summaryrefslogtreecommitdiff
path: root/libexec
AgeCommit message (Collapse)Author
2012-07-21Add a new mmap(2) flag __MAP_NOREMAP for use with MAP_FIXED toMatthew Dempsky
indicate that the kernel should fail with MAP_FAILED if the specified address is not currently available instead of unmapping it. Change ld.so on i386 to make use of __MAP_NOREMAP to improve reliability. __MAP_NOREMAP diff by guenther based on an earlier diff by Ariane; ld.so bits by guenther and me bulk build stress testing of earlier diffs by sthen ok deraadt; committing now for further testing
2012-07-08To detect changes of system files, use SHA-256 rather than MD5,Ingo Schwarze
taking advantage of naddy@'s recent mtree(8) modernization. While here, do not provide an example protecting a home directory from file changes; protect some system binaries instead. ok naddy@ jmc@
2012-07-08remove unused functions, ok phesslerStuart Henderson
2012-07-07rename prio in struct pf_rule and related structs to set_prio so it isHenning Brauer
utterly clear this is not a filter criteria but a packet modification thing. also preparation for upcoming changes, including one to unscrew this mess (I should not have to touch half the tree for this - ifixitlater) not user visible, ok gcc
2012-07-06Fix LD_DEBUG=1 regression introduced by previous commit.Matthew Dempsky
ok kurt
2012-06-20With MP rthread setups, we cannot remove the X permission from the GOTTheo de Raadt
entry momentarily, because another thread might attempt lazy resolve. ok matthew guenther
2012-06-19use warn() instead of perror(), like the rest of the code doesTheo de Raadt
from Liam J. Foy
2012-06-14Add support for DF_1_NOOPEN. Based on an origional diff from matthew@.Mark Kettenis
ok matthew@
2012-06-12Fix loaded object sod matching: when we load libfoo.so.X.Y intoMatthew Dempsky
memory, we should be able to match other requests for libfoo.so.X.Z against that same object. ok kurt, kettenis
2012-06-01add a krb5-noverify option for login.conf that disables verificationDavid Gwynne
of the server against a local host keytab file when you're authing users with login_krb5. useful for when you need to auth users but dealing with the domain admins is painful... ok sthen@ jj@ millert@
2012-05-17Also check permissions of .ssh/id_ecdsa.Pascal Stumpf
ok schwarze@
2012-05-08Refuse to load ELF objects that contain a PT_TLS program header.Joel Sing
Otherwise the binary assumes that the requested TLS storage has been allocated and will happily use it, resulting in unwanted memory corruption. ok guenther@
2012-04-19rate-limit accept(); small tweaks and such along the way from gilles,Theo de Raadt
millert, camield..
2012-04-18merge some whitespace changes before bigger changesTheo de Raadt
2012-04-13Don't assume that the new conffd is a unset in the fd_set, it could be aTheo de Raadt
recyle of a fd which is still set. ok claudio
2012-04-04Return an error much earlier if recvmsg failsTheo de Raadt
2012-03-21Switch ld.so's _dl_opendir functions to use a locally definedMatthew Dempsky
_dl_dirdesc struct (containing just the fields ld.so's implementation actually needs) instead of reusing libc's _dirdesc struct. Also, switch ldconfig to use futimens() instead of futimes(). ok deraadt@
2012-03-06Fill in default values for rtableid/onrdomain/prio when creating PF rules,Stuart Henderson
prompted by a mail from Gabriel Linder. OK henning@
2012-03-06clean up some newly created lies now that tftpd doesnt run out of inetd.David Gwynne
poke by deraadt@
2012-03-05swap out libexec/tftpd for usr.sbin/tftpdDavid Gwynne
ok henning@ sthen@ mikeb@ deraadt@ wants this
2012-03-04In preparation for getline and getdelim additions to libc, rename getline()Federico G. Schwindt
occurrences to get_line(). Based on a diff from Jan Klemkow <j-dot-klemkow-at-wemelug-dot-de> to tech.
2012-02-26Fix several manpage titles, from Lawrence Teo.Christiano F. Haesbaert
ok dcoppa@ jmc@ schwarze@.
2012-02-24login_yubikey(8) reads user's last-use counter from user.ctr, not user.cntIgor Sobrado
2012-02-01flags without arguments come first; use a standard wording on theIgor Sobrado
body of the manual page; add missing argument to -s; while here, remove a trailing whitespace found by jmc@ ok jmc@
2012-02-01improve synopsis markup of login_* utilities; use a more standardIgor Sobrado
phrasing when listing flags; add missing arguments to flags in the DESCRIPTION section of the manual page. use of .Li (literal text) macros and standard wording suggested by jmc@ ok jmc@
2012-02-01document login_yubikey optionsDavid Hill
ok jmc@
2012-01-31remove superfluous RCS identifiers; while here, indent identifierIgor Sobrado
on Makefile to match style used by other login_* utilities. ok dhill@
2012-01-31use the right capitalization for YubiKey.Igor Sobrado
ok dhill@, jmc@
2012-01-27fix pkg_delete for people who had mandocdb enabled:Marc Espie
if we don't find a whatis.db when deleting (which could happen if mandocdb was enabled while pkg_add was running), first create it, then update it. okay nigel@, schwarze@
2012-01-26hook login_yubikey to the buildDavid Hill
ok deraadt
2012-01-22Bring in corrections and improvements that were committed to the newIngo Schwarze
suite of tools now being disabled, as far as they apply to the current tools as well.
