From owner-freebsd-audit Sun Mar 10 7:56:57 2002 Delivered-To: freebsd-audit@freebsd.org Received: from web.de (pD9E463A0.dip.t-dialin.net [217.228.99.160]) by hub.freebsd.org (Postfix) with SMTP id 72ECB37B400 for ; Sun, 10 Mar 2002 07:56:54 -0800 (PST) Received: (qmail 28073 invoked by uid 1001); 10 Mar 2002 14:42:15 -0000 Date: Sun, 10 Mar 2002 15:42:15 +0100 From: Christopher Sharp To: freebsd-audit@freebsd.org Subject: mountd.8 patch Message-ID: <20020310154214.A27235@mephisto.cthulhu.net> Mail-Followup-To: Christopher Sharp , freebsd-audit@freebsd.org Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="AqsLC8rIMeq19msA" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --AqsLC8rIMeq19msA Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hello, attached is a little patch to fix the name of the sysctl under the -n option in mountd.8 - Christopher Sharp -- "I do not know myself, and God forbid that I should." -- Johann Wolfgang von Goethe --AqsLC8rIMeq19msA Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename=mountdpatch Index: mountd.8 =================================================================== RCS file: /home/ncvs/src/sbin/mountd/mountd.8,v retrieving revision 1.19 diff -u -r1.19 mountd.8 --- mountd.8 7 Jun 2001 16:59:16 -0000 1.19 +++ mountd.8 10 Mar 2002 14:41:01 -0000 @@ -74,7 +74,7 @@ Allow non-root mount requests to be served. This should only be specified if there are clients such as PC's, that require it. -It will automatically clear the vfs.nfs.nfs_privport sysctl flag, which +It will automatically clear the vfs.nfsrv.nfs_privport sysctl flag, which controls if the kernel will accept NFS requests from reserved ports only. .It Fl r Allow mount RPCs requests for regular files to be served. --AqsLC8rIMeq19msA-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sun Mar 10 15:12:32 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mail.rpi.edu (mail.rpi.edu [128.113.22.40]) by hub.freebsd.org (Postfix) with ESMTP id E2AE437B402; Sun, 10 Mar 2002 15:12:29 -0800 (PST) Received: from [128.113.24.47] (gilead.acs.rpi.edu [128.113.24.47]) by mail.rpi.edu (8.12.1/8.12.1) with ESMTP id g2ANCSoX020182; Sun, 10 Mar 2002 18:12:28 -0500 Mime-Version: 1.0 X-Sender: drosih@mail.rpi.edu Message-Id: In-Reply-To: References: Date: Sun, 10 Mar 2002 18:12:27 -0500 To: freebsd-audit@FreeBSD.ORG From: Garance A Drosihn Subject: Re: Fix for login.c in current Cc: des@FreeBSD.ORG, ache@FreeBSD.ORG Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Scanned-By: MIMEDefang 2.3 (www dot roaringpenguin dot com slash mimedefang) Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG At 2:57 PM -0500 3/9/02, Garance A Drosihn wrote: >For some reason I often manage to mistype my super-clever root >password. On freebsd-current the syslog error message for >login failures is screwed-up. A tricky interaction happens in >the section: > if (olduser != NULL) > free(olduser); > olduser = username; > >The problem is that at this point olduser is *already* equal to >username (the pointer is exactly the same), so the first part is >free-ing both olduser and username, and then sets olduser to the >already-freed area. > >In my testing, the simple fix is: > >Index: login.c >=================================================================== >RCS file: /home/ncvs/src/usr.bin/login/login.c,v >retrieving revision 1.81 >diff -u -r1.81 login.c >--- login.c 5 Mar 2002 21:56:06 -0000 1.81 >+++ login.c 9 Mar 2002 19:36:19 -0000 >@@ -284,7 +284,6 @@ > if (failures > (pwd ? 0 : 1)) > badlogin(olduser); > } >- olduser = username; > > /* > * Load the PAM policy and set some variables > >The earlier section of code will set olduser when it needs to >be set, so there was no need for the line I'm deleting here. Note that I intend to commit this to -current before Friday (probably on Tuesday or Wednesday) unless someone knows of problem with it. I have been running with it for a few days without any problem, and have tried to test all the different paths thru the code. -- Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu Senior Systems Programmer or gad@freebsd.org Rensselaer Polytechnic Institute or drosih@rpi.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sun Mar 10 16: 8:23 2002 Delivered-To: freebsd-audit@freebsd.org Received: from bazooka.trit.org (bazooka.trit.org [63.198.170.138]) by hub.freebsd.org (Postfix) with ESMTP id 93E2837B405 for ; Sun, 10 Mar 2002 16:08:18 -0800 (PST) Received: by bazooka.trit.org (Postfix, from userid 1000) id 4255A3E3A; Mon, 11 Mar 2002 00:08:18 +0000 (UTC) Received: from bazooka (localhost [127.0.0.1]) by bazooka.trit.org (Postfix) with ESMTP id 412113C12E; Mon, 11 Mar 2002 00:08:18 +0000 (UTC) To: Christopher Sharp Cc: freebsd-audit@freebsd.org Subject: Re: mountd.8 patch In-Reply-To: <20020310154214.A27235@mephisto.cthulhu.net>; from christopher_sharp@web.de on "Sun, 10 Mar 2002 15:42:15 +0100" Date: Mon, 11 Mar 2002 00:08:13 +0000 From: Dima Dorfman Message-Id: <20020311000818.4255A3E3A@bazooka.trit.org> Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Christopher Sharp wrote: > attached is a little patch to fix the name of the sysctl > under the -n option in mountd.8 Applied, thanks! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sun Mar 10 18:25:51 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mail.rpi.edu (mail.rpi.edu [128.113.22.40]) by hub.freebsd.org (Postfix) with ESMTP id 173E637B416 for ; Sun, 10 Mar 2002 18:25:38 -0800 (PST) Received: from [128.113.24.47] (gilead.acs.rpi.edu [128.113.24.47]) by mail.rpi.edu (8.12.1/8.12.1) with ESMTP id g2B2PVoX065298; Sun, 10 Mar 2002 21:25:36 -0500 Mime-Version: 1.0 X-Sender: drosih@mail.rpi.edu Message-Id: In-Reply-To: References: Date: Sun, 10 Mar 2002 21:25:29 -0500 To: freebsd-print@bostonradio.org From: Garance A Drosihn Subject: Re: The group for /var/run/printer Cc: freebsd-audit@freebsd.org Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Scanned-By: MIMEDefang 2.3 (www dot roaringpenguin dot com slash mimedefang) Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG At 12:44 AM -0500 3/5/02, Garance A Drosihn wrote to freebsd-print@bostonradio.org: >There is a PR: > >http://www.FreeBSD.org/cgi/query-pr.cgi?pr=bin/17289 > >which notices that /var/run/printer is created rwx to both the >owner (root) and group (wheel). He notes that it would probably >be better if it was not permitted to everyone in the wheel group. > >But this got me thinking. Shouldn't that be created with a group >of daemon? All the lp* programs are setuid root (ick) and setgid >daemon. If we could drop the need for setuid root, we'd still >like that setgid daemon, assuming /var/run/printer is permitted >to group daemon. Well, here's an initial cut at my idea. This keys off a userid, where lpd gets the groupid to use based on the default group for that userid. I did it that way, because that's how the 'du / daemon.user' option works in printcap entries. I added a '-u' parameter to lpd, so an administrator can specify an alternate userid, or completely skip the new chgrp-ish step. This is basically a small subset of the code that lpd currently does in printjob.c (except that keys off the 'du' value). No documentation update has been done yet, as I wanted to get feedback before writing any docs for it. Maybe I should drop the -u option, and instead have a -g option, for instance. I'd like to do something along these lines sometime after the mini-code-slush is over for current. Index: lpd/lpd.c =================================================================== RCS file: /home/ncvs/src/usr.sbin/lpr/lpd/lpd.c,v retrieving revision 1.31 diff -u -r1.31 lpd.c --- lpd/lpd.c 23 Jul 2001 00:13:02 -0000 1.31 +++ lpd/lpd.c 11 Mar 2002 02:23:55 -0000 @@ -85,6 +85,7 @@ #include #include +#include #include #include #include @@ -128,10 +129,16 @@ #define LPD_NOPORTCHK 0001 /* skip reserved-port check */ #define LPD_LOGCONNERR 0002 /* (sys)log connection errors */ +#define NULL_UID (uid_t)-1 +#define NULL_GID (gid_t)-1 + int main(int argc, char **argv) { int ch_options, errs, f, funix, *finet, i, lfd, socket_debug; + char *remc; + gid_t lpd_gid; + uid_t lpd_uid4grp; fd_set defreadfds; struct sockaddr_un un, fromunix; struct sockaddr_storage frominet; @@ -145,6 +152,8 @@ ch_options = 0; socket_debug = 0; + lpd_uid4grp = DEFUID; + lpd_gid = NULL_GID; gethostname(local_host, sizeof(local_host)); progname = "lpd"; @@ -153,7 +162,7 @@ errx(EX_NOPERM,"must run as root"); errs = 0; - while ((i = getopt(argc, argv, "cdlpwW46")) != -1) + while ((i = getopt(argc, argv, "cdlpu:wW46")) != -1) switch (i) { case 'c': /* log all kinds of connection-errors to syslog */ @@ -168,6 +177,18 @@ case 'p': pflag++; break; + case 'u': + i = strtol(optarg, &remc, 10); + if (*remc) { + syslog(LOG_ERR, + "Bad argument to -u, number expected"); + errs++; + } + if (i >= 0) + lpd_uid4grp = i; + else + lpd_uid4grp = NULL_UID; + break; case 'w': /* netbsd uses -w for maxwait */ /* * This will be removed after the release of 4.4, as @@ -215,6 +236,18 @@ family = PF_UNSPEC; argc -= optind; argv += optind; + if ((lpd_uid4grp != NULL_UID) && (lpd_gid != NULL_GID)) { + struct passwd *pwd; + + pwd = getpwuid(lpd_uid4grp); + if (pwd == NULL) { + syslog(LOG_ERR, "lpd startup: Can not find " + "uid %d (for default-gid) in password file", + lpd_uid4grp); + errs++; + } + lpd_gid = pwd->pw_gid; + } if (errs) usage(); @@ -332,6 +365,12 @@ syslog(LOG_ERR, "ubind: %m"); exit(1); } + if (lpd_gid != NULL_GID) { + if (chown(_PATH_SOCKETNAME, (uid_t)-1, lpd_gid)) { + syslog(LOG_ERR, "lpd startup: chown(%s,,%d): %m", + _PATH_SOCKETNAME, lpd_gid); + } + } (void) umask(0); sigprocmask(SIG_SETMASK, &omask, (sigset_t *)0); FD_ZERO(&defreadfds); @@ -911,9 +950,9 @@ usage(void) { #ifdef INET6 - fprintf(stderr, "usage: lpd [-cdlpW46] [port#]\n"); + fprintf(stderr, "usage: lpd [-cdlpW46] [-u ] [port#]\n"); #else - fprintf(stderr, "usage: lpd [-cdlpW] [port#]\n"); + fprintf(stderr, "usage: lpd [-cdlpW] [-u ] [port#]\n"); #endif exit(EX_USAGE); } -- Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu Senior Systems Programmer or gad@freebsd.org Rensselaer Polytechnic Institute or drosih@rpi.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sun Mar 10 18:38: 5 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mail.rpi.edu (mail.rpi.edu [128.113.22.40]) by hub.freebsd.org (Postfix) with ESMTP id 90EB737B439 for ; Sun, 10 Mar 2002 18:37:52 -0800 (PST) Received: from [128.113.24.47] (gilead.acs.rpi.edu [128.113.24.47]) by mail.rpi.edu (8.12.1/8.12.1) with ESMTP id g2B2booX053272; Sun, 10 Mar 2002 21:37:51 -0500 Mime-Version: 1.0 X-Sender: drosih@mail.rpi.edu Message-Id: In-Reply-To: References: Date: Sun, 10 Mar 2002 21:37:49 -0500 To: freebsd-print@bostonradio.org From: Garance A Drosihn Subject: Re: The group for /var/run/printer Cc: freebsd-audit@FreeBSD.ORG Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Scanned-By: MIMEDefang 2.3 (www dot roaringpenguin dot com slash mimedefang) Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG At 9:25 PM -0500 3/10/02, Garance A Drosihn wrote: > >Well, here's an initial cut at my idea. [..etc..] Down in the patch: > argc -= optind; > argv += optind; >+ if ((lpd_uid4grp != NULL_UID) && (lpd_gid != NULL_GID)) { Sigh. This line is supposed to be: + if ((lpd_uid4grp != NULL_UID) && (lpd_gid == NULL_GID)) { -- Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu Senior Systems Programmer or gad@freebsd.org Rensselaer Polytechnic Institute or drosih@rpi.