From owner-freebsd-audit Mon Jun 11 9:23:13 2001 Delivered-To: freebsd-audit@freebsd.org Received: from ringworld.nanolink.com (ringworld.nanolink.com [195.24.48.13]) by hub.freebsd.org (Postfix) with SMTP id 75FEB37B407 for ; Mon, 11 Jun 2001 09:23:04 -0700 (PDT) (envelope-from roam@ringworld.nanolink.com) Received: (qmail 61597 invoked by uid 1000); 11 Jun 2001 16:21:43 -0000 Date: Mon, 11 Jun 2001 19:21:43 +0300 From: Peter Pentchev To: Peter Wemm Cc: audit@FreeBSD.org Subject: ncurses const patch Message-ID: <20010611192143.D59082@ringworld.oblivion.bg> Mail-Followup-To: Peter Wemm , audit@FreeBSD.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi, Is there a particular reason that src/lib/libncurses/Makefile does not tell ncurses that FreeBSD's compiler honors 'const'? The attached patch allows all programs including or and using *printw() to compile with WARNS=2. A similar patch applies to RELENG_4. There might be some header dependency bogosities that would require that the /usr/obj tree be cleaned before the libncurses recompile, but such is life.. G'luck, Peter -- I had to translate this sentence into English because I could not read the original Sanskrit. Index: src/lib/libncurses/Makefile =================================================================== RCS file: /home/ncvs/src/lib/libncurses/Makefile,v retrieving revision 1.50 diff -u -r1.50 Makefile --- src/lib/libncurses/Makefile 2001/06/07 17:27:44 1.50 +++ src/lib/libncurses/Makefile 2001/06/11 10:25:46 @@ -15,7 +15,7 @@ NCURSES_PATCH!=egrep 'NCURSES_PATCH[ ]*=' ${NCURSES}/dist.mk | sed -e 's%^[^0-9]*%%' # From autoconf (!) -NCURSES_CONST= /* nothing */ +NCURSES_CONST= const NCURSES_XNAMES= 1 NCURSES_OSPEED= short BUILTIN_BOOL= 1 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Jun 11 14: 5:52 2001 Delivered-To: freebsd-audit@freebsd.org Received: from smtp4.hushmail.com (smtp4.hushmail.com [64.40.111.32]) by hub.freebsd.org (Postfix) with ESMTP id 40AFB37B401 for ; Mon, 11 Jun 2001 14:05:41 -0700 (PDT) (envelope-from aeonflux99@hushmail.com) Received: from user7.hushmail.com (user7.hushmail.com [64.40.111.47]) by smtp4.hushmail.com (Postfix) with ESMTP id F37332FDB for ; Mon, 11 Jun 2001 14:04:48 -0700 (PDT) Received: (from root@localhost) by user7.hushmail.com (8.9.3/8.9.3) id OAA16071; Mon, 11 Jun 2001 14:04:48 -0700 From: aeonflux99@hushmail.com Message-Id: <200106112104.OAA16071@user7.hushmail.com> Date: Mon, 11 Jun 2001 17:00:29 -0500 (EDT) To: audit@freebsd.org Mime-version: 1.0 Content-type: multipart/mixed; boundary="Hushpart_boundary_gQQcmEdPjxDApVXthILMXEglluHAfwLk" Subject: resubmitting fix Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --Hushpart_boundary_gQQcmEdPjxDApVXthILMXEglluHAfwLk Content-type: text/plain I first submitted this patch to this mailing list in the month of January, unfortunately it was largely ignored. As it stands ssh failures are not audited, they're not even logged in the default configuration. Obviously we need to make some changes so that repeated failures, get logged. Likewise people connecting to our sshd port to look for a banner version should also be logged. As it stands the only way to really do this properly is to use tcpwrappers, or packet filtering. However, I believe there needs to be some logging higher up in the ladder too. I'm resubmitting this patch. In order to get it to work properly, you're going to need to modify syslog.conf security.*;auth.info /var/log/security adding auth.info (the facility ssh uses) to the security log. Likewise the patch is extremely simple. - --- /etc/security Mon Jun 11 15:45:02 2001 +++ /etc/security Mon Jun 11 15:48:29 2001 @@ -44,6 +44,7 @@ sort -t. -r -n +1 -2 | xargs zcat -f [ -f $LOG/messages ] && cat $LOG/messages + [ -f $LOG/security ] && cat $LOG/security } sflag=FALSE ignore= @@ -188,6 +189,12 @@ separator echo "${host} login failures:" n=$(catmsgs | grep -i "^$yesterday.*login failure" | tee /dev/stderr | wc -l) +[ $n -gt 0 -a $rc -lt 1 ] && rc=1 + +# Show "${host} SSH login failures:" +separator +echo "${host} login failures:" +n=$(catmsgs | grep -i "^$yesterday.*failed password" | tee /dev/stderr | wc -l) [ $n -gt 0 -a $rc -lt 1 ] && rc=1 # Show tcp_wrapper warning messages - Free, encrypted, secure Web-based email at www.hushmail.com --Hushpart_boundary_gQQcmEdPjxDApVXthILMXEglluHAfwLk Content-Disposition: attachment Content-type: application/octet-stream; name="securitynew.diff" Content-Transfer-Encoding: base64 LS0tIC9ldGMvc2VjdXJpdHkJTW9uIEp1biAxMSAxNTo0NTowMiAyMDAxCisrKyAvZXRj L3NlY3VyaXR5CU1vbiBKdW4gMTEgMTU6NDg6MjkgMjAwMQpAQCAtNDQsNiArNDQsNyBA QAogCSAgICBzb3J0IC10LiAtciAtbiArMSAtMiB8CiAJICAgIHhhcmdzIHpjYXQgLWYK IAlbIC1mICRMT0cvbWVzc2FnZXMgXSAmJiBjYXQgJExPRy9tZXNzYWdlcworCVsgLWYg JExPRy9zZWN1cml0eSBdICYmIGNhdCAkTE9HL3NlY3VyaXR5CiB9CiAKIHNmbGFnPUZB TFNFIGlnbm9yZT0KQEAgLTE4OCw2ICsxODksMTIgQEAKIHNlcGFyYXRvcgogZWNobyAi JHtob3N0fSBsb2dpbiBmYWlsdXJlczoiCiBuPSQoY2F0bXNncyB8IGdyZXAgLWkgIl4k eWVzdGVyZGF5Lipsb2dpbiBmYWlsdXJlIiB8IHRlZSAvZGV2L3N0ZGVyciB8IHdjIC1s KQorWyAkbiAtZ3QgMCAtYSAkcmMgLWx0IDEgXSAmJiByYz0xCisKKyMgU2hvdyAiJHto b3N0fSBTU0ggbG9naW4gZmFpbHVyZXM6Igorc2VwYXJhdG9yCitlY2hvICIke2hvc3R9 IGxvZ2luIGZhaWx1cmVzOiIKK249JChjYXRtc2dzIHwgZ3JlcCAtaSAiXiR5ZXN0ZXJk YXkuKmZhaWxlZCBwYXNzd29yZCIgfCB0ZWUgL2Rldi9zdGRlcnIgfCB3YyAtbCkKIFsg JG4gLWd0IDAgLWEgJHJjIC1sdCAxIF0gJiYgcmM9MQogCiAjIFNob3cgdGNwX3dyYXBw ZXIgd2FybmluZyBtZXNzYWdlcwo= --Hushpart_boundary_gQQcmEdPjxDApVXthILMXEglluHAfwLk-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Tue Jun 12 5:15:54 2001 Delivered-To: freebsd-audit@freebsd.org Received: from albatross.prod.itd.earthlink.net (albatross.mail.pas.earthlink.net [207.217.120.120]) by hub.freebsd.org (Postfix) with ESMTP id B6AB737B407; Tue, 12 Jun 2001 05:15:46 -0700 (PDT) (envelope-from dhagan@colltech.com) Received: from colltech.com (1Cust157.tnt1.clarksburg.wv.da.uu.net [63.21.114.157]) by albatross.prod.itd.earthlink.net (EL-8_9_3_3/8.9.3) with ESMTP id FAA26429; Tue, 12 Jun 2001 05:15:40 -0700 (PDT) Message-ID: <3B2608E8.611D1669@colltech.com> Date: Tue, 12 Jun 2001 08:19:52 -0400 From: Daniel Hagan Reply-To: FreeBSD-Security@FreeBSD.org X-Mailer: Mozilla 4.73 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: aeonflux99@hushmail.com, FreeBSD-Audit@FreeBSD.org, FreeBSD-Security@FreeBSD.org Subject: Re: resubmitting fix (/etc/security ssh awareness) References: <200106112104.OAA16071@user7.hushmail.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG This probably belongs more on -security than -audit, so I'm cross posting it to both with follow-ups set to -security. aeonflux99@hushmail.com wrote: > > I first submitted this patch to this mailing list in the month of January, > unfortunately it was largely ignored. As it stands ssh failures are not > audited, they're not even logged in the default configuration. > > Obviously we need to make some changes so that repeated failures, get logged. > Likewise people connecting to our sshd port to look for a banner version > should also be logged. As it stands the only way to really do this properly > is to use tcpwrappers, or packet filtering. However, I believe there needs > to be some logging higher up in the ladder too. > > I'm resubmitting this patch. In order to get it to work properly, you're > going to need to modify syslog.conf > > security.*;auth.info /var/log/security > > adding auth.info (the facility ssh uses) to the security log. Likewise > the patch is extremely simple. It seems that adding auth and authpriv to /var/log/security would be the 'right thing to do' in the POLA sense. > - > --- /etc/security Mon Jun 11 15:45:02 2001 > +++ /etc/security Mon Jun 11 15:48:29 2001 > @@ -44,6 +44,7 @@ > sort -t. -r -n +1 -2 | > xargs zcat -f > [ -f $LOG/messages ] && cat $LOG/messages > + [ -f $LOG/security ] && cat $LOG/security > } > > sflag=FALSE ignore= > @@ -188,6 +189,12 @@ > separator > echo "${host} login failures:" > n=$(catmsgs | grep -i "^$yesterday.*login failure" | tee /dev/stderr | > wc -l) > +[ $n -gt 0 -a $rc -lt 1 ] && rc=1 > + > +# Show "${host} SSH login failures:" > +separator > +echo "${host} login failures:" This should probably be echo "${host} SSH login failures:", right? > +n=$(catmsgs | grep -i "^$yesterday.*failed password" | tee /dev/stderr > | wc -l) > [ $n -gt 0 -a $rc -lt 1 ] && rc=1 > > # Show tcp_wrapper warning messages While I agree that this is a Good Idea, I'm not entirely sure that your implementation is sufficient. Does .*failed password match only sshd entries and does it match all of the cases you mention above (failed logins, port scanning; what about failed RSAAuthentication attempts)? Daniel -- Consultant, Collective Technologies http://www.collectivetech.com/ Use PGP for confidential e-mail. http://www.pgp.com/products/freeware/ Key Id: 0xD44F15B1 3FA0 D899 4530 702F 72B0 5A17 C2A5 2C2B D22F 15B1 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Tue Jun 12 23:16:16 2001 Delivered-To: freebsd-audit@freebsd.org Received: from bazooka.unixfreak.org (bazooka.unixfreak.org [63.198.170.138]) by hub.freebsd.org (Postfix) with ESMTP id 0ACC037B405 for ; Tue, 12 Jun 2001 23:15:51 -0700 (PDT) (envelope-from dima@unixfreak.org) Received: from hornet.unixfreak.org (hornet [63.198.170.140]) by bazooka.unixfreak.org (Postfix) with ESMTP id 049B13E28 for ; Tue, 12 Jun 2001 23:15:50 -0700 (PDT) To: audit@freebsd.org Subject: mountd/showmount/mountdtab patch Date: Tue, 12 Jun 2001 23:15:49 -0700 From: Dima Dorfman Message-Id: <20010613061550.049B13E28@bazooka.unixfreak.org> Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG The attached patch makes mountd write the numeric IP address instead of the hostname of the connecting machine to /var/db/mountdtab, and updates showmount to do the DNS lookup itself. It also adds an -n option to the latter which disables the DNS lookup. That's the real motivation behind this; it's very nice to be able to find the IP address of the connecting machine without having to do a lookup. Please review. Thanks in advance, Dima Dorfman dima@unixfreak.org Index: sbin/mountd/mountd.c =================================================================== RCS file: /stl/src/FreeBSD/src/sbin/mountd/mountd.c,v retrieving revision 1.55 diff -u -r1.55 mountd.c --- sbin/mountd/mountd.c 2001/06/01 10:57:24 1.55 +++ sbin/mountd/mountd.c 2001/06/13 05:53:29 @@ -522,8 +522,7 @@ struct stat stb; struct statfs fsb; struct addrinfo *ai; - char host[NI_MAXHOST], numerichost[NI_MAXHOST]; - int lookup_failed = 1; + char numerichost[NI_MAXHOST]; struct sockaddr *saddr; u_short sport; char rpcpath[RPCMNT_PATHLEN + 1], dirpath[MAXPATHLEN]; @@ -544,8 +543,6 @@ syslog(LOG_ERR, "request from unknown address family"); return; } - lookup_failed = getnameinfo(saddr, saddr->sa_len, host, sizeof host, - NULL, 0, 0); getnameinfo(saddr, saddr->sa_len, numerichost, sizeof numerichost, NULL, 0, NI_NUMERICHOST); ai = NULL; @@ -622,10 +619,7 @@ } if (!svc_sendreply(transp, xdr_fhs, (caddr_t)&fhr)) syslog(LOG_ERR, "can't send reply"); - if (!lookup_failed) - add_mlist(host, dirpath); - else - add_mlist(numerichost, dirpath); + add_mlist(numerichost, dirpath); if (debug) warnx("mount successful"); if (log) @@ -672,8 +666,6 @@ } if (!svc_sendreply(transp, xdr_void, (caddr_t)NULL)) syslog(LOG_ERR, "can't send reply"); - if (!lookup_failed) - del_mlist(host, dirpath); del_mlist(numerichost, dirpath); if (log) syslog(LOG_NOTICE, @@ -690,8 +682,6 @@ } if (!svc_sendreply(transp, xdr_void, (caddr_t)NULL)) syslog(LOG_ERR, "can't send reply"); - if (!lookup_failed) - del_mlist(host, NULL); del_mlist(numerichost, NULL); if (log) syslog(LOG_NOTICE, Index: usr.bin/showmount/showmount.c =================================================================== RCS file: /stl/src/FreeBSD/src/usr.bin/showmount/showmount.c,v retrieving revision 1.10 diff -u -r1.10 showmount.c --- usr.bin/showmount/showmount.c 2001/06/12 03:44:35 1.10 +++ usr.bin/showmount/showmount.c 2001/06/13 05:53:29 @@ -94,7 +94,9 @@ static struct mountlist *mntdump; static struct exportslist *exports; static int type = 0; +static int do_dns = 1; +void normalize_host __P((const char *, char **)); void print_dump __P((struct mountlist *)); static void usage __P((void)); int xdr_mntdump __P((XDR *, struct mountlist **)); @@ -123,7 +125,7 @@ char *host; int estat; - while ((ch = getopt(argc, argv, "ade3")) != -1) + while ((ch = getopt(argc, argv, "aden3")) != -1) switch((char)ch) { case 'a': if (type == 0) { @@ -142,6 +144,9 @@ case 'e': rpcs |= DOEXPORTS; break; + case 'n': + do_dns = 0; + break; case '3': mntvers = 3; break; @@ -375,7 +380,7 @@ static void usage() { - fprintf(stderr, "usage: showmount [-ade3] host\n"); + fprintf(stderr, "usage: showmount [-aden3] host\n"); exit(1); } @@ -386,22 +391,60 @@ print_dump(mp) struct mountlist *mp; { + char *host; if (mp == NULL) return; if (mp->ml_left) print_dump(mp->ml_left); + normalize_host(mp->ml_host, &host); switch (type) { case ALL: - printf("%s:%s\n", mp->ml_host, mp->ml_dirp); + printf("%s:%s\n", host, mp->ml_dirp); break; case DIRS: printf("%s\n", mp->ml_dirp); break; default: - printf("%s\n", mp->ml_host); + printf("%s\n", host); break; }; + free(host); if (mp->ml_right) print_dump(mp->ml_right); +} + +void +normalize_host(old, new) + const char *old; + char **new; +{ + struct addrinfo *ai; + char *newval; + int error, flags; + + if (!do_dns) + flags = NI_NUMERICHOST; + else + flags = 0; + error = getaddrinfo(old, NULL, NULL, &ai); + if (error != 0) { + *new = strdup(old); + return; + } + newval = malloc(NI_MAXHOST); + if (newval == NULL) { + freeaddrinfo(ai); + err(1, "malloc"); + } + error = getnameinfo(ai->ai_addr, ai->ai_addrlen, newval, NI_MAXHOST, + NULL, 0, flags); + if (error != 0) { + freeaddrinfo(ai); + free(newval); + *new = strdup(old); + return; + } + freeaddrinfo(ai); + *new = newval; } To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Wed Jun 13 11:39:40 2001 Delivered-To: freebsd-audit@freebsd.org Received: from h132-197-97-45.gte.com (h132-197-97-45.gte.com [132.197.97.45]) by hub.freebsd.org (Postfix) with ESMTP id 12DD537B40F for ; Wed, 13 Jun 2001 11:39:23 -0700 (PDT) (envelope-from ak03@gte.com) Received: (from ak03@localhost) by h132-197-97-45.gte.com (8.11.4/8.11.4) id f5DIdLs66117 for freebsd-audit@FreeBSD.org; Wed, 13 Jun 2001 14:39:22 -0400 (EDT) (envelope-from ak03) Date: Wed, 13 Jun 2001 14:39:21 -0400 From: "Alexander N. Kabaev" To: freebsd-audit@FreeBSD.org Subject: su/zsh problems, proposed fix Message-ID: <20010613143921.A65820@kanpc.gte.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="IJpNTDwzlM2Ie8A6" Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --IJpNTDwzlM2Ie8A6 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline There is a problem with su in -CURRENT when used by the users who have zsh set as their login shell. zsh never calls setpgrp on startup itself but rather relies on its parent to do that if so desired. After PAM support has been added to su in -CURRENT, causing su to change its previous behavior of doing exec to run the command to fork+exec+waitpid sequence, running su -m from the command line results in su and zsh processes both running in the same process group. Now if user presses ^C on the keyboard, SIGINT signal is dispatched to both su and zsh processes. zsh runs in interactive mode, so it ignores the signal and continues to run, while su itself dies. The parent shell process then detects su's death and mistakenly tries to regain control over the terminal, conflicting with the still alive shell which has been previously spawned by su. Failing that, the parent shell dies abnormally with TTY input/output error message and takes your xterm/login session/screen window/etc along. Attached patch attempts to resolve this issue by changing su to ignore SIGINT, SIGQUIT and SIGTSTP signals while waiting for the child to complete. I have been running -CURRENT for at least two weeks now with the patch applied and I did not have any problems with it so far. I submitted this patch to Mark Murray earlier today and he did not have problem with it and he suggested that the patch should be posted on audit@freebsd.org for further review. Please let me know if you have any comments or suggestions. -- Alexander Kabaev PS. SIGTSTP signal should probably be removed from the list of ignored signals, I am not even sure how it got there... --IJpNTDwzlM2Ie8A6 Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="su.diff" Index: su.c =================================================================== RCS file: /usr/ncvs/src/usr.bin/su/su.c,v retrieving revision 1.39 diff -u -u -r1.39 su.c --- su.c 2001/05/26 09:52:36 1.39 +++ su.c 2001/06/12 20:55:03 @@ -123,6 +123,7 @@ char *p, *user, *shell, *username, *cleanenv, **nargv, **np, *class, *mytty, shellbuf[MAXPATHLEN], myhost[MAXHOSTNAMELEN + 1]; + struct sigaction sa, sa_int, sa_quit, sa_tstp; shell = class = cleanenv = NULL; asme = asthem = fastlogin = statusp = 0; @@ -307,6 +308,12 @@ * We must fork() before setuid() because we need to call * pam_setcred(pamh, PAM_DELETE_CRED) as root. */ + sa.sa_flags = SA_RESTART; + sa.