From owner-freebsd-audit Sun Nov 19 3:22:52 2000 Delivered-To: freebsd-audit@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id 0027D37B479 for ; Sun, 19 Nov 2000 03:22:39 -0800 (PST) Received: (from kris@localhost) by citusc17.usc.edu (8.11.1/8.11.1) id eAJBNjW92228 for audit@freebsd.org; Sun, 19 Nov 2000 03:23:45 -0800 (PST) (envelope-from kris) Date: Sun, 19 Nov 2000 03:23:45 -0800 From: Kris Kennaway To: audit@freebsd.org Subject: bootpd patch Message-ID: <20001119032345.A91835@citusc17.usc.edu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="MGYHOYXEY6WxJCY8" Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --MGYHOYXEY6WxJCY8 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable The following patches are taken from OpenBSD. Reviews, anyone? Kris Index: bootpd.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /mnt/ncvs/src/libexec/bootpd/bootpd.c,v retrieving revision 1.13 diff -u -r1.13 bootpd.c --- bootpd.c 1999/08/28 00:09:16 1.13 +++ bootpd.c 2000/11/19 11:19:01 @@ -95,7 +95,7 @@ #define CONFIG_FILE "/etc/bootptab" #endif #ifndef DUMPTAB_FILE -#define DUMPTAB_FILE "/tmp/bootpd.dump" +#define DUMPTAB_FILE "/var/run/bootpd.dump" #endif =20 =0C @@ -633,11 +633,17 @@ int32 bootsize =3D 0; unsigned hlen, hashcode; int32 dest; - char realpath[1024]; + char realpath[MAXPATHLEN]; char *clntpath; char *homedir, *bootfile; int n; =20 + /* + * Force C strings in packet to be NUL-terminated. + */ + bp->bp_sname[BP_SNAME_LEN-1] =3D '\0'; + bp->bp_file[BP_FILE_LEN-1] =3D '\0'; + bp->bp_file[sizeof(bp->bp_file)-1] =3D '\0'; =20 /* XXX - SLIP init: Set bp_ciaddr =3D recv_addr here? */ @@ -658,9 +664,18 @@ return; } } else { - strcpy(bp->bp_sname, hostname); + strlcpy(bp->bp_sname, hostname, sizeof(bp->bp_sname)); } =20 + /* If it uses an unknown network type, ignore the request. */ + if (bp->bp_htype >=3D hwinfocnt) { + if (debug) + report(LOG_INFO, + "Request with unknown network type %u", + bp->bp_htype); + return; + } + /* Convert the request into a reply. */ bp->bp_op =3D BOOTREPLY; if (bp->bp_ciaddr.s_addr =3D=3D 0) { @@ -675,7 +690,7 @@ } hlen =3D haddrlength(bp->bp_htype); if (hlen !=3D bp->bp_hlen) { - report(LOG_NOTICE, "bad addr len from from %s address %s", + report(LOG_NOTICE, "bad addr len from %s address %s", netname(bp->bp_htype), haddrtoa(bp->bp_chaddr, hlen)); } @@ -766,11 +781,9 @@ /* Run a program, passing the client name as a parameter. */ if (hp->flags.exec_file) { char tst[100]; - /* XXX - Check string lengths? -gwr */ - strcpy (tst, hp->exec_file->string); - strcat (tst, " "); - strcat (tst, hp->hostname->string); - strcat (tst, " &"); + + snprintf(tst, sizeof(tst), "%s %s &", hp->exec_file->string, + hp->hostname->string); if (debug) report(LOG_INFO, "executing %s", tst); system(tst); /* Hope this finishes soon... */ @@ -838,7 +851,7 @@ * daemon chroot directory (i.e. /tftpboot). */ if (hp->flags.tftpdir) { - snprintf(realpath, sizeof(realpath), "%s", hp->tftpdir->string); + strlcpy(realpath, hp->tftpdir->string, sizeof(realpath)); clntpath =3D &realpath[strlen(realpath)]; } else { realpath[0] =3D '\0'; @@ -882,14 +895,18 @@ */ if (homedir) { if (homedir[0] !=3D '/') - strcat(clntpath, "/"); - strcat(clntpath, homedir); + strlcat(clntpath, "/", + sizeof(realpath) - (clntpath - realpath)); + strlcat(clntpath, homedir, + sizeof(realpath) - (clntpath - realpath)); homedir =3D NULL; } if (bootfile) { if (bootfile[0] !=3D '/') - strcat(clntpath, "/"); - strcat(clntpath, bootfile); + strlcat(clntpath, "/", + sizeof(realpath) - (clntpath - realpath)); + strlcat(clntpath, bootfile, + sizeof(realpath) - (clntpath - realpath)); bootfile =3D NULL; } =20 @@ -897,8 +914,9 @@ * First try to find the file with a ".host" suffix */ n =3D strlen(clntpath); - strcat(clntpath, "."); - strcat(clntpath, hp->hostname->string); + strlcat(clntpath, ".", sizeof(realpath) - (clntpath - realpath)); + strlcat(clntpath, hp->hostname->string, + sizeof(realpath) - (clntpath - realpath)); if (chk_access(realpath, &bootsize) < 0) { clntpath[n] =3D 0; /* Try it without the suffix */ if (chk_access(realpath, &bootsize) < 0) { @@ -933,7 +951,7 @@ #endif /* CHECK_FILE_ACCESS */ } } - strncpy(bp->bp_file, clntpath, BP_FILE_LEN); + strlcpy(bp->bp_file, clntpath, sizeof(bp->bp_file)); if (debug > 2) report(LOG_INFO, "bootfile=3D\"%s\"", clntpath); =20 @@ -1177,7 +1195,7 @@ * domain name server, ien name server, time server */ vendp =3D (struct cmu_vend *) bp->bp_vend; - strcpy(vendp->v_magic, (char *)vm_cmu); + strlcpy(vendp->v_magic, (char *)vm_cmu, sizeof(vendp->v_magic)); if (hp->flags.subnet_mask) { (vendp->v_smask).s_addr =3D hp->subnet_mask.s_addr; (vendp->v_flags) |=3D VF_SMASK; Index: getether.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /mnt/ncvs/src/libexec/bootpd/getether.c,v retrieving revision 1.9 diff -u -r1.9 getether.c --- getether.c 1999/08/28 00:09:17 1.9 +++ getether.c 2000/11/19 11:12:46 @@ -80,7 +80,7 @@ int nit; =20 bzero((char *) &ifrnit, sizeof(ifrnit)); - strncpy(&ifrnit.ifr_name[0], ifname, IFNAMSIZ); + strlcpy(&ifrnit.ifr_name[0], ifname, IFNAMSIZ); =20 nit =3D open("/dev/nit", 0); if (nit < 0) { @@ -136,7 +136,7 @@ ifc.ifc_buf =3D (caddr_t) ibuf; if (ioctl(fd, SIOCGIFCONF, (char *) &ifc) < 0 || ifc.ifc_len < sizeof(struct ifreq)) { - report(LOG_ERR, "getether: SIOCGIFCONF: %s", get_errmsg); + report(LOG_ERR, "getether: SIOCGIFCONF: %s", get_errmsg()); goto out; } /* Search interface configuration list for link layer address. */ Index: hwaddr.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /mnt/ncvs/src/libexec/bootpd/hwaddr.c,v retrieving revision 1.7 diff -u -r1.7 hwaddr.c --- hwaddr.c 1999/08/28 00:09:18 1.7 +++ hwaddr.c 2000/11/19 11:14:02 @@ -33,6 +33,7 @@ #endif =20 #include +#include #ifndef NO_UNISTD #include #endif @@ -201,7 +202,7 @@ snprintf(buf, sizeof(buf), "arp -d %s; arp -s %s %s temp", a, a, haddrtoa(haddr, halen)); if (debug > 2) - report(LOG_INFO, buf); + report(LOG_INFO, "%s", buf); status =3D system(buf); if (status) report(LOG_ERR, "arp failed, exit code=3D0x%x", status); @@ -227,7 +228,8 @@ =20 bufptr =3D haddrbuf; while (hlen > 0) { - sprintf(bufptr, "%02X:", (unsigned) (*haddr++ & 0xFF)); + snprintf(bufptr, sizeof(haddrbuf) - (bufptr - haddrbuf), + "%02X:", (unsigned) (*haddr++ & 0xFF)); bufptr +=3D 3; hlen--; } Index: readfile.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /mnt/ncvs/src/libexec/bootpd/readfile.c,v retrieving revision 1.6 diff -u -r1.6 readfile.c --- readfile.c 1999/08/28 00:09:19 1.6 +++ readfile.c 2000/11/19 11:16:33 @@ -342,7 +342,7 @@ #ifdef DEBUG if (debug > 3) { char timestr[28]; - strcpy(timestr, ctime(&(st.st_mtime))); + strlcpy(timestr, ctime(&(st.st_mtime)), sizeof(timestr)); /* zap the newline */ timestr[24] =3D '\0'; report(LOG_INFO, "bootptab mtime: %s", Index: report.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /mnt/ncvs/src/libexec/bootpd/report.c,v retrieving revision 1.3 diff -u -r1.3 report.c --- report.c 2000/09/04 05:48:09 1.3 +++ report.c 2000/11/19 11:16:59 @@ -105,7 +105,7 @@ #endif { va_list ap; - static char buf[128]; + static char buf[256]; =20 if ((priority < 0) || (priority >=3D numlevels)) { priority =3D numlevels - 1; --MGYHOYXEY6WxJCY8 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjoXuEEACgkQWry0BWjoQKWupACgrrIVqNPqjF8cL4ll/ZmTt6Xv EtIAoM4nzepDHKRUMlVgjm2uZcRaIrXm =Co3H -----END PGP SIGNATURE----- --MGYHOYXEY6WxJCY8-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sun Nov 19 4:17:33 2000 Delivered-To: freebsd-audit@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id D715237B4C5; Sun, 19 Nov 2000 04:17:27 -0800 (PST) Received: (from kris@localhost) by citusc17.usc.edu (8.11.1/8.11.1) id eAJCIXv93124; Sun, 19 Nov 2000 04:18:33 -0800 (PST) (envelope-from kris) Date: Sun, 19 Nov 2000 04:18:33 -0800 From: Kris Kennaway To: audit@freebsd.org, cracauer@freebsd.org Subject: sh compilation tempfile fixes Message-ID: <20001119041833.A93062@citusc17.usc.edu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="BOKacYhQ+x31HxR3" Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --BOKacYhQ+x31HxR3 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Please review.. Kris Index: mkbuiltins =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /mnt/ncvs/src/bin/sh/mkbuiltins,v retrieving revision 1.8 diff -u -r1.8 mkbuiltins --- mkbuiltins 1999/08/27 23:15:18 1.8 +++ mkbuiltins 2000/11/19 12:06:59 @@ -37,7 +37,7 @@ # @(#)mkbuiltins 8.2 (Berkeley) 5/4/95 # $FreeBSD: src/bin/sh/mkbuiltins,v 1.8 1999/08/27 23:15:18 peter Exp $ =20 -temp=3D/tmp/ka$$ +temp=3D`mktemp /tmp/kaXXXXXX` havejobs=3D0 if grep '^#define JOBS[ ]*1' shell.h > /dev/null then havejobs=3D1 Index: mktokens =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /mnt/ncvs/src/bin/sh/mktokens,v retrieving revision 1.6 diff -u -r1.6 mktokens --- mktokens 1999/08/27 23:15:19 1.6 +++ mktokens 2000/11/19 12:13:03 @@ -41,7 +41,8 @@ # token marks the end of a list. The third column is the name to print in # error messages. =20 -cat > /tmp/ka$$ <<\! +temp=3D`mktemp /tmp/kaXXXXXX` +cat > $temp <<\! TEOF 1 end of file TNL 0 newline TSEMI 0 ";" @@ -71,25 +72,25 @@ TESAC 1 "esac" TNOT 0 "!" ! -nl=3D`wc -l /tmp/ka$$` +nl=3D`wc -l $temp` exec > token.h -awk '{print "#define " $1 " " NR-1}' /tmp/ka$$ +awk '{print "#define " $1 " " NR-1}' $temp echo ' /* Array indicating which tokens mark the end of a list */ const char tokendlist[] =3D {' -awk '{print "\t" $2 ","}' /tmp/ka$$ +awk '{print "\t" $2 ","}' $temp echo '}; =20 char *const tokname[] =3D {' sed -e 's/"/\\"/g' \ -e 's/[^ ]*[ ][ ]*[^ ]*[ ][ ]*\(.*\)/ "\1",/' \ - /tmp/ka$$ + $temp echo '}; ' -sed 's/"//g' /tmp/ka$$ | awk ' +sed 's/"//g' $temp | awk ' /TIF/{print "#define KWDOFFSET " NR-1; print ""; print "char *const parsek= wd[] =3D {"} /TIF/,/neverfound/{print " \"" $3 "\","}' echo ' 0 };' =20 -rm /tmp/ka$$ +rm $temp --BOKacYhQ+x31HxR3 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjoXxRkACgkQWry0BWjoQKWr1gCbBgr4mqBUtkGpGSEcKiYpgdDp IIgAnApJZsVKZkFEBcDzHq1C9YvZYFPy =i8eO -----END PGP SIGNATURE----- --BOKacYhQ+x31HxR3-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sun Nov 19 4:53:47 2000 Delivered-To: freebsd-audit@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id 6C4DF37B479; Sun, 19 Nov 2000 04:53:38 -0800 (PST) Received: (from kris@localhost) by citusc17.usc.edu (8.11.1/8.11.1) id eAJCsia93752; Sun, 19 Nov 2000 04:54:44 -0800 (PST) (envelope-from kris) Date: Sun, 19 Nov 2000 04:54:44 -0800 From: Kris Kennaway To: Kris Kennaway Cc: audit@FreeBSD.ORG, cracauer@FreeBSD.ORG Subject: Re: sh compilation tempfile fixes Message-ID: <20001119045444.A93730@citusc17.usc.edu> References: <20001119041833.A93062@citusc17.usc.edu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="3MwIy2ne0vdjdPXF" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20001119041833.A93062@citusc17.usc.edu>; from kennaway@citusc.usc.edu on Sun, Nov 19, 2000 at 04:18:33AM -0800 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --3MwIy2ne0vdjdPXF Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Here's a better patch: Index: mkbuiltins =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /mnt/ncvs/src/bin/sh/mkbuiltins,v retrieving revision 1.8 diff -u -r1.8 mkbuiltins --- mkbuiltins 1999/08/27 23:15:18 1.8 +++ mkbuiltins 2000/11/19 12:52:17 @@ -37,7 +37,7 @@ # @(#)mkbuiltins 8.2 (Berkeley) 5/4/95 # $FreeBSD: src/bin/sh/mkbuiltins,v 1.8 1999/08/27 23:15:18 peter Exp $ =20 -temp=3D/tmp/ka$$ +temp=3D`mktemp -t ka` havejobs=3D0 if grep '^#define JOBS[ ]*1' shell.h > /dev/null then havejobs=3D1 Index: mktokens =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /mnt/ncvs/src/bin/sh/mktokens,v retrieving revision 1.6 diff -u -r1.6 mktokens --- mktokens 1999/08/27 23:15:19 1.6 +++ mktokens 2000/11/19 12:52:04 @@ -41,7 +41,8 @@ # token marks the end of a list. The third column is the name to print in # error messages. =20 -cat > /tmp/ka$$ <<\! +temp=3D`mktemp -t ka` +cat > $temp <<\! TEOF 1 end of file TNL 0 newline TSEMI 0 ";" @@ -71,25 +72,25 @@ TESAC 1 "esac" TNOT 0 "!" ! -nl=3D`wc -l /tmp/ka$$` +nl=3D`wc -l $temp` exec > token.h -awk '{print "#define " $1 " " NR-1}' /tmp/ka$$ +awk '{print "#define " $1 " " NR-1}' $temp echo ' /* Array indicating which tokens mark the end of a list */ const char tokendlist[] =3D {' -awk '{print "\t" $2 ","}' /tmp/ka$$ +awk '{print "\t" $2 ","}' $temp echo '}; =20 char *const tokname[] =3D {' sed -e 's/"/\\"/g' \ -e 's/[^ ]*[ ][ ]*[^ ]*[ ][ ]*\(.