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Mar 11 4:25:45 2002 Delivered-To: freebsd-audit@freebsd.org Received: from storm.FreeBSD.org.uk (storm.FreeBSD.org.uk [194.242.139.170]) by hub.freebsd.org (Postfix) with ESMTP id 8E0F337B402 for ; Mon, 11 Mar 2002 04:25:35 -0800 (PST) Received: (from uucp@localhost) by storm.FreeBSD.org.uk (8.11.6/8.11.6) with UUCP id g2BCPY350837 for audit@freebsd.org; Mon, 11 Mar 2002 12:25:34 GMT (envelope-from mark@grimreaper.grondar.za) Received: from grimreaper (localhost [127.0.0.1]) by grimreaper.grondar.org (8.12.2/8.12.2) with ESMTP id g2BCOhDN025023 for ; Mon, 11 Mar 2002 12:24:43 GMT (envelope-from mark@grimreaper.grondar.za) Message-Id: <200203111224.g2BCOhDN025023@grimreaper.grondar.org> To: audit@freebsd.org Subject: "make lint" diffs (commit candidate) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----- =_aaaaaaaaaa0" Content-ID: <24924.1015849450.0@grimreaper> Date: Mon, 11 Mar 2002 12:24:43 +0000 From: Mark Murray Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG ------- =_aaaaaaaaaa0 Content-Type: text/plain; charset="us-ascii" Content-ID: <24924.1015849450.1@grimreaper> Hi As folks have no doubt noticed, I have been doing some lint work. I have some local diffs that make this work possible, and I'd like to share them with the world. There are the main things to bear in mind when looking at these. 1) I want other lints to be able to work, with suitable additions to /etc/make.conf. I use: # # Local lint stuff # LINT= /usr/local/bin/flexelint LINTFLAGS= -b -zero /etc/lint/co-freebsd.lnt LINTKERNFLAGS= -b -zero /etc/lint/co-freebsd-kern.lnt LINTOBJFLAGS= -u -library -b -zero /etc/lint/co-freebsd.lnt -oo\(${.TARGET}\) LINTLIBFLAGS= -u -library -b -zero /etc/lint/co-freebsd.lnt -ol\(${.TARGET}\) For flexelint, and leave them out for "system" lint. 2) I want "make world" to populate /usr/libdata/lint/ with lint libraries. This only works if you turn it on with WANT_LINT= yes in /etc/make.conf 3) I want "make lint" to work in src// This is quite stable for me, and has been working for a while. I have recently tidied it up a bit. YMMV. Comments? M -- o Mark Murray \_ O.\_ Warning: this .sig is umop ap!sdn ------- =_aaaaaaaaaa0 Content-Type: text/plain; name="lint.diff"; charset="us-ascii" Content-ID: <24924.1015849450.2@grimreaper> Content-Description: Lint build fixes Index: share/mk/bsd.lib.mk =================================================================== RCS file: /home/ncvs/src/share/mk/bsd.lib.mk,v retrieving revision 1.101 diff -u -d -r1.101 bsd.lib.mk --- share/mk/bsd.lib.mk 21 Feb 2002 10:23:41 -0000 1.101 +++ share/mk/bsd.lib.mk 21 Feb 2002 22:40:24 -0000 @@ -54,7 +54,15 @@ # prefer .s to a .c, add .po, remove stuff not used in the BSD libraries # .So used for PIC object files .SUFFIXES: -.SUFFIXES: .out .o .po .So .S .s .c .cc .cpp .cxx .m .C .f .y .l +.SUFFIXES: .out .o .po .So .S .s .c .cc .cpp .cxx .m .C .f .y .l .ln + +.c.ln: + ${LINT} ${LINTOBJFLAGS} ${CFLAGS:M-[DIU]*} ${.IMPSRC} || \ + touch ${.TARGET} + +.cc.ln .C.ln .cpp.ln .cxx.ln: + ${LINT} ${LINTOBJFLAGS} ${CFLAGS:M-[DIU]*} ${.IMPSRC} || \ + touch ${.TARGET} .c.o: ${CC} ${CFLAGS} -c ${.IMPSRC} -o ${.TARGET} @@ -157,6 +165,14 @@ .endif .endif +LINTOBJS+= ${SRCS:M*.c:C/\..+$/.ln/} + +.if defined(WANT_LINT) && defined(LIB) && defined(LINTOBJS) && (${LINTOBJS} != "") +LINTLIB=llib-l${LIB}.ln +.else +LINTLIB= +.endif + .if defined(SHLIB_NAME) _LIBS+=${SHLIB_NAME} .endif @@ -169,9 +185,9 @@ .endif .if !defined(NOMAN) -all: objwarn ${_LIBS} all-man _SUBDIR # llib-l${LIB}.ln +all: objwarn ${_LIBS} all-man _SUBDIR ${LINTLIB} .else -all: objwarn ${_LIBS} _SUBDIR # llib-l${LIB}.ln +all: objwarn ${_LIBS} _SUBDIR ${LINTLIB} .endif OBJS+= ${SRCS:N*.h:R:S/$/.o/g} @@ -219,17 +235,22 @@ ${RANLIB} lib${LIB}_pic.a .endif -llib-l${LIB}.ln: ${SRCS} - ${LINT} -C${LIB} ${CFLAGS:M-[DIU]*} ${.ALLSRC:M*.c} +.if defined(WANT_LINT) && defined(LIB) && defined(LINTOBJS) && (${LINTOBJS} != "") +${LINTLIB}: ${LINTOBJS} + @${ECHO} building lint library ${SHLIB_NAME} + @rm -f ${LINTLIB} + ${LINT} ${LINTLIBFLAGS} ${CFLAGS:M-[DIU]*} ${.ALLSRC} +.endif .if !target(clean) clean: _SUBDIR rm -f a.out ${OBJS} ${STATICOBJS} ${OBJS:S/$/.tmp/} ${CLEANFILES} - rm -f lib${LIB}.a # llib-l${LIB}.ln + rm -f lib${LIB}.a ${LINTLIB} rm -f ${POBJS} ${POBJS:S/$/.tmp/} lib${LIB}_p.a rm -f ${SOBJS} ${SOBJS:.So=.so} ${SOBJS:S/$/.tmp/} \ ${SHLIB_NAME} ${SHLIB_LINK} \ lib${LIB}.so.* lib${LIB}.so lib${LIB}_pic.a + rm -f ${LINTOBJS} ${LINTLIB} .if defined(CLEANDIRS) && !empty(CLEANDIRS) rm -rf ${CLEANDIRS} .endif @@ -323,6 +344,10 @@ ln -fs $$l $$t; \ done; true .endif +.if defined(WANT_LINT) && defined(LIB) && defined(LINTOBJS) && (${LINTOBJS} != "") + ${INSTALL} ${COPY} -o ${LIBOWN} -g ${LIBGRP} -m ${LIBMODE} \ + ${_INSTALLFLAGS} ${LINTLIB} ${DESTDIR}${LINTLIBDIR} +.endif install: afterinstall _SUBDIR .if !defined(NOMAN) @@ -345,8 +370,10 @@ .endif .if !target(lint) -lint: +lint: ${SRCS:M*.c} _SUBDIR + ${LINT} ${LINTOBJFLAGS} ${CFLAGS:M-[DIU]*} ${.ALLSRC} | more 2>&1 .endif + .if !defined(NOMAN) .include Index: share/mk/sys.mk =================================================================== RCS file: /home/ncvs/src/share/mk/sys.mk,v retrieving revision 1.56 diff -u -d -r1.56 sys.mk --- share/mk/sys.mk 31 Aug 2001 12:20:43 -0000 1.56 +++ share/mk/sys.mk 15 Feb 2002 22:54:30 -0000 @@ -76,7 +76,10 @@ LDFLAGS ?= LINT ?= lint -LINTFLAGS ?= -chapbx +LINTFLAGS ?= -cghapbx -L /usr/libdata/lint +LINTKERNFLAGS ?= ${LINTFLAGS} +LINTOBJFLAGS ?= -cghapbxu -i +LINTLIBFLAGS ?= -cghapbxu -C ${LIB} MAKE ?= make Index: sys/conf/kern.post.mk =================================================================== RCS file: /home/ncvs/src/sys/conf/kern.post.mk,v retrieving revision 1.10 diff -u -d -r1.10 kern.post.mk --- sys/conf/kern.post.mk 1 Mar 2002 01:21:29 -0000 1.10 +++ sys/conf/kern.post.mk 6 Mar 2002 11:26:05 -0000 @@ -57,6 +57,9 @@ kernel-clobber: find . -type f ! -name version -delete +lint: ${CFILES} + ${LINT} ${LINTKERNFLAGS} ${CFLAGS:M-[DILU]*} ${.ALLSRC} | more 2>&1 + locore.o: $S/$M/$M/locore.s assym.s ${NORMAL_S} Index: sys/conf/kmod.mk =================================================================== RCS file: /home/ncvs/src/sys/conf/kmod.mk,v retrieving revision 1.113 diff -u -d -r1.113 kmod.mk --- sys/conf/kmod.mk 1 Mar 2002 01:21:29 -0000 1.113 +++ sys/conf/kmod.mk 6 Mar 2002 11:03:21 -0000 @@ -338,6 +338,9 @@ regress: +lint: ${SRCS} + ${LINT} ${LINTKERNFLAGS} ${CFLAGS:M-[DILU]*} ${.ALLSRC:M*.c} | more 2>&1 + .include .if !exists(${DEPENDFILE}) ------- =_aaaaaaaaaa0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Mar 15 4:20:23 2002 Delivered-To: freebsd-audit@freebsd.org Received: from rwcrmhc51.attbi.com (rwcrmhc51.attbi.com [204.127.198.38]) by hub.freebsd.org (Postfix) with ESMTP id 1C5D937B404 for ; Fri, 15 Mar 2002 04:20:10 -0800 (PST) Received: from blossom.cjclark.org ([12.234.91.48]) by rwcrmhc51.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020315122009.XCSF2626.rwcrmhc51.attbi.com@blossom.cjclark.org> for ; Fri, 15 Mar 2002 12:20:09 +0000 Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.6) id g2FCK7p44306 for audit@freebsd.org; Fri, 15 Mar 2002 04:20:07 -0800 (PST) (envelope-from cjc) Date: Fri, 15 Mar 2002 04:20:07 -0800 From: "Crist J. Clark" To: audit@freebsd.org Subject: Preventing chpass(1) DoS Message-ID: <20020315042007.K29705@blossom.cjclark.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG PR 35816 describes a problem with the current chpass(1) implementation. That is, any user can tie up the password database indefinately by running chpass(1) and just leaving the interactive editor it spawns open. The PR was originally closed stating the fix was for the administrator to hunt down and kill the offending process. I do not think that is a good answer. Between the time someone runs chpass(1) and an administrator is found, gains access to the system, and hunts down the open editor, no one on the system can successfully run chpass(1) or even passwd(1). I personally do not think that is acceptable. I have made some small changes to the code (I chose to make the diffs as small as possible rather than make a larger change which might be more asthetically pleasing) which do not lock the database while the user is editing. Instead of locking the database over the whole process the following steps occur, - Get the struct passwd for the user being modified. - Edit the data for the user. - Lock the password database. - Re-read the struct passwd for the user. - Merge the edits into the struct passwd. - Rebuild database. So why do it this way? If changes are made to the user's database entry while the data is being edited, we will merge the changes with the edited data. The only potential problem I see is when a superuser edits data at the same time as another user and finishes last. Modification made by the other user will be overwritten by the superuser's "changes." It's not a big enough problem to worry me much. I should note that a cursory look at NetBSD and OpenBSD shows they both do not lock while the user is editing. Anyway, the patches follow. Also, would anyone mind if I style(9)ized chpass(1)? Index: usr.bin/chpass/chpass.c =================================================================== RCS file: /export/freebsd/ncvs/src/usr.bin/chpass/chpass.c,v retrieving revision 1.18 diff -u -r1.18 chpass.c --- usr.bin/chpass/chpass.c 26 Jul 2001 23:27:10 -0000 1.18 +++ usr.bin/chpass/chpass.c 15 Mar 2002 11:41:37 -0000 @@ -246,12 +246,11 @@ * The exit closes the master passwd fp/fd. */ pw_init(); - pfd = pw_lock(); tfd = pw_tmp(); if (op == EDITENTRY) { display(tfd, pw); - edit(pw); + edit(&pw, username, &pfd); (void)unlink(tempname); tfd = pw_tmp(); } Index: usr.bin/chpass/chpass.h =================================================================== RCS file: /export/freebsd/ncvs/src/usr.bin/chpass/chpass.h,v retrieving revision 1.3 diff -u -r1.3 chpass.h --- usr.bin/chpass/chpass.h 3 Sep 1998 17:32:22 -0000 1.3 +++ usr.bin/chpass/chpass.h 15 Mar 2002 11:42:21 -0000 @@ -54,7 +54,7 @@ int atot __P((char *, time_t *)); void display __P((int, struct passwd *)); -void edit __P((struct passwd *)); +void edit __P((struct passwd **, const char *username, int *pfd)); char *ok_shell __P((char *)); int p_change __P((char *, struct passwd *, ENTRY *)); int p_class __P((char *, struct passwd *, ENTRY *)); Index: usr.bin/chpass/edit.c =================================================================== RCS file: /export/freebsd/ncvs/src/usr.bin/chpass/edit.c,v retrieving revision 1.19 diff -u -r1.19 edit.c --- usr.bin/chpass/edit.c 26 Jul 2001 23:27:10 -0000 1.19 +++ usr.bin/chpass/edit.c 15 Mar 2002 11:42:12 -0000 @@ -62,8 +62,10 @@ extern char *tempname; void -edit(pw) - struct passwd *pw; +edit(pw, username, pfd) + struct passwd **pw; + const char *username; + int *pfd; { struct stat begin, end; char *begin_sum, *end_sum; @@ -83,8 +85,14 @@ } free(begin_sum); free(end_sum); - if (verify(pw)) + *pfd = pw_lock(); + if ((*pw = getpwnam(username)) == NULL) + errx(1, "user \'%s\' disappeared while editing", + username); + if (verify(*pw)) break; + if (close(*pfd) != 0) + errx(1, "lost lock on password database"); pw_prompt(); } } -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Mar 15 6:30: 9 2002 Delivered-To: freebsd-audit@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id 59AE237B402; Fri, 15 Mar 2002 06:29:54 -0800 (PST) Received: by flood.ping.uio.no (Postfix, from userid 2602) id 12ED85346; Fri, 15 Mar 2002 15:29:53 +0100 (CET) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: "Crist J. Clark" Cc: audit@freebsd.org Subject: Re: Preventing chpass(1) DoS References: <20020315042007.K29705@blossom.cjclark.org> From: Dag-Erling Smorgrav Date: 15 Mar 2002 15:29:52 +0100 In-Reply-To: <20020315042007.K29705@blossom.cjclark.org> Message-ID: Lines: 9 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.1 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG "Crist J. Clark" writes: > I should note that a cursory look at NetBSD and OpenBSD shows they > both do not lock while the user is editing. How about using their code rather than roll our own? DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Mar 15 11:12:53 2002 Delivered-To: freebsd-audit@freebsd.org Received: from alcatraz.iptelecom.net.ua (alcatraz.iptelecom.net.ua [212.9.224.15]) by hub.freebsd.org (Postfix) with ESMTP id B053237B400; Fri, 15 Mar 2002 11:11:50 -0800 (PST) Received: from ipcard.iptcom.net (ipcard.iptcom.net [212.9.224.5]) by alcatraz.iptelecom.net.ua (8.9.3/8.9.3) with ESMTP id VAA79175; Fri, 15 Mar 2002 21:11:48 +0200 (EET) (envelope-from sobomax@FreeBSD.org) Received: from vega.vega.com (h16.229.dialup.iptcom.net [212.9.229.16]) by ipcard.iptcom.net (8.9.3/8.9.3) with ESMTP id VAA98777; Fri, 15 Mar 2002 21:11:44 +0200 (EET) (envelope-from sobomax@FreeBSD.org) Received: from FreeBSD.org (big_brother.vega.com [192.168.1.1]) by vega.vega.com (8.11.6/8.11.3) with ESMTP id g2FJBDB99955; Fri, 15 Mar 2002 21:11:13 +0200 (EET) (envelope-from sobomax@FreeBSD.org) Message-ID: <3C92478F.2B7C11DB@FreeBSD.org> Date: Fri, 15 Mar 2002 21:12:15 +0200 From: Maxim Sobolev Organization: Vega International Capital X-Mailer: Mozilla 4.79 [en] (Windows NT 5.0; U) X-Accept-Language: en,uk,ru MIME-Version: 1.0 To: Michael Smith Cc: hackers@FreeBSD.org, audit@FreeBSD.org, re@FreeBSD.org Subject: Re: Extending loader(8) for loading kerels/modules split across several disks References: <200203070940.g279eTa04750@mass.dis.org> Content-Type: multipart/mixed; boundary="------------FC04DF02325744190C9B23D5" Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG This is a multi-part message in MIME format. --------------FC04DF02325744190C9B23D5 Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit Michael Smith wrote: > > > > > Please review attached patch, which adds long overdue feature to our > > > > loader(8), allowing it to load sequence of files as a single object. > > > > > > I don't like this. I would much rather see support for 'split' files > > > implemented as a stacking filesystem layer like the gzip support, with > > > the simple recognition of 'foo.gz.aa' as the first part of a split > > > version of 'foo.gz', which in turn is recognised as a compressed version > > > of 'foo'. > > > > I am curious how in this case the layer is going to know how many > > parts the file contains? > > The simple way to do it is to keep asking for more parts until there are > no more. > > You can take the NetBSD approach of wrapping the file in a multipart tar > archive. > > Or a more elegant method involves the use of a control file. > > eg. the splitfs code, when asked to open "foo" looks for "foo.split" > which is a text file containing a list of filenames and media names, eg. > > foo.aa "Kernel floppy 1" > foo.ab "Kernel floppy 2" > foo.ac "Kernel and modules floppy" > > For each file segment, the process is: > > - try to open the file > - prompt "please insert the disk labelled '" > - try to open the file > - return error > > At any rate, my key point is that the splitting should be invisible, and > *definitely* not pushed up into the loader. Ok, attached is the path, which does exactly what described. Please review and if there are no objections I would like to commit it shortly, so that our re@ team would be able to consider it for the forthcoming 5.0-DP1 release. Thanks! -Maxim --------------FC04DF02325744190C9B23D5 Content-Type: text/plain; charset=koi8-r; name="loader-multifiles.diff2" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="loader-multifiles.diff2" Index: src/lib/libstand/Makefile =================================================================== RCS file: /home/ncvs/src/lib/libstand/Makefile,v retrieving revision 1.27 diff -d -u -r1.27 Makefile --- src/lib/libstand/Makefile 27 Feb 2002 17:15:37 -0000 1.27 +++ src/lib/libstand/Makefile 15 Mar 2002 08:40:31 -0000 @@ -153,6 +153,7 @@ SRCS+= ufs.c nfs.c cd9660.c tftp.c zipfs.c bzipfs.c SRCS+= netif.c nfs.c SRCS+= dosfs.c ext2fs.c +SRCS+= splitfs.c beforeinstall: ${INSTALL} -C -o ${BINOWN} -g ${BINGRP} -m 444 ${.CURDIR}/stand.h \ Index: src/lib/libstand/bzipfs.c =================================================================== RCS file: /home/ncvs/src/lib/libstand/bzipfs.c,v retrieving revision 1.3 diff -d -u -r1.3 bzipfs.c --- src/lib/libstand/bzipfs.c 1 Feb 2002 16:33:40 -0000 1.3 +++ src/lib/libstand/bzipfs.c 15 Mar 2002 08:40:31 -0000 @@ -150,7 +150,7 @@ /* If the name already ends in .gz or .bz2, ignore it */ if ((cp = strrchr(fname, '.')) && (!strcmp(cp, ".gz") - || !strcmp(cp, ".bz2"))) + || !strcmp(cp, ".bz2") || !strcmp(cp, ".split"))) return(ENOENT); /* Construct new name */ Index: src/lib/libstand/splitfs.c =================================================================== RCS file: src/lib/libstand/splitfs.c diff -N src/lib/libstand/splitfs.c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ src/lib/libstand/splitfs.c 15 Mar 2002 08:40:31 -0000 @@ -0,0 +1,287 @@ +/* + * Copyright (c) 2002 Maxim Sobolev + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +__FBSDID("$FreeBSD$"); + +#include "stand.h" + +#define NTRIES (3) +#define CONF_BUF (512) +#define SEEK_BUF (512) + +struct split_file +{ + char **filesv; /* Filenames */ + char **descsv; /* Descriptions */ + int filesc; /* Number of parts */ + int curfile; /* Current file number */ + int curfd; /* Current file descriptor */ + off_t tot_pos; /* Offset from the beginning of the sequence */ + off_t file_pos; /* Offset from the beginning of the slice */ +}; + +static int splitfs_open(const char *path, struct open_file *f); +static int splitfs_close(struct open_file *f); +static int splitfs_read(struct open_file *f, void *buf, size_t size, size_t *resid); +static off_t splitfs_seek(struct open_file *f, off_t offset, int where); +static int splitfs_stat(struct open_file *f, struct stat *sb); + +struct fs_ops splitfs_fsops = { + "split", + splitfs_open, + splitfs_close, + splitfs_read, + null_write, + splitfs_seek, + splitfs_stat, + null_readdir +}; + +static void +split_file_destroy(struct split_file *sf) +{ + int i; + + if (sf->filesc > 0) { + for (i = 0; i < sf->filesc; i++) { + free(sf->filesv[i]); + free(sf->descsv[i]); + } + free(sf->filesv); + free(sf->descsv); + } + free(sf); +} + +static int +splitfs_open(const char *fname, struct open_file *f) +{ + char *buf, *confname, *cp; + int conffd; + struct split_file *sf; + struct stat sb; + + printf("%s\n", fname); + /* Have to be in "just read it" mode */ + if (f->f_flags != F_READ) + return(EPERM); + + /* If the name already ends in `.split', ignore it */ + if ((cp = strrchr(fname, '.')) && (!strcmp(cp, ".split"))) + return(ENOENT); + + /* Construct new name */ + confname = malloc(strlen(fname) + 7); + sprintf(confname, "%s.split", fname); + + /* Try to open the configuration file */ + conffd = open(confname, O_RDONLY); + free(confname); + if (conffd == -1) + return(ENOENT); + + if (fstat(conffd, &sb) < 0) { + printf("splitfs_open: stat failed\n"); + close(conffd); + return(ENOENT); + } + if (!S_ISREG(sb.st_mode)) { + printf("splitfs_open: not a file\n"); + close(conffd); + return(EISDIR); /* best guess */ + } + + /* Allocate a split_file structure, populate it from the config file */ + sf = malloc(sizeof(struct split_file)); + bzero(sf, sizeof(struct split_file)); + buf = malloc(CONF_BUF); + while (fgetstr(buf, CONF_BUF, conffd) > 0) { + cp = buf; + while ((*cp != '\0') && (isspace(*cp) == 0)) + cp++; + if (*cp != '\0') { + *cp = '\0'; + cp++; + } + while ((*cp != '\0') && (isspace(*cp) != 0)) + cp++; + if (*cp == '\0') + cp = buf; + sf->filesc++; + sf->filesv = realloc(sf->filesv, sizeof(*(sf->filesv)) * sf->filesc); + sf->descsv = realloc(sf->descsv, sizeof(*(sf->descsv)) * sf->filesc); + sf->filesv[sf->filesc - 1] = strdup(buf); + sf->descsv[sf->filesc - 1] = strdup(cp); + } + free(buf); + close(conffd); + + if ((sf->filesc == 0) || ((sf->curfd = open(sf->filesv[0], O_RDONLY)) == -1)) { + split_file_destroy(sf); + return(ENOENT); + } + + /* Looks OK, we'll take it */ + f->f_fsdata = sf; + return (0); +} + +static int +splitfs_close(struct open_file *f) +{ + int fd; + struct split_file *sf; + + sf = (struct split_file *)f->f_fsdata; + fd = sf->curfd; + split_file_destroy(sf); + return(close(fd)); +} + +static int +splitfs_read(struct open_file *f, void *buf, size_t size, size_t *resid) +{ + int i, nread, totread; + struct split_file *sf; + + sf = (struct split_file *)f->f_fsdata; + totread = 0; + do { + nread = read(sf->curfd, buf, size - totread); + + /* Error? */ + if (nread == -1) + return (errno); + + sf->tot_pos += nread; + sf->file_pos += nread; + totread += nread; + buf += nread; + + if (totread < size) { /* EOF */ + if (sf->curfile == (sf->filesc - 1)) /* Last slice */ + break; + + /* Close previous slice */ + if (close(sf->curfd) != 0) + return (errno); + + sf->curfile++; + for (i = 0;; i++) { + sf->curfd = open(sf->filesv[sf->curfile], O_RDONLY); + if (sf->curfd >= 0) + break; + if ((sf->curfd == -1) && (errno != ENOENT)) + return (errno); + if (i == NTRIES) + return (EIO); + printf("\nInsert disk labelled %s and press any key...", sf->descsv[sf->curfile]); + getchar();putchar('\n'); + } + sf->file_pos = 0; + } + } while (totread < size); + + if (resid != NULL) + *resid = size - totread; + + return (0); +} + +static off_t +splitfs_seek(struct open_file *f, off_t offset, int where) +{ + int nread; + size_t resid; + off_t new_pos, seek_by; + struct split_file *sf; + + sf = (struct split_file *)f->f_fsdata; + + seek_by = offset; + switch (where) { + case SEEK_SET: + seek_by -= sf->tot_pos; + break; + case SEEK_CUR: + break; + case SEEK_END: + panic("splitfs_seek: SEEK_END not supported"); + break; + } + + if (seek_by > 0) { + /* + * Seek forward - implemented using