From owner-freebsd-bugs Wed Jun 26 13:55:39 1996 Return-Path: owner-bugs Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id NAA11093 for bugs-outgoing; Wed, 26 Jun 1996 13:55:39 -0700 (PDT) Received: from complete.org (node1.moundridge.midusa.net [206.28.185.177]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id NAA11075 for ; Wed, 26 Jun 1996 13:55:27 -0700 (PDT) Received: (from jgoerzen@localhost) by complete.org (8.7.5/8.7.3) id PAA00262 for freebsd-bugs@freebsd.org; Wed, 26 Jun 1996 15:54:59 -0500 (CDT) From: John Goerzen Message-Id: <199606262054.PAA00262@complete.org> Subject: A bug report To: freebsd-bugs@freebsd.org Date: Wed, 26 Jun 1996 15:54:58 -0500 (CDT) X-Mailer: ELM [version 2.4ME+ PL19 (25)] MIME-Version: 1.0 Content-Type: multipart/mixed; boundary=ELM835822497-203-0_ Content-Transfer-Encoding: 7bit Sender: owner-bugs@freebsd.org X-Loop: FreeBSD.org Precedence: bulk --ELM835822497-203-0_ Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Last bug report, I had inadvertantly installed a 2.2 SNAP. (The bug report was accurate -- I just installed a different version than I thought I did!) I was running 9605?? SNAP and now put on 2.1-960606 SNAP. (Why is there no info on the Web for this one, BTW?) Primary bug: on-demand PPP is broken again. Worked in the 9605 SNAP. Workaround: Just boot from the 9605 kernel, and it works fine. The reason I'm using SNAPs in the first place is that dial on-demand is broken in 2.1. Other bugs noticed along the way: - Bug in upgrade thingy -- fails to restore the /etc directory. Somehow loses the value I entered when it backed it up. (Perhaps incorrect usage of a pointer in C?) - Compilation with option LINUX in the Kernel config will fail. - doc and compat21 distributions failed to install. (Was installing via PPP from primary FTP site) In my earlier conversation with Theo, the OpenBSD developer, while he was discussing differences between OpenBSD and FreeBSD, he said he had a list of bugs in FreeBSD. I finally believe I got him to give me part of it. (I doubt that he had a list in the first place, personally). Here's the message I received. If it provides new info; great. Otherwise, just ignore it, OK? Some of it is kinda beyond me -- CVS, SUP, etc. So I'll just pass it along verbatim with the knowledge that someone out there can make sense of it :-) Oh, one last thing: I just want to say that in spite of these bugs, even this prerelease FreeBSD code is more stable than other *release*-level OSs I've run in the past -- OS/2, Dos, Win, etc. Keep up the good work! Regards, John Goerzen -- John Goerzen | Turn your PC into a Workstation for FREE! Custom programming | Check out www.freebsd.org NOW! For free FreeBSD jgoerzen@complete.org | Unix shell access, 316-367-8490 with your modem. --ELM835822497-203-0_ Content-Type: text/plain; charset=ISO-8859-1 Content-Disposition: attachment; filename=TheoMsg Content-Description: Theo De Raadt's message Content-Transfer-Encoding: 7bit >From deraadt@theos.com Wed Jun 26 02:33:15 1996 Received: (from uucp@localhost) by complete.org (8.7.5/8.7.2) with UUCP id CAA00331 for jgoerzen@complete.org; Wed, 26 Jun 1996 02:33:14 -0500 (CDT) Received: from theos.com (zeus.theos.com [199.185.137.1]) by onyx.southwind.net (8.7.4/8.7.3) with SMTP id CAA24091 for ; Wed, 26 Jun 1996 02:06:30 -0500 (CDT) Received: from LOCALHOST.theos.com by theos.com (4.1/tdr1.0) id AA28025; Wed, 26 Jun 96 01:08:12 MDT Message-Id: <9606260708.AA28025@theos.com> To: John Goerzen Subject: Re: NetBSD DOSEMU -- questions from a prospective NetBSD user In-Reply-To: Your message of "Mon, 24 Jun 1996 