From owner-freebsd-audit Sun Jan 14 15:39:16 2001 Delivered-To: freebsd-audit@freebsd.org Received: from feral.com (feral.com [192.67.166.1]) by hub.freebsd.org (Postfix) with ESMTP id A1A5D37B400 for ; Sun, 14 Jan 2001 15:38:58 -0800 (PST) Received: from zeppo.feral.com (IDENT:mjacob@zeppo [192.67.166.71]) by feral.com (8.9.3/8.9.3) with ESMTP id PAA04300; Sun, 14 Jan 2001 15:38:59 -0800 Date: Sun, 14 Jan 2001 15:38:57 -0800 (PST) From: Matthew Jacob Reply-To: mjacob@feral.com To: audit@freebsd.org Cc: "Justin T. Gibbs" Subject: getting rid of that pesky "driver mistake" message from scsi_da... Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Index: cam/scsi/scsi_da.c =================================================================== RCS file: /home/ncvs/src/sys/cam/scsi/scsi_da.c,v retrieving revision 1.61 diff -u -r1.61 scsi_da.c --- cam/scsi/scsi_da.c 2001/01/08 00:32:51 1.61 +++ cam/scsi/scsi_da.c 2001/01/14 23:26:43 @@ -127,6 +127,7 @@ struct disk_params params; struct disk disk; union ccb saved_ccb; + dev_t dev; }; struct da_quirk_entry { @@ -899,6 +899,9 @@ cam_extend_release(daperiphs, periph->unit_number); xpt_print_path(periph->path); printf("removing device entry\n"); + if (softc->dev) { + disk_destroy(softc->dev); + } free(softc, M_DEVBUF); } @@ -1048,7 +1051,7 @@ /* * Register this media as a disk */ - disk_create(periph->unit_number, &softc->disk, 0, + softc->dev = disk_create(periph->unit_number, &softc->disk, 0, &da_cdevsw, &dadisk_cdevsw); /* To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Jan 15 15:56:24 2001 Delivered-To: freebsd-audit@freebsd.org Received: from feral.com (feral.com [192.67.166.1]) by hub.freebsd.org (Postfix) with ESMTP id 5CA3C37B401 for ; Mon, 15 Jan 2001 15:56:05 -0800 (PST) Received: from zeppo.feral.com (IDENT:mjacob@zeppo [192.67.166.71]) by feral.com (8.9.3/8.9.3) with ESMTP id PAA09111; Mon, 15 Jan 2001 15:56:02 -0800 Date: Mon, 15 Jan 2001 15:56:01 -0800 (PST) From: Matthew Jacob Reply-To: mjacob@feral.com To: audit@FreeBSD.ORG Cc: "Justin T. Gibbs" Subject: Re: getting rid of that pesky "driver mistake" message from scsi_da... In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Going once.... > > Index: cam/scsi/scsi_da.c > =================================================================== > RCS file: /home/ncvs/src/sys/cam/scsi/scsi_da.c,v > retrieving revision 1.61 > diff -u -r1.61 scsi_da.c > --- cam/scsi/scsi_da.c 2001/01/08 00:32:51 1.61 > +++ cam/scsi/scsi_da.c 2001/01/14 23:26:43 > @@ -127,6 +127,7 @@ > struct disk_params params; > struct disk disk; > union ccb saved_ccb; > + dev_t dev; > }; > > struct da_quirk_entry { > @@ -899,6 +899,9 @@ > cam_extend_release(daperiphs, periph->unit_number); > xpt_print_path(periph->path); > printf("removing device entry\n"); > + if (softc->dev) { > + disk_destroy(softc->dev); > + } > free(softc, M_DEVBUF); > } > > @@ -1048,7 +1051,7 @@ > /* > * Register this media as a disk > */ > - disk_create(periph->unit_number, &softc->disk, 0, > + softc->dev = disk_create(periph->unit_number, &softc->disk, 0, > &da_cdevsw, &dadisk_cdevsw); > > /* > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-audit" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Tue Jan 16 9:19:22 2001 Delivered-To: freebsd-audit@freebsd.org Received: from gratis.grondar.za (grouter.grondar.za [196.7.18.65]) by hub.freebsd.org (Postfix) with ESMTP id 589BC37B400 for ; Tue, 16 Jan 2001 09:19:01 -0800 (PST) Received: from grondar.za (root@gratis.grondar.za [196.7.18.133]) by gratis.grondar.za (8.11.1/8.11.1) with ESMTP id f0GHIdI33308; Tue, 16 Jan 2001 19:18:41 +0200 (SAST) (envelope-from mark@grondar.za) Message-Id: <200101161718.f0GHIdI33308@gratis.grondar.za> To: mjacob@feral.com Cc: audit@FreeBSD.ORG, "Justin T. Gibbs" Subject: Re: getting rid of that pesky "driver mistake" message from scsi_da... References: In-Reply-To: ; from Matthew Jacob "Mon, 15 Jan 2001 15:56:01 PST." Date: Tue, 16 Jan 2001 19:18:43 +0200 From: Mark Murray Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Looks fine to me. I had to do he same thing in my code. M > Going once.... > > > > > > Index: cam/scsi/scsi_da.c > > =================================================================== > > RCS file: /home/ncvs/src/sys/cam/scsi/scsi_da.c,v > > retrieving revision 1.61 > > diff -u -r1.61 scsi_da.c > > --- cam/scsi/scsi_da.c 2001/01/08 00:32:51 1.61 > > +++ cam/scsi/scsi_da.c 2001/01/14 23:26:43 > > @@ -127,6 +127,7 @@ > > struct disk_params params; > > struct disk disk; > > union ccb saved_ccb; > > + dev_t dev; > > }; > > > > struct da_quirk_entry { > > @@ -899,6 +899,9 @@ > > cam_extend_release(daperiphs, periph->unit_number); > > xpt_print_path(periph->path); > > printf("removing device entry\n"); > > + if (softc->dev) { > > + disk_destroy(softc->dev); > > + } > > free(softc, M_DEVBUF); > > } > > > > @@ -1048,7 +1051,7 @@ > > /* > > * Register this media as a disk > > */ > > - disk_create(periph->unit_number, &softc->disk, 0, > > + softc->dev = disk_create(periph->unit_number, &softc->disk, 0, > > &da_cdevsw, &dadisk_cdevsw); > > > > /* > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-audit" in the body of the message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-audit" in the body of the message > -- Mark Murray Warning: this .sig is umop ap!sdn To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Tue Jan 16 14:49:16 2001 Delivered-To: freebsd-audit@freebsd.org Received: from peitho.fxp.org (peitho.fxp.org [209.26.95.40]) by hub.freebsd.org (Postfix) with ESMTP id 4E0A437B402 for ; Tue, 16 Jan 2001 14:48:57 -0800 (PST) Received: by peitho.fxp.org (Postfix, from userid 1000) id 2CBC413613; Tue, 16 Jan 2001 17:48:46 -0500 (EST) Date: Tue, 16 Jan 2001 17:48:46 -0500 From: Chris Faulhaber To: freebsd-audit@FreeBSD.org Subject: strlcat fixes Message-ID: <20010116174845.A95772@peitho.fxp.org> Mail-Followup-To: Chris Faulhaber , freebsd-audit@FreeBSD.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Tony Finch submitted a couple strlcat.c PR's recently (24278 and 24295). Since no one has touched them, I would like to take care of them in short order. The first ensures that memory is not read if strlcat is called with a 0 size, ensuring potentially unallocated memory is not read: - while (*d != '\0' && n-- != 0) + while (n-- != 0 && *d != '\0') The second corrects the wording regarding the return value: - * Returns strlen(src); if retval >= siz, truncation occurred. + * Returns the smaller of strlen(dst) + strlen(src) and siz + strlen(src); + * if retval >= siz, truncation occurred. Comments? -- Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org Index: strlcat.c =================================================================== RCS file: /home/ncvs/src/lib/libc/string/strlcat.c,v retrieving revision 1.2 diff -u -r1.2 strlcat.c --- strlcat.c 1999/08/10 05:58:57 1.2 +++ strlcat.c 2001/01/16 14:27:44 @@ -38,7 +38,8 @@ * Appends src to string dst of size siz (unlike strncat, siz is the * full size of dst, not space left). At most siz-1 characters * will be copied. Always NUL terminates (unless siz == 0). - * Returns strlen(src); if retval >= siz, truncation occurred. + * Returns the smaller of strlen(dst) + strlen(src) and siz + strlen(src); + * if retval >= siz, truncation occurred. */ size_t strlcat(dst, src, siz) char *dst; @@ -51,7 +52,7 @@ size_t dlen; /* Find the end of dst and adjust bytes left but don't go past end */ - while (*d != '\0' && n-- != 0) + while (n-- != 0 && *d != '\0') d++; dlen = d - dst; n = siz - dlen; To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Tue Jan 