splitfs_read(), because otherwise we'll be + * unable to detect that we have crossed slice boundary and hence + * unable to do a long seek crossing that boundary. + */ + void *tmp; + + tmp = malloc(SEEK_BUF); + if (tmp == NULL) + return (-1); + + nread = 0; + for (; seek_by > 0; seek_by -= nread) { + resid = 0; + errno = splitfs_read(f, tmp, min(seek_by, SEEK_BUF), &resid); + nread = min(seek_by, SEEK_BUF) - resid; + if ((errno != 0) || (nread == 0)) + /* Error or EOF */ + break; + } + free(tmp); + if (errno != 0) + return (-1); + } + + if (seek_by != 0) { + /* Seek backward or seek past the boundary of the last slice */ + if (sf->file_pos + seek_by < 0) + panic("splitfs_seek: can't seek past the beginning of the slice"); + new_pos = lseek(sf->curfd, seek_by, SEEK_CUR); + if (new_pos < 0) + return (-1); + sf->tot_pos += new_pos - sf->file_pos; + sf->file_pos = new_pos; + } + + return (sf->tot_pos); +} + +static int +splitfs_stat(struct open_file *f, struct stat *sb) +{ + int result; + struct split_file *sf = (struct split_file *)f->f_fsdata; + + /* stat as normal, but indicate that size is unknown */ + if ((result = fstat(sf->curfd, sb)) == 0) + sb->st_size = -1; + return (result); +} Index: src/lib/libstand/stand.h =================================================================== RCS file: /home/ncvs/src/lib/libstand/stand.h,v retrieving revision 1.29 diff -d -u -r1.29 stand.h --- src/lib/libstand/stand.h 9 Mar 2002 21:02:11 -0000 1.29 +++ src/lib/libstand/stand.h 15 Mar 2002 08:40:31 -0000 @@ -125,6 +125,7 @@ extern struct fs_ops bzipfs_fsops; extern struct fs_ops dosfs_fsops; extern struct fs_ops ext2fs_fsops; +extern struct fs_ops splitfs_fsops; /* where values for lseek(2) */ #define SEEK_SET 0 /* set file offset to offset */ Index: src/lib/libstand/zipfs.c =================================================================== RCS file: /home/ncvs/src/lib/libstand/zipfs.c,v retrieving revision 1.8 diff -d -u -r1.8 zipfs.c --- src/lib/libstand/zipfs.c 30 Sep 2001 22:28:01 -0000 1.8 +++ src/lib/libstand/zipfs.c 15 Mar 2002 08:40:31 -0000 @@ -175,7 +175,7 @@ /* If the name already ends in .gz or .bz2, ignore it */ if ((cp = strrchr(fname, '.')) && (!strcmp(cp, ".gz") - || !strcmp(cp, ".bz2"))) + || !strcmp(cp, ".bz2") || !strcmp(cp, ".split"))) return(ENOENT); /* Construct new name */ Index: src/sys/boot/i386/loader/conf.c =================================================================== RCS file: /home/ncvs/src/sys/boot/i386/loader/conf.c,v retrieving revision 1.18 diff -d -u -r1.18 conf.c --- src/sys/boot/i386/loader/conf.c 5 Nov 2001 18:59:13 -0000 1.18 +++ src/sys/boot/i386/loader/conf.c 15 Mar 2002 08:40:31 -0000 @@ -60,6 +60,7 @@ &ext2fs_fsops, &dosfs_fsops, &cd9660_fsops, + &splitfs_fsops, #ifdef LOADER_GZIP_SUPPORT &zipfs_fsops, #endif --------------FC04DF02325744190C9B23D5-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Mar 15 15:31:50 2002 Delivered-To: freebsd-audit@freebsd.org Received: from sunny.newgold.net (durham-ar1-174-172.durham.dsl.gtei.net [4.40.174.172]) by hub.freebsd.org (Postfix) with ESMTP id 3800537B402; Fri, 15 Mar 2002 15:31:42 -0800 (PST) Received: from sunny.newgold.net (freebsd@localhost [IPv6:::1]) by sunny.newgold.net (8.12.1/8.12.1) with ESMTP id g2FNBvDF009586; Fri, 15 Mar 2002 23:12:51 GMT Received: (from freebsd@localhost) by sunny.newgold.net (8.12.1/8.12.1/Submit) id g2FNBt6b008074; Fri, 15 Mar 2002 23:11:55 GMT Date: Fri, 15 Mar 2002 23:11:00 +0000 From: "J. Mallett" To: freebsd-audit@freebsd.org Cc: "J. Mallett" Subject: patch for review: xargs standards compliance Message-ID: <20020315231100.A20942@FreeBSD.ORG> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.21i Organisation: FreeBSD Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I have a patch here that does the following things by synching xargs with the version in xMach's tree (give or take a few FreeBSDisms that are needed to make it compile and such). It adds a few options from SUSv3 (some possibly older), and fixes xargs returning the incorrect values on error. It also compiles with BDECFLAGS and -Werror (last I tried). The patch is available here: http://people.freebsd.org/~jmallett/xargs.patch Relative to -rHEAD right now. In detail, it adds: -E, -I, -L, -t; As far as flags go. I'm looking to commit this after the weekend, so review would be appreciated, comments and flames welcome... Three days sound good? Thanks much, /j. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Mar 15 17: 4:41 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mail.rpi.edu (mail.rpi.edu [128.113.22.40]) by hub.freebsd.org (Postfix) with ESMTP id 5E58F37B404; Fri, 15 Mar 2002 17:04:32 -0800 (PST) Received: from [128.113.24.47] (gilead.acs.rpi.edu [128.113.24.47]) by mail.rpi.edu (8.12.1/8.12.1) with ESMTP id g2G14U4B117358; Fri, 15 Mar 2002 20:04:30 -0500 Mime-Version: 1.0 X-Sender: drosih@mail.rpi.edu Message-Id: In-Reply-To: <20020315231100.A20942@FreeBSD.ORG> References: <20020315231100.A20942@FreeBSD.ORG> Date: Fri, 15 Mar 2002 20:04:29 -0500 To: "J. Mallett" , freebsd-audit@FreeBSD.ORG From: Garance A Drosihn Subject: Re: patch for review: xargs standards compliance Cc: "J. Mallett" Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Scanned-By: MIMEDefang 2.3 (www dot roaringpenguin dot com slash mimedefang) Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG At 11:11 PM +0000 3/15/02, J. Mallett wrote: >The patch is available here: > http://people.freebsd.org/~jmallett/xargs.patch > >Relative to -rHEAD right now. > >In detail, it adds: -E, -I, -L, -t; As far as flags go. I like the idea, I particularly like the idea when someone else writes all the code... :-) I don't see why you added: +# $xMach: Makefile,v 1.1.1.2 2002/02/22 19:31:35 jmallett Exp $ to the makefile. But it probably will need a $FreeBSD$ in there somewhere, or you'll have trouble when you go to check it in. For the new routine strnsubst.c, I believe the current practice for including $FreeBSD$ in a '.c' file is not to add it to a comment, but to add: #include __FBSDID("$FreeBSD$"); after that first comment block. (I believe there's supposed to be a blank line between the closing '*/' and the include for sys/cdefs.h, and no blank line between that and the __FBSDID line) The actual update looks OK, but I've only skimmed through it and I haven't tried to apply it and put it through any torture testing. >I'm looking to commit this after the weekend, so review would >be appreciated, comments and flames welcome... Three days >sound good? It would be better to wait more than just a weekend. Despite popular folklore, many of us do sometimes go thru a whole weekend without checking the mailing lists for new code... :-) -- Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu Senior Systems Programmer or gad@freebsd.org Rensselaer Polytechnic Institute or drosih@rpi.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Mar 15 17:16:20 2002 Delivered-To: freebsd-audit@freebsd.org Received: from sunny.newgold.net (durham-ar1-174-172.durham.dsl.gtei.net [4.40.174.172]) by hub.freebsd.org (Postfix) with ESMTP id 9B5F337B400; Fri, 15 Mar 2002 17:16:14 -0800 (PST) Received: from sunny.newgold.net (freebsd@localhost [IPv6:::1]) by sunny.newgold.net (8.12.1/8.12.1) with ESMTP id g2G0uTDF019070; Sat, 16 Mar 2002 00:57:24 GMT Received: (from freebsd@localhost) by sunny.newgold.net (8.12.1/8.12.1/Submit) id g2G0uS5k020520; Sat, 16 Mar 2002 00:56:28 GMT Date: Sat, 16 Mar 2002 00:55:33 +0000 From: "J. Mallett" To: Garance A Drosihn Cc: "J. Mallett" , freebsd-audit@FreeBSD.ORG Subject: Re: patch for review: xargs standards compliance Message-ID: <20020316005533.A20903@FreeBSD.ORG> References: <20020315231100.A20942@FreeBSD.ORG> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.21i Organisation: FreeBSD Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Fri, Mar 15, 2002 at 08:04:29PM -0500, Garance A Drosihn wrote: > At 11:11 PM +0000 3/15/02, J. Mallett wrote: > >The patch is available here: > > http://people.freebsd.org/~jmallett/xargs.patch > > > >Relative to -rHEAD right now. > > > >In detail, it adds: -E, -I, -L, -t; As far as flags go. > > I like the idea, I particularly like the idea when someone > else writes all the code... :-) Then credit goes about half to me and half to Tim Robbins and um an extra half to Mike Barcroft for not letting me let things rot. > I don't see why you added: > +# $xMach: Makefile,v 1.1.1.2 2002/02/22 19:31:35 jmallett Exp $ > to the makefile. But it probably will need a $FreeBSD$ in there > somewhere, or you'll have trouble when you go to check it in. It's because I synched the entire dir with what xMach has (though not path*.h as it changed not at all). I can remove it trivially. > For the new routine strnsubst.c, I believe the current practice > for including $FreeBSD$ in a '.c' file is not to add it to a > comment, but to add: > > #include > __FBSDID("$FreeBSD$"); > > after that first comment block. (I believe there's supposed to > be a blank line between the closing '*/' and the include for > sys/cdefs.h, and no blank line between that and the __FBSDID > line) You're right, sorry about that, I was thinking for a second that was only for the file with main in it, but the id string is static so it doesn't matter does it. > The actual update looks OK, but I've only skimmed through it > and I haven't tried to apply it and put it through any torture > testing. The actual update looks like what the standards ask for; It's rather evil. > >I'm looking to commit this after the weekend, so review would > >be appreciated, comments and flames welcome... Three days > >sound good? > > It would be better to wait more than just a weekend. Despite > popular folklore, many of us do sometimes go thru a whole > weekend without checking the mailing lists for new code... :-) I can include monday with that without a problem. I just know if this sits in my TODO list much longer it's going to rot away to death. I'll update the patch with what you've mentioned... Tomorrow, I'll leave this message marked unread, and I'll reply mentioning when a new one is available... Comments on other {,de}merits of the patch welcome. Thanks, /j. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Mar 15 17:28:16 2002 Delivered-To: freebsd-audit@freebsd.org Received: from newsguy.com (smtp.newsguy.com [209.155.56.71]) by hub.freebsd.org (Postfix) with ESMTP id 8811237B404; Fri, 15 Mar 2002 17:27:39 -0800 (PST) Received: from newsguy.com (ppp243-bsace7002.telebrasilia.net.br [200.181.81.243]) by newsguy.com (8.9.1a/8.9.1) with ESMTP id RAA04894; Fri, 15 Mar 2002 17:27:34 -0800 (PST) Message-ID: <3C929F99.18C9EC86@newsguy.com> Date: Fri, 15 Mar 2002 22:27:53 -0300 From: "Daniel C. Sobral" X-Mailer: Mozilla 4.79 [en] (Win98; U) X-Accept-Language: en,pt-BR,pt,en-GB,en-US,ja MIME-Version: 1.0 To: Maxim Sobolev Cc: Michael Smith , hackers@FreeBSD.ORG, audit@FreeBSD.ORG, re@FreeBSD.ORG Subject: Re: Extending loader(8) for loading kerels/modules split across several disks References: <200203070940.g279eTa04750@mass.dis.org> <3C92478F.2B7C11DB@FreeBSD.