*\)/ "\1",/' \ - /tmp/ka$$ + $temp echo '}; ' -sed 's/"//g' /tmp/ka$$ | awk ' +sed 's/"//g' $temp | awk ' /TIF/{print "#define KWDOFFSET " NR-1; print ""; print "char *const parsek= wd[] =3D {"} /TIF/,/neverfound/{print " \"" $3 "\","}' echo ' 0 };' =20 -rm /tmp/ka$$ +rm $temp --3MwIy2ne0vdjdPXF Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjoXzZQACgkQWry0BWjoQKUT5gCgmAWxF9VYza80V6caKQLQ9YmB jGEAoLgGo1xz2ouOvqi/WrPxMw9NHP7w =GUfY -----END PGP SIGNATURE----- --3MwIy2ne0vdjdPXF-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sun Nov 19 5: 0: 5 2000 Delivered-To: freebsd-audit@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id 77DCA37B479; Sun, 19 Nov 2000 04:59:59 -0800 (PST) Received: (from kris@localhost) by citusc17.usc.edu (8.11.1/8.11.1) id eAJD15S93886; Sun, 19 Nov 2000 05:01:05 -0800 (PST) (envelope-from kris) Date: Sun, 19 Nov 2000 05:01:05 -0800 From: Kris Kennaway To: Kris Kennaway Cc: Kris Kennaway , audit@FreeBSD.ORG, cracauer@FreeBSD.ORG Subject: Re: sh compilation tempfile fixes Message-ID: <20001119050105.A93859@citusc17.usc.edu> References: <20001119041833.A93062@citusc17.usc.edu> <20001119045444.A93730@citusc17.usc.edu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="8t9RHnE3ZwKMSgU+" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20001119045444.A93730@citusc17.usc.edu>; from kris@FreeBSD.ORG on Sun, Nov 19, 2000 at 04:54:44AM -0800 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --8t9RHnE3ZwKMSgU+ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Sun, Nov 19, 2000 at 04:54:44AM -0800, Kris Kennaway wrote: > Here's a better patch: Better yet: > -temp=/tmp/ka$$ > +temp=`mktemp -t ka` /usr/bin/mktemp Kris --8t9RHnE3ZwKMSgU+ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjoXzxEACgkQWry0BWjoQKXeXACg2kpRq+akFZMuMIMViGZFtRVP DBkAniQ1Bpk0DnQEfLfnWwAUct1nOq4s =CLmC -----END PGP SIGNATURE----- --8t9RHnE3ZwKMSgU+-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sun Nov 19 6: 5:55 2000 Delivered-To: freebsd-audit@freebsd.org Received: from mail.utfors.se (mail.utfors.se [195.58.103.125]) by hub.freebsd.org (Postfix) with ESMTP id 0FE1537B479; Sun, 19 Nov 2000 06:05:53 -0800 (PST) Received: from ludd.luth.se (md4692003.utfors.se [212.105.32.3]) by mail.utfors.se (8.8.8/8.8.8) with ESMTP id PAA26048; Sun, 19 Nov 2000 15:05:50 +0100 (MET) Message-ID: <3A17DE2E.92A92EC2@ludd.luth.se> Date: Sun, 19 Nov 2000 15:05:34 +0100 From: Joachim =?iso-8859-1?Q?Str=F6mbergson?= Organization: Acne X-Mailer: Mozilla 4.75 [en] (X11; U; FreeBSD 4.1-STABLE i386) X-Accept-Language: en-US MIME-Version: 1.0 To: Kris Kennaway Cc: audit@FreeBSD.ORG Subject: Re: bootpd patch References: <20001119032345.A91835@citusc17.usc.edu> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi! Kris Kennaway wrote: > The following patches are taken from OpenBSD. Reviews, anyone? Took a few minutes to check the diffs. Didn't find antything that made me jump. I.e. it looked to me like you correctly fixed several buffer problems, unsafe calls and one nice misspelling. But I'm not an expert, so since the devils are in the details, I may have missed some bug that really hides behind the characters. -- Cheers! Joachim - Alltid i harmonisk svängning --- FairLight ------ FairLight ------ FairLight ------ FairLight --- Joachim Strömbergson ASIC SoC designer, nice to CUTE animals Phone: +46(0)31 - 27 98 47 Web: http://www.ludd.luth.se/~watchman --------------- Spamfodder: regeringen@regeringen.se --------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sun Nov 19 12:34:17 2000 Delivered-To: freebsd-audit@freebsd.org Received: from gratis.grondar.za (grouter.grondar.za [196.7.18.65]) by hub.freebsd.org (Postfix) with ESMTP id A373437B479; Sun, 19 Nov 2000 12:34:07 -0800 (PST) Received: from grondar.za (grapevine.grondar.za [196.7.18.17]) by gratis.grondar.za (8.11.1/8.11.1) with ESMTP id eAJKY4J16116; Sun, 19 Nov 2000 22:34:04 +0200 (SAST) (envelope-from mark@grondar.za) Message-Id: <200011192034.eAJKY4J16116@gratis.grondar.za> To: Kris Kennaway Cc: audit@FreeBSD.ORG Subject: Re: bootpd patch References: <20001119032345.A91835@citusc17.usc.edu> In-Reply-To: <20001119032345.A91835@citusc17.usc.edu> ; from Kris Kennaway "Sun, 19 Nov 2000 03:23:45 PST." Date: Sun, 19 Nov 2000 22:34:03 +0200 From: Mark Murray Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > The following patches are taken from OpenBSD. Reviews, anyone? Looks good, except the sizeof(...) have a degree of repetitiveness about them (function/macro candidate), and the use of constants instead of #defines in array sizes. Apart from that, OK. M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sun Nov 19 12:38: 5 2000 Delivered-To: freebsd-audit@freebsd.org Received: from gratis.grondar.za (grouter.grondar.za [196.7.18.65]) by hub.freebsd.org (Postfix) with ESMTP id 0B1C137B479; Sun, 19 Nov 2000 12:38:00 -0800 (PST) Received: from grondar.za (grapevine.grondar.za [196.7.18.17]) by gratis.grondar.za (8.11.1/8.11.1) with ESMTP id eAJKZGJ16130; Sun, 19 Nov 2000 22:35:16 +0200 (SAST) (envelope-from mark@grondar.za) Message-Id: <200011192035.eAJKZGJ16130@gratis.grondar.za> To: Kris Kennaway Cc: audit@FreeBSD.ORG, cracauer@FreeBSD.ORG Subject: Re: sh compilation tempfile fixes References: <20001119041833.A93062@citusc17.usc.edu> In-Reply-To: <20001119041833.A93062@citusc17.usc.edu> ; from Kris Kennaway "Sun, 19 Nov 2000 04:18:33 PST." Date: Sun, 19 Nov 2000 22:35:16 +0200 From: Mark Murray Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > Please review.. Looks cool! M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sun Nov 19 16:16: 4 2000 Delivered-To: freebsd-audit@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id 1280237B479 for ; Sun, 19 Nov 2000 16:16:02 -0800 (PST) Received: (from kris@localhost) by citusc17.usc.edu (8.11.1/8.11.1) id eAK0H6r03113 for audit@FreeBSD.org; Sun, 19 Nov 2000 16:17:06 -0800 (PST) (envelope-from kris) Date: Sun, 19 Nov 2000 16:17:06 -0800 From: Kris Kennaway To: audit@FreeBSD.org Subject: Tempfiles and groff Message-ID: <20001119161706.A3039@citusc17.usc.edu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="UugvWAfsgieZRqgk" Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --UugvWAfsgieZRqgk Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Any groff experts in the house? I want to fix the following ugliness in=20 /usr/src/contrib/groff/tmac/tmac.pspic which is apparently called during make world, and possibly at other times. =2Esy echo .ps-bb `psbb \\$1` >/tmp/psbb\\n[$$] =2Eso /tmp/psbb\\n[$$] =2Esy rm /tmp/psbb\\n[$$] We need to set a variable to contain the tempfile name generated with mktemp and refer to that in the later lines. I have no idea how to do this (or even what .so does :-) Kris --UugvWAfsgieZRqgk Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjoYbYIACgkQWry0BWjoQKXmqQCeOfKNnRq6TilhcjyqBBJ3khe/ YH4An3zHwUwz6SLHGnSE0hhLVx41XG0e =nSnJ -----END PGP SIGNATURE----- --UugvWAfsgieZRqgk-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sun Nov 19 16:56:10 2000 Delivered-To: freebsd-audit@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id 0F39737B479 for ; Sun, 19 Nov 2000 16:56:07 -0800 (PST) Received: (from kris@localhost) by citusc17.usc.edu (8.11.1/8.11.1) id eAK0vBS03753 for audit@FreeBSD.org; Sun, 19 Nov 2000 16:57:11 -0800 (PST) (envelope-from kris) Date: Sun, 19 Nov 2000 16:57:11 -0800 From: Kris Kennaway To: audit@FreeBSD.org Subject: m4 tempfile fix Message-ID: <20001119165711.A3579@citusc17.usc.edu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="0F1p//8PRICkK4MW" Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --0F1p//8PRICkK4MW Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable m4 was abusing mktemp() to make a unique prefix but then tacking on predictable prefixes to make multiple files. I fixed it to create a secure directory where it can play with its insecure filenames to its heart content. Reviews, anyone? Kris Index: main.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /mnt/ncvs/src/usr.bin/m4/main.c,v retrieving revision 1.7 diff -u -r1.7 main.c --- main.c 2000/09/04 06:09:48 1.7 +++ main.c 2000/11/20 00:53:13 @@ -82,6 +82,7 @@ FILE *outfile[MAXOUT]; /* diversion array(0=3Dbitbucket)*/ FILE *active; /* active output file pointer */ char *m4temp; /* filename for diversions */ +char *m4dir; /* directory for diversions */ int ilevel =3D 0; /* input file stack pointer */ int oindex =3D 0; /* diversion index.. */ char *null =3D ""; /* as it says.. just a null.. */ @@ -181,7 +182,8 @@ =20 active =3D stdout; /* default active output */ /* filename for diversions */ - m4temp =3D mktemp(xstrdup(_PATH_DIVNAME)); + m4dir =3D mkdtemp(xstrdup(_PATH_DIVDIRNAME)); + (void) asprintf(&m4temp, "%s/%s", m4dir, _PATH_DIVNAME); =20 bbase[0] =3D bufbase; if (!argc) { @@ -225,6 +227,7 @@ (void) remove(m4temp); #else (void) unlink(m4temp); + (void) rmdir(m4dir); #endif } =20 Index: pathnames.h =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /mnt/ncvs/src/usr.bin/m4/pathnames.h,v retrieving revision 1.1.1.1 diff -u -r1.1.1.1 pathnames.h --- pathnames.h 1994/05/27 12:30:43 1.1.1.1 +++ pathnames.h 2000/11/20 00:52:29 @@ -47,8 +47,9 @@ #endif =20 #ifdef unix -#define _PATH_DIVNAME "/tmp/m4.0XXXXXX" /* unix diversion files */ -#define UNIQUE 8 /* unique char location */ +#define _PATH_DIVDIRNAME "/tmp/m4XXXXXX" /* directory for files */ +#define _PATH_DIVNAME "m4.0" /* unix diversion files */ +#define UNIQUE 17 /* unique char location */ #endif =20 #ifdef vms --0F1p//8PRICkK4MW Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjoYduYACgkQWry0BWjoQKVBwgCeMK6nF4NRTRCEAnKrkuA3JaNC qsQAoItsacen29QtcF2pMyjizeRvFHtI =gS0X -----END PGP SIGNATURE----- --0F1p//8PRICkK4MW-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sun Nov 19 22:10:14 2000 Delivered-To: freebsd-audit@freebsd.org Received: from gratis.grondar.za (grouter.grondar.za [196.7.18.65]) by hub.freebsd.org (Postfix) with ESMTP id 4850F37B479; Sun, 19 Nov 2000 22:09:38 -0800 (PST) Received: from grondar.za (grapevine.grondar.za [196.7.18.17]) by gratis.grondar.za (8.11.1/8.11.1) with ESMTP id eAK693J17981; Mon, 20 Nov 2000 08:09:03 +0200 (SAST) (envelope-from mark@grondar.za) Message-Id: <200011200609.eAK693J17981@gratis.grondar.za> To: Kris Kennaway Cc: audit@FreeBSD.ORG Subject: Re: Tempfiles and groff References: <20001119161706.A3039@citusc17.usc.edu> In-Reply-To: <20001119161706.A3039@citusc17.usc.edu> ; from Kris Kennaway "Sun, 19 Nov 2000 16:17:06 PST." Date: Mon, 20 Nov 2000 08:08:46 +0200 From: Mark Murray Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > I want to fix the following ugliness in > /usr/src/contrib/groff/tmac/tmac.pspic which is apparently called > during make world, and possibly at other times. > > .sy echo .ps-bb `psbb \\$1` >/tmp/psbb\\n[$$] > .so /tmp/psbb\\n[$$] > .sy rm /tmp/psbb\\n[$$] > > We need to set a variable to contain the tempfile name generated with > mktemp and refer to that in the later lines. I have no idea how to do > this (or even what .so does :-) .so is "source" or "include" - it reads a file like #include "file". (Check out soelim(1)). .sy is "system" - it means "run ...". M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sun Nov 19 22:12:42 2000 Delivered-To: freebsd-audit@freebsd.org Received: from gratis.grondar.za (grouter.grondar.za [196.7.18.65]) by hub.freebsd.org (Postfix) with ESMTP id 6F42437B479; Sun, 19 Nov 2000 22:12:06 -0800 (PST) Received: from grondar.za (grapevine.grondar.za [196.7.18.17]) by gratis.grondar.za (8.11.1/8.11.1) with ESMTP id eAK6BdJ17996; Mon, 20 Nov 2000 08:11:39 +0200 (SAST) (envelope-from mark@grondar.za) Message-Id: <200011200611.eAK6BdJ17996@gratis.grondar.za> To: Kris Kennaway Cc: audit@FreeBSD.ORG Subject: Re: m4 tempfile fix References: <20001119165711.A3579@citusc17.usc.edu> In-Reply-To: <20001119165711.A3579@citusc17.usc.edu> ; from Kris Kennaway "Sun, 19 Nov 2000 16:57:11 PST." Date: Mon, 20 Nov 2000 08:11:35 +0200 From: Mark Murray Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > m4 was abusing mktemp() to make a unique prefix but then tacking on > predictable prefixes to make multiple files. I fixed it to create a > secure directory where it can play with its insecure filenames to its > heart content. Reviews, anyone? Don't like it, particularly if the directory is reasonably long-lived. All an attacker needs to do is spin-wait for your dir, then cd into it. M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sun Nov 19 22:39: 0 2000 Delivered-To: freebsd-audit@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id 458BC37B479; Sun, 19 Nov 2000 22:38:58 -0800 (PST) Received: (from kris@localhost) by citusc17.usc.edu (8.11.1/8.11.1) id eAK6dm371978; Sun, 19 Nov 2000 22:39:48 -0800 (PST) (envelope-from kris) Date: Sun, 19 Nov 2000 22:39:47 -0800 From: Kris Kennaway To: Mark Murray Cc: Kris Kennaway , audit@FreeBSD.ORG Subject: Re: m4 tempfile fix Message-ID: <20001119223947.A71937@citusc17.usc.edu> References: <20001119165711.A3579@citusc17.usc.edu> <200011200611.eAK6BdJ17996@gratis.grondar.za> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="Kj7319i9nmIyA2yE" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200011200611.eAK6BdJ17996@gratis.grondar.za>; from mark@grondar.za on Mon, Nov 20, 2000 at 08:11:35AM +0200 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --Kj7319i9nmIyA2yE Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Nov 20, 2000 at 08:11:35AM +0200, Mark Murray wrote: > > m4 was abusing mktemp() to make a unique prefix but then tacking on > > predictable prefixes to make multiple files. I fixed it to create a > > secure directory where it can play with its insecure filenames to its > > heart content. Reviews, anyone? >=20 > Don't like it, particularly if the directory is reasonably long-lived. >=20 > All an attacker needs to do is spin-wait for your dir, then cd into it. mkdtemp() creates directories mode 0700 Kris --Kj7319i9nmIyA2yE Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjoYxzMACgkQWry0BWjoQKXtVACgvo5rhCdxaXcrhToSYW3KdgK/ wq8AnilDZmGkvjRHSYMkfRSjo+rXNOua =PXNt -----END PGP SIGNATURE----- --Kj7319i9nmIyA2yE-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sun Nov 19 23:51:12 2000 Delivered-To: freebsd-audit@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id 3C1BD37B4C5 for ; Sun, 19 Nov 2000 23:51:10 -0800 (PST) Received: (from kris@localhost) by citusc17.usc.edu (8.11.1/8.11.1) id eAK7puw72990; Sun, 19 Nov 2000 23:51:56 -0800 (PST) (envelope-from kris) Date: Sun, 19 Nov 2000 23:51:56 -0800 From: Kris Kennaway To: Mark Murray Cc: audit@FreeBSD.ORG Subject: Re: Tempfiles and groff Message-ID: <20001119235156.A72964@citusc17.usc.edu> References: <20001119161706.A3039@citusc17.usc.edu> <200011200609.eAK693J17981@gratis.grondar.za> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="PEIAKu/WMn1b1Hv9" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200011200609.eAK693J17981@gratis.grondar.za>; from mark@grondar.za on Mon, Nov 20, 2000 at 08:08:46AM +0200 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --PEIAKu/WMn1b1Hv9 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Nov 20, 2000 at 08:08:46AM +0200, Mark Murray wrote: > > I want to fix the following ugliness in > > /usr/src/contrib/groff/tmac/tmac.pspic which is apparently called > > during make world, and possibly at other times. > >=20 > > .sy echo .ps-bb `psbb \\$1` >/tmp/psbb\\n[$$] > > .so /tmp/psbb\\n[$$] > > .sy rm /tmp/psbb\\n[$$] > >=20 > > We need to set a variable to contain the tempfile name generated with > > mktemp and refer to that in the later lines. I have no idea how to do > > this (or even what .so does :-) >=20 > .so is "source" or "include" - it reads a file like #include "file". > (Check out soelim(1)). Okay. How can we fix it? :) > .sy is "system" - it means "run ...". I gathered that much :) Kris --PEIAKu/WMn1b1Hv9 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjoY2BwACgkQWry0BWjoQKUDKQCfd4bTHWb7Afc1yJFt8sbnuBpZ ZA0AoI/gjjWczIol9xr1IgsOH0MY1OuW =fad0 -----END PGP SIGNATURE----- --PEIAKu/WMn1b1Hv9-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Nov 20 0:52:25 2000 Delivered-To: freebsd-audit@freebsd.org Received: from knight.cons.org (knight.cons.org [194.233.237.86]) by hub.freebsd.org (Postfix) with ESMTP id 9936437B4CF; Mon, 20 Nov 2000 00:52:22 -0800 (PST) Received: (from cracauer@localhost) by knight.cons.org (8.9.3/8.9.3) id JAA22158; Mon, 20 Nov 2000 09:52:11 +0100 (CET) Date: Mon, 20 Nov 2000 09:52:11 +0100 From: Martin Cracauer To: Kris Kennaway Cc: Kris Kennaway , audit@FreeBSD.ORG, cracauer@FreeBSD.ORG Subject: Re: sh compilation tempfile fixes Message-ID: <20001120095210.A21896@cons.org> References: <20001119041833.A93062@citusc17.usc.edu> <20001119045444.A93730@citusc17.usc.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20001119045444.A93730@citusc17.usc.edu>; from kris@FreeBSD.ORG on Sun, Nov 19, 2000 at 04:54:44AM -0800 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi, Kris, the patch looks good to me, but I can't do a real review since I currently don't have a -current machine at hand (job and continent switch...). Martin -- %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Martin Cracauer http://www.cons.org/cracauer/ BSD User Group Hamburg, Germany http://www.bsdhh.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Nov 20 1:53: 9 2000 Delivered-To: freebsd-audit@freebsd.org Received: from trinity.skynet.be (trinity.skynet.be [195.238.2.38]) by hub.freebsd.org (Postfix) with ESMTP id AEC1737B4C5 for ; Mon, 20 Nov 2000 01:53:04 -0800 (PST) Received: from [195.238.1.121] (brad.techos.skynet.be [195.238.1.121]) by trinity.skynet.be (Postfix) with ESMTP id 534EF181F8 for ; Mon, 20 Nov 2000 10:53:03 +0100 (MET) Mime-Version: 1.0 X-Sender: blk@pop.skynet.be Message-Id: Date: Mon, 20 Nov 2000 10:53:27 +0100 To: FreeBSD audit mailing list From: Brad Knowles Subject: Possible unsafe uses of mktemp() found during "make buildworld"... Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Folks, I don't know if this is interesting at all or not, but I recently discovered a number of "warning: mktemp() possibly used unsafely; consider using mkstemp()" type errors during a recent "make buildworld", and I thought it might be of use to provide that information here. The command I ran to generate the output (under bash) is: $ cd /usr/src $ make update $ make buildworld > /var/log/make.buildworld 2>&1 & To pull the mkstemp warnings out, the command pipeline that I finally settled on is: $ cd /var/log $ grep -i mkstemp\(\) make.buildworld | cut -f 1 -d ' ' | sort -u The output is: bucomm.o(.text+0x35b): choose-temp.o(.text+0x13e): crunchgen.o(.text+0x204): ctm_pass2.o(.text+0x7fa): eval.o(.text+0x417): indxbib.o(.text+0x40b): main.o(.text+0x33a): mk-amd-map.o(.text+0x575): mount_portal.o(.text+0xeb): patch.o(.text+0xc8): printjob.o(.text+0xf1): quit.o(.text+0xb76): rcsedit.o(.text+0x1936): rcsfnms.o(.text+0xd0): sdiff.o(.text+0x10c7): tables.o(.text+0x348): texindex.o(.text+0xbd): xlint.o(.text+0x4b2): xstr.o(.text+0xbe): yppasswdd_server.o(.text+0xba9): Without the `sort -u` at the end, on my FreeBSD 4.2-BETA machine (cvsupped this past Saturday evening), this runs to 49 lines of output. I know that mktemp() can be safely used, but I was surprised at the number of times that this warning showed up during a "make buildworld". I was especially surprised the first time I noticed this, when I had directed stdout to a file, but saw all these unexpected warnings pop up. Anyway, if this isn't useful, please let me know. I just thought that it was rather unsettling, and that perhaps folks on this list might be interested. -- These are my opinions -- not to be taken as official Skynet policy ====================================================================== Brad Knowles, || Belgacom Skynet SA/NV Systems Architect, Mail/News/FTP/Proxy Admin || Rue Colonel Bourg, 124 Phone/Fax: +32-2-706.13.11/12.49 || B-1140 Brussels http://www.skynet.be || Belgium "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Nov 20 1:58:23 2000 Delivered-To: freebsd-audit@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id 442FB37B479 for ; Mon, 20 Nov 2000 01:58:21 -0800 (PST) Received: (from kris@localhost) by citusc17.usc.edu (8.11.1/8.11.1) id eAK9xI675734; Mon, 20 Nov 2000 01:59:18 -0800 (PST) (envelope-from kris) Date: Mon, 20 Nov 2000 01:59:17 -0800 From: Kris Kennaway To: Brad Knowles Cc: FreeBSD audit mailing list Subject: Re: Possible unsafe uses of mktemp() found during "make buildworld"... Message-ID: <20001120015917.A75391@citusc17.usc.edu> References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="9jxsPFA5p3P2qPhR" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from blk@skynet.be on Mon, Nov 20, 2000 at 10:53:27AM +0100 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --9jxsPFA5p3P2qPhR Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Nov 20, 2000 at 10:53:27AM +0100, Brad Knowles wrote: > Folks, >=20 > I don't know if this is interesting at all or not, but I recently=20 > discovered a number of "warning: mktemp() possibly used unsafely;=20 > consider using mkstemp()" type errors during a recent "make=20 > buildworld", and I thought it might be of use to provide that=20 > information here. Well, they'd be more useful with pathnames attached to work out which directory they live in :-) The existence of these is known, though a master list of things to fix would be good..the really useful thing would be to submit patches to fix them. Kris --9jxsPFA5p3P2qPhR Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjoY9fUACgkQWry0BWjoQKWfvACg2wtp4e36z5hgquq4F+vPhwHV MwgAmwYZ9PVoaC3vTnO/YbNAtKNglIh4 =UQyG -----END PGP SIGNATURE----- --9jxsPFA5p3P2qPhR-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Nov 20 2: 0:24 2000 Delivered-To: freebsd-audit@freebsd.org Received: from gratis.grondar.za (grouter.grondar.za [196.7.18.65]) by hub.freebsd.org (Postfix) with ESMTP id 9C4F937B479; Mon, 20 Nov 2000 02:00:17 -0800 (PST) Received: from grondar.za (gratis.grondar.za [196.7.18.133]) by gratis.grondar.za (8.11.1/8.11.1) with ESMTP id eAKA09J18620; Mon, 20 Nov 2000 12:00:09 +0200 (SAST) (envelope-from mark@grondar.za) Message-Id: <200011201000.eAKA09J18620@gratis.grondar.za> To: Kris Kennaway Cc: audit@FreeBSD.ORG Subject: Re: m4 tempfile fix References: <20001119223947.A71937@citusc17.usc.edu> In-Reply-To: <20001119223947.A71937@citusc17.usc.edu> ; from Kris Kennaway "Sun, 19 Nov 2000 22:39:47 PST." Date: Mon, 20 Nov 2000 12:00:08 +0200 From: Mark Murray Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > > Don't like it, particularly if the directory is reasonably long-lived. > >=20 > > All an attacker needs to do is spin-wait for your dir, then cd into it. > > mkdtemp() creates directories mode 0700 No