16 15: 5:27 2001 Delivered-To: freebsd-audit@freebsd.org Received: from harmony.village.org (rover.village.org [204.144.255.66]) by hub.freebsd.org (Postfix) with ESMTP id A562137B401 for ; Tue, 16 Jan 2001 15:05:10 -0800 (PST) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.11.1/8.11.1) with ESMTP id f0GN51s32264; Tue, 16 Jan 2001 16:05:01 -0700 (MST) (envelope-from imp@harmony.village.org) Message-Id: <200101162305.f0GN51s32264@harmony.village.org> To: Chris Faulhaber Subject: Re: strlcat fixes Cc: freebsd-audit@FreeBSD.ORG In-reply-to: Your message of "Tue, 16 Jan 2001 17:48:46 EST." <20010116174845.A95772@peitho.fxp.org> References: <20010116174845.A95772@peitho.fxp.org> Date: Tue, 16 Jan 2001 16:05:01 -0700 From: Warner Losh Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In message <20010116174845.A95772@peitho.fxp.org> Chris Faulhaber writes: : The first ensures that memory is not read if strlcat is : called with a 0 size, ensuring potentially unallocated : memory is not read: : : - while (*d != '\0' && n-- != 0) : + while (n-- != 0 && *d != '\0') This doesn't matter. The only time this would matter would be if dst was NULL, which is undefined anyway. There's no reason to change this and it makes us gratuitously different than OpenBSD. : The second corrects the wording regarding the return value: : : - * Returns strlen(src); if retval >= siz, truncation occurred. : + * Returns the smaller of strlen(dst) + strlen(src) and siz + strlen(src); : + * if retval >= siz, truncation occurred. This is OK. However, I'll talk to Todd Miller of OpenBSD tonight to coordinate with them this change. I'm having a beer with him and he's keeper of libc in OpenBSD. You might want to mail him before making the change in our tree. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Tue Jan 16 15: 8:15 2001 Delivered-To: freebsd-audit@freebsd.org Received: from peitho.fxp.org (peitho.fxp.org [209.26.95.40]) by hub.freebsd.org (Postfix) with ESMTP id 79F1837B402 for ; Tue, 16 Jan 2001 15:07:57 -0800 (PST) Received: by peitho.fxp.org (Postfix, from userid 1501) id 1996D13613; Tue, 16 Jan 2001 18:07:52 -0500 (EST) Date: Tue, 16 Jan 2001 18:07:51 -0500 From: Chris Faulhaber To: Warner Losh Cc: freebsd-audit@FreeBSD.ORG Subject: Re: strlcat fixes Message-ID: <20010116180751.A67654@peitho.fxp.org> Mail-Followup-To: Chris Faulhaber , Warner Losh , freebsd-audit@FreeBSD.ORG References: <20010116174845.A95772@peitho.fxp.org> <200101162305.f0GN51s32264@harmony.village.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200101162305.f0GN51s32264@harmony.village.org>; from imp@harmony.village.org on Tue, Jan 16, 2001 at 04:05:01PM -0700 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, Jan 16, 2001 at 04:05:01PM -0700, Warner Losh wrote: > In message <20010116174845.A95772@peitho.fxp.org> Chris Faulhaber writes: > : The first ensures that memory is not read if strlcat is > : called with a 0 size, ensuring potentially unallocated > : memory is not read: > : > : - while (*d != '\0' && n-- != 0) > : + while (n-- != 0 && *d != '\0') > > This doesn't matter. The only time this would matter would be if dst > was NULL, which is undefined anyway. There's no reason to change this > and it makes us gratuitously different than OpenBSD. > Actually, OpenBSD merged the changes last week: CVSROOT: /cvs Module name: src Changes by: millert@cvs.openbsd.org 2001/01/12 15:55:24 Modified files: lib/libc/string: strlcat.c Log message: Reverse the order of two loop invariant to make 'strlcat(0, "foo", 0)' not get a SEGV; Richard Kettlewell > : The second corrects the wording regarding the return value: > : > : - * Returns strlen(src); if retval >= siz, truncation occurred. > : + * Returns the smaller of strlen(dst) + strlen(src) and siz + strlen(src); > : + * if retval >= siz, truncation occurred. > > This is OK. However, I'll talk to Todd Miller of OpenBSD tonight to > coordinate with them this change. I'm having a beer with him and he's > keeper of libc in OpenBSD. You might want to mail him before making > the change in our tree. > Ditto... -- Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Tue Jan 16 15:13:31 2001 Delivered-To: freebsd-audit@freebsd.org Received: from harmony.village.org (rover.village.org [204.144.255.66]) by hub.freebsd.org (Postfix) with ESMTP id D2F3537B401 for ; Tue, 16 Jan 2001 15:13:14 -0800 (PST) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.11.1/8.11.1) with ESMTP id f0GNDCs32370; Tue, 16 Jan 2001 16:13:12 -0700 (MST) (envelope-from imp@harmony.village.org) Message-Id: <200101162313.f0GNDCs32370@harmony.village.org> To: Chris Faulhaber Subject: Re: strlcat fixes Cc: freebsd-audit@FreeBSD.ORG In-reply-to: Your message of "Tue, 16 Jan 2001 18:07:51 EST." <20010116180751.A67654@peitho.fxp.org> References: <20010116180751.A67654@peitho.fxp.org> <20010116174845.A95772@peitho.fxp.org> <200101162305.f0GN51s32264@harmony.village.org> Date: Tue, 16 Jan 2001 16:13:11 -0700 From: Warner Losh Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In message <20010116180751.A67654@peitho.fxp.org> Chris Faulhaber writes: : Actually, OpenBSD merged the changes last week: Well then, that's a good reason for me :-) Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Wed Jan 17 10:48:20 2001 Delivered-To: freebsd-audit@freebsd.org Received: from peitho.fxp.org (peitho.fxp.org [209.26.95.40]) by hub.freebsd.org (Postfix) with ESMTP id AF46F37B6C0 for ; Wed, 17 Jan 2001 10:47:57 -0800 (PST) Received: from earth.causticlabs.com (oca-pm3-6-99.hitter.net [207.192.77.99]) by peitho.fxp.org (Postfix) with ESMTP id BE8801360C; Wed, 17 Jan 2001 13:47:54 -0500 (EST) Received: by earth.causticlabs.com (Postfix, from userid 1000) id 2236E1F7E; Wed, 17 Jan 2001 13:47:51 -0500 (EST) Date: Wed, 17 Jan 2001 13:47:51 -0500 From: Chris Faulhaber To: Warner Losh Cc: freebsd-audit@FreeBSD.ORG Subject: Re: strlcat fixes Message-ID: <20010117134751.A23603@earth.causticlabs.com> Mail-Followup-To: Chris Faulhaber , Warner Losh , freebsd-audit@FreeBSD.ORG References: <20010116180751.A67654@peitho.fxp.org> <20010116174845.A95772@peitho.fxp.org> <200101162305.f0GN51s32264@harmony.village.org> <20010116180751.A67654@peitho.fxp.org> <200101162313.f0GNDCs32370@harmony.village.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200101162313.f0GNDCs32370@harmony.village.org>; from imp@harmony.village.org on Tue, Jan 16, 2001 at 04:13:11PM -0700 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, Jan 16, 2001 at 04:13:11PM -0700, Warner Losh wrote: > In message <20010116180751.A67654@peitho.fxp.org> Chris Faulhaber writes: > : Actually, OpenBSD merged the changes last week: > > Well then, that's a good reason for me :-) > While I am at it, how about the following to sync the verbage with OpenBSD's man page: - larger than 0). Note that you should include a byte for the NUL in size. + larger than 0 or, in the case of strlcat(), as long as there is at least + one byte free in dst). Note that you should include a byte for the NUL + in size. Also note that strlcpy() and strlcat() only operate on true + ``C'' strings. This means that for strlcpy() src must be NUL-terminated + and for strlcat() both src and dst must be NUL-terminated. -- Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org Index: strlcpy.3 =================================================================== RCS file: /home/ncvs/src/lib/libc/string/strlcpy.3,v retrieving revision 1.7 diff -u -r1.7 strlcpy.3 --- strlcpy.3 2000/12/29 14:08:04 1.7 +++ strlcpy.3 2001/01/17 18:44:17 @@ -59,8 +59,29 @@ take the full size of the buffer (not