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG For whatever it is worth, I like it. Maxim Sobolev wrote: > > Michael Smith wrote: > > > > > > > Please review attached patch, which adds long overdue feature to our > > > > > loader(8), allowing it to load sequence of files as a single object. > > > > > > > > I don't like this. I would much rather see support for 'split' files > > > > implemented as a stacking filesystem layer like the gzip support, with > > > > the simple recognition of 'foo.gz.aa' as the first part of a split > > > > version of 'foo.gz', which in turn is recognised as a compressed version > > > > of 'foo'. > > > > > > I am curious how in this case the layer is going to know how many > > > parts the file contains? > > > > The simple way to do it is to keep asking for more parts until there are > > no more. > > > > You can take the NetBSD approach of wrapping the file in a multipart tar > > archive. > > > > Or a more elegant method involves the use of a control file. > > > > eg. the splitfs code, when asked to open "foo" looks for "foo.split" > > which is a text file containing a list of filenames and media names, eg. > > > > foo.aa "Kernel floppy 1" > > foo.ab "Kernel floppy 2" > > foo.ac "Kernel and modules floppy" > > > > For each file segment, the process is: > > > > - try to open the file > > - prompt "please insert the disk labelled '" > > - try to open the file > > - return error > > > > At any rate, my key point is that the splitting should be invisible, and > > *definitely* not pushed up into the loader. > > Ok, attached is the path, which does exactly what described. Please > review and if there are no objections I would like to commit it > shortly, so that our re@ team would be able to consider it for the > forthcoming 5.0-DP1 release. > > Thanks! > > -Maxim > > ------------------------------------------------------------------------ > Index: src/lib/libstand/Makefile > =================================================================== > RCS file: /home/ncvs/src/lib/libstand/Makefile,v > retrieving revision 1.27 > diff -d -u -r1.27 Makefile > --- src/lib/libstand/Makefile 27 Feb 2002 17:15:37 -0000 1.27 > +++ src/lib/libstand/Makefile 15 Mar 2002 08:40:31 -0000 > @@ -153,6 +153,7 @@ > SRCS+= ufs.c nfs.c cd9660.c tftp.c zipfs.c bzipfs.c > SRCS+= netif.c nfs.c > SRCS+= dosfs.c ext2fs.c > +SRCS+= splitfs.c > > beforeinstall: > ${INSTALL} -C -o ${BINOWN} -g ${BINGRP} -m 444 ${.CURDIR}/stand.h \ > Index: src/lib/libstand/bzipfs.c > =================================================================== > RCS file: /home/ncvs/src/lib/libstand/bzipfs.c,v > retrieving revision 1.3 > diff -d -u -r1.3 bzipfs.c > --- src/lib/libstand/bzipfs.c 1 Feb 2002 16:33:40 -0000 1.3 > +++ src/lib/libstand/bzipfs.c 15 Mar 2002 08:40:31 -0000 > @@ -150,7 +150,7 @@ > > /* If the name already ends in .gz or .bz2, ignore it */ > if ((cp = strrchr(fname, '.')) && (!strcmp(cp, ".gz") > - || !strcmp(cp, ".bz2"))) > + || !strcmp(cp, ".bz2") || !strcmp(cp, ".split"))) > return(ENOENT); > > /* Construct new name */ > Index: src/lib/libstand/splitfs.c > =================================================================== > RCS file: src/lib/libstand/splitfs.c > diff -N src/lib/libstand/splitfs.c > --- /dev/null 1 Jan 1970 00:00:00 -0000 > +++ src/lib/libstand/splitfs.c 15 Mar 2002 08:40:31 -0000 > @@ -0,0 +1,287 @@ > +/* > + * Copyright (c) 2002 Maxim Sobolev > + * All rights reserved. > + * > + * Redistribution and use in source and binary forms, with or without > + * modification, are permitted provided that the following conditions > + * are met: > + * 1. Redistributions of source code must retain the above copyright > + * notice, this list of conditions and the following disclaimer. > + * 2. Redistributions in binary form must reproduce the above copyright > + * notice, this list of conditions and the following disclaimer in the > + * documentation and/or other materials provided with the distribution. > + * > + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND > + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE > + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE > + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE > + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL > + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS > + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) > + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT > + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY > + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF > + * SUCH DAMAGE. > + */ > + > +#include > +__FBSDID("$FreeBSD$"); > + > +#include "stand.h" > + > +#define NTRIES (3) > +#define CONF_BUF (512) > +#define SEEK_BUF (512) > + > +struct split_file > +{ > + char **filesv; /* Filenames */ > + char **descsv; /* Descriptions */ > + int filesc; /* Number of parts */ > + int curfile; /* Current file number */ > + int curfd; /* Current file descriptor */ > + off_t tot_pos; /* Offset from the beginning of the sequence */ > + off_t file_pos; /* Offset from the beginning of the slice */ > +}; > + > +static int splitfs_open(const char *path, struct open_file *f); > +static int splitfs_close(struct open_file *f); > +static int splitfs_read(struct open_file *f, void *buf, size_t size, size_t *resid); > +static off_t splitfs_seek(struct open_file *f, off_t offset, int where); > +static int splitfs_stat(struct open_file *f, struct stat *sb); > + > +struct fs_ops splitfs_fsops = { > + "split", > + splitfs_open, > + splitfs_close, > + splitfs_read, > + null_write, > + splitfs_seek, > + splitfs_stat, > + null_readdir > +}; > + > +static void > +split_file_destroy(struct split_file *sf) > +{ > + int i; > + > + if (sf->filesc > 0) { > + for (i = 0; i < sf->filesc; i++) { > + free(sf->filesv[i]); > + free(sf->descsv[i]); > + } > + free(sf->filesv); > + free(sf->descsv); > + } > + free(sf); > +} > + > +static int > +splitfs_open(const char *fname, struct open_file *f) > +{ > + char *buf, *confname, *cp; > + int conffd; > + struct split_file *sf; > + struct stat sb; > + > + printf("%s\n", fname); > + /* Have to be in "just read it" mode */ > + if (f->f_flags != F_READ) > + return(EPERM); > + > + /* If the name already ends in `.split', ignore it */ > + if ((cp = strrchr(fname, '.')) && (!strcmp(cp, ".split"))) > + return(ENOENT); > + > + /* Construct new name */ > + confname = malloc(strlen(fname) + 7); > + sprintf(confname, "%s.split", fname); > + > + /* Try to open the configuration file */ > + conffd = open(confname, O_RDONLY); > + free(confname); > + if (conffd == -1) > + return(ENOENT); > + > + if (fstat(conffd, &sb) < 0) { > + printf("splitfs_open: stat failed\n"); > + close(conffd); > + return(ENOENT); > + } > + if (!S_ISREG(sb.st_mode)) { > + printf("splitfs_open: not a file\n"); > + close(conffd); > + return(EISDIR); /* best guess */ > + } > + > + /* Allocate a split_file structure, populate it from the config file */ > + sf = malloc(sizeof(struct split_file)); > + bzero(sf, sizeof(struct split_file)); > + buf = malloc(CONF_BUF); > + while (fgetstr(buf, CONF_BUF, conffd) > 0) { > + cp = buf; > + while ((*cp != '\0') && (isspace(*cp) == 0)) > + cp++; > + if (*cp != '\0') { > + *cp = '\0'; > + cp++; > + } > + while ((*cp != '\0') && (isspace(*cp) != 0)) > + cp++; > + if (*cp == '\0') > + cp = buf; > + sf->filesc++; > + sf->filesv = realloc(sf->filesv, sizeof(*(sf->filesv)) * sf->filesc); > + sf->descsv = realloc(sf->descsv, sizeof(*(sf->descsv)) * sf->filesc); > + sf->filesv[sf->filesc - 1] = strdup(buf); > + sf->descsv[sf->filesc - 1] = strdup(cp); > + } > + free(buf); > + close(conffd); > + > + if ((sf->filesc == 0) || ((sf->curfd = open(sf->filesv[0], O_RDONLY)) == -1)) { > + split_file_destroy(sf); > + return(ENOENT); > + } > + > + /* Looks OK, we'll take it */ > + f->f_fsdata = sf; > + return (0); > +} > + > +static int > +splitfs_close(struct open_file *f) > +{ > + int fd; > + struct split_file *sf; > + > + sf = (struct split_file *)f->f_fsdata; > + fd = sf->curfd; > + split_file_destroy(sf); > + return(close(fd)); > +} > + > +static int > +splitfs_read(struct open_file *f, void *buf, size_t size, size_t *resid) > +{ > + int i, nread, totread; > + struct split_file *sf; > + > + sf = (struct split_file *)f->f_fsdata; > + totread = 0; > + do { > + nread = read(sf->curfd, buf, size - totread); > + > + /* Error? */ > + if (nread == -1) > + return (errno); > + > + sf->tot_pos += nread; > + sf->file_pos += nread; > + totread += nread; > + buf += nread; > + > + if (totread < size) { /* EOF */ > + if (sf->curfile == (sf->filesc - 1)) /* Last slice */ > + break; > + > + /* Close previous slice */ > + if (close(sf->curfd) != 0) > + return (errno); > + > + sf->curfile++; > + for (i = 0;; i++) { > + sf->curfd = open(sf->filesv[sf->curfile], O_RDONLY); > + if (sf->curfd >= 0) > + break; > + if ((sf->curfd == -1) && (errno != ENOENT)) > + return (errno); > + if (i == NTRIES) > + return (EIO); > + printf("\nInsert disk labelled %s and press any key...", sf->descsv[sf->curfile]); > + getchar();putchar('\n'); > + } > + sf->file_pos = 0; > + } > + } while (totread < size); > + > + if (resid != NULL) > + *resid = size - totread; > + > + return (0); > +} > + > +static off_t > +splitfs_seek(struct open_file *f, off_t offset, int where) > +{ > + int nread; > + size_t resid; > + off_t new_pos, seek_by; > + struct split_file *sf; > + > + sf = (struct split_file *)f->f_fsdata; > + > + seek_by = offset; > + switch (where) { > + case SEEK_SET: > + seek_by -= sf->tot_pos; > + break; > + case SEEK_CUR: > + break; > + case SEEK_END: > + panic("splitfs_seek: SEEK_END not supported"); > + break; > + } > + > + if (seek_by > 0) { > + /* > + * Seek forward - implemented using splitfs_read(), because otherwise we'll be > + * unable to detect that we have crossed slice boundary and hence > + * unable to do a long seek crossing that boundary. > + */ > + void *tmp; > + > + tmp = malloc(SEEK_BUF); > + if (tmp == NULL) > + return (-1); > + > + nread = 0; > + for (; seek_by > 0; seek_by -= nread) { > + resid = 0; > + errno = splitfs_read(f, tmp, min(seek_by, SEEK_BUF), &resid); > + nread = min(seek_by, SEEK_BUF) - resid; > + if ((errno != 0) || (nread == 0)) > + /* Error or EOF */ > + break; > + } > + free(tmp); > + if (errno != 0) > + return (-1); > + } > + > + if (seek_by != 0) { > + /* Seek backward or seek past the boundary of the last slice */ > + if (sf->file_pos + seek_by < 0) > + panic("splitfs_seek: can't seek past the beginning of the slice"); > + new_pos = lseek(sf->curfd, seek_by, SEEK_CUR); > + if (new_pos < 0) > + return (-1); > + sf->tot_pos += new_pos - sf->file_pos; > + sf->file_pos = new_pos; > + } > + > + return (sf->tot_pos); > +} > + > +static int > +splitfs_stat(struct open_file *f, struct stat *sb) > +{ > + int result; > + struct split_file *sf = (struct split_file *)f->f_fsdata; > + > + /* stat as normal, but indicate that size is unknown */ > + if ((result = fstat(sf->curfd, sb)) == 0) > + sb->st_size = -1; > + return (result); > +} > Index: src/lib/libstand/stand.h > =================================================================== > RCS