__sigaction_u.__sa_handler = SIG_IGN; + sigemptyset(&sa.sa_mask); + sigaction(SIGINT, &sa, &sa_int); + sigaction(SIGQUIT, &sa, &sa_quit); + sigaction(SIGTSTP, &sa, &sa_tstp); statusp = 1; child_pid = fork(); @@ -332,6 +339,9 @@ PAM_END; exit(1); case 0: + sigaction(SIGINT, &sa_int, NULL); + sigaction(SIGQUIT, &sa_quit, NULL); + sigaction(SIGTSTP, &sa_tstp, NULL); /* * Set all user context except for: Environmental variables * Umask Login records (wtmp, etc) Path @@ -388,7 +398,6 @@ if (ruid != 0) syslog(LOG_NOTICE, "%s to %s%s", username, user, ontty()); - execv(shell, np); err(1, "%s", shell); } --IJpNTDwzlM2Ie8A6-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Wed Jun 13 17: 0: 3 2001 Delivered-To: freebsd-audit@freebsd.org Received: from iatl0x01.coxmail.com (iatl1x01.coxmail.com [206.157.231.23]) by hub.freebsd.org (Postfix) with ESMTP id 8B19237B403 for ; Wed, 13 Jun 2001 16:59:58 -0700 (PDT) (envelope-from mheffner@novacoxmail.com) Received: from enterprise.muriel.penguinpowered.com ([208.138.198.178]) by iatl0x01.coxmail.com (InterMail vK.4.03.02.00 201-232-124 license 85f4f10023be2bd3bce00b3a38363ea2) with ESMTP id <20010613235957.JAMF1034.iatl0x01@enterprise.muriel.penguinpowered.com>; Wed, 13 Jun 2001 19:59:57 -0400 Message-ID: X-Mailer: XFMail 1.4.7 on FreeBSD X-Priority: 3 (Normal) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="_=XFMail.1.4.7.FreeBSD:20010613195644:16199=_"; micalg=pgp-md5; protocol="application/pgp-signature" In-Reply-To: MYHEADER: test Date: Wed, 13 Jun 2001 19:56:44 -0400 (EDT) Reply-To: Mike Heffner From: Mike Heffner To: Mike Barcroft Subject: RE: whois(1) patch - commit ready Cc: Garance A Drosihn , freebsd-audit@freebsd.org Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG This message is in MIME format --_=XFMail.1.4.7.FreeBSD:20010613195644:16199=_ Content-Type: text/plain; charset=us-ascii On 05-Jun-2001 Mike Barcroft wrote: | | The patch at the following URL: | http://testbed.q9media.net/freebsd/whois.patch Looks good, except: + if ((flags & WHOIS_INIC_FALLBACK) == 1 && nhost == NULL && should be: if ((flags & WHOIS_INIC_FALLBACK) != 0 ... | ...is now commit-ready. I've fixed all issues that were brought up in the | review process. Does anyone have any interest in committing it, or shall I | open a PR? gad@ has volunteered to commit it in a week or so, if no one | else is interested. I'll leave it for you when you get your commit bit ;) Mike -- Mike Heffner Fredericksburg, VA http://filebox.vt.edu/users/mheffner --_=XFMail.1.4.7.FreeBSD:20010613195644:16199=_ Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7J/28FokZQs3sv5kRAnlsAJ9JLHk0t03jq9VL+XuKronURXjUFwCfe6oj TgHPlQ2A+C3iQ4t8K8rVWt8= =QU1m -----END PGP SIGNATURE----- --_=XFMail.1.4.7.FreeBSD:20010613195644:16199=_-- End of MIME message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Thu Jun 14 3:51:29 2001 Delivered-To: freebsd-audit@freebsd.org Received: from ringworld.nanolink.com (ringworld.nanolink.com [195.24.48.13]) by hub.freebsd.org (Postfix) with SMTP id 531C137B403 for ; Thu, 14 Jun 2001 03:51:20 -0700 (PDT) (envelope-from roam@orbitel.bg) Received: (qmail 29351 invoked by uid 1000); 14 Jun 2001 10:49:53 -0000 Date: Thu, 14 Jun 2001 13:49:53 +0300 From: Peter Pentchev To: audit@FreeBSD.org Subject: fstat(1) patches to recognize FIFO's Message-ID: <20010614134953.E837@ringworld.oblivion.bg> Mail-Followup-To: audit@FreeBSD.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi, As mentioned in PR bin/26637, fstat(1) does not currently recognize FIFO's, but prints them out as unknown file structures. The fun part is that FIFO's need absolutely no additional work, they just need to be printed out as regular files are. Patch attached. G'luck, Peter -- I've heard that this sentence is a rumor. Index: src/usr.bin/fstat/fstat.c =================================================================== RCS file: /home/ncvs/src/usr.bin/fstat/fstat.c,v retrieving revision 1.31 diff -u -r1.31 fstat.c --- src/usr.bin/fstat/fstat.c 2001/05/29 20:39:47 1.31 +++ src/usr.bin/fstat/fstat.c 2001/06/14 10:48:52 @@ -366,6 +366,13 @@ file.f_flag); } #endif +#ifdef DTYPE_FIFO + else if (file.f_type == DTYPE_FIFO) { + if (checkfile == 0) + vtrans((struct vnode *)file.f_data, i, + file.f_flag); + } +#endif else { dprintf(stderr, "unknown file type %d for file %d of pid %d\n", To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Thu Jun 14 4:19:54 2001 Delivered-To: freebsd-audit@freebsd.org Received: from mailman.zeta.org.au (mailman.zeta.org.au [203.26.10.16]) by hub.freebsd.org (Postfix) with ESMTP id 16A2237B401 for ; Thu, 14 Jun 2001 04:19:50 -0700 (PDT) (envelope-from bde@zeta.org.au) Received: from bde.zeta.org.au (bde.zeta.org.au [203.2.228.102]) by mailman.zeta.org.au (8.9.3/8.8.7) with ESMTP id VAA16793; Thu, 14 Jun 2001 21:19:45 +1000 Date: Thu, 14 Jun 2001 21:17:31 +1000 (EST) From: Bruce Evans X-Sender: bde@besplex.bde.org To: "Alexander N. Kabaev" Cc: freebsd-audit@FreeBSD.ORG Subject: Re: su/zsh problems, proposed fix In-Reply-To: <20010613143921.A65820@kanpc.gte.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, 13 Jun 2001, Alexander N. Kabaev wrote: > There is a problem with su in -CURRENT when used by the users who have zsh set > as their login shell. zsh never calls setpgrp on startup itself but rather > relies on its parent to do that if so desired. After PAM support has been added > to su in -CURRENT, causing su to change its previous behavior of doing exec to > run the command to fork+exec+waitpid sequence, running su -m from the command > line results in su and zsh processes both running in the same process group. I've been worrying about the corresponding extra process for login, but haven't found any serious problems yet (for SHELL=bash). > Now > if user presses ^C on the keyboard, SIGINT signal is dispatched to both su and > zsh processes. zsh runs in interactive mode, so it ignores the signal and > continues to run, while su itself dies. The parent shell process then detects > su's death and mistakenly tries to regain control over the terminal, conflicting > with the still alive shell which has been previously spawned by su. Failing > that, the parent shell dies abnormally with TTY input/output error message and > takes your xterm/login session/screen window/etc along. I think you mean tcsetpgrp, not just setpgrp (tscsetpgrp is what sets the process group for keyboard signals). I'm surprised zsh doesn't call it. Things are broken for SHELL=bash too. Signals work right after su to a passwordless account, but su to a passwordful account leaves signals apparently blocked for both su and the shell (^C has no effect). This is the opposite of the problem with zsh. There is an extra su process even for passwordless accounts although there is no extra login process for login to passwordless accounts. > Attached patch attempts to resolve this issue by changing su to ignore SIGINT, > SIGQUIT and SIGTSTP signals while waiting for the child to complete. I have been > running -CURRENT for at least two weeks now with the patch applied and I did not > have any problems with it so far. I submitted this patch to Mark Murray earlier > today and he did not have problem with it and he suggested that the patch should > be posted on audit@freebsd.org for further review. I don't think this is the correct fix. I would prefer the extra processes to not exist. Failing that, maybe su could do the [tc]setpgrp() calls for the child. It already does a tcsetpgrp() for the child if the child gets stopped. The corresponding code for the parent in login is much simpler. It is just "wait(NULL; PAM_END; exit(0);". This is too simple to be correct. It doesn't return the child's exit status). su.c also exits with a wrong value: it misuses the child's wait status. Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Thu Jun 14 6:36: 3 2001 Delivered-To: freebsd-audit@freebsd.org Received: from salmon.maths.tcd.ie (salmon.maths.tcd.ie [134.226.81.11]) by hub.freebsd.org (Postfix) with SMTP id BBF6637B403; Thu, 14 Jun 2001 06:35:59 -0700 (PDT) (envelope-from dwmalone@maths.tcd.ie) Received: from walton.maths.tcd.ie by salmon.maths.tcd.ie with SMTP id ; 14 Jun 2001 14:35:58 +0100 (BST) To: freebsd-audit@freebsd.org Cc: des@freebsd.org, rwatson@freebsd.org Subject: Allowing ident in a jail. X-Request-Do: Date: Thu, 14 Jun 2001 14:35:58 +0100 From: David Malone Message-ID: <200106141435.aa12577@salmon.maths.tcd.ie> Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG PR 28107 raises the issue that identd doesn't work inside a jail. This is because the getcred sysctl used to impliment the ident lookup doesn't allow a jailed root. This is probably reasonably sendible, as you don't want to leak info about other jails. However, I think it's possible to modify the getcred sysctls to use u_cansee to determine if the credentials associated with a socket and be viewed by the getcred caller. The way things work at the moment is that at the time a socket is created with the socket(2) call the credentials of the creating process are attached to that socket. Thus, if you call u_cansee on the cerdentials of the socket and the credentials of the process doing the getcred you should get the following semantics: 1) A unjailed getcred caller can get the creds for any socket. 2) A jailed getcred caller can only get the creds for a socket if that socket was created by a process in the same jail. This seems pretty safe and doesn't really leak any info from jail to jail. I've included a patch below which compiles, but which I haven't had a chance to test fully yet. I'd like to know what people think of this patch. I'm not sure if Robert would consider this an abuse of u_cansee. David. --- tcp_subr.c.orig Thu Jun 14 13:46:01 2001 +++ tcp_subr.c Thu Jun 14 13:52:24 2001 @@ -880,7 +880,7 @@ struct inpcb *inp; int error, s; - error = suser(req->p); + error = suser_xxx(0, req->p, PRISON_ROOT); if (error) return (error); error = SYSCTL_IN(req, addrs, sizeof(addrs)); @@ -893,6 +893,9 @@ error = ENOENT; goto out; } + error = u_cansee(req->p->p_ucred, inp->inp_socket->so_cred); + if (error) + goto out; bzero(&xuc, sizeof(xuc)); xuc.cr_uid = inp->inp_socket->so_cred->cr_uid; xuc.cr_ngroups = inp->inp_socket->so_cred->cr_ngroups; @@ -916,7 +919,7 @@ struct inpcb *inp; int error, s, mapped = 0; - error = suser(req->p); + error = suser_xxx(0, req->p, PRISON_ROOT); if (error) return (error); error = SYSCTL_IN(req, addrs, sizeof(addrs)); @@ -945,6 +948,9 @@ error = ENOENT; goto out; } + error = u_cansee(req->p->p_ucred, inp->inp_socket->so_cred); + if (error) + goto out; bzero(&xuc, sizeof(xuc)); xuc.cr_uid = inp->inp_socket->so_cred->cr_uid; xuc.cr_ngroups = inp->inp_socket->so_cred->cr_ngroups; To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Thu Jun 14 6:52:26 2001 Delivered-To: freebsd-audit@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id CD38237B406; Thu, 14 Jun 2001 06:52:08 -0700 (PDT) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.11.3/8.11.3) with SMTP id f5EDpqf25478; Thu, 14 Jun 2001 09:51:52 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Thu, 14 Jun 2001 09:51:52 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: David Malone Cc: freebsd-audit@freebsd.org, des@freebsd.org Subject: Re: Allowing ident in a jail. In-Reply-To: <200106141435.aa12577@salmon.maths.tcd.ie> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG David, Thanks for picking up on that PR -- I've actually known about the issue for a while, but have not had the opportunity to address it since the infrastructure was only in place recently. More comments below... On Thu, 14 Jun 2001, David Malone wrote: > PR 28107 raises the issue that identd doesn't work inside a jail. > This is because the getcred sysctl used to impliment the ident > lookup doesn't allow a jailed root. This is probably reasonably > sendible, as you don't want to leak info about other jails. > > However, I think it's possible to modify the getcred sysctls to > use u_cansee to determine if the credentials associated with a > socket and be viewed by the getcred caller. > > The way things work at the moment is that at the time a socket is > created with the socket(2) call the credentials of the creating > process are attached to that socket. Thus, if you call u_cansee on > the cerdentials of the socket and the credentials of the process > doing the getcred you should get the following semantics: This was actually part of the goal of moving the prison structure into the credential from the process: it would allow us to make access control decisions based on cached credentials. This is not possible in -STABLE because in -STABLE it's still p_prison as opposed to cr_prison. > 1) A unjailed getcred caller can get the creds for any socket. > 2) A jailed getcred caller can only get the creds for a socket > if that socket was created by a process in the same jail. > > This seems pretty safe and doesn't really leak any info from jail > to jail. This is as right as we can do for now, and is an acceptable solution (and the one I had in mind when I originally heard about this problem). It's actually not quite right, because really access control to a socket should be made on the socket as an object, not as a subject. I have a source tree with extensive local changes to introduce a notion of an "object label" that gets tagged into kernel objects, such as IP sockets, and is used for this type of access control. However, that won't be ready to commit for at least another month and a half. Your fix seems to be the best we can do for now, and given the jail model, is in practice identical in semantics. > I've included a patch below which compiles, but which I haven't had a > chance to test fully yet. I'd like to know what people think of this > patch. I'm not sure if Robert would consider this an abuse of u_cansee. I won't get a chance to test the patch for at least a couple of days due to travel; however, I do not consider this an abuse :-). After appropriate testing (in particular, verifying that information flow from other jails and from non-jails is limited), I'm comfortable with this change being committed. In the future, we'll change it to use object labeling, but this is the right answer for today. My only concern is that it will be very difficult to MFC due to its reliance on the jail code changing, and probably lots of intersection with the pcred/ucred collapse. As such, it may not be possible to MFC easily (and probably not at all: I'm not comfortable with MFC'ing the ucred/pcred collapse yet, because my regression tests aren't finished for all cases). Your patch looks good, please commit whenever you feel comfortable with it. Thanks, Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Thu Jun 14 7: 7: 2 2001 Delivered-To: freebsd-audit@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id 4DB0437B405; Thu, 14 Jun 2001 07:06:53 -0700 (PDT) (envelope-from des@ofug.org) Received: (from des@localhost) by flood.ping.uio.no (8.9.3/8.9.3) id QAA27952; Thu, 14 Jun 2001 16:06:50 +0200 (CEST) (envelope-from des@ofug.org) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: David Malone Cc: freebsd-audit@freebsd.org, rwatson@freebsd.org Subject: Re: Allowing ident in a jail. References: <200106141435.aa12577@salmon.maths.tcd.ie> From: Dag-Erling Smorgrav Date: 14 Jun 2001 16:06:50 +0200 In-Reply-To: <200106141435.aa12577@salmon.maths.tcd.ie> Message-ID: Lines: 22 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG David Malone writes: > This seems pretty safe and doesn't really leak any info from jail > to jail. - actually, this solution *does* have the potential of leaking information about non-jailed processes into the jail, *but* - to get into a scenario where a socket belonging to a non-jailed process is visible from within