just the length) and guarantee to NUL-terminate the result (as long as .Fa size -is larger than 0). Note that you should include a byte for the NUL in +is larger than 0 or, in the case of +.Fn strlcat , +as long as there is at least one byte free in +.Fa dst ) . +Note that you should include a byte for the NUL in .Fa size . +Also note that +.Fn strlcpy +and +.Fn strlcat +only operate on true +.Dq C +strings. +This means that for +.Fn strlcpy +.Fa src +must be NUL-terminated and for +.Fn strlcat +both +.Fa src +and +.Fa dst +must be NUL-terminated. .Pp The .Fn strlcpy To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Wed Jan 17 11: 6: 4 2001 Delivered-To: freebsd-audit@freebsd.org Received: from harmony.village.org (rover.village.org [204.144.255.66]) by hub.freebsd.org (Postfix) with ESMTP id E32E537B698 for ; Wed, 17 Jan 2001 11:05:46 -0800 (PST) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.11.1/8.11.1) with ESMTP id f0HJ5gs39721; Wed, 17 Jan 2001 12:05:42 -0700 (MST) (envelope-from imp@harmony.village.org) Message-Id: <200101171905.f0HJ5gs39721@harmony.village.org> To: Chris Faulhaber Subject: Re: strlcat fixes Cc: freebsd-audit@FreeBSD.ORG In-reply-to: Your message of "Wed, 17 Jan 2001 13:47:51 EST." <20010117134751.A23603@earth.causticlabs.com> References: <20010117134751.A23603@earth.causticlabs.com> <20010116180751.A67654@peitho.fxp.org> <20010116174845.A95772@peitho.fxp.org> <200101162305.f0GN51s32264@harmony.village.org> <20010116180751.A67654@peitho.fxp.org> <200101162313.f0GNDCs32370@harmony.village.org> Date: Wed, 17 Jan 2001 12:05:42 -0700 From: Warner Losh Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In message <20010117134751.A23603@earth.causticlabs.com> Chris Faulhaber writes: : While I am at it, how about the following to sync the verbage with : OpenBSD's man page: Sure. I talked to Todd last night breifly about this stuff and it looks good. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Thu Jan 18 2:32:37 2001 Delivered-To: freebsd-audit@freebsd.org Received: from hand.dotat.at (sfo-gw.covalent.net [207.44.198.62]) by hub.freebsd.org (Postfix) with ESMTP id 1B2BB37B401 for ; Thu, 18 Jan 2001 02:32:21 -0800 (PST) Received: from fanf by hand.dotat.at with local (Exim 3.15 #3) id 14JCMB-0008yf-00; Thu, 18 Jan 2001 10:31:51 +0000 Date: Thu, 18 Jan 2001 10:31:51 +0000 From: Tony Finch To: Warner Losh Cc: Chris Faulhaber , freebsd-audit@FreeBSD.ORG Subject: Re: strlcat fixes Message-ID: <20010118103151.F30538@hand.dotat.at> References: <20010116174845.A95772@peitho.fxp.org> <200101162305.f0GN51s32264@harmony.village.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <200101162305.f0GN51s32264@harmony.village.org> Organization: Covalent Technologies, Inc Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Warner Losh wrote: >In message <20010116174845.A95772@peitho.fxp.org> Chris Faulhaber writes: >: The first ensures that memory is not read if strlcat is >: called with a 0 size, ensuring potentially unallocated >: memory is not read: >: >: - while (*d != '\0' && n-- != 0) >: + while (n-- != 0 && *d != '\0') > >This doesn't matter. The only time this would matter would be if dst >was NULL, which is undefined anyway. There's no reason to change this >and it makes us gratuitously different than OpenBSD. That is not correct. A possible situation in which the old code can blow up is if the dst pointer has been advanced through a malloc()ed array, and for some reason has reached one past the end of the array (a legal pointer value, but not dereferenceable) and is therefore pointing into outer space (past sbrk(0)). Tony. -- f.a.n.finch fanf@covalent.net dot@dotat.at "Because all you of Earth are idiots!" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Jan 19 1:40:16 2001 Delivered-To: freebsd-audit@freebsd.org Received: from mailout03.sul.t-online.com (mailout03.sul.t-online.com [194.25.134.81]) by hub.freebsd.org (Postfix) with ESMTP id D4F0637B69E for ; Fri, 19 Jan 2001 01:39:57 -0800 (PST) Received: from fwd01.sul.t-online.com by mailout03.sul.t-online.com with smtp id 14JY1U-0003wT-04; Fri, 19 Jan 2001 10:39:56 +0100 Received: from neutron.cichlids.com (520050424122-0001@[62.225.192.125]) by fmrl01.sul.t-online.com with esmtp id 14JY1D-0F2jtQC; Fri, 19 Jan 2001 10:39:39 +0100 Received: from cichlids.cichlids.com (cichlids.cichlids.com [192.168.0.10]) by neutron.cichlids.com (Postfix) with ESMTP id B13D3AB0C for ; Fri, 19 Jan 2001 10:41:25 +0100 (CET) Received: by cichlids.cichlids.com (Postfix, from userid 1001) id 21E5C14A70; Fri, 19 Jan 2001 10:39:40 +0100 (CET) Date: Fri, 19 Jan 2001 10:39:40 +0100 To: audit@freebsd.org Subject: oinit with compile time option shell/init script Message-ID: <20010119103939.A8500@cichlids.cichlids.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i X-PGP-Fingerprint: 44 28 CA 4C 46 5B D3 A8 A8 E3 BA F3 4E 60 7D 7F X-PGP-at: finger alex@big.endian.de X-Verwirrung: Dieser Header dient der allgemeinen Verwirrung. From: alex@big.endian.de (Alexander Langer) X-Sender: 520050424122-0001@t-dialin.net Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hello! I'd like to change oinit so that you can give the init-script as compile-time option. This way it can be abused for other uses as picobsd. cvs server: Diffing . Index: Makefile =================================================================== RCS file: /home/ncvs/src/release/picobsd/tinyware/oinit/Makefile,v retrieving revision 1.2 diff -u -r1.2 Makefile --- Makefile 1999/08/28 01:33:57 1.2 +++ Makefile 2001/01/19 09:38:53 @@ -1,9 +1,19 @@ # $FreeBSD: src/release/picobsd/tinyware/oinit/Makefile,v 1.2 1999/08/28 01:33:57 peter Exp $ # -PROG=oinit -#CFLAGS+=-DUSE_HISTORY -CFLAGS+=-DOINIT_RC=\"/etc/oinit.rc\" -#LDADD=-lutil -ledit -ltermcap +PROG= oinit + +SH_PATH?= /bin/sh +SH_NAME?= -sh +SH_ARG?= /etc/rc + +CFLAGS= -DSH_PATH=\"${SH_PATH}\" -DSH_NAME=\"${SH_NAME}\" \ + -DSH_ARG=\"${SH_ARG}\" + + +#CFLAGS+= -DUSE_HISTORY +#CFLAGS+= -DOINIT_RC=\"/etc/oinit.rc\" + +#LDADD= -lutil -ledit -ltermcap LDADD=-lutil NOMAN=yes Index: oinit.c =================================================================== RCS file: /home/ncvs/src/release/picobsd/tinyware/oinit/oinit.c,v retrieving revision 1.5 diff -u -r1.5 oinit.c --- oinit.c 2000/12/09 09:35:37 1.5 +++ oinit.c 2001/01/19 09:38:54 @@ -599,6 +599,15 @@ * normal /etc/rc interpreted by Bourne shell. */ #ifndef OINIT_RC +#ifndef SH_NAME +#define SH_NAME "-sh" +#endif +#ifndef SH_PATH +#define SH_PATH _PATH_BSHELL +#endif +#ifndef SH_ARG +#define SH_ARG "/etc/rc" +#endif void runcom() { @@ -617,10 +626,10 @@ dup2(fd,1); dup2(fd,2); if(fd>2) close(fd); - argv[0]="-sh"; - argv[1]="/etc/rc"; + argv[0]=SH_NAME; + argv[1]=SH_ARG; argv[2]=0; - execvp("/bin/sh",argv); + execvp(SH_PATH,argv); printf("runcom(): %s\n",strerror(errno)); _exit(1); } -- cat: /home/alex/.sig: No such file or directory To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Jan 19 14:57:24 2001 Delivered-To: freebsd-audit@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id 7B73837B400 for ; Fri, 19 Jan 2001 14:57:05 -0800 (PST) Received: (from kris@localhost) by citusc17.usc.edu (8.11.1/8.11.1) id f0JN0Ev12509; Fri, 19 Jan 2001 15:00:14 -0800 (PST) (envelope-from kris) Date: Fri, 19 Jan 2001 15:00:14 -0800 From: Kris Kennaway To: Nathan Ahlstrom Cc: audit@FreeBSD.ORG Subject: Re: m4 patches for review Message-ID: <20010119150014.A12361@citusc17.usc.edu> References: <20001205170148.A98809@FreeBSD.ORG> <20001206062433.D14433@earth.causticlabs.com> <20001206164138.F4279@winternet.