From owner-freebsd-audit Sun Jul 7 2: 9:49 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5D27937B400 for ; Sun, 7 Jul 2002 02:09:47 -0700 (PDT) Received: from storm.FreeBSD.org.uk (storm.FreeBSD.org.uk [194.242.139.170]) by mx1.FreeBSD.org (Postfix) with ESMTP id 02A0A43E54 for ; Sun, 7 Jul 2002 02:09:42 -0700 (PDT) (envelope-from mark@grimreaper.grondar.org) Received: from storm.FreeBSD.org.uk (uucp@localhost [127.0.0.1]) by storm.FreeBSD.org.uk (8.12.5/8.12.5) with ESMTP id g6799eCE038833 for ; Sun, 7 Jul 2002 10:09:40 +0100 (BST) (envelope-from mark@grimreaper.grondar.org) Received: (from uucp@localhost) by storm.FreeBSD.org.uk (8.12.5/8.12.5/Submit) with UUCP id g6799eda038832 for audit@FreeBSD.ORG; Sun, 7 Jul 2002 10:09:40 +0100 (BST) Received: from grimreaper.grondar.org (localhost [127.0.0.1]) by grimreaper.grondar.org (8.12.5/8.12.5) with ESMTP id g65KNjii076150 for ; Fri, 5 Jul 2002 21:23:46 +0100 (BST) (envelope-from mark@grimreaper.grondar.org) Message-Id: <200207052023.g65KNjii076150@grimreaper.grondar.org> To: audit@FreeBSD.ORG Subject: Re: suidperl References: <20020705102540.A74822@dragon.nuxi.com> In-Reply-To: <20020705102540.A74822@dragon.nuxi.com> ; from "David O'Brien" "Fri, 05 Jul 2002 10:25:40 PDT." Date: Fri, 05 Jul 2002 21:23:44 +0100 From: Mark Murray Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > On Fri, Jul 05, 2002 at 12:35:04AM +0900, Akinori MUSHA wrote: > > By the way, do we really need a perl wrapper in the first place? I > > suppose we can tweak ports/lang/perl5 to create symlinks (for example) > > when NO_PERL_SYMLINKS is not defined. > > This question really needs to be decided on. Not being a Perl-head I > don't feel qualified to have an opinion. But we do seem to be lacking a > little leadership here. If we are going to have a wrapper, using > `mailwrapper' may be better as it is more exact and does not depend on > one's PATH setting. I am inclining myself to the mailwrapper idea, but generalised out to do more than mail. CURRENT's current perl-wrapper is a good idea, but it is incomplete IMO. M -- o Mark Murray \_ O.\_ Warning: this .sig is umop ap!sdn To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Jul 8 4:55:26 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7694A37B406 for ; Mon, 8 Jul 2002 04:54:51 -0700 (PDT) Received: from storm.FreeBSD.org.uk (storm.FreeBSD.org.uk [194.242.139.170]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7138F43E09 for ; Mon, 8 Jul 2002 04:51:00 -0700 (PDT) (envelope-from mark@grimreaper.grondar.org) Received: from storm.FreeBSD.org.uk (uucp@localhost [127.0.0.1]) by storm.FreeBSD.org.uk (8.12.5/8.12.5) with ESMTP id g68BolCE007466 for ; Mon, 8 Jul 2002 12:50:47 +0100 (BST) (envelope-from mark@grimreaper.grondar.org) Received: (from uucp@localhost) by storm.FreeBSD.org.uk (8.12.5/8.12.5/Submit) with UUCP id g68Bol1j007465 for audit@freebsd.org; Mon, 8 Jul 2002 12:50:47 +0100 (BST) Received: from grimreaper.grondar.org (localhost [127.0.0.1]) by grimreaper.grondar.org (8.12.5/8.12.5) with ESMTP id g68Bnhqw027827 for ; Mon, 8 Jul 2002 12:49:43 +0100 (BST) (envelope-from mark@grimreaper.grondar.org) Message-Id: <200207081149.g68Bnhqw027827@grimreaper.grondar.org> To: audit@freebsd.org Subject: lib/csu diff-reduction, take #3 (commit candidate) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----- =_aaaaaaaaaa0" Content-ID: <27824.1026128943.0@grimreaper.grondar.org> Date: Mon, 08 Jul 2002 12:49:43 +0100 From: Mark Murray Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG ------- =_aaaaaaaaaa0 Content-Type: text/plain; charset="us-ascii" Content-ID: <27824.1026128943.1@grimreaper.grondar.org> Hi I've made some more asked-for changes to my lib/csu/*/crt1.c diffs; here they are. Please review these as commit candidates. Thanks! M -- o Mark Murray \_ O.\_ Warning: this .sig is umop ap!sdn ------- =_aaaaaaaaaa0 Content-Type: text/plain; charset="us-ascii" Content-ID: <27824.1026128943.2@grimreaper.grondar.org> Content-Description: lib/csu diffs Index: alpha/crt1.c =================================================================== RCS file: /home/ncvs/src/lib/csu/alpha/crt1.c,v retrieving revision 1.13 diff -u -d -r1.13 crt1.c --- alpha/crt1.c 25 Jun 2002 18:01:12 -0000 1.13 +++ alpha/crt1.c 7 Jul 2002 12:33:22 -0000 @@ -1,5 +1,5 @@ -/* - * Copyright 2001 David E. O'Brien +/*- + * Copyright 2001 David E. O'Brien. * All rights reserved. * Copyright 1996-1998 John D. Polstra. * All rights reserved. @@ -35,22 +35,25 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +#ifndef lint #ifndef __GNUC__ #error "GCC is needed to compile this file" #endif +#endif /* lint */ #include + #include "libc_private.h" #include "crtbrand.c" struct Struct_Obj_Entry; struct ps_strings; -#pragma weak _DYNAMIC extern int _DYNAMIC; +#pragma weak _DYNAMIC -extern void _init(void); extern void _fini(void); +extern void _init(void); extern int main(int, char **, char **); extern void _start(char **, void (*)(void), struct Struct_Obj_Entry *, struct ps_strings *); @@ -66,18 +69,17 @@ const char *__progname = ""; /* The entry function. */ +/* ARGSUSED */ void -_start(char **ap, - void (*cleanup)(void), /* from shared loader */ - struct Struct_Obj_Entry *obj __unused, /* from shared loader */ - struct ps_strings *ps_strings __unused) +_start(char **ap, void (*cleanup)(void), struct Struct_Obj_Entry *obj __unused, + struct ps_strings *ps_strings __unused) { int argc; char **argv; char **env; const char *s; - argc = * (long *) ap; + argc = *(long *)(void *)ap; argv = ap + 1; env = ap + 2 + argc; environ = env; Index: i386-elf/crt1.c =================================================================== RCS file: /home/ncvs/src/lib/csu/i386-elf/crt1.c,v retrieving revision 1.8 diff -u -d -r1.8 crt1.c --- i386-elf/crt1.c 3 Jul 2002 14:42:39 -0000 1.8 +++ i386-elf/crt1.c 3 Jul 2002 14:59:27 -0000 @@ -23,21 +23,26 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +#ifndef lint #ifndef __GNUC__ #error "GCC is needed to compile this file" #endif +#endif /* lint */ -#include #include #include "libc_private.h" #include "crtbrand.c" +extern int _DYNAMIC; +#pragma weak _DYNAMIC + typedef void (*fptr)(void); extern void _fini(void); extern void _init(void); extern int main(int, char **, char **); +extern void _start(char *, ...); #ifdef GCRT extern void _mcleanup(void); @@ -46,33 +51,35 @@ extern int etext; #endif -extern int _DYNAMIC; -#pragma weak _DYNAMIC +char **environ; +const char *__progname = ""; -#ifdef __i386__ -#define get_rtld_cleanup() \ - ({ fptr __value; \ - __asm__("movl %%edx,%0" : "=rm"(__value)); \ - __value; }) +static __inline fptr +get_rtld_cleanup(void) +{ + fptr retval; + +#ifdef __GNUC__ + __asm__("movl %%edx,%0" : "=rm"(retval)); #else -#error "This file only supports the i386 architecture" + retval = (fptr)0; /* XXXX Fix this for other compilers */ #endif + return(retval); +} -char **environ; -const char *__progname = ""; - +/* The entry function. */ void -_start(char *arguments, ...) +_start(char *ap, ...) { - fptr rtld_cleanup; + fptr cleanup; int argc; char **argv; char **env; const char *s; - rtld_cleanup = get_rtld_cleanup(); - argv = &arguments; - argc = * (int *) (argv - 1); + cleanup = get_rtld_cleanup(); + argv = ≈ + argc = *(long *)(void *)(argv - 1); env = argv + argc + 1; environ = env; if (argc > 0 && argv[0] != NULL) { @@ -83,7 +90,7 @@ } if (&_DYNAMIC != NULL) - atexit(rtld_cleanup); + atexit(cleanup); #ifdef GCRT atexit(_mcleanup); Index: ia64/crt1.c =================================================================== RCS file: /home/ncvs/src/lib/csu/ia64/crt1.c,v retrieving revision 1.7 diff -u -d -r1.7 crt1.c --- ia64/crt1.c 29 Mar 2002 22:43:41 -0000 1.7 +++ ia64/crt1.c 7 Jul 2002 12:10:32 -0000 @@ -31,11 +31,14 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +#ifndef lint #ifndef __GNUC__ #error "GCC is needed to compile this file" #endif +#endif /* lint */ #include + #include "libc_private.h" #include "crtbrand.c" @@ -45,9 +48,10 @@ #pragma weak _DYNAMIC extern int _DYNAMIC; -extern void _init(void); extern void _fini(void); +extern void _init(void); extern int main(int, char **, char **); +extern void _start(char **, struct ps_strings *, void (*)(void)); #ifdef GCRT extern void _mcleanup(void); @@ -59,17 +63,10 @@ char **environ; const char *__progname = ""; -/* The entry function. */ -void -_start(char **ap, - struct ps_strings *ps_strings, - void (*cleanup)(void)) +static __inline void +fix_gp(void) { - int argc; - char **argv; - char **env; - const char *s; - +#ifdef __GNUC__ /* Calculate gp */ __asm __volatile(" \ movl gp=@gprel(1f) ; \ @@ -78,8 +75,21 @@ ;; ; \ sub gp=r14,gp ; \ ;; "); +#endif +} - argc = * (long *) ap; +/* The entry function. */ +/* ARGSUSED */ +void +_start(char **ap, struct ps_strings *ps_strings __unused, void (*cleanup)(void)) +{ + int argc; + char **argv; + char **env; + const char *s; + + fix_gp(); + argc = *(long *)(void *)ap; argv = ap + 1; env = ap + 2 + argc; environ = env; Index: powerpc/crt1.c =================================================================== RCS file: /home/ncvs/src/lib/csu/powerpc/crt1.c,v retrieving revision 1.8 diff -u -d -r1.8 crt1.c --- powerpc/crt1.c 29 Mar 2002 22:43:41 -0000 1.8 +++ powerpc/crt1.c 7 Jul 2002 12:38:19 -0000 @@ -38,23 +38,28 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +#ifndef lint #ifndef __GNUC__ #error "GCC is needed to compile this file" #endif +#endif /* lint */ #include + #include "libc_private.h" #include "crtbrand.c" struct Struct_Obj_Entry; struct ps_strings; -#pragma weak _DYNAMIC extern int _DYNAMIC; +#pragma weak _DYNAMIC -extern void _init(void); extern void _fini(void); +extern void _init(void); extern int main(int, char **, char **); +extern void _start(int, char **, char **, const struct Struct_Obj_Entry *, + void (*)(void), struct ps_strings *); #ifdef GCRT extern void _mcleanup(void); @@ -67,23 +72,20 @@ const char *__progname = ""; struct ps_strings *__ps_strings; -/* The entry function. - * +/* The entry function. */ +/* * First 5 arguments are specified by the PowerPC SVR4 ABI. * The last argument, ps_strings, is a BSD extension. */ +/* ARGSUSED */ void -_start(argc, argv, envp, obj, cleanup, ps_strings) - int argc; - char **argv, **envp; - const struct Struct_Obj_Entry *obj; /* from shared loader */ - void (*cleanup)(void); /* from shared loader */ - struct ps_strings *ps_strings; /* BSD extension */ +_start(int argc, char **argv, char **env, + const struct Struct_Obj_Entry *obj __unused, void (*cleanup)(void), + struct ps_strings *ps_strings) { - char *namep; const char *s; - environ = envp; + environ = env; if (argc > 0 && argv[0] != NULL) { __progname = argv[0]; @@ -106,7 +108,7 @@ monstartup(&eprol, &etext); #endif _init(); - exit( main(argc, argv, envp) ); + exit( main(argc, argv, env) ); } #ifdef GCRT Index: sparc64/crt1.c =================================================================== RCS file: /home/ncvs/src/lib/csu/sparc64/crt1.c,v retrieving revision 1.8 diff -u -d -r1.8 crt1.c --- sparc64/crt1.c 29 Apr 2002 20:25:29 -0000 1.8 +++ sparc64/crt1.c 7 Jul 2002 12:34:38 -0000 @@ -1,5 +1,5 @@ -/* - * Copyright 2001 David E. O'Brien +/*- + * Copyright 2001 David E. O'Brien. * All rights reserved. * Copyright (c) 1995, 1998 Berkeley Software Design, Inc. * All rights reserved. @@ -29,25 +29,32 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +#ifndef lint #ifndef __GNUC__ #error "GCC is needed to compile this file" #endif +#endif /* lint */ #include + #include "libc_private.h" #include "crtbrand.c" struct Struct_Obj_Entry; struct ps_strings; -#pragma weak _DYNAMIC extern int _DYNAMIC; +#pragma weak _DYNAMIC + +typedef void (*fptr)(void); -extern void _init(void); extern void _fini(void); +extern void _init(void); extern int main(int, char **, char **); -extern void __sparc64_sigtramp_setup(void); -extern void __sparc64_utrap_setup(void); +extern void _start(char **, void (*)(void), struct Struct_Obj_Entry *, + struct ps_strings *); +extern void __sparc_sigtramp_setup(void); +extern void __sparc_utrap_setup(void); #ifdef GCRT extern void _mcleanup(void); @@ -59,9 +66,30 @@ char **environ; const char *__progname = ""; +/* + * Grab %g1 before it gets used for anything by the compiler. + * Sparc ELF psABI specifies a termination routine (if any) will be in + * %g1 + */ +static __inline fptr +get_term(void) +{ + fptr retval; + +#if 0 +#ifdef __GNUC__ + __asm__ volatile("mov %%g1,%0" : "=r"(retval)); +#else + retval = (fptr)0; /* XXXX Fix this for other compilers */ +#endif +#else + retval = (fptr)0; /* XXXX temporary */ +#endif + return(retval); +} + /* The entry function. */ /* - * * %o0 holds ps_strings pointer. For Solaris compat and/or shared * libraries, if %g1 is not 0, it is a routine to pass to atexit(). * (By passing the pointer in the usual argument register, we avoid @@ -70,26 +98,20 @@ * Note: kernel may (is not set in stone yet) pass ELF aux vector in %o1, * but for now we do not use it here. */ +/* ARGSUSED */ void -_start(char **ap, - void (*cleanup)(void), /* from shared loader */ - struct Struct_Obj_Entry *obj, /* from shared loader */ - struct ps_strings *ps_strings) +_start(char **ap, void (*cleanup)(void), struct Struct_Obj_Entry *obj __unused, + struct ps_strings *ps_strings __unused) { + void (*term)(void); int argc; char **argv; char **env; const char *s; -#if 0 - void (*term)(void); - /* Grab %g1 before it gets used for anything by the compiler. */ - /* Sparc ELF psABI specifies a termination routine (if any) will be in - %g1 */ - __asm__ volatile("mov %%g1,%0" : "=r"(term)); -#endif + term = get_term(); - argc = * (long *) ap; + argc = *(long *)(void *)ap; argv = ap + 1; env = ap + 2 + argc; environ = env; @@ -102,14 +124,13 @@ __sparc_sigtramp_setup(); __sparc_utrap_setup(); -#if 0 + /* * If the kernel or a shared library wants us to call * a termination function, arrange to do so. */ if (term) atexit(term); -#endif if (&_DYNAMIC != NULL) atexit(cleanup); ------- =_aaaaaaaaaa0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Tue Jul 9 22: 5: 8 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9AE7737B400 for ; Tue, 9 Jul 2002 22:04:57 -0700 (PDT) Received: from turbine.trit.org (turbine.trit.org [63.198.170.141]) by mx1.FreeBSD.org (Postfix) with ESMTP id B78E743E58 for ; Tue, 9 Jul 2002 22:04:56 -0700 (PDT) (envelope-from dima@trit.org) Received: from turbine.trit.org (localhost [127.0.0.1]) by turbine.trit.org (Postfix) with ESMTP id E28483EFB; Wed, 10 Jul 2002 05:04:55 +0000 (UTC) To: Sheldon Hearn Cc: audit@freebsd.org Subject: Re: VT_LOCKSWITCH In-Reply-To: <43415.1022589698@axl.seasidesoftware.co.za>; from sheldonh@starjuice.net on "Tue, 28 May 2002 14:41:38 +0200" Date: Wed, 10 Jul 2002 05:04:55 +0000 From: Dima Dorfman Message-Id: <20020710050455.E28483EFB@turbine.trit.org> Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Sheldon Hearn wrote: > > > On Tue, 28 May 2002 08:54:20 GMT, Dima Dorfman wrote: > > > The attached patch adds an -S option to vidcontrol(1) that allows the > > user to disallow vty switching. It is implemented using a new > > VT_LOCKSWITCH ioctl. > > Ooo! Ooo! This is nice. > > If you're up to it, I'd love to see the same functionality available as > an extension to lock(1). Imagine the convenience of being able to type > > lock -npS > > on just one terminal and not have to worry about the rest! Sounds nice. How about the following patch? I really tried to keep the not-directly-related changes to a minimum, but it was difficult (lock(1) is so small and simple, but so lacking in polish!) (I did refrain from fixing anything that I wasn't already going to change, though, so the diff shouldn't be significantly harder to read). Note also that lock(1) is installed setuid root (for -p), so please review accordingly (even though none of the new code runs as root). Thanks, Dima. P.S. Does anyone know what this is for: if (ioctl(0, TIOCGETP, &ntty)) exit(1); It's at line 232 after the patch (210 before the patch). ntty isn't used anywhere in or after the loop the above is in, so it seems pretty pointless. It has some bugs (you can't call exit() here; you need to at least fix the terminal settings, and, now, maybe, unlock the vty), so unless someone knows what it's for, I'd like to remove it. Index: lock.1 =================================================================== RCS file: /home/ncvs/src/usr.bin/lock/lock.1,v retrieving revision 1.7 diff -u -r1.7 lock.1 --- lock.1 20 Apr 2002 12:15:20 -0000 1.7 +++ lock.1 10 Jul 2002 04:54:50 -0000 @@ -32,7 +32,7 @@ .\" @(#)lock.1 8.1 (Berkeley) 6/6/93 .\" $FreeBSD$ .\" -.Dd June 6, 1993 +.Dd July 10, 2002 .Dt LOCK 1 .Os .Sh NAME @@ -40,8 +40,7 @@ .Nd reserve a terminal .Sh SYNOPSIS .Nm -.Op Fl n -.Op Fl p +.Op Fl npv .Op Fl t Ar timeout .Sh DESCRIPTION The @@ -65,6 +64,15 @@ The time limit (default 15 minutes) is changed to .Ar timeout minutes. +.It Fl v +Disable switching virtual terminals while this terminal is locked. +This option is implemented in a way similar to the +.Fl S +option of +.Xr vidcontrol 1 , +and is only available if the terminal in question is a +.Xr syscons 4 +virtual terminal. .El .Sh HISTORY The Index: lock.c =================================================================== RCS file: /home/ncvs/src/usr.bin/lock/lock.c,v retrieving revision 1.13 diff -u -r1.13 lock.c --- lock.c 10 Jul 2002 04:05:33 -0000 1.13 +++ lock.c 10 Jul 2002 04:54:50 -0000 @@ -60,6 +60,7 @@ #include #include #include +#include #include #include #include @@ -83,6 +84,7 @@ struct sgttyb tty, ntty; long nexttime; /* keep the timeout time */ int no_timeout; /* lock terminal forever */ +int vtyunlock; /* Unlock flag and code. */ /*ARGSUSED*/ int @@ -95,7 +97,7 @@ time_t timval_sec; struct itimerval ntimer, otimer; struct tm *timp; - int ch, failures, sectimeout, usemine; + int ch, failures, sectimeout, usemine, vtylock; char *ap, *mypw, *ttynam, *tzn; char hostname[MAXHOSTNAMELEN], s[BUFSIZ], s1[BUFSIZ]; @@ -105,7 +107,8 @@ mypw = NULL; usemine = 0; no_timeout = 0; - while ((ch = getopt(argc, argv, "npt:")) != -1) + vtylock = 0; + while ((ch = getopt(argc, argv, "npt:v")) != -1) switch((char)ch) { case 't': if ((sectimeout = atoi(optarg)) <= 0) @@ -120,6 +123,9 @@ case 'n': no_timeout = 1; break; + case 'v': + vtylock = 1; + break; case '?': default: usage(); @@ -177,15 +183,31 @@ ntimer.it_value = timeout; if (!no_timeout) setitimer(ITIMER_REAL, &ntimer, &otimer); + if (vtylock) { + /* + * If this failed, we want to err out; warn isn't good + * enough, since we don't want the user to think that + * everything is nice and locked because they got a + * "Key:" prompt. + */ + if (ioctl(0, VT_LOCKSWITCH, &vtylock) == -1) { + (void)ioctl(0, TIOCSETP, &tty); + err(1, "locking vty"); + } + vtyunlock = 0x2; + } /* header info */ - if (no_timeout) { -(void)printf("lock: %s on %s. no timeout\ntime now is %.20s%s%s", - ttynam, hostname, ap, tzn, ap + 19); - } else { -(void)printf("lock: %s on %s. timeout in %d minutes\ntime now is %.20s%s%s", - ttynam, hostname, sectimeout, ap, tzn, ap + 19); - } + (void)printf("lock: %s on %s.", ttynam, hostname); + if (no_timeout) + (void)printf(" no timeout."); + else + (void)printf(" timeout in %d minute%s.", sectimeout, + sectimeout != 1 ? "s" : ""); + if (vtylock) + (void)printf(" vty locked."); + (void)printf("\ntime now is %.20s%s%s", ap, tzn, ap + 19); + failures = 0; for (;;) { @@ -222,7 +244,7 @@ static void usage() { - (void)fprintf(stderr, "usage: lock [-n] [-p] [-t timeout]\n"); + (void)fprintf(stderr, "usage: lock [-npv] [-t timeout]\n"); exit(1); } @@ -248,6 +270,8 @@ { (void)putchar('\n'); (void)ioctl(0, TIOCSETP, &tty); + if (vtyunlock) + (void)ioctl(0, VT_LOCKSWITCH, &vtyunlock); exit(0); } @@ -256,6 +280,8 @@ { if (!no_timeout) { (void)ioctl(0, TIOCSETP, &tty); + if (vtyunlock) + (void)ioctl(0, VT_LOCKSWITCH, &vtyunlock); (void)printf("lock: timeout\n"); exit(1); } To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Wed Jul 10 8:33:46 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BBDF237B400 for ; Wed, 10 Jul 2002 08:33:33 -0700 (PDT) Received: from comp.chem.msu.su (comp-ext.chem.msu.su [158.250.32.157]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7F88143E09 for ; Wed, 10 Jul 2002 08:33:32 -0700 (PDT) (envelope-from yar@comp.chem.msu.su) Received: (from yar@localhost) by comp.chem.msu.su (8.11.6/8.11.6) id g6AFXTS09243 for audit@freebsd.org; Wed, 10 Jul 2002 19:33:29 +0400 (MSD) (envelope-from yar) Date: Wed, 10 Jul 2002 19:33:29 +0400 From: Yar Tikhiy To: audit@freebsd.org Subject: Ftpd(8) reading config files Message-ID: <20020710193329.A8572@comp.chem.msu.su> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi there, Currently, our ftpd(8) suffers from: a) poor handling of lines read from /etc/ftpusers and /etc/ftphosts, which are longer than the buffer passed to fgets(3). Of course, user names are short, and even comments will fit into the buffer in most cases, but it doesn't forgive the poor code. b) wrong handling of the last line in the files which doesn't end with a newline (PR misc/21494). Maxim, mikeh and I worked out the following remedy to the above problems. Could you review it? Sorry, it looks overengineered, but I can't see how it could be simpler. -- Yar Index: ftpd.c =================================================================== RCS file: /home/ncvs/src/libexec/ftpd/ftpd.c,v retrieving revision 1.105 diff -u -w -r1.105 ftpd.c --- ftpd.c 3 Jul 2002 00:12:00 -0000 1.105 +++ ftpd.c 9 Jul 