the jail, you have to jump through hoops and willingly do things that more or less cancel out the benefits of using a jail in the first place. So while David's patch isn't really a 100% correct fix for the problem described in the PR, it's a good enough compromise, and a much better solution than any I expected to find. (David already knows this; this is for the benefit of those who haven't read the private discussion he and I had on this subject) DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Thu Jun 14 7:18:53 2001 Delivered-To: freebsd-audit@freebsd.org Received: from h132-197-97-45.gte.com (h132-197-97-45.gte.com [132.197.97.45]) by hub.freebsd.org (Postfix) with ESMTP id 18D9A37B41D for ; Thu, 14 Jun 2001 07:18:31 -0700 (PDT) (envelope-from ak03@gte.com) Received: (from ak03@localhost) by h132-197-97-45.gte.com (8.11.4/8.11.4) id f5EEIFC03934; Thu, 14 Jun 2001 10:18:15 -0400 (EDT) (envelope-from ak03) Message-ID: X-Mailer: XFMail 1.4.7p2 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: Date: Thu, 14 Jun 2001 10:18:15 -0400 (EDT) Organization: Verizon Laboratories Inc. From: "Alexander N. Kabaev" To: Bruce Evans Subject: Re: su/zsh problems, proposed fix Cc: freebsd-audit@FreeBSD.ORG Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > > I've been worrying about the corresponding extra process for login, but > haven't found any serious problems yet (for SHELL=bash). > I think you mean tcsetpgrp, not just setpgrp (tscsetpgrp is what sets the > process group for keyboard signals). I'm surprised zsh doesn't call it. No I actually mean what I say. bash, ksh and our sh all call setpgrp(0, getpid()) at the startup time when they are running in interactive mode. zsh does not call setpgrp and that is the reason why it ends up in the same process group with its parent su process. This way when user pressed ^C, SIGINT signal is delivered to both, causing su to exit while leaving its child running. To operate properly, su should never exit _before_ the command it is running, and that is the reason why it should ignore termination signals while waiting for a child to complete. > Things are broken for SHELL=bash too. Signals work right after su to > a passwordless account, but su to a passwordful account leaves signals > apparently blocked for both su and the shell (^C has no effect). This > is the opposite of the problem with zsh. There is an extra su process > even for passwordless accounts although there is no extra login process > for login to passwordless accounts. This is a different problem than one I am reporting. > I don't think this is the correct fix. I would prefer the extra > processes to not exist. Failing that, maybe su could do the [tc]setpgrp() > calls for the child. It already does a tcsetpgrp() for the child if > the child gets stopped. The corresponding code for the parent in login > is much simpler. It is just "wait(NULL; PAM_END; exit(0);". This is > too simple to be correct. It doesn't return the child's exit status). > su.c also exits with a wrong value: it misuses the child's wait status. Yes, having two processed where there traditionally was just one is .. not convenient. As far as I understand, fork+exec is required solely to call PAM_EXIT do do a proper credentials cleanup, but unfortunately, I do not know how can it be done in any different way. Having su to call tcsetpgrp is useless, because it will effectively try to give control over the terminal to itself and presumably su's parent shell have already done that. Disabling signals so that su could never exit before its child because of keyboard related events seemed to me the most simple approach. > Bruce > If we'll agree on the exact stategy for fixing these problems, I am willing to work on that and submit patches for further review ASAP. ^C bug rates very high on my annoyance scale :) -------------------------------------------- E-Mail: Alexander N. Kabaev Date: 14-Jun-2001 Time: 09:58:10 -------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Thu Jun 14 7:31:11 2001 Delivered-To: freebsd-audit@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 257AA37B405 for ; Thu, 14 Jun 2001 07:30:59 -0700 (PDT) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.11.3/8.11.3) with SMTP id f5EEUgf26222; Thu, 14 Jun 2001 10:30:42 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Thu, 14 Jun 2001 10:30:41 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Dag-Erling Smorgrav Cc: David Malone , freebsd-audit@freebsd.org Subject: Re: Allowing ident in a jail. In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 14 Jun 2001, Dag-Erling Smorgrav wrote: > David Malone writes: > > This seems pretty safe and doesn't really leak any info from jail > > to jail. > > - actually, this solution *does* have the potential of leaking > information about non-jailed processes into the jail, *but* > > - to get into a scenario where a socket belonging to a non-jailed > process is visible from within the jail, you have to jump through > hoops and willingly do things that more or less cancel out the > benefits of using a jail in the first place. > > So while David's patch isn't really a 100% correct fix for the problem > described in the PR, it's a good enough compromise, and a much better > solution than any I expected to find. > > (David already knows this; this is for the benefit of those who haven't > read the private discussion he and I had on this subject) Well, it does leak information, but only if jails leak sockets. That is to say, the socket credential is determined at socket creation time, and if the socket migrates elsewhere over its lifetime (via fd transfer by virtue of unix domain socket ancillary data), then it will leak information. However, this relies on having at least two parties colluding: an entity in the first jail to create the socket, and an entity in the host environment willing to help transfer the socket (by creating some IPC vehicle for it, etc). The jail model is not intended to protect jails from the host environment, just from other jails, and only when namespaces have been appropriately configured. If you want the full gamut of protection, you need a full confidentiality/integrity MAC policy. I've largely implemented this (at least twice) as part of the TrustedBSD work, but it's nowhere near ready for production use, and I'll probably reimplement it at least once more before I'll be satisfied with it. Jail is intended to be lightweight and easy to use, providing decent protection, which it does. There are a number of architectural vulnerabilities to it, not least of which is that there are a number of ways a trusting host environment could be exploited by a malicious jail. Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Thu Jun 14 7:40:38 2001 Delivered-To: freebsd-audit@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id 496FE37B405; Thu, 14 Jun 2001 07:40:34 -0700 (PDT) (envelope-from des@ofug.org) Received: (from des@localhost) by flood.ping.uio.no (8.9.3/8.9.3) id QAA28144; Thu, 14 Jun 2001 16:40:32 +0200 (CEST) (envelope-from des@ofug.org) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: Robert Watson Cc: David Malone , freebsd-audit@FreeBSD.ORG Subject: Re: Allowing ident in a jail. References: From: Dag-Erling Smorgrav Date: 14 Jun 2001 16:40:32 +0200 In-Reply-To: Message-ID: Lines: 9 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Robert Watson writes: > Well, it does leak information, but only if jails leak sockets. [...] Yes. Is it really necessary to discuss this any further? It seems quite clear to me that we are in violent agreement :) DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Thu Jun 14 14:12:54 2001 Delivered-To: freebsd-audit@freebsd.org Received: from coffee.q9media.com (coffee.q9media.com [216.94.229.19]) by hub.freebsd.org (Postfix) with ESMTP id F214537B40B for ; Thu, 14 Jun 2001 14:12:44 -0700 (PDT) (envelope-from mike@q9media.com) Received: from [192.168.1.10] (vega.tct.net [216.94.230.13]) by coffee.q9media.com (8.11.2/8.11.2) with ESMTP id f5ELNqL71894; Thu, 14 Jun 2001 17:23:52 -0400 (EDT) (envelope-from mike@q9media.com) User-Agent: Microsoft-Outlook-Express-Macintosh-Edition/5.02.2022 Date: Thu, 14 Jun 2001 17:12:39 -0400 Subject: Re: whois(1) patch - commit ready From: Mike Barcroft To: Mike Heffner Cc: Garance A Drosihn , Message-ID: In-Reply-To: Mime-version: 1.0 Organization: q9 media Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 6/13/01 7:56 PM, Mike Heffner at mheffner@novacoxmail.com wrote: > On 05-Jun-2001 Mike Barcroft wrote: > | > | The patch at the following URL: > | http://testbed.q9media.net/freebsd/whois.patch > > Looks good, except: > > + if ((flags & WHOIS_INIC_FALLBACK) == 1 && nhost == NULL && > > should be: > > if ((flags & WHOIS_INIC_FALLBACK) != 0 ... Thanks, fixed. Best regards, Mike Barcroft To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Thu Jun 14 15:11:43 2001 Delivered-To: freebsd-audit@freebsd.org Received: from bazooka.unixfreak.org (bazooka.unixfreak.org [63.198.170.138]) by hub.freebsd.org (Postfix) with ESMTP id A9F6137B405 for ; Thu, 14 Jun 2001 15:11:40 -0700 (PDT) (envelope-from dima@unixfreak.org) Received: from hornet.unixfreak.org (hornet [63.198.170.140]) by bazooka.unixfreak.org (Postfix) with ESMTP id A33673E28; Thu, 14 Jun 2001 15:11:29 -0700 (PDT) To: Peter Pentchev Cc: audit@FreeBSD.org Subject: Re: fstat(1) patches to recognize FIFO's In-Reply-To: <20010614134953.E837@ringworld.oblivion.bg>; from roam@orbitel.bg on "Thu, 14 Jun 2001 13:49:53 +0300" Date: Thu, 14 Jun 2001 15:11:29 -0700 From: Dima Dorfman Message-Id: <20010614221129.A33673E28@bazooka.unixfreak.org> Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Peter Pentchev writes: > Index: src/usr.bin/fstat/fstat.c > =================================================================== > RCS file: /home/ncvs/src/usr.bin/fstat/fstat.c,v > retrieving revision 1.31 > diff -u -r1.31 fstat.c > --- src/usr.bin/fstat/fstat.c 2001/05/29 20:39:47 1.31 > +++ src/usr.bin/fstat/fstat.c 2001/06/14 10:48:52 > @@ -366,6 +366,13 @@ > file.f_flag); > } > #endif > +#ifdef DTYPE_FIFO > + else if (file.f_type == DTYPE_FIFO) { > + if (checkfile == 0) > + vtrans((struct vnode *)file.f_data, i, > + file.f_flag); Style bug. A second-level indent should be 4 spaces. Actually, this file is screwed up in this respect; at a quick glance, it looks like some of it uses 4 spaces, while some other parts indent to the opening parenthesis like you did above. Since it's already inconsistent, I think it's best to follow the current guideline, which is to indent 4 spaces. Other than that, looks great! Dima Dorfman dima@unixfreak.org > + } > +#endif > else { > dprintf(stderr, > "unknown file type %d for file %d of pid %d\n", > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-audit" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Jun 15 4:56:30 2001 Delivered-To: freebsd-audit@freebsd.org Received: from csunb0.leeds.ac.uk (csunb0.leeds.ac.uk [129.11.144.2]) by hub.freebsd.org (Postfix) with SMTP id E097737B401; Fri, 15 Jun 2001 04:56:27 -0700 (PDT) (envelope-from csxbcs@comp.leeds.ac.uk) Received: from cslin.leeds.ac.uk (csunc0.leeds.ac.uk [129.11.144.3]) by csunb0.leeds.ac.uk (8.6.12/8.6.12) with ESMTP id MAA07830; Fri, 15 Jun 2001 12:56:03 +0100 Received: from cslin032.leeds.ac.uk (cslin032 [129.11.146.32]) by cslin.leeds.ac.uk (8.9.3+Sun/) with ESMTP id MAA11431; Fri, 15 Jun 2001 12:56:03 +0100 (BST) Received: (from csxbcs@localhost) by cslin032.leeds.ac.uk (8.11.0/8.11.2) id f5FBu2Y31833; Fri, 15 Jun 2001 12:56:02 +0100 Date: Fri, 15 Jun 2001 12:56:02 +0100 From: Ben Smithurst To: audit@FreeBSD.org Cc: phk@FreeBSD.org, FreeBSD-gnats-submit@FreeBSD.org Subject: Re: bin/27990: ypbind uses memory after freeing it Message-ID: <20010615125602.A31582@comp.leeds.ac.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG [ cc'd to phk as my mentor for src commits... ] could someone please review this fairly simple patch for me? If someone could test it on -current too that would be great, I don't have a -current machine at the moment. It works fine on -stable though. It's had one review already but a few more can't hurt. http://www.FreeBSD.org/cgi/query-pr.cgi?pr=27990 -- Ben Smithurst / ben@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Jun 15 5: 1: 1 2001 Delivered-To: freebsd-audit@freebsd.org Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.86.163]) by hub.freebsd.org (Postfix) with ESMTP id 86C4C37B401; Fri, 15 Jun 2001 05:00:58 -0700 (PDT) (envelope-from phk@critter.freebsd.dk) Received: from critter (localhost [127.0.0.1]) by critter.freebsd.dk (8.11.3/8.11.3) with ESMTP id f5FC0mr75927; Fri, 15 Jun 2001 14:00:48 +0200 (CEST) (envelope-from phk@critter.freebsd.dk) To: Ben Smithurst Cc: audit@FreeBSD.org, FreeBSD-gnats-submit@FreeBSD.org Subject: Re: bin/27990: ypbind uses memory after freeing it In-Reply-To: Your message of "Fri, 15 Jun 2001 12:56:02 BST." <20010615125602.A31582@comp.leeds.ac.uk> Date: Fri, 15 Jun 2001 14:00:48 +0200 Message-ID: <75925.992606448@critter> From: Poul-Henning Kamp Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Looks good to my eyes, but I'm not able to test it. Poul-Henning In message <20010615125602.A31582@comp.leeds.ac.uk>, Ben Smithurst writes: >[ cc'd to phk as my mentor for src commits... ] > >could someone please review this fairly simple patch for me? If someone >could test it on -current too that would be great, I don't have a >-current machine at the moment. It works fine on -stable though. It's >had one review already but a few more can't hurt. > >http://www.FreeBSD.org/cgi/query-pr.cgi?pr=27990 > >-- >Ben Smithurst / ben@FreeBSD.org > -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Jun 15 5: 9: 8 2001 Delivered-To: freebsd-audit@freebsd.org Received: from ringworld.nanolink.com (ringworld.nanolink.com [195.24.48.13]) by hub.freebsd.org (Postfix) with SMTP id 9104F37B407 for ; Fri, 15 Jun 2001 05:08:02 -0700 (PDT) (envelope-from roam@orbitel.bg) Received: (qmail 33345 invoked by uid 1000); 15 Jun 2001 12:06:39 -0000 Date: Fri, 15 Jun 2001 15:06:39 +0300 From: Peter Pentchev To: audit@FreeBSD.org Cc: arch@FreeBSD.org Subject: new kldpath(8): display/modify the module search path Message-ID: <20010615150639.D94445@ringworld.oblivion.bg> Mail-Followup-To: audit@FreeBSD.org, arch@FreeBSD.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi, Attached is a shar of a new kld-family utility, which parses and modifies the kern.module_path sysctl in a script-friendly way. It might be useful in startup/shutdown scripts for programs using more than one module, or just to allow startup scripts to specify additional module directories (e.g. /usr/local/libexec/modules, or /usr/local/lib/au88x0). Sample use: [root@edge:p0 ~]# mkdir -p /usr/local/libexec/modules [root@edge:p0 ~]# mv /boot/kernel/accf_data.ko /usr/local/libexec/modules [root@edge:p0 ~]# mv /boot/kernel/accf_http.ko /usr/local/libexec/modules [root@edge:p0 ~]# kldpath -p Module path: /boot/kernel;/boot/modules;/modules [root@edge:p0 ~]# kldload accf_http.ko kldload: can't load accf_http.ko: No such file or directory [root@edge:p0 ~]# kldpath /usr/local/libexec/modules/ Module path: /boot/kernel;/boot/modules;/modules;/usr/local/libexec/modules [root@edge:p0 ~]# kldload accf_http.ko [root@edge:p0 ~]# kldpath -r /usr/local/libexec/modules Module path: /boot/kernel;/boot/modules;/modules [root@edge:p0 ~]# kldload accf_data.ko kldload: can't load accf_data.ko: No such file or directory [root@edge:p0 ~]# As shown, kldpath strips the trailing slash in the directory name, as this is the format the kernel linker wants the path in. There is an automatic __FreeBSD_version-based detection if the kernel linker might like the trailing slash present, and in RELENG_4 it is added. (OK, so 500000 might not be the best signpost for the point at which the kernel linker became able to deal with paths without kernel slashes, but I think this would be the slightest nit in anyone's comments/objections to this new utility :P ) Comments? Objections? Flames? Overwhelming reasons this should *not* go into base, other than 'it goes against the POLA of making the user tweak obscure, undocumented sysctl's, instead of using command-line utilities'? :) (not that this applies to FreeBSD in particular; I've found more than enough command-line utilities in FreeBSD to control all kinds of system behavior.) (And yes, kern.module_path is indeed undocumented..) G'luck, Peter -- This sentence no verb. # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # kldpath # kldpath/Makefile # kldpath/kldpath.8 # kldpath/kldpath.c # echo c - kldpath mkdir -p kldpath > /dev/null 2>&1 echo x - kldpath/Makefile sed 's/^X//' >kldpath/Makefile << 'END-of-kldpath/Makefile' X# X# Copyright (c) 2001 Peter Pentchev X# All rights reserved. X# X# Redistribution and use in source and binary forms, with or without X# modification, are permitted provided that the following conditions X# are met: X# 1. Redistributions of source code must retain the above copyright X# notice, this list of conditions and the following disclaimer. X# 2. Redistributions in binary form must reproduce the above copyright X# notice, this list of conditions and the following disclaimer in the X# documentation and/or other materials provided with the distribution. X# X# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND X# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE X# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE X# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE X# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL X# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS X# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) X# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT X# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY X# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF X# SUCH DAMAGE. X# X# $FreeBSD$ X# X XPROG= kldpath XMAN8= kldpath.8 X XWARNS?