problem, then. Looks good! M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Nov 20 4:19:13 2000 Delivered-To: freebsd-audit@freebsd.org Received: from neo.skynet.be (neo.skynet.be [195.238.2.53]) by hub.freebsd.org (Postfix) with ESMTP id D755637B479; Mon, 20 Nov 2000 04:18:49 -0800 (PST) Received: from [195.238.1.121] (brad.techos.skynet.be [195.238.1.121]) by neo.skynet.be (Postfix) with ESMTP id 14A0D6E24; Mon, 20 Nov 2000 13:17:41 +0100 (MET) Mime-Version: 1.0 X-Sender: blk@pop.skynet.be Message-Id: In-Reply-To: <20001120015917.A75391@citusc17.usc.edu> References: <20001120015917.A75391@citusc17.usc.edu> Date: Mon, 20 Nov 2000 13:10:12 +0100 To: Kris Kennaway From: Brad Knowles Subject: Re: Possible unsafe uses of mktemp() found during "make buildworld"... Cc: FreeBSD audit mailing list Content-Type: multipart/mixed; boundary="============_-1237399732==_============" Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --============_-1237399732==_============ Content-Type: text/plain; charset="us-ascii" ; format="flowed" At 1:59 AM -0800 2000/11/20, Kris Kennaway wrote: > Well, they'd be more useful with pathnames attached to work out which > directory they live in :-) I can give you the output from a grep with a before context of a couple lines (or so), but unfortunately the warnings are issued without a full path, so the only way you can determine where the module is located is by looking at the few lines preceeding the warning. ;-( > The existence of these is known, though a master list of things to fix > would be good. My new command is: $ grep -i -B2 mkstemp\(\) make.buildworld The output is attached. > the really useful thing would be to submit patches to > fix them. Sadly, anything to do with changing source code is unlikely to be coming from me within the next couple of months. I have an invited talk to write for LISA, I have Christmas vacation, I have to re-learn how to program, etc.... The reason why I subscribed to this list was that I hoped it would give me a chance to actually do some real work with source code (for a change), but that simply hasn't materialized. Maybe once I get back from Christmas, I can start trying to work on something like this.... --============_-1237399732==_============ Content-Id: Content-Type: multipart/appledouble; boundary="============_-1237399732==_D============" --============_-1237399732==_D============ Content-Transfer-Encoding: base64 Content-Type: application/applefile; name="%mktmp.unsafe" Content-Disposition: attachment; filename="%mktmp.unsafe" ; modification-date="Mon, 20 Nov 2000 13:09:52 +0100" AAUWBwACAAAAAAAAAAAAAAAAAAAAAAAAAAMAAAADAAAAPgAAAAwAAAAJAAAASgAAACAA AAAIAAAAagAAABBta3RtcC51bnNhZmU/Pz8/Pz8/PwEAAF4ETgAAAAAAAAAAAAAAAAAA AAAAAAGr3yABq98gS20MAAGr4Vw= --============_-1237399732==_D============ Content-Type: application/octet-stream; name="mktmp.unsafe" ; x-mac-type="3F3F3F3F" ; x-mac-creator="3F3F3F3F" Content-Disposition: attachment; filename="mktmp.unsafe" Content-Transfer-Encoding: base64 Y2MgLU8gLXBpcGUgLURIQVZFX0NPTkZJR19IIC1ETE9DQUxFRElSPVwiL3Vzci9zaGFy ZS9sb2NhbGVcIiAgLUkvdXNyL3NyYy9nbnUvdXNyLmJpbi90ZXhpbmZvL3RleGluZGV4 Ly4uLy4uLy4uLy4uL2NvbnRyaWIvdGV4aW5mbyAtSS91c3Ivc3JjL2dudS91c3IuYmlu L3RleGluZm8vdGV4aW5kZXgvLi4vLi4vLi4vLi4vY29udHJpYi90ZXhpbmZvL2xpYiAg IC1JL3Vzci9vYmovdXNyL3NyYy9pMzg2L3Vzci9pbmNsdWRlICAtbyB0ZXhpbmRleCB0 ZXhpbmRleC5vICAvdXNyL29iai91c3Ivc3JjL2kzODYvdXNyL3NyYy9nbnUvdXNyLmJp bi90ZXhpbmZvL3RleGluZGV4Ly4uL2xpYnR4aS9saWJ0eGkuYQp0ZXhpbmRleC5vOiBJ biBmdW5jdGlvbiBgbWFpbic6CnRleGluZGV4Lm8oLnRleHQrMHhiZCk6IHdhcm5pbmc6 IG1rdGVtcCgpIHBvc3NpYmx5IHVzZWQgdW5zYWZlbHk7IGNvbnNpZGVyIHVzaW5nIG1r c3RlbXAoKQotLQpjYyAtTyAtcGlwZSAtRF9HTlVfU09VUkNFIC1JLSAtSS4gLUkvdXNy L3NyYy9nbnUvdXNyLmJpbi9iaW51dGlscy9hZGRyMmxpbmUgLUkvdXNyL3NyYy9nbnUv dXNyLmJpbi9iaW51dGlscy9hZGRyMmxpbmUvLi4vbGliYmZkL2kzODYgLUkvdXNyL3Ny Yy9nbnUvdXNyLmJpbi9iaW51dGlscy9hZGRyMmxpbmUvLi4vLi4vLi4vLi4vY29udHJp Yi9iaW51dGlscy9pbmNsdWRlIC1JL3Vzci9zcmMvZ251L3Vzci5iaW4vYmludXRpbHMv YWRkcjJsaW5lLy4uL2xpYmJpbnV0aWxzIC1JL3Vzci9zcmMvZ251L3Vzci5iaW4vYmlu dXRpbHMvYWRkcjJsaW5lLy4uLy4uLy4uLy4uL2NvbnRyaWIvYmludXRpbHMvYmludXRp bHMgICAtSS91c3Ivb2JqL3Vzci9zcmMvaTM4Ni91c3IvaW5jbHVkZSAgLW8gYWRkcjJs aW5lIGFkZHIybGluZS5vICAuLi9saWJiaW51dGlscy9saWJiaW51dGlscy5hIC4uL2xp YmJmZC9saWJiZmQuYSAuLi9saWJpYmVydHkvbGliaWJlcnR5LmEKLi4vbGliYmludXRp bHMvbGliYmludXRpbHMuYShidWNvbW0ubyk6IEluIGZ1bmN0aW9uIGBtYWtlX3RlbXBu YW1lJzoKYnVjb21tLm8oLnRleHQrMHgzNWIpOiB3YXJuaW5nOiBta3RlbXAoKSBwb3Nz aWJseSB1c2VkIHVuc2FmZWx5OyBjb25zaWRlciB1c2luZyBta3N0ZW1wKCkKLS0KY2Mg LU8gLXBpcGUgLURfR05VX1NPVVJDRSAtSS0gLUkuIC1JL3Vzci9zcmMvZ251L3Vzci5i aW4vYmludXRpbHMvYXIgLUkvdXNyL3NyYy9nbnUvdXNyLmJpbi9iaW51dGlscy9hci8u Li9saWJiZmQvaTM4NiAtSS91c3Ivc3JjL2dudS91c3IuYmluL2JpbnV0aWxzL2FyLy4u Ly4uLy4uLy4uL2NvbnRyaWIvYmludXRpbHMvaW5jbHVkZSAtSS91c3Ivc3JjL2dudS91 c3IuYmluL2JpbnV0aWxzL2FyLy4uL2xpYmJpbnV0aWxzIC1JL3Vzci9zcmMvZ251L3Vz ci5iaW4vYmludXRpbHMvYXIvLi4vLi4vLi4vLi4vY29udHJpYi9iaW51dGlscy9iaW51 dGlscyAtSS91c3Ivc3JjL2dudS91c3IuYmluL2JpbnV0aWxzL2FyLy4uLy4uLy4uLy4u L2NvbnRyaWIvYmludXRpbHMvYmZkICAgLUkvdXNyL29iai91c3Ivc3JjL2kzODYvdXNy L2luY2x1ZGUgIC1vIGFyIGFyLm8gbm90LXJhbmxpYi5vICAuLi9saWJiaW51dGlscy9s aWJiaW51dGlscy5hIC4uL2xpYmJmZC9saWJiZmQuYSAuLi9saWJpYmVydHkvbGliaWJl cnR5LmEKLi4vbGliYmludXRpbHMvbGliYmludXRpbHMuYShidWNvbW0ubyk6IEluIGZ1 bmN0aW9uIGBtYWtlX3RlbXBuYW1lJzoKYnVjb21tLm8oLnRleHQrMHgzNWIpOiB3YXJu aW5nOiBta3RlbXAoKSBwb3NzaWJseSB1c2VkIHVuc2FmZWx5OyBjb25zaWRlciB1c2lu ZyBta3N0ZW1wKCkKLS0KY2MgLU8gLXBpcGUgLURfR05VX1NPVVJDRSAtSS0gLUkuIC1J L3Vzci9zcmMvZ251L3Vzci5iaW4vYmludXRpbHMvbm0gLUkvdXNyL3NyYy9nbnUvdXNy LmJpbi9iaW51dGlscy9ubS8uLi9saWJiZmQvaTM4NiAtSS91c3Ivc3JjL2dudS91c3Iu YmluL2JpbnV0aWxzL25tLy4uLy4uLy4uLy4uL2NvbnRyaWIvYmludXRpbHMvaW5jbHVk ZSAtSS91c3Ivc3JjL2dudS91c3IuYmluL2JpbnV0aWxzL25tLy4uL2xpYmJpbnV0aWxz IC1JL3Vzci9zcmMvZ251L3Vzci5iaW4vYmludXRpbHMvbm0vLi4vLi4vLi4vLi4vY29u dHJpYi9iaW51dGlscy9iaW51dGlscyAgIC1JL3Vzci9vYmovdXNyL3NyYy9pMzg2L3Vz ci9pbmNsdWRlICAtbyBubSBubS5vICAuLi9saWJiaW51dGlscy9saWJiaW51dGlscy5h IC4uL2xpYmJmZC9saWJiZmQuYSAuLi9saWJpYmVydHkvbGliaWJlcnR5LmEKLi4vbGli YmludXRpbHMvbGliYmludXRpbHMuYShidWNvbW0ubyk6IEluIGZ1bmN0aW9uIGBtYWtl X3RlbXBuYW1lJzoKYnVjb21tLm8oLnRleHQrMHgzNWIpOiB3YXJuaW5nOiBta3RlbXAo KSBwb3NzaWJseSB1c2VkIHVuc2FmZWx5OyBjb25zaWRlciB1c2luZyBta3N0ZW1wKCkK LS0KY2MgLU8gLXBpcGUgLURfR05VX1NPVVJDRSAtSS0gLUkuIC1JL3Vzci9zcmMvZ251 L3Vzci5iaW4vYmludXRpbHMvb2JqY29weSAtSS91c3Ivc3JjL2dudS91c3IuYmluL2Jp bnV0aWxzL29iamNvcHkvLi4vbGliYmZkL2kzODYgLUkvdXNyL3NyYy9nbnUvdXNyLmJp bi9iaW51dGlscy9vYmpjb3B5Ly4uLy4uLy4uLy4uL2NvbnRyaWIvYmludXRpbHMvaW5j bHVkZSAtSS91c3Ivc3JjL2dudS91c3IuYmluL2JpbnV0aWxzL29iamNvcHkvLi4vbGli YmludXRpbHMgLUkvdXNyL3NyYy9nbnUvdXNyLmJpbi9iaW51dGlscy9vYmpjb3B5Ly4u Ly4uLy4uLy4uL2NvbnRyaWIvYmludXRpbHMvYmludXRpbHMgICAtSS91c3Ivb2JqL3Vz ci9zcmMvaTM4Ni91c3IvaW5jbHVkZSAgLW8gb2JqY29weSBvYmpjb3B5Lm8gbm90LXN0 cmlwLm8gIC4uL2xpYmJpbnV0aWxzL2xpYmJpbnV0aWxzLmEgLi4vbGliYmZkL2xpYmJm ZC5hIC4uL2xpYmliZXJ0eS9saWJpYmVydHkuYQouLi9saWJiaW51dGlscy9saWJiaW51 dGlscy5hKGJ1Y29tbS5vKTogSW4gZnVuY3Rpb24gYG1ha2VfdGVtcG5hbWUnOgpidWNv bW0ubygudGV4dCsweDM1Yik6IHdhcm5pbmc6IG1rdGVtcCgpIHBvc3NpYmx5IHVzZWQg dW5zYWZlbHk7IGNvbnNpZGVyIHVzaW5nIG1rc3RlbXAoKQotLQpjYyAtTyAtcGlwZSAt RF9HTlVfU09VUkNFIC1JLSAtSS4gLUkvdXNyL3NyYy9nbnUvdXNyLmJpbi9iaW51dGls cy9vYmpkdW1wIC1JL3Vzci9zcmMvZ251L3Vzci5iaW4vYmludXRpbHMvb2JqZHVtcC8u Li9saWJiZmQvaTM4NiAtSS91c3Ivc3JjL2dudS91c3IuYmluL2JpbnV0aWxzL29iamR1 bXAvLi4vLi4vLi4vLi4vY29udHJpYi9iaW51dGlscy9pbmNsdWRlIC1JL3Vzci9zcmMv Z251L3Vzci5iaW4vYmludXRpbHMvb2JqZHVtcC8uLi9saWJiaW51dGlscyAtSS91c3Iv c3JjL2dudS91c3IuYmluL2JpbnV0aWxzL29iamR1bXAvLi4vLi4vLi4vLi4vY29udHJp Yi9iaW51dGlscy9iaW51dGlscyAtREJGRF9WRVJTSU9OPVwiMi4xMC4wXCIgICAtSS91 c3Ivb2JqL3Vzci9zcmMvaTM4Ni91c3IvaW5jbHVkZSAgLW8gb2JqZHVtcCBvYmpkdW1w Lm8gcHJkYmcubyAgLi4vbGliYmludXRpbHMvbGliYmludXRpbHMuYSAuLi9saWJvcGNv ZGVzL2xpYm9wY29kZXMuYSAuLi9saWJiZmQvbGliYmZkLmEgLi4vbGliaWJlcnR5L2xp YmliZXJ0eS5hCi4uL2xpYmJpbnV0aWxzL2xpYmJpbnV0aWxzLmEoYnVjb21tLm8pOiBJ biBmdW5jdGlvbiBgbWFrZV90ZW1wbmFtZSc6CmJ1Y29tbS5vKC50ZXh0KzB4MzViKTog d2FybmluZzogbWt0ZW1wKCkgcG9zc2libHkgdXNlZCB1bnNhZmVseTsgY29uc2lkZXIg dXNpbmcgbWtzdGVtcCgpCi0tCmNjIC1PIC1waXBlIC1EX0dOVV9TT1VSQ0UgLUktIC1J LiAtSS91c3Ivc3JjL2dudS91c3IuYmluL2JpbnV0aWxzL3JhbmxpYiAtSS91c3Ivc3Jj L2dudS91c3IuYmluL2JpbnV0aWxzL3JhbmxpYi8uLi9saWJiZmQvaTM4NiAtSS91c3Iv c3JjL2dudS91c3IuYmluL2JpbnV0aWxzL3JhbmxpYi8uLi8uLi8uLi8uLi9jb250cmli L2JpbnV0aWxzL2luY2x1ZGUgLUkvdXNyL3NyYy9nbnUvdXNyLmJpbi9iaW51dGlscy9y YW5saWIvLi4vbGliYmludXRpbHMgLUkvdXNyL3NyYy9nbnUvdXNyLmJpbi9iaW51dGls cy9yYW5saWIvLi4vLi4vLi4vLi4vY29udHJpYi9iaW51dGlscy9iaW51dGlscyAtSS91 c3Ivc3JjL2dudS91c3IuYmluL2JpbnV0aWxzL3JhbmxpYi8uLi8uLi8uLi8uLi9jb250 cmliL2JpbnV0aWxzL2JmZCAgIC1JL3Vzci9vYmovdXNyL3NyYy9pMzg2L3Vzci9pbmNs dWRlICAtbyByYW5saWIgYXIubyBpcy1yYW5saWIubyAgLi4vbGliYmludXRpbHMvbGli YmludXRpbHMuYSAuLi9saWJiZmQvbGliYmZkLmEgLi4vbGliaWJlcnR5L2xpYmliZXJ0 eS5hCi4uL2xpYmJpbnV0aWxzL2xpYmJpbnV0aWxzLmEoYnVjb21tLm8pOiBJbiBmdW5j dGlvbiBgbWFrZV90ZW1wbmFtZSc6CmJ1Y29tbS5vKC50ZXh0KzB4MzViKTogd2Fybmlu ZzogbWt0ZW1wKCkgcG9zc2libHkgdXNlZCB1bnNhZmVseTsgY29uc2lkZXIgdXNpbmcg bWtzdGVtcCgpCi0tCmNjIC1PIC1waXBlIC1EX0dOVV9TT1VSQ0UgLUktIC1JLiAtSS91 c3Ivc3JjL2dudS91c3IuYmluL2JpbnV0aWxzL3NpemUgLUkvdXNyL3NyYy9nbnUvdXNy LmJpbi9iaW51dGlscy9zaXplLy4uL2xpYmJmZC9pMzg2IC1JL3Vzci9zcmMvZ251L3Vz ci5iaW4vYmludXRpbHMvc2l6ZS8uLi8uLi8uLi8uLi9jb250cmliL2JpbnV0aWxzL2lu Y2x1ZGUgLUkvdXNyL3NyYy9nbnUvdXNyLmJpbi9iaW51dGlscy9zaXplLy4uL2xpYmJp bnV0aWxzIC1JL3Vzci9zcmMvZ251L3Vzci5iaW4vYmludXRpbHMvc2l6ZS8uLi8uLi8u Li8uLi9jb250cmliL2JpbnV0aWxzL2JpbnV0aWxzICAgLUkvdXNyL29iai91c3Ivc3Jj L2kzODYvdXNyL2luY2x1ZGUgIC1vIHNpemUgc2l6ZS5vICAuLi9saWJiaW51dGlscy9s aWJiaW51dGlscy5hIC4uL2xpYmJmZC9saWJiZmQuYSAuLi9saWJpYmVydHkvbGliaWJl cnR5LmEKLi4vbGliYmludXRpbHMvbGliYmludXRpbHMuYShidWNvbW0ubyk6IEluIGZ1 bmN0aW9uIGBtYWtlX3RlbXBuYW1lJzoKYnVjb21tLm8oLnRleHQrMHgzNWIpOiB3YXJu aW5nOiBta3RlbXAoKSBwb3NzaWJseSB1c2VkIHVuc2FmZWx5OyBjb25zaWRlciB1c2lu ZyBta3N0ZW1wKCkKLS0KY2MgLU8gLXBpcGUgLURfR05VX1NPVVJDRSAtSS0gLUkuIC1J L3Vzci9zcmMvZ251L3Vzci5iaW4vYmludXRpbHMvc3RyaW5ncyAtSS91c3Ivc3JjL2du dS91c3IuYmluL2JpbnV0aWxzL3N0cmluZ3MvLi4vbGliYmZkL2kzODYgLUkvdXNyL3Ny Yy9nbnUvdXNyLmJpbi9iaW51dGlscy9zdHJpbmdzLy4uLy4uLy4uLy4uL2NvbnRyaWIv YmludXRpbHMvaW5jbHVkZSAtSS91c3Ivc3JjL2dudS91c3IuYmluL2JpbnV0aWxzL3N0 cmluZ3MvLi4vbGliYmludXRpbHMgLUkvdXNyL3NyYy9nbnUvdXNyLmJpbi9iaW51dGls cy9zdHJpbmdzLy4uLy4uLy4uLy4uL2NvbnRyaWIvYmludXRpbHMvYmludXRpbHMgICAt SS91c3Ivb2JqL3Vzci9zcmMvaTM4Ni91c3IvaW5jbHVkZSAgLW8gc3RyaW5ncyBzdHJp bmdzLm8gIC4uL2xpYmJpbnV0aWxzL2xpYmJpbnV0aWxzLmEgLi4vbGliYmZkL2xpYmJm ZC5hIC4uL2xpYmliZXJ0eS9saWJpYmVydHkuYQouLi9saWJiaW51dGlscy9saWJiaW51 dGlscy5hKGJ1Y29tbS5vKTogSW4gZnVuY3Rpb24gYG1ha2VfdGVtcG5hbWUnOgpidWNv bW0ubygudGV4dCsweDM1Yik6IHdhcm5pbmc6IG1rdGVtcCgpIHBvc3NpYmx5IHVzZWQg dW5zYWZlbHk7IGNvbnNpZGVyIHVzaW5nIG1rc3RlbXAoKQotLQpjYyAtTyAtcGlwZSAt RF9HTlVfU09VUkNFIC1JLSAtSS4gLUkvdXNyL3NyYy9nbnUvdXNyLmJpbi9iaW51dGls cy9zdHJpcCAtSS91c3Ivc3JjL2dudS91c3IuYmluL2JpbnV0aWxzL3N0cmlwLy4uL2xp YmJmZC9pMzg2IC1JL3Vzci9zcmMvZ251L3Vzci5iaW4vYmludXRpbHMvc3RyaXAvLi4v Li4vLi4vLi4vY29udHJpYi9iaW51dGlscy9pbmNsdWRlIC1JL3Vzci9zcmMvZ251L3Vz ci5iaW4vYmludXRpbHMvc3RyaXAvLi4vbGliYmludXRpbHMgLUkvdXNyL3NyYy9nbnUv dXNyLmJpbi9iaW51dGlscy9zdHJpcC8uLi8uLi8uLi8uLi9jb250cmliL2JpbnV0aWxz L2JpbnV0aWxzICAgLUkvdXNyL29iai91c3Ivc3JjL2kzODYvdXNyL2luY2x1ZGUgIC1v IHN0cmlwIG9iamNvcHkubyBpcy1zdHJpcC5vICAuLi9saWJiaW51dGlscy9saWJiaW51 dGlscy5hIC4uL2xpYmJmZC9saWJiZmQuYSAuLi9saWJpYmVydHkvbGliaWJlcnR5LmEK Li4vbGliYmludXRpbHMvbGliYmludXRpbHMuYShidWNvbW0ubyk6IEluIGZ1bmN0aW9u IGBtYWtlX3RlbXBuYW1lJzoKYnVjb21tLm8oLnRleHQrMHgzNWIpOiB3YXJuaW5nOiBt a3RlbXAoKSBwb3NzaWJseSB1c2VkIHVuc2FmZWx5OyBjb25zaWRlciB1c2luZyBta3N0 ZW1wKCkKLS0KY2MgLU8gLXBpcGUgLURGUkVFQlNEX05BVElWRSAtRElOX0dDQyAtREhB VkVfQ09ORklHX0ggLURQUkVGSVg9XCIvdXNyL29iai91c3Ivc3JjL2kzODYvdXNyXCIg LUkvdXNyL29iai91c3Ivc3JjL2kzODYvdXNyL3NyYy9nbnUvdXNyLmJpbi9jYy9jYy8u