summaryrefslogtreecommitdiff
path: root/libexec
AgeCommit message (Collapse)Author
2011-07-23Properly align the stack early on in the ld.so startup code such that code runMark Kettenis
from .init that uses SSE doesn't randomly trigger SIGBUS. ok drahn@, miod@
2011-07-20During mailbox and special file checks, skip all files that can'tIngo Schwarze
be stat(2)'ed, but do not complain about those that were just removed, because removing files is not a security risk in itself. Sorry, i can't remember the original reporter of the issue; reported again by mk@; patch looks good to Andrew Fresh.
2011-07-20In lists of setuid/setgid files and devices, do not pad the last columnIngo Schwarze
with trailing spaces; ugliness spotted by daniel dot c dot sinclair at gmail dot com, fix from Andrew Fresh.
2011-07-14__opendir2, DTF_NODUP, and __DTF_READALL can die. struct direntTheo de Raadt
dd_flags is renamed to the placeholder position dd_unused so that we can spot "broken software" which assumes we have Jan Simon Pendry's union mounts (we don't have them, and won't have them ever again). __opendir2 question spotted by matthew verified to not break ports by sthen
2011-07-13Delete items on grpreflist when walking them to decrement the count,Dale Rahn
otherwise double decrement can occur. ok kurt@ timeout on other reviewers.
2011-07-04Add ld.so ia64 support.Paul Irofti
2011-07-02add file equivalence. Choose the most recent timestamp between man andMarc Espie
catman pages. okay millert@
2011-06-27Backout the dynamic linker speed improvement diff for now, it stillStuart Henderson
has some issues. Discussed with various, ok drahn@
2011-06-24Handle \*(Na in .Nd, needed by nan(3).Ingo Schwarze
Prodded by deraadt@, "Yep" espie@.
2011-06-22fix whitespaceStuart Henderson
2011-06-22Fix another pre-{rdr,nat}-to rule example...Stuart Henderson
2011-06-20Restore changelist(5) wildcard support that we inadvertently killedIngo Schwarze
by the recent security(8) rewrite. While here: 1) Skip relative paths in changelist(5), and complain about them. 2) Skip file names ending in a tilde ('~') unless the tilde is explicitly specified in the changelist(5). That is, trailing wildcards will not match trailing tildes, as suggested by matthew@. Bug reported by both mk@ and matthew@. OK Andrew Fresh, also tested by and "move forward" mk@
2011-05-26No need to call _dl_newsymsearch() twice; ok drahn@Otto Moerbeek
2011-05-25Fix two bugs where race conditions might cause stat(2) to fail,Ingo Schwarze
such that security(8) would output garbage on stderr. One reported by <RD at thrush dot com>, the other found by code audit. While here, remove dead code in two other places: stat(_) uses cashed data and cannot fail, not even if the file is removed in between. ok Andrew Fresh
2011-05-22Dynamic linker speed improvement diff. tested by several sinc k2k11.Dale Rahn
get it in tree now deraadt@, ok by several ports folks. Thanks for the testing.
2011-05-10Do not complain about an /etc/group line "+\n" as "wrong number of fields",Ingo Schwarze
that abbreviated syntax is explicitly allowed by group(5). While here, warn if it isn't the last line in the group file. Regression reported, fix tested and ok miod@, and seems good to ajacoutot@. Note: I'm not removing the advice to put "+\n" at the end of the group file right now because i'm not 100% sure that advice is pointless, even though guenther@ looked at the code an came to the conclusion OpenBSD libc ought to cope. And i'd rather have the manuals and the syntax checker be consistent. In case this really annoys people, it can be carefully tested and changed later.
2011-05-10Fix previous. On i386, library.c isn't compiledOtto Moerbeek
2011-05-09Outsmart gcc4 on mips* by moving the declaration of _dl_debug_stateOtto Moerbeek
outside the file the call is in. Since the function is empty, gcc optmizes the call away, breaking the gdb hook needed to resolve symbols in lazy bound shared libs. Analysis by kettenis@; ok miod@ kettenis@
2011-05-05Switch tftp-proxy over to using divert-to. Based on a diff from oga@Stuart Henderson
with lots of help from claudio@. Earlier version was ok mikeb@ and looks good to markus@. Note: tftp-proxy rdr-to rules must be changed to use divert-to and must specify the address family. pass in quick on internal proto udp to port tftp rdr-to 127.0.0.1 port 6969 -changes to- pass in quick on internal inet proto udp to port tftp divert-to 127.0.0.1 port 6969
2011-04-29-x is currently unimplemented, so comment it out from the man page, and removeJason McIntyre
it from usage(); if any developer wants to confirm that it will never be an option, let me know and i'll zap the text entirely; this is one half of a diff from Amit Kulkarni - i won;t be touching the other half;
2011-04-23When a device or setuid file is owned by a nonexistent user or group,Ingo Schwarze
undefined data got used. Fix this by reporting the UID/GID numerically in that case. Problem reported and patch provided by rd at thrush dot com. While here, use // rather than || everywhere to detect get*id failure, as suggested by RD Thrush. The edge case where it matters - a username of "0" - is rather insane, but the // is more precise anyway.