= 2 XFORMAT_AUDIT?= 1 X X.include END-of-kldpath/Makefile echo x - kldpath/kldpath.8 sed 's/^X//' >kldpath/kldpath.8 << 'END-of-kldpath/kldpath.8' X.\" X.\" Copyright (c) 2001 Peter Pentchev X.\" All rights reserved. X.\" X.\" Redistribution and use in source and binary forms, with or without X.\" modification, are permitted provided that the following conditions X.\" are met: X.\" 1. Redistributions of source code must retain the above copyright X.\" notice, this list of conditions and the following disclaimer. X.\" 2. Redistributions in binary form must reproduce the above copyright X.\" notice, this list of conditions and the following disclaimer in the X.\" documentation and/or other materials provided with the distribution. X.\" X.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND X.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE X.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE X.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE X.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL X.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS X.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) X.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT X.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY X.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF X.\" SUCH DAMAGE. X.\" X.\" $FreeBSD$ X.\" X.Dd June 15, 2001 X.Dt KLDPATH 8 X.Os FreeBSD X.Sh NAME X.Nm kldpath X.Nd display or modify the kernel module search path X.Sh SYNOPSIS X.Nm X.Op Fl fipqrv X.Op Fl S Ar name X.Op Ar path .. X.Sh DESCRIPTION XThe X.Nm Xdisplays or modifies the paths used by the kernel when loading modules Xusing the X.Xr kldload 8 Xutility or the X.Xr kldload 2 Xsyscall. X.Pp XThe following options are available: X.Bl -tag -width indent X.It Fl f XDo not display a diagnostic message if a path specified for adding does not Xpoint to an existing directory, or if a path specified for removing is not Xreally a part of the current module search path. XThis may be useful in startup/shutdown scripts for adding a path to Xa filesystem which is still not mounted, or in shutdown scripts for Xunconditionally removing a path that may have been added during startup. X.It Fl i XAdd a path to the beginning of the search path, not to the end. XThis option can only be used when adding paths. X.It Fl p XDisplay the current search path. XThe X.Fl p Xoption overrides any previous X.Fl q Xoptions. X.It Fl q XSuppress printing the result search path after adding or removing paths. X.It Fl r XRemove the specified path(s) from the module search path. X.It Fl S Ar name XSpecify the sysctl name to use instead of the default X.Sy kern.module_path . X.It Fl v XBe more verbose. X.El X.Sh FILES X.Bl -tag -width indent X.It Pa /boot/kernel/ /boot/modules/ /modules/ XThe default module search path used by the kernel. X.El X.Sh DIAGNOSTICS XThe X.Nm Xutility exits with a status of 0 on success Xand with a nonzero status if an error occurs. X.Sh SEE ALSO X.Xr kldload 2 , X.Xr kldload 8 , X.Xr sysctl 8 . X.Sh HISTORY XThe X.Nm Xcommand first appeared in X.Fx 5.0 . X.Sh AUTHORS X.An Peter Pentchev Aq roam@FreeBSD.org END-of-kldpath/kldpath.8 echo x - kldpath/kldpath.c sed 's/^X//' >kldpath/kldpath.c << 'END-of-kldpath/kldpath.c' X/* X * Copyright (c) 2001 Peter Pentchev X * All rights reserved. X * X * Redistribution and use in source and binary forms, with or without X * modification, are permitted provided that the following conditions X * are met: X * 1. Redistributions of source code must retain the above copyright X * notice, this list of conditions and the following disclaimer. X * 2. Redistributions in binary form must reproduce the above copyright X * notice, this list of conditions and the following disclaimer in the X * documentation and/or other materials provided with the distribution. X * X * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND X * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE X * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE X * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE X * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL X * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS X * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) X * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT X * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY X * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF X * SUCH DAMAGE. X */ X X#ifndef lint Xstatic const char rcsid[] = X "$FreeBSD$"; X#endif /* not lint */ X X#include X#include X#include X#include X#include X X#include X#include X#include X#include X#include X#include X#include X X#if defined(__FreeBSD_version) X#if __FreeBSD_version < 500000 X#define NEED_SLASHTERM X#endif /* < 500000 */ X#else /* defined(__FreeBSD_version) */ X/* just in case.. */ X#define NEED_SLASHTERM X#endif /* defined(__FreeBSD_version) */ X X/* the default sysctl name */ X#define PATHCTL "kern.module_path" X X/* queue structure for the module path broken down into components */ XTAILQ_HEAD(pathhead, pathentry); Xstruct pathentry { X char *path; X TAILQ_ENTRY(pathentry) next; X}; X X/* Command-line options */ X/* "-f" - no diag messages */ Xstatic int fflag; X/* "-i" - insert at the start of the path */ Xstatic int iflag; X X/* the Management Information Base entries for the search path sysctl */ Xstatic int mib[5]; Xstatic size_t miblen; X/* the sysctl name, defaults to PATHCTL */ Xstatic char *pathctl; X/* the sysctl value - the current module search path */ Xstatic char *modpath; X/* flag whether user actions require changing the sysctl value */ Xstatic int changed; X X/* Top-level path management functions */ Xstatic void addpath(struct pathhead *pathq, char *); Xstatic void rempath(struct pathhead *pathq, char *); Xstatic void showpath(struct pathhead *pathq); X X/* Low-level path management functions */ Xstatic void qclean(struct pathhead *pathq); Xstatic void qadd(struct pathhead *pathq, char *); Xstatic char *qstring(struct pathhead *pathq); X X/* sysctl-related functions */ Xstatic void getmib(void); Xstatic void getpath(struct pathhead *pathq); Xstatic void setpath(struct pathhead *pathq); X Xstatic void usage(void); X X/* Get the MIB entry for our sysctl */ Xstatic void Xgetmib(void) { X X /* have we already fetched it? */ X if (miblen != 0) X return; X X miblen = sizeof(mib) / sizeof(mib[0]); X if (sysctlnametomib(pathctl, mib, &miblen) != 0) X err(1, "sysctlnametomib(%s)", pathctl); X} X X/* Get the current module search path */ Xstatic void Xgetpath(struct pathhead *pathq) { X char *path; X size_t sz; X X if (modpath != NULL) X return; X X if (miblen == 0) X getmib(); X if (sysctl(mib, miblen, NULL, &sz, NULL, NULL) == -1) X err(1, "getting path: sysctl(%s) - size only", pathctl); X if ((path = malloc(sz + 1)) == NULL) { X errno = ENOMEM; X err(1, "allocating %u bytes for the path", sz+1); X } X if (sysctl(mib, miblen, path, &sz, NULL, NULL) == -1) X err(1, "getting path: sysctl(%s)", pathctl); X modpath = path; X X qclean(pathq); X qadd(pathq, modpath); X} X X/* Set the module search path after changing it */ Xstatic void Xsetpath(struct pathhead *pathq) { X char *newpath; X X if (miblen == 0) X getmib(); X if ((newpath = qstring(pathq)) == NULL) { X errno = ENOMEM; X err(1, "building path string"); X } X if (sysctl(mib, miblen, NULL, NULL, newpath, strlen(newpath)+1) == -1) X err(1, "setting path: sysctl(%s)", pathctl); X X if (modpath) X free(modpath); X modpath = newpath; X} X X/* Add/insert a new component to the module search path */ Xstatic void Xaddpath(struct pathhead *pathq, char *path) { X struct pathentry *pe; X char pathbuf[MAXPATHLEN+1]; X struct stat sb; X size_t len; X X /* is there such a thing? */ X if (realpath(path, pathbuf) == NULL) { X if (!fflag) X err(1, "resolving path %s: %s", path, pathbuf); X /* X * if -f specified, take the user path at face value X * (may be created later) X */ X strlcpy(pathbuf, path, sizeof(pathbuf)); X } X if (stat(pathbuf, &sb) == -1) { X if (!fflag) X err(1, "examining path %s", pathbuf); X } else if (!S_ISDIR(sb.st_mode)) { X if (!fflag) { X errno = ENOTDIR; X err(1, "%s", pathbuf); X } X } X X len = strlen(pathbuf); X#ifdef NEED_SLASHTERM X /* slash-terminate, because the kernel linker said so. */ X if ((len == 0) || (pathbuf[len-1] != '/')) { X if (len == sizeof(pathbuf) - 1) X errx(1, "path too long: %s", pathbuf); X pathbuf[len] = '/'; X } X#else /* NEED_SLASHTERM */ X /* remove a terminating slash if present */ X if ((len > 0) && (pathbuf[len-1] == '/')) X pathbuf[--len] = '\0'; X#endif /* NEED_SLASHTERM */ X X /* is it already in there? */ X TAILQ_FOREACH(pe, pathq, next) X if (!strcmp(pe->path, pathbuf)) X break; X if (pe != NULL) { X if (fflag) X return; X errx(1, "already in the module search path: %s", pathbuf); X } X X /* OK, allocate and add it. */ X if (((pe = malloc(sizeof(*pe))) == NULL) || X ((pe->path = strdup(pathbuf)) == NULL)) { X errno = ENOMEM; X err(1, "allocating path component"); X } X if (iflag) X TAILQ_INSERT_HEAD(pathq, pe, next); X else X TAILQ_INSERT_TAIL(pathq, pe, next); X changed = 1; X} X X/* Remove a path component from the module search path */ Xstatic void Xrempath(struct pathhead *pathq, char *path) { X char pathbuf[MAXPATHLEN+1]; X struct stat sb; X int valid; X struct pathentry *pe; X size_t len; X X /* X * If the path exists, use it; otherwise, take the user-specified X * path at face value - may be a removed directory. X */ X valid = 0; X if ((realpath(path, pathbuf) != NULL) && X (stat(pathbuf, &sb) == 0) && X S_ISDIR(sb.st_mode)) X valid = 1; X if (!valid) X strlcpy(pathbuf, path, sizeof(pathbuf)); X X len = strlen(pathbuf); X#ifdef NEED_SLASHTERM X /* slash-terminate, because the kernel linker said so. */ X if ((len == 0) || (pathbuf[len-1] != '/')) { X if (len == sizeof(pathbuf) - 1) X errx(1, "path too long: %s", pathbuf); X pathbuf[len] = '/'; X } X#else /* NEED_SLASHTERM */ X /* remove a terminating slash if present */ X if ((len > 0) && (pathbuf[len-1] == '/')) X pathbuf[--len] = '\0'; X#endif /* NEED_SLASHTERM */ X X /* Is it in there? */ X TAILQ_FOREACH(pe, pathq, next) X if (!strcmp(pe->path, pathbuf)) X break; X if (pe == NULL) { X if (fflag) X return; X errx(1, "not in module search path: %s", pathbuf); X } X X /* OK, remove it now.. */ X TAILQ_REMOVE(pathq, pe, next); X changed = 1; X} X X/* Display the retrieved module search path */ Xstatic void Xshowpath(struct pathhead *pathq) { X char *s; X X getpath(pathq); X if ((s = qstring(pathq)) == NULL) { X errno = ENOMEM; X err(1, "building path string"); X } X printf("Module path: %s\n", s); X free(s); X} X X/* Remove all queue entries */ Xstatic void Xqclean(struct pathhead *pathq) { X struct pathentry *pe; X X while (!TAILQ_EMPTY(pathq)) { X pe = TAILQ_FIRST(pathq); X TAILQ_REMOVE(pathq, pe, next); X free(pe->path); X free(pe); X } X} X X/* Break a string down into path components, store them into a queue */ Xstatic void Xqadd(struct pathhead *pathq, char *s) { X char *p; X struct pathentry *pe __unused; X X while ((p = strsep(&s, ";")) != NULL) { X if (((pe = malloc(sizeof(pe))) == NULL) || X ((pe->path = strdup(p)) == NULL)) { X errno = ENOMEM; X err(1, "allocating path element"); X } X TAILQ_INSERT_TAIL(pathq, pe, next); X } X} X X/* Recreate a path string from a components queue */ Xstatic char * Xqstring(struct pathhead *pathq) { X char *s, *p; X struct pathentry *pe; X X s = strdup(""); X TAILQ_FOREACH(pe, pathq, next) { X asprintf(&p, "%s%s%s", X s, pe->path, (TAILQ_NEXT(pe, next) != NULL? ";": "")); X free(s); X if (p == NULL) X return (NULL); X s = p; X } X X return (s); X} X X/* Usage message */ Xstatic void Xusage(void) { X X fprintf(stderr, "%s\n", X "usage: kldpath [-fipqrv] [-S sysctlname] [path..]"); X exit(1); X} X X/* Main function */ Xint Xmain(int argc, char *argv[]) { X /* getopt() iterator */ X int c; X /* iterator over argv[] path components */ X int i; X /* Command-line flags: */ X /* "-p" - print out the current search path */ X int pflag; X /* "-q" - quiet, do not print out the new path after changing it */ X int qflag; X /* "-v" - verbose operation (currently a no-op) */ X int vflag; X /* The higher-level function to call - add/remove */ X void (*act)(struct pathhead *, char *); X /* The module search path broken down into components */ X struct pathhead pathq; X X pflag = qflag = vflag = 0; X act = addpath; X if ((pathctl = strdup(PATHCTL)) == NULL) { X /* this is just too paranoid ;) */ X errno = ENOMEM; X err(1, "initializing sysctl name %s", PATHCTL); X } X X while ((c = getopt(argc, argv, "fipqrS:v")) != -1) X switch (c) { X case 'f': X fflag = 1; X break; X case 'i': X if (act != addpath) X usage(); X iflag = 1; X break; X case 'p': X pflag = 1; X break; X case 'q': X qflag = 1; X break; X case 'r': X if (iflag) X usage(); X act = rempath; X break; X case 'S': X free(pathctl); X if ((pathctl = strdup(optarg)) == NULL) { X errno = ENOMEM; X err(1, "sysctl name %s", optarg); X } X break; X case 'v': X vflag = 1; X break; X default: X usage(); X } X X argc -= optind; X argv += optind; X X TAILQ_INIT(&pathq); X X if (!pflag && (argc == 0)) X usage(); X X getpath(&pathq); X X /* Process the path arguments */ X for (i = 0; i < argc; i++) X act(&pathq, argv[i]); X X if (changed) X setpath(&pathq); X X if (pflag || (changed && !qflag)) X showpath(&pathq); X X return (0); X} END-of-kldpath/kldpath.c exit To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Jun 15 5:20:45 2001 Delivered-To: freebsd-audit@freebsd.org Received: from ringworld.nanolink.com (ringworld.nanolink.com [195.24.48.13]) by hub.freebsd.org (Postfix) with SMTP id 355E037B40C for ; Fri, 15 Jun 2001 05:20:29 -0700 (PDT) (envelope-from roam@orbitel.bg) Received: (qmail 33569 invoked by uid 1000); 15 Jun 2001 12:19:06 -0000 Date: Fri, 15 Jun 2001 15:19:06 +0300 From: Peter Pentchev To: Dima Dorfman Cc: audit@FreeBSD.org Subject: Re: fstat(1) patches to recognize FIFO's Message-ID: <20010615151906.H94445@ringworld.oblivion.bg> Mail-Followup-To: Dima Dorfman , audit@FreeBSD.org References: <20010614134953.E837@ringworld.oblivion.bg> <20010614221129.A33673E28@bazooka.unixfreak.