Li9jY190b29scyAtSS91c3Ivc3JjL2dudS91c3IuYmluL2NjL2NjLy4uL2NjX3Rvb2xz IC1JL3Vzci9zcmMvZ251L3Vzci5iaW4vY2MvY2MvLi4vLi4vLi4vLi4vY29udHJpYi9n Y2MgLUkvdXNyL3NyYy9nbnUvdXNyLmJpbi9jYy9jYy8uLi8uLi8uLi8uLi9jb250cmli L2djYy9jb25maWcgLURERUZBVUxUX1RBUkdFVF9WRVJTSU9OPVwiMi45NS4yXCIgLURE RUZBVUxUX1RBUkdFVF9NQUNISU5FPVwiaTM4Ni11bmtub3duLWZyZWVic2RcIiAgIC1J L3Vzci9vYmovdXNyL3NyYy9pMzg2L3Vzci9pbmNsdWRlICAtbyBjYyBnY2MubyBnY2Nz cGVjLm8gIC91c3Ivb2JqL3Vzci9zcmMvaTM4Ni91c3Ivc3JjL2dudS91c3IuYmluL2Nj L2NjLy4uL2NjX2ludC9saWJjY19pbnQuYSAvdXNyL29iai91c3Ivc3JjL2kzODYvdXNy L3NyYy9nbnUvdXNyLmJpbi9jYy9jYy8uLi9jY19mYnNkL2xpYmNjX2Zic2QuYQovdXNy L29iai91c3Ivc3JjL2kzODYvdXNyL3NyYy9nbnUvdXNyLmJpbi9jYy9jYy8uLi9jY19p bnQvbGliY2NfaW50LmEoY2hvb3NlLXRlbXAubyk6IEluIGZ1bmN0aW9uIGBjaG9vc2Vf dGVtcF9iYXNlJzoKY2hvb3NlLXRlbXAubygudGV4dCsweDEzZSk6IHdhcm5pbmc6IG1r dGVtcCgpIHBvc3NpYmx5IHVzZWQgdW5zYWZlbHk7IGNvbnNpZGVyIHVzaW5nIG1rc3Rl bXAoKQotLQpjYyAtTyAtcGlwZSAtREZSRUVCU0RfTkFUSVZFIC1ESU5fR0NDIC1ESEFW RV9DT05GSUdfSCAtRFBSRUZJWD1cIi91c3Ivb2JqL3Vzci9zcmMvaTM4Ni91c3JcIiAt SS91c3Ivb2JqL3Vzci9zcmMvaTM4Ni91c3Ivc3JjL2dudS91c3IuYmluL2NjL2NwcC8u Li9jY190b29scyAtSS91c3Ivc3JjL2dudS91c3IuYmluL2NjL2NwcC8uLi9jY190b29s cyAtSS91c3Ivc3JjL2dudS91c3IuYmluL2NjL2NwcC8uLi8uLi8uLi8uLi9jb250cmli L2djYyAtSS91c3Ivc3JjL2dudS91c3IuYmluL2NjL2NwcC8uLi8uLi8uLi8uLi9jb250 cmliL2djYy9jb25maWcgLURERUZBVUxUX1RBUkdFVF9WRVJTSU9OPVwiMi45NS4yXCIg LURERUZBVUxUX1RBUkdFVF9NQUNISU5FPVwiaTM4Ni11bmtub3duLWZyZWVic2RcIiAg IC1JL3Vzci9vYmovdXNyL3NyYy9pMzg2L3Vzci9pbmNsdWRlICAtbyBjcHAgZ2NjLm8g Y3Bwc3BlYy5vICAvdXNyL29iai91c3Ivc3JjL2kzODYvdXNyL3NyYy9nbnUvdXNyLmJp bi9jYy9jcHAvLi4vY2NfaW50L2xpYmNjX2ludC5hIC91c3Ivb2JqL3Vzci9zcmMvaTM4 Ni91c3Ivc3JjL2dudS91c3IuYmluL2NjL2NwcC8uLi9jY19mYnNkL2xpYmNjX2Zic2Qu YQovdXNyL29iai91c3Ivc3JjL2kzODYvdXNyL3NyYy9nbnUvdXNyLmJpbi9jYy9jcHAv Li4vY2NfaW50L2xpYmNjX2ludC5hKGNob29zZS10ZW1wLm8pOiBJbiBmdW5jdGlvbiBg Y2hvb3NlX3RlbXBfYmFzZSc6CmNob29zZS10ZW1wLm8oLnRleHQrMHgxM2UpOiB3YXJu aW5nOiBta3RlbXAoKSBwb3NzaWJseSB1c2VkIHVuc2FmZWx5OyBjb25zaWRlciB1c2lu ZyBta3N0ZW1wKCkKLS0KY2MgLU8gLXBpcGUgLURGUkVFQlNEX05BVElWRSAtRElOX0dD QyAtREhBVkVfQ09ORklHX0ggLURQUkVGSVg9XCIvdXNyL29iai91c3Ivc3JjL2kzODYv dXNyXCIgLUkvdXNyL29iai91c3Ivc3JjL2kzODYvdXNyL3NyYy9nbnUvdXNyLmJpbi9j Yy9jKysvLi4vY2NfdG9vbHMgLUkvdXNyL3NyYy9nbnUvdXNyLmJpbi9jYy9jKysvLi4v Y2NfdG9vbHMgLUkvdXNyL3NyYy9nbnUvdXNyLmJpbi9jYy9jKysvLi4vLi4vLi4vLi4v Y29udHJpYi9nY2MgLUkvdXNyL3NyYy9nbnUvdXNyLmJpbi9jYy9jKysvLi4vLi4vLi4v Li4vY29udHJpYi9nY2MvY29uZmlnIC1EREVGQVVMVF9UQVJHRVRfVkVSU0lPTj1cIjIu OTUuMlwiIC1EREVGQVVMVF9UQVJHRVRfTUFDSElORT1cImkzODYtdW5rbm93bi1mcmVl YnNkXCIgICAtSS91c3Ivb2JqL3Vzci9zcmMvaTM4Ni91c3IvaW5jbHVkZSAgLW8gYysr IGdjYy5vIGcrK3NwZWMubyAgL3Vzci9vYmovdXNyL3NyYy9pMzg2L3Vzci9zcmMvZ251 L3Vzci5iaW4vY2MvYysrLy4uL2NjX2ludC9saWJjY19pbnQuYSAvdXNyL29iai91c3Iv c3JjL2kzODYvdXNyL3NyYy9nbnUvdXNyLmJpbi9jYy9jKysvLi4vY2NfZmJzZC9saWJj Y19mYnNkLmEKL3Vzci9vYmovdXNyL3NyYy9pMzg2L3Vzci9zcmMvZ251L3Vzci5iaW4v Y2MvYysrLy4uL2NjX2ludC9saWJjY19pbnQuYShjaG9vc2UtdGVtcC5vKTogSW4gZnVu Y3Rpb24gYGNob29zZV90ZW1wX2Jhc2UnOgpjaG9vc2UtdGVtcC5vKC50ZXh0KzB4MTNl KTogd2FybmluZzogbWt0ZW1wKCkgcG9zc2libHkgdXNlZCB1bnNhZmVseTsgY29uc2lk ZXIgdXNpbmcgbWtzdGVtcCgpCi0tCmNjIC1PIC1waXBlIC1XYWxsIC1XZm9ybWF0ICAg LUkvdXNyL29iai91c3Ivc3JjL2kzODYvdXNyL2luY2x1ZGUgIC1zdGF0aWMgLW8gcGF4 IGFyX2lvLm8gYXJfc3Vicy5vIGJ1Zl9zdWJzLm8gY2FjaGUubyBjcGlvLm8gZmlsZV9z dWJzLm8gZnRyZWUubyBnZW5fc3Vicy5vIG9wdGlvbnMubyBwYXRfcmVwLm8gcGF4Lm8g c2VsX3N1YnMubyB0YWJsZXMubyB0YXIubyB0dHlfc3Vicy5vICAKdGFibGVzLm86IElu IGZ1bmN0aW9uIGBmdGltZV9zdGFydCc6CnRhYmxlcy5vKC50ZXh0KzB4MzQ4KTogd2Fy bmluZzogdGVtcG5hbSgpIHBvc3NpYmx5IHVzZWQgdW5zYWZlbHk7IGNvbnNpZGVyIHVz aW5nIG1rc3RlbXAoKQotLQpjYyAtTyAtcGlwZSAtRF9HTlVfU09VUkNFIC1JLSAtSS4g LUkvdXNyL3NyYy9nbnUvdXNyLmJpbi9iaW51dGlscy9hZGRyMmxpbmUgLUkvdXNyL3Ny Yy9nbnUvdXNyLmJpbi9iaW51dGlscy9hZGRyMmxpbmUvLi4vbGliYmZkL2kzODYgLUkv dXNyL3NyYy9nbnUvdXNyLmJpbi9iaW51dGlscy9hZGRyMmxpbmUvLi4vLi4vLi4vLi4v Y29udHJpYi9iaW51dGlscy9pbmNsdWRlIC1JL3Vzci9zcmMvZ251L3Vzci5iaW4vYmlu dXRpbHMvYWRkcjJsaW5lLy4uL2xpYmJpbnV0aWxzIC1JL3Vzci9zcmMvZ251L3Vzci5i aW4vYmludXRpbHMvYWRkcjJsaW5lLy4uLy4uLy4uLy4uL2NvbnRyaWIvYmludXRpbHMv YmludXRpbHMgICAtSS91c3Ivb2JqL3Vzci9zcmMvaTM4Ni91c3IvaW5jbHVkZSAgLW8g YWRkcjJsaW5lIGFkZHIybGluZS5vICAuLi9saWJiaW51dGlscy9saWJiaW51dGlscy5h IC4uL2xpYmJmZC9saWJiZmQuYSAuLi9saWJpYmVydHkvbGliaWJlcnR5LmEKLi4vbGli YmludXRpbHMvbGliYmludXRpbHMuYShidWNvbW0ubyk6IEluIGZ1bmN0aW9uIGBtYWtl X3RlbXBuYW1lJzoKYnVjb21tLm8oLnRleHQrMHgzNWIpOiB3YXJuaW5nOiBta3RlbXAo KSBwb3NzaWJseSB1c2VkIHVuc2FmZWx5OyBjb25zaWRlciB1c2luZyBta3N0ZW1wKCkK LS0KY2MgLU8gLXBpcGUgLURfR05VX1NPVVJDRSAtSS0gLUkuIC1JL3Vzci9zcmMvZ251 L3Vzci5iaW4vYmludXRpbHMvYXIgLUkvdXNyL3NyYy9nbnUvdXNyLmJpbi9iaW51dGls cy9hci8uLi9saWJiZmQvaTM4NiAtSS91c3Ivc3JjL2dudS91c3IuYmluL2JpbnV0aWxz L2FyLy4uLy4uLy4uLy4uL2NvbnRyaWIvYmludXRpbHMvaW5jbHVkZSAtSS91c3Ivc3Jj L2dudS91c3IuYmluL2JpbnV0aWxzL2FyLy4uL2xpYmJpbnV0aWxzIC1JL3Vzci9zcmMv Z251L3Vzci5iaW4vYmludXRpbHMvYXIvLi4vLi4vLi4vLi4vY29udHJpYi9iaW51dGls cy9iaW51dGlscyAtSS91c3Ivc3JjL2dudS91c3IuYmluL2JpbnV0aWxzL2FyLy4uLy4u Ly4uLy4uL2NvbnRyaWIvYmludXRpbHMvYmZkICAgLUkvdXNyL29iai91c3Ivc3JjL2kz ODYvdXNyL2luY2x1ZGUgIC1vIGFyIGFyLm8gbm90LXJhbmxpYi5vICAuLi9saWJiaW51 dGlscy9saWJiaW51dGlscy5hIC4uL2xpYmJmZC9saWJiZmQuYSAuLi9saWJpYmVydHkv bGliaWJlcnR5LmEKLi4vbGliYmludXRpbHMvbGliYmludXRpbHMuYShidWNvbW0ubyk6 IEluIGZ1bmN0aW9uIGBtYWtlX3RlbXBuYW1lJzoKYnVjb21tLm8oLnRleHQrMHgzNWIp OiB3YXJuaW5nOiBta3RlbXAoKSBwb3NzaWJseSB1c2VkIHVuc2FmZWx5OyBjb25zaWRl ciB1c2luZyBta3N0ZW1wKCkKLS0KY2MgLU8gLXBpcGUgLURfR05VX1NPVVJDRSAtSS0g LUkuIC1JL3Vzci9zcmMvZ251L3Vzci5iaW4vYmludXRpbHMvbm0gLUkvdXNyL3NyYy9n bnUvdXNyLmJpbi9iaW51dGlscy9ubS8uLi9saWJiZmQvaTM4NiAtSS91c3Ivc3JjL2du dS91c3IuYmluL2JpbnV0aWxzL25tLy4uLy4uLy4uLy4uL2NvbnRyaWIvYmludXRpbHMv aW5jbHVkZSAtSS91c3Ivc3JjL2dudS91c3IuYmluL2JpbnV0aWxzL25tLy4uL2xpYmJp bnV0aWxzIC1JL3Vzci9zcmMvZ251L3Vzci5iaW4vYmludXRpbHMvbm0vLi4vLi4vLi4v Li4vY29udHJpYi9iaW51dGlscy9iaW51dGlscyAgIC1JL3Vzci9vYmovdXNyL3NyYy9p Mzg2L3Vzci9pbmNsdWRlICAtbyBubSBubS5vICAuLi9saWJiaW51dGlscy9saWJiaW51 dGlscy5hIC4uL2xpYmJmZC9saWJiZmQuYSAuLi9saWJpYmVydHkvbGliaWJlcnR5LmEK Li4vbGliYmludXRpbHMvbGliYmludXRpbHMuYShidWNvbW0ubyk6IEluIGZ1bmN0aW9u IGBtYWtlX3RlbXBuYW1lJzoKYnVjb21tLm8oLnRleHQrMHgzNWIpOiB3YXJuaW5nOiBt a3RlbXAoKSBwb3NzaWJseSB1c2VkIHVuc2FmZWx5OyBjb25zaWRlciB1c2luZyBta3N0 ZW1wKCkKLS0KY2MgLU8gLXBpcGUgLURfR05VX1NPVVJDRSAtSS0gLUkuIC1JL3Vzci9z cmMvZ251L3Vzci5iaW4vYmludXRpbHMvb2JqY29weSAtSS91c3Ivc3JjL2dudS91c3Iu YmluL2JpbnV0aWxzL29iamNvcHkvLi4vbGliYmZkL2kzODYgLUkvdXNyL3NyYy9nbnUv dXNyLmJpbi9iaW51dGlscy9vYmpjb3B5Ly4uLy4uLy4uLy4uL2NvbnRyaWIvYmludXRp bHMvaW5jbHVkZSAtSS91c3Ivc3JjL2dudS91c3IuYmluL2JpbnV0aWxzL29iamNvcHkv Li4vbGliYmludXRpbHMgLUkvdXNyL3NyYy9nbnUvdXNyLmJpbi9iaW51dGlscy9vYmpj b3B5Ly4uLy4uLy4uLy4uL2NvbnRyaWIvYmludXRpbHMvYmludXRpbHMgICAtSS91c3Iv b2JqL3Vzci9zcmMvaTM4Ni91c3IvaW5jbHVkZSAgLW8gb2JqY29weSBvYmpjb3B5Lm8g bm90LXN0cmlwLm8gIC4uL2xpYmJpbnV0aWxzL2xpYmJpbnV0aWxzLmEgLi4vbGliYmZk L2xpYmJmZC5hIC4uL2xpYmliZXJ0eS9saWJpYmVydHkuYQouLi9saWJiaW51dGlscy9s aWJiaW51dGlscy5hKGJ1Y29tbS5vKTogSW4gZnVuY3Rpb24gYG1ha2VfdGVtcG5hbWUn OgpidWNvbW0ubygudGV4dCsweDM1Yik6IHdhcm5pbmc6IG1rdGVtcCgpIHBvc3NpYmx5 IHVzZWQgdW5zYWZlbHk7IGNvbnNpZGVyIHVzaW5nIG1rc3RlbXAoKQotLQpjYyAtTyAt cGlwZSAtRF9HTlVfU09VUkNFIC1JLSAtSS4gLUkvdXNyL3NyYy9nbnUvdXNyLmJpbi9i aW51dGlscy9vYmpkdW1wIC1JL3Vzci9zcmMvZ251L3Vzci5iaW4vYmludXRpbHMvb2Jq ZHVtcC8uLi9saWJiZmQvaTM4NiAtSS91c3Ivc3JjL2dudS91c3IuYmluL2JpbnV0aWxz L29iamR1bXAvLi4vLi4vLi4vLi4vY29udHJpYi9iaW51dGlscy9pbmNsdWRlIC1JL3Vz ci9zcmMvZ251L3Vzci5iaW4vYmludXRpbHMvb2JqZHVtcC8uLi9saWJiaW51dGlscyAt SS91c3Ivc3JjL2dudS91c3IuYmluL2JpbnV0aWxzL29iamR1bXAvLi4vLi4vLi4vLi4v Y29udHJpYi9iaW51dGlscy9iaW51dGlscyAtREJGRF9WRVJTSU9OPVwiMi4xMC4wXCIg ICAtSS91c3Ivb2JqL3Vzci9zcmMvaTM4Ni91c3IvaW5jbHVkZSAgLW8gb2JqZHVtcCBv YmpkdW1wLm8gcHJkYmcubyAgLi4vbGliYmludXRpbHMvbGliYmludXRpbHMuYSAuLi9s aWJvcGNvZGVzL2xpYm9wY29kZXMuYSAuLi9saWJiZmQvbGliYmZkLmEgLi4vbGliaWJl cnR5L2xpYmliZXJ0eS5hCi4uL2xpYmJpbnV0aWxzL2xpYmJpbnV0aWxzLmEoYnVjb21t Lm8pOiBJbiBmdW5jdGlvbiBgbWFrZV90ZW1wbmFtZSc6CmJ1Y29tbS5vKC50ZXh0KzB4 MzViKTogd2FybmluZzogbWt0ZW1wKCkgcG9zc2libHkgdXNlZCB1bnNhZmVseTsgY29u c2lkZXIgdXNpbmcgbWtzdGVtcCgpCi0tCmNjIC1PIC1waXBlIC1EX0dOVV9TT1VSQ0Ug LUktIC1JLiAtSS91c3Ivc3JjL2dudS91c3IuYmluL2JpbnV0aWxzL3JhbmxpYiAtSS91 c3Ivc3JjL2dudS91c3IuYmluL2JpbnV0aWxzL3JhbmxpYi8uLi9saWJiZmQvaTM4NiAt SS91c3Ivc3JjL2dudS91c3IuYmluL2JpbnV0aWxzL3JhbmxpYi8uLi8uLi8uLi8uLi9j b250cmliL2JpbnV0aWxzL2luY2x1ZGUgLUkvdXNyL3NyYy9nbnUvdXNyLmJpbi9iaW51 dGlscy9yYW5saWIvLi4vbGliYmludXRpbHMgLUkvdXNyL3NyYy9nbnUvdXNyLmJpbi9i aW51dGlscy9yYW5saWIvLi4vLi4vLi4vLi4vY29udHJpYi9iaW51dGlscy9iaW51dGls cyAtSS91c3Ivc3JjL2dudS91c3IuYmluL2JpbnV0aWxzL3JhbmxpYi8uLi8uLi8uLi8u Li9jb250cmliL2JpbnV0aWxzL2JmZCAgIC1JL3Vzci9vYmovdXNyL3NyYy9pMzg2L3Vz ci9pbmNsdWRlICAtbyByYW5saWIgYXIubyBpcy1yYW5saWIubyAgLi4vbGliYmludXRp bHMvbGliYmludXRpbHMuYSAuLi9saWJiZmQvbGliYmZkLmEgLi4vbGliaWJlcnR5L2xp YmliZXJ0eS5hCi4uL2xpYmJpbnV0aWxzL2xpYmJpbnV0aWxzLmEoYnVjb21tLm8pOiBJ biBmdW5jdGlvbiBgbWFrZV90ZW1wbmFtZSc6CmJ1Y29tbS5vKC50ZXh0KzB4MzViKTog d2FybmluZzogbWt0ZW1wKCkgcG9zc2libHkgdXNlZCB1bnNhZmVseTsgY29uc2lkZXIg dXNpbmcgbWtzdGVtcCgpCi0tCmNjIC1PIC1waXBlIC1EX0dOVV9TT1VSQ0UgLUktIC1J LiAtSS91c3Ivc3JjL2dudS91c3IuYmluL2JpbnV0aWxzL3NpemUgLUkvdXNyL3NyYy9n bnUvdXNyLmJpbi9iaW51dGlscy9zaXplLy4uL2xpYmJmZC9pMzg2IC1JL3Vzci9zcmMv Z251L3Vzci5iaW4vYmludXRpbHMvc2l6ZS8uLi8uLi8uLi8uLi9jb250cmliL2JpbnV0 aWxzL2luY2x1ZGUgLUkvdXNyL3NyYy9nbnUvdXNyLmJpbi9iaW51dGlscy9zaXplLy4u L2xpYmJpbnV0aWxzIC1JL3Vzci9zcmMvZ251L3Vzci5iaW4vYmludXRpbHMvc2l6ZS8u Li8uLi8uLi8uLi9jb250cmliL2JpbnV0aWxzL2JpbnV0aWxzICAgLUkvdXNyL29iai91 c3Ivc3JjL2kzODYvdXNyL2luY2x1ZGUgIC1vIHNpemUgc2l6ZS5vICAuLi9saWJiaW51 dGlscy9saWJiaW51dGlscy5hIC4uL2xpYmJmZC9saWJiZmQuYSAuLi9saWJpYmVydHkv bGliaWJlcnR5LmEKLi4vbGliYmludXRpbHMvbGliYmludXRpbHMuYShidWNvbW0ubyk6 IEluIGZ1bmN0aW9uIGBtYWtlX3RlbXBuYW1lJzoKYnVjb21tLm8oLnRleHQrMHgzNWIp OiB3YXJuaW5nOiBta3RlbXAoKSBwb3NzaWJseSB1c2VkIHVuc2FmZWx5OyBjb25zaWRl ciB1c2luZyBta3N0ZW1wKCkKLS0KY2MgLU8gLXBpcGUgLURfR05VX1NPVVJDRSAtSS0g LUkuIC1JL3Vzci9zcmMvZ251L3Vzci5iaW4vYmludXRpbHMvc3RyaW5ncyAtSS91c3Iv c3JjL2dudS91c3IuYmluL2JpbnV0aWxzL3N0cmluZ3MvLi4vbGliYmZkL2kzODYgLUkv dXNyL3NyYy9nbnUvdXNyLmJpbi9iaW51dGlscy9zdHJpbmdzLy4uLy4uLy4uLy4uL2Nv bnRyaWIvYmludXRpbHMvaW5jbHVkZSAtSS91c3Ivc3JjL2dudS91c3IuYmluL2JpbnV0 aWxzL3N0cmluZ3MvLi4vbGliYmludXRpbHMgLUkvdXNyL3NyYy9nbnUvdXNyLmJpbi9i aW51dGlscy9zdHJpbmdzLy4uLy4uLy4uLy4uL2NvbnRyaWIvYmludXRpbHMvYmludXRp bHMgICAtSS91c3Ivb2JqL3Vzci9zcmMvaTM4Ni91c3IvaW5jbHVkZSAgLW8gc3RyaW5n cyBzdHJpbmdzLm8gIC4uL2xpYmJpbnV0aWxzL2xpYmJpbnV0aWxzLmEgLi4vbGliYmZk L2xpYmJmZC5hIC4uL2xpYmliZXJ0eS9saWJpYmVydHkuYQouLi9saWJiaW51dGlscy9s aWJiaW51dGlscy5hKGJ1Y29tbS5vKTogSW4gZnVuY3Rpb24gYG1ha2VfdGVtcG5hbWUn OgpidWNvbW0ubygudGV4dCsweDM1Yik6IHdhcm5pbmc6IG1rdGVtcCgpIHBvc3NpYmx5 IHVzZWQgdW5zYWZlbHk7IGNvbnNpZGVyIHVzaW5nIG1rc3RlbXAoKQotLQpjYyAtTyAt cGlwZSAtRF9HTlVfU09VUkNFIC1JLSAtSS4gLUkvdXNyL3NyYy9nbnUvdXNyLmJpbi9i aW51dGlscy9zdHJpcCAtSS91c3Ivc3JjL2dudS91c3IuYmluL2JpbnV0aWxzL3N0cmlw Ly4uL2xpYmJmZC9pMzg2IC1JL3Vzci9zcmMvZ251L3Vzci5iaW4vYmludXRpbHMvc3Ry aXAvLi4vLi4vLi4vLi4vY29udHJpYi9iaW51dGlscy9pbmNsdWRlIC1JL3Vzci9zcmMv Z251L3Vzci5iaW4vYmludXRpbHMvc3RyaXAvLi4vbGliYmludXRpbHMgLUkvdXNyL3Ny Yy9nbnUvdXNyLmJpbi9iaW51dGlscy9zdHJpcC8uLi8uLi8uLi8uLi9jb250cmliL2Jp bnV0aWxzL2JpbnV0aWxzICAgLUkvdXNyL29iai91c3Ivc3JjL2kzODYvdXNyL2luY2x1 ZGUgIC1vIHN0cmlwIG9iamNvcHkubyBpcy1zdHJpcC5vICAuLi9saWJiaW51dGlscy9s aWJiaW51dGlscy5hIC4uL2xpYmJmZC9saWJiZmQuYSAuLi9saWJpYmVydHkvbGliaWJl cnR5LmEKLi4vbGliYmludXRpbHMvbGliYmludXRpbHMuYShidWNvbW0ubyk6IEluIGZ1 bmN0aW9uIGBtYWtlX3RlbXBuYW1lJzoKYnVjb21tLm8oLnRleHQrMHgzNWIpOiB3YXJu aW5nOiBta3RlbXAoKSBwb3NzaWJseSB1c2VkIHVuc2FmZWx5OyBjb25zaWRlciB1c2lu ZyBta3N0ZW1wKCkKLS0KY2MgLU8gLXBpcGUgLURGUkVFQlNEX05BVElWRSAtRElOX0dD QyAtREhBVkVfQ09ORklHX0ggLURQUkVGSVg9XCIvdXNyXCIgLUkvdXNyL29iai91c3Iv c3JjL2dudS91c3IuYmluL2NjL2NjLy4uL2NjX3Rvb2xzIC1JL3Vzci9zcmMvZ251L3Vz