From owner-freebsd-audit@FreeBSD.ORG Sun Aug 10 07:33:45 2003 Return-Path: Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D8A3037B401 for ; Sun, 10 Aug 2003 07:33:45 -0700 (PDT) Received: from srv1.cosmo-project.de (srv1.cosmo-project.de [213.83.6.106]) by mx1.FreeBSD.org (Postfix) with ESMTP id AC68C43F85 for ; Sun, 10 Aug 2003 07:33:44 -0700 (PDT) (envelope-from ticso@cicely12.cicely.de) Received: from cicely5.cicely.de (cicely5.cicely.de [IPv6:3ffe:400:8d0:301:200:92ff:fe9b:20e7]) (authenticated bits=0) by srv1.cosmo-project.de (8.12.9/8.12.9) with ESMTP id h7AEXdaK072238 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=OK) for ; Sun, 10 Aug 2003 16:33:42 +0200 (CEST) (envelope-from ticso@cicely12.cicely.de) Received: from cicely12.cicely.de (cicely12.cicely.de [IPv6:3ffe:400:8d0:301::12]) by cicely5.cicely.de (8.12.9/8.12.9) with ESMTP id h7AEXcA4008580 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Sun, 10 Aug 2003 16:33:39 +0200 (CEST) (envelope-from ticso@cicely12.cicely.de) Received: from cicely12.cicely.de (localhost [127.0.0.1]) by cicely12.cicely.de (8.12.9/8.12.9) with ESMTP id h7AEXcNS060376 for ; Sun, 10 Aug 2003 16:33:38 +0200 (CEST) (envelope-from ticso@cicely12.cicely.de) Received: (from ticso@localhost) by cicely12.cicely.de (8.12.9/8.12.9/Submit) id h7AEXbfQ060375 for freebsd-audit@freebsd.org; Sun, 10 Aug 2003 16:33:37 +0200 (CEST) Date: Sun, 10 Aug 2003 16:33:37 +0200 From: Bernd Walter To: freebsd-audit@freebsd.org Message-ID: <20030810143336.GT46866@cicely12.cicely.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Operating-System: FreeBSD cicely12.cicely.de 5.1-CURRENT alpha User-Agent: Mutt/1.5.4i Subject: review for newbus usage needed X-BeenThere: freebsd-audit@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: ticso@cicely.de List-Id: FreeBSD Security Audit List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Aug 2003 14:33:46 -0000 Index: iicbus.c =================================================================== RCS file: /home/ncvs/src/sys/dev/iicbus/iicbus.c,v retrieving revision 1.16 diff -u -r1.16 iicbus.c --- iicbus.c 23 Mar 2002 15:47:17 -0000 1.16 +++ iicbus.c 10 Aug 2003 14:29:39 -0000 @@ -132,9 +132,7 @@ printf("\n"); #endif - /* attach any known device */ - device_add_child(dev, NULL, -1); - + bus_generic_probe(dev); bus_generic_attach(dev); return (0); Exit 1 Without this change only iic attaches to iicbus. With this change iic and iicsmd attaches as intended. Is this the correct fix? Is it correct bahavour that device_add_child(dev, NULL, -1); only attaches a single match? -- B.Walter BWCT http://www.bwct.de ticso@bwct.de info@bwct.de From owner-freebsd-audit@FreeBSD.ORG Mon Aug 11 08:45:55 2003 Return-Path: Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C051437B401; Mon, 11 Aug 2003 08:45:55 -0700 (PDT) Received: from mail.imp.ch (mail.imp.ch [157.161.1.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 746C643FAF; Mon, 11 Aug 2003 08:45:52 -0700 (PDT) (envelope-from mb@imp.ch) Received: from nbs.imp.ch (nbs.imp.ch [157.161.4.7]) by mail.imp.ch (8.12.6p2/8.12.3) with ESMTP id h7BFjkYc014249; Mon, 11 Aug 2003 17:45:47 +0200 (CEST) (envelope-from Martin.Blapp@imp.ch) Received: from cvs.imp.ch (cvs.imp.ch [157.161.4.9]) by nbs.imp.ch (8.12.8/8.12.3) with ESMTP id h7BFjklH9009172; Mon, 11 Aug 2003 17:45:46 +0200 (MES) Date: Mon, 11 Aug 2003 17:45:46 +0200 (CEST) From: Martin Blapp To: freebsd-audit@freebsd.org Message-ID: <20030811173926.R2686@cvs.imp.ch> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: rwatson@freebsd.org cc: imp@imp.com Subject: pccard_ether and dhcp handling - please decide ... X-BeenThere: freebsd-audit@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Security Audit List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Aug 2003 15:45:56 -0000 Hi all, I'd like to know if I should commit