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="TB36FDmn/VVEgNH/" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20001206164138.F4279@winternet.com>; from nrahlstr@winternet.com on Wed, Dec 06, 2000 at 04:41:38PM -0600 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --TB36FDmn/VVEgNH/ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Dec 06, 2000 at 04:41:38PM -0600, Nathan Ahlstrom wrote: > > The fixes look fine. You might want to coordinate with asmodai (who is > > working on syncing other BSD changes) to see if he has worked in this > > area. Also, have you checked for any applicable OpenBSD updates? >=20 > It appears the OpenBSD group has made alot of updates as well. > I will evaluate those tonight. Any progress on this? m4 has been on my list of things which should be synced up for some time. Kris --=20 NOTE: To fetch an updated copy of my GPG key which has not expired, finger kris@FreeBSD.org --TB36FDmn/VVEgNH/ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6aMb+Wry0BWjoQKURAnkwAKCpqGJ0g+dIpABjrJDujZsnHcIvRQCcDtdG fTZ8gmMiockq3cwqqDm92UE= =HYYB -----END PGP SIGNATURE----- --TB36FDmn/VVEgNH/-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Jan 19 15: 2:12 2001 Delivered-To: freebsd-audit@freebsd.org Received: from icicle.winternet.com (icicle.winternet.com [198.174.169.13]) by hub.freebsd.org (Postfix) with ESMTP id 0731537B699; Fri, 19 Jan 2001 15:01:55 -0800 (PST) Received: from tundra.winternet.com (nrahlstr@tundra.winternet.com [198.174.169.11]) by icicle.winternet.com (8.9.3/8.9.3mc) with ESMTP id RAA22497; Fri, 19 Jan 2001 17:01:53 -0600 (CST) SMTP "HELO" (ESMTP) greeting from tundra.winternet.com But _really_ from :: nrahlstr@tundra.winternet.com [198.174.169.11] SMTP "MAIL From" = nrahlstr@mail.winternet.com (Nathan Ahlstrom) SMTP "RCPT To" = Received: (from nrahlstr@localhost) by tundra.winternet.com (8.8.7/8.8.4) id RAA13271; Fri, 19 Jan 2001 17:01:52 -0600 (CST) Date: Fri, 19 Jan 2001 17:01:52 -0600 From: Nathan Ahlstrom To: Kris Kennaway Cc: audit@FreeBSD.ORG Subject: Re: m4 patches for review Message-ID: <20010119170151.A13185@winternet.com> References: <20001205170148.A98809@FreeBSD.ORG> <20001206062433.D14433@earth.causticlabs.com> <20001206164138.F4279@winternet.com> <20010119150014.A12361@citusc17.usc.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <20010119150014.A12361@citusc17.usc.edu>; from kris@FreeBSD.ORG on Fri, Jan 19, 2001 at 03:00:14PM -0800 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG No. Sorry. The patches I have only sync up with NetBSD. Kris Kennaway wrote: > On Wed, Dec 06, 2000 at 04:41:38PM -0600, Nathan Ahlstrom wrote: > > > > > The fixes look fine. You might want to coordinate with asmodai (who is > > > working on syncing other BSD changes) to see if he has worked in this > > > area. Also, have you checked for any applicable OpenBSD updates? > > > > It appears the OpenBSD group has made alot of updates as well. > > I will evaluate those tonight. > > Any progress on this? m4 has been on my list of things which should be > synced up for some time. > > Kris > > -- > NOTE: To fetch an updated copy of my GPG key which has not expired, > finger kris@FreeBSD.org -- Nathan Ahlstrom / nrahlstr@winternet.com / nra@FreeBSD.org / PGP: 0x67BC9D19 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Jan 19 15: 5:58 2001 Delivered-To: freebsd-audit@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id 18B7937B400 for ; Fri, 19 Jan 2001 15:05:41 -0800 (PST) Received: (from kris@localhost) by citusc17.usc.edu (8.11.1/8.11.1) id f0JN8kd12631; Fri, 19 Jan 2001 15:08:46 -0800 (PST) (envelope-from kris) Date: Fri, 19 Jan 2001 15:08:46 -0800 From: Kris Kennaway To: Mike Heffner Cc: FreeBSD-audit Subject: Re: cursor patch Message-ID: <20010119150846.B12361@citusc17.usc.edu> References: <20001204085629.A8164@earth.causticlabs.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="oC1+HKm2/end4ao3" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from mheffner@vt.edu on Mon, Dec 04, 2000 at 10:52:06AM -0500 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --oC1+HKm2/end4ao3 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Dec 04, 2000 at 10:52:06AM -0500, Mike Heffner wrote: > I'll look into those this week. Any progress? I'm about to commit your cursor patch. Kris --=20 NOTE: To fetch an updated copy of my GPG key which has not expired, finger kris@FreeBSD.org --oC1+HKm2/end4ao3 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6aMj9Wry0BWjoQKURAvKbAKDiDKcfjAMVeKZPSBpuTPSTUZm+8gCg50s9 moKN6gsTR8VrE8iupOdeTCo= =0Pko -----END PGP SIGNATURE----- --oC1+HKm2/end4ao3-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Jan 19 15:13:52 2001 Delivered-To: freebsd-audit@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id 6040E37B400 for ; Fri, 19 Jan 2001 15:13:35 -0800 (PST) Received: (from kris@localhost) by citusc17.usc.edu (8.11.1/8.11.1) id f0JNGjQ12788; Fri, 19 Jan 2001 15:16:45 -0800 (PST) (envelope-from kris) Date: Fri, 19 Jan 2001 15:16:45 -0800 From: Kris Kennaway To: Nathan Ahlstrom Cc: audit@FreeBSD.ORG Subject: Re: m4 patches for review Message-ID: <20010119151645.A12764@citusc17.usc.edu> References: <20001205170148.A98809@FreeBSD.ORG> <20001206062433.D14433@earth.causticlabs.com> <20001206164138.F4279@winternet.com> <20010119150014.A12361@citusc17.usc.edu> <20010119170151.A13185@winternet.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="MGYHOYXEY6WxJCY8" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010119170151.A13185@winternet.com>; from nrahlstr@winternet.com on Fri, Jan 19, 2001 at 05:01:52PM -0600 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --MGYHOYXEY6WxJCY8 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jan 19, 2001 at 05:01:52PM -0600, Nathan Ahlstrom wrote: >=20 > No. Sorry. The patches I have only sync up with NetBSD. =20 Well, that would be a start. Do you think they're commit-ready? Kris --=20 NOTE: To fetch an updated copy of my GPG key which has not expired, finger kris@FreeBSD.org --MGYHOYXEY6WxJCY8 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6aMrdWry0BWjoQKURAqb1AJ93vHNa4NoqQNtXf67EBbkfeCFw6wCg2S3y cWWoqnkF1rTKVdfHiaykZSE= =7+E1 -----END PGP SIGNATURE----- --MGYHOYXEY6WxJCY8-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Jan 19 15:21:18 2001 Delivered-To: freebsd-audit@freebsd.org Received: from lennier.cc.vt.edu (lennier.cc.vt.edu [198.82.161.193]) by hub.freebsd.org (Postfix) with ESMTP id C63C637B400; Fri, 19 Jan 2001 15:21:00 -0800 (PST) Received: from mail.vt.edu (gkar.cc.vt.edu [198.82.161.190]) by lennier.cc.vt.edu (8.11.0/8.11.0) with ESMTP id f0JNKwv233006; Fri, 19 Jan 2001 18:20:58 -0500 (EST) Received: from enterprise.muriel.penguinpowered.com ([198.82.100.151]) by gkar.cc.vt.edu (Sun Internet Mail Server sims.3.5.2000.03.23.18.03.p10) with ESMTP id <0G7F006J3NIWXU@gkar.cc.vt.edu>; Fri, 19 Jan 2001 18:20:56 -0500 (EST) Date: Fri, 19 Jan 2001 18:20:56 -0500 (EST) From: Mike Heffner Subject: Re: cursor patch In-reply-to: <20010119150846.B12361@citusc17.usc.edu> To: Kris Kennaway Cc: FreeBSD-audit Message-id: MIME-version: 1.0 X-Mailer: XFMail 1.4.6-3 on FreeBSD Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 8bit X-Priority: 3 (Normal) Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On 19-Jan-2001 Kris Kennaway wrote: | On Mon, Dec 04, 2000 at 10:52:06AM -0500, Mike Heffner wrote: |> I'll look into those this week. | | Any progress? I'm about to commit your cursor patch. | Yes. See: http://docs.freebsd.org/cgi/getmsg.cgi?fetch=57194+0+archive/2000/freebsd-audit/ 20001210.freebsd-audit Except my account has been removed from that server so I've copied the patches to: http://filebox.vt.edu/users/mheffner/patches/ (same filenames as the email). Thanks for committing them :) -- Mike Heffner Blacksburg, VA ICQ# 882073 http://my.ispchannel.com/~mheffner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Jan 19 17:47:41 2001 Delivered-To: freebsd-audit@freebsd.org Received: from peitho.fxp.org (peitho.fxp.org [209.26.95.40]) by hub.freebsd.org (Postfix) with ESMTP id 6E3B837B400 for ; Fri, 19 Jan 2001 17:47:23 -0800 (PST) Received: from earth.causticlabs.com (oca-pm3-6-88.hitter.net [207.192.77.88]) by peitho.fxp.org (Postfix) with ESMTP id 9B3BE1360C; Fri, 19 Jan 2001 20:47:14 -0500 (EST) Received: by earth.causticlabs.com (Postfix, from userid 1000) id DE6881F82; Fri, 19 Jan 2001 20:47:07 -0500 (EST) Date: Fri, 19 Jan 2001 20:47:07 -0500 From: Chris Faulhaber To: Mike Heffner Cc: FreeBSD-audit Subject: Re: manctl(8) tempfile fix Message-ID: <20010119204707.A53692@earth.causticlabs.com> Mail-Followup-To: Chris Faulhaber , Mike Heffner , FreeBSD-audit References: <20001201170620.A20094@earth.causticlabs.