ci5iaW4vY2MvY2MvLi4vY2NfdG9vbHMgLUkvdXNyL3NyYy9nbnUvdXNyLmJpbi9jYy9j Yy8uLi8uLi8uLi8uLi9jb250cmliL2djYyAtSS91c3Ivc3JjL2dudS91c3IuYmluL2Nj L2NjLy4uLy4uLy4uLy4uL2NvbnRyaWIvZ2NjL2NvbmZpZyAtRERFRkFVTFRfVEFSR0VU X1ZFUlNJT049XCIyLjk1LjJcIiAtRERFRkFVTFRfVEFSR0VUX01BQ0hJTkU9XCJcIiAg IC1JL3Vzci9vYmovdXNyL3NyYy9pMzg2L3Vzci9pbmNsdWRlICAtbyBjYyBnY2MubyBn Y2NzcGVjLm8gIC91c3Ivb2JqL3Vzci9zcmMvZ251L3Vzci5iaW4vY2MvY2MvLi4vY2Nf aW50L2xpYmNjX2ludC5hIC91c3Ivb2JqL3Vzci9zcmMvZ251L3Vzci5iaW4vY2MvY2Mv Li4vY2NfZmJzZC9saWJjY19mYnNkLmEKL3Vzci9vYmovdXNyL3NyYy9nbnUvdXNyLmJp bi9jYy9jYy8uLi9jY19pbnQvbGliY2NfaW50LmEoY2hvb3NlLXRlbXAubyk6IEluIGZ1 bmN0aW9uIGBjaG9vc2VfdGVtcF9iYXNlJzoKY2hvb3NlLXRlbXAubygudGV4dCsweDEz ZSk6IHdhcm5pbmc6IG1rdGVtcCgpIHBvc3NpYmx5IHVzZWQgdW5zYWZlbHk7IGNvbnNp ZGVyIHVzaW5nIG1rc3RlbXAoKQotLQpjYyAtTyAtcGlwZSAtREZSRUVCU0RfTkFUSVZF IC1ESU5fR0NDIC1ESEFWRV9DT05GSUdfSCAtRFBSRUZJWD1cIi91c3JcIiAtSS91c3Iv b2JqL3Vzci9zcmMvZ251L3Vzci5iaW4vY2MvY3BwLy4uL2NjX3Rvb2xzIC1JL3Vzci9z cmMvZ251L3Vzci5iaW4vY2MvY3BwLy4uL2NjX3Rvb2xzIC1JL3Vzci9zcmMvZ251L3Vz ci5iaW4vY2MvY3BwLy4uLy4uLy4uLy4uL2NvbnRyaWIvZ2NjIC1JL3Vzci9zcmMvZ251 L3Vzci5iaW4vY2MvY3BwLy4uLy4uLy4uLy4uL2NvbnRyaWIvZ2NjL2NvbmZpZyAtRERF RkFVTFRfVEFSR0VUX1ZFUlNJT049XCIyLjk1LjJcIiAtRERFRkFVTFRfVEFSR0VUX01B Q0hJTkU9XCJpMzg2LXVua25vd24tZnJlZWJzZFwiICAgLUkvdXNyL29iai91c3Ivc3Jj L2kzODYvdXNyL2luY2x1ZGUgIC1vIGNwcCBnY2MubyBjcHBzcGVjLm8gIC91c3Ivb2Jq L3Vzci9zcmMvZ251L3Vzci5iaW4vY2MvY3BwLy4uL2NjX2ludC9saWJjY19pbnQuYSAv dXNyL29iai91c3Ivc3JjL2dudS91c3IuYmluL2NjL2NwcC8uLi9jY19mYnNkL2xpYmNj X2Zic2QuYQovdXNyL29iai91c3Ivc3JjL2dudS91c3IuYmluL2NjL2NwcC8uLi9jY19p bnQvbGliY2NfaW50LmEoY2hvb3NlLXRlbXAubyk6IEluIGZ1bmN0aW9uIGBjaG9vc2Vf dGVtcF9iYXNlJzoKY2hvb3NlLXRlbXAubygudGV4dCsweDEzZSk6IHdhcm5pbmc6IG1r dGVtcCgpIHBvc3NpYmx5IHVzZWQgdW5zYWZlbHk7IGNvbnNpZGVyIHVzaW5nIG1rc3Rl bXAoKQotLQpjYyAtTyAtcGlwZSAtREZSRUVCU0RfTkFUSVZFIC1ESU5fR0NDIC1ESEFW RV9DT05GSUdfSCAtRFBSRUZJWD1cIi91c3JcIiAtSS91c3Ivb2JqL3Vzci9zcmMvZ251 L3Vzci5iaW4vY2MvYysrLy4uL2NjX3Rvb2xzIC1JL3Vzci9zcmMvZ251L3Vzci5iaW4v Y2MvYysrLy4uL2NjX3Rvb2xzIC1JL3Vzci9zcmMvZ251L3Vzci5iaW4vY2MvYysrLy4u Ly4uLy4uLy4uL2NvbnRyaWIvZ2NjIC1JL3Vzci9zcmMvZ251L3Vzci5iaW4vY2MvYysr Ly4uLy4uLy4uLy4uL2NvbnRyaWIvZ2NjL2NvbmZpZyAtRERFRkFVTFRfVEFSR0VUX1ZF UlNJT049XCIyLjk1LjJcIiAtRERFRkFVTFRfVEFSR0VUX01BQ0hJTkU9XCJpMzg2LXVu a25vd24tZnJlZWJzZFwiICAgLUkvdXNyL29iai91c3Ivc3JjL2kzODYvdXNyL2luY2x1 ZGUgIC1vIGMrKyBnY2MubyBnKytzcGVjLm8gIC91c3Ivb2JqL3Vzci9zcmMvZ251L3Vz ci5iaW4vY2MvYysrLy4uL2NjX2ludC9saWJjY19pbnQuYSAvdXNyL29iai91c3Ivc3Jj L2dudS91c3IuYmluL2NjL2MrKy8uLi9jY19mYnNkL2xpYmNjX2Zic2QuYQovdXNyL29i ai91c3Ivc3JjL2dudS91c3IuYmluL2NjL2MrKy8uLi9jY19pbnQvbGliY2NfaW50LmEo Y2hvb3NlLXRlbXAubyk6IEluIGZ1bmN0aW9uIGBjaG9vc2VfdGVtcF9iYXNlJzoKY2hv b3NlLXRlbXAubygudGV4dCsweDEzZSk6IHdhcm5pbmc6IG1rdGVtcCgpIHBvc3NpYmx5 IHVzZWQgdW5zYWZlbHk7IGNvbnNpZGVyIHVzaW5nIG1rc3RlbXAoKQotLQpjYyAtTyAt cGlwZSAtSS91c3Ivc3JjL2dudS91c3IuYmluL2dyb2ZmL2luZHhiaWIvLi4vaW5jbHVk ZSAtREhBVkVfVU5JU1REX0g9MSAtREhBVkVfRElSRU5UX0g9MSAtREhBVkVfTElNSVRT X0g9MSAtREhBVkVfU1lTX0RJUl9IPTEgLURIQVZFX1NURExJQl9IPTEgLURVTklTVERf SF9ERUNMQVJFU19HRVRPUFQ9MSAtRFNURExJQl9IX0RFQ0xBUkVTX1BVVEVOVj0xIC1E U1RESU9fSF9ERUNMQVJFU19QT1BFTj0xIC1EU1RESU9fSF9ERUNMQVJFX1BDTE9TRT0x IC1ESEFWRV9DQ19MSU1JVFNfSD0xIC1EUkVUU0lHVFlQRT12b2lkIC1ESEFWRV9TVFJV Q1RfRVhDRVBUSU9OPTEgLURIQVZFX1JFTkFNRT0xIC1ESEFWRV9NS1NURU1QPTEgLURT WVNfU0lHTElTVF9ERUNMQVJFRD0xIC1JL3Vzci9zcmMvZ251L3Vzci5iaW4vZ3JvZmYv aW5keGJpYi8uLi8uLi8uLi8uLi9jb250cmliL2dyb2ZmL2luY2x1ZGUgLWZuby1mb3It c2NvcGUgICAtSS91c3Ivb2JqL3Vzci9zcmMvaTM4Ni91c3IvaW5jbHVkZSAgLW8gaW5k eGJpYiBpbmR4YmliLm8gZGlybmFtZW1heC5vIHNpZ25hbC5vICAvdXNyL29iai91c3Iv c3JjL2dudS91c3IuYmluL2dyb2ZmL2luZHhiaWIvLi4vbGliYmliL2xpYmJpYi5hIC91 c3Ivb2JqL3Vzci9zcmMvZ251L3Vzci5iaW4vZ3JvZmYvaW5keGJpYi8uLi9saWJncm9m Zi9saWJncm9mZi5hIC1sbQppbmR4YmliLm86IEluIGZ1bmN0aW9uIGBtYWluJzoKaW5k eGJpYi5vKC50ZXh0KzB4NDBiKTogd2FybmluZzogbWt0ZW1wKCkgcG9zc2libHkgdXNl ZCB1bnNhZmVseTsgY29uc2lkZXIgdXNpbmcgbWtzdGVtcCgpCi0tCmNjIC1PIC1waXBl IC1ESEFWRV9DT05GSUdfSCAgIC1JL3Vzci9vYmovdXNyL3NyYy9pMzg2L3Vzci9pbmNs dWRlICAtbyBwYXRjaCBiYWNrdXBmaWxlLm8gZ2V0b3B0Lm8gZ2V0b3B0MS5vIGlucC5v IHBhdGNoLm8gcGNoLm8gdXRpbC5vIHZlcnNpb24ubyAgCnBhdGNoLm86IEluIGZ1bmN0 aW9uIGBtYWluJzoKcGF0Y2gubygudGV4dCsweGM4KTogd2FybmluZzogbWt0ZW1wKCkg cG9zc2libHkgdXNlZCB1bnNhZmVseTsgY29uc2lkZXIgdXNpbmcgbWtzdGVtcCgpCi0t CmNjIC1PIC1waXBlIC1JL3Vzci9zcmMvZ251L3Vzci5iaW4vcmNzL2NpLy4uL2xpYiAg IC1JL3Vzci9vYmovdXNyL3NyYy9pMzg2L3Vzci9pbmNsdWRlICAtbyBjaSBjaS5vICAv dXNyL29iai91c3Ivc3JjL2dudS91c3IuYmluL3Jjcy9jaS8uLi9saWIvbGlicmNzLmEK L3Vzci9vYmovdXNyL3NyYy9nbnUvdXNyLmJpbi9yY3MvY2kvLi4vbGliL2xpYnJjcy5h KHJjc2VkaXQubyk6IEluIGZ1bmN0aW9uIGBtYWtlZGlydGVtcCc6CnJjc2VkaXQubygu dGV4dCsweDE5MzYpOiB3YXJuaW5nOiBta3RlbXAoKSBwb3NzaWJseSB1c2VkIHVuc2Fm ZWx5OyBjb25zaWRlciB1c2luZyBta3N0ZW1wKCkKLS0KY2MgLU8gLXBpcGUgLUkvdXNy L3NyYy9nbnUvdXNyLmJpbi9yY3MvY28vLi4vbGliICAgLUkvdXNyL29iai91c3Ivc3Jj L2kzODYvdXNyL2luY2x1ZGUgIC1vIGNvIGNvLm8gIC91c3Ivb2JqL3Vzci9zcmMvZ251 L3Vzci5iaW4vcmNzL2NvLy4uL2xpYi9saWJyY3MuYQovdXNyL29iai91c3Ivc3JjL2du dS91c3IuYmluL3Jjcy9jby8uLi9saWIvbGlicmNzLmEocmNzZWRpdC5vKTogSW4gZnVu Y3Rpb24gYG1ha2VkaXJ0ZW1wJzoKcmNzZWRpdC5vKC50ZXh0KzB4MTkzNik6IHdhcm5p bmc6IG1rdGVtcCgpIHBvc3NpYmx5IHVzZWQgdW5zYWZlbHk7IGNvbnNpZGVyIHVzaW5n IG1rc3RlbXAoKQotLQpjYyAtTyAtcGlwZSAtSS91c3Ivc3JjL2dudS91c3IuYmluL3Jj cy9tZXJnZS8uLi9saWIgICAtSS91c3Ivb2JqL3Vzci9zcmMvaTM4Ni91c3IvaW5jbHVk ZSAgLW8gbWVyZ2UgbWVyZ2UubyAgL3Vzci9vYmovdXNyL3NyYy9nbnUvdXNyLmJpbi9y Y3MvbWVyZ2UvLi4vbGliL2xpYnJjcy5hCi91c3Ivb2JqL3Vzci9zcmMvZ251L3Vzci5i aW4vcmNzL21lcmdlLy4uL2xpYi9saWJyY3MuYShyY3Nmbm1zLm8pOiBJbiBmdW5jdGlv biBgbWFrZXRlbXAnOgpyY3Nmbm1zLm8oLnRleHQrMHhkMCk6IHdhcm5pbmc6IG1rdGVt cCgpIHBvc3NpYmx5IHVzZWQgdW5zYWZlbHk7IGNvbnNpZGVyIHVzaW5nIG1rc3RlbXAo KQotLQpjYyAtTyAtcGlwZSAtSS91c3Ivc3JjL2dudS91c3IuYmluL3Jjcy9yY3MvLi4v bGliICAgLUkvdXNyL29iai91c3Ivc3JjL2kzODYvdXNyL2luY2x1ZGUgIC1vIHJjcyBy Y3MubyAgL3Vzci9vYmovdXNyL3NyYy9nbnUvdXNyLmJpbi9yY3MvcmNzLy4uL2xpYi9s aWJyY3MuYQovdXNyL29iai91c3Ivc3JjL2dudS91c3IuYmluL3Jjcy9yY3MvLi4vbGli L2xpYnJjcy5hKHJjc2VkaXQubyk6IEluIGZ1bmN0aW9uIGBtYWtlZGlydGVtcCc6CnJj c2VkaXQubygudGV4dCsweDE5MzYpOiB3YXJuaW5nOiBta3RlbXAoKSBwb3NzaWJseSB1 c2VkIHVuc2FmZWx5OyBjb25zaWRlciB1c2luZyBta3N0ZW1wKCkKLS0KY2MgLU8gLXBp cGUgLUkvdXNyL3NyYy9nbnUvdXNyLmJpbi9yY3MvcmNzY2xlYW4vLi4vbGliICAgLUkv dXNyL29iai91c3Ivc3JjL2kzODYvdXNyL2luY2x1ZGUgIC1vIHJjc2NsZWFuIHJjc2Ns ZWFuLm8gIC91c3Ivb2JqL3Vzci9zcmMvZ251L3Vzci5iaW4vcmNzL3Jjc2NsZWFuLy4u L2xpYi9saWJyY3MuYQovdXNyL29iai91c3Ivc3JjL2dudS91c3IuYmluL3Jjcy9yY3Nj bGVhbi8uLi9saWIvbGlicmNzLmEocmNzZWRpdC5vKTogSW4gZnVuY3Rpb24gYG1ha2Vk aXJ0ZW1wJzoKcmNzZWRpdC5vKC50ZXh0KzB4MTkzNik6IHdhcm5pbmc6IG1rdGVtcCgp IHBvc3NpYmx5IHVzZWQgdW5zYWZlbHk7IGNvbnNpZGVyIHVzaW5nIG1rc3RlbXAoKQot LQpjYyAtTyAtcGlwZSAtSS91c3Ivc3JjL2dudS91c3IuYmluL3Jjcy9yY3NkaWZmLy4u L2xpYiAgIC1JL3Vzci9vYmovdXNyL3NyYy9pMzg2L3Vzci9pbmNsdWRlICAtbyByY3Nk aWZmIHJjc2RpZmYubyAgL3Vzci9vYmovdXNyL3NyYy9nbnUvdXNyLmJpbi9yY3MvcmNz ZGlmZi8uLi9saWIvbGlicmNzLmEKL3Vzci9vYmovdXNyL3NyYy9nbnUvdXNyLmJpbi9y Y3MvcmNzZGlmZi8uLi9saWIvbGlicmNzLmEocmNzZm5tcy5vKTogSW4gZnVuY3Rpb24g YG1ha2V0ZW1wJzoKcmNzZm5tcy5vKC50ZXh0KzB4ZDApOiB3YXJuaW5nOiBta3RlbXAo KSBwb3NzaWJseSB1c2VkIHVuc2FmZWx5OyBjb25zaWRlciB1c2luZyBta3N0ZW1wKCkK LS0KY2MgLU8gLXBpcGUgLUkvdXNyL3NyYy9nbnUvdXNyLmJpbi9yY3MvcmNzbWVyZ2Uv Li4vbGliICAgLUkvdXNyL29iai91c3Ivc3JjL2kzODYvdXNyL2luY2x1ZGUgIC1vIHJj c21lcmdlIHJjc21lcmdlLm8gIC91c3Ivb2JqL3Vzci9zcmMvZ251L3Vzci5iaW4vcmNz L3Jjc21lcmdlLy4uL2xpYi9saWJyY3MuYQovdXNyL29iai91c3Ivc3JjL2dudS91c3Iu YmluL3Jjcy9yY3NtZXJnZS8uLi9saWIvbGlicmNzLmEocmNzZm5tcy5vKTogSW4gZnVu Y3Rpb24gYG1ha2V0ZW1wJzoKcmNzZm5tcy5vKC50ZXh0KzB4ZDApOiB3YXJuaW5nOiBt a3RlbXAoKSBwb3NzaWJseSB1c2VkIHVuc2FmZWx5OyBjb25zaWRlciB1c2luZyBta3N0 ZW1wKCkKLS0KY2MgLU8gLXBpcGUgLUkvdXNyL3NyYy9nbnUvdXNyLmJpbi9yY3Mvcmxv Zy8uLi9saWIgICAtSS91c3Ivb2JqL3Vzci9zcmMvaTM4Ni91c3IvaW5jbHVkZSAgLW8g cmxvZyBybG9nLm8gIC91c3Ivb2JqL3Vzci9zcmMvZ251L3Vzci5iaW4vcmNzL3Jsb2cv Li4vbGliL2xpYnJjcy5hCi91c3Ivb2JqL3Vzci9zcmMvZ251L3Vzci5iaW4vcmNzL3Js b2cvLi4vbGliL2xpYnJjcy5hKHJjc2ZubXMubyk6IEluIGZ1bmN0aW9uIGBtYWtldGVt cCc6CnJjc2ZubXMubygudGV4dCsweGQwKTogd2FybmluZzogbWt0ZW1wKCkgcG9zc2li bHkgdXNlZCB1bnNhZmVseTsgY29uc2lkZXIgdXNpbmcgbWtzdGVtcCgpCi0tCmNjIC1P IC1waXBlIC1mdW5zaWduZWQtY2hhciAtSS91c3Ivc3JjL2dudS91c3IuYmluL3NkaWZm Ly4uLy4uLy4uL2NvbnRyaWIvZGlmZiAtREhBVkVfQ09ORklHX0ggLURESUZGX1BST0dS QU09XCIvdXNyL2Jpbi9kaWZmXCIgLURERUZBVUxUX0VESVRPUl9QUk9HUkFNPVwiL3Vz ci9iaW4vdmlcIiAgIC1JL3Vzci9vYmovdXNyL3NyYy9pMzg2L3Vzci9pbmNsdWRlICAt byBzZGlmZiBzZGlmZi5vIGdldG9wdC5vIGdldG9wdDEubyB2ZXJzaW9uLm8gIApzZGlm Zi5vOiBJbiBmdW5jdGlvbiBgZWRpdCc6CnNkaWZmLm8oLnRleHQrMHgxMGM3KTogd2Fy bmluZzogdG1wbmFtKCkgcG9zc2libHkgdXNlZCB1bnNhZmVseTsgY29uc2lkZXIgdXNp bmcgbWtzdGVtcCgpCi0tCmNjIC1PIC1waXBlIC1ESEFWRV9DT05GSUdfSCAtRExPQ0FM RURJUj1cIi91c3Ivc2hhcmUvbG9jYWxlXCIgIC1JL3Vzci9zcmMvZ251L3Vzci5iaW4v dGV4aW5mby90ZXhpbmRleC8uLi8uLi8uLi8uLi9jb250cmliL3RleGluZm8gLUkvdXNy L3NyYy9nbnUvdXNyLmJpbi90ZXhpbmZvL3RleGluZGV4Ly4uLy4uLy4uLy4uL2NvbnRy aWIvdGV4aW5mby9saWIgICAtSS91c3Ivb2JqL3Vzci9zcmMvaTM4Ni91c3IvaW5jbHVk ZSAgLW8gdGV4aW5kZXggdGV4aW5kZXgubyAgL3Vzci9vYmovdXNyL3NyYy9nbnUvdXNy LmJpbi90ZXhpbmZvL3RleGluZGV4Ly4uL2xpYnR4aS9saWJ0eGkuYQp0ZXhpbmRleC5v OiBJbiBmdW5jdGlvbiBgbWFpbic6CnRleGluZGV4Lm8oLnRleHQrMHhiZCk6IHdhcm5p bmc6IG1rdGVtcCgpIHBvc3NpYmx5IHVzZWQgdW5zYWZlbHk7IGNvbnNpZGVyIHVzaW5n IG1rc3RlbXAoKQotLQpjYyAtTyAtcGlwZSAtSS91c3Ivc3JjL3NiaW4vbW91bnRfcG9y dGFsLy4uLy4uL3N5cyAtSS91c3Ivc3JjL3NiaW4vbW91bnRfcG9ydGFsLy4uL21vdW50 ICAgLUkvdXNyL29iai91c3Ivc3JjL2kzODYvdXNyL2luY2x1ZGUgIC1zdGF0aWMgLW8g bW91bnRfcG9ydGFsIG1vdW50X3BvcnRhbC5vIGFjdGl2YXRlLm8gY29uZi5vIGdldG1u dG9wdHMubyBwdF9jb25mLm8gcHRfZXhlYy5vIHB0X2ZpbGUubyBwdF90Y3AubyBwdF90 Y3BsaXN0ZW4ubyAgCm1vdW50X3BvcnRhbC5vOiBJbiBmdW5jdGlvbiBgbWFpbic6Cm1v dW50X3BvcnRhbC5vKC50ZXh0KzB4ZWIpOiB3YXJuaW5nOiBta3RlbXAoKSBwb3NzaWJs eSB1c2VkIHVuc2FmZWx5OyBjb25zaWRlciB1c2luZyBta3N0ZW1wKCkKLS0KY2MgLU8g LXBpcGUgLURFWFRFTkRFRCAgIC1JL3Vzci9vYmovdXNyL3NyYy9pMzg2L3Vzci9pbmNs dWRlICAtbyBtNCBldmFsLm8gZXhwci5vIGxvb2subyBtYWluLm8gbWlzYy5vICAKZXZh bC5vOiBJbiBmdW5jdGlvbiBgZXZhbCc6CmV2YWwubygudGV4dCsweDQxNyk6IHdhcm5p bmc6IG1rdGVtcCgpIHBvc3NpYmx5IHVzZWQgdW5zYWZlbHk7IGNvbnNpZGVyIHVzaW5n IG1rc3RlbXAoKQotLQpjYyAtTyAtcGlwZSAgIC1JL3Vzci9vYmovdXNyL3NyYy9pMzg2 L3Vzci9pbmNsdWRlICAtbyBtYWlsIHZlcnNpb24ubyBhdXgubyBjbWQxLm8gY21kMi5v IGNtZDMubyBjbWR0YWIubyBjb2xsZWN0Lm8gZWRpdC5vIGZpby5vIGdldG5hbWUubyBo ZWFkLm8gdjcubG9jYWwubyBsZXgubyBsaXN0Lm8gbWFpbi5vIG5hbWVzLm8gcG9wZW4u byBxdWl0Lm8gc2VuZC5vIHN0cmluZ3MubyB0ZW1wLm8gdHR5Lm8gdmFycy5vICAKcXVp dC5vOiBJbiBmdW5jdGlvbiBgZWRzdG9wJzoKcXVpdC5vKC50ZXh0KzB4Yjc2KTogd2Fy bmluZzogbWt0ZW1wKCkgcG9zc2libHkgdXNlZCB1bnNhZmVseTsgY29uc2lkZXIgdXNp bmcgbWtzdGVtcCgpCi0tCmNjIC1PIC1waXBlIC1JL3Vzci9zcmMvdXNyLmJpbi9yZGlz dCAgIC1JL3Vzci9vYmovdXNyL3NyYy9pMzg2L3Vzci9pbmNsdWRlICAtbyByZGlzdCBk b2NtZC5vIGV4cGFuZC5vIGdyYW0ubyBsb29rdXAubyBtYWluLm8gcnNocmNtZC5vIHNl cnZlci5vICAKbWFpbi5vOiBJbiBmdW5jdGlvbiBgbWFpbic6Cm1haW4ubygudGV4dCsw eDMzYSk6IHdhcm5pbmc6IG1rdGVtcCgpIHBvc3NpYmx5IHVzZWQgdW5zYWZlbHk7IGNv bnNpZGVyIHVzaW5nIG1rc3RlbXAoKQotLQpjYyAtTyAtcGlwZSAtSS91c3Ivc3JjL3Vz ci5iaW4veGxpbnQveGxpbnQvLi4vbGludDEgICAtSS91c3Ivb2JqL3Vzci9zcmMvaTM4 Ni91c3IvaW5jbHVkZSAgLW8geGxpbnQgeGxpbnQubyBtZW0ubyAgCnhsaW50Lm86IElu IGZ1bmN0aW9uIGBtYWluJzoKeGxpbnQubygudGV4dCsweDRiMik6IHdhcm5pbmc6IG1r dGVtcCgpIHBvc3NpYmx5IHVzZWQgdW5zYWZlbHk7IGNvbnNpZGVyIHVzaW5nIG1rc3Rl bXAoKQotLQpjYyAtTyAtcGlwZSAgIC1JL3Vzci9vYmovdXNyL3NyYy9pMzg2L3Vzci9p bmNsdWRlICAtbyB4c3RyIHhzdHIubyAgCnhzdHIubzogSW4gZnVuY3Rpb24gYG1haW4n Ogp4c3RyLm8oLnRleHQrMHhiZSk6IHdhcm5pbmc6IG1rdGVtcCgpIHBvc3NpYmx5IHVz ZWQgdW5zYWZlbHk7IGNvbnNpZGVyIHVzaW5nIG1rc3RlbXAoKQotLQpjYyAtTyAtcGlw ZSAtSS4gLUkvdXNyL3NyYy91c3Iuc2Jpbi9hbWQvbWstYW1kLW1hcCAtSS91c3Ivc3Jj L3Vzci5zYmluL2FtZC9tay1hbWQtbWFwLy4uL2luY2x1ZGUgLUkvdXNyL3NyYy91c3Iu c2Jpbi9hbWQvbWstYW1kLW1hcC8uLi8uLi8uLi9jb250cmliL2FtZC9pbmNsdWRlIC1J L3Vzci9zcmMvdXNyLnNiaW4vYW1kL21rLWFtZC1tYXAvLi4vLi4vLi4vY29udHJpYi9h