bde [Fri, 3 Aug 2001 22:28:25 +0000 (22:28 +0000)]
Link to libcipher in the usual way. `bdes' depended on a nonexistent
library. This only worked because of the undocmented feature of make(1)
that targets named foo.a are always up to date.
rwatson [Fri, 3 Aug 2001 18:21:06 +0000 (18:21 +0000)]
Anton kindly pointed out (and fixed) a bug in the Jail handling of the
bind() call on IPv4 sockets:
Currently, if one tries to bind a socket using INADDR_LOOPBACK inside a
jail, it will fail because prison_ip() does not take this possibility
into account. On the other hand, when one tries to connect(), for
example, to localhost, prison_remote_ip() will silently convert
INADDR_LOOPBACK to the jail's IP address. Therefore, it is desirable to
make bind() to do this implicit conversion as well.
Apart from this, the patch also replaces 0x7f000001 in
prison_remote_ip() to a more correct INADDR_LOOPBACK.
This is a 4.4-RELEASE "during the freeze, thanks" MFC candidate.
Submitted by: Anton Berezin <tobez@FreeBSD.org>
Discussed with at some point: phk
MFC after: 3 days
rwatson [Fri, 3 Aug 2001 17:20:34 +0000 (17:20 +0000)]
Collapse a Pmem case in with the other debugging files case for procfs,
as there are now "unusual" protection properties to Pmem that differ
from the other files. While I'm at it, introduce proc locking for
the other files, which was previously present only in the Pmem case.
rwatson [Fri, 3 Aug 2001 17:13:23 +0000 (17:13 +0000)]
Prior to support for almost all ps activity via sysctl, ps used procfs,
and so special-casing was introduced to provide extra procfs privilege
to the kmem group. With the advent of non-setgid kmem ps, this code
is no longer required, and in fact, can is potentially harmful as it
allocates privilege to a gid that is increasingly less meaningful.
Knowledge of specific gid's in kernel is also generally bad precedent,
as the kernel security policy doesn't distinguish gid's specifically,
only uid 0.
This commit removes reference to kmem in procfs, both in terms of
access control decisions, and the applying of gid kmem to the
/proc/*/mem file, simplifying the associated code considerably.
Processes are still permitted to access the mem file based on
the debugging policy, so ps -e still works fine for normal
processes and use.
fenner [Fri, 3 Aug 2001 16:51:53 +0000 (16:51 +0000)]
Don't terminate the uiomove() loop on a zero-length mbuf. It's not
particularly nice that IPSEC inserts a zero-length mbuf into the
chain, and that bug should be fixed too, but interfaces should be
robust to bad input.
Print the interface name when TUNDEBUG()ing about dropping an mbuf.
markm [Fri, 3 Aug 2001 16:03:26 +0000 (16:03 +0000)]
Revamp and diff-reduce the various secure telnets. Make sure that
Kerberos5 has _a_ telnet (which is not currently K5 enabled).
Incorporate BDE's static linking fixes.
msmith [Fri, 3 Aug 2001 09:52:53 +0000 (09:52 +0000)]
Reverse the logic here again with regards to "trusted" ACPI timer
implementations. More of them seem to be broken, so only "trust"
timers we know work.
bmilekic [Fri, 3 Aug 2001 05:05:32 +0000 (05:05 +0000)]
Rename mb_init() mbuf subsystem initialization routine to mbuf_init(), in
order to avoid namespace collision with subr_mchain.c's mb_init(). This
wasn't "fatal" as the mbuf initialization routine mb_init() was local to
subr_mbuf.c which in turn didn't pull in subr_mchain.c's mb_init()
declaration, but it should deffinately be changed now before it creates
headache.
jake [Fri, 3 Aug 2001 03:31:45 +0000 (03:31 +0000)]
Remove some code that appears to have endian problems with INVARIANTS.
This is #if BIG_ENDIAN, but is only necessary if malloc types are shorts,
not struct malloc_type * like they are now.
jake [Fri, 3 Aug 2001 01:21:24 +0000 (01:21 +0000)]
Fix a bug translating virtual translation table entry addresses to physical
addresses. It helps to use the physical address that the virtual address
actually maps to (doh!). Comment out some code that crashes.
jake [Fri, 3 Aug 2001 01:09:10 +0000 (01:09 +0000)]
Add a Makefile, ldscript, and config magic for sparc64. This is tailored
to build with a cross compiler alongside the standard compiler; it would be
more desirable to build in a chroot.
peter [Fri, 3 Aug 2001 00:07:54 +0000 (00:07 +0000)]
Further Makefile.* sync (from Makefile.ia64). The lint target has been
commented out in the entire life of the 2.x+ branch and given the amount
of gcc-specific code we have and the warning checks that gcc does I'm not
sure that it is going to get us much for some time.
greid [Thu, 2 Aug 2001 22:13:10 +0000 (22:13 +0000)]
Set up the via_chinfo structures properly so we write to the correct
registers later on; this fixes the VIA82C686 sound problems recently
reported by a number of people.
iedowse [Thu, 2 Aug 2001 21:46:21 +0000 (21:46 +0000)]
Fix a few bugs, some of which I introduced in recent commits:
- clean_mtab():
Actually use the strdup'd version of the host that we go to the
trouble of creating.