2002 10:59:00 -0000 @@ -651,20 +651,24 @@ static void inithosts(void) { + size_t len; FILE *fp; - char *cp; + char *cp, *mp, *line; + char *hostname; struct ftphost *hrp, *lhrp; - char line[1024]; struct addrinfo hints, *res, *ai; /* * Fill in the default host information */ - if (gethostname(line, sizeof(line)) < 0) - line[0] = '\0'; - if ((hrp = malloc(sizeof(struct ftphost))) == NULL || - (hrp->hostname = strdup(line)) == NULL) + if ((hostname = malloc(MAXHOSTNAMELEN)) == NULL) fatalerror("Ran out of memory."); + if (gethostname(hostname, MAXHOSTNAMELEN) < 0) + hostname[0] = '\0'; + hostname[MAXHOSTNAMELEN - 1] = '\0'; + if ((hrp = malloc(sizeof(struct ftphost))) == NULL) + fatalerror("Ran out of memory."); + hrp->hostname = hostname; hrp->hostinfo = NULL; memset(&hints, 0, sizeof(hints)); @@ -684,28 +688,33 @@ void *addr; struct hostent *hp; - while (fgets(line, sizeof(line), fp) != NULL) { + while ((line = fgetln(fp, &len)) != NULL) { int i, hp_error; - if ((cp = strchr(line, '\n')) == NULL) { - /* ignore long lines */ - while (fgets(line, sizeof(line), fp) != NULL && - strchr(line, '\n') == NULL) - ; + /* skip comments */ + if (line[0] == '#') continue; + if (line[len - 1] == '\n') { + line[len - 1] = '\0'; + mp = NULL; + } else { + if ((mp = malloc(len + 1)) == NULL) + fatalerror("Ran out of memory."); + memcpy(mp, line, len); + mp[len] = '\0'; + line = mp; } - *cp = '\0'; cp = strtok(line, " \t"); - /* skip comments and empty lines */ - if (cp == NULL || line[0] == '#') - continue; + /* skip empty lines */ + if (cp == NULL) + goto nextline; hints.ai_flags = 0; hints.ai_family = AF_UNSPEC; hints.ai_flags = AI_PASSIVE; error = getaddrinfo(cp, NULL, &hints, &res); if (error != NULL) - continue; + goto nextline; for (ai = res; ai != NULL && ai->ai_addr != NULL; ai = ai->ai_next) { @@ -727,7 +736,7 @@ } if (hrp == NULL) { if ((hrp = malloc(sizeof(struct ftphost))) == NULL) - continue; + goto nextline; /* defaults */ hrp->statfile = _PATH_FTPDSTATFILE; hrp->welcome = _PATH_FTPWELCOME; @@ -759,7 +768,7 @@ if (hrp->hostinfo != NULL) freeaddrinfo(hrp->hostinfo); free(hrp); - continue; + goto nextline; /* NOTREACHED */ } if ((hp = getipnodebyaddr((char*)addr, addrsize, @@ -804,6 +813,9 @@ /* XXX: re-initialization for getaddrinfo() loop */ cp = strtok(line, " \t"); } +nextline: + if (mp) + free(mp); } (void) fclose(fp); } @@ -1013,23 +1025,38 @@ { FILE *fd; int found = 0; - char *p, line[BUFSIZ]; + size_t len; + char *line, *mp, *p; if ((fd = fopen(fname, "r")) != NULL) { - while (!found && fgets(line, sizeof(line), fd) != NULL) - if ((p = strchr(line, '\n')) != NULL) { - *p = '\0'; + while (!found && (line = fgetln(fd, &len)) != NULL) { + /* skip comments */ if (line[0] == '#') continue; + if (line[len - 1] == '\n') { + line[len - 1] = '\0'; + mp = NULL; + } else { + if ((mp = malloc(len + 1)) == NULL) + fatalerror("Ran out of memory."); + memcpy(mp, line, len); + mp[len] = '\0'; + line = mp; + } + /* avoid possible leading and trailing whitespace */ + p = strtok(line, " \t"); + /* skip empty lines */ + if (p == NULL) + goto nextline; /* * if first chr is '@', check group membership */ - if (line[0] == '@') { + if (p[0] == '@') { int i = 0; struct group *grp; - if ((grp = getgrnam(line+1)) == NULL) - continue; + if ((grp = getgrnam(p+1)) == NULL) + goto nextline; /* * Check user's default group */ @@ -1047,7 +1074,10 @@ * Otherwise, just check for username match */ else - found = strcmp(line, name) == 0; + found = strcmp(p, name) == 0; +nextline: + if (mp) + free(mp); } (void) fclose(fd); } To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Wed Jul 10 21:18:21 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DA3E837B400 for ; Wed, 10 Jul 2002 21:18:19 -0700 (PDT) Received: from mail.rpi.edu (mail.rpi.edu [128.113.22.40]) by mx1.FreeBSD.org (Postfix) with ESMTP id 31BB443E4A for ; Wed, 10 Jul 2002 21:18:19 -0700 (PDT) (envelope-from drosih@rpi.edu) Received: from [128.113.24.47] (gilead.netel.rpi.edu [128.113.24.47]) by mail.rpi.edu (8.12.1/8.12.1) with ESMTP id g6B4IGB2119168; Thu, 11 Jul 2002 00:18:16 -0400 Mime-Version: 1.0 X-Sender: drosih@mail.rpi.edu Message-Id: In-Reply-To: References: Date: Thu, 11 Jul 2002 00:18:15 -0400 To: freebsd-print@bostonradio.org From: Garance A Drosihn Subject: Re: Rewritten 'lpc topq', new 'lpc bottomq' Cc: freebsd-audit@FreeBSD.org Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Scanned-By: MIMEDefang 2.3 (www dot roaringpenguin dot com slash mimedefang) Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG At 4:00 AM -0400 7/6/02, Garance A Drosihn wrote: >It seemed like it would be simple to look at lpc's topq command >and duplicate it into a bottomq command. > >This turned out to be another thread-pulling exercise, and the >result is a patch that's over 1,100 lines long. I suspect that >is a bit too much to send in a message, but anyone interested in >checking over the patch can find it at: > >http://people.freebsd.org/~gad/lpr/lpc-topq.diff > After some feedback, a newer version of the diff is now at: http://people.freebsd.org/~gad/lpr/lpc-topq-2.diff This does not include any changes for the man page yet, but I intend to do that before making the commit to -current. I'm still hoping to commit this to -current this weekend, assuming there are no big issues in what I have. -- Garance Alistair Drosehn = gad@gilead.netel.rpi.edu Senior Systems Programmer or gad@freebsd.org Rensselaer Polytechnic Institute or drosih@rpi.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Thu Jul 11 2:16:12 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 561F537B400 for ; Thu, 11 Jul 2002 02:16:07 -0700 (PDT) Received: from axl.seasidesoftware.co.za (axl.seasidesoftware.co.za [196.31.7.201]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4DFCE43E09 for ; Thu, 11 Jul 2002 02:16:06 -0700 (PDT) (envelope-from sheldonh@starjuice.net) Received: from sheldonh by axl.seasidesoftware.co.za with local (Exim 3.36 #1) id 17Sa4T-0000Gh-00; Thu, 11 Jul 2002 11:17:09 +0200 Date: Thu, 11 Jul 2002 11:17:09 +0200 From: Sheldon Hearn To: Dima Dorfman Cc: audit@freebsd.org Subject: Re: VT_LOCKSWITCH Message-ID: <20020711091709.GC736@starjuice.net> References: <43415.1022589698@axl.seasidesoftware.co.za> <20020710050455.E28483EFB@turbine.trit.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020710050455.E28483EFB@turbine.trit.org> User-Agent: Mutt/1.5.1i Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On (2002/07/10 05:04), Dima Dorfman wrote: > > If you're up to it, I'd love to see the same functionality available as > > an extension to lock(1). Imagine the convenience of being able to type > > > > lock -npS > > > > on just one terminal and not have to worry about the rest! > > Sounds nice. How about the following patch? Dima, this kicks ass! I don't have time to review your patch, but the resulting binary is something I've wanted in the base system for a couple of years. Thanks! > P.S. Does anyone know what this is for: > > if (ioctl(0, TIOCGETP, &ntty)) > exit(1); > > It's at line 232 after the patch (210 before the patch). ntty isn't > used anywhere in or after the loop the above is in, so it seems pretty > pointless. I think that's just to check that feedback echo is still turned off, no? Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Thu Jul 11 15:45:31 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D698837B400; Thu, 11 Jul 2002 15:45:21 -0700 (PDT) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 817E543E52; Thu, 11 Jul 2002 15:45:21 -0700 (PDT) (envelope-from bright@elvis.mu.org) Received: by elvis.mu.org (Postfix, from userid 1192) id 5B8E9AE163; Thu, 11 Jul 2002 15:45:21 -0700 (PDT) Date: Thu, 11 Jul 2002 15:45:21 -0700 From: Alfred Perlstein To: bde@freebsd.org Cc: audit@freebsd.org Subject: trpt cleanup Message-ID: <20020711224521.GD97638@elvis.mu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.27i Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG please review Index: Makefile =================================================================== RCS file: /home/ncvs/src/usr.sbin/trpt/Makefile,v retrieving revision 1.6 diff -u -r1.6 Makefile --- Makefile 20 Jul 2001 06:20:25 -0000 1.6 +++ Makefile 11 Jul 2002 22:32:33 -0000 @@ -2,6 +2,7 @@ # $FreeBSD: src/usr.sbin/trpt/Makefile,v 1.6 2001/07/20 06:20:25 obrien Exp $ PROG= trpt +WARNS?= 4 MAN= trpt.8 BINGRP= kmem BINMODE= 2555 Index: trpt.c =================================================================== RCS file: /home/ncvs/src/usr.sbin/trpt/trpt.c,v retrieving revision 1.15 diff -u -r1.15 trpt.c --- trpt.c 15 May 2002 09:36:46 -0000 1.15 +++ trpt.c 11 Jul 2002 22:43:55 -0000 @@ -82,34 +82,38 @@ #include #include #include +#include #include -struct nlist nl[] = { +struct nlist nl[3]; #define N_TCP_DEBUG 0 - { "_tcp_debug" }, #define N_TCP_DEBX 1 - { "_tcp_debx" }, - { "" }, -}; static caddr_t tcp_pcbs[TCP_NDEBUG]; static n_time ntime; static int aflag, kflag, memf, follow, sflag, tflag; -void dotrace __P((caddr_t)); -void klseek __P((int, off_t, int)); -int numeric __P((const void *, const void *)); -void tcp_trace __P((short, short, struct tcpcb *, struct tcpcb *, - int, void *, struct tcphdr *, int)); -static void usage __P((void)); +void dotrace(caddr_t); +void klseek(int, off_t, int); +int numeric(const void *, const void *); +void tcp_trace(short, short, struct tcpcb *, struct tcpcb *, + int, void *, struct tcphdr *, int); +static void usage(void); int -main(argc, argv) - int argc; - char **argv; +main(int argc, char **argv) { int ch, i, jflag, npcbs; - char *system, *core; + const char *syst; + const char *core; + char debug[] = "_tcp_debug"; + char debx[] = "_tcp_debx"; + char empty[] = ""; + + bzero(nl, sizeof(nl)); + nl[0].n_name = debug; + nl[1].n_name = debx; + nl[2].n_name = empty; jflag = npcbs = 0; while ((ch = getopt(argc, argv, "afjp:st")) != -1) @@ -144,7 +148,7 @@ core = _PATH_KMEM; if (argc > 0) { - system = *argv; + syst = *argv; argc--, argv++; if (argc > 0) { core = *argv; @@ -158,10 +162,10 @@ setgid(getgid()); } else - system = (char *)getbootfile(); + syst = getbootfile(); - if (nlist(system, nl) < 0 || !nl[0].n_value) - errx(1, "%s: no namelist", system); + if (nlist(syst, nl) < 0 || !nl[0].n_value) + errx(1, "%s: no namelist", syst); if ((memf = open(core, O_RDONLY)) < 0) err(2, "%s", core); setgid(getgid()); @@ -200,7 +204,7 @@ qsort(tcp_pcbs, npcbs, sizeof(caddr_t), numeric); if (jflag) { for (i = 0;;) { - printf("%x", tcp_pcbs[i]); + printf("%p", tcp_pcbs[i]); if (++i == npcbs) break; fputs(", ", stdout); @@ -314,7 +318,7 @@ void tcp_trace(act, ostate, atp, tp, family, ip, th, req) short act, ostate; - struct tcpcb *atp, *tp; + struct tcpcb *atp __unused, *tp; int family; void *ip; struct tcphdr *th; @@ -347,7 +351,7 @@ #else ip4 = (struct ip *)ip; #endif - printf("%03ld %s:%s ",(ntime/10) % 1000, tcpstates[ostate], + printf("%03ld %s:%s ", (long)((ntime/10) % 1000), tcpstates[ostate], tanames[act]); switch (act) { case TA_INPUT: @@ -394,15 +398,15 @@ if (act == TA_OUTPUT) len -= sizeof(struct tcphdr); if (len) - printf("[%lx..%lx)", seq, seq + len); + printf("[%lx..%lx)", (long)seq, (long)(seq + len)); else - printf("%lx", seq); - printf("@%lx", ack); + printf("%lx", (long)seq); + printf("@%lx", (long)ack); if (win) printf("(win=%x)", win); flags = th->th_flags; if (flags) { - register char *cp = "<"; + const char *cp = "<"; #define pf(flag, string) { \ if (th->th_flags&flag) { \ (void)printf("%s%s", cp, string); \ @@ -431,10 +435,12 @@ printf("\n"); if (sflag) { printf("\trcv_nxt %lx rcv_wnd %x snd_una %lx snd_nxt %lx snd_max %lx\n", - tp->rcv_nxt, tp->rcv_wnd, tp->snd_una, tp->snd_nxt, - tp->snd_max); - printf("\tsnd_wl1 %lx snd_wl2 %lx snd_wnd %x\n", tp->snd_wl1, - tp->snd_wl2, tp->snd_wnd); + (long)tp->rcv_nxt, (int)tp->rcv_wnd, + (long)tp->snd_una, (long)tp->snd_nxt, + (long)tp->snd_max); + printf("\tsnd_wl1 %lx snd_wl2 %lx snd_wnd %x\n", + (long)tp->snd_wl1, + (long)tp->snd_wl2, (int)tp->snd_wnd); } /* print out timers? */ #if 0 -- -Alfred Perlstein [alfred@freebsd.org] 'Instead of asking why a piece of software is using "1970s technology," start asking why software is ignoring 30 years of accumulated wisdom.' Tax deductible donations for FreeBSD: http://www.freebsdfoundation.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Thu Jul 11 23:24:59 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D027437B400 for ; Thu, 11 Jul 2002 23:24:53 -0700 (PDT) Received: from sccrmhc02.attbi.com (sccrmhc02.attbi.com [204.127.202.62]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2355943E3B for ; Thu, 11 Jul 2002 23:24:53 -0700 (PDT) (envelope-from crist.clark@attbi.com) Received: from blossom.cjclark.org ([12.234.91.48]) by sccrmhc02.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020712062452.SJN6023.sccrmhc02.attbi.com@blossom.cjclark.org> for ; Fri, 12 Jul 2002 06:24:52 +0000 Received: from blossom.cjclark.org (localhost. [127.0.0.1]) by blossom.cjclark.org (8.12.3/8.12.3) with ESMTP id g6C6OpJK044257 for ; Thu, 11 Jul 2002 23:24:51 -0700 (PDT) (envelope-from crist.clark@attbi.com) Received: (from cjc@localhost) by blossom.cjclark.org (8.12.3/8.12.3/Submit) id g6C6OoGs044256 for audit@freebsd.org; Thu, 11 Jul 2002 23:24:50 -0700 (PDT) X-Authentication-Warning: blossom.cjclark.org: cjc set sender to crist.clark@attbi.com using -f Date: Thu, 11 Jul 2002 23:24:50 -0700 From: "Crist J. Clark" To: audit@freebsd.org Subject: Securing sysctl(8) knobs related to ipfw(8) at securelevel(8) Message-ID: <20020712062450.GB43704@blossom.cjclark.org> Reply-To: cjclark@alum.mit.edu Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4i X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Locking firewall rules at securelevel(8) >= 3 is somewhat pointless since one can disable the firewall completely by doing, # sysctl net.inet.ip.fw.enable=0 This is not restricted at any securelevel(8). sysctl(8) has a _very_ granular policy control mechanism. At securelevel(8) <= 0, it's unlocked. At securelevel(8) > 0, it's locked. This leaves us with a choice, we can allow firewalling to be disabled at any securlevel, or we can disable firewalling at securelevel > 1 even though rules are only locked when we get to securelevel >= 3. I think the second one is the obvious choice. This patch locks up all read-write variables at