu, 21 Mar 2002 21:10:16 +0000 (21:10 +0000)]
Limit fabric search to a default 256 entries. This will all go away
soon because it's just getting harder and harder to find switches
that correctly implement the GET ALL NEXT subcommands for the SNS
protocol.
Latch up result out pointer and set a busy flag when we're looking
at the response queue. This allows for a cleaner way to make sure
we don't get multiple CPUs trying to read the same response queue
entries.
Change how isp_handle_other_response returns values (clarity).
Make PORT UNAVAILABLE the same as PORT LOGOUT (force a LIP).
Bruce Evans [Thu, 21 Mar 2002 11:33:50 +0000 (11:33 +0000)]
Removed the last vestiges of libm. These have been repo-copied to
msun/bsdsrc. Everything except true gamma() and its support functions
was superseded by msun long ago, at least on IEEE machines.