From owner-freebsd-audit Sun Feb 11 4:18:19 2001 Delivered-To: freebsd-audit@freebsd.org Received: from sender.ngi.de (sender.ngi.de [212.79.47.18]) by hub.freebsd.org (Postfix) with ESMTP id 11B0037B401; Sun, 11 Feb 2001 04:17:44 -0800 (PST) Received: from Gatekeeper.FreeBSD.org (kol2-3e366baf.pool.mediaWays.net [62.54.107.175]) by sender.ngi.de (Postfix) with ESMTP id 1316C96D15; Sun, 11 Feb 2001 13:01:12 +0100 (CET) Received: from StefanEsser.FreeBSD.org (StefanEsser [10.0.0.1]) by Gatekeeper.FreeBSD.org (Postfix) with ESMTP id 5952D5; Sun, 11 Feb 2001 13:16:59 +0100 (CET) Received: by StefanEsser.FreeBSD.org (Postfix, from userid 200) id CF286147B; Sun, 11 Feb 2001 13:20:31 +0100 (CET) Date: Sun, 11 Feb 2001 13:20:31 +0100 From: Stefan Esser To: Peter Wemm Cc: Poul-Henning Kamp , Maxime Henrion , freebsd-hackers@FreeBSD.ORG, Matt Dillon , Greg Black , Stefan Esser , FreeBSD-Audit@FreeBSD.ORG Subject: [Patches] mount -o softdep (was: Re: soft updates and qmail (RE: qmail IO problems)) Message-ID: <20010211132031.A1735@StefanEsser.FreeBSD.org> Reply-To: Stefan Esser References: <1192.981551707@critter> <200102071320.f17DKZt59823@mobile.wemm.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200102071320.f17DKZt59823@mobile.wemm.org>; from peter@netplex.com.au on Wed, Feb 07, 2001 at 05:20:35AM -0800 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On 2001-02-07 05:20 -0800, Peter Wemm wrote: [ Follow-ups to the FreeBSD-Audit mail list only, please ... ] > Poul-Henning Kamp wrote: > > In message <200102071312.f17DCHt59672@mobile.wemm.org>, Peter Wemm writes: > > >So that fsck(8) can see what mode the FS *was* mounted in last time. That > > >bears no relationship to fstab or the current options. > > > > Right, so if mounting in softupdates mode updates the superblock to > > set the softupdates flag, why wouldn't that work ? > > It would work fine, but Kirk told me not to bother submitting patches > because he had something else in mind (or at least, that's the way I > interpreted the mail). I created patches that do just that (mount -o softdep performs a soft-updates mount and updates the superblock softdep flag) back in June 2000 and sent them to Kirk, who then agreed that this was the way to go, when the problems with memory and disk resource usage of soft-updates writes were solved (the missing limits on the amount of dirty buffers and the delayed freeing of disk blocks after a file is removed). Both of these points seem to have been resolved, meanwhile, and I do not see any reason, not to enable soft-updates by default and to provide a mount option that disables soft-updates per filesystem. ( For reference, see the FreeBSD-Arch archive for the full message: Message-Id: <200006282051.NAA05776@beastie.mckusick.com> To: arch@freebsd.org Subject: Re: Soft updates mount change Cc: Stefan Esser Date: Wed, 28 Jun 2000 13:51:00 -0700 From: Kirk McKusick That message includes my mail to Kirk, where I describe the diffs and my reasoning, why it should be done that way ... ) The following diffs are patches to all components (kernel, mount programs) except for the required additions to the mount_ufs man page. I have been running a patched kernel on sevreal systems for more than a half year with no problems at all ... Regards, STefan PS: The diffs that I append assume softdep OFF by default, which is what I have used and tested. I can easily rework that code to assume softdep ON and will start to implement and test that version. The logic will remain unchanged, so this code should be near enough to the final code to be suitable for review. Index: sbin/mount/mntopts.h =================================================================== RCS file: /usr/cvs/src/sbin/mount/mntopts.h,v retrieving revision 1.17 diff -u -3 -r1.17 mntopts.h --- sbin/mount/mntopts.h 2000/07/06 01:50:05 1.17 +++ sbin/mount/mntopts.h 2000/08/03 19:36:36 @@ -57,6 +57,7 @@ #define MOPT_NOCLUSTERW { "clusterw", 1, MNT_NOCLUSTERW, 0 } #define MOPT_SUIDDIR { "suiddir", 0, MNT_SUIDDIR, 0 } #define MOPT_SNAPSHOT { "snapshot", 0, MNT_SNAPSHOT, 0 } +#define MOPT_SOFTDEP { "softdep", 0, MNT_SOFTDEP, 0 } /* Control flags. */ #define MOPT_FORCE { "force", 0, MNT_FORCE, 0 } Index: sbin/mount/mount.c =================================================================== RCS file: /usr/cvs/src/sbin/mount/mount.c,v retrieving revision 1.41 diff -u -3 -r1.41 mount.c --- sbin/mount/mount.c 2000/11/22 17:54:56 1.41 +++ sbin/mount/mount.c 2000/11/24 22:57:46 @@ -742,6 +742,7 @@ if (flags & MNT_NOCLUSTERW) res = catopt(res, "noclusterw"); if (flags & MNT_NOSYMFOLLOW) res = catopt(res, "nosymfollow"); if (flags & MNT_SUIDDIR) res = catopt(res, "suiddir"); + if (flags & MNT_SOFTDEP) res = catopt(res, "softdep"); return res; } Index: sbin/mount/mount_ufs.c =================================================================== RCS file: /usr/cvs/src/sbin/mount/mount_ufs.c,v retrieving revision 1.20 diff -u -3 -r1.20 mount_ufs.c --- sbin/mount/mount_ufs.c 2001/01/25 20:03:38 1.20 +++ sbin/mount/mount_ufs.c 2001/01/27 10:27:06 @@ -67,6 +67,7 @@ MOPT_SYNC, MOPT_UPDATE, MOPT_SNAPSHOT, + MOPT_SOFTDEP, { NULL } }; Index: sys/ufs/ffs/ffs_softdep.c =================================================================== RCS file: /usr/cvs/src/sys/ufs/ffs/ffs_softdep.c,v retrieving revision 1.84 diff -u -3 -r1.84 ffs_softdep.c --- sys/ufs/ffs/ffs_softdep.c 2001/02/04 16:08:18 1.84 +++ sys/ufs/ffs/ffs_softdep.c 2001/02/04 19:23:31 @@ -1063,7 +1063,7 @@ int error, cyl; mp->mnt_flag &= ~MNT_ASYNC; - mp->mnt_flag |= MNT_SOFTDEP; + fs->fs_flags |= FS_DOSOFTDEP; /* * When doing soft updates, the counters in the * superblock may have gotten out of sync, so we have Index: sys/ufs/ffs/ffs_softdep_stub.c =================================================================== RCS file: /usr/cvs/src/sys/ufs/ffs/ffs_softdep_stub.c,v retrieving revision 1.15 diff -u -3 -r1.15 ffs_softdep_stub.c --- sys/ufs/ffs/ffs_softdep_stub.c 2000/12/17 23:59:56 1.15 +++ sys/ufs/ffs/ffs_softdep_stub.c 2000/12/18 10:40:13 @@ -71,6 +71,7 @@ struct fs *fs; struct ucred *cred; { + mp->mnt_flag &= ~MNT_SOFTDEP; return (0); } Index: sys/ufs/ffs/ffs_vfsops.c =================================================================== RCS file: /usr/cvs/src/sys/ufs/ffs/ffs_vfsops.c,v retrieving revision 1.138 diff -u -3 -r1.138 ffs_vfsops.c --- sys/ufs/ffs/ffs_vfsops.c 2001/02/09 06:11:33 1.138 +++ sys/ufs/ffs/ffs_vfsops.c 2001/02/10 08:06:19 @@ -177,6 +177,13 @@ ump = VFSTOUFS(mp); fs = ump->um_fs; devvp = ump->um_devvp; + if (fs->fs_ronly == 0) { + if (fs->fs_flags & FS_DOSOFTDEP) { + mp->mnt_flag |= MNT_SOFTDEP; + } else { + mp->mnt_flag &= ~MNT_SOFTDEP; + } + } if (fs->fs_ronly == 0 && (mp->mnt_flag & MNT_RDONLY)) { if ((error = vn_start_write(NULL, &mp, V_WAIT)) != 0) return (error); @@ -242,7 +249,7 @@ return (error); } /* check to see if we need to start softdep */ - if ((fs->fs_flags & FS_DOSOFTDEP) && + if ((mp->mnt_flag & MNT_SOFTDEP) && (error = softdep_mount(devvp, mp, fs, p->p_ucred))){ vn_finished_write(mp); return (error); @@ -602,6 +609,9 @@ error = EROFS; /* needs translation */ goto out; } + /* clear softdep flag in superblock, if not a softdep mount */ + if ((mp->mnt_flag & MNT_SOFTDEP) == 0) + fs->fs_flags &= ~FS_DOSOFTDEP; ump = malloc(sizeof *ump, M_UFSMNT, M_WAITOK | M_ZERO); ump->um_malloctype = malloctype; ump->um_i_effnlink_valid = 1; @@ -689,7 +699,7 @@ if (fs->fs_maxfilesize > maxfilesize) /* XXX */ fs->fs_maxfilesize = maxfilesize; /* XXX */ if (ronly == 0) { - if ((fs->fs_flags & FS_DOSOFTDEP) && + if ((mp->mnt_flag & MNT_SOFTDEP) && (error = softdep_mount(devvp, mp, fs, cred)) != 0) { free(fs->fs_csp, M_UFSMNT); goto out; Index: sys/kern/vfs_syscalls.c =================================================================== RCS file: /usr/cvs/src/sys/kern/vfs_syscalls.c,v retrieving revision 1.176 diff -u -3 -r1.176 vfs_syscalls.c --- sys/kern/vfs_syscalls.c 2001/02/09 06:09:52 1.176 +++ sys/kern/vfs_syscalls.c 2001/02/10 08:05:44 @@ -280,11 +280,11 @@ mp->mnt_flag &=~ (MNT_NOSUID | MNT_NOEXEC | MNT_NODEV | MNT_SYNCHRONOUS | MNT_UNION | MNT_ASYNC | MNT_NOATIME | MNT_NOSYMFOLLOW | MNT_IGNORE | - MNT_NOCLUSTERR | MNT_NOCLUSTERW | MNT_SUIDDIR); + MNT_NOCLUSTERR | MNT_NOCLUSTERW | MNT_SUIDDIR | MNT_SOFTDEP); mp->mnt_flag |= SCARG(uap, flags) & (MNT_NOSUID | MNT_NOEXEC | MNT_NODEV | MNT_SYNCHRONOUS | MNT_UNION | MNT_ASYNC | MNT_FORCE | MNT_NOSYMFOLLOW | MNT_IGNORE | - MNT_NOATIME | MNT_NOCLUSTERR | MNT_NOCLUSTERW | MNT_SUIDDIR); + MNT_NOATIME | MNT_NOCLUSTERR | MNT_NOCLUSTERW | MNT_SUIDDIR | MNT_SOFTDEP); /* * Mount the filesystem. * XXX The final recipients of VFS_MOUNT just overwrite the ndp they To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sun Feb 11 6: 1:15 2001 Delivered-To: freebsd-audit@freebsd.org Received: from mobile.wemm.org (c1315225-a.plstn1.sfba.home.com [65.0.135.147]) by hub.freebsd.org (Postfix) with ESMTP id 0347A37B401; Sun, 11 Feb 2001 06:01:10 -0800 (PST) Received: from netplex.com.au (localhost [127.0.0.1]) by mobile.wemm.org (8.11.1/8.11.1) with ESMTP id f1BE19U36962; Sun, 11 Feb 2001 06:01:09 -0800 (PST) (envelope-from peter@netplex.com.au) Message-Id: <200102111401.f1BE19U36962@mobile.wemm.org> X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4 To: Stefan Esser Cc: Poul-Henning Kamp , Maxime Henrion , freebsd-hackers@FreeBSD.org, Matt Dillon , Greg Black , FreeBSD-Audit@FreeBSD.org Subject: Re: [Patches] mount -o softdep (was: Re: soft updates and qmail (RE: qmail IO problems)) In-Reply-To: <20010211132031.A1735@StefanEsser.FreeBSD.org> Date: Sun, 11 Feb 2001 06:01:09 -0800 From: Peter Wemm Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Stefan Esser wrote: > On 2001-02-07 05:20 -0800, Peter Wemm wrote: > [ Follow-ups to the FreeBSD-Audit mail list only, please ... ] > > Poul-Henning Kamp wrote: > > > In message <200102071312.f17DCHt59672@mobile.wemm.org>, Peter Wemm writes : > > > >So that fsck(8) can see what mode the FS *was* mounted in last time. Tha t > > > >bears no relationship to fstab or the current options. > > > > > > Right, so if mounting in softupdates mode updates the superblock to > > > set the softupdates flag, why wouldn't that work ? > > > > It would work fine, but Kirk told me not to bother submitting patches > > because he had something else in mind (or at least, that's the way I > > interpreted the mail). > > I created patches that do just that (mount -o softdep performs > a soft-updates mount and updates the superblock softdep flag) > back in June 2000 and sent them to Kirk, who then agreed that > this was the way to go, when the problems with memory and disk > resource usage of soft-updates writes were solved (the missing > limits on the amount of dirty buffers and the delayed freeing > of disk blocks after a file is removed). Both of these points > seem to have been resolved, meanwhile, and I do not see any > reason, not to enable soft-updates by default and to provide a > mount option that disables soft-updates per filesystem. > > ( For reference, see the FreeBSD-Arch archive for the full message: > > Message-Id: <200006282051.NAA05776@beastie.mckusick.com> > To: arch@freebsd.org > Subject: Re: Soft updates mount change > Cc: Stefan Esser > Date: Wed, 28 Jun 2000 13:51:00 -0700 > From: Kirk McKusick > > That message includes my mail to Kirk, where I describe the > diffs and my reasoning, why it should be done that way ... ) > > The following diffs are patches to all components (kernel, mount > programs) except for the required additions to the mount_ufs man > page. > > I have been running a patched kernel on sevreal systems for more > than a half year with no problems at all ... > > Regards, STefan I like this a lot! It is exactly what we need. Cheers, -Peter -- Peter Wemm - peter@FreeBSD.org; peter@yahoo-inc.com; peter@netplex.com.au "All of this is for nothing if we don't go to the stars" - JMS/B5 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sun Feb 11 8:30:58 2001 Delivered-To: freebsd-audit@freebsd.org Received: from harmony.village.org (rover.village.org [204.144.255.66]) by hub.freebsd.org (Postfix) with ESMTP id 357A437B401; Sun, 11 Feb 2001 08:30:54 -0800 (PST) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.11.1/8.11.1) with ESMTP id f1BGUrW23037; Sun, 11 Feb 2001 09:30:53 -0700 (MST) (envelope-from imp@harmony.village.org) Message-Id: <200102111630.f1BGUrW23037@harmony.village.org> To: audit@freebsd.org, peter@freebsd.org, bde@freebsd.org Subject: kmod.mk patches to fix excessive recompiling Date: Sun, 11 Feb 2001 09:30:53 -0700 From: Warner Losh Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG For a long time I've noticed that too many things recompile in the modules when I rebuild after a cvs update. I've tracked the problem down now. kmod.mk puts @ and machine as dependencies for all the sources. This is done to ensure that the link exists, but for no other reasons. However, when the link does exist, the directory mod time comes into consideration (that directory is the target of the symlink). So, whenever $S or $S/$MACHINE/include changes, all files are rebuilt inn the modules tree. My laptop is only a 300MHz Pentium, so this can take longer than my attention span. Please find enclosed patches that fix this problem. They just add checks to see if the files don't exist before making them a dependency. This works well for me and so I'm sharing it with the world. The prime motivator to finding this problem was vi dumped core in src/sys and that caused all the modules to recompile. Needless to say, this ticked me off enough to fix this problem (but strangely, not enough to upgrade my laptop's userland to fix vi :-). Warner Index: kmod.mk =================================================================== RCS file: /home/imp/FreeBSD/CVS/src/sys/conf/kmod.mk,v retrieving revision 1.90 diff -u -r1.90 kmod.mk --- kmod.mk 2001/01/28 21:24:05 1.90 +++ kmod.mk 2001/02/11 16:25:20 @@ -158,7 +158,14 @@ .MAIN: all all: objwarn ${PROG} all-man _SUBDIR -beforedepend ${OBJS}: ${_ILINKS} +beforedepend ${OBJS}: +.if !exists(@) +beforedepend ${OBJS}: @ +.endif +.if !exists(machine) +beforedepend ${OBJS}: machine +.endif + # Search for kernel source tree in standard places. .for _dir in ${.CURDIR}/../.. ${.CURDIR}/../../.. /sys /usr/src/sys @@ -269,7 +276,9 @@ .for _src in ${SRCS:M${_srcsrc:T:R}.${_ext}} CLEANFILES+= ${_src} .if !target(${_src}) +.if !exists(@) ${_src}: @ +.endif .if exists(@) ${_src}: @/kern/makeobjops.pl @/${_srcsrc} .endif @@ -282,7 +291,9 @@ .for _ext in c h .if ${SRCS:Mvnode_if.${_ext}} != "" CLEANFILES+= vnode_if.${_ext} +.if !exists(@) vnode_if.${_ext}: @ +.endif .if exists(@) vnode_if.