securelevel > 1. I figured it was safer to just lock it all up than try to figure out which ones are not too security sensitive, mildly sensitive, or very sensitive. I'm finally getting around to this to close up PR kern/39396. Any problems with the patch or the concept? Index: ip_fw.c =================================================================== RCS file: /export/freebsd/ncvs/src/sys/netinet/ip_fw.c,v retrieving revision 1.188 diff -u -r1.188 ip_fw.c --- ip_fw.c 22 Jun 2002 11:51:02 -0000 1.188 +++ ip_fw.c 12 Jul 2002 05:59:29 -0000 @@ -94,19 +94,19 @@ MALLOC_DEFINE(M_IPFW, "IpFw/IpAcct", "IpFw/IpAcct chain's"); #ifdef SYSCTL_NODE -SYSCTL_NODE(_net_inet_ip, OID_AUTO, fw, CTLFLAG_RW, 0, "Firewall"); -SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, enable, CTLFLAG_RW, +SYSCTL_NODE(_net_inet_ip, OID_AUTO, fw, CTLFLAG_RW | CTLFLAG_SECURE, 0, "Firewall"); +SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, enable, CTLFLAG_RW | CTLFLAG_SECURE, &fw_enable, 0, "Enable ipfw"); -SYSCTL_INT(_net_inet_ip_fw, OID_AUTO,one_pass,CTLFLAG_RW, +SYSCTL_INT(_net_inet_ip_fw, OID_AUTO,one_pass,CTLFLAG_RW | CTLFLAG_SECURE, &fw_one_pass, 0, "Only do a single pass through ipfw when using dummynet(4)"); -SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, debug, CTLFLAG_RW, +SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, debug, CTLFLAG_RW | CTLFLAG_SECURE, &fw_debug, 0, "Enable printing of debug ip_fw statements"); -SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, verbose, CTLFLAG_RW, +SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, verbose, CTLFLAG_RW | CTLFLAG_SECURE, &fw_verbose, 0, "Log matches to ipfw rules"); -SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, verbose_limit, CTLFLAG_RW, +SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, verbose_limit, CTLFLAG_RW | CTLFLAG_SECURE, &fw_verbose_limit, 0, "Set upper limit of matches of ipfw rules logged"); -SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, permanent_rules, CTLFLAG_RW, +SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, permanent_rules, CTLFLAG_RW | CTLFLAG_SECURE, &fw_permanent_rules, 0, "Set rule number, below which rules are permanent"); /* @@ -175,27 +175,27 @@ static u_int32_t dyn_count = 0 ; /* # of dynamic rules */ static u_int32_t dyn_max = 1000 ; /* max # of dynamic rules */ -SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, dyn_buckets, CTLFLAG_RW, +SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, dyn_buckets, CTLFLAG_RW | CTLFLAG_SECURE, &dyn_buckets, 0, "Number of dyn. buckets"); SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, curr_dyn_buckets, CTLFLAG_RD, &curr_dyn_buckets, 0, "Current Number of dyn. buckets"); SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, dyn_count, CTLFLAG_RD, &dyn_count, 0, "Number of dyn. rules"); -SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, dyn_max, CTLFLAG_RW, +SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, dyn_max, CTLFLAG_RW | CTLFLAG_SECURE, &dyn_max, 0, "Max number of dyn. rules"); SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, static_count, CTLFLAG_RD, &static_count, 0, "Number of static rules"); -SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, dyn_ack_lifetime, CTLFLAG_RW, +SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, dyn_ack_lifetime, CTLFLAG_RW | CTLFLAG_SECURE, &dyn_ack_lifetime, 0, "Lifetime of dyn. rules for acks"); -SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, dyn_syn_lifetime, CTLFLAG_RW, +SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, dyn_syn_lifetime, CTLFLAG_RW | CTLFLAG_SECURE, &dyn_syn_lifetime, 0, "Lifetime of dyn. rules for syn"); -SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, dyn_fin_lifetime, CTLFLAG_RW, +SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, dyn_fin_lifetime, CTLFLAG_RW | CTLFLAG_SECURE, &dyn_fin_lifetime, 0, "Lifetime of dyn. rules for fin"); -SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, dyn_rst_lifetime, CTLFLAG_RW, +SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, dyn_rst_lifetime, CTLFLAG_RW | CTLFLAG_SECURE, &dyn_rst_lifetime, 0, "Lifetime of dyn. rules for rst"); -SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, dyn_udp_lifetime, CTLFLAG_RW, +SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, dyn_udp_lifetime, CTLFLAG_RW | CTLFLAG_SECURE, &dyn_udp_lifetime, 0, "Lifetime of dyn. rules for UDP"); -SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, dyn_short_lifetime, CTLFLAG_RW, +SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, dyn_short_lifetime, CTLFLAG_RW | CTLFLAG_SECURE, &dyn_short_lifetime, 0, "Lifetime of dyn. rules for other situations"); SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, dyn_grace_time, CTLFLAG_RD, &dyn_grace_time, 0, "Grace time for dyn. rules"); Index: ip6_fw.c =================================================================== RCS file: /export/freebsd/ncvs/src/sys/netinet6/ip6_fw.c,v retrieving revision 1.18 diff -u -r1.18 ip6_fw.c --- ip6_fw.c 19 Apr 2002 04:46:22 -0000 1.18 +++ ip6_fw.c 12 Jul 2002 06:14:41 -0000 @@ -115,12 +115,16 @@ #ifdef SYSCTL_NODE SYSCTL_DECL(_net_inet6_ip6); -SYSCTL_NODE(_net_inet6_ip6, OID_AUTO, fw, CTLFLAG_RW, 0, "Firewall"); -SYSCTL_INT(_net_inet6_ip6_fw, OID_AUTO, enable, CTLFLAG_RW, +SYSCTL_NODE(_net_inet6_ip6, OID_AUTO, fw, CTLFLAG_RW | CTLFLAG_SECURE, + 0, "Firewall"); +SYSCTL_INT(_net_inet6_ip6_fw, OID_AUTO, enable, CTLFLAG_RW | CTLFLAG_SECURE, &ip6_fw_enable, 0, "Enable ip6fw"); -SYSCTL_INT(_net_inet6_ip6_fw, OID_AUTO, debug, CTLFLAG_RW, &fw6_debug, 0, ""); -SYSCTL_INT(_net_inet6_ip6_fw, OID_AUTO, verbose, CTLFLAG_RW, &fw6_verbose, 0, ""); -SYSCTL_INT(_net_inet6_ip6_fw, OID_AUTO, verbose_limit, CTLFLAG_RW, &fw6_verbose_limit, 0, ""); +SYSCTL_INT(_net_inet6_ip6_fw, OID_AUTO, debug, CTLFLAG_RW | CTLFLAG_SECURE, + &fw6_debug, 0, ""); +SYSCTL_INT(_net_inet6_ip6_fw, OID_AUTO, verbose, CTLFLAG_RW | CTLFLAG_SECURE, + &fw6_verbose, 0, ""); +SYSCTL_INT(_net_inet6_ip6_fw, OID_AUTO, verbose_limit, CTLFLAG_RW | CTLFLAG_SECURE, + &fw6_verbose_limit, 0, ""); #endif #define dprintf(a) do { \ -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Jul 12 1: 0:17 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D0BFC37B400; Fri, 12 Jul 2002 01:00:13 -0700 (PDT) Received: from melusine.cuivre.fr.eu.org (melusine.cuivre.fr.eu.org [62.212.105.185]) by mx1.FreeBSD.org (Postfix) with ESMTP id 14EC443E64; Fri, 12 Jul 2002 01:00:13 -0700 (PDT) (envelope-from thomas@cuivre.fr.eu.org) Received: by melusine.cuivre.fr.eu.org (Postfix, from userid 1000) id 413C12C3D4; Fri, 12 Jul 2002 10:00:10 +0200 (CEST) Date: Fri, 12 Jul 2002 10:00:10 +0200 From: Thomas Quinot To: Alfred Perlstein Cc: bde@freebsd.org, audit@freebsd.org Subject: Re: trpt cleanup Message-ID: <20020712100010.B50744@melusine.cuivre.fr.eu.org> Reply-To: thomas@cuivre.fr.eu.org References: <20020711224521.GD97638@elvis.mu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.5i In-Reply-To: <20020711224521.GD97638@elvis.mu.org>; from bright@mu.org on Thu, Jul 11, 2002 at 03:45:21PM -0700 X-message-flag: WARNING! Using Outlook can damage your computer. Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Le 2002-07-12, Alfred Perlstein écrivait : > -struct nlist nl[] = { > +struct nlist nl[3]; > #define N_TCP_DEBUG 0 > - { "_tcp_debug" }, > #define N_TCP_DEBX 1 > - { "_tcp_debx" }, > - { "" }, > -}; This change, and the corresponding initialization added to main(), is questionable. Having an explicit element count, rather than an initializer, for nl means that the information of many elements there are in nl is sprinkled all over the place (here where nl is declared, and then also at the place where the array is initialized), and that both places need to be kept consistent by hand. Keeping things consistent is a job that compilers do very well, but that programmers tend to botch from time to time: better leave it to the compiler. Thomas. -- Thomas.Quinot@Cuivre.FR.EU.ORG To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Jul 12 1: 6:12 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9847D37B400; Fri, 12 Jul 2002 01:06:09 -0700 (PDT) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3AD7643E4A; Fri, 12 Jul 2002 01:06:09 -0700 (PDT) (envelope-from bright@elvis.mu.org) Received: by elvis.mu.org (Postfix, from userid 1192) id DDF00AE279; Fri, 12 Jul 2002 01:06:08 -0700 (PDT) Date: Fri, 12 Jul 2002 01:06:08 -0700 From: Alfred Perlstein To: Thomas Quinot Cc: bde@freebsd.org, audit@freebsd.org Subject: Re: trpt cleanup Message-ID: <20020712080608.GI97638@elvis.mu.org> References: <20020711224521.GD97638@elvis.mu.org> <20020712100010.B50744@melusine.cuivre.fr.eu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20020712100010.B50744@melusine.cuivre.fr.eu.org> User-Agent: Mutt/1.3.27i Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG * Thomas Quinot [020712 01:00] wrote: > Le 2002-07-12, Alfred Perlstein écrivait : > > > -struct nlist nl[] = { > > +struct nlist nl[3]; > > #define N_TCP_DEBUG 0 > > - { "_tcp_debug" }, > > #define N_TCP_DEBX 1 > > - { "_tcp_debx" }, > > - { "" }, > > -}; > > This change, and the corresponding initialization added to main(), > is questionable. Having an explicit element count, rather than an > initializer, for nl means that the information of many elements there > are in nl is sprinkled all over the place (here where nl is declared, > and then also at the place where the array is initialized), and that > both places need to be kept consistent by hand. Keeping things > consistent is a job that compilers do very well, but that programmers > tend to botch from time to time: better leave it to the compiler. Any suggestions for a workaround? -- -Alfred Perlstein [alfred@freebsd.org] 'Instead of asking why a piece of software is using "1970s technology," start asking why software is ignoring 30 years of accumulated wisdom.' Tax deductible donations for FreeBSD: http://www.freebsdfoundation.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Jul 12 1:27:11 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A08F637B400; Fri, 12 Jul 2002 01:27:07 -0700 (PDT) Received: from melusine.cuivre.fr.eu.org (melusine.cuivre.fr.eu.org [62.212.105.185]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0D49443E42; Fri, 12 Jul 2002 01:27:07 -0700 (PDT) (envelope-from thomas@cuivre.fr.eu.org) Received: by melusine.cuivre.fr.eu.org (Postfix, from userid 1000) id 60D3E2C3D4; Fri, 12 Jul 2002 10:27:05 +0200 (CEST) Date: Fri, 12 Jul 2002 10:27:05 +0200 From: Thomas Quinot To: Alfred Perlstein Cc: Thomas Quinot , bde@freebsd.org, audit@freebsd.org Subject: Re: trpt cleanup Message-ID: <20020712102705.A55925@melusine.cuivre.fr.eu.org> Reply-To: thomas@cuivre.fr.eu.org References: <20020711224521.GD97638@elvis.mu.org> <20020712100010.B50744@melusine.cuivre.fr.eu.org> <20020712080608.GI97638@elvis.mu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.5i In-Reply-To: <20020712080608.GI97638@elvis.mu.org>; from bright@mu.org on Fri, Jul 12, 2002 at 01:06:08AM -0700 X-message-flag: WARNING! Using Outlook can damage your computer. Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Le 2002-07-12, Alfred Perlstein écrivait : > Any suggestions for a workaround? I'd keep the existing declaration: struct nlist nl[] = { #define N_TCP_DEBUG 0 { "_tcp_debug" }, #define N_TCP_DEBX 1 { "_tcp_debx" }, { "" }, }; which allows the addition of other symbols, should any be needed, to be a purely local change. If you'd like to eliminate the need to have a #define in addition to the initializer for each element, I'd suggest the definition of a function that looks up an entry by name (in which case we probably want to specify that names must be sorted, to allow the search to be dichotomic). Also, while we're at it: even though the implementation allows the last element to be denoted by an empty string, the man page for nlist states that the last element is defined by the name being NULL. Thomas. -- Thomas.Quinot@Cuivre.FR.EU.ORG To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Jul 12 12:44:13 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 31FB037B400; Fri, 12 Jul 2002 12:44:07 -0700 (PDT) Received: from mailman.zeta.org.au (mailman.zeta.org.au [203.26.10.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id EAC0843E3B; Fri, 12 Jul 2002 12:44:05 -0700 (PDT) (envelope-from bde@zeta.org.au) Received: from bde.zeta.org.au (bde.zeta.org.au [203.2.228.102]) by mailman.zeta.org.au (8.9.3/8.8.7) with ESMTP id FAA17537; Sat, 13 Jul 2002 05:43:54 +1000 Date: Sat, 13 Jul 2002 05:47:18 +1000 (EST) From: Bruce Evans X-X-Sender: bde@gamplex.bde.org To: Alfred Perlstein Cc: bde@freebsd.org, Subject: Re: trpt cleanup In-Reply-To: <20020711224521.GD97638@elvis.mu.org> Message-ID: <20020713050821.Y29226-100000@gamplex.bde.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, 11 Jul 2002, Alfred Perlstein wrote: > please review > > Index: trpt.c > =================================================================== > RCS file: /home/ncvs/src/usr.sbin/trpt/trpt.c,v > retrieving revision 1.15 > diff -u -r1.15 trpt.c > --- trpt.c 15 May 2002 09:36:46 -0000 1.15 > +++ trpt.c 11 Jul 2002 22:43:55 -0000 > @@ -82,34 +82,38 @@ > #include > #include > #include > +#include > #include > > -struct nlist nl[] = { > +struct nlist nl[3]; > #define N_TCP_DEBUG 0 > - { "_tcp_debug" }, > #define N_TCP_DEBX 1 > - { "_tcp_debx" }, > - { "" }, > -}; I agree with Thomas Quinot about this. > ... > +void tcp_trace(short, short, struct tcpcb *, struct tcpcb *, > + int, void *, struct tcphdr *, int); Style bug: continuation line misformatted in a different way (noticeably worse) than before. > ... > int > -main(argc, argv) > - int argc; > - char **argv; > +main(int argc, char **argv) > { > int ch, i, jflag, npcbs; > - char *system, *core; > + const char *syst; > + const char *core; Style bug: 2 lines of unsorted declarations where there was only 1. I don't like renaming variables to worse names to fix warnings about cosmetic bugs. Unfortunately, system(3) is declared in so it is often in (outer) scope. > + char debug[] = "_tcp_debug"; > + char debx[] = "_tcp_debx"; > + char empty[] = ""; > + > + bzero(nl, sizeof(nl)); > + nl[0].n_name = debug; > + nl[1].n_name = debx; > + nl[2].n_name = empty; Most of this and the above nlist change seem to be