bWQgLURIQVZFX0NPTkZJR19IICAgLUkvdXNyL29iai91c3Ivc3JjL2kzODYvdXNyL2lu Y2x1ZGUgIC1vIG1rLWFtZC1tYXAgbWstYW1kLW1hcC5vICAKbWstYW1kLW1hcC5vOiBJ biBmdW5jdGlvbiBgbWFpbic6Cm1rLWFtZC1tYXAubygudGV4dCsweDU3NSk6IHdhcm5p bmc6IG1rdGVtcCgpIHBvc3NpYmx5IHVzZWQgdW5zYWZlbHk7IGNvbnNpZGVyIHVzaW5n IG1rc3RlbXAoKQotLQpjYyAtTyAtcGlwZSAtV2FsbCAgIC1JL3Vzci9vYmovdXNyL3Ny Yy9pMzg2L3Vzci9pbmNsdWRlICAtbyBjcnVuY2hnZW4gY3J1bmNoZ2VuLm8gY3J1bmNo ZWRfc2tlbC5vICAKY3J1bmNoZ2VuLm86IEluIGZ1bmN0aW9uIGBtYWluJzoKY3J1bmNo Z2VuLm8oLnRleHQrMHgyMDQpOiB3YXJuaW5nOiBta3RlbXAoKSBwb3NzaWJseSB1c2Vk IHVuc2FmZWx5OyBjb25zaWRlciB1c2luZyBta3N0ZW1wKCkKLS0KY2MgLU8gLXBpcGUg LVdhbGwgICAtSS91c3Ivb2JqL3Vzci9zcmMvaTM4Ni91c3IvaW5jbHVkZSAgLW8gY3Rt IGN0bS5vIGN0bV9pbnB1dC5vIGN0bV9wYXNzMS5vIGN0bV9wYXNzMi5vIGN0bV9wYXNz My5vIGN0bV9wYXNzYi5vIGN0bV9zeW50YXgubyBjdG1fZWQubyAgLWxtZApjdG1fcGFz czIubzogSW4gZnVuY3Rpb24gYFBhc3MyJzoKY3RtX3Bhc3MyLm8oLnRleHQrMHg3ZmEp OiB3YXJuaW5nOiB0ZW1wbmFtKCkgcG9zc2libHkgdXNlZCB1bnNhZmVseTsgY29uc2lk ZXIgdXNpbmcgbWtzdGVtcCgpCi0tCmNjIC1PIC1waXBlIC1JL3Vzci9zcmMvdXNyLnNi aW4vcnBjLnlwcGFzc3dkZC8uLi8uLi91c3Iuc2Jpbi92aXB3IC1JL3Vzci9zcmMvdXNy LnNiaW4vcnBjLnlwcGFzc3dkZC8uLi8uLi91c3Iuc2Jpbi95cHNlcnYgIC1JL3Vzci9z cmMvdXNyLnNiaW4vcnBjLnlwcGFzc3dkZC8uLi8uLi9saWJleGVjL3lweGZyIC1JL3Vz ci9zcmMvdXNyLnNiaW4vcnBjLnlwcGFzc3dkZC8uLi8uLi91c3IuYmluL2NocGFzcyAg LUkvdXNyL3NyYy91c3Iuc2Jpbi9ycGMueXBwYXNzd2RkIC1JLiAgIC1JL3Vzci9vYmov dXNyL3NyYy9pMzg2L3Vzci9pbmNsdWRlICAtbyBycGMueXBwYXNzd2RkIHB3X2NvcHku byBwd191dGlsLm8gdXRpbC5vIHlwX2FjY2Vzcy5vIHlwX2RibG9va3VwLm8geXBfZGJ3 cml0ZS5vIHlwX2Vycm9yLm8geXBwYXNzd2RkX21haW4ubyB5cHBhc3N3ZGRfc2VydmVy Lm8geXB4ZnJfbWlzYy5vIHlwX2NsbnQubyB5cHBhc3N3ZF9wcml2YXRlX3N2Yy5vIHlw cGFzc3dkX3ByaXZhdGVfeGRyLm8geXBwYXNzd2Rfc3ZjLm8gIC1scnBjc3ZjIC1sY3J5 cHQKeXBwYXNzd2RkX3NlcnZlci5vOiBJbiBmdW5jdGlvbiBgeXBfbWt0bXBuYW0nOgp5 cHBhc3N3ZGRfc2VydmVyLm8oLnRleHQrMHhiYTkpOiB3YXJuaW5nOiBta3RlbXAoKSBw b3NzaWJseSB1c2VkIHVuc2FmZWx5OyBjb25zaWRlciB1c2luZyBta3N0ZW1wKCkKLS0K Y2MgLU8gLXBpcGUgLUkvdXNyL3NyYy91c3Iuc2Jpbi9scHIvbHBkLy4uL2NvbW1vbl9z b3VyY2UgLVdhbGwgLVduZXN0ZWQtZXh0ZXJucyAtV21pc3NpbmctcHJvdG90eXBlcyAt V25vLXVudXNlZCAtV3JlZHVuZGFudC1kZWNscyAtV3N0cmljdC1wcm90b3R5cGVzICAg LUkvdXNyL29iai91c3Ivc3JjL2kzODYvdXNyL2luY2x1ZGUgIC1vIGxwZCBscGQubyBw cmludGpvYi5vIHJlY3Zqb2IubyBscGRjaGFyLm8gbW9kZXMubyAgL3Vzci9vYmovdXNy L3NyYy91c3Iuc2Jpbi9scHIvbHBkLy4uL2NvbW1vbl9zb3VyY2UvbGlibHByLmEKcHJp bnRqb2IubzogSW4gZnVuY3Rpb24gYHByaW50am9iJzoKcHJpbnRqb2IubygudGV4dCsw eGYxKTogd2FybmluZzogbWt0ZW1wKCkgcG9zc2libHkgdXNlZCB1bnNhZmVseTsgY29u c2lkZXIgdXNpbmcgbWtzdGVtcCgpCg== --============_-1237399732==_D============-- --============_-1237399732==_============ Content-Type: text/plain; charset="us-ascii" ; format="flowed" -- These are my opinions -- not to be taken as official Skynet policy ====================================================================== Brad Knowles, || Belgacom Skynet SA/NV Systems Architect, Mail/News/FTP/Proxy Admin || Rue Colonel Bourg, 124 Phone/Fax: +32-2-706.13.11/12.49 || B-1140 Brussels http://www.skynet.be || Belgium "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania. --============_-1237399732==_============-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Thu Nov 23 8: 3:42 2000 Delivered-To: freebsd-audit@freebsd.org Received: from lists01.iafrica.com (lists01.iafrica.com [196.7.0.141]) by hub.freebsd.org (Postfix) with ESMTP id BE51337B479 for ; Thu, 23 Nov 2000 08:03:36 -0800 (PST) Received: from nwl.fw.uunet.co.za ([196.31.2.162]) by lists01.iafrica.com with esmtp (Exim 3.12 #2) id 13yyqJ-00027U-00 for audit@freebsd.org; Thu, 23 Nov 2000 18:03:23 +0200 Received: (from nobody@localhost) by nwl.fw.uunet.co.za (8.8.8/8.6.9) id SAA14849 for ; Thu, 23 Nov 2000 18:03:33 +0200 (SAST) Received: by nwl.fw.uunet.co.za via recvmail id 14714; Thu Nov 23 18:02:46 2000 Received: from sheldonh (helo=axl.fw.uunet.co.za) by axl.fw.uunet.co.za with local-esmtp (Exim 3.16 #1) id 13yypi-0003hj-00 for audit@FreeBSD.org; Thu, 23 Nov 2000 18:02:46 +0200 From: Sheldon Hearn To: audit@freebsd.org Subject: makedevops.pl and makeobjops.pl tmpfiles Date: Thu, 23 Nov 2000 18:02:46 +0200 Message-ID: <14242.974995366@axl.fw.uunet.co.za> Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi folks, It seems to me that, unless we import the File::Temp perl5 module into the base system (as NetBSD have done), we should use something like the following patch to makeobjops.pl and makedevops.pl, less they be abused. The perl5.6.0's srand() subroutine seeds the PRNG from /dev/urandom, so we don't have to worry too much about a guessable seed. In fact, the call to srand() shouldn't be required at all, since perl5.6.0 automatically calls srand() if it has not yet been called by the time rand() is first called. Ciao, Sheldon. Index: makedevops.pl =================================================================== RCS file: /home/ncvs/src/sys/kern/makedevops.pl,v retrieving revision 1.13 diff -u -d -r1.13 makedevops.pl --- makedevops.pl 2000/10/15 15:19:35 1.13 +++ makedevops.pl 2000/11/23 15:57:48 @@ -117,10 +117,12 @@ $tmpdir = '.' # give up and use current dir if !$tmpdir; +srand; + foreach $src ( @filenames ) { # Names of the created files - $ctmpname = "$tmpdir/ctmp.$$"; - $htmpname = "$tmpdir/htmp.$$"; + $ctmpname = "$tmpdir/ctmp." . rand(9999); + $htmpname = "$tmpdir/htmp." . rand(9999); ($name, $path, $suffix) = &fileparse($src, '.m'); $path = '.' Index: makeobjops.pl =================================================================== RCS file: /home/ncvs/src/sys/kern/makeobjops.pl,v retrieving revision 1.1 diff -u -d -r1.1 makeobjops.pl --- makeobjops.pl 2000/04/08 14:17:10 1.1 +++ makeobjops.pl 2000/11/23 15:58:36 @@ -118,10 +118,12 @@ $tmpdir = '.' # give up and use current dir if !$tmpdir; +srand; + foreach $src ( @filenames ) { # Names of the created files - $ctmpname = "$tmpdir/ctmp.$$"; - $htmpname = "$tmpdir/htmp.$$"; + $ctmpname = "$tmpdir/ctmp." . rand(9999); + $htmpname = "$tmpdir/htmp." . rand(9999); ($name, $path, $suffix) = &fileparse($src, '.m'); $path = '.' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Thu Nov 23 13:43:42 2000 Delivered-To: freebsd-audit@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id 138D337B4C5 for ; Thu, 23 Nov 2000 13:43:40 -0800 (PST) Received: (from kris@localhost) by citusc17.usc.edu (8.11.1/8.11.1) id eANLiaN36467; Thu, 23 Nov 2000 13:44:36 -0800 (PST) (envelope-from kris) Date: Thu, 23 Nov 2000 13:44:36 -0800 From: Kris Kennaway To: Sheldon Hearn Cc: audit@FreeBSD.ORG Subject: Re: makedevops.pl and makeobjops.pl tmpfiles Message-ID: <20001123134436.A36337@citusc17.usc.edu> References: <14242.974995366@axl.fw.uunet.co.za> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="Q68bSM7Ycu6FN28Q" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <14242.974995366@axl.fw.uunet.co.za>; from sheldonh@uunet.co.za on Thu, Nov 23, 2000 at 06:02:46PM +0200 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --Q68bSM7Ycu6FN28Q Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Thu, Nov 23, 2000 at 06:02:46PM +0200, Sheldon Hearn wrote: > It seems to me that, unless we import the File::Temp perl5 module into > the base system (as NetBSD have done), we should use something like the > following patch to makeobjops.pl and makedevops.pl, less they be abused. Thanks for the patch, Sheldon. This one has been annoying me for a while. However, I think I prefer the above option as a more generic solution. I presume it includes functionality similar to mkstemp(). > The perl5.6.0's srand() subroutine seeds the PRNG from /dev/urandom, > so we don't have to worry too much about a guessable seed. In fact, > the call to srand() shouldn't be required at all, since perl5.6.0 > automatically calls srand() if it has not yet been called by the time > rand() is first called. What libc function does rand() call? random(), by the sounds of it. > + $ctmpname = "$tmpdir/ctmp." . rand(9999); > + $htmpname = "$tmpdir/htmp." . rand(9999); Any particular reason for not using rand(999999999) or so? :-) Kris --Q68bSM7Ycu6FN28Q Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjodj8QACgkQWry0BWjoQKVhXQCeJBH6UauK0pA5K1WGI8X09tCz pSkAnRh8N8YcodsrfdxwbRsiY5C0EJS5 =w6Il -----END PGP SIGNATURE----- --Q68bSM7Ycu6FN28Q-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Thu Nov 23 23:13:49 2000 Delivered-To: freebsd-audit@freebsd.org Received: from lists01.iafrica.com (lists01.iafrica.com [196.7.0.141]) by hub.freebsd.org (Postfix) with ESMTP id 2FDBF37B4C5; Thu, 23 Nov 2000 23:13:45 -0800 (PST) Received: from nwl.fw.uunet.co.za ([196.31.2.162]) by lists01.iafrica.com with esmtp (Exim 3.12 #2) id 13zD35-0000us-00; Fri, 24 Nov 2000 09:13:31 +0200 Received: (from nobody@localhost) by nwl.fw.uunet.co.za (8.8.8/8.6.9) id JAA28414; Fri, 24 Nov 2000 09:13:41 +0200 (SAST) Received: by nwl.fw.uunet.co.za via recvmail id 28350; Fri Nov 24 09:13:04 2000 Received: from sheldonh (helo=axl.fw.uunet.co.za) by axl.fw.uunet.co.za with local-esmtp (Exim 3.16 #1) id 13zD2d-00008F-00; Fri, 24 Nov 2000 09:13:03 +0200 From: Sheldon Hearn To: Kris Kennaway Cc: audit@freebsd.org Subject: Re: makedevops.pl and makeobjops.pl tmpfiles In-reply-to: Your message of "Thu, 23 Nov 2000 13:44:36 PST." <20001123134436.A36337@citusc17.usc.edu> Date: Fri, 24 Nov 2000 09:13:03 +0200 Message-ID: <510.975049983@axl.fw.uunet.co.za> Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, 23 Nov 2000 13:44:36 PST, Kris Kennaway wrote: > Thanks for the patch, Sheldon. This one has been annoying me for a > while. However, I think I prefer the above option as a more generic > solution. I presume it includes functionality similar to mkstemp(). I should mention that I made a mistake. It's OpenBSD that has imported File::Temp, not NetBSD. I prefer the idea of importing it as well. > What libc function does rand() call? random(), by the sounds of it. I don't think so. My take on src/contrib/perl5/t/op/rand.t is that they use their own homegrown rand.t. > > + $ctmpname = "$tmpdir/ctmp." . rand(9999); > > + $htmpname = "$tmpdir/htmp." . rand(9999); > > Any particular reason for not using rand(999999999) or so? :-) Nope. I just wasn't sure how large a number I could safely request. Cia, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Nov 24 8:47:18 2000 Delivered-To: freebsd-audit@freebsd.org Received: from server.bitmcnit.bryansk.su (bitmcnit.bryansk.ru [195.239.213.9]) by hub.freebsd.org (Postfix) with ESMTP id CCAFE37B4CF; Fri, 24 Nov 2000 08:47:07 -0800 (PST) Received: (from uucp@localhost) by server.bitmcnit.bryansk.su (8.9.3/8.9.3) with UUCP id TAA21415; Fri, 24 Nov 2000 19:34:54 +0300 Received: (from alex@localhost) by kapran.bitmcnit.bryansk.su (8.11.1/8.11.1) id eAOGXIJ04319; Fri, 24 Nov 2000 19:33:18 +0300 (MSK) (envelope-from alex@kapran.bitmcnit.bryansk.su) Date: Fri, 24 Nov 2000 19:33:17 +0300 From: Alex Kapranoff To: Kris Kennaway Cc: Sheldon Hearn , audit@FreeBSD.ORG Subject: Re: makedevops.pl and makeobjops.pl tmpfiles Message-ID: <20001124193317.D1028@kapran.bitmcnit.bryansk.su> References: <14242.974995366@axl.fw.uunet.co.za> <20001123134436.A36337@citusc17.usc.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <20001123134436.A36337@citusc17.usc.edu>; from kris@FreeBSD.ORG on Thu, Nov 23, 2000 at 01:44:36PM -0800 X-Operating-System: FreeBSD 5.0-CURRENT i386 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, Nov 23, 2000 at 01:44:36PM -0800, Kris Kennaway wrote: > On Thu, Nov 23, 2000 at 06:02:46PM +0200, Sheldon Hearn wrote: > > The perl5.6.0's srand() subroutine seeds the PRNG from /dev/urandom, > > so we don't have to worry too much about a guessable seed. In fact, > > the call to srand() shouldn't be required at all, since perl5.6.0 > > automatically calls srand() if it has not yet been called by the time > > rand() is first called. > > What libc function does rand() call? random(), by the sounds of it. It seems that perl on FreeBSD uses drand48(3) as a base for its rand() function. -- Alex Kapranoff, Voice: +7(0832)791845 892 hours before the brand new millenium... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Nov 24 14:32:33 2000 Delivered-To: freebsd-audit@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id 2976237B479 for ; Fri, 24 Nov 2000 14:32:32 -0800 (PST) Received: (from kris@localhost) by citusc17.usc.edu (8.11.1/8.11.1) id eAOMXa670586 for audit@FreeBSD.org; Fri, 24 Nov 2000 14:33:36 -0800 (PST) (envelope-from kris) Date: Fri, 24 Nov 2000 14:33:36 -0800 From: Kris Kennaway To: audit@FreeBSD.org Subject: Project for auditors Message-ID: <20001124143336.A70550@citusc17.usc.edu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="qDbXVdCdHGoSgWSk" Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --qDbXVdCdHGoSgWSk Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Here's something I just noticed../usr/bin/mail will repeatedly create files with the same name from mktemp(), of the form /tmp/RsXXXXXX (as well as some others). This needs to be fixed to use mkstemp() since theres the very easy to exploit race condition there. Anyone up for it? Kris --qDbXVdCdHGoSgWSk Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjoe7MAACgkQWry0BWjoQKXx9wCggAm/hal4rulK03J7W2OWtwtG ww0An2iYPZTDOAFGD5yJbJo5AP51zYDX =duPO -----END PGP SIGNATURE----- --qDbXVdCdHGoSgWSk-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Nov 24 15:44:23 2000 Delivered-To: freebsd-audit@freebsd.org Received: from green.dyndns.org (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 0B75137B479; Fri, 24 Nov 2000 15:44:18 -0800 (PST) Received: from localhost (1g6qok@localhost [127.0.0.1]) by green.dyndns.org (8.11.0/8.11.0) with ESMTP id eAONiG560473; Fri, 24 Nov 2000 18:44:17 -0500 (EST) (envelope-from green@FreeBSD.org) Message-Id: <200011242344.eAONiG560473@green.dyndns.org> X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4 To: audit@FreeBSD.org Cc: current@FreeBSD.org Subject: OpenSSH 2.3.0 pre-upgrade From: "Brian F. Feldman" Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 24 Nov 2000 18:44:16 -0500 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG (Please direct followups to audit@FreeBSD.org and remove all extraneous addresses. I'm cross-posting in hopes of reaching the right audiences that won't necessarily overlap.) It's time again for an upgrade to our FreeBSD OpenSSH. Version 2.3.0 was released a few weeks back, and working off that I've produced a set of diffs from either what's in the tree now or the original OpenBSD, 2.3.0 sources. What's new in this release? Mostly the adding of the AES (Rijndael) to the SSH2 algorithms. Is anything now broken? Well, nothing new broken that I know of; there was an issue of the canonical host name not being used, which I could have sworn it was before: in either case, it is used now. The auth loops previously did not take NULL struct passwd * arguments, but now they do (to inform them to fake authorization). This deprecated our fake auth loop, but gave me a lot of work to correct the logic in the code that expects non-NULL pw's. I think I did it all, but wouldn't be surprised if there's still a mistake, so I'd really appreciate others looking at it. There's some weird issue where for the Diffie-Hellman exchange, OpenSSH wants primes but doesn't seem to want to generate them... it expects an /etc/ssh/primes (which should become /var/run/ssh_primes, if anything) and I have no clue where the program is that supposedly generates them. So, for SSH2, the authentication stage generates a large warning and uses a hardcoded prime. This should not actually have an affect on security, though, according to my understanding of the Diffie-Hellman protocol. I probably fixed a ton of smaller bugs on the way I've all but forgotten about now. I'd appreciate anyone who can either test this out to see if it works for them (I upgraded all my OpenSSH stuff to 2.3.0, and it is working great) or review the changes. If I've made some mistakes in the code I've changed, it could easily be a huge security issue, so it would be really nice to have others back me up on the changes made. The patch to apply on a -CURRENT/-STABLE FreeBSD system's src tree to update to this version can be found at: http://green.bikeshed.org/OpenSSH-2.3.0.patch.gz Similarly, the diffs from plain OpenBSD OpenSSH 2.3.0 to ours are at: http://green.bikeshed.org/OpenSSH_to_FreeBSD-2.3.0.patch.gz Thanks! -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / green@FreeBSD.org `------------------------------' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sat Nov 25 12:28: 2 2000 Delivered-To: freebsd-audit@freebsd.org Received: from cypherpunks.ai (cypherpunks.ai [209.88.68.47]) by hub.freebsd.org (Postfix) with ESMTP id 0E6EC37B479; Sat, 25 Nov 2000 12:27:59 -0800 (PST) Received: from vangelderen.org (grolsch.ai [209.88.68.214]) by cypherpunks.ai (Postfix) with ESMTP id 2D75A51; Sat, 25 Nov 2000 16:27:58 -0400 (AST) Message-ID: <3A2020D3.A3BFDC2A@vangelderen.org> Date: Sat, 25 Nov 2000 16:28:03 -0400 From: "Jeroen C. van Gelderen" X-Mailer: Mozilla 4.73 [en] (X11; I; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: "Brian F. Feldman" Cc: audit@FreeBSD.org Subject: Re: OpenSSH 2.3.0 pre-upgrade References: <200011242344.eAONiG560473@green.dyndns.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG [current@freebsd.org trimmed from CC] "Brian F. Feldman" wrote: > It's time again for an upgrade to our FreeBSD OpenSSH. Version 2.3.0 was > released a few weeks back, and working off that I've produced a set of diffs > from either what's in the tree now or the original OpenBSD, 2.3.0 sources. Good work! > What's new in this release? Mostly the adding of the AES (Rijndael) to the > SSH2 algorithms. Is anything now broken? Well, nothing new broken that I > know of; there was an issue of the canonical host name not being used, which > I could have sworn it was before: in either case, it is used now. The auth > loops previously did not take NULL struct passwd * arguments, but now they > do (to inform them to fake authorization). This deprecated our fake auth > loop, but gave me a lot of work to correct the logic in the code that > expects non-NULL pw's. I think I did it all, but wouldn't be surprised if > there's still a mistake, so I'd really appreciate others looking at it. > > There's some weird issue where for the Diffie-Hellman exchange, OpenSSH > wants primes but doesn't seem to want to generate them... it expects an > /etc/ssh/primes (which should become /var/run/ssh_primes, if anything) Not neccessarily: these primes are in the same league as the various host keys which are stored in /etc/ssh already. > and I > have no clue where the program is that supposedly generates them. Something like ssh-keygen or OpenSSL I'd presume. You don't want to generate them on-the-fly in sshd as that's way too time-consuming. > So, for > SSH2, the authentication stage generates a large warning and uses a > hardcoded prime. This should not actually have an affect on security, > though, according to my understanding of the Diffie-Hellman protocol. The warning seems to be generated when a key-exchange of type DH_GEX_SHA1 is performed. DH_GEX_SHA1 appears to be a non-standard (not documented in any RFC/I-D I could find) extension implemented by OpenSSH only. This kex-type doesn't add much to the security but makes the protocol computationally less efficient (iff implemented properly). It certainly isn't something you want enabled by default. Anyway, this key exchange type should *only* be accepted when the server actually supports it. The warning will only be generated when the server claims to support DH_GEX_SHA1 *and* /etc/ssh/primes cannot be found. However, if /etc/ssh/primes doesn't exist, DH_GEX_SHA1 should not be accepted as a supported kex-type which would eliminate the warning. The warning certainly isn't harmless as it will condition people to ignore warnings, including serious ones. I would argue that we disable support for this non-standard kex-type (at least in the sshd but preferrably in the ssh client as well) until it is properly documented. I can smell embrace-and-extend :-( switch (kex->kex_type) { + case DH_GRP1_SHA1: + ssh_dh1_server(kex, client_kexinit, server_kexinit); + break; + case DH_GEX_SHA1: /* non-standard? */ + ssh_dhgex_server(kex, client_kexinit, server_kexinit); + break; + default: + fatal("Unsupported key exchange %d", kex->kex_type); + } Cheers, Jeroen -- Jeroen C. van Gelderen o _ _ _ jeroen@vangelderen.org _o /\_ _ \\o (_)\__/o (_) _< \_ _>(_) (_)/<_ \_| \ _|/' \/ (_)>(_) (_) (_) (_) (_)' _\o_ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sat Nov 25 21:48: 6 2000 Delivered-To: freebsd-audit@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id A452337B4C5 for ; Sat, 25 Nov 2000 21:48:04 -0800 (PST) Received: (from kris@localhost) by citusc17.usc.edu (8.11.1/8.11.1) id eAQ5n3215110 for audit@FreeBSD.org; Sat, 25 Nov 2000 21:49:03 -0800 (PST) (envelope-from kris) Date: Sat, 25 Nov 2000 21:49:03 -0800 From: Kris Kennaway To: audit@FreeBSD.org Subject: MAXHOSTNAMELEN Message-ID: <20001125214903.A14677@citusc17.usc.edu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="ZPt4rx8FFjLCG7dd" Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --ZPt4rx8FFjLCG7dd Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Just wanted to check something..MAXHOSTNAMELEN is defined to be 256, which is long enough to store the maximum possible DNS name (255 octets) plus the terminating NULL. So there's no need to declare arrays to be MAXHOSTNAMELEN+1 in size, right? I'm seeing great inconsistency within our source tree, and I bumped across this in some changes I was porting from NetBSD. Kris --ZPt4rx8FFjLCG7dd Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjogpE8ACgkQWry0BWjoQKUrdgCgyGOEEFAVcTM7GgIefp4RtWtQ 7BcAoIoZx0PwVYiDmrlAOVc/qbPe2BGq =b4ZX -----END PGP SIGNATURE----- --ZPt4rx8FFjLCG7dd-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sat Nov 25 23: 5:14 2000 Delivered-To: freebsd-audit@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id 9D98F37B4C5; Sat, 25 Nov 2000 23:05:12 -0800 (PST) Received: (from kris@localhost) by citusc17.usc.edu (8.11.1/8.11.1) id eAQ76B116617; Sat, 25 Nov 2000 23:06:11 -0800 (PST) (envelope-from kris) Date: Sat, 25 Nov 2000 23:06:11 -0800 From: Kris Kennaway To: audit@FreeBSD.org Cc: obrien@FreeBSD.org Subject: gcc format string warning patch Message-ID: <20001125230611.A16472@citusc17.usc.edu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="3V7upXqbjpZ4EhLz" Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --3V7upXqbjpZ4EhLz Content-Type: text/plain; charset=us-ascii Content-Disposition: inline I ported the NetBSD -Wnetbsd-format-audit warning option to gcc which checks for non-constant format strings for auditing purposes. It seems to work, although of course it gives lots of false positives. Patches at http://www.freebsd.org/~kris/gcc-format-warning.patch I'm going to try and generate a master list of these warnings from a 'make world' so they can be examined. NetBSD have done a lot of cleanups here (though I'd expect most are not security-relevant). They also have a library function they have just committed which checks for compatability of format strings, which I'm going to look at porting as well. Feedback welcomed. Kris --3V7upXqbjpZ4EhLz Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjogtmMACgkQWry0BWjoQKVHXwCg2zV3SD/NYic82Eg8HRnHDM2k ADAAoKFfMZOfd1dv3zAvP4clrxuZIy7h =wsbH -----END PGP SIGNATURE----- --3V7upXqbjpZ4EhLz-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message