12:50:01 CDT." <199606241750.MAA03208@complete.org> Date: Wed, 26 Jun 1996 01:08:11 -0600 From: Theo de Raadt Status: RO > You said you could give me a list of bugs in FreeBSD that you had found. I > asked for it, so that I could give it to FreeBSD core team. You came up > with some silly excuse. here are some security ones. mktemp()/fopen() races. i fixed 18 of these just today. *.2049 & SO_REUSEADDR & bind() rlogin buffer overflow telnetd buffer overflow kerberos buffer overflows i don't want to list any more; i need sleep. in fact, i didn't want to list any security holes. but, ah, what the heck. i don't mind as much that freebsd gets them, to be honest. there's two issues: 1) old vendor operating systems, 2) those jerks. non-security bugs? well lots. that's why openbsd has the cvs tree publically available. so that anyone who wants to can "log" it and see the changes in each revision, as well as why it was made. some areas are better than others. i see for instance that freebsd and netbsd/opesbsd share /bin/sh fixes pretty quickly. but other things lag, or are never made. like today i found a freebsd fix to mountd for a bug i had seen and fought with over a year ago. freebsd has this too; they make it available for sup and i can do cvs revision checking on my machine here at home. this is awesome stuff either way -- sup or anoncvs -- either way it totally rocks to see why a change was made, and exactly what lines were changed to make the change. it's way way cool. anyways, if you grab the openbsd tree you can see all the netbsd fixes + all the openbsd fixes; any freebsd developer could do that today. for instance; RCS file: /cvs/src/sys/kern/uipc_usrreq.c,v Working file: uipc_usrreq.c head: 1.3 branch: locks: strict access list: symbolic names: netbsd_1_1: 1.1.1.1 netbsd_1_1: 1.1.1 keyword substitution: kv total revisions: 4; selected revisions: 4 description: ---------------------------- revision 1.3 date: 1996/06/25 21:26:11; author: deraadt; state: Exp; lines: +2 -2 consider umask for AF_UNIX bind() ---------------------------- revision 1.2 date: 1996/03/03 17:20:22; author: niklas; state: Exp; lines: +8 -6 >From NetBSD: 960217 merge ---------------------------- revision 1.1 date: 1995/10/18 08:52:47; author: deraadt; state: Exp; branches: 1.1.1; Initial revision ---------------------------- revision 1.1.1.1 date: 1995/10/18 08:52:47; author: deraadt; state: Exp; lines: +0 -0 initial import of NetBSD tree ============================================================================= revision 1.3 was done by me today; let's see what it has: Index: uipc_usrreq.c =================================================================== RCS file: /cvs/src/sys/kern/uipc_usrreq.c,v retrieving revision 1.2 retrieving revision 1.3 diff -b -c -r1.2 -r1.3 *** uipc_usrreq.c 1996/03/03 17:20:22 1.2 --- uipc_usrreq.c 1996/06/25 21:26:11 1.3 *************** *** 418,424 **** } VATTR_NULL(&vattr); vattr.va_type = VSOCK; ! vattr.va_mode = ACCESSPERMS; VOP_LEASE(nd.ni_dvp, p, p->p_ucred, LEASE_WRITE); error = VOP_CREATE(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr); if (error) --- 418,424 ---- } VATTR_NULL(&vattr); vattr.va_type = VSOCK; ! vattr.va_mode = ACCESSPERMS &~ p->p_fd->fd_cmask; VOP_LEASE(nd.ni_dvp, p, p->p_ucred, LEASE_WRITE); error = VOP_CREATE(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, &vattr); if (error) there ya go; that's a security fix right there, too. anyways, any person can do this, not just I. it only requires special access to actually make changes, not to look at them. [ irrelevant stuff deleted here -- JG ] --ELM835822497-203-0_--