to work around warnings about string literals possibly being modified by badly designed interfaces that don't actually modify the strings but don't say this in their prototype. I disagree with changing the string literals to modifiable strings to break the warning about this. The warning is really about the misdesigned interfaces, not about the code. This problem affects dozens of programs. Unfortunately, I can't see any good fix -- the misdesign of nlist(3) is fundamental. All I can think of is writing the above change less verbosely: - remove the bzero(). I think it has no effect here, but in general bzero()ing a statically initialized struct might break the initialization on exotic machines where NULLs or 0.0 are not all-bits-0. - initialize nl[0].n_name to strdup("_tcp_debug") and don't use debug[], etc. - don't initialize the last element to empty, since the last element must be NULL according to nlist(3). > @@ -200,7 +204,7 @@ > qsort(tcp_pcbs, npcbs, sizeof(caddr_t), numeric); > if (jflag) { > for (i = 0;;) { > - printf("%x", tcp_pcbs[i]); > + printf("%p", tcp_pcbs[i]); Should cast the pointer to "void *". %p only has defined behaviour for "void *"'s, and tcpcbs[i] has type caddr_t. > @@ -314,7 +318,7 @@ > void > tcp_trace(act, ostate, atp, tp, family, ip, th, req) > short act, ostate; > - struct tcpcb *atp, *tp; > + struct tcpcb *atp __unused, *tp; Why not just remove the unused arg? > @@ -431,10 +435,12 @@ > printf("\n"); > if (sflag) { > printf("\trcv_nxt %lx rcv_wnd %x snd_una %lx snd_nxt %lx snd_max %lx\n", > - tp->rcv_nxt, tp->rcv_wnd, tp->snd_una, tp->snd_nxt, > - tp->snd_max); > - printf("\tsnd_wl1 %lx snd_wl2 %lx snd_wnd %x\n", tp->snd_wl1, > - tp->snd_wl2, tp->snd_wnd); > + (long)tp->rcv_nxt, (int)tp->rcv_wnd, > + (long)tp->snd_una, (long)tp->snd_nxt, > + (long)tp->snd_max); > + printf("\tsnd_wl1 %lx snd_wl2 %lx snd_wnd %x\n", > + (long)tp->snd_wl1, > + (long)tp->snd_wl2, (int)tp->snd_wnd); > } > /* print out timers? */ > #if 0 The casts here are mostly bogus. tp->rcv_wnd and tp->snd_wnd have type u_long, so they should be printed using %lx, not truncated so that they can be misprinted using %x. tcp_seq has type uint32_t, so it should be converted to u_long for printing with %lx. Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Jul 12 16: 2:28 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E368437B400 for ; Fri, 12 Jul 2002 16:02:25 -0700 (PDT) Received: from mailsrv.otenet.gr (mailsrv.otenet.gr [195.170.0.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id EB1CA43E67 for ; Fri, 12 Jul 2002 16:02:24 -0700 (PDT) (envelope-from keramida@FreeBSD.org) Received: from hades.hell.gr (patr530-b175.otenet.gr [212.205.244.183]) by mailsrv.otenet.gr (8.12.4/8.12.4) with ESMTP id g6CN2LHw020250 for ; Sat, 13 Jul 2002 02:02:23 +0300 (EEST) Received: from hades.hell.gr (hades [127.0.0.1]) by hades.hell.gr (8.12.5/8.12.5) with ESMTP id g6CN2Ksd032431 for ; Sat, 13 Jul 2002 02:02:21 +0300 (EEST) (envelope-from keramida@FreeBSD.org) Received: (from charon@localhost) by hades.hell.gr (8.12.5/8.12.5/Submit) id g6CN2J9t032426 for audit@freebsd.org; Sat, 13 Jul 2002 02:02:19 +0300 (EEST) (envelope-from keramida@FreeBSD.org) Date: Sat, 13 Jul 2002 02:02:19 +0300 From: Giorgos Keramidas To: audit@FreeBSD.org Subject: RFC: minor change in dd/conv.c Message-ID: <20020712230218.GA32122@hades.hell.gr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Operating-System: FreeBSD 5.0-CURRENT i386 X-PGP-Fingerprint: C1EB 0653 DB8B A557 3829 00F9 D60F 941A 3186 03B6 X-Phone: +30-944-116520 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG The following allows bin/dd to build with WARNS=5 on my CURRENT machine at home. I've verified that this generates the same object code without optimizations, and with any level of optimizations up to -O3. The script that I used to check this and details about the tests I did can be found at http://www.FreeBSD.org/~keramida/dd.txt I've mailed green@ on Jul 10, but haven't received any reply yet. So, does this look OK to you all? If yes, should I make the change? %%% Index: Makefile =================================================================== RCS file: /home/ncvs/src/bin/dd/Makefile,v retrieving revision 1.10 diff -u -r1.10 Makefile --- Makefile 4 Feb 2002 02:49:18 -0000 1.10 +++ Makefile 9 Jul 2002 20:34:10 -0000 @@ -3,8 +3,8 @@ PROG= dd SRCS= args.c conv.c conv_tab.c dd.c misc.c position.c -WARNS= 0 -WFORMAT=0 +WARNS?= 5 +WFORMAT?=1 MAINTAINER= green@FreeBSD.org Index: conv.c =================================================================== RCS file: /home/ncvs/src/bin/dd/conv.c,v retrieving revision 1.17 diff -u -r1.17 conv.c --- conv.c 30 Jun 2002 05:13:52 -0000 1.17 +++ conv.c 3 Jul 2002 01:18:36 -0000 @@ -223,8 +223,10 @@ /* Translation and case conversion. */ if ((t = ctab) != NULL) - for (cnt = in.dbrcnt, inp = in.dbp; cnt--;) - *--inp = t[*inp]; + for (cnt = in.dbrcnt, inp = in.dbp; cnt--;) { + --inp; + *inp = t[*inp]; + } /* * Copy records (max cbsz size chunks) into the output buffer. The * translation has to already be done or we might not recognize the %%% To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sat Jul 13 12:59: 5 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 78B7137B400 for ; Sat, 13 Jul 2002 12:59:03 -0700 (PDT) Received: from mail.rpi.edu (mail.rpi.edu [128.113.22.40]) by mx1.FreeBSD.org (Postfix) with ESMTP id DA2A443E31 for ; Sat, 13 Jul 2002 12:59:02 -0700 (PDT) (envelope-from drosih@rpi.edu) Received: from [128.113.24.47] (gilead.netel.rpi.edu [128.113.24.47]) by mail.rpi.edu (8.12.1/8.12.1) with ESMTP id g6DJwuwK074626; Sat, 13 Jul 2002 15:59:00 -0400 Mime-Version: 1.0 X-Sender: drosih@mail.rpi.edu Message-Id: In-Reply-To: References: Date: Sat, 13 Jul 2002 15:58:55 -0400 To: freebsd-print@bostonradio.org From: Garance A Drosihn Subject: Re: Rewritten 'lpc topq', new 'lpc bottomq' Cc: freebsd-audit@FreeBSD.org Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Scanned-By: MIMEDefang 2.3 (www dot roaringpenguin dot com slash mimedefang) Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG At 12:18 AM -0400 7/11/02, Garance A Drosihn wrote: >At 4:00 AM -0400 7/6/02, Garance A Drosihn wrote: > >>It seemed like it would be simple to look at lpc's topq command >>and duplicate it into a bottomq command. >> >>This turned out to be another thread-pulling exercise, and the >>result is a patch that's over 1,100 lines long. I suspect that >>is a bit too much to send in a message, but anyone interested in >>checking over the patch can find it at: >> The third and (hopefully) final version of this patch is at: http://people.freebsd.org/~gad/lpr/lpc-topq-3.diff This includes a patch for the man page. It does not include some of the minor changes to some source files that the two previous patches had, because I have already committed those minor changes to -current. Somehow the patch is still over 1,200 lines :-) I hope to commit this by Wednesday. -- Garance Alistair Drosehn = gad@gilead.netel.rpi.edu Senior Systems Programmer or gad@freebsd.org Rensselaer Polytechnic Institute or drosih@rpi.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message