2011-04-23Very nice bugfix from Andrew Fresh, who writes:Ingo Schwarze
>> "return if !%changed;" in check_filelist would never return because just above "for @{$changed{xxx}}" autovivifys $changed{xxx} = [] if it is not set already. << I hate autovivification, and it hates me.
2011-04-17Switch from the old shell script /etc/securityIngo Schwarze
to the new Perl script /usr/libexec/security. The new script was tested by sthen@ and ajacoutot@. Committing now due to repeated prodding from deraadt@. In case problems show up, they will be fixed in tree.
2011-04-17remove a bogus blank line; from Andrew FreshIngo Schwarze
2011-04-17Keep the exact format of the message:Ingo Schwarze
user %s mailbox is %s, group %s This is easy because we now have the strmode() function. From Andrew Fresh, minimally tweaked myself.
2011-04-10Reviewing my version of the code, Andrew Fresh found an elegant way toIngo Schwarze
keep the format of the "Block device changes:" output exactly the same as it was in the past. As a bonus, this also avoids lies in variable names, making it more obvious what is actually being compared here.
2011-04-09implement one last check that Andrew overlookedIngo Schwarze
2011-04-09implementation of the remaining checks;Ingo Schwarze
heavily based on code written by Andrew Fresh, but with considerable tweaking, mainly for simplicity; lightly tested - there are probably still bugs, but auditing and fixing it in the tree will be easier than with floating diffs
2011-04-08Do not use NULL in integer comparison.Theo de Raadt
2011-04-06Avoid using NULL in non-pointer contexts: use 0 for integer values and '\0'Miod Vallat
for chars.
2011-03-30style cleanup:Ingo Schwarze
* include the colon into $check_title, where needed * always use the same style for stat calls * and a few minor points
2011-03-26umask and path checks;Ingo Schwarze
heavily based on code written by Andrew Fresh; tweaked in team-work
2011-03-25home directory checks;Ingo Schwarze
large parts from a submission by Andrew Fresh <andrew at afresh1 dot com>
2011-03-24fix "german" typo; from <markus dot lude at gmx dot de>Ingo Schwarze
2011-03-23Work in progress to replace /etc/security, not yet linked to the build.Ingo Schwarze
Main design goals: 1. Safely handle untrusted file names and file content. 2. Output compatibility with current security(8) to please people parsing the output with scripts (except when improving functionality right away saves considerable implementation effort). Substantial functional enhancements are for later. Prodding to do this in Perl by deraadt@. Using some feedback from espie@. Agree to put this in now and at this place even though only about one third of the functionality is ready, to complete it in the tree: beck@ espie@ millert@ deraadt@
2011-03-19fix rdr-to example (requires direction); from James TurnerOkan Demirmen
ok jmc@
2011-03-18actually set and use whiteexp in the new -W option.Okan Demirmen
my goof noticed by Boudewijn Dijkstra. ok beck@
2011-03-12excessive / at the end of a .PATH; ok guenther drahnTheo de Raadt
2011-03-04add -W flag (whiteexp), as opposed to pulling in a hardcoded defaultOkan Demirmen
value from spamd/grey.c; mostly from ohauer@gmx.de in PR/6142. ok beck@
2011-03-03repair arguments passed to pfctl; PR 6142, ok beckTheo de Raadt
2011-03-02zap trailing whitespace;Jason McIntyre
2011-02-22shut up unless -v, and a few minor enhancements.Marc Espie
okay miod@
2011-02-09Set SO_KEEPALIVE on sockets. OK miod@. Also tested by landry@Todd C. Miller
"Makes sense" markus@ and "i don't see a reason not to" henning@
2011-01-26placeholder for future changes, as discussed with miod@Marc Espie
2011-01-10Back out rev 1.2 and use mkstemp(), not mktemp(). OK deraadt@Todd C. Miller
2010-12-13rename() is the atomic operation, unlink() is just there to createMarc Espie
races between ldconfig and ld.so (simple commit, hours of bug hunt...) okay kettenis@, deraad@, miod@
2010-12-12Allocate a full C compiler-style stack frame that includes space for 6Mark Kettenis
extended word argument slots required by the ABI. Apparently gcc4 uses them in cases where gcc3 didn't. Fixes segmentation faults with gcc4 because the space for the slots was colliding with the space for dl_data that we allocated on the stack. ok miod@, drahn@
2010-12-07Make the preload error distinct from the normal error.Dale Rahn
ok espie@
2010-11-16Fix error message when ld.so ends up loading a different than expectedDale Rahn
library, but other library needs the one loaded. mostly ok kurt@
2010-11-11Remove commented out references to old kerberosIV libraries we do notMiod Vallat
ship since ages. ok deraadt@ millert@