Robert Watson [Fri, 7 Dec 2001 18:05:24 +0000 (18:05 +0000)]
o Expand list of tunables documented in loader.8 to include kern.maxusers,
since other related tunables were also documented here. Add a cross
reference to tuning(7) for information on setting this value
appropriately.
Robert Watson [Fri, 7 Dec 2001 17:03:14 +0000 (17:03 +0000)]
o Update rc.network to reflect the recent change of default in the
kernel TCP timer code: rather than checking for tcp_keepalive being
set to "YES", check for "NO" and turn off keepalives if the variable
is set in that manner.
o Note: eventually, it would make sense to remove this variable from
rc.conf management, and instead rely on sysctl.conf. In fact, this
is probably true of a number of rc.conf variables whose sole aim
is to drive the setting of sysctls at boot time.
Robert Watson [Fri, 7 Dec 2001 17:01:28 +0000 (17:01 +0000)]
o Our currenty userland boot code (due to rc.conf and rc.network) always
enables TCP keepalives using the net.inet.tcp.always_keepalive by default.
Synchronize the kernel default with the userland default.
Alexey Zelkin [Fri, 7 Dec 2001 12:38:47 +0000 (12:38 +0000)]
* localeconv() usage is not FLOATING_POINT specific anymore (due to "'" flag
addition) so move locale.h inclusion out of FLOATING_POINT ifdef's.
* add more comments
Warner Losh [Fri, 7 Dec 2001 11:40:22 +0000 (11:40 +0000)]
Be exsplicit about the parentheses around return statements. It is
documented by example. Since most of this file is documented by
example, it is confusing. Make things a little less confusing.
Wes Peters [Fri, 7 Dec 2001 06:28:58 +0000 (06:28 +0000)]
Make strerror and strerror_r use sys_errlist[0] for errnum = 0. Be
more careful about reporting truncation with ERANGE in strerror_r.
Set errno to EINVAL for "unknown" errnum in strerror as required
by P1003.1-200x Draft June 14, 2001.
More carefully document the handling of strerrbuf when errors
(ERANGE, EINVAL) are encountered in strerror_r.
Coleman Kane [Fri, 7 Dec 2001 05:41:26 +0000 (05:41 +0000)]
This patch will fix the lockups associated with AMD 751,761,762 based AGP
controllers. There still seems to be some issues with the DRI copying code
for some adapters, at least it doesn't hang the system now. Input would be
appreciated.
PR: 32301
Obtained from: Eric Anhlot <eanholt@gladstone.uoregon.edu>, Joe <joeo@nks.net>
Peter Wemm [Fri, 7 Dec 2001 00:58:37 +0000 (00:58 +0000)]
MFS (merge from stable): rev 1.13.4.13, fix ordering of IFF_RUNNING mods.
The reason we are required to commit to -current first is so that later
MFC's do not risk the loss of existing bug fixes. Even if this was not
strictly required in -current, it should still be fixed there too.
Peter Wemm [Fri, 7 Dec 2001 00:57:57 +0000 (00:57 +0000)]
MFS (merge from stable): rev 1.9.2.28, fix ordering of IFF_RUNNING mods.
The reason we are required to commit to -current first is so that later
MFC's do not risk the loss of existing bug fixes. Even if this was not
strictly required in -current, it should still be fixed there too.
Now that _pam_init_handlers() works as intended, it seems clear that we
do not actually want to define PAM_READ_BOTH_CONFS, so back out previous
commit.
Although the previous went some way towards fixing the pam.conf / pam.d
problem, it still didn't DTRT for services that did not have a service-
specific policy if /etc/pam.d existed but did not contain an "other"
policy. This fixes the problems some people have experienced with sudo.
And I almost didn't have to use goto.
The current configuration sequence is:
1) Look for /etc/pam.d/foo
2) If PAM_READ_BOTH_CONFS is defined, or step 1) failed, look for
foo in /etc/pam.conf
3) Look for /etc/pam.d/other (to fill in the gaps)
4) If PAM_READ_BOTH_CONFS is defined, or step 3) failed, look for
other in /etc/pam.conf
I believe this is the intended behaviour of the original code. The least
surprising behaviour seems to be when PAM_READ_BOTH_CONFS is not defined -
/etc/pam.d/foo will be preferred over /etc/pam.conf, but the latter will
serve as a backup if the former does not exist.
Robert Watson [Thu, 6 Dec 2001 20:24:38 +0000 (20:24 +0000)]
o Reflect changed default such that keepalives are always enabled by
default now. Discuss why that's good. Note that there are still
some situations where turning it off may be advantageous, including
situations where there are network outages and it's desirable to
have TCP sessions last beyond the outage.