this patch and make pccard_ether more useful, while I'm working on a cleaner solution. Until this is done, a lot of time can pass. Maybe I'll have it done next year. The goal is to write a dhcp client which is better designed that the ISC dhclient. This patch is very useful for me. I know that many of you may be against it because it's a workaround. But it's still a lot better than the current situation ! So can we decide it if I should commit it or not ? If the majority thinks it's bad, I'll just keep it in my homedir if noone is interested. Martin --------------------------------------------------------------- Simplify the pccard dhcp handling a lot. There are now many configurations which have a NIC on board, and pccard slots. If a dhclient is running on the internal nic, the user was forced to kill a running dhclient manually. If now a pccard is included at startup time, /etc/rc.d/dhclient start does include it into the startup list for dhcp devices. That means you can you then dhcp on the internal and the pccard device. If the card is plugged in later, a running dhclient (working for the internal interface only) is killed, and restarted, but the interface name of the new pccard is added to the internal name. After removal, /etc/rc.d/dhclient is started again. This script does nothing if there are no devices in /etc/rc.conf --- etc/network.subr Sat Aug 9 11:48:47 2003 +++ etc/network.subr Sat Aug 9 14:10:59 2003 @@ -299,6 +299,24 @@ esac done + case ${pccard_ifconfig} in + [Dd][Hh][Cc][Pp]) + for _if in ${removable_interfaces} ; do + _test_if=`ifconfig ${_if} 2>&1` + case "$_test_if" in + "ifconfig: interface $_if does not exist") + ;; + *) + _dhcplist="${_dhcplist}${_aprefix}${_if}" + [ -z "$_aprefix" ] && _aprefix=' ' + ;; + esac + done + ;; + *) + ;; + esac + case "$type" in nodhcp) echo $_nodhcplist --- etc/pccard_ether Thu Jun 26 04:44:08 2003 +++ etc/pccard_ether Sun Aug 10 23:16:24 2003 @@ -12,11 +12,40 @@ pidfile="/var/run/dhclient.${interface}.pid" elif [ -s /var/run/dhcpc.${interface}.pid ]; then pidfile="/var/run/dhcpc.${interface}.pid" + elif [ -s /var/run/dhclient.pid ]; then + # If dhclient is already running, record + # it's interfaces. + if [ -x /usr/bin/grep ]; then + eval _active_list=\"`/bin/ps -axwww | \ + /usr/bin/grep dhclient | \ + /usr/bin/grep -v grep | \ + /usr/bin/sed -e 's|^.*dhclient||' | \ + /usr/bin/awk '{for (i=1;i<=NF;i++) \ + { if ($i~/[a-zA-Z].[0-9]$/) \ + { printf(" %s",$i) } }}'` \ + \" + fi + + _aprefix= + for _if in _active_list ; do + _test_if=`ifconfig ${_if} 2>&1` + case "$_test_if" in + "ifconfig: interface $_if does not exist") + ;; + *) + _dhcplist="${_dhcplist}${_aprefix}${_if}" + [ -z "$_aprefix" ] && _aprefix=' ' + ;; + esac + done + + pidfile="/var/run/dhclient.pid" else return fi kill `cat ${pidfile}` rm -f ${pidfile} + sh `/etc/rc.d/dhclient start` } start_dhcp() { @@ -35,7 +64,7 @@ pidfile="/var/run/dhclient.${interface}.pid" dhclient_flags="${dhclient_flags} -pf ${pidfile}" fi - ${dhclient_program} ${dhclient_flags} ${interface} + ${dhclient_program} ${dhclient_flags} $_dhcplist ${interface} else echo "${dhclient_program}: DHCP client software not available" fi From owner-freebsd-audit@FreeBSD.ORG Mon Aug 11 09:23:41 2003 Return-Path: Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1A7EE37B401; Mon, 11 Aug 2003 09:23:41 -0700 (PDT) Received: from harmony.village.org (rover.bsdimp.com [204.144.255.