file: /home/ncvs/src/lib/libstand/stand.h,v > retrieving revision 1.29 > diff -d -u -r1.29 stand.h > --- src/lib/libstand/stand.h 9 Mar 2002 21:02:11 -0000 1.29 > +++ src/lib/libstand/stand.h 15 Mar 2002 08:40:31 -0000 > @@ -125,6 +125,7 @@ > extern struct fs_ops bzipfs_fsops; > extern struct fs_ops dosfs_fsops; > extern struct fs_ops ext2fs_fsops; > +extern struct fs_ops splitfs_fsops; > > /* where values for lseek(2) */ > #define SEEK_SET 0 /* set file offset to offset */ > Index: src/lib/libstand/zipfs.c > =================================================================== > RCS file: /home/ncvs/src/lib/libstand/zipfs.c,v > retrieving revision 1.8 > diff -d -u -r1.8 zipfs.c > --- src/lib/libstand/zipfs.c 30 Sep 2001 22:28:01 -0000 1.8 > +++ src/lib/libstand/zipfs.c 15 Mar 2002 08:40:31 -0000 > @@ -175,7 +175,7 @@ > > /* If the name already ends in .gz or .bz2, ignore it */ > if ((cp = strrchr(fname, '.')) && (!strcmp(cp, ".gz") > - || !strcmp(cp, ".bz2"))) > + || !strcmp(cp, ".bz2") || !strcmp(cp, ".split"))) > return(ENOENT); > > /* Construct new name */ > Index: src/sys/boot/i386/loader/conf.c > =================================================================== > RCS file: /home/ncvs/src/sys/boot/i386/loader/conf.c,v > retrieving revision 1.18 > diff -d -u -r1.18 conf.c > --- src/sys/boot/i386/loader/conf.c 5 Nov 2001 18:59:13 -0000 1.18 > +++ src/sys/boot/i386/loader/conf.c 15 Mar 2002 08:40:31 -0000 > @@ -60,6 +60,7 @@ > &ext2fs_fsops, > &dosfs_fsops, > &cd9660_fsops, > + &splitfs_fsops, > #ifdef LOADER_GZIP_SUPPORT > &zipfs_fsops, > #endif -- Daniel C. Sobral (8-DCS) dcs@newsguy.com dcs@freebsd.org capo@international.bsdconspiracy.net "They did what they could to help her, using human skills -- and then, when that failed, left it in the hands of the gods. In this case," he bowed slightly, "myself. Like it or not," the demon continued, "that is my status in this region. Take it up with my priests if it bothers you." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Mar 15 17:31:44 2002 Delivered-To: freebsd-audit@freebsd.org Received: from sunny.newgold.net (durham-ar1-174-172.durham.dsl.gtei.net [4.40.174.172]) by hub.freebsd.org (Postfix) with ESMTP id 0341137B402; Fri, 15 Mar 2002 17:31:42 -0800 (PST) Received: from sunny.newgold.net (freebsd@localhost [IPv6:::1]) by sunny.newgold.net (8.12.1/8.12.1) with ESMTP id g2G1BvDF016425; Sat, 16 Mar 2002 01:12:51 GMT Received: (from freebsd@localhost) by sunny.newgold.net (8.12.1/8.12.1/Submit) id g2G1BuMQ021522; Sat, 16 Mar 2002 01:11:56 GMT Date: Sat, 16 Mar 2002 01:11:01 +0000 From: "J. Mallett" To: "J. Mallett" Cc: freebsd-audit@freebsd.org Subject: Re: patch for review: xargs standards compliance Message-ID: <20020316011101.A889@FreeBSD.ORG> References: <20020315231100.A20942@FreeBSD.ORG> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020315231100.A20942@FreeBSD.ORG> User-Agent: Mutt/1.3.21i Organisation: FreeBSD Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Updated patch: http://people.freebsd.org/~jmallett/xargs.patch2 Fixes $FreeBSD$ related things. Fixes not checking return values of strdup and malloc. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Mar 15 19: 2:15 2002 Delivered-To: freebsd-audit@freebsd.org Received: from rwcrmhc54.attbi.com (rwcrmhc54.attbi.com [216.148.227.87]) by hub.freebsd.org (Postfix) with ESMTP id 98F9837B405 for ; Fri, 15 Mar 2002 19:02:09 -0800 (PST) Received: from blossom.cjclark.org ([12.234.91.48]) by rwcrmhc54.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020316030209.WXYH1214.rwcrmhc54.attbi.com@blossom.cjclark.org>; Sat, 16 Mar 2002 03:02:09 +0000 Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.6) id g2G324b46011; Fri, 15 Mar 2002 19:02:04 -0800 (PST) (envelope-from cjc) Date: Fri, 15 Mar 2002 19:02:04 -0800 From: "Crist J. Clark" To: Dag-Erling Smorgrav Cc: audit@freebsd.org Subject: Re: Preventing chpass(1) DoS Message-ID: <20020315190204.L29705@blossom.cjclark.org> Reply-To: cjclark@alum.mit.edu References: <20020315042007.K29705@blossom.cjclark.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from des@ofug.org on Fri, Mar 15, 2002 at 03:29:52PM +0100 X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Fri, Mar 15, 2002 at 03:29:52PM +0100, Dag-Erling Smorgrav wrote: > "Crist J. Clark" writes: > > I should note that a cursory look at NetBSD and OpenBSD shows they > > both do not lock while the user is editing. > > How about using their code rather than roll our own? *shrug* Bigger diff. They also have pw_scan() exposed to the world in libc. We don't. But instead of using pw_scan() here's an approach that does the comparison "backwards" from how they do it. But other than that, it's a pretty straighforward matter to use the same approach. Anyone see any issues with this? Index: usr.bin/chpass/chpass.c =================================================================== RCS file: /export/freebsd/ncvs/src/usr.bin/chpass/chpass.c,v retrieving revision 1.18 diff -u -r1.18 chpass.c --- usr.bin/chpass/chpass.c 26 Jul 2001 23:27:10 -0000 1.18 +++ usr.bin/chpass/chpass.c 16 Mar 2002 02:51:11 -0000 @@ -83,7 +83,7 @@ char **argv; { enum { NEWSH, LOADENTRY, EDITENTRY, NEWPW, NEWEXP } op; - struct passwd *pw = NULL, lpw; + struct passwd *pw = NULL, lpw, old_pw; char *username = NULL; int ch, pfd, tfd; char *arg = NULL; @@ -160,7 +160,7 @@ uid = getuid(); - if (op == EDITENTRY || op == NEWSH || op == NEWPW || op == NEWEXP) + if (op == EDITENTRY || op == NEWSH || op == NEWPW || op == NEWEXP) { switch(argc) { #ifdef YP case 0: @@ -186,6 +186,12 @@ default: usage(); } + + /* Make a copy for later verification */ + old_pw = *pw; + old_pw.pw_gecos = strdup(old_pw.pw_gecos); + } + if (op == NEWSH) { /* protect p_shell -- it thinks NULL is /bin/sh */ if (!arg[0]) @@ -246,7 +252,6 @@ * The exit closes the master passwd fp/fd. */ pw_init(); - pfd = pw_lock(); tfd = pw_tmp(); if (op == EDITENTRY) { @@ -262,7 +267,8 @@ (void)unlink(tempname); } else { #endif /* YP */ - pw_copy(pfd, tfd, pw); + pfd = pw_lock(); + pw_copy(pfd, tfd, pw, (op == LOADENTRY) ? NULL : &old_pw); if (!pw_mkdb(username)) pw_error((char *)NULL, 0, 1); Index: usr.bin/chpass/pw_copy.c =================================================================== RCS file: /export/freebsd/ncvs/src/usr.bin/chpass/pw_copy.c,v retrieving revision 1.10 diff -u -r1.10 pw_copy.c --- usr.bin/chpass/pw_copy.c 26 Jul 2001 23:27:10 -0000 1.10 +++ usr.bin/chpass/pw_copy.c 16 Mar 2002 02:57:01 -0000 @@ -51,20 +51,38 @@ #include #include "pw_copy.h" +#define PWLINE_MAX 8192 +#define PWFIELD_MAX 20 + extern char *tempname; +static char uidstr[PWFIELD_MAX]; +static char gidstr[PWFIELD_MAX]; +static char chgstr[PWFIELD_MAX]; +static char expstr[PWFIELD_MAX]; + +static char * +pw_fmt(char *buf, size_t size, struct passwd *pw) +{ + (void)snprintf(buf, size, "%s:%s:%s:%s:%s:%s:%s:%s:%s:%s\n", + pw->pw_name, pw->pw_passwd, + pw->pw_fields & _PWF_UID ? uidstr : "", + pw->pw_fields & _PWF_GID ? gidstr : "", + pw->pw_class, + pw->pw_fields & _PWF_CHANGE ? chgstr : "", + pw->pw_fields & _PWF_EXPIRE ? expstr : "", + pw->pw_gecos, pw->pw_dir, pw->pw_shell); + return buf; +} + void -pw_copy(ffd, tfd, pw) +pw_copy(ffd, tfd, pw, old_pw) int ffd, tfd; - struct passwd *pw; + struct passwd *pw, *old_pw; { FILE *from, *to; int done; - char *p, buf[8192]; - char uidstr[20]; - char gidstr[20]; - char chgstr[20]; - char expstr[20]; + char *p, buf[PWLINE_MAX], old_buf[PWLINE_MAX]; snprintf(uidstr, sizeof(uidstr), "%lu", (unsigned long)pw->pw_uid); snprintf(gidstr, sizeof(gidstr), "%lu", (unsigned long)pw->pw_gid); @@ -108,14 +126,13 @@ goto err; continue; } - (void)fprintf(to, "%s:%s:%s:%s:%s:%s:%s:%s:%s:%s\n", - pw->pw_name, pw->pw_passwd, - pw->pw_fields & _PWF_UID ? uidstr : "", - pw->pw_fields & _PWF_GID ? gidstr : "", - pw->pw_class, - pw->pw_fields & _PWF_CHANGE ? chgstr : "", - pw->pw_fields & _PWF_EXPIRE ? expstr : "", - pw->pw_gecos, pw->pw_dir, pw->pw_shell); + *p = ':'; + if (old_pw != NULL && + strcmp(buf, pw_fmt(old_buf, sizeof(old_buf), old_pw)) != 0) { + warnx("%s: entry inconsistent", _PATH_MASTERPASSWD); + pw_error(NULL, 0, 1); + } + (void)fprintf(to, "%s", pw_fmt(buf, sizeof(buf), pw)); done = 1; if (ferror(to)) goto err; Index: usr.bin/chpass/pw_copy.h =================================================================== RCS file: /export/freebsd/ncvs/src/usr.bin/chpass/pw_copy.h,v retrieving revision 1.1.1.1 diff -u -r1.1.1.1 pw_copy.h --- usr.bin/chpass/pw_copy.h 27 May 1994 12:30:55 -0000 1.1.1.1 +++ usr.bin/chpass/pw_copy.h 16 Mar 2002 02:00:19 -0000 @@ -33,4 +33,4 @@ * @(#)pw_copy.h 8.1 (Berkeley) 4/2/94 */ -void pw_copy __P((int, int, struct passwd *)); +void pw_copy __P((int, int, struct passwd *, struct passwd *)); -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Mar 15 23:58: 7 2002 Delivered-To: freebsd-audit@freebsd.org Received: from rwcrmhc52.attbi.com (rwcrmhc52.attbi.com [216.148.227.88]) by hub.freebsd.org (Postfix) with ESMTP id 70CB337B41B for ; Fri, 15 Mar 2002 23:57:59 -0800 (PST) Received: from blossom.cjclark.org ([12.234.91.48]) by rwcrmhc52.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020316075758.BRAG1147.rwcrmhc52.attbi.com@blossom.cjclark.org>; Sat, 16 Mar 2002 07:57:58 +0000 Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.6) id g2G7vwj46574; Fri, 15 Mar 2002 23:57:58 -0800 (PST) (envelope-from cjc) Date: Fri, 15 Mar 2002 23:57:58 -0800 From: "Crist J. Clark" To: Dag-Erling Smorgrav Cc: audit@FreeBSD.ORG Subject: Re: Preventing chpass(1) DoS Message-ID: <20020315235758.N29705@blossom.cjclark.org> References: <20020315042007.K29705@blossom.cjclark.org> <20020315190204.L29705@blossom.cjclark.