Robert Watson [Thu, 6 Dec 2001 19:57:34 +0000 (19:57 +0000)]
Moderate the recommendation that TCP keepalives always be turned on;
in some environments, this may result in the early termination of
legitimate TCP sessions during temporary network outages. However,
maintain a strong recommendation that this be used when many network
clients are dialup.
Robert Watson [Thu, 6 Dec 2001 19:50:35 +0000 (19:50 +0000)]
o Add an additional .Pp between the send/recvbuffer comments and
the ones on ipfw. Note to self: why does ipfw/dummynet count as
a sysctl in tuning(7)?
Robert Watson [Thu, 6 Dec 2001 19:39:33 +0000 (19:39 +0000)]
vmiodirenable is now on by default; reflect that change in default,
and talk more about the reasons to turn it off (restricted memory
environments), and less about why to turn it on.
Robert Watson [Thu, 6 Dec 2001 19:36:21 +0000 (19:36 +0000)]
Reword parts of tuning(7) regarding loader tunables, which are refered
to in the document as "boot-time sysctls". Instead, refer to them as
loader tunables.
Assert that compilation takes place in a freestanding environment. This
implies `-fno-builtin'. A freestanding environment is one in which the
standard library may not exist, and program startup may not necessarily be
at main. The most obvious example is an OS kernel. This is equivalent to
`-fno-hosted'.
Fixed two problems:
1. Changed incorrect conditional in fxhw.c which would never
evaluate to true. Thanks to John Polstra for pointing that out.
2. Write to PCI config space by default, enabling memory access and
bus master enable.
Introduce the variable USE_PAM_D, which, if set, will cause pam.d to be
installed instead of pam.conf. This is for testing; the conditionals will
be removed once we are confident that pam.d works as intended.
John Baldwin [Thu, 6 Dec 2001 07:44:47 +0000 (07:44 +0000)]
Just to be pedantic and more aesthetically pleasing, move the secure/
top-level subdirectory prior to share/ so that the top-level directories
are processed in alphabetical order.
Warner Losh [Thu, 6 Dec 2001 06:40:18 +0000 (06:40 +0000)]
The pccard/cardbus power interface should depend on having pccard or
cardbus in the kernel, not on all the bridges that implement it.
Note: this is NEWCARD only, so we don't want it for the 'card' case,
unlike card_if.m, which is both NEWCARD and OLDCARD.
John Baldwin [Wed, 5 Dec 2001 22:09:39 +0000 (22:09 +0000)]
Remove an incorrect duplicate Douglas Adam quote and properly format and
the correct duplicate. Both versions also attributed the quote to the
wrong book.
Awright, egg on my face. I should have taken more time with this. The
conversion script generated the wrong format, so the configuration files
didn't actually work. Good thing I hadn't thrown the switch yet...
Sponsored by: DARPA, NAI Labs (but the f***ups are all mine)
Files in subdirectories of directories that have the nodump flag set
are sometimes incorrectly being dumped.
The problem arises because the subdirectory only gets its entry
cleared from usedinomap if it is also present in dumpinomap, and it is
the absence of a directory in usedinomap that internally indicates
that the directory is under the effects of UF_NODUMP (either directly
or inherited).
PR: 32414
Submitted by: David C Lawrence <tale@dd.org>
Ruslan Ermilov [Wed, 5 Dec 2001 18:13:34 +0000 (18:13 +0000)]
Fixed remotely exploitable DoS in arpresolve().
Easily exploitable by flood pinging the target
host over an interface with the IFF_NOARP flag
set (all you need to know is the target host's
MAC address).
Clean up namespace pollution by prepending underscores to argument names in
function prototypes (or, in a few cases, removing argument names altogether).
Add dummy functions for all module types. These dummies return PAM_IGNORE
rather than PAM_SUCCESS, so you'll get a failure if you list dummies but
no real modules for a particular module chain.
Warner Losh [Wed, 5 Dec 2001 08:57:36 +0000 (08:57 +0000)]
Implement prism2 detection from NetBSD. This mostly obsoletes the
prism2 flag in pccard.conf, but I'm leaving it place for the moment in
case the small sample of PrismII cards that I've tried is not
representative.
Move the checks for '/' a little sooner in the code which receives files
for a remote print job. This change comes from OpenBSD (who got it from
Sebastian Krahmer of SuSE). In OpenBSD this avoids a tiny theoretical
security issue, but that security issue does not exist in FreeBSD's lpr
due to the changes which added 'ctl_renametf()' just before 4.4-release.
This change is still worth doing in our version, but it isn't fixing a
security issue.