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from mheffner@vt.edu on Fri, Dec 01, 2000 at 05:52:11PM -0500 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Anyone object to me committing this? On Fri, Dec 01, 2000 at 05:52:11PM -0500, Mike Heffner wrote: > > Alright, I was considering this, but I figured I would leave it how it was, > anyways here's a new patch: > > > --- manctl.sh.orig Fri Dec 1 01:24:35 2000 > +++ manctl.sh Fri Dec 1 17:48:47 2000 > @@ -94,12 +94,13 @@ > else > if [ $2 != "symbolic" ] ; then > echo gunzipping page $pname 1>&2 > - gunzip -c $pname > /tmp/manager.$$ > + temp=`mktemp -t manager` || exit 1 > + gunzip -c $pname > $temp > chmod u+w $pname > - cp /tmp/manager.$$ $pname > + cp $temp $pname > chmod 444 $pname > mv $pname $fname.$sect > - rm /tmp/manager.$$ > + rm -f $temp > else > # skip symlinks - this can be > # a program like expn, which is > @@ -180,11 +181,13 @@ > ln ../$2 $fname > else > echo inlining page $fname 1>&2 > + temp=`mktemp -t manager` || exit 1 > cat $fname | \ > - (cd .. ; soelim ) > /tmp/manager.$$ > + (cd .. ; soelim ) > $temp > chmod u+w $fname > - cp /tmp/manager.$$ $fname > + cp $temp $fname > chmod 444 $fname > + rm -f $temp > fi > } > > @@ -279,13 +282,14 @@ > else > if [ $2 != "symbolic" ] ; then > echo gzipping page $pname 1>&2 > + temp=`mktemp -t manager` || exit 1 > cat $pname | \ > - (cd .. ; soelim )| gzip -c -- > /tmp/manager.$$ > + (cd .. ; soelim )| gzip -c -- > $temp > chmod u+w $pname > - cp /tmp/manager.$$ $pname > + cp $temp $pname > chmod 444 $pname > mv $pname $pname.gz > - rm /tmp/manager.$$ > + rm -f $temp > else > # skip symlink - this can be > # a program like expn, which is > -- Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Jan 19 20:22:14 2001 Delivered-To: freebsd-audit@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id 53BAB37B400 for ; Fri, 19 Jan 2001 20:21:57 -0800 (PST) Received: (from kris@localhost) by citusc17.usc.edu (8.11.1/8.11.1) id f0K4OqB17978; Fri, 19 Jan 2001 20:24:52 -0800 (PST) (envelope-from kris) Date: Fri, 19 Jan 2001 20:24:48 -0800 From: Kris Kennaway To: Chris Faulhaber Cc: Mike Heffner , FreeBSD-audit Subject: Re: manctl(8) tempfile fix Message-ID: <20010119202448.A17925@citusc17.usc.edu> References: <20001201170620.A20094@earth.causticlabs.com> <20010119204707.A53692@earth.causticlabs.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="pf9I7BMVVzbSWLtt" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010119204707.A53692@earth.causticlabs.com>; from jedgar@fxp.org on Fri, Jan 19, 2001 at 08:47:07PM -0500 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --pf9I7BMVVzbSWLtt Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Fri, Jan 19, 2001 at 08:47:07PM -0500, Chris Faulhaber wrote: > Anyone object to me committing this? Nope; looks fine. Kris -- NOTE: To fetch an updated copy of my GPG key which has not expired, finger kris@FreeBSD.org --pf9I7BMVVzbSWLtt Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6aRMQWry0BWjoQKURAmELAJ9eM6HXEc1ReBn7uTgewSsML1JwowCg5bbT ccKZMhdacVqrNoxHszTpS3c= =pTKQ -----END PGP SIGNATURE----- --pf9I7BMVVzbSWLtt-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Jan 19 20:27:42 2001 Delivered-To: freebsd-audit@freebsd.org Received: from peitho.fxp.org (peitho.fxp.org [209.26.95.40]) by hub.freebsd.org (Postfix) with ESMTP id E3E1137B400; Fri, 19 Jan 2001 20:27:24 -0800 (PST) Received: from earth.causticlabs.com (oca-pm3-6-88.hitter.net [207.192.77.88]) by peitho.fxp.org (Postfix) with ESMTP id 1F3AF1360C; Fri, 19 Jan 2001 23:27:21 -0500 (EST) Received: by earth.causticlabs.com (Postfix, from userid 1000) id 59CA81F82; Fri, 19 Jan 2001 23:27:18 -0500 (EST) Date: Fri, 19 Jan 2001 23:27:18 -0500 From: Chris Faulhaber To: Kris Kennaway Cc: freebsd-audit@FreeBSD.ORG Subject: Re: mktemp(1) usage Message-ID: <20010119232718.A54822@earth.causticlabs.com> Mail-Followup-To: Chris Faulhaber , Kris Kennaway , freebsd-audit@FreeBSD.ORG References: <20001209171334.J671@puck.firepipe.net> <20001209150853.A57045@peitho.fxp.org> <20001209171334.J671@puck.firepipe.net> <200012100529.WAA26442@harmony.village.org> <20001212180805.B10901@citusc.usc.edu> <20001212181322.C10901@citusc.usc.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20001212181322.C10901@citusc.usc.edu>; from kris@FreeBSD.ORG on Tue, Dec 12, 2000 at 06:13:22PM -0800 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, Dec 12, 2000 at 06:13:22PM -0800, Kris Kennaway wrote: > On Tue, Dec 12, 2000 at 06:08:05PM -0800, Kris Kennaway wrote: > > On Sat, Dec 09, 2000 at 10:29:50PM -0700, Warner Losh wrote: > > > In message <20001209171334.J671@puck.firepipe.net> Will Andrews writes: > > > : On Sat, Dec 09, 2000 at 03:08:54PM -0500, Chris Faulhaber wrote: > > > : > Would it be more appropriate for scripts such as periodic(8) to > > > : > call mktemp(1) using the -t flag. In addition to using TMPDIR, > > > : > this allows the use of the system's _PATH_TMP instead of > > > : > hardcoding /tmp. > > > : > > > : Maybe that method doesn't use a random enough number to avoid file > > > : races? > > > > > > If it doesn't, then maybe it should, don't you think. But I think it > > > does. We're looking at 8 X's. It would also be a good place to bump > > > it to 10 if we needed to, say. > > > > No need - with the old method of mktemp() encoding you needed more > > than 6 X's to be secure, but with the new dense encoding even 6 is > > fine. Moreover, mktemp(1) is actually mkstemp(1), so there was never > > any problem with it unless you use -u. > > Forgot to mention that the new mktemp() hasn't yet been MFC'ed - it's > in my merge folder but I didn't get time to do it before I left the > US. That should be done before merging any patches which reduce the > number of X's in use. > Any chance this can be MFC'd? -- Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Jan 19 20:36:51 2001 Delivered-To: freebsd-audit@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id AF97A37B69B; Fri, 19 Jan 2001 20:36:33 -0800 (PST) Received: (from kris@localhost) by citusc17.usc.edu (8.11.1/8.11.1) id f0K4deg18200; Fri, 19 Jan 2001 20:39:41 -0800 (PST) (envelope-from kris) Date: Fri, 19 Jan 2001 20:39:39 -0800 From: Kris Kennaway To: "David J. MacKenzie" Cc: markm@FreeBSD.org, jdp@FreeBSD.org, nectar@FreeBSD.org, rwatson@FreeBSD.org, audit@FreeBSD.org Subject: Re: login_access() Message-ID: <20010119203939.C17925@citusc17.usc.edu> References: <20010120042353.C4E1912686@jenkins.web.us.uu.