${_ext}: @/kern/vnode_if.pl @/kern/vnode_if.src .endif To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sun Feb 11 13:39:25 2001 Delivered-To: freebsd-audit@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 926B937B401; Sun, 11 Feb 2001 13:39:18 -0800 (PST) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.11.1/8.11.1) with SMTP id f1BLcJh78866; Sun, 11 Feb 2001 16:38:19 -0500 (EST) (envelope-from robert@fledge.watson.org) Date: Sun, 11 Feb 2001 16:38:18 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org To: arch@FreeBSD.org, freebsd-audit@FreeBSD.org, trustedbsd-discuss@TrustedBSD.org Subject: Import of additional kernel ACL support, 0.5.2 ACL release Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG (Blatant cross-posting detected by author, sending anyway) The TrustedBSD ACL implementation is now up to release 0.5.2 and appears to be relatively stable when in use. There are several components to the ACL implementation: - Kernel interfaces (ACL system call interface, and VFS interface) - Kernel generics (POSIX.1e evaluation routines, syscall->VFS wrappers/locking/name lookup) - Kernel UFS implementation mapping ACLs into extended attributes - Userland library (acl* in libposix1e) - Userland utilities (getfacl, setfacl) Right now, the userland library (part of libposix1e) is in the base source tree, as are the kernel interfaces (system call and VFS). The userland utilities are now reaching maturity thanks to efforts by Chris Faulhaber, and the libraries are also reach maturity with the help of Chris Faulhaber and Brian Feldman. The next two components I'd like to import are the userland utilities, and the kernel generics. These are relatively mature, and accurately implement the majority of the desirable POSIX.1e and POSIX.2c specs (library and tools respecively). This will allow us to start using ACLs on synthetic file systems, such as sysctlfs and devfs, by providing common evaluation functions in kern_acl.c. Before I import these, I would like it if there could be a fairly thorough review of correctness of the evaluation code in kern_acl.c (in particular, the access control portions that replace the standard vaccess() on file systems providing ACLs). It is very important to me, and I'm sure others, that I do not introduce weaknesses through incorrect implementation :-), and that it comply with the POSIX.1e draft spec so that portable tools supporting ACLs function correctly. The files I intend to commit are src/sys/kern_acl.c and src/sys/sys/acl.h; both exist in -CURRENT right now, but kern_acl.c is largely a stub. There are minor updates to acl.h to reflect the new support functions exported from kern_acl.c. For a copy of the POSIX.1e spec and related documents, see the URLs inside the 0.5.2 tarball, in the references directory. I do not plan to import the UFS/FFS implementation until the extended attribute implementation is more mature -- this is work that we're currently identifying funding for and hope to have underway by summer. These improvements will include a block-level implementation of extended attributes, which will offer higher performance and tighter integration in FFS and with regards to softupdates. The existing implementation on top of current extended attributes appears to work correctly, but it's performance leaves something to be desired. You can grab the complete ACL distribution from: http://www.TrustedBSD.org/downloads/ The 0.5.2 distribution is now online and available for download, and should apply against a recent -CURRENT (although you probably want to avoid the SMP instabilities from yesterday, and brief lc* stuff today). Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sun Feb 11 16:25:36 2001 Delivered-To: freebsd-audit@freebsd.org Received: from mail.gmx.net (pop.gmx.de [194.221.183.20]) by hub.freebsd.org (Postfix) with SMTP id B5C7537B401 for ; Sun, 11 Feb 2001 16:25:32 -0800 (PST) Received: (qmail 30876 invoked by uid 0); 12 Feb 2001 00:25:31 -0000 Received: from pc19ebf2c.dip.t-dialin.net (HELO forge.local) (193.158.191.44) by mail.gmx.net (mail06) with SMTP; 12 Feb 2001 00:25:31 -0000 Received: from thomas by forge.local with local (Exim 3.20 #1) id 14S6o2-0004TG-00 for ; Mon, 12 Feb 2001 01:25:26 +0100 Date: Mon, 12 Feb 2001 01:25:26 +0100 From: Thomas Moestl To: freebsd-audit@freebsd.org Subject: patches to remove setgid kmem from dmesg Message-ID: <20010212012526.A17006@crow.dom2ip.de> Mail-Followup-To: Thomas Moestl , freebsd-audit@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi, here is yet another set of patches for setgid kmem removal. This modifies dmesg to use the sysctl interface if neither the -M nor the -N option is specified on the command line. Otherwise, libkvm is used as before, so this should not break crash dump analysis with dmesg. I have removed the code that drops the setgid gid, so the executable should not be installed with a setgid bit any more. Again, I needed to modify the kernel. The sysctl that exports the message buffer, machdep.msgbuf, was only implemented for i386. I have moved this to kern/subr_prf.c, and renamed it to kern.msgbuf. machdep.clear_msgbuf was also moved, and a CTLFLAG_SECURE was added, meaning that the message buffer cannot be cleared this way when the securelevel is raised (of course, this does not prevent an attacker to remove log messages from the msgbuf, he could still do actions that cause logging until the message was overwritten with new data, but I still think that does not harm to have this flag set). I also have changed the kern.msgbuf behaviour to start to output at msg_bufx (the write pointer of the ring buffer), and not at msg_bufr (the read pointer that is used for /dev/klog read handling). The previous behaviour could cause new lines to be displayed before old ones and was IMHO broken. I would appreciate if somebody could test this on the alpha, because of the code moved from i386 machdep sections into the common files. It should not be problematic, though. Also, if somebody knows a place where machdep.msgbuf was used, please speak up! The new patches are at: - for dmesg: http://www.tu-bs.de/~y0015675/dmesg.diff - for the kernel: http://www.tu-bs.de/~y0015675/sysctl3.diff The previously posted systat patches are at: - for systat: http://www.tu-bs.de/~y0015675/systat.diff - for the kernel: http://www.tu-bs.de/~y0015675/sysctl2.diff The previously posted top patches are at: - for top: http://www.tu-bs.de/~y0015675/top.diff - for libkvm: http://www.tu-bs.de/~y0015675/libkvm.diff - for the kernel: http://www.tu-bs.de/~y0015675/sysctl.diff Could these patches please be reviewed and, if OK, commited? Thanks, - thomas To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sun Feb 11 18:45: 1 2001 Delivered-To: freebsd-audit@freebsd.org Received: from mailman.zeta.org.au (mailman.zeta.org.au [203.26.10.16]) by hub.freebsd.org (Postfix) with ESMTP id 77E5937B401; Sun, 11 Feb 2001 18:44:56 -0800 (PST) Received: from bde.zeta.org.au (bde.zeta.org.au [203.2.228.102]) by mailman.zeta.org.au (8.9.3/8.8.7) with ESMTP id NAA27393; Mon, 12 Feb 2001 13:44:47 +1100 Date: Mon, 12 Feb 2001 13:44:22 +1100 (EST) From: Bruce Evans X-Sender: bde@besplex.bde.org To: Warner Losh Cc: audit@freebsd.org, peter@freebsd.org, bde@freebsd.org Subject: Re: kmod.mk patches to fix excessive recompiling In-Reply-To: <200102111630.f1BGUrW23037@harmony.village.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sun, 11 Feb 2001, Warner Losh wrote: > For a long time I've noticed that too many things recompile in the > modules when I rebuild after a cvs update. I've tracked the problem > down now. > > kmod.mk puts @ and machine as dependencies for all the sources. This > is done to ensure that the link exists, but for no other reasons. > However, when the link does exist, the directory mod time comes into > consideration (that directory is the target of the symlink). So, > whenever $S or $S/$MACHINE/include changes, all files are rebuilt inn > the modules tree. My laptop is only a 300MHz Pentium, so this can > take longer than my attention span. Interesting bug (not just because I wrote it :-). I usually use cp instead of ln -s in Makefiles so that I don't have to think about symlink misbehaviour, but this doesn't work for directories. > Index: kmod.mk > =================================================================== > RCS file: /home/imp/FreeBSD/CVS/src/sys/conf/kmod.mk,v > retrieving revision 1.90 > diff -u -r1.90 kmod.mk > --- kmod.mk 2001/01/28 21:24:05 1.90 > +++ kmod.mk 2001/02/11 16:25:20 > @@ -158,7 +158,14 @@ > .MAIN: all > all: objwarn ${PROG} all-man _SUBDIR > > -beforedepend ${OBJS}: ${_ILINKS} > +beforedepend ${OBJS}: > +.if !exists(@) > +beforedepend ${OBJS}: @ > +.endif > +.if !exists(machine) > +beforedepend ${OBJS}: machine > +.endif This should loop over ${_ILINKS}. > + Extra blank line. Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sun Feb 11 19:41:10 2001 Delivered-To: freebsd-audit@freebsd.org Received: from harmony.village.org (rover.village.org [204.144.255.66]) by hub.freebsd.org (Postfix) with ESMTP id D5C5137B401; Sun, 11 Feb 2001 19:41:07 -0800 (PST) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.11.1/8.11.1) with ESMTP id f1C3f2W25906; Sun, 11 Feb 2001 20:41:03 -0700 (MST) (envelope-from imp@harmony.village.org) Message-Id: <200102120341.f1C3f2W25906@harmony.village.org> To: Bruce Evans Subject: Re: kmod.mk patches to fix excessive recompiling Cc: audit@freebsd.org, peter@freebsd.org, bde@freebsd.org In-reply-to: Your message of "Mon, 12 Feb 2001 13:44:22 +1100." References: Date: Sun, 11 Feb 2001 20:41:02 -0700 From: Warner Losh Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In message Bruce Evans writes: : > -beforedepend ${OBJS}: ${_ILINKS} : > +beforedepend ${OBJS}: Won't this be extra too? : > +.if !exists(@) : > +beforedepend ${OBJS}: @ : > +.endif : > +.if !exists(machine) : > +beforedepend ${OBJS}: machine : > +.endif : : This should loop over ${_ILINKS}. Hmmm... Something like replacing all of the above with .for _l in ${_ILINKS} .if !exists($_l) beforedepend ${OBJS}: $_l .endif .endfor : > + : : Extra blank line. Thanks. This is the coolest make bug I've seen in a long time. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Feb 12 8:39:38 2001 Delivered-To: freebsd-audit@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 3037237B491; Mon, 12 Feb 2001 08:39:34 -0800 (PST) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.11.1/8.11.1) with SMTP id f1CGdXh90085; Mon, 12 Feb 2001 11:39:33 -0500 (EST) (envelope-from robert@fledge.watson.org) Date: Mon, 12 Feb 2001 11:39:33 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org To: freebsd-audit@freebsd.org, dillon@freebsd.org Cc: Thomas Moestl Subject: Re: patch to remove setgid kmem from top In-Reply-To: <20010202015844.A1246@crow.dom2ip.de> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Other than Kris's comment regarding lastpid/nextpid semantics, I was wondering if there were any further reviews based on the diffs for these changes themselves. If not, I'd like to go ahead and commit them. In particular here, I'm looking for a review and final OK of the swap-related changes from Matt, since I have approximating zero vm-clue, and whether anyone knows anything about the current contrib status of the top command -- is it externally maintained, is it OK to commit to it and possibly pull things off a vendor branch, if any? I'm going to go ahead and commit the SYSCTL addition of exporting lastpid now, as that seems fine to me :-). Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services On Fri, 2 Feb 2001, Thomas Moestl wrote: > Hi, > > I have prepared a set of patches that allow running top as an ordinary > user without setgid kmem. > > As this is somehow security related (and because I would like this > patches to be reviewed), I'm posting to -audit. Please give me a > pointer if you feel that this is the wrong forum. > > All information top needs is now read via the sysctl interface. > > One sysctl, kern.lastpid, had to be added for this. It exports the > nextpid variable, which reflects the highest PID used up to now. > This information was given away before by top. It could allow > discovering a PID before the corresponding process is run for the > first time (but after the fork call started when randompid is enabled). > I don't think that this is a security issue (there are other ways to > discover PIDs after all, unless with restrict e.g. ps). > > Another thing that needed to be changed is the libkvm kvm_getswapinfo() > call that made heavy use of kvm_read. I have changed the kernel to > do per swap area accounting (as discussed on -hackers), and have > exported this information via the vm.nswapdev sysctl (number of swap > areas) and the vm.swapdevX nodes (where X is the device), which > contain the MIBs dev, nblks, used and flags. > > A patch to libkvm makes use of these new sysctls in the case of "live" > kernels, and changes the dump case so that the information gathered > in the kernel is used instead of walking the radix tree. A side effect > of this change is that kvm_getswapinfo() is faster now in the general > case. If the SWIF_DUMP_TREE flag is given (pstat -ss does this), the > radix tree walker, which still uses kvm_read in any case, is invoked, > but I don't think that this information needs to be exported for > ordinary users. > > The changes are split into three diffs: > - for top: http://www.tu-bs.de/~y0015675/top.diff > - for libkvm: http://www.tu-bs.de/~y0015675/libkvm.diff > - for the kernel: http://www.tu-bs.de/~y0015675/sysctl.diff > (I don't want to post the patch files if not necessary, they are a bit > large for that). > > Could someone please review these patches, and if they are OK, commit > them? > > Thanks, > - thomas > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-audit" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Feb 12 9:48:52 2001 Delivered-To: freebsd-audit@freebsd.org Received: from mail.gmx.net (pop.gmx.de [194.221.183.20]) by hub.freebsd.org (Postfix) with SMTP id 8437237B4EC for ; Mon, 12 Feb 2001 09:48:49 -0800 (PST) Received: (qmail 21319 invoked by uid 0); 12 Feb 2001 17:48:47 -0000 Received: from pc19ebfad.dip.t-dialin.net (HELO forge.local) (193.158.191.173) by mail.gmx.net (mail04) with SMTP; 12 Feb 2001 17:48:47 -0000 Received: from thomas by forge.local with local (Exim 3.20 #1) id 14SN5i-00008g-00; Mon, 12 Feb 2001 18:48:46 +0100 Date: Mon, 12 Feb 2001 18:48:46 +0100 From: Thomas Moestl To: Robert Watson Cc: freebsd-audit@freebsd.org Subject: Re: patch to remove setgid kmem from top Message-ID: <20010212184845.A419@crow.dom2ip.de> Mail-Followup-To: Thomas Moestl , Robert Watson , freebsd-audit@freebsd.org References: <20010202015844.A1246@crow.dom2ip.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from rwatson@freebsd.org on Mon, Feb 12, 2001 at 11:39:33AM -0500 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Mon, Feb 12, 2001 at 11:39:33AM -0500, Robert Watson wrote: > In particular here, I'm looking for a review and final OK of the > swap-related changes from Matt, since I have approximating zero vm-clue, I have discussed the changes in principle with Matt on -hackers some time ago, but I don't know whether he has seen the diff. > and whether anyone knows anything about the current contrib status of the > top command -- is it externally maintained, is it OK to commit to it and > possibly pull things off a vendor branch, if any? AFAIK, the machine-dependent parts in usr.bin/top/ are not externally maintained. I only modify these sources, and leave contrib/top/ alone. Just one question: when did you download the diffs? I have (slightly) updated top.diff, dmesg.diff tonight and systat.diff today (mostly style fixes, and a fix for a bug in systat that was not introduced by me), and I would of course like the newest versions to be used. The kernel diffs were not updated recently. - thomas To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Feb 12 9:57:18 2001 Delivered-To: freebsd-audit@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 33C9F37B69B for ; Mon, 12 Feb 2001 09:57:14 -0800 (PST) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.11.1/8.11.1) with SMTP id f1CHv8h91033; Mon, 12 Feb 2001 12:57:09 -0500 (EST) (envelope-from robert@fledge.watson.org) Date: Mon, 12 Feb 2001 12:57:08 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org To: Thomas Moestl Cc: freebsd-audit@freebsd.org Subject: Re: patch to remove setgid kmem from top In-Reply-To: <20010212184845.A419@crow.dom2ip.de> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Mon, 12 Feb 2001, Thomas Moestl wrote: > On Mon, Feb 12, 2001 at 11:39:33AM -0500, Robert Watson wrote: > > In particular here, I'm looking for a review and final OK of the > > swap-related changes from Matt, since I have approximating zero vm-clue, > I have discussed the changes in principle with Matt on -hackers some > time ago, but I don't know whether he has seen the diff. Yeah, I saw the discussion, but figured a direct "heads up and check this" wouldn't be a bad idea. :-) > > and whether anyone knows anything about the current contrib status of the > > top command -- is it externally maintained, is it OK to commit to it and > > possibly pull things off a vendor branch, if any? > AFAIK, the machine-dependent parts in usr.bin/top/ are not externally > maintained. I only modify these sources, and leave contrib/top/ alone. Ok, sounds good. > Just one question: when did you download the diffs? I have (slightly) > updated top.diff, dmesg.diff tonight and systat.diff today (mostly style > fixes, and a fix for a bug in systat that was not introduced by me), and > I would of course like the newest versions to be used. The kernel diffs > were not updated recently. I'll update my local copies; I was going to limit myself to committing the simpler kernel bits until I got final approval from various quarters. I'm eager to get these changes into the tree, needless to say :-). Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Feb 12 17:58:48 2001 Delivered-To: freebsd-audit@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 6B25637B491 for ; Mon, 12 Feb 2001 17:58:45 -0800 (PST) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.11.1/8.11.1) with SMTP id f1D1wih98609 for ; Mon, 12 Feb 2001 20:58:44 -0500 (EST) (envelope-from robert@fledge.watson.org) Date: Mon, 12 Feb 2001 20:58:44 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org To: freebsd-audit@FreeBSD.org Subject: Re: cvs commit: src/sys/vm vm_zone.c vm_zone.h (fwd) Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Thomas, If you find yourself unsufficiently busy at some point, this might be worth looking into also :-). Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services ---------- Forwarded message ---------- Date: Tue, 13 Feb 2001 12:54:45 +1100 (EST) From: Bruce Evans To: Robert Watson Cc: Peter Wemm , Warner Losh , Peter Pentchev , Dag-Erling Smorgrav , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/vm vm_zone.c vm_zone.h On Mon, 12 Feb 2001, Robert Watson wrote: > On Mon, 12 Feb 2001, Peter Wemm wrote: > > All this sysctl stuff is fine, but dont kill the crashdump reading code! > > If -M or -N are specified then use the old way (and require root to be > > running it). Without -M or -N, use sysctl. > > All patches submitted on the freebsd-audit mailing list to remove setgid > from top, systat, dmesg, etc, have maintained backwards compatibility by > using kmem when the -M or -N argument is provided, permitting them to > continue to work on system dumps -- and even on /dev/kmem, it just This was easy for top and systat because they don't have a -M or -N arg or work on system dumps :-). OTOH, the [-W swap] arg for ps and corresponding support in libkvm have been broken for a long time. No one seems to miss them, but they are still documented. Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Tue Feb 13 12:26:23 2001 Delivered-To: freebsd-audit@freebsd.org Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20]) by hub.freebsd.org (Postfix) with ESMTP id 42F1C37B503 for ; Tue, 13 Feb 2001 12:26:17 -0800 (PST) Received: (from bright@localhost) by fw.wintelcom.net (8.10.0/8.10.0) id f1DKQGH15569; Tue, 13 Feb 2001 12:26:16 -0800 (PST) Date: Tue, 13 Feb 2001 12:26:16 -0800 From: Alfred Perlstein To: security@freebsd.oreg, audit@freebsd.org Subject: (forw) robustness fix for SYSCTL_OUT Message-ID: <20010213122616.S3274@fw.wintelcom.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Linux recently had a major bug through sysctl/procfs, anyone want to take a look at this? ----- Forwarded message from Thomas Moestl ----- From: Thomas Moestl To: freebsd-hackers@FreeBSD.ORG Subject: robustness fix for SYSCTL_OUT Date: Tue, 13 Feb 2001 21:19:02 +0100 Message-ID: <20010213211902.A873@crow.dom2ip.de> User-Agent: Mutt/1.2.5i Sender: owner-freebsd-hackers@FreeBSD.ORG Hi, the following is from sys/kern/kern_sysctl.c: static int sysctl_old_kernel(struct sysctl_req *req, const void *p, size_t l) { size_t i = 0; if (req->oldptr) { i = l; if (i > req->oldlen - req->oldidx) i = req->oldlen - req->oldidx; if (i > 0) bcopy(p, (char *)req->oldptr + req->oldidx, i); } req->oldidx += l; if (req->oldptr && i != l) return (ENOMEM); return (0); } oldidx and oldlen are both size_t (unsigned). If l happens to be larger than (req->oldlen - req->oldidx), ENOMEM is returned correctly, but req->oldidx is increased by the full length. If a buggy caller does not react on the error and calls SYSCTL_OUT again (SYSCTL_OUT normally causes sysctl_old_kernel() or sysctl_old_user, which has a similar bug, to be called), oldidx will be greater than oldlen, and since both are unsigned, the if test will fail, so we will bcopy outside of the buffer and no longer return ENOMEM. Not that this does not matter if SYSCTL_OUT is used correctly, but for the sake of robustness, I think it should be fixed. Currently, there is one place in the -CURRENT kernel (that I know of) that actually gets hit by this bug. -STABLE seems fine. I propose the attached fix. Could it please be reviewed and commited if correct? - thomas *** sys.3/kern/kern_sysctl.c Tue Feb 13 16:15:52 2001 --- sys/kern/kern_sysctl.c Tue Feb 13 20:06:37 2001 *************** *** 817,824 **** if (req->oldptr) { i = l; ! if (i > req->oldlen - req->oldidx) ! i = req->oldlen - req->oldidx; if (i > 0) bcopy(p, (char *)req->oldptr + req->oldidx, i); } --- 817,827 ---- if (req->oldptr) { i = l; ! if (req->oldlen <= req->oldidx) ! i = 0; ! else ! if (i > req->oldlen - req->oldidx) ! i = req->oldlen - req->oldidx; if (i > 0) bcopy(p, (char *)req->oldptr + req->oldidx, i); } *************** *** 914,921 **** } if (req->oldptr) { i = l; ! if (i > req->oldlen - req->oldidx) ! i = req->oldlen - req->oldidx; if (i > 0) error = copyout(p, (char *)req->oldptr + req->oldidx, i); --- 917,927 ---- } if (req->oldptr) { i = l; ! if (req->oldlen <= req->oldidx) ! i = 0; ! else ! if (i > req->oldlen - req->oldidx) ! i = req->oldlen - req->oldidx; if (i > 0) error = copyout(p, (char *)req->oldptr + req->oldidx, i); ----- End forwarded message ----- -- -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org] "I have the heart of a child; I keep it in a jar on my desk." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Tue Feb 13 23: 9: 0 2001 Delivered-To: freebsd-audit@freebsd.org Received: from harmony.village.org (rover.village.org [204.144.255.66]) by hub.freebsd.org (Postfix) with ESMTP id D49D537B491 for ; Tue, 13 Feb 2001 23:08:53 -0800 (PST) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.11.1/8.11.1) with ESMTP id f1E78rW59181 for ; Wed, 14 Feb 2001 00:08:53 -0700 (MST) (envelope-from imp@harmony.village.org) Message-Id: <200102140708.f1E78rW59181@harmony.village.org> To: audit@freebsd.org Subject: wall -g patches for review Date: Wed, 14 Feb 2001 00:08:52 -0700 From: Warner Losh Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I've gone ahead and added the wall -g functionality from OpenBSD to FreeBSD's wall. I need this for dump, but it seems to be generally useful. While I was at it, I did the register and __P thing. It seems to work for me, but I thought I'd post this for wider review since it dos run at an elevated privs (group tty). Last time this came up, people suggested that this might belong in syslog. I don't disagree that this would be useful functionality there, but wall provides a different service. syslog is for a oneline message, while wall can send arbitrary files. Anyway, I'll commit these Feb 21, 2001 if there are no objections outstanding. Warner Index: ttymsg.c =================================================================== RCS file: /home/imp/FreeBSD/CVS/src/usr.bin/wall/ttymsg.c,v retrieving revision 1.6 diff -u -r1.6 ttymsg.c --- ttymsg.c 2000/06/09 19:44:49 1.6 +++ ttymsg.c 2001/02/14 06:56:23 @@ -59,15 +59,11 @@ * ignored (exclusive-use, lack of permission, etc.). */ char * -ttymsg(iov, iovcnt, line, tmout) - struct iovec *iov; - int iovcnt; - char *line; - int tmout; +ttymsg(struct iovec *iov, int iovcnt, char *line, int tmout) { static char device[MAXNAMLEN] = _PATH_DEV; static char errbuf[1024]; - register int cnt, fd, left, wret; + int cnt, fd, left, wret; struct iovec localiov[7]; int forked = 0; Index: wall.1 =================================================================== RCS file: /home/imp/FreeBSD/CVS/src/usr.bin/wall/wall.1,v retrieving revision 1.4 diff -u -r1.4 wall.1 --- wall.1 2000/11/20 19:21:18 1.4 +++ wall.1 2001/02/14 06:59:01 @@ -40,6 +40,7 @@ .Nd write a message to users .Sh SYNOPSIS .Nm +.Op Fl g Ar group .Op Ar file .Sh DESCRIPTION .Nm Wall @@ -52,6 +53,12 @@ terminals of users who have chosen to deny messages or are using a program which automatically denies messages. +.Bl -tag -width indent +.It Fl g +Send messages to users in this group. This option may be specified +multiple times, and any user in any of the specified groups will +receive the message. +.El .Sh SEE ALSO .Xr mesg 1 , .Xr talk 1 , Index: wall.c =================================================================== RCS file: /home/imp/FreeBSD/CVS/src/usr.bin/wall/wall.c,v retrieving revision 1.16 diff -u -r1.16 wall.c --- wall.c 2000/11/26 22:36:35 1.16 +++ wall.c 2001/02/14 06:56:17 @@ -56,6 +56,7 @@ #include #include +#include #include #include #include @@ -66,9 +67,15 @@ #include #include -void makemsg __P((char *)); -static void usage __P((void)); -char *ttymsg __P((struct iovec *, int, char *, int)); +struct wallgroup { + struct wallgroup *next; + char *name; + gid_t gid; +} *grouplist; + +void makemsg(char *); +static void usage(void); +char *ttymsg(struct iovec *, int, char *, int); #define IGNOREUSER "sleeper" @@ -78,26 +85,36 @@ /* ARGSUSED */ int -main(argc, argv) - int argc; - char **argv; +main(int argc, char *argv[]) { + int ingroup = 0, ngrps, i; int ch; - struct iovec iov; - struct utmp utmp; FILE *fp; char *p; + struct wallgroup *g; + struct passwd *pw; + struct iovec iov; + struct utmp utmp; + gid_t grps[NGROUPS_MAX]; char line[sizeof(utmp.ut_line) + 1]; + char username[sizeof(utmp.ut_name) + 1]; (void)setlocale(LC_CTYPE, ""); - while ((ch = getopt(argc, argv, "n")) != -1) + while ((ch = getopt(argc, argv, "g:n")) != -1) switch (ch) { case 'n': /* undoc option for shutdown: suppress banner */ if (geteuid() == 0) nobanner = 1; break; + case 'g': + g = (struct wallgroup *)malloc(sizeof *g); + g->next = grouplist; + g->name = optarg; + g->gid = -1; + grouplist = g; + break; case '?': default: usage(); @@ -107,6 +124,14 @@ if (argc > 1) usage(); + for (g = grouplist; g; g = g->next) { + struct group *grp; + + grp = getgrnam(g->name); + if (grp) + g->gid = grp->gr_gid; + } + makemsg(*argv); if (!(fp = fopen(_PATH_UTMP, "r"))) @@ -118,6 +143,24 @@ if (!utmp.ut_name[0] || !strncmp(utmp.ut_name, IGNOREUSER, sizeof(utmp.ut_name))) continue; + if (grouplist) { + strlcpy(username, utmp.ut_name, sizeof(utmp.ut_name)); + pw = getpwnam(username); + if (!pw) + continue; + ngrps = getgroups(pw->pw_gid, grps); + for (g = grouplist; g && ingroup == 0; g = g->next) { + if (g->gid == -1) + continue; + if (g->gid == pw->pw_gid) + ingroup = 1; + for (i = 0; i < ngrps && ingroup == 0; i++) + if (g->gid == grps[i]) + ingroup = 1; + } + if (ingroup == 0) + continue; + } strncpy(line, utmp.ut_line, sizeof(utmp.ut_line)); line[sizeof(utmp.ut_line)] = '\0'; if ((p = ttymsg(&iov, 1, line, 60*5)) != NULL) @@ -134,11 +177,10 @@ } void -makemsg(fname) - char *fname; +makemsg(char *fname) { - register int cnt; - register unsigned char ch; + int cnt; + unsigned char ch; struct tm *lt; struct passwd *pw; struct stat sbuf; To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Tue Feb 13 23:14:59 2001 Delivered-To: freebsd-audit@freebsd.org Received: from harmony.village.org (rover.village.org [204.144.255.66]) by hub.freebsd.org (Postfix) with ESMTP id C550E37B491 for ; Tue, 13 Feb 2001 23:14:47 -0800 (PST) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.11.1/8.11.1) with ESMTP id f1E7ElW78463 for ; Wed, 14 Feb 2001 00:14:47 -0700 (MST) (envelope-from imp@harmony.village.org) Message-Id: <200102140714.f1E7ElW78463@harmony.village.org> To: audit@freebsd.org Subject: Removing setgid from dump/restore Date: Wed, 14 Feb 2001 00:14:47 -0700 From: Warner Losh Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG OK. OpenBSD has had this for a long long time. I've had it in my tree waiting for wall -g patches to be committed. Since those are in the queue now, I'm presenting these again for eventual committing to FreeBSD. I expect they might take longer to get through the review process. They fix dump/restore to fork wall rather than trying to do it themselves. They rely on wall -g operator to send messages only to group operator. They also fix MAXPATHLEN usage. I hope to commit these by the end of the month. Warner Index: dump/Makefile =================================================================== RCS file: /home/imp/FreeBSD/CVS/src/sbin/dump/Makefile,v retrieving revision 1.12 diff -u -r1.12 Makefile --- dump/Makefile 2000/02/24 21:01:49 1.12 +++ dump/Makefile 2000/06/19 06:10:51 @@ -16,10 +16,7 @@ PROG= dump LINKS= ${BINDIR}/dump ${BINDIR}/rdump CFLAGS+=-DRDUMP -CFLAGS+=-I${.CURDIR}/../../libexec/rlogind SRCS= itime.c main.c optr.c dumprmt.c tape.c traverse.c unctime.c -BINGRP= tty -BINMODE=2555 MAN8= dump.8 MLINKS+=dump.8 rdump.8 Index: dump/main.c =================================================================== RCS file: /home/imp/FreeBSD/CVS/src/sbin/dump/main.c,v retrieving revision 1.22 diff -u -r1.22 main.c --- dump/main.c 2001/01/28 21:21:37 1.22 +++ dump/main.c 2001/02/14 06:17:16 @@ -285,7 +285,6 @@ if (signal(SIGINT, interrupt) == SIG_IGN) signal(SIGINT, SIG_IGN); - set_operators(); /* /etc/group snarfed */ getfstab(); /* /etc/fstab snarfed */ /* * disk can be either the full special file name, Index: dump/optr.c =================================================================== RCS file: /home/imp/FreeBSD/CVS/src/sbin/dump/optr.c,v retrieving revision 1.12 diff -u -r1.12 optr.c --- dump/optr.c 2001/01/29 09:45:51 1.12 +++ dump/optr.c 2001/02/14 06:23:04 @@ -59,7 +59,6 @@ void alarmcatch __P((/* int, int */)); int datesort __P((const void *, const void *)); -static void sendmes __P((char *, char *)); /* * Query the operator; This previously-fascist piece of code @@ -117,7 +116,7 @@ return(back); } -char lastmsg[100]; +char lastmsg[BUFSIZ]; /* * Alert the console operator, and enable the alarm clock to @@ -126,6 +125,8 @@ void alarmcatch() { + int save_errno = errno; + if (notify == 0) { if (timeout == 0) (void) fprintf(stderr, @@ -144,6 +145,7 @@ signal(SIGALRM, alarmcatch); (void) alarm(120); timeout = 1; + errno = save_errno; } /* @@ -158,131 +160,34 @@ dumpabort(0); } -/* - * The following variables and routines manage alerting - * operators to the status of dump. - * This works much like wall(1) does. - */ -struct group *gp; - /* - * Get the names from the group entry "operator" to notify. + * We now use wall(1) to do the actual broadcasting. */ void -set_operators() -{ - if (!notify) /*not going to notify*/ - return; - gp = getgrnam(OPGRENT); - (void) endgrent(); - if (gp == NULL) { - msg("No group entry for %s.\n", OPGRENT); - notify = 0; - return; - } -} - -struct tm *localclock; - -/* - * We fork a child to do the actual broadcasting, so - * that the process control groups are not messed up - */ -void broadcast(message) char *message; { - time_t clock; - FILE *f_utmp; - struct utmp utmp; - char **np; - int pid, s; + FILE *fp; + char buf[sizeof(_PATH_WALL) + sizeof(OPGRENT) + 3]; - if (!notify || gp == NULL) + if (!notify) return; - switch (pid = fork()) { - case -1: + (void)snprintf(buf, sizeof(buf), "%s -g %s", _PATH_WALL, OPGRENT); + if ((fp = popen(buf, "w")) == NULL) return; - case 0: - break; - default: - while (wait(&s) != pid) - continue; - return; - } - clock = time((time_t *)0); - localclock = localtime(&clock); - - if ((f_utmp = fopen(_PATH_UTMP, "r")) == NULL) { - msg("Cannot open %s: %s\n", _PATH_UTMP, strerror(errno)); - return; - } - - while (!feof(f_utmp)) { - if (fread((char *) &utmp, sizeof (struct utmp), 1, f_utmp) != 1) - break; - if (utmp.ut_name[0] == 0) - continue; - for (np = gp->gr_mem; *np; np++) { - if (strncmp(*np, utmp.ut_name, sizeof(utmp.ut_name)) != 0) - continue; - /* - * Do not send messages to operators on dialups - */ - if (strncmp(utmp.ut_line, DIALUP, strlen(DIALUP)) == 0) - continue; -#ifdef DEBUG - msg("Message to %s at %s\n", *np, utmp.ut_line); -#endif - sendmes(utmp.ut_line, message); - } - } - (void) fclose(f_utmp); - Exit(0); /* the wait in this same routine will catch this */ - /* NOTREACHED */ -} + (void) fputs("\a\a\aMessage from the dump program to all operators\n\nDUMP: NEEDS ATTENTION: ", fp); + if (lastmsg[0]) + (void) fputs(lastmsg, fp); + if (message[0]) + (void) fputs(message, fp); -static void -sendmes(tty, message) - char *tty, *message; -{ - char t[MAXPATHLEN], buf[BUFSIZ]; - register char *cp; - int lmsg = 1; - FILE *f_tty; - - (void) strcpy(t, _PATH_DEV); - (void) strncat(t, tty, sizeof t - strlen(_PATH_DEV) - 1); - - if ((f_tty = fopen(t, "w")) != NULL) { - setbuf(f_tty, buf); - (void) fprintf(f_tty, - "\n\ -\a\a\aMessage from the dump program to all operators at %d:%02d ...