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010614221129.A33673E28@bazooka.unixfreak.org>; from dima@unixfreak.org on Thu, Jun 14, 2001 at 03:11:29PM -0700 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, Jun 14, 2001 at 03:11:29PM -0700, Dima Dorfman wrote: [snip] > > Style bug. A second-level indent should be 4 spaces. Actually, this > file is screwed up in this respect; at a quick glance, it looks like > some of it uses 4 spaces, while some other parts indent to the opening > parenthesis like you did above. Since it's already inconsistent, I > think it's best to follow the current guideline, which is to indent 4 > spaces. > > Other than that, looks great! Objection noted. Here's an updated patch. Tab indents were only used in those two places in dofiles(), and it would be just my luck to blindly copy one of them and assume it to be the prevailing style for this file without checking :) And btw, no, I don't think it is worth it in this particular case to separate functionality and whitespace changes. Even the untrained eye can easily see that the first and third chunk are no-ops :) G'luck, Peter -- I am not the subject of this sentence. Index: src/usr.bin/fstat/fstat.c =================================================================== RCS file: /home/ncvs/src/usr.bin/fstat/fstat.c,v retrieving revision 1.31 diff -u -r1.31 fstat.c --- src/usr.bin/fstat/fstat.c 2001/05/29 20:39:47 1.31 +++ src/usr.bin/fstat/fstat.c 2001/06/15 12:17:52 @@ -363,13 +363,20 @@ else if (file.f_type == DTYPE_PIPE) { if (checkfile == 0) pipetrans((struct pipe *)file.f_data, i, - file.f_flag); + file.f_flag); } #endif +#ifdef DTYPE_FIFO + else if (file.f_type == DTYPE_FIFO) { + if (checkfile == 0) + vtrans((struct vnode *)file.f_data, i, + file.f_flag); + } +#endif else { dprintf(stderr, - "unknown file type %d for file %d of pid %d\n", - file.f_type, i, Pid); + "unknown file type %d for file %d of pid %d\n", + file.f_type, i, Pid); } } } To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Jun 15 6:36:17 2001 Delivered-To: freebsd-audit@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id EADE937B403; Fri, 15 Jun 2001 06:36:03 -0700 (PDT) (envelope-from des@ofug.org) Received: (from des@localhost) by flood.ping.uio.no (8.9.3/8.9.3) id PAA33353; Fri, 15 Jun 2001 15:36:00 +0200 (CEST) (envelope-from des@ofug.org) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: Peter Pentchev Cc: audit@FreeBSD.ORG, arch@FreeBSD.ORG Subject: Re: new kldpath(8): display/modify the module search path References: <20010615150639.D94445@ringworld.oblivion.bg> From: Dag-Erling Smorgrav Date: 15 Jun 2001 15:36:00 +0200 In-Reply-To: <20010615150639.D94445@ringworld.oblivion.bg> Message-ID: Lines: 12 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Peter Pentchev writes: > Comments? Objections? Flames? I think it's a good idea, especially if it does additional checking (like checking that the directory exists, and that it's owned by root and isn't world-writeable). BTW, we should use : instead of ; as separators. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Jun 15 7: 9:30 2001 Delivered-To: freebsd-audit@freebsd.org Received: from ringworld.nanolink.com (ringworld.nanolink.com [195.24.48.13]) by hub.freebsd.org (Postfix) with SMTP id DE10E37B407 for ; Fri, 15 Jun 2001 07:09:24 -0700 (PDT) (envelope-from roam@orbitel.bg) Received: (qmail 34596 invoked by uid 1000); 15 Jun 2001 14:08:00 -0000 Date: Fri, 15 Jun 2001 17:08:00 +0300 From: Peter Pentchev To: Dag-Erling Smorgrav Cc: audit@FreeBSD.ORG, arch@FreeBSD.ORG Subject: Re: new kldpath(8): display/modify the module search path Message-ID: <20010615170800.I94445@ringworld.oblivion.bg> Mail-Followup-To: Dag-Erling Smorgrav , audit@FreeBSD.ORG, arch@FreeBSD.ORG References: <20010615150639.D94445@ringworld.oblivion.bg> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from des@ofug.org on Fri, Jun 15, 2001 at 03:36:00PM +0200 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Fri, Jun 15, 2001 at 03:36:00PM +0200, Dag-Erling Smorgrav wrote: > Peter Pentchev writes: > > Comments? Objections? Flames? > > I think it's a good idea, especially if it does additional checking > (like checking that the directory exists, and that it's owned by root > and isn't world-writeable). It currently only checks that the directory exists, and this check can be overridden by specifying an -f flag, just in case a startup script is adding a directory that is to be mounted later. But yes, the root-owned and !world-writable checks are a nice idea. Maybe kldpath should go ldconfig's way: check everything by default, and have an -i (insecure) option? > BTW, we should use : instead of ; as separators. This change wouldn't be too difficult to make - a one-line change to src/sys/kern/kern_linker.c - but that file has the following comment: * The search path can be manipulated via sysctl. Note that we use the ';' * character as a separator to be consistent with the bootloader. So, it could be a problem.. G'luck, Peter -- Hey, out there - is it *you* reading me, or is it someone else? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Jun 15 12:25:15 2001 Delivered-To: freebsd-audit@freebsd.org Received: from meow.osd.bsdi.com (meow.osd.bsdi.com [204.216.28.88]) by hub.freebsd.org (Postfix) with ESMTP id 88A8F37B401; Fri, 15 Jun 2001 12:25:06 -0700 (PDT) (envelope-from jhb@FreeBSD.org) Received: from laptop.baldwin.cx (john@jhb-laptop.osd.bsdi.com [204.216.28.241]) by meow.osd.bsdi.com (8.11.3/8.11.2) with ESMTP id f5FJOw187760; Fri, 15 Jun 2001 12:24:59 -0700 (PDT) (envelope-from jhb@FreeBSD.org) Message-ID: X-Mailer: XFMail 1.4.0 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <20010615150639.D94445@ringworld.oblivion.bg> Date: Fri, 15 Jun 2001 12:25:01 -0700 (PDT) From: John Baldwin To: Peter Pentchev Subject: RE: new kldpath(8): display/modify the module search path Cc: arch@FreeBSD.org, audit@FreeBSD.org Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 15-Jun-01 Peter Pentchev wrote: > Hi, > > Attached is a shar of a new kld-family utility, which parses and modifies > the kern.module_path sysctl in a script-friendly way. It might be useful > in startup/shutdown scripts for programs using more than one module, > or just to allow startup scripts to specify additional module directories > (e.g. /usr/local/libexec/modules, or /usr/local/lib/au88x0). [ snip ] To me, it seems more sensible to use the same interface that ldconfig uses. I.e., kldpath /foo sets the entire path to /foo, and kldpath -m adds to the path, kldpath -r displays the current path, etc. That is just my opinion, however. I'll admit that ldconfig's interface is not always the most intuitive, but I think consistency between the two would be good. Also, I would leave -q on by default, and instead use a -v to turn on verbose mode. -- John Baldwin -- http://www.FreeBSD.org/~jhb/ PGP Key: http://www.baldwin.cx/~john/pgpkey.asc "Power Users Use the Power to Serve!" - http://www.FreeBSD.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Jun 15 12:38:40 2001 Delivered-To: freebsd-audit@freebsd.org Received: from ringworld.nanolink.com (ringworld.nanolink.com [195.24.48.13]) by hub.freebsd.org (Postfix) with SMTP id 61F0337B405 for ; Fri, 15 Jun 2001 12:38:24 -0700 (PDT) (envelope-from roam@ringworld.nanolink.com) Received: (qmail 43876 invoked by uid 1000); 15 Jun 2001 19:37:00 -0000 Date: Fri, 15 Jun 2001 22:37:00 +0300 From: Peter Pentchev To: John Baldwin Cc: arch@FreeBSD.org, audit@FreeBSD.org Subject: Re: new kldpath(8): display/modify the module search path Message-ID: <20010615223700.R94445@ringworld.oblivion.bg> Mail-Followup-To: John Baldwin , arch@FreeBSD.org, audit@FreeBSD.org References: <20010615150639.D94445@ringworld.oblivion.bg> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from jhb@FreeBSD.org on Fri, Jun 15, 2001 at 12:25:01PM -0700 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Fri, Jun 15, 2001 at 12:25:01PM -0700, John Baldwin wrote: > > On 15-Jun-01 Peter Pentchev wrote: > > Hi, > > > > Attached is a shar of a new kld-family utility, which parses and modifies > > the kern.module_path sysctl in a script-friendly way. It might be useful > > in startup/shutdown scripts for programs using more than one module, > > or just to allow startup scripts to specify additional module directories > > (e.g. /usr/local/libexec/modules, or /usr/local/lib/au88x0). > > [ snip ] > > To me, it seems more sensible to use the same interface that ldconfig uses. > I.e., kldpath /foo sets the entire path to /foo, and kldpath -m adds to the > path, kldpath -r displays the current path, etc. That is just my opinion, > however. I'll admit that ldconfig's interface is not always the most > intuitive, but I think consistency between the two would be good. Good point. This also meshes nicely with David O'Brien's suggestion of something like ldconfig's -i mode (or rather, his suggestion that kldpath's default mode should be secure, just like ldconfig). And BTW, before I rewrite the directory existence/mode checks, how should this deal with non-existent directories? Is there even a reason to assume that a non-existent directory will be created sometime later, or should this only allow adding existing dirs, and use -i to allow non-root-owned or world-writable dirs? Or should there be a way to add a non-existent dir after all, but only allowed by both -i and some other (-I? -f?) flag? > Also, I would leave -q on by default, and instead use a -v to turn on > verbose mode. I was thinking about this myself, but decided to leave verbose output in, at least for the debugging versions :) But it makes sense to turn it off, indeed. Thanks for the suggestins, I'll post a new version tomorrow or later tonight. (I *think* that 10:30pm is about time for me to leave work, if only to go home and dial in again :) G'luck, Peter -- No language can express every thought unambiguously, least of all this one. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Jun 15 12:42:58 2001 Delivered-To: freebsd-audit@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id B324C37B401; Fri, 15 Jun 2001 12:42:50 -0700 (PDT) (envelope-from des@ofug.org) Received: (from des@localhost) by flood.ping.uio.no (8.9.3/8.9.3) id VAA34720; Fri, 15 Jun 2001 21:42:47 +0200 (CEST) (envelope-from des@ofug.org) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: Peter Pentchev Cc: John Baldwin , arch@FreeBSD.ORG, audit@FreeBSD.ORG Subject: Re: new kldpath(8): display/modify the module search path References: <20010615150639.D94445@ringworld.oblivion.bg> <20010615223700.R94445@ringworld.oblivion.bg> From: Dag-Erling Smorgrav Date: 15 Jun 2001 21:42:47 +0200 In-Reply-To: <20010615223700.R94445@ringworld.oblivion.bg> Message-ID: Lines: 9 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Peter Pentchev writes: > Or should there be a way to add a non-existent dir after all, > but only allowed by both -i and some other (-I? -f?) flag? Just add a -f (force) flag that disables checks. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Jun 15 12:44:59 2001 Delivered-To: freebsd-audit@freebsd.org Received: from mass.dis.org (mass.dis.org [216.240.45.41]) by hub.freebsd.org (Postfix) with ESMTP id 170E437B415; Fri, 15 Jun 2001 12:44:47 -0700 (PDT) (envelope-from msmith@mass.dis.org) Received: from mass.dis.org (localhost [127.0.0.1]) by mass.dis.org (8.11.3/8.11.3) with ESMTP id f5FJtbT01171; Fri, 15 Jun 2001 12:55:38 -0700 (PDT) (envelope-from msmith@mass.dis.org) Message-Id: <200106151955.f5FJtbT01171@mass.dis.org> X-Mailer: exmh version 2.1.1 10/15/1999 To: John Baldwin Cc: Peter Pentchev , arch@FreeBSD.org, audit@FreeBSD.org Subject: Re: new kldpath(8): display/modify the module search path In-reply-to: Your message of "Fri, 15 Jun 2001 12:25:01 PDT." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 15 Jun 2001 12:55:37 -0700 From: Mike Smith Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > > > > Attached is a shar of a new kld-family utility, which parses and modifies > > the kern.module_path sysctl in a script-friendly way. It might be useful > > in startup/shutdown scripts for programs using more than one module, > > or just to allow startup scripts to specify additional module directories > > (e.g. /usr/local/libexec/modules, or /usr/local/lib/au88x0). > > [ snip ] > > To me, it seems more sensible to use the same interface that ldconfig uses. > I.e., kldpath /foo sets the entire path to /foo, and kldpath -m adds to the > path, kldpath -r displays the current path, etc. That is just my opinion, > however. I'll admit that ldconfig's interface is not always the most > intuitive, but I think consistency between the two would be good. > > Also, I would leave -q on by default, and instead use a -v to turn on > verbose mode. I'd second all this, and go one further; it should be called kldconfig. -- ... every activity meets with opposition, everyone who acts has his rivals and unfortunately opponents also. But not because people want to be opponents, rather because the tasks and relationships force people to take different points of view. [Dr. Fritz Todt] V I C T O R Y N O T V E N G E A N C E To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Jun 15 12:46:14 2001 Delivered-To: freebsd-audit@freebsd.org Received: from mass.dis.org (mass.dis.org [216.240.45.41]) by hub.freebsd.org (Postfix) with ESMTP id B3D5437B410; Fri, 15 Jun 2001 12:45:58 -0700 (PDT) (envelope-from msmith@mass.dis.org) Received: from mass.dis.org (localhost [127.0.0.1]) by mass.dis.org (8.11.3/8.11.3) with ESMTP id f5FJuiT01189; Fri, 15 Jun 2001 12:56:44 -0700 (PDT) (envelope-from msmith@mass.dis.org) Message-Id: <200106151956.f5FJuiT01189@mass.dis.org> X-Mailer: exmh version 2.1.1 10/15/1999 To: Dag-Erling Smorgrav Cc: Peter Pentchev , John Baldwin , arch@FreeBSD.ORG, audit@FreeBSD.ORG Subject: Re: new kldpath(8): display/modify the module search path In-reply-to: Your message of "15 Jun 2001 21:42:47 +0200." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 15 Jun 2001 12:56:44 -0700 From: Mike Smith Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > Peter Pentchev writes: > > Or should there be a way to add a non-existent dir after all, > > but only allowed by both -i and some other (-I? -f?) flag? > > Just add a -f (force) flag that disables checks. Don't check. -- ... every activity meets with opposition, everyone who acts has his rivals and unfortunately opponents also. But not because people want to be opponents, rather because the tasks and relationships force people to take different points of view. [Dr. Fritz Todt] V I C T O R Y N O T V E N G E A N C E To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Jun 15 12:51:42 2001 Delivered-To: freebsd-audit@freebsd.org Received: from ringworld.nanolink.com (ringworld.nanolink.com [195.24.48.13]) by hub.freebsd.org (Postfix) with SMTP id DCC3537B403 for ; Fri, 15 Jun 2001 12:51:35 -0700 (PDT) (envelope-from roam@ringworld.nanolink.com) Received: (qmail 44226 invoked by uid 1000); 15 Jun 2001 19:50:12 -0000 Date: Fri, 15 Jun 2001 22:50:12 +0300 From: Peter Pentchev To: Mike Smith Cc: Dag-Erling Smorgrav , John Baldwin , arch@FreeBSD.ORG, audit@FreeBSD.ORG Subject: Re: new kldpath(8): display/modify the module search path Message-ID: <20010615225012.T94445@ringworld.oblivion.bg> Mail-Followup-To: Mike Smith , Dag-Erling Smorgrav , John Baldwin , arch@FreeBSD.ORG, audit@FreeBSD.ORG References: <200106151956.f5FJuiT01189@mass.dis.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200106151956.f5FJuiT01189@mass.dis.org>; from msmith@freebsd.org on Fri, Jun 15, 2001 at 12:56:44PM -0700 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Fri, Jun 15, 2001 at 12:56:44PM -0700, Mike Smith wrote: > > Peter Pentchev writes: > > > Or should there be a way to add a non-existent dir after all, > > > but only allowed by both -i and some other (-I? -f?) flag? > > > > Just add a -f (force) flag that disables checks. > > Don't check. Don't check what - don't check for a directory existence? This could lead to problems - theoretically at least, a startup script could add a not-yet-mounted directory, and then some user (who can see the contents of the kern.module_path sysctl) could mount his own directory there, and invoke a module load.. I know this is paranoid, but ldconfig already performs these checks, and ignores non-existent directories. It's true that ldconfig only makes the pass at invocation time, so it does not have to deal with the problem of adding a non-existent dir for future reference, but even so, ldconfig warns about the problem, which means kldpath/kldconfig should error out :) Or maybe I've misunderstood your "don't check" comment. If so, apologies for the wasted bandwidth :) G'luck, Peter -- I am not the subject of this sentence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Jun 15 13: 0:15 2001 Delivered-To: freebsd-audit@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id EA81637B40A; Fri, 15 Jun 2001 12:59:59 -0700 (PDT) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.11.3/8.11.3) with SMTP id f5FJxif52180; Fri, 15 Jun 2001 15:59:45 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Fri, 15 Jun 2001 15:59:44 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Peter Pentchev Cc: Mike Smith , Dag-Erling Smorgrav , John Baldwin , arch@freebsd.org, audit@freebsd.org Subject: Re: new kldpath(8): display/modify the module search path In-Reply-To: <20010615225012.T94445@ringworld.oblivion.bg> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG So my feeling on this thread is that right now, if the administrator wants to specify that the kernel load from world readable directories, that's fine by me. I have some outstanding patches that begin to integrate MAC integrity support into the module loading code, and require that any file and directory tree used by kldload be marked as high integrity. These same limitations will also apply to userland processes running at high integrity, so I think Mike's point about not checking for now is fine. However, in writing this type of code, we want to be careful to not exclude future security policies, just not write them in now. Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Jun 15 13: 0:22 2001 Delivered-To: freebsd-audit@freebsd.org Received: from mass.dis.org (mass.dis.org [216.240.45.41]) by hub.freebsd.org (Postfix) with ESMTP id AEE9337B40C; Fri, 15 Jun 2001 13:00:01 -0700 (PDT) (envelope-from msmith@mass.dis.org) Received: from mass.dis.org (localhost [127.0.0.1]) by mass.dis.org (8.11.3/8.11.3) with ESMTP id f5FKAoT01353; Fri, 15 Jun 2001 13:10:51 -0700 (PDT) (envelope-from msmith@mass.dis.org) Message-Id: <200106152010.f5FKAoT01353@mass.dis.org> X-Mailer: exmh version 2.1.1 10/15/1999 To: Peter Pentchev Cc: arch@FreeBSD.ORG, audit@FreeBSD.ORG Subject: Re: new kldpath(8): display/modify the module search path In-reply-to: Your message of "Fri, 15 Jun 2001 22:50:12 +0300." <20010615225012.T94445@ringworld.oblivion.bg> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 15 Jun 2001 13:10:50 -0700 From: Mike Smith Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > > Don't check. > > Don't check what - don't check for a directory existence? > This could lead to problems - theoretically at least, a startup > script could add a not-yet-mounted directory, and then some > user (who can see the contents of the kern.module_path sysctl) > could mount his own directory there, and invoke a module load.. > > I know this is paranoid, but ldconfig already performs these > checks, and ignores non-existent directories. It's true that > ldconfig only makes the pass at invocation time, so it does > not have to deal with the problem of adding a non-existent dir > for future reference, but even so, ldconfig warns about the problem, > which means kldpath/kldconfig should error out :) > > Or maybe I've misunderstood your "don't check" comment. > If so, apologies for the wasted bandwidth :) IMO, ldconfig shouldn't check, and neither should kldconfig. However, my principal encouragement here is to make kldconfig behave as much like ldconfig as possible (where it makes sense), so yes, go ahead and check, but don't be deluded into thinking this actually offers any real security. The kldload codepath should still be checking modules wrt. security. -- ... every activity meets with opposition, everyone who acts has his rivals and unfortunately opponents also. But not because people want to be opponents, rather because the tasks and relationships force people to take different points of view. [Dr. Fritz Todt] V I C T O R Y N O T V E N G E A N C E To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Jun 15 13: 4:20 2001 Delivered-To: freebsd-audit@freebsd.org Received: from ringworld.nanolink.com (ringworld.nanolink.com [195.24.48.13]) by hub.freebsd.org (Postfix) with SMTP id BD7B737B401 for ; Fri, 15 Jun 2001 13:04:13 -0700 (PDT) (envelope-from roam@orbitel.bg) Received: (qmail 44420 invoked by uid 1000); 15 Jun 2001 20:02:50 -0000 Date: Fri, 15 Jun 2001 23:02:50 +0300 From: Peter Pentchev To: Mike Smith Cc: arch@FreeBSD.ORG, audit@FreeBSD.ORG Subject: Re: new kldpath(8): display/modify the module search path Message-ID: <20010615230249.V94445@ringworld.oblivion.bg> Mail-Followup-To: Mike Smith , arch@FreeBSD.ORG, audit@FreeBSD.ORG References: <20010615225012.T94445@ringworld.oblivion.bg> <200106152010.f5FKAoT01353@mass.dis.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200106152010.f5FKAoT01353@mass.dis.org>; from msmith@freebsd.org on Fri, Jun 15, 2001 at 01:10:50PM -0700 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Fri, Jun 15, 2001 at 01:10:50PM -0700, Mike Smith wrote: > > > Don't check. > > > > Don't check what - don't check for a directory existence? > > This could lead to problems - theoretically at least, a startup > > script could add a not-yet-mounted directory, and then some > > user (who can see the contents of the kern.module_path sysctl) > > could mount his own directory there, and invoke a module load.. > > > > I know this is paranoid, but ldconfig already performs these > > checks, and ignores non-existent directories. It's true that > > ldconfig only makes the pass at invocation time, so it does > > not have to deal with the problem of adding a non-existent dir > > for future reference, but even so, ldconfig warns about the problem, > > which means kldpath/kldconfig should error out :) > > > > Or maybe I've misunderstood your "don't check" comment. > > If so, apologies for the wasted bandwidth :) > > IMO, ldconfig shouldn't check, and neither should kldconfig. However, my > principal encouragement here is to make kldconfig behave as much like > ldconfig as possible (where it makes sense), so yes, go ahead and check, > but don't be deluded into thinking this actually offers any real security. > > The kldload codepath should still be checking modules wrt. security. OK, after some more discussion on IRC, it seems that the "don't check" approach is best, with kldload-time checking. I'll think some more about it when I get home. Thanks to all thread participatns for the feedback, I'll be back! :) G'luck, Peter -- This sentence would be seven words long if it were six words shorter. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Jun 15 13: 4:38 2001 Delivered-To: freebsd-audit@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 8EE3337B408; Fri, 15 Jun 2001 13:04:31 -0700 (PDT) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.11.3/8.11.3) with SMTP id f5FK4If52248; Fri, 15 Jun 2001 16:04:18 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Fri, 15 Jun 2001 16:04:18 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Mike Smith Cc: Peter Pentchev , arch@freebsd.org, audit@freebsd.org Subject: Re: new kldpath(8): display/modify the module search path In-Reply-To: <200106152010.f5FKAoT01353@mass.dis.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Fri, 15 Jun 2001, Mike Smith wrote: > IMO, ldconfig shouldn't check, and neither should kldconfig. However, > my principal encouragement here is to make kldconfig behave as much like > ldconfig as possible (where it makes sense), so yes, go ahead and check, > but don't be deluded into thinking this actually offers any real > security. My feeling here is that UNIX is about letting people shoot themselves in the feet--or alternatively, not hard-coding policy when we don't know everything about the environments where it will be used. I'd prefer we: 1) Ship with only secure directories are in the kernel and library paths. 2) Modify the daily security script to detect when that's not the case. 3) Un-modify ldconfig to perform the check, and not make similar kld tools do the check. It's a bit like all of the following: 1) We let people add stuff to LD_LIBRARY_PATH if they want. 2) We let people add stuff to their normal path if they want. 3) We let people put /bin/sh in an inetd.conf line if they want. 4) We let people put null password entries in the file, have multiple users with uid 0, ... We just don't do this by default, and in many cases provide warnings. Once we support MAC, then we can provide a twiddle that will allow the admin to mandatorily *prevent* users from doing stupid things. But having partial hacks everywhere that implement a tiny fraction of anything useful just unnecessarily breaks things in unexpected ways. Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Jun 15 19:18: 9 2001 Delivered-To: freebsd-audit@freebsd.org Received: from mail.rpi.edu (mail.rpi.edu [128.113.22.40]) by hub.freebsd.org (Postfix) with ESMTP id 8DA2837B40A for ; Fri, 15 Jun 2001 19:17:00 -0700 (PDT) (envelope-from drosih@rpi.edu) Received: from [128.113.24.47] (gilead.acs.rpi.edu [128.113.24.47]) by mail.rpi.edu (8.11.3/8.11.3) with ESMTP id f5G2Gup68370; Fri, 15 Jun 2001 22:16:56 -0400 Mime-Version: 1.0 X-Sender: drosih@mail.rpi.edu Message-Id: Date: Fri, 15 Jun 2001 22:16:54 -0400 To: freebsd-audit@freebsd.org, freebsd-print@bostonradio.org From: Garance A Drosihn Subject: Patch: new options for lpd, improved msgs for connect-errs Cc: Morgan Davis Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Main goals of this update to lpd: 1) add new option '-c', which will cause lpd to log appropriate messages via syslog for all connection-errors. 2) add new option '-w', which will cause lpd to accept connections from other hosts (generally Windows) even if the connection is NOT from a reserved port. 3) generally improve the helpfulness of the various connection error-messages. I realize this doesn't include an update to the man page yet, but I thought I'd first see if people wanted the new options to key off of other letters (instead of -c and -w). Some discussion: Back in July 1997, revision 1.6 (imp) of lpd dropped the check which required that incoming connections be coming from a reserved port. It looks like this was mistakenly copied from openbsd's lpd (I intend to check further). In at least my (RPI) environment, that check really needs to be there. The IPv6 update added that check back in. However, it then turns out that there are some implementations for lpr on Windows which do not bother at all with reserved ports, and those clients broke with the lpd in 4.3-release. The '-w' option is the quick fix so that people who want to accept connections from non-reserved ports can do so. Previous to this update, if a connection from a remote host to a freebsd print server failed, only the remote-host got the error messsage. And in some universes (ahem, windows) that message is not necessarily echoed to the user. The '-c' option causes connection- errors to be logged to syslog. My assumption is that the syslog-ing should not be done by default, because it would provide a remote user an easy way to fill up the syslog-files on your machine. You'll notice my error-writing routine takes TWO 'msg-format' strings, and (obviously) only one variable-list of parameters. This probably seems weird, particularly with the way I handle 'NULL' being sent for the first fmt-string, but other alternatives seemed even messier (IMO). I moved the reserved-port check to be the LAST check done (it had been the first), partially because I wanted to have the name of the remote host for the error messages printed. It's also partially because I was thinking there could be a "third file" that lpd might scan for hostnames it would allow a connection from (and thus a third pass in the current two-pass loop). Say, "/etc/hosts.lpd-extras", and maybe that third file would indicate specific hosts where a connection would be allowed from any port, instead of using '-w' to drop the reserved-port check for ALL hosts. I don't really want to implement this "third file" yet, as I have some other ideas where that "third file" might be useful. Also, there's a minor change in the format of error messages sent to the remote host. Assuming a print server named 'pserver.rpi.edu', the remote host would used to see messages like: pserver.rpi.edu: lpd: Your host does not have line printer access it now sees: lpd [@pserver.rpi.edu]: Your host (blah.rpi.edu) does not have print-service access I intend to do the same thing in the frecverr() routine in recvjob.c (in a later update). (just the 'lpd [@pserver]' part, I am not adding the client's hostname to all the error messages). - - - - - - - So, please look this over, try it out, let me know what you think about it. This shouldn't change any of the actual CHECKS that are being done, it should just change the error messages which result. But, also let me know if any of the checks could be improved (in a security-paranoid sense). Also let me know if the messages to syslog could be more helpful to potentially-harried administrators trying to figure out why some client isn't able to connect... - - - - - - - Index: lpd/lpd.c =================================================================== RCS file: /home/ncvs/src/usr.sbin/lpr/lpd/lpd.c,v retrieving revision 1.25 diff -u -r1.25 lpd.c --- lpd/lpd.c 2001/06/16 00:14:02 1.25 +++ lpd/lpd.c 2001/06/16 01:10:34 @@ -112,8 +112,10 @@ static void mcleanup(int _signo); static void doit(void); static void startup(void); -static void chkhost(struct sockaddr *_f); +static void chkhost(struct sockaddr *_f, int _ch_opts); static int ckqueue(struct printer *_pp); +static void fhosterr(int _dosys, const char *_sysmsg, const char *_usermsg, + ...); static int *socksetup(int _af, int _debuglvl); static void usage(void); @@ -123,10 +125,13 @@ uid_t uid, euid; +#define LPD_NOPORTCHK 0001 /* skip reserved-port check */ +#define LPD_LOGCONNERR 0002 /* (sys)log connection errors */ + int main(int argc, char **argv) { - int errs, f, funix, *finet, fromlen, i, options, socket_debug; + int ch_options, errs, f, funix, *finet, fromlen, i, socket_debug; fd_set defreadfds; struct sockaddr_un un, fromunix; struct sockaddr_storage frominet; @@ -137,6 +142,8 @@ euid = geteuid(); /* these shouldn't be different */ uid = getuid(); + + ch_options = 0; socket_debug = 0; gethostname(local_host, sizeof(local_host)); @@ -146,8 +153,12 @@ errx(EX_NOPERM,"must run as root"); errs = 0; - while ((i = getopt(argc, argv, "dlp46")) != -1) + while ((i = getopt(argc, argv, "cdlpw46")) != -1) switch (i) { + case 'c': + /* log all kinds of connection-errors to syslog */ + ch_options |= LPD_LOGCONNERR; + break; case 'd': socket_debug++; break; @@ -157,6 +168,11 @@ case 'p': pflag++; break; + case 'w': + /* allow connections coming from a non-reserved port */ + /* (done by some lpr-implementations for MS-Windows) */ + ch_options |= LPD_NOPORTCHK; + break; case '4': family = PF_INET; inet_flag++; @@ -366,7 +382,8 @@ if (domain == AF_INET) { /* for both AF_INET and AF_INET6 */ from_remote = 1; - chkhost((struct sockaddr *)&frominet); + chkhost((struct sockaddr *)&frominet, + ch_options); } else from_remote = 0; doit(); @@ -600,36 +617,40 @@ #define DUMMY ":nobody::" /* - * Check to see if the from host has access to the line printer. + * Check to see if the host connecting to this host has access to any + * lpd services on this host. */ static void -chkhost(struct sockaddr *f) +chkhost(struct sockaddr *f, int ch_opts) { struct addrinfo hints, *res, *r; register FILE *hostf; - int first = 1; - int good = 0; char hostbuf[NI_MAXHOST], ip[NI_MAXHOST]; char serv[NI_MAXSERV]; - int error, addrlen; - caddr_t addr; + int error, errsav, fpass, good, wantsl; - error = getnameinfo(f, f->sa_len, NULL, 0, serv, sizeof(serv), - NI_NUMERICSERV); - if (error || atoi(serv) >= IPPORT_RESERVED) - fatal(0, "Malformed from address"); + wantsl = 0; + if (ch_opts & LPD_LOGCONNERR) + wantsl = 1; /* also syslog the errors */ + from_host = ".na."; + /* Need real hostname for temporary filenames */ error = getnameinfo(f, f->sa_len, hostbuf, sizeof(hostbuf), NULL, 0, NI_NAMEREQD); if (error) { + errsav = error; error = getnameinfo(f, f->sa_len, hostbuf, sizeof(hostbuf), NULL, 0, NI_NUMERICHOST | NI_WITHSCOPEID); if (error) - fatal(0, "Host name for your address unknown"); + fhosterr(wantsl, + "can not determine hostname for remote host (%d)", + "Host name for your address not known", error); else - fatal(0, "Host name for your address (%s) unknown", - hostbuf); + fhosterr(wantsl, + "Host name for remote host (%s) not known (%d)", + "Host name for your address (%s) not known", + hostbuf, errsav); } strlcpy(frombuf, hostbuf, sizeof(frombuf)); @@ -639,7 +660,8 @@ error = getnameinfo(f, f->sa_len, hostbuf, sizeof(hostbuf), NULL, 0, NI_NUMERICHOST | NI_WITHSCOPEID); if (error) - fatal(0, "Cannot print address"); + fhosterr(wantsl, "Cannot print IP address (error %d)", + "Cannot print IP address", error); from_ip = strdup(hostbuf); /* Reject numeric addresses */ @@ -649,7 +671,8 @@ hints.ai_flags = AI_PASSIVE | AI_NUMERICHOST; if (getaddrinfo(from_host, NULL, &hints, &res) == 0) { freeaddrinfo(res); - fatal(0, "reverse lookup results in non-FQDN %s", from_host); + fhosterr(wantsl, NULL, "reverse lookup results in non-FQDN %s", + from_host); } /* Check for spoof, ala rlogind */ @@ -658,38 +681,120 @@ hints.ai_socktype = SOCK_DGRAM; /*dummy*/ error = getaddrinfo(from_host, NULL, &hints, &res); if (error) { - fatal(0, "hostname for your address (%s) unknown: %s", from_ip, - gai_strerror(error)); + fhosterr(wantsl, "dns lookup for address %s failed: %s", + "hostname for your address (%s) unknown: %s", from_ip, + gai_strerror(error)); } good = 0; for (r = res; good == 0 && r; r = r->ai_next) { error = getnameinfo(r->ai_addr, r->ai_addrlen, ip, sizeof(ip), - NULL, 0, NI_NUMERICHOST | NI_WITHSCOPEID); + NULL, 0, NI_NUMERICHOST | NI_WITHSCOPEID); if (!error && !strcmp(from_ip, ip)) good = 1; } if (res) freeaddrinfo(res); if (good == 0) - fatal(0, "address for your hostname (%s) not matched", - from_ip); + fhosterr(wantsl, "address for remote host (%s) not matched", + "address for your hostname (%s) not matched", from_ip); + fpass = 1; hostf = fopen(_PATH_HOSTSEQUIV, "r"); again: if (hostf) { if (__ivaliduser_sa(hostf, f, f->sa_len, DUMMY, DUMMY) == 0) { (void) fclose(hostf); - return; + goto foundhost; } (void) fclose(hostf); } - if (first == 1) { - first = 0; + if (fpass == 1) { + fpass = 2; hostf = fopen(_PATH_HOSTSLPD, "r"); goto again; } - fatal(0, "Your host does not have line printer access"); + fhosterr(wantsl, "refused connection from %s", + "Your host (%s) does not have print-service access", from_host); /*NOTREACHED*/ + +foundhost: + if (ch_opts & LPD_NOPORTCHK) + return; /* skip the reserved-port check */ + + error = getnameinfo(f, f->sa_len, NULL, 0, serv, sizeof(serv), + NI_NUMERICSERV); + if (error) + fhosterr(wantsl, NULL, "malformed from-address (%d)", error); + + if (atoi(serv) >= IPPORT_RESERVED) + fhosterr(wantsl, NULL, "connected from invalid port (%s)", + serv); +} + +#include +/* + * Handle fatal errors in chkhost. The first message will optionally be sent + * to syslog, the second one is sent to the connecting host. If the first + * message is NULL, then the same message is used for both. Note that the + * argument list for both messages are assumed to be the same (or at least + * the initial arguments for one must be EXACTLY the same as the complete + * argument list for the other message). + * + * The idea is that the syslog message is meant for an administrator of a + * print server (the host receiving connections), while the usermsg is meant + * for a remote user who may or may not be clueful, and may or may not be + * doing something nefarious. Some remote users (eg, MS-Windows...) may not + * even see whatever message is sent, which is why there's the option to + * start 'lpd' with the connection-errors also sent to syslog. + * + * Given that hostnames can theoretically be fairly long (well, over 250 + * bytes), it would probably be helpful to have the 'from_host' field at + * the end of any error messages which include that info. + */ +void +fhosterr(int dosys, const char *sysmsg, const char *usermsg, ...) +{ + va_list ap; + char *sbuf, *ubuf; + const char *testone; + + va_start(ap, usermsg); + vasprintf(&ubuf, usermsg, ap); + va_end(ap); + + if (dosys) { + sbuf = ubuf; /* assume sysmsg == NULL */ + if (sysmsg != NULL) { + va_start(ap, usermsg); + vasprintf(&sbuf, sysmsg, ap); + va_end(ap); + } + /* + * If the first variable-parameter is not the 'from_host', + * then first write THAT information as a line to syslog. + */ + va_start(ap, usermsg); + testone = va_arg(ap, const char *); + if (testone != from_host) { + syslog(LOG_WARNING, "for connection from %s:", from_host); + } + va_end(ap); + + /* now write the syslog message */ + syslog(LOG_WARNING, "%s", sbuf); + } + + printf("%s [@%s]: %s\n", progname, local_host, ubuf); + fflush(stdout); + + /* + * Add a minimal delay before exiting (and disconnecting from the + * sending-host). This is just in case that machine responds by + * INSTANTLY retrying (and instantly re-failing...). This may also + * give the other side more time to read the error message. + */ + sleep(2); /* a paranoid throttling measure */ + exit(1); } /* setup server socket for specified address family */ @@ -777,9 +882,9 @@ usage(void) { #ifdef INET6 - fprintf(stderr, "usage: lpd [-dlp46] [port#]\n"); + fprintf(stderr, "usage: lpd [-cdlpw46] [port#]\n"); #else - fprintf(stderr, "usage: lpd [-dlp] [port#]\n"); + fprintf(stderr, "usage: lpd [-cdlpw] [port#]\n"); #endif exit(EX_USAGE); } -- Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu Senior Systems Programmer or gad@freebsd.org Rensselaer Polytechnic Institute or drosih@rpi.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Jun 15 19:27:11 2001 Delivered-To: freebsd-audit@freebsd.org Received: from harmony.village.org (rover.bsdimp.com [204.144.255.66]) by hub.freebsd.org (Postfix) with ESMTP id 9BB9737B409 for ; Fri, 15 Jun 2001 19:27:06 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.11.3/8.11.1) with ESMTP id f5G2R3V26648; Fri, 15 Jun 2001 20:27:03 -0600 (MDT) (envelope-from imp@harmony.village.org) Message-Id: <200106160227.f5G2R3V26648@harmony.village.org> To: Garance A Drosihn Subject: Re: Patch: new options for lpd, improved msgs for connect-errs Cc: freebsd-audit@FreeBSD.ORG, freebsd-print@bostonradio.org, Morgan Davis In-reply-to: Your message of "Fri, 15 Jun 2001 22:16:54 EDT." References: Date: Fri, 15 Jun 2001 20:27:03 -0600 From: Warner Losh Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In message Garance A Drosihn writes: : Back in July 1997, revision 1.6 (imp) of lpd dropped the check : which required that incoming connections be coming from a reserved : port. It looks like this was mistakenly copied from openbsd's lpd : (I intend to check further). In at least my (RPI) environment, : that check really needs to be there. Yes. This check should be there. It was a mistake on my part to have removed it. I do understand why some folks need it, and why some folks don't want it. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Jun 15 19:34:22 2001 Delivered-To: freebsd-audit@freebsd.org Received: from mail.rpi.edu (mail.rpi.edu [128.113.22.40]) by hub.freebsd.org (Postfix) with ESMTP id 38C3C37B409 for ; Fri, 15 Jun 2001 19:34:12 -0700 (PDT) (envelope-from drosih@rpi.edu) Received: from [128.113.24.47] (gilead.acs.rpi.edu [128.113.24.47]) by mail.rpi.edu (8.11.3/8.11.3) with ESMTP id f5G2Wrp10598; Fri, 15 Jun 2001 22:32:53 -0400 Mime-Version: 1.0 X-Sender: drosih@mail.rpi.edu (Unverified) Message-Id: In-Reply-To: <200106160227.f5G2R3V26648@harmony.village.org> References: <200106160227.f5G2R3V26648@harmony.village.org> Date: Fri, 15 Jun 2001 22:32:25 -0400 To: Warner Losh From: Garance A Drosihn Subject: Re: Patch: new options for lpd, improved msgs for connect-errs Cc: freebsd-audit@FreeBSD.org, freebsd-print@bostonradio.org, Morgan Davis Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG At 8:27 PM -0600 6/15/01, Warner Losh wrote: > Garance A Drosihn writes: >: Back in July 1997, revision 1.6 (imp) of lpd dropped the check >: which required that incoming connections be coming from a reserved >: port. It looks like this was mistakenly copied from openbsd's lpd >: (I intend to check further). In at least my (RPI) environment, >: that check really needs to be there. > >Yes. This check should be there. It was a mistake on my part to >have removed it. I do understand why some folks need it, and why >some folks don't want it. Well, to me the interesting thing is that you DID copy this change from openbsd, so I also want to figure out why openbsd dropped the check. Their cvslog entry implies that it was getting checked "elsewhere", but I suspect that the change in openbsd was also a mistake (I think the patch deleted more than it really wanted to). So, I want to check how openbsd's lpd behaves when I get home, and then maybe drop Theo a line. -- Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu Senior Systems Programmer or gad@freebsd.org Rensselaer Polytechnic Institute or drosih@rpi.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Jun 15 22:51: 0 2001 Delivered-To: freebsd-audit@freebsd.org Received: from assaris.sics.se (h122n4fls32o892.telia.com [213.64.47.122]) by hub.freebsd.org (Postfix) with ESMTP id E9C3A37B406 for ; Fri, 15 Jun 2001 22:50:44 -0700 (PDT) (envelope-from assar@assaris.sics.se) Received: (from assar@localhost) by assaris.sics.se (8.9.3/8.9.3) id HAA12880; Sat, 16 Jun 2001 07:50:49 +0200 (CEST) (envelope-from assar) To: freebsd-audit@freebsd.org Subject: *printf simplifications? From: Assar Westerlund Date: 16 Jun 2001 07:50:48 +0200 Message-ID: <5lelslx9af.fsf@assaris.sics.se> Lines: 5 User-Agent: Gnus/5.070098 (Pterodactyl Gnus v0.98) Emacs/20.6 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --=-=-= Any reason not to commit this? /assar --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=libcd Index: asprintf.c =================================================================== RCS file: /home/ncvs/src/lib/libc/stdio/asprintf.c,v retrieving revision 1.7 diff -u -w -r1.7 asprintf.c --- asprintf.c 2001/02/11 22:06:39 1.7 +++ asprintf.c 2001/06/16 05:45:30 @@ -54,30 +54,13 @@ { int ret; va_list ap; - FILE f; #if __STDC__ va_start(ap, fmt); #else va_start(ap); #endif - f._file = -1; - f._flags = __SWR | __SSTR | __SALC; - f._bf._base = f._p = (unsigned char *)malloc(128); - if (f._bf._base == NULL) { - *str = NULL; - errno = ENOMEM; - return (-1); - } - f._bf._size = f._w = 127; /* Leave room for the NULL */ - ret = __vfprintf(&f, fmt, ap); /* Use unlocked __vfprintf */ - *f._p = '\0'; + ret = vasprintf(str, fmt, ap); va_end(ap); - f._bf._base = reallocf(f._bf._base, f._bf._size + 1); - if (f._bf._base == NULL) { - errno = ENOMEM; - ret = -1; - } - *str = (char *)f._bf._base; return (ret); } Index: snprintf.c =================================================================== RCS file: /home/ncvs/src/lib/libc/stdio/snprintf.c,v retrieving revision 1.14 diff -u -w -r1.14 snprintf.c --- snprintf.c 2001/06/16 05:37:57 1.14 +++ snprintf.c 2001/06/16 05:45:30 @@ -64,30 +64,15 @@ va_dcl #endif { - size_t on; - int ret; va_list ap; - FILE f; + int ret; - on = n; - if (n != 0) - n--; - if (n > INT_MAX) - n = INT_MAX; #if __STDC__ va_start(ap, fmt); #else va_start(ap); #endif - f._file = -1; - f._flags = __SWR | __SSTR; - f._bf._base = f._p = (unsigned char *)str; - f._bf._size = f._w = n; - ret = __vfprintf(&f, fmt, ap); - if (on > 0) - *f._p = '\0'; + ret = vsnprintf(str, n, fmt, ap); va_end(ap); - if (str == NULL) - free(f._bf._base); return (ret); } Index: sprintf.c =================================================================== RCS file: /home/ncvs/src/lib/libc/stdio/sprintf.c,v retrieving revision 1.8 diff -u -w -r1.8 sprintf.c --- sprintf.c 2001/06/16 05:37:57 1.8 +++ sprintf.c 2001/06/16 05:45:30 @@ -63,21 +63,13 @@ { int ret; va_list ap; - FILE f; - f._file = -1; - f._flags = __SWR | __SSTR; - f._bf._base = f._p = (unsigned char *)str; - f._bf._size = f._w = INT_MAX; #if __STDC__ va_start(ap, fmt); #else va_start(ap); #endif - ret = __vfprintf(&f, fmt, ap); + ret = vsprintf(str, fmt, ap); va_end(ap); - *f._p = 0; - if (str == NULL) - free(f._bf._base); return (ret); } Index: vsprintf.c =================================================================== RCS file: /home/ncvs/src/lib/libc/stdio/vsprintf.c,v retrieving revision 1.8 diff -u -w -r1.8 vsprintf.c --- vsprintf.c 2001/06/16 05:37:57 1.8 +++ vsprintf.c 2001/06/16 05:45:30 @@ -52,16 +52,5 @@ const char *fmt; _BSD_VA_LIST_ ap; { - int ret; - FILE f; - - f._file = -1; - f._flags = __SWR | __SSTR; - f._bf._base = f._p = (unsigned char *)str; - f._bf._size = f._w = INT_MAX; - ret = __vfprintf(&f, fmt, ap); - *f._p = 0; - if (str == NULL) - free(f._bf._base); - return (ret); + return (vsnprintf(str, INT_MAX, fmt, ap)); } --=-=-=-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Jun 15 23:27:53 2001 Delivered-To: freebsd-audit@freebsd.org Received: from iatl0x01.coxmail.com (iatl1x01.coxmail.com [206.157.231.23]) by hub.freebsd.org (Postfix) with ESMTP id A8DBD37B410; Fri, 15 Jun 2001 23:27:35 -0700 (PDT) (envelope-from mheffner@novacoxmail.com) Received: from enterprise.muriel.penguinpowered.com ([208.138.198.178]) by iatl0x01.coxmail.com (InterMail vK.4.03.02.00 201-232-124 license 85f4f10023be2bd3bce00b3a38363ea2) with ESMTP id <20010616062734.NHDC1034.iatl0x01@enterprise.muriel.penguinpowered.com>; Sat, 16 Jun 2001 02:27:34 -0400 Message-ID: X-Mailer: XFMail 1.4.7 on FreeBSD X-Priority: 3 (Normal) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="_=XFMail.1.4.7.FreeBSD:20010616022449:63573=_"; micalg=pgp-md5; protocol="application/pgp-signature" MYHEADER: test Date: Sat, 16 Jun 2001 02:24:49 -0400 (EDT) Reply-To: Mike Heffner From: Mike Heffner To: FreeBSD-audit Subject: Re: bin/15456 usage fix and bug fix Cc: freebsd-gnats-submit@freebsd.org Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG This message is in MIME format --_=XFMail.1.4.7.FreeBSD:20010616022449:63573=_ Content-Type: text/plain; charset=us-ascii Could someone take a quick look at the patch attached. It's to close pr bin/15456, but is slightly different than the patch in the pr. The main difference is the change pid->pidset. It appears this is a bug, because pid can be unitialized and testing against it isn't right. Thanks, Mike -- Mike Heffner Fredericksburg, VA http://filebox.vt.edu/users/mheffner Index: ktrace.1 =================================================================== RCS file: /home/ncvs/src/usr.bin/ktrace/ktrace.1,v retrieving revision 1.9 diff -u -r1.9 ktrace.1 --- ktrace.1 2000/11/20 19:20:51 1.9 +++ ktrace.1 2001/06/16 06:16:50 @@ -42,8 +42,7 @@ .Nm .Op Fl aCcdi .Op Fl f Ar trfile -.Op Fl g Ar pgrp -.Op Fl p Ar pid +.Op Fl g Ar pgrp | Fl p Ar pid .Op Fl t Ar trstr .Nm .Op Fl adi Index: ktrace.c =================================================================== RCS file: /home/ncvs/src/usr.bin/ktrace/ktrace.c,v retrieving revision 1.14 diff -u -r1.14 ktrace.c --- ktrace.c 2000/09/04 06:09:46 1.14 +++ ktrace.c 2001/06/16 06:16:50 @@ -131,7 +131,7 @@ trpoints = ALL_POINTS; pid = 1; } else - ops |= pid ? KTROP_CLEAR : KTROP_CLEARFILE; + ops |= pidset ? KTROP_CLEAR : KTROP_CLEARFILE; if (ktrace(tracefile, ops, trpoints, pid) < 0) err(1, "%s", tracefile); @@ -186,8 +186,8 @@ usage() { (void)fprintf(stderr, "%s\n%s\n", -"usage: ktrace [-aCcid] [-f trfile] [-g pgid] [-p pid] [-t [cnisuv]", -" ktrace [-aCcid] [-f trfile] [-t [cnisuw] command"); +"usage: ktrace [-aCcdi] [-f trfile] [-g pgrp | -p pid] [-t cnisuw]", +" ktrace [-adi] [-f trfile] [-t cnisuw] command"); exit(1); } --_=XFMail.1.4.7.FreeBSD:20010616022449:63573=_ Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7KvuxFokZQs3sv5kRAm5bAJ9Fwvrj9n+dkHBfv46zIdy27NG6EgCfaYsf b2v8B7QjZ5s/pWVECHonpME= =yHmY -----END PGP SIGNATURE----- --_=XFMail.1.4.7.FreeBSD:20010616022449:63573=_-- End of MIME message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sat Jun 16 1:10:21 2001 Delivered-To: freebsd-audit@freebsd.org Received: from mailman.zeta.org.au (mailman.zeta.org.au [203.26.10.16]) by hub.freebsd.org (Postfix) with ESMTP id E825237B403; Sat, 16 Jun 2001 01:10:17 -0700 (PDT) (envelope-from bde@zeta.org.au) Received: from bde.zeta.org.au (bde.zeta.org.au [203.2.228.102]) by mailman.zeta.org.au (8.9.3/8.8.7) with ESMTP id SAA16842; Sat, 16 Jun 2001 18:10:14 +1000 Date: Sat, 16 Jun 2001 18:08:24 +1000 (EST) From: Bruce Evans X-Sender: bde@besplex.bde.org To: Assar Westerlund Cc: freebsd-audit@FreeBSD.ORG Subject: Re: *printf simplifications? In-Reply-To: <5lelslx9af.fsf@assaris.sics.se> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > On 16 Jun 2001, Assar Westerlund wrote: > > > Any reason not to commit this? > Index: vsprintf.c > =================================================================== > RCS file: /home/ncvs/src/lib/libc/stdio/vsprintf.c,v > retrieving revision 1.8 > diff -u -w -r1.8 vsprintf.c > --- vsprintf.c 2001/06/16 05:37:57 1.8 > +++ vsprintf.c 2001/06/16 05:45:30 > @@ -52,16 +52,5 @@ > const char *fmt; > _BSD_VA_LIST_ ap; > { > - int ret; > - FILE f; > - Style bug: now there is no blank line after the (null) auto declarations. > - f._file = -1; > - f._flags = __SWR | __SSTR; > - f._bf._base = f._p = (unsigned char *)str; > - f._bf._size = f._w = INT_MAX; > - ret = __vfprintf(&f, fmt, ap); > - *f._p = 0; > - if (str == NULL) > - free(f._bf._base); > - return (ret); > + return (vsnprintf(str, INT_MAX, fmt, ap)); > } vsprintf() can't call vsnprintf() due to namespace issues (the former is in C[89-94] but the latter is only in C99). The current duplication of code for the other functions seems to be just a micro-(opt|pess)imization. Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sat Jun 16 9:14:29 2001 Delivered-To: freebsd-audit@freebsd.org Received: from mail.rpi.edu (mail.rpi.edu [128.113.22.40]) by hub.freebsd.org (Postfix) with ESMTP id 77F2237B401 for ; Sat, 16 Jun 2001 09:14:27 -0700 (PDT) (envelope-from drosih@rpi.edu) Received: from [128.113.24.47] (gilead.acs.rpi.edu [128.113.24.47]) by mail.rpi.edu (8.11.3/8.11.3) with ESMTP id f5GGEQB85396; Sat, 16 Jun 2001 12:14:26 -0400 Mime-Version: 1.0 X-Sender: drosih@mail.rpi.edu Message-Id: In-Reply-To: References: Date: Sat, 16 Jun 2001 12:14:24 -0400 To: freebsd-audit@FreeBSD.ORG, freebsd-print@bostonradio.org From: Garance A Drosihn Subject: Re: Patch: new options for lpd, improved msgs for connect-errs Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG At 10:16 PM -0400 6/15/01, Garance A Drosihn wrote: > [...] Also let me know if the messages to syslog >could be more helpful to potentially-harried administrators >trying to figure out why some client isn't able to connect... In the spirit of that thought, I've altered one of the error messages in the patch I posted. Instead of: >+ fhosterr(wantsl, "refused connection from %s", >+ "Your host (%s) does not have print-service access", from_host); > /*NOTREACHED*/ it is now: fhosterr(wantsl, "refused connection from %s, sip=%s", "Print-services are not available to your host (%s).", from_host, from_ip); /*NOTREACHED*/ The idea being that the hostname COULD be rather long, and if so then it would be better at the end of the error message sent to the user. I've also included the sender's IP address in the message to syslog, as that may be of interest in these days of Dynamic DNS and IPv6... The exact-wording of the message to the user may change again, if I think up some better/smoother way to say it (and still keep the hostname at the end of the message). -- Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu Senior Systems Programmer or gad@freebsd.org Rensselaer Polytechnic Institute or drosih@rpi.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sat Jun 16 13:47:43 2001 Delivered-To: freebsd-audit@freebsd.org Received: from assaris.sics.se (dhcp-221-128.pdc.kth.se [130.237.221.128]) by hub.freebsd.org (Postfix) with ESMTP id D841137B40E for ; Sat, 16 Jun 2001 13:47:05 -0700 (PDT) (envelope-from assar@assaris.sics.se) Received: (from assar@localhost) by assaris.sics.se (8.9.3/8.9.3) id WAA15366; Sat, 16 Jun 2001 22:46:58 +0200 (CEST) (envelope-from assar) From: Assar Westerlund To: Bruce Evans Cc: freebsd-audit@FreeBSD.ORG Subject: Re: *printf simplifications? References: Date: 16 Jun 2001 22:46:57 +0200 In-Reply-To: Bruce Evans's message of "Sat, 16 Jun 2001 18:08:24 +1000 (EST)" Message-ID: <5l8zistany.fsf@assaris.sics.se> Lines: 27 User-Agent: Gnus/5.070098 (Pterodactyl Gnus v0.98) Emacs/20.6 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --=-=-= Bruce Evans writes: > > { > > - int ret; > > - FILE f; > > - > > Style bug: now there is no blank line after the (null) auto declarations. fixed. > > + return (vsnprintf(str, INT_MAX, fmt, ap)); > > } > > vsprintf() can't call vsnprintf() due to namespace issues (the former is > in C[89-94] but the latter is only in C99). I added a __vsnprintf, see patch below. > The current duplication of code for the other functions seems to be just a > micro-(opt|pess)imization. I would vote for pessimization. If it doesn't matter I rather have the as much common code as possible. /assar --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=libcd Index: asprintf.c =================================================================== RCS file: /home/ncvs/src/lib/libc/stdio/asprintf.c,v retrieving revision 1.7 diff -u -w -r1.7 asprintf.c --- asprintf.c 2001/02/11 22:06:39 1.7 +++ asprintf.c 2001/06/16 20:46:32 @@ -54,30 +54,13 @@ { int ret; va_list ap; - FILE f; #if __STDC__ va_start(ap, fmt); #else va_start(ap); #endif - f._file = -1; - f._flags = __SWR | __SSTR | __SALC; - f._bf._base = f._p = (unsigned char *)malloc(128); - if (f._bf._base == NULL) { - *str = NULL; - errno = ENOMEM; - return (-1); - } - f._bf._size = f._w = 127; /* Leave room for the NULL */ - ret = __vfprintf(&f, fmt, ap); /* Use unlocked __vfprintf */ - *f._p = '\0'; + ret = vasprintf(str, fmt, ap); va_end(ap); - f._bf._base = reallocf(f._bf._base, f._bf._size + 1); - if (f._bf._base == NULL) { - errno = ENOMEM; - ret = -1; - } - *str = (char *)f._bf._base; return (ret); } Index: local.h =================================================================== RCS file: /home/ncvs/src/lib/libc/stdio/local.h,v retrieving revision 1.4 diff -u -w -r1.4 local.h --- local.h 2001/06/04 12:36:06 1.4 +++ local.h 2001/06/16 20:46:32 @@ -65,7 +65,7 @@ extern int __sflags __P((const char *, int *)); extern int __ungetc __P((int, FILE *)); extern int __vfprintf __P((FILE *, const char *, _BSD_VA_LIST_)); - +extern int __vsnprintf __P((char *, size_t, const char *, _BSD_VA_LIST_)); extern int __sdidinit; Index: snprintf.c =================================================================== RCS file: /home/ncvs/src/lib/libc/stdio/snprintf.c,v retrieving revision 1.14 diff -u -w -r1.14 snprintf.c --- snprintf.c 2001/06/16 05:37:57 1.14 +++ snprintf.c 2001/06/16 20:46:32 @@ -64,30 +64,15 @@ va_dcl #endif { - size_t on; - int ret; va_list ap; - FILE f; + int ret; - on = n; - if (n != 0) - n--; - if (n > INT_MAX) - n = INT_MAX; #if __STDC__ va_start(ap, fmt); #else va_start(ap); #endif - f._file = -1; - f._flags = __SWR | __SSTR; - f._bf._base = f._p = (unsigned char *)str; - f._bf._size = f._w = n; - ret = __vfprintf(&f, fmt, ap); - if (on > 0) - *f._p = '\0'; + ret = __vsnprintf(str, n, fmt, ap); va_end(ap); - if (str == NULL) - free(f._bf._base); return (ret); } Index: sprintf.c =================================================================== RCS file: /home/ncvs/src/lib/libc/stdio/sprintf.c,v retrieving revision 1.8 diff -u -w -r1.8 sprintf.c --- sprintf.c 2001/06/16 05:37:57 1.8 +++ sprintf.c 2001/06/16 20:46:32 @@ -63,21 +63,13 @@ { int ret; va_list ap; - FILE f; - f._file = -1; - f._flags = __SWR | __SSTR; - f._bf._base = f._p = (unsigned char *)str; - f._bf._size = f._w = INT_MAX; #if __STDC__ va_start(ap, fmt); #else va_start(ap); #endif - ret = __vfprintf(&f, fmt, ap); + ret = vsprintf(str, fmt, ap); va_end(ap); - *f._p = 0; - if (str == NULL) - free(f._bf._base); return (ret); } Index: vsnprintf.c =================================================================== RCS file: /home/ncvs/src/lib/libc/stdio/vsnprintf.c,v retrieving revision 1.14 diff -u -w -r1.14 vsnprintf.c --- vsnprintf.c 2001/06/16 05:37:57 1.14 +++ vsnprintf.c 2001/06/16 20:46:32 @@ -47,7 +47,7 @@ #include "local.h" int -vsnprintf(str, n, fmt, ap) +__vsnprintf(str, n, fmt, ap) char *str; size_t n; const char *fmt; @@ -72,4 +72,15 @@ if (str == NULL) free(f._bf._base); return (ret); +} + +int +vsnprintf(str, n, fmt, ap) + char *str; + size_t n; + const char *fmt; + _BSD_VA_LIST_ ap; +{ + + return (__vsnprintf(str, n, fmt, ap)); } Index: vsprintf.c =================================================================== RCS file: /home/ncvs/src/lib/libc/stdio/vsprintf.c,v retrieving revision 1.8 diff -u -w -r1.8 vsprintf.c --- vsprintf.c 2001/06/16 05:37:57 1.8 +++ vsprintf.c 2001/06/16 20:46:32 @@ -52,16 +52,6 @@ const char *fmt; _BSD_VA_LIST_ ap; { - int ret; - FILE f; - f._file = -1; - f._flags = __SWR | __SSTR; - f._bf._base = f._p = (unsigned char *)str; - f._bf._size = f._w = INT_MAX; - ret = __vfprintf(&f, fmt, ap); - *f._p = 0; - if (str == NULL) - free(f._bf._base); - return (ret); + return (vsnprintf(str, INT_MAX, fmt, ap)); } --=-=-=-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sat Jun 16 14:10:34 2001 Delivered-To: freebsd-audit@freebsd.org Received: from ringworld.nanolink.com (diskworld.nanolink.com [195.24.48.189]) by hub.freebsd.org (Postfix) with SMTP id F21E237B406 for ; Sat, 16 Jun 2001 14:10:12 -0700 (PDT) (envelope-from roam@ringworld.nanolink.com) Received: (qmail 11686 invoked by uid 1000); 16 Jun 2001 21:08:42 -0000 Date: Sun, 17 Jun 2001 00:08:42 +0300 From: Peter Pentchev To: audit@FreeBSD.org Cc: arch@FreeBSD.ORG Subject: new kldconfig(8) [was: new kldpath(8): display/modify the module search path] Message-ID: <20010617000842.G1956@ringworld.oblivion.bg> Mail-Followup-To: audit@FreeBSD.org, arch@FreeBSD.ORG References: <20010615225012.T94445@ringworld.oblivion.bg> <200106152010.f5FKAoT01353@mass.dis.org> <20010615230249.V94445@ringworld.oblivion.bg> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010615230249.V94445@ringworld.oblivion.bg>; from roam@orbitel.bg on Fri, Jun 15, 2001 at 11:02:50PM +0300 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Fri, Jun 15, 2001 at 11:02:50PM +0300, Peter Pentchev wrote: > > OK, after some more discussion on IRC, it seems that the "don't check" > approach is best, with kldload-time checking. I'll think some more > about it when I get home. > > Thanks to all thread participatns for the feedback, I'll be back! :) And, as promised, I am :) The next version is at: http://people.FreeBSD.org/~roam/devel/sys/kldconfig/kldconfig-01.tar.gz with the (attached) textual manpage rendering at: http://people.FreeBSD.org/~roam/devel/sys/kldconfig/kldconfig.0-01.txt I've tried to follow ldconfig's syntax for the most part, but some deviations were kind of necessary. One of them is the reuse of the -i option to specify insertion of the new paths at the start, since I agree now with Mike Smith's opinion that kldconfig need check no paths, and Robert Watson's opinion that ldconfig's default checking mode might be removed at some point in favor of load-time checks. G'luck, Peter (bracing for the next round of well-grounded comments that shall probably lead to another almost total rewrite :) PS. Ah well, I just noticed a grammar error in the very first words of the manpage's 'DESCRIPTION' section :) Shall be fixed in the next version :) -- This would easier understand fewer had omitted. KLDCONFIG(8) FreeBSD System Manager's Manual KLDCONFIG(8) NAME kldconfig - display or modify the kernel module search path SYNOPSIS kldconfig [-dfimnUv] [-S name] [path ...] kldconfig -r DESCRIPTION The kldconfig displays or modifies the search path used by the kernel when loading modules using the kldload(8) utility or the kldload(2) syscall. The following options are available: -d Remove the specified paths from the module search path. -f Do not display a diagnostic message if a path specified for adding is already present in the search path, or if a path speci- fied for removing is not present in the search path. This may be useful in startup/shutdown scripts for adding a path to a filesystem which is still not mounted, or in shutdown scripts for unconditionally removing a path that may have been added during startup. -i Add the specified paths to the beginning of the search path, not to the end. This option can only be used when adding paths. -m Instead of replacing the module search path with the set of paths specified, ``merge'' in the new entries. -n Do not actually change the module search path. -r Display the current search path. This option cannot be used if any paths are also specified. -S name Specify the sysctl name to use instead of the default kern.module_path. -U ``Unique-ify'' the current search path - if any of the directo- ries is repeated one or more times, only the first occurrence remains. This option implies -m. -v Verbose output: display the new module search path. If the path has been changed, and the -v flag is specified more than once, the old path is displayed as well. FILES /boot/kernel /boot/modules /modules The default module search path used by the kernel. DIAGNOSTICS The kldconfig utility exits with a status of 0 on success and with a nonzero status if an error occurs. SEE ALSO kldload(2), kldload(8), sysctl(8). HISTORY The kldconfig command first appeared in FreeBSD 5.0. AUTHORS Peter Pentchev FreeBSD June 15, 2001 FreeBSD To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sat Jun 16 19:12:11 2001 Delivered-To: freebsd-audit@freebsd.org Received: from bazooka.unixfreak.org (bazooka.unixfreak.org [63.198.170.138]) by hub.freebsd.org (Postfix) with ESMTP id AFFEA37B405 for ; Sat, 16 Jun 2001 19:12:08 -0700 (PDT) (envelope-from dima@unixfreak.org) Received: from hornet.unixfreak.org (hornet [63.198.170.140]) by bazooka.unixfreak.org (Postfix) with ESMTP id 63AF83E28 for ; Sat, 16 Jun 2001 19:12:08 -0700 (PDT) To: audit@freebsd.org Subject: Patch to fix `pstat -tn` Date: Sat, 16 Jun 2001 19:12:08 -0700 From: Dima Dorfman Message-Id: <20010617021208.63AF83E28@bazooka.unixfreak.org> Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG The attached patch fixes `pstat -tn` to do what the man page says it should do, rather than just print '0'. I'm not sure when this was broken (or if it ever worked at all), but the fix is relatively simple. Please review. Thanks, Dima Dorfman dima@unixfreak.org Index: pstat.c =================================================================== RCS file: /home/ncvs/src/usr.sbin/pstat/pstat.c,v retrieving revision 1.58 diff -u -c -r1.58 pstat.c *** pstat.c 2001/06/17 02:01:43 1.58 --- pstat.c 2001/06/17 02:10:19 *************** *** 854,864 **** int i, j; pid_t pgid; char *name, state[20]; if (usenumflag || tp->t_dev == 0 || ! (name = devname(tp->t_dev, S_IFCHR)) == NULL) ! (void)printf("%7d ", line); ! else (void)printf("%7s ", name); (void)printf("%2d %3d ", tp->t_rawq.c_cc, tp->t_canq.c_cc); (void)printf("%3d %5d %5d %4d %3d %7d ", tp->t_outq.c_cc, --- 854,869 ---- int i, j; pid_t pgid; char *name, state[20]; + char *tb; if (usenumflag || tp->t_dev == 0 || ! (name = devname(tp->t_dev, S_IFCHR)) == NULL) { ! i = asprintf(&tb, "%d,%d", major(tp->t_dev), minor(tp->t_dev)); ! if (i == -1) ! err(1, "asprintf"); ! (void)printf("%7s ", tb); ! free(tb); ! } else (void)printf("%7s ", name); (void)printf("%2d %3d ", tp->t_rawq.c_cc, tp->t_canq.c_cc); (void)printf("%3d %5d %5d %4d %3d %7d ", tp->t_outq.c_cc, To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sat Jun 16 20:38:20 2001 Delivered-To: freebsd-audit@freebsd.org Received: from iatl0x01.coxmail.com (iatl1x01.coxmail.com [206.157.231.23]) by hub.freebsd.org (Postfix) with ESMTP id 7A35437B409 for ; Sat, 16 Jun 2001 20:38:06 -0700 (PDT) (envelope-from mheffner@novacoxmail.com) Received: from enterprise.muriel.penguinpowered.com ([208.138.198.178]) by iatl0x01.coxmail.com (InterMail vK.4.03.02.00 201-232-124 license 85f4f10023be2bd3bce00b3a38363ea2) with ESMTP id <20010617033805.NVSA1034.iatl0x01@enterprise.muriel.penguinpowered.com>; Sat, 16 Jun 2001 23:38:05 -0400 Message-ID: X-Mailer: XFMail 1.4.7 on FreeBSD X-Priority: 3 (Normal) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="_=XFMail.1.4.7.FreeBSD:20010616233701:477=_"; micalg=pgp-md5; protocol="application/pgp-signature" In-Reply-To: <20010617021208.63AF83E28@bazooka.unixfreak.org> MYHEADER: test Date: Sat, 16 Jun 2001 23:37:01 -0400 (EDT) Reply-To: Mike Heffner From: Mike Heffner To: Dima Dorfman Subject: RE: Patch to fix `pstat -tn` Cc: audit@freebsd.org Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG This message is in MIME format --_=XFMail.1.4.7.FreeBSD:20010616233701:477=_ Content-Type: text/plain; charset=us-ascii On 17-Jun-2001 Dima Dorfman wrote: | The attached patch fixes `pstat -tn` to do what the man page says it | should do, rather than just print '0'. I'm not sure when this was | broken (or if it ever worked at all), but the fix is relatively | simple. Please review. Looks good. I assume you've picked up the PR that relates to this? Later, Mike -- Mike Heffner Fredericksburg, VA http://filebox.vt.edu/users/mheffner --_=XFMail.1.4.7.FreeBSD:20010616233701:477=_ Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7LCXdFokZQs3sv5kRAlzdAKCiDpFgIzVRNUAFxacMkDJwapumrgCgoh6a UyzeG1xBxtzgmCKW22ngkJk= =MiIQ -----END PGP SIGNATURE----- --_=XFMail.1.4.7.FreeBSD:20010616233701:477=_-- End of MIME message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message