From owner-svn-src-stable-7@FreeBSD.ORG Mon Feb 4 00:34:36 2013 Return-Path: Delivered-To: svn-src-stable-7@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 5E880565; Mon, 4 Feb 2013 00:34:36 +0000 (UTC) (envelope-from eadler@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id 387F7159; Mon, 4 Feb 2013 00:34:36 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.5/8.14.5) with ESMTP id r140YaoC006612; Mon, 4 Feb 2013 00:34:36 GMT (envelope-from eadler@svn.freebsd.org) Received: (from eadler@localhost) by svn.freebsd.org (8.14.5/8.14.5/Submit) id r140YZbe006610; Mon, 4 Feb 2013 00:34:35 GMT (envelope-from eadler@svn.freebsd.org) Message-Id: <201302040034.r140YZbe006610@svn.freebsd.org> From: Eitan Adler Date: Mon, 4 Feb 2013 00:34:35 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-7@freebsd.org Subject: svn commit: r246311 - stable/7/sbin/devd X-SVN-Group: stable-7 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-7@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for only the 7-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Feb 2013 00:34:36 -0000 Author: eadler Date: Mon Feb 4 00:34:35 2013 New Revision: 246311 URL: http://svnweb.freebsd.org/changeset/base/246311 Log: MFC r243930: Constify where possible Approved by: cperciva (mentor, implicit) Modified: stable/7/sbin/devd/devd.cc stable/7/sbin/devd/devd.hh Directory Properties: stable/7/sbin/devd/ (props changed) Modified: stable/7/sbin/devd/devd.cc ============================================================================== --- stable/7/sbin/devd/devd.cc Mon Feb 4 00:34:34 2013 (r246310) +++ stable/7/sbin/devd/devd.cc Mon Feb 4 00:34:35 2013 (r246311) @@ -120,7 +120,7 @@ event_proc::add(eps *eps) } bool -event_proc::matches(config &c) +event_proc::matches(config &c) const { vector::const_iterator i; @@ -131,7 +131,7 @@ event_proc::matches(config &c) } bool -event_proc::run(config &c) +event_proc::run(config &c) const { vector::const_iterator i; @@ -342,7 +342,7 @@ config::parse_files_in_dir(const char *d class epv_greater { public: - int operator()(event_proc *const&l1, event_proc *const&l2) + int operator()(event_proc *const&l1, event_proc *const&l2) const { return (l1->get_priority() > l2->get_priority()); } @@ -476,7 +476,7 @@ config::get_variable(const string &var) } bool -config::is_id_char(char ch) +config::is_id_char(char ch) const { return (ch != '\0' && (isalpha(ch) || isdigit(ch) || ch == '_' || ch == '-')); Modified: stable/7/sbin/devd/devd.hh ============================================================================== --- stable/7/sbin/devd/devd.hh Mon Feb 4 00:34:34 2013 (r246310) +++ stable/7/sbin/devd/devd.hh Mon Feb 4 00:34:35 2013 (r246311) @@ -133,8 +133,8 @@ public: int get_priority() const { return (_prio); } void set_priority(int prio) { _prio = prio; } void add(eps *); - bool matches(config &); - bool run(config &); + bool matches(config &) const; + bool run(config &) const; private: int _prio; std::vector _epsvec; @@ -168,7 +168,7 @@ protected: void parse_one_file(const char *fn); void parse_files_in_dir(const char *dirname); void expand_one(const char *&src, std::string &dst); - bool is_id_char(char); + bool is_id_char(char) const; bool chop_var(char *&buffer, char *&lhs, char *&rhs); private: std::vector _dir_list; From owner-svn-src-stable-7@FreeBSD.ORG Tue Feb 5 09:50:34 2013 Return-Path: Delivered-To: svn-src-stable-7@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 843EBC1B; Tue, 5 Feb 2013 09:50:34 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id 5E20990C; Tue, 5 Feb 2013 09:50:34 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.5/8.14.5) with