Unconditionally use basename.c source vs. only doing this if the libc we
are linking against does not have basename(). There is a buffer overflow
bug in lib/libc/gen/basename.c rev 1.1. There is no way for us to test
what revision of basename() we have in libc, thus this change.
o Re-enable support of system file flags in jail() by adding back the
PRISON_ROOT to the suser_xxx() check. Since securelevels may now
be raised in specific jails, use of system flags can still be
restricted in jail(), but in a more configurable way.
o Users of jail() expecting system flags (such as schg) to restrict
jail()'s should be sure to set the securelevel appropriately in
jail()'s.
o This fixes activities involving automated system flag removal in
jail(), including installkernel and friends.
o When performing a securelevel check as part of securelevel_ge() or
securelevel_gt(), determine first if a local securelevel exists --
if so, perform the check based on imax(local, global). Otherwise,
simply use the global value.
o Note: even though local securelevels might lag below the global one,
if the global value is updated to higher than local values, maximum
will still be used, making the global dominant even if there is local
lag.
o Modify kern.securelevel MIB entry to return a local securelevel, if
one is present in the current jail, otherwise, to return the global
securelevel.
o If the securelevel is being updated, require that it be greater than
the maximum of local and global, if a local securelevel exists,
otherwise, just maximum of the global. If there is a local
securelevel, update the local one instead of the global one.
o Note: this does allow local securelevels to lag behind the global one
as long as the local one is not updated following a global increase.
o Modify access control checks in linux_iopl() to use securelevel_gt()
rather than direct variable checks. (Yet another API to perform
direct hardware I/O.)
o Modify pcvt ioctl() security checks to use securelevel_gt() instead
of direct securelevel variable checks. (Yet another API to perform
direct hardware I/O using KDENABIO.)
o Modify IPFW and DUMMYNET administrative setsockopt() calls to use
securelevel_gt() to check the securelevel, rather than direct access
to the securelevel variable.
o Modify static settime() to accept the proc * for the process requesting
a time change, and callers so that they provide td->td_proc.
o Modify settime() to use securevel_gt() for securelevel checking.
The "cat - -" feature was broken by the last commit.
Restore the code that avoided closing and reopening
stdin. This is also required by POSIX. As a bonus,
enable multiple stdin reads with the -benstv flags,
by resetting the EOF condition on stdin.
Make uio_yield() a global. Call uio_yield() between chunks
in vn_rdwr_inchunks(), allowing other processes to gain an exclusive
lock on the vnode. Specifically: directory scanning, to avoid a race to the
root directory, and multiple child processes coring simultaniously so they
can figure out that some other core'ing child has an exclusive adv lock and
just exit instead.
This completely fixes performance problems when large programs core. You
can have hundreds of copies (forked children) of the same binary core all
at once and not notice.
The arg parameter is passed by value in Linux, but not in FreeBSD.
We still have to account for a copyin. Make sure the copyin will
succeed by passing the FreeBSD syscall a pointer to userspace,
albeit one that's automagically mapped into kernel space.
Add a standard hack in the spirit of PCI_ENABLE_IO_MODES to allow systems
with weird PCI-PCI bridge configurations to work. Defining
PCI_ALLOW_UNSUPPORTED_IO_RANGE causes the sanity checks to pass even
with out of range values.
o So, when <dd> e-mailed me and said that the comment was inverted
for securelevel_ge() and securelevel_gt(), I was a little surprised,
but fixed it. Turns out that it was the code that was inverted, during
a whitespace cleanup in my commit tree. This commit inverts the
checks, and restores the comment.
RFC2132 is not clear about whether the "Maximum DHCP Message Size"
refers to the size of the whole ethernet packet, just the DHCP
message within the UDP payload, or something else. bootpd interpreted
it as a maximum UDP payload size, so it could end up sending
fragmented packets to clients (such as some versions of Etherboot)
that used different interpretations of the maximum message size.
Switch to the most conservative interpretation: ensure that the
ethernet packet containing the response is no larger than the
specified maximum message size. This matches the behaviour of
the ISC dhcpd.
The -A option (beep when packets are dropped) didn't work quite
right; after a single packet was dropped it beeped after every
transmission.
Change its implementation to only output a bell when there is an
increase in the maximum value of the number of packets that were
sent but not yet received. This has the benefit that even for very
long round-trip times, ping -A will do roughly the right thing
after a few inital false-positives.
sos [Tue, 25 Sep 2001 17:10:39 +0000 (17:10 +0000)]
Add a fix for the VIA82C686B data corruption bug.
This fixed the problem on the 3 platforms I've been able to test on.
I'm still of the oppinion that the BIOS should take care of this,
however some board makers only apply this when they spot a
SBLive! soundcard, but the problem exists even without a SBLive!.
This fix should probably go somewhere else, but for now I'll
keep it here since we havn't got a central place to put
such things.
des [Tue, 25 Sep 2001 13:25:30 +0000 (13:25 +0000)]
Clean up my source tree to avoid getting hit too badly by the next KSE or
whatever mega-commit. This goes some way towards adding support for
writeable files (needed by procfs).
des [Tue, 25 Sep 2001 13:24:24 +0000 (13:24 +0000)]
Clean up my source tree to avoid getting hit too badly by the next KSE or
whatever mega-commit. No real functional changes, just some experiments /
work in progress.
o Further clarify comment: ad Udo's request, re-insert the 'if'
refering to securelevels; also, update the unprivileged process text
to better indicate the scope of actions permittable when any system
flags are already set (limited).
mike [Tue, 25 Sep 2001 04:42:40 +0000 (04:42 +0000)]
A process name may contain whitespace and unprintable characters,
so convert those characters to octal notation. Also convert
backslashes to octal notation to avoid confusion.
o Parallelize the comment on the relationship between privileged un-jailed
processes and the actual securelevel check: make the comment use '> 0'
instead of inverted '<= 0'.
Back out rev 1.74. This functionality causes a panic on 4.4-RELEASE
floppies if you try to actually use it. This code will work fine if
you build and use sysinstall on a running system, since you have the
benefit of an installed termcap file. However, this code does not
work on an MFSROOT, where you must set the TERMCAP environment
variable properly. Unfortunately the quick fix of setting the TERMCAP
variable doesn't seem to fix the problem either. olgeni will add this
functionality back once it's been fully implemented (hopefully using
the working code in termcap.c).
PR: bin/30739
Submitted by: Alexey V. Neyman <alex.neyman@auriga.ru>
Discussed with / Pointy hat to: olgeni
MFC after: 3 days
Tidy up a little - don't try to print anything or enable interrupts after
we start changing translation registers. Also, call ExitBootServices
before we jump into the kernel.
The addition of i_dirhash to struct inode pushed RELENG_4's
sizeof(struct inode) into a new malloc bucket on the i386. This
didn't happen in -current due to the removal of i_lock, but it does
no harm to apply the workaround to -current first.
Reduce the size of the i_spare[] array in struct inode from 4 to
3 entries, and change ext2fs to use i_din.di_spare[1] so that it
does not need i_spare[3].
Back out rev 1.274. The previous behavior was documented in rc.8 and
the original commit of local_startup depended on the scripts being
executable; so there is too much precedence to change it now. About all
anyone could agree on is that rev 1.274 broke POLA and before rev 1.274
also broke POLA.