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id F0AA243FA3; Mon, 11 Aug 2003 09:23:39 -0700 (PDT) (envelope-from imp@bsdimp.com) Received: from localhost (warner@rover2.village.org [10.0.0.1]) by harmony.village.org (8.12.9/8.12.3) with ESMTP id h7BGNcFL084600; Mon, 11 Aug 2003 10:23:38 -0600 (MDT) (envelope-from imp@bsdimp.com) Date: Mon, 11 Aug 2003 10:23:36 -0600 (MDT) Message-Id: <20030811.102336.72710224.imp@bsdimp.com> To: mb@imp.ch From: "M. Warner Losh" In-Reply-To: <20030811173926.R2686@cvs.imp.ch> References: <20030811173926.R2686@cvs.imp.ch> X-Mailer: Mew version 2.2 on Emacs 21.3 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: rwatson@freebsd.org cc: imp@imp.com cc: freebsd-audit@freebsd.org Subject: Re: pccard_ether and dhcp handling - please decide ... X-BeenThere: freebsd-audit@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Security Audit List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Aug 2003 16:23:41 -0000 I dislike it, but it isn't any smellier than the rest of the dhclient we have today. I'd rather have dhclient listen to the routing socket to know when interfaces come and go. If the interface isn't in a list of 'don't dhcp me' list, then it should add/remove it form the list of interfaces that it is listening to (I'm talking about having dhclient do this directly, and not via OMAPI or whatever it uses). However, I understand people might not want to deal with our current dhclient. Sometimes I think we need to rewrite a BSD-friendly licensed dhclient... Ah, so many projects, so little time. Warner From owner-freebsd-audit@FreeBSD.ORG Mon Aug 11 12:07:41 2003 Return-Path: Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5F41437B401; Mon, 11 Aug 2003 12:07:41 -0700 (PDT) Received: from mail.imp.ch (mail.imp.ch [157.161.1.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1D1DF43FAF; Mon, 11 Aug 2003 12:07:40 -0700 (PDT) (envelope-from mb@imp.ch) Received: from nbs.imp.ch (nbs.imp.ch [157.161.4.7]) by mail.imp.ch (8.12.6p2/8.12.3) with ESMTP id h7BJ7XYc043557; Mon, 11 Aug 2003 21:07:34 +0200 (CEST) (envelope-from Martin.Blapp@imp.ch) Received: from cvs.imp.ch (cvs.imp.ch [157.161.4.9]) by nbs.imp.ch (8.12.8/8.12.3) with ESMTP id h7BJ7XlH8992078; Mon, 11 Aug 2003 21:07:33 +0200 (MES) Date: Mon, 11 Aug 2003 21:07:33 +0200 (CEST) From: Martin Blapp To: "M. Warner Losh" In-Reply-To: <20030811.102336.72710224.imp@bsdimp.com> Message-ID: <20030811205500.M2686@cvs.imp.ch> References: <20030811173926.R2686@cvs.imp.ch> <20030811.102336.72710224.imp@bsdimp.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: rwatson@freebsd.org cc: imp@imp.com cc: freebsd-audit@freebsd.org Subject: Re: pccard_ether and dhcp handling - please decide ... X-BeenThere: freebsd-audit@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Security Audit List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Aug 2003 19:07:41 -0000 Hi, > Sometimes I think we need to rewrite a BSD-friendly licensed > dhclient... Ah, so many projects, so little time. At ImproWare, we have a our own dhcpd server for our DOCIS cable modem suite, because ISC dhcpd sucked a lot and it was too difficult to add database support to it. So Patg did rewrite it from scratch, with mysql support and unsupported additions which were needed to support cable modems properly. A client would be easy to write based on the server code. Our server is written in C++ and is very efficient and small. It would also rock if one could define the options in a configfile, that means you could say what the dhcp client should do if it gets a option "time-servers", "nis-servers" etc. etc. Like this, our dhcp client would be very open. >interfaces that it is listening to (I'm talking about having dhclient >do this directly, and not via OMAPI or whatever it uses). I think there should still be a way to talk to the server, a easy way would be via RPC, or just direct via local unix domain socket. I like your idea, but it should also be possible to send commands to the server. Martin From owner-freebsd-audit@FreeBSD.ORG Tue Aug 12 13:37:31 2003 Return-Path: Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C2AEE37B401 for ; Tue, 12 Aug 2003 13:37:31 -0700 (PDT) Received: from ns1.xcllnt.net (209-128-86-226.bayarea.net [209.128.86.226]) by mx1.FreeBSD.org (Postfix) with ESMTP id BDE3643F75 for ; Tue, 12 Aug 2003 13:37:30 -0700 (PDT) (envelope-from marcel@xcllnt.net) Received: from athlon.pn.xcllnt.net (athlon.pn.xcllnt.net [192.168.4.3]) by ns1.xcllnt.net (8.12.9/8.12.9) with ESMTP id h7CKbUwO082790 for ; Tue, 12 Aug 2003 13:37:30 -0700 (PDT) (envelope-from marcel@piii.pn.xcllnt.net) Received: from athlon.pn.xcllnt.net (localhost [127.0.0.1]) by athlon.pn.xcllnt.net (8.12.9/8.12.9) with ESMTP id h7CKbQC6000644 for ; Tue, 12 Aug 2003 13:37:26 -0700 (PDT) (envelope-from marcel@athlon.pn.xcllnt.net) Received: (from marcel@localhost) by athlon.pn.xcllnt.net (8.12.9/8.12.9/Submit) id h7CKbM52000643 for audit@FreeBSD.org; Tue, 12 Aug 2003 13:37:22 -0700 (PDT) (envelope-from marcel) Date: Tue, 12 Aug 2003 13:37:22 -0700 From: Marcel Moolenaar To: audit@FreeBSD.org Message-ID: <20030812203722.GA601@athlon.pn.xcllnt.net> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="45Z9DzgjV8m4Oswq" Content-Disposition: inline User-Agent: Mutt/1.5.4i Subject: Change ptrace(2) to allow MD specific requests [PATCH] X-BeenThere: freebsd-audit@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Security Audit List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Aug 2003 20:37:32 -0000 --45Z9DzgjV8m4Oswq Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Gang, There's a need on ia64 to have machine-specific ptrace(2) requests. To allow for this, we need to change the ptrace(2) entry point to allow requests that it does not understand so that they can be passed to a machine specific handler. Please review the attached patch for any vulnerabilies. Some background follows: When machine-specific ptrace(2) requests exist, defines __HAVE_PTRACE_MACHDEP (taken from NetBSD). Based on this we call cpu_ptrace() for any request larger or equal to PT_FIRSTMACH If __HAVE_PTRACE_MACHDEP is not defined, then any request larger or equal to PT_FIRSTMACH is invalid by definition. The implication is that we cannot short-circuit requests we don't know about in MI code. Instead we check privileges and fall through to where we actually handle the request. This changes the behaviour of the interface when an unknown and unprivileged request is made. Previously we would return EINVAL (due to the unknown request). With this patch, we will return EPERM or EBUSY (due to the lack of permissions). The question before you: is this patch acceptable? Thanks, -- Marcel Moolenaar USPA: A-39004 marcel@xcllnt.net --45Z9DzgjV8m4Oswq Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="ptrace.diff" Index: sys_process.c =================================================================== RCS file: /home/ncvs/src/sys/kern/sys_process.c,v retrieving revision 1.113 diff -u -r1.113 sys_process.c --- sys_process.c 10 Aug 2003 23:04:55 -0000 1.113 +++ sys_process.c 11 Aug 2003 21:26:17 -0000 @@ -336,6 +336,7 @@ break; default: addr = uap->addr; + break; } if (error) return (error); @@ -449,21 +450,7 @@ /* OK */ break; - case PT_READ_I: - case PT_READ_D: - case PT_WRITE_I: - case PT_WRITE_D: - case PT_IO: - case PT_CONTINUE: - case PT_KILL: - case PT_STEP: - case PT_DETACH: - case PT_GETREGS: - case PT_SETREGS: - case PT_GETFPREGS: - case PT_SETFPREGS: - case PT_GETDBREGS: - case PT_SETDBREGS: + default: /* not being traced... */ if ((p->p_flag & P_TRACED) == 0) { error = EPERM; @@ -484,10 +471,6 @@ /* OK */ break; - - default: - error = EINVAL; - goto fail; } td2 = FIRST_THREAD_IN_PROC(p); @@ -701,13 +684,21 @@ PROC_UNLOCK(p); return (error); +#ifdef __HAVE_PTRACE_MACHDEP default: - KASSERT(0, ("unreachable code\n")); + if (req >= PT_FIRSTMACH) { + _PHOLD(p); + error = cpu_ptrace(td2, req, addr, data); + _PRELE(p); + PROC_UNLOCK(p); + return (error); + } break; +#endif } - KASSERT(0, ("unreachable code\n")); - return (0); + /* Unknown request. */ + error = EINVAL; fail: PROC_UNLOCK(p); --45Z9DzgjV8m4Oswq--