ESMTP id r159oYXk020643; Tue, 5 Feb 2013 09:50:34 GMT (envelope-from delphij@svn.freebsd.org) Received: (from delphij@localhost) by svn.freebsd.org (8.14.5/8.14.5/Submit) id r159oY0O020642; Tue, 5 Feb 2013 09:50:34 GMT (envelope-from delphij@svn.freebsd.org) Message-Id: <201302050950.r159oY0O020642@svn.freebsd.org> From: Xin LI Date: Tue, 5 Feb 2013 09:50:34 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-7@freebsd.org Subject: svn commit: r246356 - in stable: 7/lib/libc/gen 8/lib/libc/gen 9/lib/libc/gen X-SVN-Group: stable-7 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-7@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for only the 7-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Feb 2013 09:50:34 -0000 Author: delphij Date: Tue Feb 5 09:50:33 2013 New Revision: 246356 URL: http://svnweb.freebsd.org/changeset/base/246356 Log: MFC r243758 (marcel): In globextend() when the pathv vector cannot be (re-)allocated, don't free and clear the gl_pathv pointer in the glob_t structure. Such breaks the invariant of the glob_t structure, as stated in the comment right in front of the globextend() function. If gl_pathv was non-NULL, then gl_pathc was > 0. Making gl_pathv a NULL pointer without also setting gl_pathc to 0 is wrong. Since we otherwise don't free the memory associated with a glob_t in error cases, it's unlikely that this change will cause a memory leak that wasn't already there to begin with. Callers of glob(3) must call globfree(3) irrespective of whether glob(3) returned an error or not. MFC r243759 (marcel): In globextend(), take advantage of the fact that realloc(NULL, size) is equivalent to malloc(size). This eliminates the conditional expression used for calling either realloc() or malloc() when realloc() will do all the time. Modified: stable/7/lib/libc/gen/glob.c Directory Properties: stable/7/lib/libc/ (props changed) Changes in other areas also in this revision: Modified: stable/8/lib/libc/gen/glob.c stable/9/lib/libc/gen/glob.c Directory Properties: stable/8/lib/libc/ (props changed) stable/9/lib/libc/ (props changed) Modified: stable/7/lib/libc/gen/glob.c ============================================================================== --- stable/7/lib/libc/gen/glob.c Tue Feb 5 09:40:31 2013 (r246355) +++ stable/7/lib/libc/gen/glob.c Tue Feb 5 09:50:33 2013 (r246356) @@ -710,16 +710,10 @@ globextend(const Char *path, glob_t *pgl } newsize = sizeof(*pathv) * (2 + pglob->gl_pathc + pglob->gl_offs); - pathv = pglob->gl_pathv ? - realloc((char *)pglob->gl_pathv, newsize) : - malloc(newsize); - if (pathv == NULL) { - if (pglob->gl_pathv) { - free(pglob->gl_pathv); - pglob->gl_pathv = NULL; - } + /* realloc(NULL, newsize) is equivalent to malloc(newsize). */ + pathv = realloc((void *)pglob->gl_pathv, newsize); + if (pathv == NULL) return(GLOB_NOSPACE); - } if (pglob->gl_pathv == NULL && pglob->gl_offs > 0) { /* first time around -- clear initial gl_offs items */ From owner-svn-src-stable-7@FreeBSD.ORG Tue Feb 5 09:53:34 2013 Return-Path: Delivered-To: svn-src-stable-7@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 5A9C71EE; Tue, 5 Feb 2013 09:53:34 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id 4B0BE954; Tue, 5 Feb 2013 09:53:34 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.5/8.14.5) with ESMTP id r159rYlq022616; Tue, 5 Feb 2013 09:53:34 GMT (envelope-from delphij@svn.freebsd.org) Received: (from delphij@localhost) by svn.freebsd.org (8.14.5/8.14.5/Submit) id r159rYVK022614; Tue, 5 Feb 2013 09:53:34 GMT (envelope-from delphij@svn.freebsd.org) Message-Id: <201302050953.r159rYVK022614@svn.freebsd.org> From: Xin LI Date: Tue, 5 Feb 2013 09:53:34 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-7@freebsd.org Subject: svn commit: r246357 - in stable: 7/lib/libc/gen 8/lib/libc/gen 9/lib/libc/gen X-SVN-Group: stable-7 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-7@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for only the 7-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Feb 2013 09:53:34 -0000 Author: delphij Date: Tue Feb 5 09:53:32 2013 New Revision: 246357 URL: http://svnweb.freebsd.org/changeset/base/246357 Log: MFC r243779 (marcel): Protect against DoS attacks, such as being described in CVE-2010-2632. The changes were derived from what has been committed to NetBSD, with modifications. These are: 1. Preserve the existsing GLOB_LIMIT behaviour by including the number of matches to the set of parameters to limit. 2. Change some of the limits to avoid impacting normal use cases: GLOB_LIMIT_STRING - change from 65536 to ARG_MAX so that glob(3) can still provide a full command line of expanded names. GLOB_LIMIT_STAT - change from 128 to 1024 for no other reason than that 128 feels too low (it's not a limit that impacts the behaviour of the test program listed in CVE-2010-2632). GLOB_LIMIT_PATH - change from 1024 to 65536 so that glob(3) can still provide a fill command line of expanded names. 3. Protect against buffer overruns when we hit the GLOB_LIMIT_STAT or GLOB_LIMIT_READDIR limits. We append SEP and EOS to pathend in those cases. Return GLOB_ABORTED instead of GLOB_NOSPACE when we would otherwise overrun the buffer. This change also modifies the existing behaviour of glob(3) in case GLOB_LIMIT is specifies by limiting the *new* matches and not all matches. This is an important distinction when GLOB_APPEND is set or when the caller uses a non-zero gl_offs. Previously pre-existing matches or the value of gl_offs would be counted in the number of matches even though the man page states that glob(3) would return GLOB_NOSPACE when gl_matchc or more matches were found. The limits that cannot be circumvented are GLOB_LIMIT_STRING and GLOB_LIMIT_PATH all others can be crossed by simply calling glob(3) again and with GLOB_APPEND set. The entire description above applies only when GLOB_LIMIT has been specified of course. No limits apply when this flag isn't set! Obtained from: Juniper Networks, Inc Modified: stable/7/lib/libc/gen/glob.c Directory Properties: stable/7/lib/libc/ (props changed) Changes in other areas also in this revision: Modified: stable/8/lib/libc/gen/glob.c stable/9/lib/libc/gen/glob.c Directory Properties: stable/8/lib/libc/ (props changed) stable/9/lib/libc/ (props changed) Modified: stable/7/lib/libc/gen/glob.c ============================================================================== --- stable/7/lib/libc/gen/glob.c Tue Feb 5 09:50:33 2013 (r246356) +++ stable/7/lib/libc/gen/glob.c Tue Feb 5 09:53:32 2013 (r246357) @@ -89,6 +89,25 @@ __FBSDID("$FreeBSD$"); #include "collate.h" +/* + * glob(3) expansion limits. Stop the expansion if any of these limits + * is reached. This caps the runtime in the face of DoS attacks. See + * also CVE-2010-2632 + */ +#define GLOB_LIMIT_BRACE 128 /* number of brace calls */ +#define GLOB_LIMIT_PATH 65536 /* number of path elements */ +#define GLOB_LIMIT_READDIR 16384 /* number of readdirs */ +#define GLOB_LIMIT_STAT 1024 /* number of stat system calls */ +#define GLOB_LIMIT_STRING ARG_MAX /* maximum total size for paths */ + +struct glob_limit { + size_t l_brace_cnt; + size_t l_path_lim; + size_t l_readdir_cnt; + size_t l_stat_cnt; + size_t