\r\n\n\ -DUMP: NEEDS ATTENTION: ", - localclock->tm_hour, localclock->tm_min); - for (cp = lastmsg; ; cp++) { - if (*cp == '\0') { - if (lmsg) { - cp = message; - if (*cp == '\0') - break; - lmsg = 0; - } else - break; - } - if (*cp == '\n') - (void) putc('\r', f_tty); - (void) putc(*cp, f_tty); - } - (void) fclose(f_tty); - } + (void) pclose(fp); } /* - * print out an estimate of the amount of time left to do the dump + * Print out an estimate of the amount of time left to do the dump */ time_t tschedule = 0; @@ -390,7 +295,7 @@ { register struct fstab *new; - new = (struct fstab *)malloc(sizeof (*fs)); + new = (struct fstab *)malloc(sizeof(*fs)); if (new == NULL || (new->fs_file = strdup(fs->fs_file)) == NULL || (new->fs_type = strdup(fs->fs_type)) == NULL || @@ -425,7 +330,7 @@ strcmp(fs->fs_type, FSTAB_RQ)) continue; fs = allocfsent(fs); - if ((pf = (struct pfstab *)malloc(sizeof (*pf))) == NULL) + if ((pf = (struct pfstab *)malloc(sizeof(*pf))) == NULL) quit("%s\n", strerror(errno)); pf->pf_fstab = fs; SLIST_INSERT_HEAD(&table, pf, pf_list); Index: dump/pathnames.h =================================================================== RCS file: /home/imp/FreeBSD/CVS/src/sbin/dump/pathnames.h,v retrieving revision 1.5 diff -u -r1.5 pathnames.h --- dump/pathnames.h 1998/09/22 10:05:17 1.5 +++ dump/pathnames.h 2000/06/19 05:54:17 @@ -40,3 +40,4 @@ #define _PATH_DUMPDATES "/etc/dumpdates" #define _PATH_LOCK "/tmp/dumplockXXXXXX" #define _PATH_RMT "/etc/rmt" /* path on remote host */ +#define _PATH_WALL "/usr/bin/wall" Index: restore/Makefile =================================================================== RCS file: /home/imp/FreeBSD/CVS/src/sbin/restore/Makefile,v retrieving revision 1.13 diff -u -r1.13 Makefile --- restore/Makefile 2000/02/24 21:01:54 1.13 +++ restore/Makefile 2000/06/19 06:11:37 @@ -4,11 +4,8 @@ PROG= restore LINKS= ${BINDIR}/restore ${BINDIR}/rrestore CFLAGS+=-DRRESTORE -CFLAGS+=-I${.CURDIR}/../../libexec/rlogind SRCS= main.c interactive.c restore.c dirs.c symtab.c tape.c utilities.c \ dumprmt.c -BINGRP= tty -BINMODE=2555 MAN8= restore.8 MLINKS+=restore.8 rrestore.8 .PATH: ${.CURDIR}/../dump Index: restore/dirs.c =================================================================== RCS file: /home/imp/FreeBSD/CVS/src/sbin/restore/dirs.c,v retrieving revision 1.16 diff -u -r1.16 dirs.c --- restore/dirs.c 2000/10/10 01:49:47 1.16 +++ restore/dirs.c 2000/11/12 06:07:33 @@ -230,7 +230,7 @@ register struct direct *dp; int namelen; long bpt; - char locname[MAXPATHLEN + 1]; + char locname[MAXPATHLEN]; itp = inotablookup(ino); if (itp == NULL) { Index: restore/interactive.c =================================================================== RCS file: /home/imp/FreeBSD/CVS/src/sbin/restore/interactive.c,v retrieving revision 1.9 diff -u -r1.9 interactive.c --- restore/interactive.c 2000/12/12 12:04:01 1.9 +++ restore/interactive.c 2000/12/16 06:25:03 @@ -505,7 +505,7 @@ struct afile single; RST_DIR *dirp; int entries, len, namelen; - char locname[MAXPATHLEN + 1]; + char locname[MAXPATHLEN]; dp = pathsearch(name); if (dp == NULL || (!dflag && TSTINO(dp->d_ino, dumpmap) == 0) || @@ -536,8 +536,8 @@ fprintf(stderr, "%s:\n", name); entries = 0; listp = list; - (void) strncpy(locname, name, MAXPATHLEN); - (void) strncat(locname, "/", MAXPATHLEN); + (void) strlcpy(locname, name, MAXPATHLEN); + (void) strlcat(locname, "/", MAXPATHLEN); namelen = strlen(locname); while ((dp = rst_readdir(dirp))) { if (dp == NULL) Index: restore/tape.c =================================================================== RCS file: /home/imp/FreeBSD/CVS/src/sbin/restore/tape.c,v retrieving revision 1.21 diff -u -r1.21 tape.c --- restore/tape.c 2000/12/12 12:04:02 1.21 +++ restore/tape.c 2000/12/16 06:25:03 @@ -82,7 +82,7 @@ static int ofile; static char *map; -static char lnkbuf[MAXPATHLEN + 1]; +static char lnkbuf[MAXPATHLEN]; static int pathlen; int oldinofmt; /* old inode format conversion required */ @@ -770,7 +770,7 @@ { pathlen += size; - if (pathlen > MAXPATHLEN) { + if (pathlen >= MAXPATHLEN) { fprintf(stderr, "symbolic link name: %s->%s%s; too long %d\n", curfile.name, lnkbuf, buf, pathlen); done(1); To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Wed Feb 14 0:32: 9 2001 Delivered-To: freebsd-audit@freebsd.org Received: from feral.com (feral.com [192.67.166.1]) by hub.freebsd.org (Postfix) with ESMTP id 67CF437B491 for ; Wed, 14 Feb 2001 00:32:08 -0800 (PST) Received: from beppo (beppo [192.67.166.79]) by feral.com (8.9.3/8.9.3) with ESMTP id AAA11991; Wed, 14 Feb 2001 00:32:04 -0800 Date: Wed, 14 Feb 2001 00:32:04 -0800 (PST) From: Matthew Jacob Reply-To: mjacob@feral.com To: Warner Losh Cc: audit@FreeBSD.ORG Subject: Re: Removing setgid from dump/restore In-Reply-To: <200102140714.f1E7ElW78463@harmony.village.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Seems good to me. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Wed Feb 14 1:39:41 2001 Delivered-To: freebsd-audit@freebsd.org Received: from obsecurity.dyndns.org (adsl-63-207-60-67.dsl.lsan03.pacbell.net [63.207.60.67]) by hub.freebsd.org (Postfix) with ESMTP id 703D637B401 for ; Wed, 14 Feb 2001 01:39:39 -0800 (PST) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 38E2566B26; Wed, 14 Feb 2001 01:39:39 -0800 (PST) Date: Wed, 14 Feb 2001 01:39:39 -0800 From: Kris Kennaway To: Warner Losh Cc: audit@freebsd.org Subject: Re: wall -g patches for review Message-ID: <20010214013939.A66255@mollari.cthul.hu> References: <200102140708.f1E78rW59181@harmony.village.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="G4iJoqBmSsgzjUCe" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200102140708.f1E78rW59181@harmony.village.org>; from imp@harmony.village.org on Wed, Feb 14, 2001 at 12:08:52AM -0700 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --G4iJoqBmSsgzjUCe Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Wed, Feb 14, 2001 at 12:08:52AM -0700, Warner Losh wrote: > I've gone ahead and added the wall -g functionality from OpenBSD to > FreeBSD's wall. I need this for dump, but it seems to be generally > useful. Bah, how many times do I have to review this? GO! :) Kris --G4iJoqBmSsgzjUCe Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6ilJaWry0BWjoQKURApf+AKDRSOs6XGk3OBXLbehjyqC0Si2uzgCg+nq8 mBu8zTFP867LSjxtgOqHEIc= =O2YY -----END PGP SIGNATURE----- --G4iJoqBmSsgzjUCe-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Wed Feb 14 8:23:49 2001 Delivered-To: freebsd-audit@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.66]) by hub.freebsd.org (Postfix) with ESMTP id 5C18737B4EC for ; Wed, 14 Feb 2001 08:23:45 -0800 (PST) Received: from billy-club.village.org (billy-club.village.org [10.0.0.3]) by rover.village.org (8.11.2/8.11.0) with ESMTP id f1EGNhh28387; Wed, 14 Feb 2001 09:23:44 -0700 (MST) (envelope-from imp@billy-club.village.org) Received: from billy-club.village.org (localhost [127.0.0.1]) by billy-club.village.org (8.11.1/8.8.3) with ESMTP id f1EGLoE16956; Wed, 14 Feb 2001 09:21:50 -0700 (MST) Message-Id: <200102141621.f1EGLoE16956@billy-club.village.org> To: Kris Kennaway Subject: Re: wall -g patches for review Cc: audit@FreeBSD.ORG In-reply-to: Your message of "Wed, 14 Feb 2001 01:39:39 PST." <20010214013939.A66255@mollari.cthul.hu> References: <20010214013939.A66255@mollari.cthul.hu> <200102140708.f1E78rW59181@harmony.village.org> Date: Wed, 14 Feb 2001 09:21:50 -0700 From: Warner Losh Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In message <20010214013939.A66255@mollari.cthul.hu> Kris Kennaway writes: : Bah, how many times do I have to review this? GO! :) This is actually the first time I've posted this one. The dump patches I'd posted before :-) Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Wed Feb 14 9:54:51 2001 Delivered-To: freebsd-audit@freebsd.org Received: from gratis.grondar.za (grouter.grondar.za [196.7.18.65]) by hub.freebsd.org (Postfix) with ESMTP id 4066537B4EC for ; Wed, 14 Feb 2001 09:54:46 -0800 (PST) Received: from grondar.za (root@gratis.grondar.za [196.7.18.133]) by gratis.grondar.za (8.11.1/8.11.1) with ESMTP id f1EHsE936261; Wed, 14 Feb 2001 19:54:16 +0200 (SAST) (envelope-from mark@grondar.za) Message-Id: <200102141754.f1EHsE936261@gratis.grondar.za> To: Warner Losh Cc: audit@FreeBSD.ORG Subject: Re: wall -g patches for review References: <200102140708.f1E78rW59181@harmony.village.org> In-Reply-To: <200102140708.f1E78rW59181@harmony.village.org> ; from Warner Losh "Wed, 14 Feb 2001 00:08:52 MST." Date: Wed, 14 Feb 2001 19:54:50 +0200 From: Mark Murray Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > I've gone ahead and added the wall -g functionality from OpenBSD to > FreeBSD's wall. I need this for dump, but it seems to be generally > useful. OK. > While I was at it, I did the register and __P thing. It seems to work > for me, but I thought I'd post this for wider review since it dos run > at an elevated privs (group tty). Please commit the register/__P()/prototypes as a separate commit, just to reduce the impact for those who like reading diffs :-) > Anyway, I'll commit these Feb 21, 2001 if there are no objections > outstanding. No objection, modulo the above :-) M -- Mark Murray Warning: this .sig is umop ap!sdn To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Wed Feb 14 9:57:34 2001 Delivered-To: freebsd-audit@freebsd.org Received: from gratis.grondar.za (grouter.grondar.za [196.7.18.65]) by hub.freebsd.org (Postfix) with ESMTP id 1A2CC37B401 for ; Wed, 14 Feb 2001 09:57:29 -0800 (PST) Received: from grondar.za (root@gratis.grondar.za [196.7.18.133]) by gratis.grondar.za (8.11.1/8.11.1) with ESMTP id f1EHvD936290; Wed, 14 Feb 2001 19:57:13 +0200 (SAST) (envelope-from mark@grondar.za) Message-Id: <200102141757.f1EHvD936290@gratis.grondar.za> To: Warner Losh Cc: audit@FreeBSD.ORG Subject: Re: Removing setgid from dump/restore References: <200102140714.f1E7ElW78463@harmony.village.org> In-Reply-To: <200102140714.f1E7ElW78463@harmony.village.org> ; from Warner Losh "Wed, 14 Feb 2001 00:14:47 MST." Date: Wed, 14 Feb 2001 19:57:49 +0200 From: Mark Murray Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > OK. OpenBSD has had this for a long long time. I've had it in my > tree waiting for wall -g patches to be committed. Since those are in > the queue now, I'm presenting these again for eventual committing to > FreeBSD. I expect they might take longer to get through the review > process. > > They fix dump/restore to fork wall rather than trying to do it > themselves. They rely on wall -g operator to send messages only to > group operator. They also fix MAXPATHLEN usage. Looks well OK and sensible to me. > I hope to commit these by the end of the month. Please do a follow-up ANSIfication (_P()/register/prototype) commit as well :-) M -- Mark Murray Warning: this .sig is umop ap!sdn To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Thu Feb 15 16:28:40 2001 Delivered-To: freebsd-audit@freebsd.org Received: from lennier.cc.vt.edu (lennier.cc.vt.edu [198.82.161.193]) by hub.freebsd.org (Postfix) with ESMTP id 1843A37B491 for ; Thu, 15 Feb 2001 16:27:24 -0800 (PST) Received: from mail.vt.edu (gkar.cc.vt.edu [198.82.161.190]) by lennier.cc.vt.edu (8.11.0/8.11.0) with ESMTP id f1G0RMu126452 for ; Thu, 15 Feb 2001 19:27:22 -0500 (EST) Received: from enterprise.muriel.penguinpowered.com ([198.82.100.151]) by gkar.cc.vt.edu (Sun Internet Mail Server sims.3.5.2000.03.23.18.03.p10) with ESMTP id <0G8T006RPQLKY8@gkar.cc.vt.edu> for FreeBSD-audit@freebsd.org; Thu, 15 Feb 2001 19:27:20 -0500 (EST) Date: Thu, 15 Feb 2001 19:27:20 -0500 (EST) From: Mike Heffner Subject: mail(1) cleanup patch To: FreeBSD-audit Message-id: MIME-version: 1.0 X-Mailer: XFMail 1.4.7 on FreeBSD Content-type: multipart/signed; boundary="_=XFMail.1.4.7.FreeBSD:20010215192720:87326=_"; micalg=pgp-md5; protocol="application/pgp-signature" X-Priority: 3 (Normal) Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG This message is in MIME format --_=XFMail.1.4.7.FreeBSD:20010215192720:87326=_ Content-Type: text/plain; charset=us-ascii The following patch to mail(1) is a combination of changes taken from OpenBSD and NetBSD, as well as a few of my one. The patch addresses the following: - remove panic() in favor of err(3) and use err(3) functions consistently throughout - use stat(2)'s S_IS* macros rather than S_IF* - [r]index -> str[r]chr - convert some static buffers to dynamic ones - use real tempfiles rather than reopening the same templates - rename some functions that clash with libc - convert wait_status from union to int and use wait(2) status macros - fix multiple potential buffer overflows as well as some misc. cleanups. I'd also like to eventually do a style(9) cleanup patch (NOSTR -> NULL, kill register, whitespace fixes, ...) so that diffs are somewhat closer with the other BSDs. (also at http://filebox.vt.edu/users/mheffner/patches/mail.patch) Index: aux.c =================================================================== RCS file: /home/ncvs/src/usr.bin/mail/aux.c,v retrieving revision 1.4 diff -u -r1.4 aux.c --- aux.c 1997/07/24 06:56:33 1.4 +++ aux.c 2001/02/15 21:31:40 @@ -81,38 +81,6 @@ } /* - * Announce a fatal error and die. - */ -#if __STDC__ -#include -#else -#include -#endif - -void -#if __STDC__ -panic(const char *fmt, ...) -#else -panic(fmt, va_alist) - char *fmt; - va_dcl -#endif -{ - va_list ap; -#if __STDC__ - va_start(ap, fmt); -#else - va_start(ap); -#endif - (void)fprintf(stderr, "panic: "); - vfprintf(stderr, fmt, ap); - va_end(ap); - (void)fprintf(stderr, "\n"); - fflush(stderr); - abort(); -} - -/* * Touch the named message by setting its MTOUCH flag. * Touched messages have the effect of not being sent * back to the system mailbox on exit. @@ -139,7 +107,7 @@ if (stat(name, &sbuf) < 0) return(0); - return((sbuf.st_mode & S_IFMT) == S_IFDIR); + return(S_ISDIR(sbuf.st_mode)); } /* @@ -270,18 +238,24 @@ /* * Copy a string, lowercasing it as we go. + * dsize: space left in buffer (including space for NULL) */ void -istrcpy(dest, src) +istrncpy(dest, src, dsize) register char *dest, *src; + size_t dsize; { - do { - if (isupper(*src)) - *dest++ = tolower(*src); - else - *dest++ = *src; - } while (*src++ != 0); + if (dsize != 0) { + while (--dsize != 0 && *src) { + if (isupper(*src)) + *dest++ = tolower(*src); + else + *dest++ = *src; + src++; + } + *dest = '\0'; + } } /* @@ -314,7 +288,7 @@ if ((cp = expand(*arglist)) == NOSTR) return(1); if ((fi = Fopen(cp, "r")) == NULL) { - perror(cp); + warn("%s", cp); return(1); } if (ssp >= SSTACK_SIZE - 1) { @@ -408,7 +382,7 @@ cp = skin(name1(mp, reptype)); if (reptype != 0 || charcount(cp, '!') < 2) return(cp); - cp2 = rindex(cp, '!'); + cp2 = strrchr(cp, '!'); cp2--; while (cp2 > cp && *cp2 != '!') cp2--; @@ -454,15 +428,18 @@ { register int c; register char *cp, *cp2; - char *bufend; + char *bufend, *nbuf; int gotlt, lastsp; - char nbuf[BUFSIZ]; if (name == NOSTR) return(NOSTR); - if (index(name, '(') == NOSTR && index(name, '<') == NOSTR - && index(name, ' ') == NOSTR) + if (strchr(name, '(') == NOSTR && strchr(name, '<') == NOSTR + && strchr(name, ' ') == NOSTR) return(name); + + /* We assume that length(input) <= length(output) */ + if ((nbuf = (char *)malloc(strlen(name) + 1)) == NULL) + errx(1, "Out of memory"); gotlt = 0; lastsp = 0; bufend = nbuf; @@ -546,7 +523,9 @@ } *cp2 = 0; - return(savestr(nbuf)); + if ((nbuf = (char *)realloc(nbuf, strlen(nbuf) + 1)) == NULL) + errx(1, "Out of memory"); + return(nbuf); } /* @@ -586,24 +565,25 @@ *cp2 = '\0'; if (readline(ibuf, linebuf, LINESIZE) < 0) return(savestr(namebuf)); - if ((cp = index(linebuf, 'F')) == NULL) + if ((cp = strchr(linebuf, 'F')) == NULL) return(savestr(namebuf)); if (strncmp(cp, "From", 4) != 0) return(savestr(namebuf)); - while ((cp = index(cp, 'r')) != NULL) { + while ((cp = strchr(cp, 'r')) != NULL) { if (strncmp(cp, "remote", 6) == 0) { - if ((cp = index(cp, 'f')) == NULL) + if ((cp = strchr(cp, 'f')) == NULL) break; if (strncmp(cp, "from", 4) != 0) break; - if ((cp = index(cp, ' ')) == NULL) + if ((cp = strchr(cp, ' ')) == NULL) break; cp++; if (first) { - strcpy(namebuf, cp); + cp2 = namebuf; first = 0; } else - strcpy(rindex(namebuf, '!')