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="2/5bycvrmDh4d1IB" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010120042353.C4E1912686@jenkins.web.us.uu.net>; from djm@web.us.uu.net on Fri, Jan 19, 2001 at 11:23:53PM -0500 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --2/5bycvrmDh4d1IB Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable [ Moving to -audit, which is more on-topic for discussion of security-related code patches] On Fri, Jan 19, 2001 at 11:23:53PM -0500, David J. MacKenzie wrote: > > This sounds like a good way to proceed (well, PAM module first, then > > removal/deprecation). Are you able to submit code to do the former? >=20 > It's been done back in 1997, actually. Linux-PAM comes with a > pam_access module that is a pamified version of that login_access() > function. FreeBSD (-stable) comes with Linux-PAM 0.66, apparently > from 1998. Recent versions (0.72) come with several modules > not included in FreeBSD (-stable), including pam_access. Oh, cool. That sounds like the way to go, then. Some historical background you may not have: we're using an old and cut-down version of PAM because it was audited by John Polstra as part of a commercial contract (and indeed, we haven't had any security problems with the code, that I know of - although this could admittedly just be because it hasn't received enough attention). On the one hand, we need to finish integrating PAM into the system - on the other hand any kind of non-trivial changes to authorization and authentication schemes worry me because of the potential to introduce security holes. If we can find someone PAM-knowledgeable to work with you to carefully review any changes (several candidates are CC'ed on this message), I'd be eager to sponsor you for a commit bit so you can work on this directly. Kris --=20 Note: To fetch an updated copy of my GPG key which has not expired, finger kris@FreeBSD.org --2/5bycvrmDh4d1IB Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6aRaLWry0BWjoQKURAoNCAKCSpVAFcRZtoFeR7ZJ1rQ7/AFPd8QCg/dEA gUEIfeA8/n/1PzQq8m2Ip0I= =hG9w -----END PGP SIGNATURE----- --2/5bycvrmDh4d1IB-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Jan 19 20:56:47 2001 Delivered-To: freebsd-audit@freebsd.org Received: from icicle.winternet.com (icicle.winternet.com [198.174.169.13]) by hub.freebsd.org (Postfix) with ESMTP id 6081937B6A9; Fri, 19 Jan 2001 20:56:30 -0800 (PST) Received: from tundra.winternet.com (nrahlstr@tundra.winternet.com [198.174.169.11]) by icicle.winternet.com (8.9.3/8.9.3mc) with ESMTP id WAA25658; Fri, 19 Jan 2001 22:56:29 -0600 (CST) SMTP "HELO" (ESMTP) greeting from tundra.winternet.com But _really_ from :: nrahlstr@tundra.winternet.com [198.174.169.11] SMTP "MAIL From" = nrahlstr@mail.winternet.com (Nathan Ahlstrom) SMTP "RCPT To" = Received: (from nrahlstr@localhost) by tundra.winternet.com (8.8.7/8.8.4) id WAA14449; Fri, 19 Jan 2001 22:56:28 -0600 (CST) Date: Fri, 19 Jan 2001 22:56:28 -0600 From: Nathan Ahlstrom To: Kris Kennaway Cc: audit@FreeBSD.ORG Subject: Re: m4 patches for review Message-ID: <20010119225628.A14418@winternet.com> References: <20001205170148.A98809@FreeBSD.ORG> <20001206062433.D14433@earth.causticlabs.com> <20001206164138.F4279@winternet.com> <20010119150014.A12361@citusc17.usc.edu> <20010119170151.A13185@winternet.com> <20010119151645.A12764@citusc17.usc.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <20010119151645.A12764@citusc17.usc.edu>; from kris@FreeBSD.ORG on Fri, Jan 19, 2001 at 03:16:45PM -0800 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Kris Kennaway wrote: > On Fri, Jan 19, 2001 at 05:01:52PM -0600, Nathan Ahlstrom wrote: > > > > No. Sorry. The patches I have only sync up with NetBSD. > > Well, that would be a start. Do you think they're commit-ready? I believe the patch is commit-ready, but clearly I am open to suggestions. -- Nathan Ahlstrom / nrahlstr@winternet.com / nra@FreeBSD.org / PGP: 0x67BC9D19 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Jan 19 21:22:38 2001 Delivered-To: freebsd-audit@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id A0C7437B404 for ; Fri, 19 Jan 2001 21:22:20 -0800 (PST) Received: (from kris@localhost) by citusc17.usc.edu (8.11.1/8.11.1) id f0K5PTS18963; Fri, 19 Jan 2001 21:25:29 -0800 (PST) (envelope-from kris) Date: Fri, 19 Jan 2001 21:25:28 -0800 From: Kris Kennaway To: Nathan Ahlstrom Cc: audit@FreeBSD.ORG Subject: Re: m4 patches for review Message-ID: <20010119212528.A18936@citusc17.usc.edu> References: <20001205170148.A98809@FreeBSD.ORG> <20001206062433.D14433@earth.causticlabs.com> <20001206164138.F4279@winternet.com> <20010119150014.A12361@citusc17.usc.edu> <20010119170151.A13185@winternet.com> <20010119151645.A12764@citusc17.usc.edu> <20010119225628.A14418@winternet.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="k+w/mQv8wyuph6w0" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010119225628.A14418@winternet.com>; from nrahlstr@winternet.com on Fri, Jan 19, 2001 at 10:56:28PM -0600 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --k+w/mQv8wyuph6w0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jan 19, 2001 at 10:56:28PM -0600, Nathan Ahlstrom wrote: > Kris Kennaway wrote: > > On Fri, Jan 19, 2001 at 05:01:52PM -0600, Nathan Ahlstrom wrote: > > >=20 > > > No. Sorry. The patches I have only sync up with NetBSD. =20 > >=20 > > Well, that would be a start. Do you think they're commit-ready? >=20 > I believe the patch is commit-ready, but clearly I am open to=20 > suggestions. Okay, cool - I'll take a look. Kris --=20 NOTE: To fetch an updated copy of my GPG key which has not expired, finger kris@FreeBSD.org --k+w/mQv8wyuph6w0 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6aSFIWry0BWjoQKURAh6kAKCGo/HSROoghXhmnmt+30Ap83CWYgCgqqiU GkHCqU2yNdEKbtMUIEQW3ds= =JmYl -----END PGP SIGNATURE----- --k+w/mQv8wyuph6w0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Jan 19 21:25: 0 2001 Delivered-To: freebsd-audit@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id 0818037B401; Fri, 19 Jan 2001 21:24:42 -0800 (PST) Received: (from kris@localhost) by citusc17.usc.edu (8.11.1/8.11.1) id f0K5Rf119026; Fri, 19 Jan 2001 21:27:41 -0800 (PST) (envelope-from kris) Date: Fri, 19 Jan 2001 21:27:41 -0800 From: Kris Kennaway To: Chris Faulhaber , Kris Kennaway , freebsd-audit@FreeBSD.ORG Subject: Re: mktemp(1) usage Message-ID: <20010119212741.B18936@citusc17.usc.edu> References: <20001209171334.J671@puck.firepipe.net> <20001209150853.A57045@peitho.fxp.org> <20001209171334.J671@puck.firepipe.net> <200012100529.WAA26442@harmony.village.org> <20001212180805.B10901@citusc.usc.edu> <20001212181322.C10901@citusc.usc.edu> <20010119232718.A54822@earth.causticlabs.