l_string_cnt; +}; + #define DOLLAR '$' #define DOT '.' #define EOS '\0' @@ -148,15 +167,18 @@ static Char *g_strchr(Char *, wchar_t); static Char *g_strcat(Char *, const Char *); #endif static int g_stat(Char *, struct stat *, glob_t *); -static int glob0(const Char *, glob_t *, size_t *); -static int glob1(Char *, glob_t *, size_t *); -static int glob2(Char *, Char *, Char *, Char *, glob_t *, size_t *); -static int glob3(Char *, Char *, Char *, Char *, Char *, glob_t *, size_t *); -static int globextend(const Char *, glob_t *, size_t *); -static const Char * +static int glob0(const Char *, glob_t *, struct glob_limit *); +static int glob1(Char *, glob_t *, struct glob_limit *); +static int glob2(Char *, Char *, Char *, Char *, glob_t *, + struct glob_limit *); +static int glob3(Char *, Char *, Char *, Char *, Char *, glob_t *, + struct glob_limit *); +static int globextend(const Char *, glob_t *, struct glob_limit *); +static const Char * globtilde(const Char *, Char *, size_t, glob_t *); -static int globexp1(const Char *, glob_t *, size_t *); -static int globexp2(const Char *, const Char *, glob_t *, int *, size_t *); +static int globexp1(const Char *, glob_t *, struct glob_limit *); +static int globexp2(const Char *, const Char *, glob_t *, int *, + struct glob_limit *); static int match(Char *, Char *, Char *); #ifdef DEBUG static void qprintf(const char *, Char *); @@ -166,8 +188,8 @@ int glob(const char * __restrict pattern, int flags, int (*errfunc)(const char *, int), glob_t * __restrict pglob) { + struct glob_limit limit = { 0, 0, 0, 0, 0 }; const char *patnext; - size_t limit; Char *bufnext, *bufend, patbuf[MAXPATHLEN], prot; mbstate_t mbs; wchar_t wc; @@ -181,11 +203,10 @@ glob(const char * __restrict pattern, in pglob->gl_offs = 0; } if (flags & GLOB_LIMIT) { - limit = pglob->gl_matchc; - if (limit == 0) - limit = ARG_MAX; - } else - limit = 0; + limit.l_path_lim = pglob->gl_matchc; + if (limit.l_path_lim == 0) + limit.l_path_lim = GLOB_LIMIT_PATH; + } pglob->gl_flags = flags & ~GLOB_MAGCHAR; pglob->gl_errfunc = errfunc; pglob->gl_matchc = 0; @@ -238,11 +259,17 @@ glob(const char * __restrict pattern, in * characters */ static int -globexp1(const Char *pattern, glob_t *pglob, size_t *limit) +globexp1(const Char *pattern, glob_t *pglob, struct glob_limit *limit) { const Char* ptr = pattern; int rv; + if ((pglob->gl_flags & GLOB_LIMIT) && + limit->l_brace_cnt++ >= GLOB_LIMIT_BRACE) { + errno = 0; + return (GLOB_NOSPACE); + } + /* Protect a single {}, for find(1), like csh */ if (pattern[0] == LBRACE && pattern[1] == RBRACE && pattern[2] == EOS) return glob0(pattern, pglob, limit); @@ -261,7 +288,8 @@ globexp1(const Char *pattern, glob_t *pg * If it fails then it tries to glob the rest of the pattern and returns. */ static int -globexp2(const Char *ptr, const Char *pattern, glob_t *pglob, int *rv, size_t *limit) +globexp2(const Char *ptr, const Char *pattern, glob_t *pglob, int *rv, + struct glob_limit *limit) { int i; Char *lm, *ls; @@ -431,7 +459,7 @@ globtilde(const Char *pattern, Char *pat * if things went well, nonzero if errors occurred. */ static int -glob0(const Char *pattern, glob_t *pglob, size_t *limit) +glob0(const Char *pattern, glob_t *pglob, struct glob_limit *limit) { const Char *qpatnext; int err; @@ -524,7 +552,7 @@ compare(const void *p, const void *q) } static int -glob1(Char *pattern, glob_t *pglob, size_t *limit) +glob1(Char *pattern, glob_t *pglob, struct glob_limit *limit) { Char pathbuf[MAXPATHLEN]; @@ -542,7 +570,7 @@ glob1(Char *pattern, glob_t *pglob, size */ static int glob2(Char *pathbuf, Char *pathend, Char *pathend_last, Char *pattern, - glob_t *pglob, size_t *limit) + glob_t *pglob, struct glob_limit *limit) { struct stat sb; Char *p, *q; @@ -558,6 +586,15 @@ glob2(Char *pathbuf, Char *pathend, Char if (g_lstat(pathbuf, &sb, pglob)) return(0); + if ((pglob->gl_flags & GLOB_LIMIT) && + limit->l_stat_cnt++ >= GLOB_LIMIT_STAT) { + errno = 0; + if (pathend + 1 > pathend_last) + return (GLOB_ABORTED); + *pathend++ = SEP; + *pathend = EOS; + return (GLOB_NOSPACE); + } if (((pglob->gl_flags & GLOB_MARK) && pathend[-1] != SEP) && (S_ISDIR(sb.st_mode) || (S_ISLNK(sb.st_mode) && @@ -601,7 +638,7 @@ glob2(Char *pathbuf, Char *pathend, Char static int glob3(Char *pathbuf, Char *pathend, Char *pathend_last, Char *pattern, Char *restpattern, - glob_t *pglob, size_t *limit) + glob_t *pglob, struct glob_limit *limit) { struct dirent *dp; DIR *dirp; @@ -647,6 +684,19 @@ glob3(Char *pathbuf, Char *pathend, Char size_t clen; mbstate_t mbs; + if ((pglob->gl_flags & GLOB_LIMIT) && + limit->l_readdir_cnt++ >= GLOB_LIMIT_READDIR) { + errno = 0; + if (pathend + 1 > pathend_last) + err = GLOB_ABORTED; + else { + *pathend++ = SEP; + *pathend = EOS; + err = GLOB_NOSPACE; + } + break; + } + /* Initial DOT must be matched literally. */ if (dp->d_name[0] == DOT && *pattern != DOT) continue; @@ -697,14 +747,15 @@ glob3(Char *pathbuf, Char *pathend, Char * gl_pathv points to (gl_offs + gl_pathc + 1) items. */ static int -globextend(const Char *path, glob_t *pglob, size_t *limit) +globextend(const Char *path, glob_t *pglob, struct glob_limit *limit) { char **pathv; size_t i, newsize, len; char *copy; const Char *p; - if (*limit && pglob->gl_pathc > *limit) { + if ((pglob->gl_flags & GLOB_LIMIT) && + pglob->gl_matchc > limit->l_path_lim) { errno = 0; return (GLOB_NOSPACE); } @@ -726,6 +777,12 @@ globextend(const Char *path, glob_t *pgl for (p = path; *p++;) continue; len = MB_CUR_MAX * (size_t)(p - path); /* XXX overallocation */ + limit->l_string_cnt += len; + if ((pglob->gl_flags & GLOB_LIMIT) && + limit->l_string_cnt >= GLOB_LIMIT_STRING) { + errno = 0; + return (GLOB_NOSPACE); + } if ((copy = malloc(len)) != NULL) { if (g_Ctoc(path, copy, len)) { free(copy); From owner-svn-src-stable-7@FreeBSD.ORG Tue Feb 5 14:55:34 2013 Return-Path: Delivered-To: svn-src-stable-7@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id E2642152; Tue, 5 Feb 2013 14:55:34 +0000 (UTC) (envelope-from des@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id CBCFFE8C; Tue, 5 Feb 2013 14:55:34 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.5/8.14.5) with ESMTP id r15EtX36016857; Tue, 5 Feb 2013 14:55:33 GMT (envelope-from des@svn.freebsd.org) Received: (from des@localhost) by svn.freebsd.org (8.14.5/8.14.5/Submit) id r15EtXrB016855; Tue, 5 Feb 2013 14:55:33 GMT (envelope-from des@svn.freebsd.org) Message-Id: <201302051455.r15EtXrB016855@svn.freebsd.org> From: Dag-Erling Smørgrav Date: Tue, 5 Feb 2013 14:55:33 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-7@freebsd.org Subject: svn commit: r246366 - stable/7/games/fortune/datfiles X-SVN-Group: stable-7 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-7@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for only the 7-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Feb 2013 14:55:35 -0000 Author: des Date: Tue Feb 5 14:55:33 2013 New Revision: 246366 URL: http://svnweb.freebsd.org/changeset/base/246366 Log: MFH r246362: remove political propaganda Modified: stable/7/games/fortune/datfiles/fortunes-o.real Directory Properties: stable/7/games/fortune/ (props changed) Modified: stable/7/games/fortune/datfiles/fortunes-o.real ============================================================================== --- stable/7/games/fortune/datfiles/fortunes-o.real Tue Feb 5 14:53:16 2013 (r246365) +++ stable/7/games/fortune/datfiles/fortunes-o.real Tue Feb 5 14:55:33 2013 (r246366) @@ -11437,233 +11437,6 @@ two new uses for sheep. Meat and wool. % Runners do it alone. % -Rush Limbaugh's 35 Undeniable Truths of Life: - -(1) The greatest threat to the human spirit is liberalism. - - -- "The Limbaugh Letter," Copyright 1992, EFM Publishing, Inc. -% -Rush Limbaugh's 35 Undeniable Truths of Life: - -(10) Liberalism poisons the soul. - - -- "The Limbaugh Letter," Copyright 1992, EFM Publishing, Inc. -% -Rush Limbaugh's 35 Undeniable Truths of Life: - -(11) Neither the United States, nor anyone else, "imposes" freedom on - the people of other nations. Freedom is not an imposition. - - -- "The Limbaugh Letter," Copyright 1992, EFM Publishing, Inc. -% -Rush Limbaugh's 35 Undeniable Truths of Life: - -(12) Freedom is God-given. - - -- "The Limbaugh Letter," Copyright 1992, EFM Publishing, Inc. -% -Rush Limbaugh's 35 Undeniable Truths of Life: - -(13) To dictatorships, peace means the absence of opposition. - - -- "The Limbaugh Letter," Copyright 1992, EFM Publishing, Inc. -% -Rush Limbaugh's 35 Undeniable Truths of Life: - -(14) To free people, peace means the absence of threat. - - -- "The Limbaugh Letter," Copyright 1992, EFM Publishing, Inc. -% -Rush Limbaugh's 35 Undeniable Truths of Life: - -(15) The Peace Movement in the United States was, whether by accident or - design, pro-communist. - - -- "The Limbaugh Letter," Copyright 1992, EFM Publishing, Inc. -% -Rush Limbaugh's 35 Undeniable Truths of Life: - -(16) The collective knowledge and wisdom of seasoned citizens is the - most valuable, yet untapped, resource our young people have. - - -- "The Limbaugh Letter," Copyright 1992, EFM Publishing, Inc. -% -Rush Limbaugh's 35 Undeniable Truths of Life: - -(17) The greatest football team in the history of civilization was the - Pittsburgh Steelers of 1975 through 1980. - - -- "The Limbaugh Letter," Copyright 1992, EFM Publishing, Inc. -% -Rush Limbaugh's 35 Undeniable Truths of Life: - -(18) There is no such thing as "war atrocities." War is an atrocity. - - -- "The Limbaugh Letter," Copyright 1992, EFM Publishing, Inc. -% -Rush Limbaugh's 35 Undeniable Truths of Life: - -(19) Regardless of the pain in our memories, nostalgia only reminds us - of the good times in our past. - - -- "The Limbaugh Letter," Copyright 1992, EFM Publishing, Inc. -% -Rush Limbaugh's 35 Undeniable Truths of Life: - -(2) The single greatest threat to the free people of the world is posed - by the heinous idea of centralized government control. - - -- "The Limbaugh Letter," Copyright 1992, EFM Publishing, Inc. -% -Rush Limbaugh's 35 Undeniable Truths of Life: - -(20) There is a God. - - -- "The Limbaugh Letter," Copyright 1992, EFM Publishing, Inc. -% -Rush Limbaugh's 35 Undeniable Truths of Life: - -(21) Abortion is wrong. - - -- "The Limbaugh Letter," Copyright 1992, EFM Publishing, Inc. -% -Rush Limbaugh's 35 Undeniable Truths of Life: - -(22) Morality is not defined by individual choice. - - -- "The Limbaugh Letter," Copyright 1992, EFM Publishing, Inc. -% -Rush Limbaugh's 35 Undeniable Truths of Life: - -(23) Evolution cannot explain creation. - - -- "The Limbaugh Letter," Copyright 1992, EFM Publishing, Inc. -% -Rush Limbaugh's 35 Undeniable Truths of Life: - -(24) Feminism was established so that unattractive women could have - easier access to the mainstream of society. - - -- "The Limbaugh Letter," Copyright 1992, EFM Publishing, Inc. -% -Rush