- do_umntall/do_umount:
Don't return success if clnt_create() fails.
Don't access a client pointer after it has been destroyed.
Remember to destroy the authentication information we created.
iedowse [Thu, 2 Aug 2001 21:31:21 +0000 (21:31 +0000)]
In getclnthandle(), if the address is found in the cache we need
to strdup() the address string before returning it via *targaddr
because the caller will free the string.
Change the comment at the top of getclnthandle() to clarify that
the caller is responsible for freeing *targaddr.
sobomax [Thu, 2 Aug 2001 15:47:03 +0000 (15:47 +0000)]
Fix a cryptoless world by disconnecting libmp from the build when there is no
crypto bits installed and/or NOCRYPTO/NO_OPENSSL is defined. This unfortunately
meants that usr.bin/chkey, usr.bin/newkey and usr.sbin/keyserv have also to
be disconnected.
IMO it is merely a workaround, the proper solution is to move libmp to
src/crypto where it belongs and use libgmp for the cryptoless builds instead.
sobomax [Thu, 2 Aug 2001 12:38:29 +0000 (12:38 +0000)]
Usability tweak:
Use '' quotes instead of `' to delimit names of files and packages in
warning and error messages, because it is easier to cut-n-paste name in
question that way (single click) without confusing the shell. And yes,
I know that it is less eye-candy...
sobomax [Thu, 2 Aug 2001 12:19:32 +0000 (12:19 +0000)]
When there is a file that can't be deleted due to checksum mismatch print name
of that file to stdout to simplify debugging. IMO it was a mistake to print
this warning only when `verbose' mode is on.
When talking about new versions, use the word "updated" instead of
"upgraded" for consistency. Prior to this commit, 9 of the entires
used the latter, and 51 used the former.
Note MFC or Binutils 2.11.2 (what we have is close enough to that
version that there's no need to talk about the snapshot business; all
it would do is serve to confuse).
sobomax [Thu, 2 Aug 2001 10:19:13 +0000 (10:19 +0000)]
- Deny detaching requests until device is still open, otherwise it is possible
to hang or panic kernel by detaching disk from which fs is mounted;
- replace "md" with MD_NAME in yet another place.
sheldonh [Thu, 2 Aug 2001 09:22:18 +0000 (09:22 +0000)]
When building a debugging kernel with modules, build modules with
debugging support as well. Debugging module support is handled
identically to kernel debugging support, right down to poor
choice of make variable names.
alfred [Thu, 2 Aug 2001 07:54:58 +0000 (07:54 +0000)]
Fixups for the initial allocation by dillon:
1) allocate fewer buckets
2) when failing to allocate swap zone, keep reducing the zone by
a third rather than a half in order to reduce the chance of
allocating way too little.
imp [Thu, 2 Aug 2001 07:06:32 +0000 (07:06 +0000)]
Only try to allocated properly aligned I/O segments. This should stop
some of the config problems that we've been seeing (where wi0 tries to
allocate 0x138-0x198, for example).
Use err(1,"foo") rather than perror + exit while I'm here.
rwatson [Thu, 2 Aug 2001 03:53:36 +0000 (03:53 +0000)]
Add the ability to modify /etc/ttys before first reboot during the
system installation process. This allows users installing via serial
console to enable serial console login during the installation
process using an un-customized install. The user is not prompted to
modify /etc/ttys during a normal install, but is offered the
opportunity during post-install configuration.
- Introduce configTTYs(), which describes the benefits of editing
/etc/ttys, and asks for confirmation before spawning the editor.
- add configTTYs to the post-install configuration, as well as to
the global configuration index.
rwatson [Thu, 2 Aug 2001 03:25:16 +0000 (03:25 +0000)]
Compensate for default disabling of network services in inetd.conf(5)
by providing the opportunity to edit inetd.conf during the system
installation process. The following modifications were made:
(1) Expand the Anonymous FTP description dialog to indicate that inetd
and ftpd must be enabled before it can be used.