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="5/uDoXvLw7AC5HRs" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010119232718.A54822@earth.causticlabs.com>; from jedgar@fxp.org on Fri, Jan 19, 2001 at 11:27:18PM -0500 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --5/uDoXvLw7AC5HRs Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jan 19, 2001 at 11:27:18PM -0500, Chris Faulhaber wrote: > > Forgot to mention that the new mktemp() hasn't yet been MFC'ed - it's > > in my merge folder but I didn't get time to do it before I left the > > US. That should be done before merging any patches which reduce the > > number of X's in use. > >=20 >=20 > Any chance this can be MFC'd? Yep - in fact it was on my list of things to do tonight. Thanks for the reminder. Kris --=20 NOTE: To fetch an updated copy of my GPG key which has not expired, finger kris@FreeBSD.org --5/uDoXvLw7AC5HRs Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6aSHMWry0BWjoQKURAmUAAKCceQfBvVK6OXf2obvwrAmtMs8A7ACfVyg3 WfXeWhzCDxHFurQrWoKUNwI= =RTLt -----END PGP SIGNATURE----- --5/uDoXvLw7AC5HRs-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sat Jan 20 0:58:51 2001 Delivered-To: freebsd-audit@freebsd.org Received: from gratis.grondar.za (grouter.grondar.za [196.7.18.65]) by hub.freebsd.org (Postfix) with ESMTP id BECE337B402 for ; Sat, 20 Jan 2001 00:58:23 -0800 (PST) Received: from grondar.za (root@gratis.grondar.za [196.7.18.133]) by gratis.grondar.za (8.11.1/8.11.1) with ESMTP id f0K8vjI52337; Sat, 20 Jan 2001 10:57:49 +0200 (SAST) (envelope-from mark@grondar.za) Message-Id: <200101200857.f0K8vjI52337@gratis.grondar.za> To: alex@big.endian.de (Alexander Langer) Cc: audit@FreeBSD.ORG Subject: Re: oinit with compile time option shell/init script References: <20010119103939.A8500@cichlids.cichlids.com> In-Reply-To: <20010119103939.A8500@cichlids.cichlids.com> ; from alex@big.endian.de (Alexander Langer) "Fri, 19 Jan 2001 10:39:40 +0100." Date: Sat, 20 Jan 2001 10:57:54 +0200 From: Mark Murray Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > Hello! > > I'd like to change oinit so that you can give the init-script as > compile-time option. This way it can be abused for other uses as > picobsd. Very spiffy idea! > cvs server: Diffing . > Index: Makefile : > Index: oinit.c : Looks fine to me! M -- Mark Murray Warning: this .sig is umop ap!sdn To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sat Jan 20 1:17: 2 2001 Delivered-To: freebsd-audit@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id 057B237B400 for ; Sat, 20 Jan 2001 01:16:39 -0800 (PST) Received: (from kris@localhost) by citusc17.usc.edu (8.11.1/8.11.1) id f0K9JmD37981 for audit@FreeBSD.org; Sat, 20 Jan 2001 01:19:48 -0800 (PST) (envelope-from kris) Date: Sat, 20 Jan 2001 01:19:48 -0800 From: Kris Kennaway To: audit@FreeBSD.org Subject: openpty(8) helper app Message-ID: <20010120011948.A37806@citusc17.usc.edu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="J/dobhs11T7y2rNN" Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --J/dobhs11T7y2rNN Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable For a long time now I've been wanting to fix openpty(3) to work correctly for non-root users, i.e. to change the ownership and file permissions so that it is secure for non-root callers (presently it's a big security hole than ptys obtained will still be world readable/writable, so applications cannot use them securely). Then I discovered bin/9770, which is a solution to this problem which has existed for almost 2 years :-) Here's the patch - please review carefully: Kris Index: libexec/Makefile =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /mnt/ncvs/src/libexec/Makefile,v retrieving revision 1.44 diff -u -r1.44 Makefile --- libexec/Makefile 2001/01/11 13:01:15 1.44 +++ libexec/Makefile 2001/01/20 08:13:09 @@ -25,6 +25,7 @@ save-entropy \ talkd \ tftpd \ + ttymode \ xtend \ ypxfr =20 Index: lib/libutil/pty.3 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /mnt/ncvs/src/lib/libutil/pty.3,v retrieving revision 1.9 diff -u -r1.9 pty.3 --- lib/libutil/pty.3 2000/04/22 16:16:58 1.9 +++ lib/libutil/pty.3 2001/01/20 08:50:24 @@ -56,6 +56,10 @@ reading and writing by the owner, and for writing by the group, and to invalidate any current use of the line by calling .Xr revoke 2 . +If the calling process does not have an effective UID of super-user, +the auxiliary program +.Xr ttymode 8 +is used to perform the intended actions. .Pp If the argument .Fa name @@ -127,10 +131,10 @@ .Xr login_tty 3 , .Xr pty 4 , .Xr termios 4 , -.Xr group 5 +.Xr group 5 , +.Xr ttymode 8 .Sh BUGS -The calling process must have an effective UID of super-user in order -to perform all the intended actions. No notification will occur if +No notification will occur if .Fn openpty or .Fn forkpty Index: lib/libutil/pty.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /mnt/ncvs/src/lib/libutil/pty.c,v retrieving revision 1.10 diff -u -r1.10 pty.c --- lib/libutil/pty.c 1999/08/28 00:05:51 1.10 +++ lib/libutil/pty.c 2001/01/20 08:49:27 @@ -43,16 +43,61 @@ #include #include #include +#include =20 #include #include #include +#include #include #include #include +#include #include #include =20 +#ifndef _PATH_TTYMODE +#define _PATH_TTYMODE "/usr/libexec/ttymode" +#define NAME_TTYMODE "ttymode" +#endif + + +static int +set_ttymode(ptyname, ptyfd) + char *ptyname; + int ptyfd; +{ + pid_t pid; + int ret, status; + sigset_t oset, nset; +=09 + if (sigemptyset(&nset) =3D=3D -1 || sigaddset(&nset, SIGCHLD) =3D=3D -1 + || sigprocmask(SIG_BLOCK, &nset, &oset) =3D=3D -1) + return -1; + switch(pid =3D fork()) { + case -1: + sigprocmask(SIG_SETMASK, &oset, (sigset_t *)NULL); + return -1; + case 0: + if (dup2(ptyfd, 0) =3D=3D -1) + _exit(1); + execl(_PATH_TTYMODE, NAME_TTYMODE, ptyname, (char *)NULL); + _exit(1); + default: + while ((ret =3D waitpid(pid, &status, 0)) =3D=3D -1 + && errno =3D=3D EINTR) + continue; + sigprocmask(SIG_SETMASK, &oset, (sigset_t *)NULL); + if (ret =3D=3D -1) + return -1; + if (WIFEXITED(status)) + return WEXITSTATUS(status) =3D=3D 0 ? 0 : -1; + else + return -1; + } +} + + int openpty(amaster, aslave, name, termp, winp) int *amaster, *aslave; @@ -79,9 +124,15 @@ if (errno =3D=3D ENOENT) return (-1); /* out of ptys */ } else { - line[5] =3D 't'; - (void) chown(line, getuid(), ttygid); - (void) chmod(line, S_IRUSR|S_IWUSR|S_IWGRP); + if (getuid() =3D=3D 0) { + line[5] =3D 't'; + (void) chown(line, getuid(), ttygid); + (void) chmod(line, + S_IRUSR|S_IWUSR|S_IWGRP); + } else { + (void) set_ttymode(line, master); + line[5] =3D 't'; + } (void) revoke(line); if ((slave =3D open(line, O_RDWR, 0)) !=3D -1) { *amaster =3D master; diff -ruN /dev/null libexec/ttymode/Makefile --- /dev/null Wed Dec 31 16:00:00 1969 +++ libexec/ttymode/Makefile Sat Jan 20 00:28:44 2001 @@ -0,0 +1,10 @@ +# $Id$ + +PROG=3D ttymode +SRCS=3D ttymode.c +MAN8=3D ttymode.8 +COPTS+=3D -Wall + +BINMODE=3D4555 + +.include diff -ruN /dev/null libexec/ttymode/ttymode.8 --- /dev/null Wed Dec 31 16:00:00 1969 +++ libexec/ttymode/ttymode.8 Thu Jan 28 18:09:05 1999 @@ -0,0 +1,54 @@ +.\"=20 +.\" Copyright (c) 1999 Ronald Kuehn +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PUR= POSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUEN= TIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ST= RICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY = WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ +.\"=20 +.Dd January 28, 1999 +.Dt TTYMODE 8 +.Os "FreeBSD 3.0" +.Sh NAME +.Nm ttymode +.Nd set owner, group and mode on pseudo terminals +.Sh SYNOPSIS +.Nm ttymode +.Ar ptyname +.Sh DESCRIPTION +.Nm Ttyname +sets owner, group and mode on pseudo terminals. It is usually called by +.Xr openpty 3 +and is not intended to be used directly. +.Pp +.Sh FILES +.Bl -tag -width /dev/pty[p-sP-S][0-9a-v] -compact +.It Pa /dev/pty[p-sP-S][0-9a-v] +master pseudo terminals +.It Pa /dev/tty[p-sP-S][0-9a-v] +slave pseudo terminals +.El +.Sh SEE ALSO +.Xr openpty 3 , +.Xr forkpty 3 +.Sh AUTHOR +.An Ronald Kuehn Aq rk@ronald.org . diff -ruN /dev/null libexec/ttymode/ttymode.c --- /dev/null Wed Dec 31 16:00:00 1969 +++ libexec/ttymode/ttymode.c Thu Jan 28 18:12:47 1999 @@ -0,0 +1,82 @@ +/*- + * Copyright (c) 1999 Ronald Kuehn + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURP= OSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENT= IAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STR= ICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY W= AY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + */ + +#include +#include + +#include +#include +#include +#include +#include +#include + + +#ifndef lint +static const char cvsid[] =3D + "$Id$"; +#endif + +/*=20 + * This program is expected to be called from openpty(3) from within=20 + * libutil. It is installed setuid root. Beware of the bugs! ;-) + * Descriptor 0 (stdin) is expected to be a valid descriptor on + * "/dev/pty??" (ptyname). If all checks succeed, the corresponding + * "/dev/tty??" is chown()ed to the real user of the calling process. + * The group is set to "tty" and mode 0620 is set. + */ +int +main(int argc, char *argv[]) +{ + gid_t ttygid; + char *name; + struct group *ttygroup; + struct stat fsb, nsb; + + if (argc !