+1, cp); + cp2 = strrchr(namebuf, '!') + 1; + strlcpy(cp2, cp, sizeof(namebuf) - (cp2 - namebuf) - 1); strcat(namebuf, "!"); goto newname; } @@ -637,23 +617,18 @@ register char *s1, *s2; { - while (*s1) - if (index(s2, *s1++)) - return 1; - return 0; + return(strpbrk(s2, s1) != NULL); } /* * Convert c to upper case */ int -raise(c) +upcase(c) register int c; { - if (islower(c)) - return toupper(c); - return c; + return toupper(c); } /* @@ -677,7 +652,7 @@ char *field; struct ignoretab ignore[2]; { - char realfld[BUFSIZ]; + char realfld[LINESIZE]; if (ignore == ignoreall) return 1; @@ -685,7 +660,7 @@ * Lower-case the string, so that "Status" and "status" * will hash to the same place. */ - istrcpy(realfld, field); + istrncpy(realfld, field, sizeof(realfld)); if (ignore[1].i_count > 0) return (!member(realfld, ignore + 1)); else Index: cmd1.c =================================================================== RCS file: /home/ncvs/src/usr.bin/mail/cmd1.c,v retrieving revision 1.3 diff -u -r1.3 cmd1.c --- cmd1.c 1998/07/06 21:01:17 1.3 +++ cmd1.c 2001/02/15 21:31:40 @@ -316,7 +316,7 @@ cp = _PATH_MORE; obuf = Popen(cp, "w"); if (obuf == NULL) { - perror(cp); + warn("%s", cp); obuf = stdout; } else signal(SIGPIPE, brokpipe); @@ -328,7 +328,7 @@ dot = mp; if (value("quiet") == NOSTR) fprintf(obuf, "Message %d:\n", *ip); - (void) send(mp, obuf, doign ? ignore : 0, NOSTR); + (void) sendmessage(mp, obuf, doign ? ignore : 0, NOSTR); } close_pipe: if (obuf != stdout) { @@ -387,7 +387,7 @@ if (!lineb) printf("\n"); for (lines = 0; lines < c && lines <= topl; lines++) { - if (readline(ibuf, linebuf, LINESIZE) < 0) + if (readline(ibuf, linebuf, sizeof(linebuf)) < 0) break; puts(linebuf); lineb = blankline(linebuf); @@ -437,10 +437,10 @@ int folders() { - char dirname[BUFSIZ]; + char dirname[PATHSIZE]; char *cmd; - if (getfold(dirname) < 0) { + if (getfold(dirname, sizeof(dirname)) < 0) { printf("No value set for \"folder\"\n"); return 1; } Index: cmd2.c =================================================================== RCS file: /home/ncvs/src/usr.bin/mail/cmd2.c,v retrieving revision 1.5 diff -u -r1.5 cmd2.c --- cmd2.c 1998/10/10 19:21:39 1.5 +++ cmd2.c 2001/02/15 21:31:40 @@ -187,14 +187,14 @@ else disp = "[New file]"; if ((obuf = Fopen(file, "a")) == NULL) { - perror(NOSTR); + warn(NOSTR); return(1); } for (ip = msgvec; *ip && ip-msgvec < msgCount; ip++) { mp = &message[*ip - 1]; touch(mp); - if (send(mp, obuf, ignore, NOSTR) < 0) { - perror(file); + if (sendmessage(mp, obuf, ignore, NOSTR) < 0) { + warn("%s", file); Fclose(obuf); return(1); } @@ -203,7 +203,7 @@ } fflush(obuf); if (ferror(obuf)) - perror(file); + warn("%s", file); Fclose(obuf); printf("%s\n", disp); return(0); @@ -367,11 +367,11 @@ core() { int pid; - extern union wait wait_status; + extern int wait_status; switch (pid = fork()) { case -1: - perror("fork"); + warn("fork"); return(1); case 0: abort(); @@ -380,7 +380,7 @@ printf("Okie dokie"); fflush(stdout); wait_child(pid); - if (wait_status.w_coredump) + if (WIFSIGNALED(wait_status) && WCOREDUMP(wait_status)) printf(" -- Core dumped.\n"); else printf(" -- Can't dump core.\n"); @@ -467,7 +467,7 @@ struct ignoretab *tab; char *which; { - char field[BUFSIZ]; + char field[LINESIZE]; register int h; register struct ignore *igp; char **ap; @@ -475,7 +475,7 @@ if (*list == NOSTR) return igshow(tab, which); for (ap = list; *ap != 0; ap++) { - istrcpy(field, *ap); + istrncpy(field, *ap, sizeof(field)); if (member(field, tab)) continue; h = hash(field); Index: cmd3.c =================================================================== RCS file: /home/ncvs/src/usr.bin/mail/cmd3.c,v retrieving revision 1.4 diff -u -r1.4 cmd3.c --- cmd3.c 1998/07/06 21:01:19 1.4 +++ cmd3.c 2001/02/15 21:31:41 @@ -56,9 +56,10 @@ char *shell; char cmd[BUFSIZ]; - (void) strcpy(cmd, str); - if (bangexp(cmd) < 0) + if (strlcpy(cmd, str, sizeof(cmd)) >= sizeof(cmd)) return 1; + if (bangexp(cmd, sizeof(cmd)) < 0) + return 1; if ((shell = value("SHELL")) == NOSTR) shell = _PATH_CSHELL; (void) run_command(shell, 0, -1, -1, "-c", cmd, NOSTR); @@ -90,21 +91,20 @@ * Expand the shell escape by expanding unescaped !'s into the * last issued command where possible. */ - -char lastbang[128]; - int -bangexp(str) +bangexp(str, strsize) char *str; + size_t strsize; { char bangbuf[BUFSIZ]; + static char lastbang[BUFSIZ]; register char *cp, *cp2; register int n; int changed = 0; cp = str; cp2 = bangbuf; - n = BUFSIZ; + n = sizeof(bangbuf); while (*cp) { if (*cp == '!') { if (n < strlen(lastbang)) { @@ -113,7 +113,7 @@ return(-1); } changed++; - strcpy(cp2, lastbang); + strlcpy(cp2, lastbang, sizeof(bangbuf) - (cp2 - bangbuf)); cp2 += strlen(lastbang); n -= strlen(lastbang); cp++; @@ -135,9 +135,8 @@ printf("!%s\n", bangbuf); fflush(stdout); } - strcpy(str, bangbuf); - strncpy(lastbang, bangbuf, 128); - lastbang[127] = 0; + strlcpy(str, bangbuf, strsize); + strlcpy(lastbang, bangbuf, sizeof(lastbang)); return(0); } @@ -152,7 +151,7 @@ register FILE *f; if ((f = Fopen(_PATH_HELP, "r")) == NULL) { - perror(_PATH_HELP); + warn("%s", _PATH_HELP); return(1); } while ((c = getc(f)) != EOF) @@ -170,13 +169,15 @@ { char *cp; - if (*arglist == NOSTR) + if (*arglist == NOSTR) { + if (homedir == NOSTR) + return(1); cp = homedir; - else + } else if ((cp = expand(*arglist)) == NOSTR) return(1); if (chdir(cp) < 0) { - perror(cp); + warn("%s", cp); return(1); } return 0; @@ -276,8 +277,7 @@ subj[2] == ':') return subj; newsubj = salloc(strlen(subj) + 5); - strcpy(newsubj, "Re: "); - strcpy(newsubj + 4, subj); + sprintf(newsubj, "Re: %s", subj); return newsubj; } @@ -386,7 +386,7 @@ for (ap = arglist; *ap != NOSTR; ap++) { cp = *ap; cp2 = varbuf; - while (*cp != '=' && *cp != '\0') + while (cp2 < varbuf + sizeof(varbuf) - 1 && *cp != '=' && *cp != '\0') *cp2++ = *cp++; *cp2 = '\0'; if (*cp == '\0') Index: collect.c =================================================================== RCS file: /home/ncvs/src/usr.bin/mail/collect.c,v retrieving revision 1.4 diff -u -r1.4 collect.c --- collect.c 1998/10/10 09:58:20 1.4 +++ collect.c 2001/02/15 21:31:41 @@ -74,10 +74,9 @@ int printheaders; { FILE *fbuf; - int lc, cc, escape, eofcount; + int lc, cc, escape, eofcount, fd; register int c, t; - char linebuf[LINESIZE], *cp; - extern char *tempMail; + char linebuf[LINESIZE], tempname[PATHSIZE], *cp; char getsub; int omask; void collint(), collhup(), collstop(); @@ -96,17 +95,19 @@ savettou = signal(SIGTTOU, collstop); savettin = signal(SIGTTIN, collstop); if (setjmp(collabort) || setjmp(colljmp)) { - rm(tempMail); + rm(tempname); goto err; } sigsetmask(omask & ~(sigmask(SIGINT) | sigmask(SIGHUP))); noreset++; - if ((collf = Fopen(tempMail, "w+")) == NULL) { - perror(tempMail); + snprintf(tempname, sizeof(tempname), "%s/mail.RsXXXXXXXXXX", tmpdir); + if ((fd = mkstemp(tempname)) == -1 || + (collf = Fdopen(fd, "w+")) == NULL) { + warn("%s", tempname); goto err; } - unlink(tempMail); + rm(tempname); /* * If we are going to prompt for a subject, @@ -261,7 +262,11 @@ hp->h_bcc = cat(hp->h_bcc, extract(&linebuf[2], GBCC)); break; case 'd': - strcpy(linebuf + 2, getdeadletter()); + if (strlcpy(linebuf + 2, getdeadletter(), sizeof(linebuf) - 2) + >= sizeof(linebuf) - 2) { + printf("Line buffer overflow\n"); + break; + } /* fall into . . . */ case 'r': /* @@ -284,7 +289,7 @@ break; } if ((fbuf = Fopen(cp, "r")) == NULL) { - perror(cp); + warn("%s", cp); break; } printf("\"%s\" ", cp); @@ -328,12 +333,12 @@ * standard list processing garbage. * If ~f is given, we don't shift over. */ - if (forward(linebuf + 2, collf, c) < 0) + if (forward(linebuf + 2, collf, tempname, c) < 0) goto err; goto cont; case '?': if ((fbuf = Fopen(_PATH_TILDE, "r")) == NULL) { - perror(_PATH_TILDE); + warn("%s", _PATH_TILDE); break; } while ((t = getc(fbuf)) != EOF) @@ -410,14 +415,14 @@ printf("\"%s\" ", name); fflush(stdout); } - if (stat(name, &junk) >= 0 && (junk.st_mode & S_IFMT) == S_IFREG) { + if (stat(name, &junk) >= 0 && S_ISREG(junk.st_mode)) { if (!f) fprintf(stderr, "%s: ", name); - fprintf(stderr, "File exists\n"); + fprintf(stderr, "File exists\n"); return(-1); } if ((of = Fopen(name, "w")) == NULL) { - perror(NOSTR); + warn(NOSTR); return(-1); } lc = 0; @@ -428,7 +433,7 @@ lc++; (void) putc(c, of); if (ferror(of)) { - perror(name); + warn("%s", name); Fclose(of); return(-1); } @@ -471,15 +476,17 @@ char cmd[]; { FILE *nf; + int fd; sig_t sigint = signal(SIGINT, SIG_IGN); - extern char *tempEdit; - char *shell; + char *shell, tempname[PATHSIZE]; - if ((nf = Fopen(tempEdit, "w+")) == NULL) { - perror(tempEdit); + snprintf(tempname, sizeof(tempname), "%s/mail.ReXXXXXXXXXX", tmpdir); + if ((fd = mkstemp(tempname)) == -1 || + (nf = Fdopen(fd, "w+")) == NULL) { + warn("%s", tempname); goto out; } - (void) unlink(tempEdit); + (void) rm(tempname); /* * stdin = current message. * stdout = new message. @@ -515,13 +522,13 @@ * should shift over and 'f' if not. */ int -forward(ms, fp, f) +forward(ms, fp, fn, f) char ms[]; FILE *fp; + char *fn; int f; { register int *msgvec; - extern char *tempMail; struct ignoretab *ig; char *tabst; @@ -549,8 +556,8 @@ touch(mp); printf(" %d", *msgvec); - if (send(mp, fp, ig, tabst) < 0) { - perror(tempMail); + if (sendmessage(mp, fp, ig, tabst) < 0) { + warn("%s", fn); return(-1); } } Index: def.h =================================================================== RCS file: /home/ncvs/src/usr.bin/mail/def.h,v retrieving revision 1.5 diff -u -r1.5 def.h --- def.h 2000/10/24 13:54:31 1.5 +++ def.h 2001/02/15 21:31:41 @@ -51,6 +51,7 @@ #include #include #include +#include #include #include "pathnames.h" Index: edit.c =================================================================== RCS file: /home/ncvs/src/usr.bin/mail/edit.c,v retrieving revision 1.3 diff -u -r1.3 edit.c --- edit.c 2000/10/24 13:54:31 1.3 +++ edit.c 2001/02/15 21:31:42 @@ -125,7 +125,7 @@ break; } if (ferror(otf)) - perror("/tmp"); + warn("/tmp"); (void) Fclose(fp); } (void) signal(SIGINT, sigint); @@ -148,17 +148,18 @@ register FILE *nf = NULL; register int t; time_t modtime; - char *edit; + char *edit, tempname[PATHSIZE]; struct stat statb; - extern char *tempEdit; - if ((t = creat(tempEdit, readonly ? 0400 : 0600)) < 0) { - perror(tempEdit); + snprintf(tempname, sizeof(tempname), "%s/mail.ReXXXXXXXXXX", tmpdir); + if ((t = mkstemp(tempname)) == -1 || + (nf = Fdopen(t, "w")) == NULL) { + warn("%s", tempname); goto out; } - if ((nf = Fdopen(t, "w")) == NULL) { - perror(tempEdit); - (void) unlink(tempEdit); + if (readonly && fchmod(t, 0400) == -1) { + warn("%s", tempname); + (void)rm(tempname); goto out; } if (size >= 0) @@ -174,22 +175,22 @@ modtime = statb.st_mtime; if (ferror(nf)) { (void) Fclose(nf); - perror(tempEdit); - (void) unlink(tempEdit); + warn("%s", tempname); + (void)rm(tempname); nf = NULL; goto out; } if (Fclose(nf) < 0) { - perror(tempEdit); - (void) unlink(tempEdit); + warn("%s", tempname); + (void)rm(tempname); nf = NULL; goto out; } nf = NULL; if ((edit = value(type == 'e' ? "EDITOR" : "VISUAL")) == NOSTR) edit = type == 'e' ? _PATH_EX : _PATH_VI; - if (run_command(edit, 0, -1, -1, tempEdit, NOSTR, NOSTR) < 0) { - (void) unlink(tempEdit); + if (run_command(edit, 0, -1, -1, tempname, NOSTR, NOSTR) < 0) { + (void)rm(tempname); goto out; } /* @@ -197,26 +198,26 @@ * temporary and return. */ if (readonly) { - (void) unlink(tempEdit); + (void)rm(tempname); goto out; } - if (stat(tempEdit, &statb) < 0) { - perror(tempEdit); + if (stat(tempname, &statb) < 0) { + warn("%s", tempname); goto out; } if (modtime == statb.st_mtime) { - (void) unlink(tempEdit); + (void)rm(tempname); goto out; } /* * Now switch to new file. */ - if ((nf = Fopen(tempEdit, "a+")) == NULL) { - perror(tempEdit); - (void) unlink(tempEdit); + if ((nf = Fopen(tempname, "a+")) == NULL) { + warn("%s", tempname); + (void)rm(tempname); goto out; } - (void) unlink(tempEdit); + (void)rm(tempname); out: return nf; } Index: extern.h =================================================================== RCS file: /home/ncvs/src/usr.bin/mail/extern.h,v retrieving revision 1.3 diff -u -r1.3 extern.h --- extern.h 1998/01/02 16:43:48 1.3 +++ extern.h 2001/02/15 21:31:43 @@ -86,7 +86,7 @@ int append __P((struct message *, FILE *)); int argcount __P((char **)); void assign __P((char [], char [])); -int bangexp __P((char *)); +int bangexp __P((char *, size_t)); int blankline __P((char [])); void brokpipe __P((int)); int charcount __P((char *, int)); @@ -121,16 +121,16 @@ int file __P((char **)); struct grouphead * findgroup __P((char [])); -void findmail __P((char *, char *)); +void findmail __P((char *, char *, int)); int first __P((int, int)); void fixhead __P((struct header *, struct name *)); void fmt __P((char *, struct name *, FILE *, int)); int folders __P((void)); -int forward __P((char [], FILE *, int)); +int forward __P((char [], FILE *, char *, int)); void free_child __P((int)); int from __P((int *)); off_t fsize __P((FILE *)); -int getfold __P((char *)); +int getfold __P((char *, int)); int gethfield __P((FILE *, char [], int, char **)); int getmsglist __P((char *, int *, int)); int getrawlist __P((char [], char **, int)); @@ -155,7 +155,7 @@ int ishead __P((char [])); int isign __P((char *, struct ignoretab [])); int isprefix __P((char *, char *)); -void istrcpy __P((char *, char *)); +void istrncpy __P((char *, char *, size_t)); struct cmd * lex __P((char [])); void load __P((char *)); @@ -179,7 +179,6 @@ int newfileinfo __P((void)); int next __P((int *)); int null __P((int)); -void panic __P((const char *, ...)); void parse __P((char [], struct headline *, char [])); int pcmdlist __P((void)); int pdot __P((void)); @@ -193,7 +192,7 @@ int pversion __P((int)); void quit __P((void)); int quitcmd __P((void)); -int raise __P((int)); +int upcase __P((int)); int readline __P((FILE *, char *, int)); void register_file __P((FILE *, int, int)); void regret __P((int)); @@ -214,7 +213,7 @@ int schdir __P((char **)); int screensize __P((void)); int scroll __P((char [])); -int send __P((struct message *, FILE *, struct ignoretab *, char *)); +int sendmessage __P((struct message *, FILE *, struct ignoretab *, char *)); int sendmail __P((char *)); int set __P((char **)); int setfile __P((char *)); @@ -251,3 +250,6 @@ int wait_child __P((int)); int wait_command __P((int)); int writeback __P((FILE *)); + +extern char *__progname; +extern char *tmpdir; Index: fio.c =================================================================== RCS file: /home/ncvs/src/usr.bin/mail/fio.c,v retrieving revision 1.3 diff -u -r1.3 fio.c --- fio.c 2000/10/24 13:54:31 1.3 +++ fio.c 2001/02/15 21:31:44 @@ -59,22 +59,19 @@ setptr(ibuf) register FILE *ibuf; { - extern char *tmpdir; register int c, count; register char *cp, *cp2; struct message this; FILE *mestmp; off_t offset; int maybe, inhead; - char linebuf[LINESIZE]; + char linebuf[LINESIZE], pathbuf[PATHSIZE]; /* Get temporary file. */ - (void)sprintf(linebuf, "%s/mail.XXXXXX", tmpdir); - if ((c = mkstemp(linebuf)) == -1 || - (mestmp = Fdopen(c, "r+")) == NULL) { - errx(1, "can't open %s", linebuf); - } - (void)unlink(linebuf); + (void)snprintf(pathbuf, sizeof(pathbuf), "%s/mail.XXXXXXXXXX", tmpdir); + if ((c = mkstemp(pathbuf)) == -1 || (mestmp = Fdopen(c, "r+")) == NULL) + err(1, "can't open %s", pathbuf); + (void)rm(pathbuf); msgCount = 0; maybe = 1; @@ -86,27 +83,22 @@ this.m_block = 0; this.m_offset = 0; for (;;) { - if (fgets(linebuf, LINESIZE, ibuf) == NULL) { - if (append(&this, mestmp)) { - perror("temporary file"); - exit(1); - } + if (fgets(linebuf, sizeof(linebuf), ibuf) == NULL) { + if (append(&this, mestmp)) + err(1, "temporary file"); makemessage(mestmp); return; } count = strlen(linebuf); (void) fwrite(linebuf, sizeof *linebuf, count, otf); - if (ferror(otf)) { - perror("/tmp"); - exit(1); - } - linebuf[count - 1] = 0; + if (ferror(otf)) + err(1, "/tmp"); + if (count) + linebuf[count - 1] = '\0'; if (maybe && linebuf[0] == 'F' && ishead(linebuf)) { msgCount++; - if (append(&this, mestmp)) { - perror("temporary file"); - exit(1); - } + if (append(&this, mestmp)) + err(1, "temporary file"); this.m_flag = MUSED|MNEW; this.m_size = 0; this.m_lines = 0; @@ -193,10 +185,8 @@ { fflush(otf); - if (fseek(itf, (long)positionof(mp->m_block, mp->m_offset), 0) < 0) { - perror("fseek"); - panic("Temporary file seek"); - } + if (fseek(itf, (long)positionof(mp->m_block, mp->m_offset), 0) < 0) + err(1, "fseek"); return (itf); } @@ -213,13 +203,13 @@ if (message != 0) free((char *) message); if ((message = (struct message *) malloc((unsigned) size)) == 0) - panic("Insufficient memory for %d messages", msgCount); + err(1, "Out of memory"); dot = message; size -= sizeof (struct message); fflush(f); (void) lseek(fileno(f), (off_t)sizeof *message, 0); if (read(fileno(f), (char *) message, size) != size) - panic("Message temporary file corrupted"); + errx(1, "Message temporary file corrupted"); message[msgCount].m_size = 0; message[msgCount].m_lines = 0; Fclose(f); @@ -315,7 +305,7 @@ register char *cp, *shell; int pivec[2]; struct stat sbuf; - extern union wait wait_status; + extern int wait_status; /* * The order of evaluation is "%" and "#" expand into constants. @@ -325,7 +315,7 @@ */ switch (*name) { case '%': - findmail(name[1] ? name + 1 : myname, xname); + findmail(name[1] ? name + 1 : myname, xname, sizeof(xname)); return savestr(xname); case '#': if (name[1] != 0) @@ -340,22 +330,22 @@ name = "~/mbox"; /* fall through */ } - if (name[0] == '+' && getfold(cmdbuf) >= 0) { - sprintf(xname, "%s/%s", cmdbuf, name + 1); + if (name[0] == '+' && getfold(cmdbuf, sizeof(cmdbuf)) >= 0) { + snprintf(xname, sizeof(xname), "%s/%s", cmdbuf, name + 1); name = savestr(xname); } /* catch the most common shell meta character */ - if (name[0] == '~' && (name[1] == '/' || name[1] == '\0')) { - sprintf(xname, "%s%s", homedir, name + 1); + if (name[0] == '~' && homedir && (name[1] == '/' || name[1] == '\0')) { + snprintf(xname, sizeof(xname), "%s%s", homedir, name + 1); name = savestr(xname); } if (!anyof(name, "~{[*?