(2) Introduce a new configInetd() pair of dialogs, the first describing
inetd, giving a couple of examples of services that require it, and
hinting at potential risk, then asking the user if they wish to
enable it. The second indicates that inetd.conf must be configured
to enabled specific services, and asks if the user would like to
load inetd.conf into the editor to modify it. Add this
configuration action to the index.
There are some further improvements that might be considered:
(1) Provide a more inetd.conf-specific configuration tool that speaks
inetd.conf(5). However, this is made difficult by the "yet another
configuration format" nature of inetd.conf, as well as its use of
commenting to disable services, rather than an in-syntax way to
disable a service without commenting it out. Submissions here
would probably be welcome.
(2) There's some overlap between settings in the somewhat obtuse
Security Profile mechanism and other settings, including the inetd
setting, and NFS server configuration. As features become
individually tunable, they should probably be removed from the
security profile mechanism. Otherwise, somewhat counter-intuitively,
sysinstall (in practice) queries multiple times whether inetd, nfsd,
etc, should be enabled/disabled. A possible future direction might
be to drive profiles not by degree of paranoia, rather, the set
of services desired. Or simply to remove the Security Profile
mechanism and resort to feature-driven configuration.
rwatson [Thu, 2 Aug 2001 02:19:56 +0000 (02:19 +0000)]
Default to disabling all inetd.conf entries, in particular, telnetd
and ftpd. This more conservative default reduces the exposure of
freshly installed machines, which is especially valuable for machines
that receive minimal further configuration before being put into
production. Generally speaking, SSH has superseded the use of both
telnet and ftp in many environments. In light of recent remotely
exploitable security holes in both telnetd and ftpd, this choice
retains flexibility (both telnetd and ftpd daemons remain installed
and easily enableable) while protecting users who don't need the
additional risk. This change brings our configuration into line with
the majority of other UNIX vendors, including OpenBSD and NetBSD.
To address the concerns of those requiring remote access via telnet
from first install, changes will shortly be committed to sysinstall
to provide the ability to edit inetd.conf during the installation
process, allowing telnetd and ftp to be re-enabled during the
installation process.
While I'm at it, slightly improve commenting for inetd.conf so that
it's more clear to users how to enable and disable services.
Further commenting to indicate the functions of various columns would
probably also be useful.
kris [Wed, 1 Aug 2001 22:51:09 +0000 (22:51 +0000)]
A good sysadmin always carries around a few feet of fiber. If he ever
gets lost, he simply drops the fiber on the ground, waits ten minutes,
then asks the backhoe operator for directions.
-- Bill Bradford <mrbill@mrbill.net>
peter [Wed, 1 Aug 2001 20:35:24 +0000 (20:35 +0000)]
Temporarily back out kern_sig.c rev 1.125 and kern_exit.c rev 1.131.
This paniced my one of my machines one time too many :-( and there is
no sign of a solution in the pipeline. The deltas are still easily
available in cvs. The problem is that if the parent has been swapped
out, the child process cannot grope around in the parent's UPAGES to
see the sigact[] array or it will fault. This probably is a showstopper
for this implementation anyway.
imp [Wed, 1 Aug 2001 19:41:56 +0000 (19:41 +0000)]
TI cardbus bridges, 12xx and newer, have an interesting register. It
is the diagnostics register at offset 0x93. When bit 5 is set in this
register, bits 4-7 in ExCA register 0x5 being 0000 are required for
pci interrupt routing. When it is clear, then bit 4 of ExCA register
0x3 is used to enable it.
The only other issue is that when you route interrupts this way, you
must read ExCA register 0x4 in order to clear the interrupt, else you
get an interrupt storm.
Deal with this requirement by setting things up. It is believed that
this won't hurt other chipsets, but other chipsets may require their
own work arounds.
iedowse [Wed, 1 Aug 2001 10:25:13 +0000 (10:25 +0000)]
Fix a client-side memory leak in nfs_flush(). The code allocates
a temporary array to store struct buf pointers if the list doesn't
fit in a local array. Usually it frees the array when finished,
but if it jumps to the 'again' label and the new list does fit in
the local array then it can forget to free a previously malloc'd
M_TEMP memory.
Move the free() up a line so that it frees any previously allocated
memory whether or not it needs to malloc a new array.
obrien [Wed, 1 Aug 2001 04:27:48 +0000 (04:27 +0000)]
It appears we really shouldn't be following this example man page -- one
should not use a `%' in examples.
I don't know if this is the consensus of doc@, or just a unilateral decision
of committer that corrected my following of this example. Maybe a docs
person could review these files and see if they still show current guidelines.
projects / FreeBSD / FreeBSD.git / log