Limbaugh's 35 Undeniable Truths of Life: - -(25) Love is the only human emotion which cannot be controlled. You - either do or you don't. You can't fake it. (Except women, and - thank God they can.) - - -- "The Limbaugh Letter," Copyright 1992, EFM Publishing, Inc. -% -Rush Limbaugh's 35 Undeniable Truths of Life: - -(26) The only difference between Mikhail Gorbachev and previous Soviet - leaders is that he is alive. - - -- "The Limbaugh Letter," Copyright 1992, EFM Publishing, Inc. -% -Rush Limbaugh's 35 Undeniable Truths of Life: - -(27) Soviet leaders were actually left-wing dictators. - - -- "The Limbaugh Letter," Copyright 1992, EFM Publishing, Inc. -% -Rush Limbaugh's 35 Undeniable Truths of Life: - -(28) Abraham Lincoln saved this nation. - - -- "The Limbaugh Letter," Copyright 1992, EFM Publishing, Inc. -% -Rush Limbaugh's 35 Undeniable Truths of Life: - -(29) The Los Angeles Raiders will never be the team they were when they - called Oakland home. - - -- "The Limbaugh Letter," Copyright 1992, EFM Publishing, Inc. -% -Rush Limbaugh's 35 Undeniable Truths of Life: - -(3) Peace does not mean the elimination of nuclear weapons. - - -- "The Limbaugh Letter," Copyright 1992, EFM Publishing, Inc. -% -Rush Limbaugh's 35 Undeniable Truths of Life: - -(30) The United States will again go to war. - - -- "The Limbaugh Letter," Copyright 1992, EFM Publishing, Inc. -% -Rush Limbaugh's 35 Undeniable Truths of Life: - -(31) To more and more American intellectuals, a victorious United States - is a sinful United States. - - -- "The Limbaugh Letter," Copyright 1992, EFM Publishing, Inc. -% -Rush Limbaugh's 35 Undeniable Truths of Life: - -(32) The fact that American intellectuals rue a victorious United States - is frightening and ominous. - - -- "The Limbaugh Letter," Copyright 1992, EFM Publishing, Inc. -% -Rush Limbaugh's 35 Undeniable Truths of Life: - -(33) There will always be poor people. - - -- "The Limbaugh Letter," Copyright 1992, EFM Publishing, Inc. -% -Rush Limbaugh's 35 Undeniable Truths of Life: - -(34) The fact that there will always be poor people is not the fault of - the rich. - - -- "The Limbaugh Letter," Copyright 1992, EFM Publishing, Inc. -% -Rush Limbaugh's 35 Undeniable Truths of Life: - -(35) Rather than feel guilty as some do, you should thank God for making - you an American. - - -- "The Limbaugh Letter," Copyright 1992, EFM Publishing, Inc. -% -Rush Limbaugh's 35 Undeniable Truths of Life: - -(4) Peace does not mean the absence of war. - - -- "The Limbaugh Letter," Copyright 1992, EFM Publishing, Inc. -% -Rush Limbaugh's 35 Undeniable Truths of Life: - -(5) War is not obsolete. - - -- "The Limbaugh Letter," Copyright 1992, EFM Publishing, Inc. -% -Rush Limbaugh's 35 Undeniable Truths of Life: - -(6) Ours is a world governed by the aggressive use of force. - - -- "The Limbaugh Letter," Copyright 1992, EFM Publishing, Inc. -% -Rush Limbaugh's 35 Undeniable Truths of Life: - -(7) There is only one way to eliminate nuclear weapons. Use them. - - -- "The Limbaugh Letter," Copyright 1992, EFM Publishing, Inc. -% -Rush Limbaugh's 35 Undeniable Truths of Life: - -(8) Peace cannot be achieved merely by developing an "understanding" - among peoples. - - -- "The Limbaugh Letter," Copyright 1992, EFM Publishing, Inc. -% -Rush Limbaugh's 35 Undeniable Truths of Life: - -(9) Americans opposing America is not always sacred nor courageous ... - it is sometimes dangerous. - - -- "The Limbaugh Letter," Copyright 1992, EFM Publishing, Inc. -% Said a dainty young whore named Ms. Meggs, "The men like to spread my two legs, Then slip in between,