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020315190204.L29705@blossom.cjclark.org>; from crist.clark@attbi.com on Fri, Mar 15, 2002 at 07:02:04PM -0800 X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Fri, Mar 15, 2002 at 07:02:04PM -0800, Crist J. Clark wrote: > On Fri, Mar 15, 2002 at 03:29:52PM +0100, Dag-Erling Smorgrav wrote: > > "Crist J. Clark" writes: > > > I should note that a cursory look at NetBSD and OpenBSD shows they > > > both do not lock while the user is editing. > > > > How about using their code rather than roll our own? > > *shrug* Bigger diff. They also have pw_scan() exposed to the world in > libc. We don't. But instead of using pw_scan() here's an approach that > does the comparison "backwards" from how they do it. But other than > that, it's a pretty straighforward matter to use the same approach. > > Anyone see any issues with this? [snip] Well, since no one responded, I guess no one is really checking the patches. I somehow sent patches that were from halfway through the complete changes. _These_ are the real ones, Index: usr.bin/chpass/chpass.c =================================================================== RCS file: /export/freebsd/ncvs/src/usr.bin/chpass/chpass.c,v retrieving revision 1.18 diff -u -r1.18 chpass.c --- usr.bin/chpass/chpass.c 26 Jul 2001 23:27:10 -0000 1.18 +++ usr.bin/chpass/chpass.c 16 Mar 2002 02:51:11 -0000 @@ -83,7 +83,7 @@ char **argv; { enum { NEWSH, LOADENTRY, EDITENTRY, NEWPW, NEWEXP } op; - struct passwd *pw = NULL, lpw; + struct passwd *pw = NULL, lpw, old_pw; char *username = NULL; int ch, pfd, tfd; char *arg = NULL; @@ -160,7 +160,7 @@ uid = getuid(); - if (op == EDITENTRY || op == NEWSH || op == NEWPW || op == NEWEXP) + if (op == EDITENTRY || op == NEWSH || op == NEWPW || op == NEWEXP) { switch(argc) { #ifdef YP case 0: @@ -186,6 +186,12 @@ default: usage(); } + + /* Make a copy for later verification */ + old_pw = *pw; + old_pw.pw_gecos = strdup(old_pw.pw_gecos); + } + if (op == NEWSH) { /* protect p_shell -- it thinks NULL is /bin/sh */ if (!arg[0]) @@ -246,7 +252,6 @@ * The exit closes the master passwd fp/fd. */ pw_init(); - pfd = pw_lock(); tfd = pw_tmp(); if (op == EDITENTRY) { @@ -262,7 +267,8 @@ (void)unlink(tempname); } else { #endif /* YP */ - pw_copy(pfd, tfd, pw); + pfd = pw_lock(); + pw_copy(pfd, tfd, pw, (op == LOADENTRY) ? NULL : &old_pw); if (!pw_mkdb(username)) pw_error((char *)NULL, 0, 1); Index: usr.bin/chpass/pw_copy.c =================================================================== RCS file: /export/freebsd/ncvs/src/usr.bin/chpass/pw_copy.c,v retrieving revision 1.10 diff -u -r1.10 pw_copy.c --- usr.bin/chpass/pw_copy.c 26 Jul 2001 23:27:10 -0000 1.10 +++ usr.bin/chpass/pw_copy.c 16 Mar 2002 05:47:30 -0000 @@ -51,26 +51,44 @@ #include #include "pw_copy.h" +#define PWLINE_MAX 8192 +#define PWFIELD_MAX 20 + extern char *tempname; -void -pw_copy(ffd, tfd, pw) - int ffd, tfd; - struct passwd *pw; +static char * +pw_fmt(char *buf, size_t size, struct passwd *pw) { - FILE *from, *to; - int done; - char *p, buf[8192]; - char uidstr[20]; - char gidstr[20]; - char chgstr[20]; - char expstr[20]; + char uidstr[PWFIELD_MAX]; + char gidstr[PWFIELD_MAX]; + char chgstr[PWFIELD_MAX]; + char expstr[PWFIELD_MAX]; snprintf(uidstr, sizeof(uidstr), "%lu", (unsigned long)pw->pw_uid); snprintf(gidstr, sizeof(gidstr), "%lu", (unsigned long)pw->pw_gid); snprintf(chgstr, sizeof(chgstr), "%ld", (long)pw->pw_change); snprintf(expstr, sizeof(expstr), "%ld", (long)pw->pw_expire); + (void)snprintf(buf, size, "%s:%s:%s:%s:%s:%s:%s:%s:%s:%s\n", + pw->pw_name, pw->pw_passwd, + pw->pw_fields & _PWF_UID ? uidstr : "", + pw->pw_fields & _PWF_GID ? gidstr : "", + pw->pw_class, + pw->pw_fields & _PWF_CHANGE ? chgstr : "", + pw->pw_fields & _PWF_EXPIRE ? expstr : "", + pw->pw_gecos, pw->pw_dir, pw->pw_shell); + return buf; +} + +void +pw_copy(ffd, tfd, pw, old_pw) + int ffd, tfd; + struct passwd *pw, *old_pw; +{ + FILE *from, *to; + int done; + char *p, buf[PWLINE_MAX], old_buf[PWLINE_MAX]; + if (!(from = fdopen(ffd, "r"))) pw_error(_PATH_MASTERPASSWD, 1, 1); if (!(to = fdopen(tfd, "w"))) @@ -108,14 +126,13 @@ goto err; continue; } - (void)fprintf(to, "%s:%s:%s:%s:%s:%s:%s:%s:%s:%s\n", - pw->pw_name, pw->pw_passwd, - pw->pw_fields & _PWF_UID ? uidstr : "", - pw->pw_fields & _PWF_GID ? gidstr : "", - pw->pw_class, - pw->pw_fields & _PWF_CHANGE ? chgstr : "", - pw->pw_fields & _PWF_EXPIRE ? expstr : "", - pw->pw_gecos, pw->pw_dir, pw->pw_shell); + *p = ':'; + if (old_pw != NULL && + strcmp(buf, pw_fmt(old_buf, sizeof(old_buf), old_pw)) != 0) { + warnx("%s: entry inconsistent", _PATH_MASTERPASSWD); + pw_error(NULL, 0, 1); + } + (void)fprintf(to, "%s", pw_fmt(buf, sizeof(buf), pw)); done = 1; if (ferror(to)) goto err; @@ -129,14 +146,7 @@ pw_error(NULL, 0, 1); } else #endif /* YP */ - (void)fprintf(to, "%s:%s:%s:%s:%s:%s:%s:%s:%s:%s\n", - pw->pw_name, pw->pw_passwd, - pw->pw_fields & _PWF_UID ? uidstr : "", - pw->pw_fields & _PWF_GID ? gidstr : "", - pw->pw_class, - pw->pw_fields & _PWF_CHANGE ? chgstr : "", - pw->pw_fields & _PWF_EXPIRE ? expstr : "", - pw->pw_gecos, pw->pw_dir, pw->pw_shell); + (void)fprintf(to, "%s", pw_fmt(buf, sizeof(buf), pw)); } if (ferror(to)) Index: usr.bin/chpass/pw_copy.h =================================================================== RCS file: /export/freebsd/ncvs/src/usr.bin/chpass/pw_copy.h,v retrieving revision 1.1.1.1 diff -u -r1.1.1.1 pw_copy.h --- usr.bin/chpass/pw_copy.h 27 May 1994 12:30:55 -0000 1.1.1.1 +++ usr.bin/chpass/pw_copy.h 16 Mar 2002 02:00:19 -0000 @@ -33,4 +33,4 @@ * @(#)pw_copy.h 8.1 (Berkeley) 4/2/94 */ -void pw_copy __P((int, int, struct passwd *)); +void pw_copy __P((int, int, struct passwd *, struct passwd *)); -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sat Mar 16 0:25:33 2002 Delivered-To: freebsd-audit@freebsd.org Received: from descent.robbins.dropbear.id.au (249.a.007.mel.iprimus.net.au [210.50.80.249]) by hub.freebsd.org (Postfix) with ESMTP id B484237B402; Sat, 16 Mar 2002 00:25:29 -0800 (PST) Received: (from tim@localhost) by descent.robbins.dropbear.id.au (8.11.6/8.11.6) id g2G8QU805396; Sat, 16 Mar 2002 19:26:30 +1100 (EST) (envelope-from tim) Date: Sat, 16 Mar 2002 19:26:29 +1100 From: "Tim J. Robbins" To: "J. Mallett" Cc: freebsd-audit@FreeBSD.ORG Subject: Re: patch for review: xargs standards compliance Message-ID: <20020316192629.A5254@descent.robbins.dropbear.id.au> References: <20020315231100.A20942@FreeBSD.ORG> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020315231100.A20942@FreeBSD.ORG>; from jmallett@FreeBSD.ORG on Fri, Mar 15, 2002 at 11:11:00PM +0000 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Fri, Mar 15, 2002 at 11:11:00PM +0000, J. Mallett wrote: > In detail, it adds: -E, -I, -L, -t; As far as flags go. > > I'm looking to commit this after the weekend, so review would be > appreciated, comments and flames welcome... Three days sound good? Check that the way -I handles empty strings (xargs -I "") is what you intend. Solaris checks that the argument is not empty: xargs: Must specify subargment for -I Tim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sat Mar 16 1:21:43 2002 Delivered-To: freebsd-audit@freebsd.org Received: from sunny.newgold.net (durham-ar1-174-172.durham.dsl.gtei.net [4.40.174.172]) by hub.freebsd.org (Postfix) with ESMTP id C5AEF37B404; Sat, 16 Mar 2002 01:21:38 -0800 (PST) Received: from sunny.newgold.net (freebsd@localhost [IPv6:::1]) by sunny.newgold.net (8.12.1/8.12.1) with ESMTP id g2G91SDF010985; Sat, 16 Mar 2002 09:02:50 GMT Received: (from freebsd@localhost) by sunny.newgold.net (8.12.1/8.12.1/Submit) id g2G91QXp020606; Sat, 16 Mar 2002 09:01:26 GMT Date: Sat, 16 Mar 2002 09:00:04 +0000 From: "J. Mallett" To: "Tim J. Robbins" Cc: "J. Mallett" , freebsd-audit@FreeBSD.ORG Subject: Re: patch for review: xargs standards compliance Message-ID: <20020316090004.A26394@FreeBSD.ORG> References: <20020315231100.A20942@FreeBSD.ORG> <20020316192629.A5254@descent.robbins.dropbear.id.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020316192629.A5254@descent.robbins.dropbear.id.au> User-Agent: Mutt/1.3.21i Organisation: FreeBSD Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sat, Mar 16, 2002 at 07:26:29PM +1100, Tim J. Robbins wrote: > On Fri, Mar 15, 2002 at 11:11:00PM +0000, J. Mallett wrote: > > > In detail, it adds: -E, -I, -L, -t; As far as flags go. > > > > I'm looking to commit this after the weekend, so review would be > > appreciated, comments and flames welcome... Three days sound good? > > Check that the way -I handles empty strings (xargs -I "") is what you > intend. Solaris checks that the argument is not empty: > xargs: Must specify subargment for -I Solaris not recognising that '' and "" are arguments is probably a difference in getopt implementations? We don't check for -J, should I really try to check for -I? I'm happy to, I just don't know if this is standard practice, and so on. Thanks /j. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sat Mar 16 1:40:33 2002 Delivered-To: freebsd-audit@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id 749E337B400; Sat, 16 Mar 2002 01:40:30 -0800 (PST) Received: by flood.ping.uio.no (Postfix, from userid 2602) id 99A145347; Sat, 16 Mar 2002 10:40:27 +0100 (CET) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: "J. Mallett" Cc: "Tim J. Robbins" , freebsd-audit@FreeBSD.ORG Subject: Re: patch for review: xargs standards compliance References: <20020315231100.A20942@FreeBSD.ORG> <20020316192629.A5254@descent.robbins.dropbear.id.au> <20020316090004.A26394@FreeBSD.ORG> From: Dag-Erling Smorgrav Date: 16 Mar 2002 10:40:26 +0100 In-Reply-To: <20020316090004.A26394@FreeBSD.ORG> Message-ID: Lines: 13 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.1 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG "J. Mallett" writes: > Solaris not recognising that '' and "" are arguments is probably a > difference in getopt implementations? No, Solaris' xargs specifically checks that the argument to -E and -I is not empty. I have the source in front of me. BTW, '' and "" are the exact same thing - an empty string - as the quotes are stripped by the shell before xargs is invoked. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sat Mar 16 1:56:43 2002 Delivered-To: freebsd-audit@freebsd.org Received: from sunny.newgold.net (durham-ar1-174-172.durham.dsl.gtei.net [4.40.174.172]) by hub.freebsd.org (Postfix) with ESMTP id E48DF37B416; Sat, 16 Mar 2002 01:56:40 -0800 (PST) Received: from sunny.newgold.net (freebsd@localhost [IPv6:::1]) by sunny.newgold.net (8.12.1/8.12.1) with ESMTP id g2G9aUDF019342; Sat, 16 Mar 2002 09:37:52 GMT Received: (from freebsd@localhost) by sunny.newgold.net (8.12.1/8.12.1/Submit) id g2G9aTku023943; Sat, 16 Mar 2002 09:36:29 GMT Date: Sat, 16 Mar 2002 09:35:07 +0000 From: "J. Mallett" To: Dag-Erling Smorgrav Cc: "J. Mallett" , "Tim J. Robbins" , freebsd-audit@FreeBSD.ORG Subject: Re: patch for review: xargs standards compliance Message-ID: <20020316093507.B26394@FreeBSD.ORG> References: <20020315231100.A20942@FreeBSD.ORG> <20020316192629.A5254@descent.robbins.dropbear.id.au> <20020316090004.A26394@FreeBSD.ORG> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.21i Organisation: FreeBSD Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sat, Mar 16, 2002 at 10:40:26AM +0100, Dag-Erling Smorgrav wrote: > "J. Mallett" writes: > > Solaris not recognising that '' and "" are arguments is probably a > > difference in getopt implementations? > > No, Solaris' xargs specifically checks that the argument to -E and -I > is not empty. I have the source in front of me. Should we do this then? > BTW, '' and "" are the exact same thing - an empty string - as the > quotes are stripped by the shell before xargs is invoked. Yes, I am aware. /j. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sat Mar 16 2: 2:45 2002 Delivered-To: freebsd-audit@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id 26CE137B400; Sat, 16 Mar 2002 02:02:43 -0800 (PST) Received: by flood.ping.uio.no (Postfix, from userid 2602) id 6CD845347; Sat, 16 Mar 2002 11:02:40 +0100 (CET) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: "J. Mallett" Cc: "Tim J. Robbins" , freebsd-audit@FreeBSD.ORG Subject: Re: patch for review: xargs standards compliance References: <20020315231100.A20942@FreeBSD.ORG> <20020316192629.A5254@descent.robbins.dropbear.id.au> <20020316090004.A26394@FreeBSD.ORG> <20020316093507.B26394@FreeBSD.ORG> From: Dag-Erling Smorgrav Date: 16 Mar 2002 11:02:40 +0100 In-Reply-To: <20020316093507.B26394@FreeBSD.ORG> Message-ID: Lines: 11 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.1 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG "J. Mallett" writes: > On Sat, Mar 16, 2002 at 10:40:26AM +0100, Dag-Erling Smorgrav wrote: > > No, Solaris' xargs specifically checks that the argument to -E and -I > > is not empty. I have the source in front of me. > Should we do this then? Why not? An empty string doesn't make sense for either of them. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sat Mar 16 2:12:18 2002 Delivered-To: freebsd-audit@freebsd.org Received: from ouch.Oof.NET (ouch.Oof.NET [207.99.30.50]) by hub.freebsd.org (Postfix) with ESMTP id 8CE6537B41A for ; Sat, 16 Mar 2002 02:12:11 -0800 (PST) Received: by ouch.Oof.NET (Postfix, from userid 1001) id 830ED285C1; Sat, 16 Mar 2002 10:12:32 +0000 (UTC) Date: Sat, 16 Mar 2002 10:12:32 +0000 From: Anatole Shaw To: freebsd-audit@freebsd.org Subject: regex for tcpwrappers Message-ID: <20020316101232.C65694@ouch.Oof.NET> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="qDbXVdCdHGoSgWSk" Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --qDbXVdCdHGoSgWSk Content-Type: text/plain; charset=us-ascii Content-Disposition: inline This is my patch that adds extended regular expressions to tcpwrappers. I wrote it so that I could permit selected cities from DialSprint.net, which lumps the city, state and other information all into the third level of DNS. For example, with this patch, the tcpwrappers token ~^sdn-ar-...cthart....\.dialsprint\.net$ will only match the DialSprint pool in Hartford, Connecticut. Pretty useful I think. Any committers care to review? --Anatole Shaw --qDbXVdCdHGoSgWSk Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="tcpwrappers-regex.patch" --- contrib/tcp_wrappers/hosts_access.c.orig Tue Jul 18 08:34:54 2000 +++ contrib/tcp_wrappers/hosts_access.c Thu Mar 14 06:45:02 2002 @@ -41,6 +41,7 @@ #include #include #include +#include #ifdef INET6 #include #endif @@ -93,6 +94,7 @@ static int host_match(); static int string_match(); static int masked_match(); +static int regex_match(); #ifdef INET6 static int masked_match4(); static int masked_match6(); @@ -336,6 +338,8 @@ if (tok[0] == '.') { /* suffix */ n = strlen(string) - strlen(tok); return (n > 0 && STR_EQ(tok, string + n)); + } else if (tok[0] == '~') { /* regex */ + return (regex_match(tok+1, string)); } else if (STR_EQ(tok, "ALL")) { /* all: match any */ return (YES); } else if (STR_EQ(tok, "KNOWN")) { /* not unknown */ @@ -378,6 +382,45 @@ #endif return (STR_EQ(tok, string)); } +} + +/* regex_match - match string against regular expression */ + +static int regex_match(exp, string) +char *exp; +char *string; +{ + regex_t preg; + int errn; + char errstr[256]; + + if ( *exp == '\0' ) { + tcpd_warn("null regular expression"); + return (NO); + } + errn = regcomp(&preg, exp, REG_EXTENDED | REG_ICASE | REG_NOSUB); + if ( errn != 0 ) { + regerror(errn, &preg, errstr, 256); + regfree(&preg); + tcpd_warn("error in regex: %s", errstr); + return (NO); + } + errn = regexec(&preg, string, 0, NULL, 0); + if ( errn == 0 ) { + regfree(&preg); + return (YES); + } else if ( errn == REG_NOMATCH ) { + regfree(&preg); + return (NO); + } else { + regerror(errn, &preg, errstr, 256); + regfree(&preg); + tcpd_warn("could not execute regex: %s", errstr); + return (NO); + } + /* unreached */ + regfree(&preg); + return (NO); } /* masked_match - match address against netnumber/netmask */ --- contrib/tcp_wrappers/hosts_access.5.orig Thu Feb 3 10:26:57 2000 +++ contrib/tcp_wrappers/hosts_access.5 Thu Mar 14 06:13:06 2002 @@ -103,6 +103,15 @@ zero or more lines with zero or more host name or address patterns separated by whitespace. A file name pattern can be used anywhere a host name or address pattern can be used. +.IP \(bu +A string that begins with a `~\' character. +The address (and hostname, if available) are matched +against the extended regular expression (see \fIre_format(7)\fR) +which follows the `~\' character. +For example, the pattern `~^nyc[0-9]+\\.example\\.com$\' matches the host name +`nyc23.example.com\' but neither `nyc.example.com\' nor `nyc42.example.com.au\'. +The comparison is not case-sensitive, and it is both impossible and useless +for spaces to appear in the expression. .SH WILDCARDS The access control language supports explicit wildcards: .IP ALL --qDbXVdCdHGoSgWSk-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sat Mar 16 2:36:10 2002 Delivered-To: freebsd-audit@freebsd.org Received: from sunny.newgold.net (durham-ar1-174-172.durham.dsl.gtei.net [4.40.174.172]) by hub.freebsd.org (Postfix) with ESMTP id E9C8137B402; Sat, 16 Mar 2002 02:36:07 -0800 (PST) Received: from sunny.newgold.net (freebsd@localhost [IPv6:::1]) by sunny.newgold.net (8.12.1/8.12.1) with ESMTP id g2GAFwDF011317; Sat, 16 Mar 2002 10:17:19 GMT Received: (from freebsd@localhost) by sunny.newgold.net (8.12.1/8.12.1/Submit) id g2GAFu1H015527; Sat, 16 Mar 2002 10:15:56 GMT Date: Sat, 16 Mar 2002 10:14:35 +0000 From: "J. Mallett" To: Dag-Erling Smorgrav Cc: "J. Mallett" , "Tim J. Robbins" , freebsd-audit@FreeBSD.ORG Subject: Re: patch for review: xargs standards compliance Message-ID: <20020316101434.A2192@FreeBSD.ORG> References: <20020315231100.A20942@FreeBSD.ORG> <20020316192629.A5254@descent.robbins.dropbear.id.au> <20020316090004.A26394@FreeBSD.ORG> <20020316093507.B26394@FreeBSD.ORG> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.21i Organisation: FreeBSD Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sat, Mar 16, 2002 at 11:02:40AM +0100, Dag-Erling Smorgrav wrote: > "J. Mallett" writes: > > On Sat, Mar 16, 2002 at 10:40:26AM +0100, Dag-Erling Smorgrav wrote: > > > No, Solaris' xargs specifically checks that the argument to -E and -I > > > is not empty. I have the source in front of me. > > Should we do this then? > > Why not? An empty string doesn't make sense for either of them. http://people.freebsd.org/~jmallett/xargs.patch3 freefall% ./xargs -I '' xargs: replstr may not be empty I'm referring to it as 'replstr' as it is referred to as such in: o) The code o) The manpage o) The usage() Thanks, /j. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sat Mar 16 9:30:56 2002 Delivered-To: freebsd-audit@freebsd.org Received: from storm.FreeBSD.org.uk (storm.FreeBSD.org.uk [194.242.139.170]) by hub.freebsd.org (Postfix) with ESMTP id CC39737B417 for ; Sat, 16 Mar 2002 09:30:40 -0800 (PST) Received: (from uucp@localhost) by storm.FreeBSD.org.uk (8.11.6/8.11.6) with UUCP id g2GHUaS63052; Sat, 16 Mar 2002 17:30:36 GMT (envelope-from mark@grimreaper.grondar.za) Received: from grimreaper (localhost [127.0.0.1]) by grimreaper.grondar.org (8.12.2/8.12.2) with ESMTP id g2GHQO0n011948; Sat, 16 Mar 2002 17:26:24 GMT (envelope-from mark@grimreaper.grondar.za) Message-Id: <200203161726.g2GHQO0n011948@grimreaper.grondar.org> To: Anatole Shaw Cc: freebsd-audit@FreeBSD.ORG Subject: Re: regex for tcpwrappers References: <20020316101232.C65694@ouch.Oof.NET> In-Reply-To: <20020316101232.C65694@ouch.Oof.NET> ; from Anatole Shaw "Sat, 16 Mar 2002 10:12:32 GMT." Date: Sat, 16 Mar 2002 17:26:24 +0000 From: Mark Murray Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi This looks good; but please submit it to the TCP_wrapper author. You'll find him at www.porcupine.org (Wietse Venema). Thanks! M > > --qDbXVdCdHGoSgWSk > Content-Type: text/plain; charset=us-ascii > Content-Disposition: inline > > This is my patch that adds extended regular expressions to tcpwrappers. > I wrote it so that I could permit selected cities from DialSprint.net, > which lumps the city, state and other information all into the third > level of DNS. For example, with this patch, the tcpwrappers token > ~^sdn-ar-...cthart....\.dialsprint\.net$ > will only match the DialSprint pool in Hartford, Connecticut. Pretty > useful I think. Any committers care to review? > --Anatole Shaw > > --qDbXVdCdHGoSgWSk > Content-Type: text/plain; charset=us-ascii > Content-Disposition: attachment; filename="tcpwrappers-regex.patch" > > --- contrib/tcp_wrappers/hosts_access.c.orig Tue Jul 18 08:34:54 2000 > +++ contrib/tcp_wrappers/hosts_access.c Thu Mar 14 06:45:02 2002 > @@ -41,6 +41,7 @@ > #include > #include > #include > +#include > #ifdef INET6 > #include > #endif > @@ -93,6 +94,7 @@ > static int host_match(); > static int string_match(); > static int masked_match(); > +static int regex_match(); > #ifdef INET6 > static int masked_match4(); > static int masked_match6(); > @@ -336,6 +338,8 @@ > if (tok[0] == '.') { /* suffix */ > n = strlen(string) - strlen(tok); > return (n > 0 && STR_EQ(tok, string + n)); > + } else if (tok[0] == '~') { /* regex */ > + return (regex_match(tok+1, string)); > } else if (STR_EQ(tok, "ALL")) { /* all: match any */ > return (YES); > } else if (STR_EQ(tok, "KNOWN")) { /* not unknown */ > @@ -378,6 +382,45 @@ > #endif > return (STR_EQ(tok, string)); > } > +} > + > +/* regex_match - match string against regular expression */ > + > +static int regex_match(exp, string) > +char *exp; > +char *string; > +{ > + regex_t preg; > + int errn; > + char errstr[256]; > + > + if ( *exp == '\0' ) { > + tcpd_warn("null regular expression"); > + return (NO); > + } > + errn = regcomp(&preg, exp, REG_EXTENDED | REG_ICASE | REG_NOSUB); > + if ( errn != 0 ) { > + regerror(errn, &preg, errstr, 256); > + regfree(&preg); > + tcpd_warn("error in regex: %s", errstr); > + return (NO); > + } > + errn = regexec(&preg, string, 0, NULL, 0); > + if ( errn == 0 ) { > + regfree(&preg); > + return (YES); > + } else if ( errn == REG_NOMATCH ) { > + regfree(&preg); > + return (NO); > + } else { > + regerror(errn, &preg, errstr, 256); > + regfree(&preg); > + tcpd_warn("could not execute regex: %s", errstr); > + return (NO); > + } > + /* unreached */ > + regfree(&preg); > + return (NO); > } > > /* masked_match - match address against netnumber/netmask */ > --- contrib/tcp_wrappers/hosts_access.5.orig Thu Feb 3 10:26:57 2000 > +++ contrib/tcp_wrappers/hosts_access.5 Thu Mar 14 06:13:06 2002 > @@ -103,6 +103,15 @@ > zero or more lines with zero or more host name or address patterns > separated by whitespace. A file name pattern can be used anywhere > a host name or address pattern can be used. > +.IP \(bu > +A string that begins with a `~\' character. > +The address (and hostname, if available) are matched > +against the extended regular expression (see \fIre_format(7)\fR) > +which follows the `~\' character. > +For example, the pattern `~^nyc[0-9]+\\.example\\.com$\' matches the host name > +`nyc23.example.com\' but neither `nyc.example.com\' nor `nyc42.example.com.au\'. > +The comparison is not case-sensitive, and it is both impossible and useless > +for spaces to appear in the expression. > .SH WILDCARDS > The access control language supports explicit wildcards: > .IP ALL > > --qDbXVdCdHGoSgWSk-- > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-audit" in the body of the message -- o Mark Murray \_ O.\_ Warning: this .sig is umop ap!sdn To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message