Age | Commit message (Collapse) | Author |
|
from .init that uses SSE doesn't randomly trigger SIGBUS.
ok drahn@, miod@
|
|
be stat(2)'ed, but do not complain about those that were just removed,
because removing files is not a security risk in itself.
Sorry, i can't remember the original reporter of the issue;
reported again by mk@; patch looks good to Andrew Fresh.
|
|
with trailing spaces; ugliness spotted by daniel dot c dot sinclair at
gmail dot com, fix from Andrew Fresh.
|
|
dd_flags is renamed to the placeholder position dd_unused so that
we can spot "broken software" which assumes we have Jan Simon Pendry's
union mounts (we don't have them, and won't have them ever again).
__opendir2 question spotted by matthew
verified to not break ports by sthen
|
|
otherwise double decrement can occur. ok kurt@ timeout on other reviewers.
|
|
|
|
catman pages.
okay millert@
|
|
has some issues. Discussed with various, ok drahn@
|
|
Prodded by deraadt@, "Yep" espie@.
|
|
|
|
|
|
by the recent security(8) rewrite.
While here:
1) Skip relative paths in changelist(5), and complain about them.
2) Skip file names ending in a tilde ('~') unless the tilde is
explicitly specified in the changelist(5). That is, trailing
wildcards will not match trailing tildes, as suggested by matthew@.
Bug reported by both mk@ and matthew@.
OK Andrew Fresh, also tested by and "move forward" mk@
|
|
|
|
such that security(8) would output garbage on stderr.
One reported by <RD at thrush dot com>, the other found by code audit.
While here, remove dead code in two other places: stat(_) uses cashed
data and cannot fail, not even if the file is removed in between.
ok Andrew Fresh
|
|
get it in tree now deraadt@, ok by several ports folks. Thanks for the testing.
|
|
that abbreviated syntax is explicitly allowed by group(5). While here,
warn if it isn't the last line in the group file.
Regression reported, fix tested and ok miod@, and seems good to ajacoutot@.
Note: I'm not removing the advice to put "+\n" at the end of the group file
right now because i'm not 100% sure that advice is pointless, even though
guenther@ looked at the code an came to the conclusion OpenBSD libc ought
to cope. And i'd rather have the manuals and the syntax checker be
consistent. In case this really annoys people, it can be carefully tested
and changed later.
|
|
|
|
outside the file the call is in. Since the function is empty, gcc
optmizes the call away, breaking the gdb hook needed to resolve symbols in
lazy bound shared libs. Analysis by kettenis@; ok miod@ kettenis@
|
|
with lots of help from claudio@. Earlier version was ok mikeb@ and looks
good to markus@.
Note: tftp-proxy rdr-to rules must be changed to use divert-to and must
specify the address family.
pass in quick on internal proto udp to port tftp rdr-to 127.0.0.1 port 6969
-changes to-
pass in quick on internal inet proto udp to port tftp divert-to 127.0.0.1 port 6969
|
|
it from usage(); if any developer wants to confirm that it will never
be an option, let me know and i'll zap the text entirely;
this is one half of a diff from Amit Kulkarni - i won;t be touching the other
half;
|
|
undefined data got used.
Fix this by reporting the UID/GID numerically in that case.
Problem reported and patch provided by rd at thrush dot com.
While here, use // rather than || everywhere to detect get*id failure,
as suggested by RD Thrush. The edge case where it matters - a username
of "0" - is rather insane, but the // is more precise anyway.
|
|
>> "return if !%changed;" in check_filelist would never return
because just above "for @{$changed{xxx}}" autovivifys $changed{xxx} = []
if it is not set already. <<
I hate autovivification, and it hates me.
|
|
to the new Perl script /usr/libexec/security.
The new script was tested by sthen@ and ajacoutot@.
Committing now due to repeated prodding from deraadt@.
In case problems show up, they will be fixed in tree.
|
|
|
|
user %s mailbox is %s, group %s
This is easy because we now have the strmode() function.
From Andrew Fresh, minimally tweaked myself.
|
|
keep the format of the "Block device changes:" output exactly the same
as it was in the past. As a bonus, this also avoids lies in variable
names, making it more obvious what is actually being compared here.
|
|
|
|
heavily based on code written by Andrew Fresh,
but with considerable tweaking, mainly for simplicity;
lightly tested - there are probably still bugs, but auditing and
fixing it in the tree will be easier than with floating diffs
|
|
|
|
for chars.
|
|
* include the colon into $check_title, where needed
* always use the same style for stat calls
* and a few minor points
|
|
heavily based on code written by Andrew Fresh;
tweaked in team-work
|
|
large parts from a submission by Andrew Fresh <andrew at afresh1 dot com>
|
|
|
|
Main design goals:
1. Safely handle untrusted file names and file content.
2. Output compatibility with current security(8) to please people
parsing the output with scripts (except when improving functionality
right away saves considerable implementation effort). Substantial
functional enhancements are for later.
Prodding to do this in Perl by deraadt@.
Using some feedback from espie@.
Agree to put this in now and at this place even though only about
one third of the functionality is ready, to complete it in the tree:
beck@ espie@ millert@ deraadt@
|
|
ok jmc@
|
|
my goof noticed by Boudewijn Dijkstra.
ok beck@
|
|
|
|
value from spamd/grey.c; mostly from ohauer@gmx.de in PR/6142.
ok beck@
|
|
|
|
|
|
okay miod@
|
|
"Makes sense" markus@ and "i don't see a reason not to" henning@
|
|
|
|
|
|
races between ldconfig and ld.so
(simple commit, hours of bug hunt...)
okay kettenis@, deraad@, miod@
|
|
extended word argument slots required by the ABI.
Apparently gcc4 uses them in cases where gcc3 didn't. Fixes segmentation
faults with gcc4 because the space for the slots was colliding with
the space for dl_data that we allocated on the stack.
ok miod@, drahn@
|
|
ok espie@
|
|
library, but other library needs the one loaded. mostly ok kurt@
|
|
ship since ages. ok deraadt@ millert@
|