$`'\"\\")) return name; if (pipe(pivec) < 0) { - perror("pipe"); + warn("pipe"); return name; } - sprintf(cmdbuf, "echo %s", name); + snprintf(cmdbuf, sizeof(cmdbuf), "echo %s", name); if ((shell = value("SHELL")) == NOSTR) shell = _PATH_CSHELL; pid = start_command(shell, 0, -1, pivec[1], "-c", cmdbuf, NOSTR); @@ -367,12 +357,12 @@ close(pivec[1]); l = read(pivec[0], xname, BUFSIZ); close(pivec[0]); - if (wait_child(pid) < 0 && wait_status.w_termsig != SIGPIPE) { + if (wait_child(pid) < 0 && WIFSIGNALED(wait_status) && WTERMSIG(wait_status) != SIGPIPE) { fprintf(stderr, "\"%s\": Expansion failed.\n", name); return NOSTR; } if (l < 0) { - perror("read"); + warn("read"); return NOSTR; } if (l == 0) { @@ -383,11 +373,11 @@ fprintf(stderr, "\"%s\": Expansion buffer overflow.\n", name); return NOSTR; } - xname[l] = 0; + xname[l] = '\0'; for (cp = &xname[l-1]; *cp == '\n' && cp > xname; cp--) ; cp[1] = '\0'; - if (index(xname, ' ') && stat(xname, &sbuf) < 0) { + if (strchr(xname, ' ') && stat(xname, &sbuf) < 0) { fprintf(stderr, "\"%s\": Ambiguous.\n", name); return NOSTR; } @@ -398,17 +388,18 @@ * Determine the current folder directory name. */ int -getfold(name) +getfold(name, namelen) char *name; + int namelen; { char *folder; if ((folder = value("folder")) == NOSTR) return (-1); if (*folder == '/') - strcpy(name, folder); + strlcpy(name, folder, namelen); else - sprintf(name, "%s/%s", homedir, folder); + snprintf(name, namelen, "%s/%s", homedir ? homedir : ".", folder); return (0); } @@ -425,7 +416,7 @@ else if (*cp != '/') { char buf[PATHSIZE]; - (void) sprintf(buf, "~/%s", cp); + (void) snprintf(buf, sizeof(buf), "~/%s", cp); cp = expand(buf); } return cp; Index: getname.c =================================================================== RCS file: /home/ncvs/src/usr.bin/mail/getname.c,v retrieving revision 1.1.1.1 diff -u -r1.1.1.1 getname.c --- getname.c 1994/05/27 12:32:06 1.1.1.1 +++ getname.c 2001/02/15 21:31:44 @@ -42,8 +42,8 @@ /* Getname / getuserid for those with hashed passwd data base). */ /* - * Search the passwd file for a uid. Return name through ref parameter - * if found, indicating success with 0 return. Return -1 on error. + * Search the passwd file for a uid. Return name on success, + * NOSTR on failure */ char * getname(uid) Index: head.c =================================================================== RCS file: /home/ncvs/src/usr.bin/mail/head.c,v retrieving revision 1.1.1.1 diff -u -r1.1.1.1 head.c --- head.c 1994/05/27 12:32:06 1.1.1.1 +++ head.c 2001/02/15 21:31:44 @@ -53,13 +53,10 @@ ishead(linebuf) char linebuf[]; { - register char *cp; struct headline hl; char parbuf[BUFSIZ]; - cp = linebuf; - if (*cp++ != 'F' || *cp++ != 'r' || *cp++ != 'o' || *cp++ != 'm' || - *cp++ != ' ') + if (strncmp(linebuf, "From ", 5)) return (0); parse(linebuf, &hl, parbuf); if (hl.l_from == NOSTR || hl.l_date == NOSTR) { Index: lex.c =================================================================== RCS file: /home/ncvs/src/usr.bin/mail/lex.c,v retrieving revision 1.8 diff -u -r1.8 lex.c --- lex.c 2000/11/27 07:32:29 1.8 +++ lex.c 2001/02/15 21:31:45 @@ -61,12 +61,12 @@ char *name; { FILE *ibuf; - int i; + int i, fd; struct stat stb; char isedit = *name != '%'; char *who = name[1] ? name + 1 : myname; + char tempname[PATHSIZE]; static int shudclob; - extern char *tempMesg; if ((name = expand(name)) == NOSTR) return -1; @@ -74,12 +74,12 @@ if ((ibuf = Fopen(name, "r")) == NULL) { if (!isedit && errno == ENOENT) goto nomail; - perror(name); + warn("%s", name); return(-1); } if (fstat(fileno(ibuf), &stb) < 0) { - perror("fstat"); + warn("fstat"); Fclose(ibuf); return (-1); } @@ -88,7 +88,7 @@ case S_IFDIR: Fclose(ibuf); errno = EISDIR; - perror(name); + warn("%s", name); return (-1); case S_IFREG: @@ -97,7 +97,7 @@ default: Fclose(ibuf); errno = EINVAL; - perror(name); + warn("%s", name); return (-1); } @@ -128,21 +128,18 @@ } shudclob = 1; edit = isedit; - strcpy(prevfile, mailname); + strlcpy(prevfile, mailname, sizeof(prevfile)); if (name != mailname) - strcpy(mailname, name); + strlcpy(mailname, name, sizeof(mailname)); mailsize = fsize(ibuf); - if ((otf = fopen(tempMesg, "w")) == NULL) { - perror(tempMesg); - exit(1); - } + snprintf(tempname, sizeof(tempname), "%s/mail.RxXXXXXXXXXX", tmpdir); + if ((fd = mkstemp(tempname)) == -1 || (otf = fdopen(fd, "w")) == NULL) + err(1, "%s", tempname); (void) fcntl(fileno(otf), F_SETFD, 1); - if ((itf = fopen(tempMesg, "r")) == NULL) { - perror(tempMesg); - exit(1); - } + if ((itf = fopen(tempname, "r")) == NULL) + err(1, "%s", tempname); (void) fcntl(fileno(itf), F_SETFD, 1); - rm(tempMesg); + rm(tempname); setptr(ibuf); setmsize(msgCount); Fclose(ibuf); @@ -273,7 +270,7 @@ return(0); } cp2 = word; - while (*cp && index(" \t0123456789$^.:/-+*'\"", *cp) == NOSTR) + while (*cp && strchr(" \t0123456789$^.:/-+*'\"", *cp) == NOSTR) *cp2++ = *cp++; *cp2 = '\0'; @@ -405,7 +402,7 @@ break; default: - panic("Unknown argtype"); + errx(1, "Unknown argtype"); } out: @@ -463,7 +460,7 @@ * ignore trailing chars after `#' * * lines with beginning `#' are comments - * spaces befor `#' are ignored in execute() + * spaces before `#' are ignored in execute() */ if (*word == '#') @@ -588,7 +585,7 @@ { register struct message *mp; register int u, n, mdot, d, s; - char fname[BUFSIZ], zname[BUFSIZ], *ename; + char fname[PATHSIZE+1], zname[PATHSIZE+1], *ename; for (mp = &message[0]; mp < &message[msgCount]; mp++) if (mp->m_flag & MNEW) @@ -613,10 +610,10 @@ s++; } ename = mailname; - if (getfold(fname) >= 0) { + if (getfold(fname, sizeof(fname) - 1) >= 0) { strcat(fname, "/"); if (strncmp(fname, mailname, strlen(fname)) == 0) { - sprintf(zname, "+%s", mailname + strlen(fname)); + snprintf(zname, sizeof(zname), "+%s", mailname + strlen(fname)); ename = zname; } } Index: list.c =================================================================== RCS file: /home/ncvs/src/usr.bin/mail/list.c,v retrieving revision 1.2 diff -u -r1.2 list.c --- list.c 1995/05/30 06:31:40 1.2 +++ list.c 2001/02/15 21:31:46 @@ -391,8 +391,12 @@ { register char c, *cp, *cp2, quotec; int argn; - char linebuf[BUFSIZ]; + char *linebuf; + size_t linebufsize = BUFSIZ; + if ((linebuf = (char *)malloc(linebufsize)) == NULL) + err(1, "Out of memory"); + argn = 0; cp = line; for (;;) { @@ -408,6 +412,13 @@ cp2 = linebuf; quotec = '\0'; while ((c = *cp) != '\0') { + /* Allocate more space if necessary */ + if (cp2 - linebuf == linebufsize - 1) { + linebufsize += BUFSIZ; + if ((linebuf = realloc(linebuf, linebufsize)) == NULL) + err(1, "Out of memory"); + cp2 = linebuf + linebufsize - BUFSIZ - 1; + } cp++; if (quotec != '\0') { if (c == quotec) @@ -473,6 +484,7 @@ argv[argn++] = savestr(linebuf); } argv[argn] = NOSTR; + free(linebuf); return argn; } @@ -605,7 +617,7 @@ int token; { if (++regretp >= REGDEP) - panic("Too many regrets"); + errx(1, "Too many regrets"); regretstack[regretp] = token; lexstring[STRINGLEN-1] = '\0'; string_stack[regretp] = savestr(lexstring); @@ -662,7 +674,7 @@ while (*cp2) { if (*cp == 0) return(1); - if (raise(*cp++) != raise(*cp2++)) { + if (upcase(*cp++) != upcase(*cp2++)) { cp2 = ++backup; cp = str; } @@ -678,7 +690,7 @@ * previous search string. */ -char lastscan[128]; +char lastscan[STRINGLEN]; int matchsubj(str, mesg) char *str; @@ -688,17 +700,17 @@ register char *cp, *cp2, *backup; str++; - if (strlen(str) == 0) + if (*str == '\0') str = lastscan; else - strcpy(lastscan, str); + strlcpy(lastscan, str, sizeof(lastscan)); mp = &message[mesg-1]; /* * Now look, ignoring case, for the word in the string. */ - if (value("searchheaders") && (cp = index(str, ':'))) { + if (value("searchheaders") && (cp = strchr(str, ':'))) { *cp++ = '\0'; cp2 = hfield(str, mp); cp[-1] = ':'; @@ -713,7 +725,7 @@ while (*cp2) { if (*cp == 0) return(1); - if (raise(*cp++) != raise(*cp2++)) { + if (upcase(*cp++) != upcase(*cp2++)) { cp2 = ++backup; cp = str; } @@ -732,7 +744,7 @@ i = mesg; if (i < 1 || i > msgCount) - panic("Bad message number to mark"); + errx(1, "Bad message number to mark"); message[i-1].m_flag |= MMARK; } @@ -747,7 +759,7 @@ i = mesg; if (i < 1 || i > msgCount) - panic("Bad message number to unmark"); + errx(1, "Bad message number to unmark"); message[i-1].m_flag &= ~MMARK; } Index: main.c =================================================================== RCS file: /home/ncvs/src/usr.bin/mail/main.c,v retrieving revision 1.6 diff -u -r1.6 main.c --- main.c 1999/05/20 22:23:04 1.6 +++ main.c 2001/02/15 21:31:46 @@ -42,7 +42,6 @@ #endif /* not lint */ #include "rcv.h" -#include #include #include "extern.h" @@ -99,10 +98,8 @@ * articles have been read/deleted for netnews. */ Tflag = optarg; - if ((i = creat(Tflag, 0600)) < 0) { - perror(Tflag); - exit(1); - } + if ((i = creat(Tflag, 0600)) < 0) + err(1, "%s", Tflag); close(i); break; case 'u': @@ -197,14 +194,10 @@ /* * Check for inconsistent arguments. */ - if (to == NIL && (subject != NOSTR || cc != NIL || bcc != NIL)) { - fputs("You must specify direct recipients with -s, -c, or -b.\n", stderr); - exit(1); - } - if (ef != NOSTR && to != NIL) { - fprintf(stderr, "Cannot give -f and people to send to.\n"); - exit(1); - } + if (to == NIL && (subject != NOSTR || cc != NIL || bcc != NIL)) + errx(1, "You must specify direct recipients with -s, -c, or -b."); + if (ef != NOSTR && to != NIL) + errx(1, "Cannot give -f and people to send to."); tinit(); setscreensize(); input = stdin; Index: names.c =================================================================== RCS file: /home/ncvs/src/usr.bin/mail/names.c,v retrieving revision 1.4 diff -u -r1.4 names.c --- names.c 1998/10/10 09:58:20 1.4 +++ names.c 2001/02/15 21:31:49 @@ -94,10 +94,12 @@ { register char *cp; register struct name *top, *np, *t; - char nbuf[BUFSIZ]; + char *nbuf; if (line == NOSTR || *line == '\0') return NIL; + if ((nbuf = (char *)malloc(strlen(line) + 1)) == NULL) + err(1, "Out of memory"); top = NIL; np = NIL; cp = line; @@ -110,6 +112,7 @@ t->n_blink = np; np = t; } + free(nbuf); return top; } @@ -153,9 +156,9 @@ *cp++ = ','; *cp++ = ' '; } - *--cp = 0; + *--cp = '\0'; if (comma && *--cp == ',') - *cp = 0; + *cp = '\0'; return(top); } @@ -197,7 +200,7 @@ for (cp2 = wbuf; *cp && (*cp2++ = *cp++) != '>';) ; else - for (cp2 = wbuf; *cp && !index(" \t,(", *cp); *cp2++ = *cp++) + for (cp2 = wbuf; *cp && !strchr(" \t,(", *cp); *cp2++ = *cp++) ; *cp2 = '\0'; return cp; @@ -223,7 +226,6 @@ char *date, *fname, *ctime(); FILE *fout, *fin; int ispipe; - extern char *tempEdit; top = names; np = names; @@ -246,15 +248,21 @@ */ if (image < 0) { - if ((fout = Fopen(tempEdit, "a")) == NULL) { - perror(tempEdit); + int fd; + char tempname[PATHSIZE]; + + snprintf(tempname, sizeof(tempname), + "%s/mail.ReXXXXXXXXXX", tmpdir); + if ((fd = mkstemp(tempname)) == -1 || + (fout = Fdopen(fd, "a")) == NULL) { + warn("%s", tempname); senderr++; goto cant; } - image = open(tempEdit, 2); - (void) unlink(tempEdit); + image = open(tempname, O_RDWR); + (void)rm(tempname); if (image < 0) { - perror(tempEdit); + warn("%s", tempname); senderr++; (void) Fclose(fout); goto cant; @@ -268,8 +276,12 @@ rewind(fo); (void) putc('\n', fout); (void) fflush(fout); - if (ferror(fout)) - perror(tempEdit); + if (ferror(fout)) { + warn("%s", tempname); + senderr++; + Fclose(fout); + goto cant; + } (void) Fclose(fout); } @@ -303,12 +315,12 @@ } else { int f; if ((fout = Fopen(fname, "a")) == NULL) { - perror(fname); + warn("%s", fname); senderr++; goto cant; } if ((f = dup(image)) < 0) { - perror("dup"); + warn("dup"); fin = NULL; } else fin = Fdopen(f, "r"); @@ -321,8 +333,13 @@ rewind(fin); while ((c = getc(fin)) != EOF) (void) putc(c, fout); - if (ferror(fout)) - senderr++, perror(fname); + if (ferror(fout)) { + warn("%s", fname); + senderr++; + Fclose(fout); + Fclose(fin); + goto cant; + } (void) Fclose(fout); (void) Fclose(fin); } @@ -483,7 +500,7 @@ n = np; if ((t = count(n)) == 0) - panic("No names to unpack"); + errx(1, "No names to unpack"); /* * Compute the number of extra arguments we will need. * We need at least two extra -- one for "mail" and one for Index: popen.c =================================================================== RCS file: /home/ncvs/src/usr.bin/mail/popen.c,v retrieving revision 1.2 diff -u -r1.2 popen.c --- popen.c 1998/10/10 19:18:30 1.2 +++ popen.c 2001/02/15 21:31:49 @@ -55,12 +55,13 @@ int pid; char done; char free; - union wait status; + int status; struct child *link; }; static struct child *child; static struct child *findchild __P((int)); static void delchild __P((struct child *)); +static int file_pid __P((FILE *)); FILE * Fopen(file, mode) @@ -166,7 +167,7 @@ struct fp *fpp; if ((fpp = (struct fp *) malloc(sizeof *fpp)) == NULL) - panic("Out of memory"); + err(1, "Out of memory"); fpp->fp = fp; fpp->pipe = pipe; fpp->pid = pid; @@ -186,9 +187,11 @@ free((char *) p); return; } - panic("Invalid file pointer"); + errx(1, "Invalid file pointer"); + /*NOTREACHED*/ } +int file_pid(fp) FILE *fp; { @@ -197,7 +200,7 @@ for (p = fp_head; p; p = p->link) if (p->fp == fp) return (p->pid); - panic("Invalid file pointer"); + errx(1, "Invalid file pointer"); /*NOTREACHED*/ } @@ -232,7 +235,7 @@ int pid; if ((pid = fork()) < 0) { - perror("fork"); + warn("fork"); return -1; } if (pid == 0) { @@ -245,7 +248,7 @@ argv[i] = NOSTR; prepare_child(mask, infd, outfd); execvp(argv[0], argv); - perror(argv[0]); + warn("%s", argv[0]); _exit(1); } return pid; @@ -320,11 +323,10 @@ int signo; { int pid; - union wait status; + int status; register struct child *cp; - while ((pid = - wait3((int *)&status, WNOHANG, (struct rusage *)0)) > 0) { + while ((pid = waitpid((pid_t)-1, &status, WNOHANG)) > 0) { cp = findchild(pid); if (cp->free) delchild(cp); @@ -335,7 +337,7 @@ } } -union wait wait_status; +int wait_status; /* * Wait for a specific child to die. @@ -352,7 +354,7 @@ wait_status = cp->status; delchild(cp); sigsetmask(mask); - return wait_status.w_status ? -1 : 0; + return((WIFEXITED(wait_status) && WEXITSTATUS(wait_status)) ? -1 : 0); } /* Index: quit.c =================================================================== RCS file: /home/ncvs/src/usr.bin/mail/quit.c,v retrieving revision 1.2 diff -u -r1.2 quit.c --- quit.c 1998/10/10 09:58:20 1.2 +++ quit.c 2001/02/15 21:31:50 @@ -72,9 +72,9 @@ FILE *ibuf, *obuf, *fbuf, *rbuf, *readstat, *abuf; register struct message *mp; register int c; - extern char *tempQuit, *tempResid; + int fd; struct stat minfo; - char *mbox; + char *mbox, tempname[PATHSIZE]; /* * If we are read only, we can't do anything, @@ -108,8 +108,9 @@ rbuf = NULL; if (fstat(fileno(fbuf), &minfo) >= 0 && minfo.st_size > mailsize) { printf("New mail has arrived.