=3D 2) { + setuid(getuid()); + fprintf(stderr, "usage: ttymode ptyname\n"); + return EX_USAGE; + } + name =3D argv[1]; + if (strlen(name) !=3D 10 || strncmp(name, "/dev/pty", 8) !=3D 0) + return EX_DATAERR; + if (lstat(name, &nsb) =3D=3D -1 || fstat(0, &fsb) =3D=3D -1) + return EX_DATAERR; + if (nsb.st_dev !=3D fsb.st_dev || nsb.st_ino !=3D fsb.st_ino || + nsb.st_rdev !=3D fsb.st_rdev || !S_ISCHR(fsb.st_mode)) + return EX_DATAERR; + if ((ttygroup =3D getgrnam("tty")) =3D=3D NULL) + ttygid =3D -1; + else + ttygid =3D ttygroup->gr_gid; + name[5] =3D 't'; + (void)chown(name, getuid(), ttygid); + (void)chmod(name, S_IRUSR|S_IWUSR|S_IWGRP); + return EX_OK; +} --J/dobhs11T7y2rNN Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6aVgzWry0BWjoQKURAszgAKCnxfWVAQ9VeKM4BS4KOppv8tD3oQCfUiTB rnXaIyeLFG77msYzjq6LLUU= =DDgZ -----END PGP SIGNATURE----- --J/dobhs11T7y2rNN-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sat Jan 20 2:48:15 2001 Delivered-To: freebsd-audit@freebsd.org Received: from ringworld.nanolink.com (ringworld.nanolink.com [195.24.48.189]) by hub.freebsd.org (Postfix) with SMTP id 2DA6937B400 for ; Sat, 20 Jan 2001 02:46:59 -0800 (PST) Received: (qmail 997 invoked by uid 1000); 20 Jan 2001 10:45:30 -0000 Date: Sat, 20 Jan 2001 12:45:30 +0200 From: Peter Pentchev To: Kris Kennaway Cc: audit@FreeBSD.org Subject: Re: openpty(8) helper app Message-ID: <20010120124530.A332@ringworld.oblivion.bg> Mail-Followup-To: Kris Kennaway , audit@FreeBSD.org References: <20010120011948.A37806@citusc17.usc.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010120011948.A37806@citusc17.usc.edu>; from kris@FreeBSD.org on Sat, Jan 20, 2001 at 01:19:48AM -0800 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sat, Jan 20, 2001 at 01:19:48AM -0800, Kris Kennaway wrote: > For a long time now I've been wanting to fix openpty(3) to work > correctly for non-root users, i.e. to change the ownership and file > permissions so that it is secure for non-root callers (presently it's > a big security hole than ptys obtained will still be world > readable/writable, so applications cannot use them securely). > > Then I discovered bin/9770, which is a solution to this problem which > has existed for almost 2 years :-) > > Here's the patch - please review carefully: > > Kris > [snip] > diff -u -r1.10 pty.c > --- lib/libutil/pty.c 1999/08/28 00:05:51 1.10 > +++ lib/libutil/pty.c 2001/01/20 08:49:27 > @@ -43,16 +43,61 @@ > #include > #include > #include > +#include > > #include > #include > #include > +#include > #include > #include > #include > +#include > #include > #include > > +#ifndef _PATH_TTYMODE > +#define _PATH_TTYMODE "/usr/libexec/ttymode" > +#define NAME_TTYMODE "ttymode" > +#endif Shouldn't _PATH_TTYMODE be also defined in /usr/include/paths.h? G'luck, Peter -- Nostalgia ain't what it used to be. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sat Jan 20 3: 0:36 2001 Delivered-To: freebsd-audit@freebsd.org Received: from gratis.grondar.za (grouter.grondar.za [196.7.18.65]) by hub.freebsd.org (Postfix) with ESMTP id 251AC37B401; Sat, 20 Jan 2001 03:00:14 -0800 (PST) Received: from grondar.za (root@gratis.grondar.za [196.7.18.133]) by gratis.grondar.za (8.11.1/8.11.1) with ESMTP id f0KB01I52565; Sat, 20 Jan 2001 13:00:06 +0200 (SAST) (envelope-from mark@grondar.za) Message-Id: <200101201100.f0KB01I52565@gratis.grondar.za> To: Kris Kennaway Cc: audit@FreeBSD.ORG Subject: Re: openpty(8) helper app References: <20010120011948.A37806@citusc17.usc.edu> In-Reply-To: <20010120011948.A37806@citusc17.usc.edu> ; from Kris Kennaway "Sat, 20 Jan 2001 01:19:48 PST." Date: Sat, 20 Jan 2001 13:00:07 +0200 From: Mark Murray Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > For a long time now I've been wanting to fix openpty(3) to work > correctly for non-root users, i.e. to change the ownership and file > permissions so that it is secure for non-root callers (presently it's > a big security hole than ptys obtained will still be world > readable/writable, so applications cannot use them securely). > > Then I discovered bin/9770, which is a solution to this problem which > has existed for almost 2 years :-) > > Here's the patch - please review carefully: Generally speaking, this is a method that I like very much. Rather than making a family of utils insecure by making them setuid, focus the setuid-needs on the minimum secure setuid applet that you can and have the previously setuid family of apps call the new, focussed app. Modulo the man-pages, this looks very cool. The man pages need to be modernised a bit. I can see a great need (and I have code to do it) to do something very similar to allow passwd(1), chfn(1) etc to be non-setuid. M -- Mark Murray Warning: this .sig is umop ap!sdn To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sat Jan 20 3:12:56 2001 Delivered-To: freebsd-audit@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id D87E137B401 for ; Sat, 20 Jan 2001 03:12:38 -0800 (PST) Received: (from kris@localhost) by citusc17.usc.edu (8.11.1/8.11.1) id f0KBFVJ41424; Sat, 20 Jan 2001 03:15:31 -0800 (PST) (envelope-from kris) Date: Sat, 20 Jan 2001 03:15:31 -0800 From: Kris Kennaway To: Mark Murray Cc: audit@FreeBSD.org Subject: Re: openpty(8) helper app Message-ID: <20010120031531.A41270@citusc17.usc.edu> References: <20010120011948.A37806@citusc17.usc.edu> <200101201100.f0KB01I52565@gratis.grondar.za> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="G4iJoqBmSsgzjUCe" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200101201100.f0KB01I52565@gratis.grondar.za>; from mark@grondar.za on Sat, Jan 20, 2001 at 01:00:07PM +0200 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --G4iJoqBmSsgzjUCe Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Jan 20, 2001 at 01:00:07PM +0200, Mark Murray wrote: > Generally speaking, this is a method that I like very much. Rather than > making a family of utils insecure by making them setuid, focus the > setuid-needs on the minimum secure setuid applet that you can and > have the previously setuid family of apps call the new, focussed > app. Yes, this is actually something which Redhat does fairly well - small, privileged helper applications to handle privileged tasks so that binaries don't have to be run themselves with privilege. It's a direction I'd like to go down as well. > Modulo the man-pages, this looks very cool. The man pages need to > be modernised a bit. I'll pipe the manpage through a doc-boy prior to commit :-) Kris --=20 NOTE: To fetch an updated copy of my GPG key which has not expired, finger kris@FreeBSD.org --G4iJoqBmSsgzjUCe Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6aXNQWry0BWjoQKURAnjYAJ0dfWcvv9lR4AuSGWwF9ZKmqa4vQACeOgMb 41KWUSJaRhYdgAXiF0/a50U= =Ta7E -----END PGP SIGNATURE----- --G4iJoqBmSsgzjUCe-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message