2012-01-20Do not log the password at LOG_INFO, but at LOG_DEBUG instead.David Hill
Change the successes from LOG_INFO to LOG_DEBUG as well.
2012-01-18tweak previous;Jason McIntyre
2012-01-18Welcome dhartmei@'s login_yubikey. To be worked on in-tree.David Hill
ok millert@ support from mcbride@ and others
2012-01-16Backout activation of the new apropos(1)/whatis(1)/makewhatis(8).Ingo Schwarze
In its current state, it causes too much slowdown, in particular during system builds, and there are other regressions. That cannot be fixed quickly while it's enabled. Problems pointed out by espie@, backout requested by deraadt@, diff "looks good" to espie@.
2012-01-09Don't mmap 0 byte areas, treat them as a noop instead.Ariane van der Steldt
ok miod@
2012-01-08Since PIE executables on mips64 don't have DT_MIPS_RLD_MAP, fall back onMark Kettenis
using DT_DEBUG if DT_MIPS_RLD_MAP isn't there. This requires us to make .dynamic temporarily writable. Fixes debugging of PIE execuables with gdb(1). ok miod@
2012-01-05Enable the new apropos(1), whatis(1), and makewhatis(8).Ingo Schwarze
Unlink the old apropos(1), whatis(1), and makewhatis(8) from the build. Call the new tools from pkg_create(1) and pkg_add(1). "Please enable it now." deraadt@
2011-12-15s,/var/run/wtmp,/var/log/wtmp and add it to FILES.Antoine Jacoutot
from Steffen Daode Nurpmeso with a tweak from jmc@ ok jmc@
2011-12-14Add a new '-W' option to prevent saving login records to /var/run/wtmp.Antoine Jacoutot
This can become pretty handy on busy anonymous servers to avoid filling up /var with unused wtmp records. Note that 'U' and 'W' are mutually exclusive. ok sthen@ millert@
2011-12-03Remove an OpenBSD-specific tweak regarding .Xr spacingIngo Schwarze
and make it compatible with bsd.lv mandoc and with groff-1.21. This tweak was originally added for compatibility with groff-1.15, which is no longer needed. ok jmc@ kristaps@
2011-11-28Add support for getting some flags from DT_FLAGS_1: new flagsPhilip Guenthe
DF_1_NODELETE and DF_1_INITFIRST, as well as DF_1_NOW and DF_1_GLOBAL. Committing for kurt@ who worked out the final version; ok guenther@ drahn@
2011-11-19Build ld.so on alpha with -mbuild-constants, so large integerChristian Weisgerber
constants are constructed with several instructions rather than loaded from the data segment, avoiding relocations. This fixes ld.so with gcc4. From miod@, ok jsg@
2011-09-28tweak previous;Jason McIntyre
2011-09-28tweak tftp-proxy to:David Gwynne
1. use a BINDANY socket to connect from the proxy to the server using the clients address. 2. fork a child to do the work so inetd doesnt keep trying to send more packets to the proxy, as per doco in the inetd manpage for dgram wait sockets. because of 1 you now have to add a pass out divert-reply for the proxy to server packet to your pf ruleset. this allows a series of rapid tftp connections from the same host to a server in my environment. without this diff there's several minutes of waiting in between requests because of issues with the rules from previous requests stealing packets but not forwarding them combined with inetd giving too many packets to tftp-proxy that only expects to handle one. this is going in so i can hack on PFRULE_ONCE support. ok mikeb@ sthen@
2011-09-19Obsoleted after the makewhatis(8) re-write in 2000.Okan Demirmen
ok espie schwarze deraadt.
2011-09-03knock out some useless Pp;Jason McIntyre
2011-09-03make -column lists pretty again;Jason McIntyre
specifically, rewrite them to permit some markup in the column headers, and use "Ta" instead of literal tabs; mandoc does not currently match groff 100%, but a mandoc fix may be some time off, and we've gone enough releases with poorly formatting column lists. in some cases i have rewritten the lists as -tag, where -column made little sense.
2011-07-23Properly align the stack early on in the ld.so startup code such that code runMark Kettenis
from .init that uses SSE doesn't randomly trigger SIGBUS. ok drahn@, miod@
2011-07-20During mailbox and special file checks, skip all files that can'tIngo Schwarze
be stat(2)'ed, but do not complain about those that were just removed, because removing files is not a security risk in itself. Sorry, i can't remember the original reporter of the issue; reported again by mk@; patch looks good to Andrew Fresh.