\n"); - rbuf = Fopen(tempResid, "w"); - if (rbuf == NULL || fbuf == NULL) + snprintf(tempname, sizeof(tempname), "%s/mail.RqXXXXXXXXXX", tmpdir); + if ((fd = mkstemp(tempname)) == -1 || + (rbuf = Fdopen(fd, "w")) == NULL) goto newmail; #ifdef APPEND fseek(fbuf, (long)mailsize, 0); @@ -125,9 +126,9 @@ } #endif Fclose(rbuf); - if ((rbuf = Fopen(tempResid, "r")) == NULL) + if ((rbuf = Fopen(tempname, "r")) == NULL) goto newmail; - rm(tempResid); + rm(tempname); } /* @@ -198,26 +199,28 @@ mbox = expand("&"); mcount = c; if (value("append") == NOSTR) { - if ((obuf = Fopen(tempQuit, "w")) == NULL) { - perror(tempQuit); + snprintf(tempname, sizeof(tempname), "%s/mail.RmXXXXXXXXXX", tmpdir); + if ((fd = mkstemp(tempname)) == -1 || + (obuf = Fdopen(fd, "w")) == NULL) { + warn("%s", tempname); Fclose(fbuf); return; } - if ((ibuf = Fopen(tempQuit, "r")) == NULL) { - perror(tempQuit); - rm(tempQuit); + if ((ibuf = Fopen(tempname, "r")) == NULL) { + warn("%s", tempname); + rm(tempname); Fclose(obuf); Fclose(fbuf); return; } - rm(tempQuit); + rm(tempname); if ((abuf = Fopen(mbox, "r")) != NULL) { while ((c = getc(abuf)) != EOF) (void) putc(c, obuf); Fclose(abuf); } if (ferror(obuf)) { - perror(tempQuit); + warn("%s", tempname); Fclose(ibuf); Fclose(obuf); Fclose(fbuf); @@ -226,7 +229,7 @@ Fclose(obuf); close(creat(mbox, 0600)); if ((obuf = Fopen(mbox, "r+")) == NULL) { - perror(mbox); + warn("%s", mbox); Fclose(ibuf); Fclose(fbuf); return; @@ -234,7 +237,7 @@ } if (value("append") != NOSTR) { if ((obuf = Fopen(mbox, "a")) == NULL) { - perror(mbox); + warn("%s", mbox); Fclose(fbuf); return; } @@ -242,8 +245,8 @@ } for (mp = &message[0]; mp < &message[msgCount]; mp++) if (mp->m_flag & MBOX) - if (send(mp, obuf, saveignore, NOSTR) < 0) { - perror(mbox); + if (sendmessage(mp, obuf, saveignore, NOSTR) < 0) { + warn("%s", mbox); Fclose(ibuf); Fclose(obuf); Fclose(fbuf); @@ -270,7 +273,7 @@ } trunc(obuf); if (ferror(obuf)) { - perror(mbox); + warn("%s", mbox); Fclose(obuf); Fclose(fbuf); return; @@ -337,7 +340,7 @@ p = 0; if ((obuf = Fopen(mailname, "r+")) == NULL) { - perror(mailname); + warn("%s", mailname); return(-1); } #ifndef APPEND @@ -348,8 +351,8 @@ for (mp = &message[0]; mp < &message[msgCount]; mp++) if ((mp->m_flag&MPRESERVE)||(mp->m_flag&MTOUCH)==0) { p++; - if (send(mp, obuf, (struct ignoretab *)0, NOSTR) < 0) { - perror(mailname); + if (sendmessage(mp, obuf, (struct ignoretab *)0, NOSTR) < 0) { + warn("%s", mailname); Fclose(obuf); return(-1); } @@ -362,7 +365,7 @@ fflush(obuf); trunc(obuf); if (ferror(obuf)) { - perror(mailname); + warn("%s", mailname); Fclose(obuf); return(-1); } @@ -384,13 +387,11 @@ void edstop() { - extern char *tmpdir; register int gotcha, c; register struct message *mp; FILE *obuf, *ibuf, *readstat; struct stat statb; - char tempname[30]; - char *mktemp(); + char tempname[PATHSIZE]; if (readonly) return; @@ -419,16 +420,16 @@ goto done; ibuf = NULL; if (stat(mailname, &statb) >= 0 && statb.st_size > mailsize) { - strcpy(tempname, tmpdir); - strcat(tempname, "mboxXXXXXX"); - mktemp(tempname); - if ((obuf = Fopen(tempname, "w")) == NULL) { - perror(tempname); + int fd; + + snprintf(tempname, sizeof(tempname), "%s/mbox.XXXXXXXXXX", tmpdir); + if ((fd = mkstemp(tempname)) == -1 || (obuf = Fdopen(fd, "w")) == NULL) { + warn("%s", tempname); relsesigs(); reset(0); } if ((ibuf = Fopen(mailname, "r")) == NULL) { - perror(mailname); + warn("%s", mailname); Fclose(obuf); rm(tempname); relsesigs(); @@ -440,7 +441,7 @@ Fclose(ibuf); Fclose(obuf); if ((ibuf = Fopen(tempname, "r")) == NULL) { - perror(tempname); + warn("%s", tempname); rm(tempname); relsesigs(); reset(0); @@ -450,7 +451,7 @@ printf("\"%s\" ", mailname); fflush(stdout); if ((obuf = Fopen(mailname, "r+")) == NULL) { - perror(mailname); + warn("%s", mailname); relsesigs(); reset(0); } @@ -460,8 +461,8 @@ if ((mp->m_flag & MDELETED) != 0) continue; c++; - if (send(mp, obuf, (struct ignoretab *) NULL, NOSTR) < 0) { - perror(mailname); + if (sendmessage(mp, obuf, (struct ignoretab *) NULL, NOSTR) < 0) { + warn("%s", mailname); relsesigs(); reset(0); } @@ -474,7 +475,7 @@ } fflush(obuf); if (ferror(obuf)) { - perror(mailname); + warn("%s", mailname); relsesigs(); reset(0); } Index: send.c =================================================================== RCS file: /home/ncvs/src/usr.bin/mail/send.c,v retrieving revision 1.5 diff -u -r1.5 send.c --- send.c 1998/10/10 09:58:20 1.5 +++ send.c 2001/02/15 21:31:50 @@ -52,7 +52,7 @@ * prefix is a string to prepend to each output line. */ int -send(mp, obuf, doign, prefix) +sendmessage(mp, obuf, doign, prefix) register struct message *mp; FILE *obuf; struct ignoretab *doign; @@ -87,7 +87,7 @@ * Process headers first */ while (count > 0 && ishead) { - if (fgets(line, LINESIZE, ibuf) == NULL) + if (fgets(line, sizeof(line), ibuf) == NULL) break; count -= length = strlen(line); if (firstline) { @@ -172,12 +172,13 @@ * Strip trailing whitespace from prefix * if line is blank. */ - if (prefix != NOSTR) + if (prefix != NOSTR) { if (length > 1) fputs(prefix, obuf); else (void) fwrite(prefix, sizeof *prefix, prefixlen, obuf); + } (void) fwrite(line, sizeof *line, length, obuf); if (ferror(obuf)) return -1; @@ -190,7 +191,7 @@ count--; /* skip final blank line */ if (prefix != NOSTR) while (count > 0) { - if (fgets(line, LINESIZE, ibuf) == NULL) { + if (fgets(line, sizeof(line), ibuf) == NULL) { c = 0; break; } @@ -312,18 +313,20 @@ */ if ((mtf = collect(hp, printheaders)) == NULL) return; - if (value("interactive") != NOSTR) + if (value("interactive") != NOSTR) { if (value("askcc") != NOSTR) grabh(hp, GCC); else { printf("EOT\n"); (void) fflush(stdout); } - if (fsize(mtf) == 0) + } + if (fsize(mtf) == 0) { if (hp->h_subject == NOSTR) printf("No message, no subject; hope that's ok\n"); else printf("Null message body; hope that's ok\n"); + } /* * Now, take the user names from the combined * to and cc lists and do all the alias @@ -369,7 +372,7 @@ */ pid = fork(); if (pid == -1) { - perror("fork"); + warn("fork"); savedeadletter(mtf); goto out; } @@ -382,7 +385,7 @@ else cp = _PATH_SENDMAIL; execv(cp, namelist); - perror(cp); + warn("%s", cp); _exit(1); } if (value("verbose") != NOSTR) @@ -428,20 +431,24 @@ struct header *hp; FILE *fi; { - extern char *tempMail; register FILE *nfo, *nfi; register int c; + int fd; + char tempname[PATHSIZE]; - if ((nfo = Fopen(tempMail, "w")) == NULL) { - perror(tempMail); + snprintf(tempname, sizeof(tempname), "%s/mail.RsXXXXXXXXXX", tmpdir); + if ((fd = mkstemp(tempname)) == -1 || + (nfo = Fdopen(fd, "w")) == NULL) { + warn("%s", tempname); return(fi); } - if ((nfi = Fopen(tempMail, "r")) == NULL) { - perror(tempMail); + if ((nfi = Fopen(tempname, "r")) == NULL) { + warn("%s", tempname); (void) Fclose(nfo); + (void)rm(tempname); return(fi); } - (void) rm(tempMail); + (void) rm(tempname); (void) puthead(hp, nfo, GTO|GSUBJECT|GCC|GBCC|GREPLYTO|GINREPLYTO|GNL|GCOMMA); c = getc(fi); @@ -450,13 +457,13 @@ c = getc(fi); } if (ferror(fi)) { - perror("read"); + warn("read"); rewind(fi); return(fi); } (void) fflush(nfo); if (ferror(nfo)) { - perror(tempMail); + warn("%s", tempname); (void) Fclose(nfo); (void) Fclose(nfi); rewind(fi); @@ -549,7 +556,7 @@ char *ctime(); if ((fo = Fopen(name, "a")) == NULL) { - perror(name); + warn("%s", name); return (-1); } (void) time(&now); @@ -559,7 +566,7 @@ (void) putc('\n', fo); (void) fflush(fo); if (ferror(fo)) - perror(name); + warn("%s", name); (void) Fclose(fo); rewind(fi); return (0); Index: strings.c =================================================================== RCS file: /home/ncvs/src/usr.bin/mail/strings.c,v retrieving revision 1.2 diff -u -r1.2 strings.c --- strings.c 1999/01/13 10:37:22 1.2 +++ strings.c 2001/02/15 21:31:50 @@ -75,14 +75,12 @@ index++; } if (sp >= &stringdope[NSPACE]) - panic("String too large"); + errx(1, "String too large"); if (sp->s_topFree == NOSTR) { index = sp - &stringdope[0]; sp->s_topFree = malloc(STRINGSIZE << index); - if (sp->s_topFree == NOSTR) { - fprintf(stderr, "No room for space %d\n", index); - panic("Internal error"); - } + if (sp->s_topFree == NOSTR) + errx(1, "No room for space %d", index); sp->s_nextFree = sp->s_topFree; sp->s_nleft = STRINGSIZE << index; } Index: temp.c =================================================================== RCS file: /home/ncvs/src/usr.bin/mail/temp.c,v retrieving revision 1.6 diff -u -r1.6 temp.c --- temp.c 1999/08/28 01:03:23 1.6 +++ temp.c 2001/02/15 21:31:50 @@ -40,7 +40,6 @@ #endif /* not lint */ #include "rcv.h" -#include #include "extern.h" /* @@ -49,75 +48,45 @@ * Give names to all the temporary files that we will need. */ -char *tempMail; -char *tempQuit; -char *tempEdit; -char *tempResid; -char *tempMesg; char *tmpdir; void tinit() { register char *cp; - int len; - if ((tmpdir = getenv("TMPDIR")) == NULL) + if ((tmpdir = getenv("TMPDIR")) == NULL || *tmpdir == '\0') tmpdir = _PATH_TMP; - else { - len = strlen(tmpdir); - if ((cp = malloc(len + 2)) == NULL) - panic("Out of memory"); - (void)strcpy(cp, tmpdir); - cp[len] = '/'; - cp[len + 1] = '\0'; - tmpdir = cp; + if ((tmpdir = strdup(tmpdir)) == NULL) + errx(1, "Out of memory"); + /* Strip trailing '/' if necessary */ + cp = tmpdir + strlen(tmpdir) - 1; + while (cp > tmpdir && *cp == '/') { + *cp = '\0'; + cp--; } - len = strlen(tmpdir); - if ((tempMail = malloc(len + sizeof("RsXXXXXX"))) == NULL) - panic("Out of memory"); - strcpy(tempMail, tmpdir); - mktemp(strcat(tempMail, "RsXXXXXX")); - if ((tempResid = malloc(len + sizeof("RqXXXXXX"))) == NULL) - panic("Out of memory"); - strcpy(tempResid, tmpdir); - mktemp(strcat(tempResid, "RqXXXXXX")); - if ((tempQuit = malloc(len + sizeof("RmXXXXXX"))) == NULL) - panic("Out of memory"); - strcpy(tempQuit, tmpdir); - mktemp(strcat(tempQuit, "RmXXXXXX")); - if ((tempEdit = malloc(len + sizeof("ReXXXXXX"))) == NULL) - panic("Out of memory"); - strcpy(tempEdit, tmpdir); - mktemp(strcat(tempEdit, "ReXXXXXX")); - if ((tempMesg = malloc(len + sizeof("RxXXXXXX"))) == NULL) - panic("Out of memory"); - strcpy(tempMesg, tmpdir); - mktemp(strcat(tempMesg, "RxXXXXXX")); /* * It's okay to call savestr in here because main will * do a spreserve() after us. */ if (myname != NOSTR) { - if (getuserid(myname) < 0) { - printf("\"%s\" is not a user of this system\n", - myname); - exit(1); - } + if (getuserid(myname) < 0) + errx(1, "\"%s\" is not a user of this system", myname); } else { if ((cp = username()) == NOSTR) { myname = "ubluit"; - if (rcvmode) { - printf("Who are you!?\n"); - exit(1); - } + if (rcvmode) + errx(1, "Who are you!?"); } else myname = savestr(cp); } - if ((cp = getenv("HOME")) == NOSTR) - cp = "."; - homedir = savestr(cp); + if ((cp = getenv("HOME")) == NOSTR || *cp == '\0' || + strlen(cp) >= PATHSIZE) + homedir = NULL; + else + homedir = savestr(cp); if (debug) - printf("user = %s, homedir = %s\n", myname, homedir); + printf("user = %s, homedir = %s\n", myname, + homedir ? homedir : "NONE"); } Index: tty.c =================================================================== RCS file: /home/ncvs/src/usr.bin/mail/tty.c,v retrieving revision 1.2 diff -u -r1.2 tty.c --- tty.c 1996/08/19 20:23:35 1.2 +++ tty.c 2001/02/15 21:31:50 @@ -80,7 +80,7 @@ ttyset = 0; #endif if (tcgetattr(fileno(stdin), &tio) < 0) { - perror("tcgetattr(stdin)"); + warn("tcgetattr(stdin)"); return(-1); } c_erase = tio.c_cc[VERASE]; @@ -183,11 +183,11 @@ ioctl(0, TIOCSTI, &ch); } cp = canonb; - *cp = 0; + *cp = '\0'; #endif cp2 = cp; while (cp2 < canonb + BUFSIZ) - *cp2++ = 0; + *cp2++ = '\0'; cp2 = cp; if (setjmp(rewrite)) goto redo; Index: v7.local.c =================================================================== RCS file: /home/ncvs/src/usr.bin/mail/v7.local.c,v retrieving revision 1.2 diff -u -r1.2 v7.local.c --- v7.local.c 1996/10/06 01:55:32 1.2 +++ v7.local.c 2001/02/15 21:31:50 @@ -52,15 +52,16 @@ * mail is queued). */ void -findmail(user, buf) +findmail(user, buf, buflen) char *user, *buf; + int buflen; { char *tmp = getenv("MAIL"); if (tmp == NULL) - (void)sprintf(buf, "%s/%s", _PATH_MAILDIR, user); + (void)snprintf(buf, buflen, "%s/%s", _PATH_MAILDIR, user); else - (void)strcpy(buf, tmp); + (void)strlcpy(buf, tmp, buflen); } /* @@ -81,8 +82,14 @@ username() { char *np; + uid_t uid; if ((np = getenv("USER")) != NOSTR) return np; - return getname(getuid()); + if ((np = getenv("LOGNAME")) != NOSTR) + return np; + if ((np = getname(uid = getuid())) != NOSTR) + return np; + printf("Cannot associate a name with uid %u\n", (unsigned)uid); + return NOSTR; } Index: vars.c =================================================================== RCS file: /home/ncvs/src/usr.bin/mail/vars.c,v retrieving revision 1.1.1.1 diff -u -r1.1.1.1 vars.c --- vars.c 1994/05/27 12:32:07 1.1.1.1 +++ vars.c 2001/02/15 21:31:50 @@ -96,7 +96,7 @@ return ""; len = strlen(str) + 1; if ((new = malloc(len)) == NULL) - panic("Out of memory"); + err(1, "Out of memory"); bcopy(str, new, (int) len); return new; } -- Mike Heffner Blacksburg, VA http://filebox.vt.edu/users/mheffner --_=XFMail.1.4.7.FreeBSD:20010215192720:87326=_ Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6jHPnFokZQs3sv5kRAk2hAJ9tcwfNi5YOHEqAblDif5vtRME0ygCfUjRM DPlk9yQy8vSRIhvY6NoBoU8= =dmMR -----END PGP SIGNATURE----- --_=XFMail.1.4.7.FreeBSD:20010215192720:87326=_-- End of MIME message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Thu Feb 15 16:56:38 2001 Delivered-To: freebsd-audit@freebsd.org Received: from icicle.winternet.com (icicle.winternet.com [198.174.169.13]) by hub.freebsd.org (Postfix) with ESMTP id 222A437B491 for ; Thu, 15 Feb 2001 16:56:32 -0800 (PST) Received: from tundra.winternet.com (nrahlstr@tundra.winternet.com [198.174.169.11]) by icicle.winternet.com (8.9.3/8.9.3mc) with ESMTP id SAA19464; Thu, 15 Feb 2001 18:56:30 -0600 (CST) SMTP "HELO" (ESMTP) greeting from tundra.winternet.com But _really_ from :: nrahlstr@tundra.winternet.com [198.174.169.11] SMTP "MAIL From" = nrahlstr@mail.winternet.com (Nathan Ahlstrom) SMTP "RCPT To" = Received: (from nrahlstr@localhost) by tundra.winternet.com (8.8.7/8.8.4) id SAA28689; Thu, 15 Feb 2001 18:56:30 -0600 (CST) Date: Thu, 15 Feb 2001 18:56:29 -0600 From: Nathan Ahlstrom To: Mike Heffner Cc: FreeBSD-audit Subject: Re: mail(1) cleanup patch Message-ID: <20010215185629.A28636@winternet.