| Age | Commit message (Collapse) | Author |
|---|
|
|
|
The routing table is not an optional component of the network stack
and initializing it inside the "routing domain" requires some ugly
introspection in the domain interface.
This put the rtable* layer at the same level of the if* level. These
two subsystem are organized around the two global data structure used
in the network stack:
- the global &ifnet list, to be used in process context only, and
- the routing table which can be read in interrupt context.
This change makes the rtable_* layer domain-aware and extends the
"struct domain" such that INET, INET6 and MPLS can specify the length
of the binary key used in lookups. This allows us to keep, or move
towards, AF-free route and rtable layers.
While here stop the madness and pass the size of the maximum key length
in *byte* to rn_inithead0().
ok claudio@, mikeb@
|
|
"exec" to call execve(2), potentially fork(2) beforehands if they
asked for "proc". Calling execve is what "shells" (ksh, tmux, etc)
have as their primary purpose. But meantime, if such a shell has a
nasty bug, we want to mitigate the process from opening a socket or
calling 100+ other system calls. Unfortunately silver bullets are in
short supply, so if our goal is to stay in a POSIX-y environment, we
have to let shells call execve(). POSIX ate the world, so choices do
we all have?
Warning for many: silver bullets are even more rare in other OS
ecosystems, so please accept this as a narrow lowering of the bar in a
very raised environment.
Commited from a machine running tame "proc exec" ksh, make, etc.
|
|
|
|
|
|
Also the combination of "proc tty" needs to permit TIOCSPGRP.
This is the start at minimum semantics required by processes which
work on process groups, sessions, ttys.
|
|
TIOCSBRK, TIOCCDTR, TIOCSETA, TIOCSETAW, and TIOCSETAF on tty
vnodes. This helps programs which call tcsetattr(), tcgetattr(), or
readpassphrase(). Especially the latter - tame's goal is to satisfy
the libc requirements of security-sensitive programs.
Remove TIOCSETAF from the basic "ioctl" request, because it is a "set"
option. "ioctl" is slowly turning into a "request information, cannot
set options" package.
Split the "cmsg" request into "sendfd" and "recvfd". Non-SCM_RIGHTS
messages are currently flowing through freely and we'll need to think
about that. This split lets us more strictly describe what our many
fd-passing programs will do.
|
|
mbuf blob with all the cmsgs inside while on send cmsgs in an mbuf chain,
one mbuf per message. Adjust the calls accordingly.
Putting it in so deraadt@ can move forward.
|
|
|
|
CMSG_SIZE(len) bytes of the mbuf.
|
|
|
|
|
|
for the stdio/libevent usage case. Further ioctl commands are narrowly
checked as before.
ok djm guenther semarie
|
|
it is RPATH|WPATH... nothing changes, just the new explanation.
|
|
find the ps buffer. Few programs want to do their first setproctitle()
rather late...
|
|
|
|
"every tool helps" deraadt@
|
|
what to free.
ok beck
|
|
can I figure out why I added this in the past...
|
|
|
|
|
|
as Theo is seeing vnode-related panics on several architectures in the
codepath that implements mmap(2).
|
|
|
|
dropping through to to the kill path. The best way to understand this
is id(1). It calls getpwuid, which tries /etc/spwd.db before
/etc/pwd.db ...
|
|
ok tedu@ deraadt@
|
|
|
|
|
|
under tame
|
|
ok deraadt@, semarie@
|
|
ok semarie@
|
|
- by default, a tamed-program don't have the possibility to use PROT_EXEC for
mmap(2) or mprotect(2)
- for that, use the request "prot_exec" (that could be dropped later)
initial idea from deraadt@ and kettenis@
"make complete sense" beck@
ok deraadt@
|
|
will take some time to fix it. Problem appears to be that the control mbuf
is not normalized into flat memory.
|
|
leak system path information. Should be reconsidered in the future.
|
|
ok millert@
|
|
|
|
ok guenther tedu
|
|
|
|
spit out a ddb trace to console. This should allow us to find suspend
or resume routines which break the rules. It depends on the console
output function being non-sleeping.... but that's another codepath which
should try to be safe when cold is set.
ok kettenis
|
|
|
|
and add a regress test for that.
ok deraadt@
|
|
|
|
|
|
field from the GPT header being checksum'd. First make sure the
size is in a valid range. In particular ensure it won't cause crc32()
to run off the end of the GPT header being checksum'd. Also check
GPT signature and version first. These checks were inadvertantly
moved after the checksumming.
This should fix the system crash reported by Ze Loff on bugs@.
|
|
also fix the confusing comment. ok guethner.
|
|
available to other areas of the kernel suffering from an overburden
of buf tweaking to read a disk sector.
ok mpi@
|
|
gpt_chk_hdr() and gpt_chk_parts().
Spotted when investigating zeloff's GPT bug report.
|
|
suspend on machines with em(4) now that it uses intr_barrier(9).
ok krw@
|
|
"dns" and "cmsg" in the `tamereq' array.
Restore the previous behaviour.
ok guenther@
|
|
ok krw
|
|
|