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: ; from mheffner@vt.edu on Thu, Feb 15, 2001 at 07:27:20PM -0500 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi Mike, I created a similar patch several months ago. It is not as complete as your patch, but it does clean up some of those style bugs you mention below and was an attempt at BDEFLAGS (IIRC -- it's been awhile). http://people.freebsd.org/~nra/ I have a couple of questions about your patches for mail. - Why have an upcase() call? Why not just call toupper(3) directly? - I am a bit scared of the code in istrncpy, why not make a call to strncpy/strlcpy and another call to tolower() ? Thanks for the good work. Nathan Mike Heffner wrote: > The following patch to mail(1) is a combination of changes taken from OpenBSD > and NetBSD, as well as a few of my one. The patch addresses the following: > > - remove panic() in favor of err(3) and use err(3) functions > consistently throughout > - use stat(2)'s S_IS* macros rather than S_IF* > - [r]index -> str[r]chr > - convert some static buffers to dynamic ones > - use real tempfiles rather than reopening the same templates > - rename some functions that clash with libc > - convert wait_status from union to int and use wait(2) > status macros > - fix multiple potential buffer overflows > > as well as some misc. cleanups. I'd also like to eventually do a style(9) > cleanup patch (NOSTR -> NULL, kill register, whitespace fixes, ...) so that > diffs are somewhat closer with the other BSDs. > > (also at http://filebox.vt.edu/users/mheffner/patches/mail.patch) [patch trimmed] -- Nathan Ahlstrom / nrahlstr@winternet.com / nra@FreeBSD.org / PGP: 0x67BC9D19 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Thu Feb 15 17:59:35 2001 Delivered-To: freebsd-audit@freebsd.org Received: from lennier.cc.vt.edu (lennier.cc.vt.edu [198.82.161.193]) by hub.freebsd.org (Postfix) with ESMTP id 4D11437B4EC for ; Thu, 15 Feb 2001 17:59:32 -0800 (PST) Received: from mail.vt.edu (gkar.cc.vt.edu [198.82.161.190]) by lennier.cc.vt.edu (8.11.0/8.11.0) with ESMTP id f1G1xVu137401; Thu, 15 Feb 2001 20:59:31 -0500 (EST) Received: from enterprise.muriel.penguinpowered.com ([198.82.100.151]) by gkar.cc.vt.edu (Sun Internet Mail Server sims.3.5.2000.03.23.18.03.p10) with ESMTP id <0G8T00HT5UV68Z@gkar.cc.vt.edu>; Thu, 15 Feb 2001 20:59:30 -0500 (EST) Date: Thu, 15 Feb 2001 20:59:30 -0500 (EST) From: Mike Heffner Subject: Re: mail(1) cleanup patch In-reply-to: <20010215185629.A28636@winternet.com> To: Nathan Ahlstrom Cc: FreeBSD-audit Message-id: MIME-version: 1.0 X-Mailer: XFMail 1.4.7 on FreeBSD Content-type: multipart/signed; boundary="_=XFMail.1.4.7.FreeBSD:20010215205929:96217=_"; micalg=pgp-md5; protocol="application/pgp-signature" X-Priority: 3 (Normal) Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG This message is in MIME format --_=XFMail.1.4.7.FreeBSD:20010215205929:96217=_ Content-Type: text/plain; charset=us-ascii On 16-Feb-2001 Nathan Ahlstrom wrote: | | Hi Mike, | | I created a similar patch several months ago. It is not as complete | as your patch, but it does clean up some of those style bugs you mention | below and was an attempt at BDEFLAGS (IIRC -- it's been awhile). | | http://people.freebsd.org/~nra/ | | I have a couple of questions about your patches for mail. | | - Why have an upcase() call? Why not just call toupper(3) directly? | - I am a bit scared of the code in istrncpy, why not make a call to | strncpy/strlcpy and another call to tolower() ? | Well, first because that's what the other BSDs had done =). Second, for the upcase(), it allows us to do: list.c:677: if (upcase(*cp++) != upcase(*cp2++)) { list.c:728: if (upcase(*cp++) != upcase(*cp2++)) { without worrying about whether tolower() is implemented as a macro (but this isn't a problem since ours is implemented as an inline). However, this code could easily be rewritten to be safe with tolower(). As for the istrncpy(), I left it so that we wouldn't have to make two passes through the string, (once to copy, then to tolower()), but that overhead is probably negligible. Taking another look at the istrncpy(), the while loop could probably be rewritten as: while (--dsize != 0 && *src) { *dest++ = tolower(*src); src++; } -- Mike Heffner Blacksburg, VA http://filebox.vt.edu/users/mheffner --_=XFMail.1.4.7.FreeBSD:20010215205929:96217=_ Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6jImBFokZQs3sv5kRAjfyAKCZjnRA5nE6oQiewmUhb/YoXwaIbwCfdAP+ JY5+jvgM/uuwM+wK4IlaEDk= =gUy4 -----END PGP SIGNATURE----- --_=XFMail.1.4.7.FreeBSD:20010215205929:96217=_-- End of MIME message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Thu Feb 15 19:43:51 2001 Delivered-To: freebsd-audit@freebsd.org Received: from gw.nectar.com (gw.nectar.com [208.42.49.153]) by hub.freebsd.org (Postfix) with ESMTP id 20D6137B503 for ; Thu, 15 Feb 2001 19:43:48 -0800 (PST) Received: by gw.nectar.com (Postfix, from userid 1001) id 2B6FE19380; Thu, 15 Feb 2001 21:43:47 -0600 (CST) Date: Thu, 15 Feb 2001 21:43:47 -0600 From: "Jacques A. Vidrine" To: Mike Heffner Cc: Nathan Ahlstrom , FreeBSD-audit Subject: Re: mail(1) cleanup patch Message-ID: <20010215214346.A28110@spawn.nectar.com> Mail-Followup-To: "Jacques A. Vidrine" , Mike Heffner , Nathan Ahlstrom , FreeBSD-audit References: <20010215185629.A28636@winternet.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from mheffner@vt.edu on Thu, Feb 15, 2001 at 08:59:30PM -0500 X-Url: http://www.nectar.com/ Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, Feb 15, 2001 at 08:59:30PM -0500, Mike Heffner wrote: > Well, first because that's what the other BSDs had done =). Second, for the > upcase(), it allows us to do: > > list.c:677: if (upcase(*cp++) != upcase(*cp2++)) { > list.c:728: if (upcase(*cp++) != upcase(*cp2++)) { > > without worrying about whether tolower() is implemented as a macro (but this > isn't a problem since ours is implemented as an inline). Well, actually, it _is_ a macro -- which expands to an inline. But at any rate, C99 specifies that any Standard C library function implemented as a macro evaluates its argument only once [1], and GNU C is conformant in this respect. Using tolower is the right thing to do here. [snip] > Taking another look at the istrncpy(), the while loop could probably > be rewritten as: > > while (--dsize != 0 && *src) { > *dest++ = tolower(*src); > src++; > } I'd recommend just using the library (i.e. strlcpy/tolower) -- that is why it exists. Cheers, -- Jacques Vidrine / n@nectar.com / jvidrine@verio.net / nectar@FreeBSD.org [1] ISO/IEC 9899:1999 section 7.1.4 clause 1. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Thu Feb 15 20:44:39 2001 Delivered-To: freebsd-audit@freebsd.org Received: from lennier.cc.vt.edu (lennier.cc.vt.edu [198.82.161.193]) by hub.freebsd.org (Postfix) with ESMTP id 0D67D37B503 for ; Thu, 15 Feb 2001 20:44:25 -0800 (PST) Received: from mail.vt.edu (gkar.cc.vt.edu [198.82.161.190]) by lennier.cc.vt.edu (8.11.0/8.11.0) with ESMTP id f1G4iLu141757; Thu, 15 Feb 2001 23:44:21 -0500 (EST) Received: from enterprise.muriel.penguinpowered.com ([198.82.100.151]) by gkar.cc.vt.edu (Sun Internet Mail Server sims.3.5.2000.03.23.18.03.p10) with ESMTP id <0G8U00AQ52HVPT@gkar.cc.vt.edu>; Thu, 15 Feb 2001 23:44:19 -0500 (EST) Date: Thu, 15 Feb 2001 23:44:19 -0500 (EST) From: Mike Heffner Subject: Re: mail(1) cleanup patch In-reply-to: <20010215214346.A28110@spawn.nectar.com> To: "Jacques A. Vidrine" Cc: FreeBSD-audit Cc: FreeBSD-audit , Nathan Ahlstrom Message-id: MIME-version: 1.0 X-Mailer: XFMail 1.4.7 on FreeBSD Content-type: multipart/signed; boundary="_=XFMail.1.4.7.FreeBSD:20010215234419:96217=_"; micalg=pgp-md5; protocol="application/pgp-signature" X-Priority: 3 (Normal) Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG This message is in MIME format --_=XFMail.1.4.7.FreeBSD:20010215234419:96217=_ Content-Type: text/plain; charset=us-ascii On 16-Feb-2001 Jacques A. Vidrine wrote: | Well, actually, it _is_ a macro -- which expands to an inline. But at ... Alright, I redid the patch. I also axed copy() as it was just a hidden strcpy(), and was only used in one place. http://filebox.vt.edu/users/mheffner/patches/mail.patch -- Mike Heffner Blacksburg, VA http://filebox.vt.edu/users/mheffner --_=XFMail.1.4.7.FreeBSD:20010215234419:96217=_ Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6jLAjFokZQs3sv5kRAvf/AJwLjYDa84PXvS/bNhnt3S29DUkbZACcC0XN wAFCg9yzBdpcaIkg7A7DIkc= =8WBJ -----END PGP SIGNATURE----- --_=XFMail.1.4.7.FreeBSD:20010215234419:96217=_-- End of MIME message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Feb 16 6:24:23 2001 Delivered-To: freebsd-audit@freebsd.org Received: from gw.nectar.com (gw.nectar.com [208.42.49.153]) by hub.freebsd.org (Postfix) with ESMTP id 3CDDC37B67D for ; Fri, 16 Feb 2001 06:24:21 -0800 (PST) Received: from hamlet.nectar.com (hamlet.nectar.com [10.0.1.102]) by gw.nectar.com (Postfix) with ESMTP id 7E15A19380; Fri, 16 Feb 2001 08:24:20 -0600 (CST) Received: (from nectar@localhost) by hamlet.nectar.com (8.11.2/8.9.3) id f1GEOKi85658; Fri, 16 Feb 2001 08:24:20 -0600 (CST) (envelope-from nectar@spawn.nectar.com) Date: Fri, 16 Feb 2001 08:24:20 -0600 From: "Jacques A. Vidrine" To: Mike Heffner Cc: FreeBSD-audit , Nathan Ahlstrom Subject: Re: mail(1) cleanup patch Message-ID: <20010216082420.A85640@hamlet.nectar.com> Mail-Followup-To: "Jacques A. Vidrine" , Mike Heffner , FreeBSD-audit , Nathan Ahlstrom References: <20010215214346.A28110@spawn.nectar.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from mheffner@vt.edu on Thu, Feb 15, 2001 at 11:44:19PM -0500 X-Url: http://www.nectar.com/ Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, Feb 15, 2001 at 11:44:19PM -0500, Mike Heffner wrote: > > On 16-Feb-2001 Jacques A. Vidrine wrote: > | Well, actually, it _is_ a macro -- which expands to an inline. But at > ... > > Alright, I redid the patch. I also axed copy() as it was just a hidden > strcpy(), and was only used in one place. > > http://filebox.vt.edu/users/mheffner/patches/mail.patch This looks good. There are always more nits :-) but mostly they were there before you arrived. Nothing earth-shattering, I think, but hey, ``while you are there'': Purely -audit fodder: = Are you certain that in each case where you've used snprintf/strlcpy, that truncation is harmless? Perhaps better to check. Stuff like `cp += strlcpy(...)' is particularly suspect. = Paranoia about strcpy->strlcpy is good, but then there are some calls that could be converted from strcat->strlcat. Stuff I couldn't keep to myself (I tried): = anyof() can be tossed, and strpbrk() used directly. = There's some inconsistent usage of err vs errx. = NOSTR, NIL, NONE, NOVAR, NOGRP, NOGE are misspellings of NULL. = creat is the ancient way of spelling open(..., O_CREAT|O_TRUNC|O_WRONLY, ...); Thanks for the hard work! Cheers, -- Jacques Vidrine / n@nectar.com / jvidrine@verio.net / nectar@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Feb 16 11:46:55 2001 Delivered-To: freebsd-audit@freebsd.org Received: from lennier.cc.vt.edu (lennier.cc.vt.edu [198.82.161.193]) by hub.freebsd.org (Postfix) with ESMTP id 51F5E37B491 for ; Fri, 16 Feb 2001 11:46:51 -0800 (PST) Received: from mail.vt.edu (gkar.cc.vt.edu [198.82.161.190]) by lennier.cc.vt.edu (8.11.0/8.11.0) with ESMTP id f1GJknu302978; Fri, 16 Feb 2001 14:46:49 -0500 (EST) Received: from enterprise.muriel.penguinpowered.com ([198.82.100.151]) by gkar.cc.vt.edu (Sun Internet Mail Server sims.3.5.2000.03.23.18.03.p10) with ESMTP id <0G8V0026O8A0OY@gkar.cc.vt.edu>; Fri, 16 Feb 2001 14:46:48 -0500 (EST) Date: Fri, 16 Feb 2001 14:46:48 -0500 (EST) From: Mike Heffner Subject: Re: mail(1) cleanup patch In-reply-to: <20010216082420.A85640@hamlet.nectar.com> To: "Jacques A. Vidrine" Cc: Nathan Ahlstrom Cc: Nathan Ahlstrom , FreeBSD-audit Message-id: MIME-version: 1.0 X-Mailer: XFMail 1.4.7 on FreeBSD Content-type: multipart/signed; boundary="_=XFMail.1.4.7.FreeBSD:20010216144647:96217=_"; micalg=pgp-md5; protocol="application/pgp-signature" X-Priority: 3 (Normal) Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG This message is in MIME format --_=XFMail.1.4.7.FreeBSD:20010216144647:96217=_ Content-Type: text/plain; charset=us-ascii On 16-Feb-2001 Jacques A. Vidrine wrote: | On Thu, Feb 15, 2001 at 11:44:19PM -0500, Mike Heffner wrote: |> http://filebox.vt.edu/users/mheffner/patches/mail.patch | | This looks good. There are always more nits :-) but mostly they were | there before you arrived. Nothing earth-shattering, I think, but hey, | ``while you are there'': | | Purely -audit fodder: | = Are you certain that in each case where you've used | snprintf/strlcpy, that truncation is harmless? Perhaps better | to check. Stuff like `cp += strlcpy(...)' is particularly | suspect. I added truncation checking to a few that I put in, I'll look over the others again. The particular case you mention, `cp += strlcpy(..', is safe though because the previous code checks the lengths. | = Paranoia about strcpy->strlcpy is good, but then there are some | calls that could be converted from strcat->strlcat. There are only two strcat()'s that concat a single character, and the statements before assures there'll be enough space for it. | Stuff I couldn't keep to myself (I tried): | = anyof() can be tossed, and strpbrk() used directly. Good idea, it looks like it's only called once anyways. | = There's some inconsistent usage of err vs errx. I've tried to use err() whenever errno would be set and errx() otherwise. However, I did just find a few cases where errno would be set and I had used errx(), and vice-versa. Fixed. | = NOSTR, NIL, NONE, NOVAR, NOGRP, NOGE are misspellings of NULL. I plan to commit these changes in a followup style patch. | = creat is the ancient way of spelling open(..., O_CREAT|O_TRUNC|O_WRONLY, | ...); I'll change this too. | | Thanks for the hard work! Thanks for taking the time to review. :) P.S. I'll update the patch either later tonight or tomorrow. -- Mike Heffner Blacksburg, VA http://filebox.vt.edu/users/mheffner --_=XFMail.1.4.7.FreeBSD:20010216144647:96217=_ Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6jYOnFokZQs3sv5kRAhLgAJ9FyT4GpMuLfb4BbD0u3HFi0Dy/8QCfYAAP +Jdzm3WBTlG9N8YLiwWKej4= =Kjfv -----END PGP SIGNATURE----- --_=XFMail.1.4.7.FreeBSD:20010216144647:96217=_-- End of MIME message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Feb 16 12:18: 4 2001 Delivered-To: freebsd-audit@freebsd.org Received: from mail.gmx.net (pop.gmx.de [194.221.183.20]) by hub.freebsd.org (Postfix) with SMTP id B7ECA37B4EC for ; Fri, 16 Feb 2001 12:18:01 -0800 (PST) Received: (qmail 5930 invoked by uid 0); 16 Feb 2001 20:17:50 -0000 Received: from pc19ebf0c.dip.t-dialin.net (HELO forge.local) (193.158.191.12) by mail.gmx.net (mp009-rz3) with SMTP; 16 Feb 2001 20:17:50 -0000 Received: from thomas by forge.local with local (Exim 3.20 #1) id 14TrKL-0000xR-00 for ; Fri, 16 Feb 2001 21:18:01 +0100 Date: Fri, 16 Feb 2001 21:18:00 +0100 From: Thomas Moestl To: freebsd-audit@freebsd.org Subject: Another set of setgid kmem removing patches Message-ID: <20010216211800.A3084@crow.dom2ip.de> Mail-Followup-To: Thomas Moestl , freebsd-audit@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi, here are some more patches to remove setgid kmem, this time from vmstat and iostat. Both vmstat and iostat use now sysctls by default to get all needed information, but will also fully work on crash dumps once again. Both use libdevstat, so this also has been patched to allow fetching all needed data via kvm calls. To accomplish this, two new functions, devstat_setkd and devstat_setfiles, have been added to the interface to set a kvm descriptor or core and/or symbol files respectively. If the handle is non-NULL/the file name pointers are non-NULL, all data will be fetched via kvm in subsequent calls. The default is the old behaviour (using sysctls only). Because any program that links to libdevstat now also needs to link to libkvm the libdevstat major version needed to be bumped (it is 3 now). I'll send this diff to Ken (who is listed as the maintainer) soon (Ken, if you are reading this, please comment on the patch). There is also another kernel diff, this one adds the vm.malloc.buckets, vm.malloc.stats, kern.tk_nin (tty input stats), kern.tk_nout (tty output stats) and vm.zonestats sysctls. It also moves some structure declarations out of #ifdef KERNEL to make them useable for the new kvm stuff. There is also a one-line diff for vinum (the only program in the src/ that linked to libdevstat, but not to libkvm) that adds a simple -lkvm to the Makefile. The new diffs are at: vmstat: http://www.tu-bs.de/~y0015675/vmstat.diff iostat: http://www.tu-bs.de/~y0015675/iostat.diff vinum: http://www.tu-bs.de/~y0015675/vinum.diff libdevstat: http://www.tu-bs.de/~y0015675/libdevstat.diff kernel: http://www.tu-bs.de/~y0015675/sysctl5.diff The previously posted patches are at: http://www.tu-bs.de/~y0015675/sysctl4.diff http://www.tu-bs.de/~y0015675/dmesg.diff http://www.tu-bs.de/~y0015675/sysctl3.diff http://www.tu-bs.de/~y0015675/systat.diff http://www.tu-bs.de/~y0015675/sysctl2.diff http://www.tu-bs.de/~y0015675/top.diff http://www.tu-bs.de/~y0015675/libkvm.diff http://www.tu-bs.de/~y0015675/sysctl.diff Please review and comment. Thanks, - thomas To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message