From owner-cvs-lib Wed Sep 13 11:04:45 1995 Return-Path: cvs-lib-owner Received: (from majordom@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id LAA20077 for cvs-lib-outgoing; Wed, 13 Sep 1995 11:04:45 -0700 Received: (from paul@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id LAA20065 ; Wed, 13 Sep 1995 11:04:37 -0700 Date: Wed, 13 Sep 1995 11:04:37 -0700 From: Paul Richards Message-Id: <199509131804.LAA20065@freefall.freebsd.org> To: CVS-commiters, cvs-lib Subject: cvs commit: src/lib/libforms objects.c Sender: cvs-lib-owner@FreeBSD.org Precedence: bulk paul 95/09/13 11:04:36 Modified: lib/libforms objects.c Log: Add missing internal object functions, hard-coded for ncurses for now. From owner-cvs-lib Fri Sep 15 03:02:21 1995 Return-Path: owner-cvs-lib Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id DAA12776 for cvs-lib-outgoing; Fri, 15 Sep 1995 03:02:21 -0700 Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id DAA12732 ; Fri, 15 Sep 1995 03:02:11 -0700 Date: Fri, 15 Sep 1995 03:02:11 -0700 From: David Greenman Message-Id: <199509151002.DAA12732@freefall.freebsd.org> To: CVS-commiters, cvs-lib Subject: cvs commit: src/lib/libc/sys listen.2 Sender: owner-cvs-lib@FreeBSD.org Precedence: bulk davidg 95/09/15 03:02:10 Modified: lib/libc/sys listen.2 Log: Indicate that backlog limit is 32. From owner-cvs-lib Fri Sep 15 03:14:11 1995 Return-Path: owner-cvs-lib Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id DAA13725 for cvs-lib-outgoing; Fri, 15 Sep 1995 03:14:11 -0700 Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id DAA13699 ; Fri, 15 Sep 1995 03:14:05 -0700 Date: Fri, 15 Sep 1995 03:14:05 -0700 From: David Greenman Message-Id: <199509151014.DAA13699@freefall.freebsd.org> To: CVS-commiters, cvs-lib Subject: cvs commit: src/lib/libc/sys listen.2 Sender: owner-cvs-lib@FreeBSD.org Precedence: bulk davidg 95/09/15 03:14:04 Branch: lib/libc/sys RELENG_2_1_0 Modified: lib/libc/sys listen.2 Log: Brought in change from rev 1.2: indicate backlog limit is 32. From owner-cvs-lib Fri Sep 15 06:53:49 1995 Return-Path: owner-cvs-lib Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id GAA02098 for cvs-lib-outgoing; Fri, 15 Sep 1995 06:53:49 -0700 Received: (from peter@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id GAA02069 ; Fri, 15 Sep 1995 06:53:41 -0700 Date: Fri, 15 Sep 1995 06:53:41 -0700 From: Peter Wemm Message-Id: <199509151353.GAA02069@freefall.freebsd.org> To: CVS-commiters, cvs-lib Subject: cvs commit: src/lib/libc/gen syslog.c Sender: owner-cvs-lib@FreeBSD.org Precedence: bulk peter 95/09/15 06:53:41 Modified: lib/libc/gen syslog.c Log: Fix security bugs with a "new approach", using stdio's powerful buffer control hooks. It is similar to an unrolled multi-part snprintf(), in that a "FILE *" is attached to a string buffer. There is also an optimisation for the case where the syslog format string does not contain %m, which should improve performance of "informational" logging, like from ftpd. From owner-cvs-lib Fri Sep 15 07:06:29 1995 Return-Path: owner-cvs-lib Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id HAA04014 for cvs-lib-outgoing; Fri, 15 Sep 1995 07:06:29 -0700 Received: from jhome.DIALix.COM (jhome.DIALix.COM [192.203.228.69]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id HAA03994 ; Fri, 15 Sep 1995 07:06:12 -0700 Received: (from peter@localhost) by jhome.DIALix.COM (8.6.12/8.6.9) id WAA01358; Fri, 15 Sep 1995 22:05:34 +0800 Date: Fri, 15 Sep 1995 22:05:33 +0800 (WST) From: Peter Wemm To: CVS-commiters@freefall.freebsd.org, cvs-lib@freefall.freebsd.org Subject: Re: cvs commit: src/lib/libc/gen syslog.c In-Reply-To: <199509151353.GAA02069@freefall.freebsd.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-cvs-lib@FreeBSD.org Precedence: bulk On Fri, 15 Sep 1995, Peter Wemm wrote: > > peter 95/09/15 06:53:41 > > Modified: lib/libc/gen syslog.c > Log: > Fix security bugs with a "new approach", using stdio's powerful buffer > control hooks. > It is similar to an unrolled multi-part snprintf(), in that a "FILE *" is > attached to a string buffer. There is also an optimisation for the case > where the syslog format string does not contain %m, which should improve > performance of "informational" logging, like from ftpd. > In case anybody looks over this and sees that tbuf is not null terminated, that is intentional. In the original implementation it wasn't either, and I dont use tbuf as a "c-style string" anywhere.. It's just a bunch of arbitary bytes. fmt_cpy *is* used as a c-style string, and is null terminated. Since this is attacking the problem from a different angle, it is possible that it might trip something up somewhere, but I've been running this (and earlier versions) in my libc for a while without any problems (other than mistakes caused by self inflicted stupidity.. :-). -Peter From owner-cvs-lib Fri Sep 15 08:56:16 1995 Return-Path: owner-cvs-lib Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id IAA15420 for cvs-lib-outgoing; Fri, 15 Sep 1995 08:56:16 -0700 Received: from rocky.sri.MT.net (sri.MT.net [204.94.231.129]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id IAA15360 ; Fri, 15 Sep 1995 08:56:02 -0700 Received: (from nate@localhost) by rocky.sri.MT.net (8.6.12/8.6.12) id JAA16368; Fri, 15 Sep 1995 09:58:15 -0600 Date: Fri, 15 Sep 1995 09:58:15 -0600 From: Nate Williams Message-Id: <199509151558.JAA16368@rocky.sri.MT.net> To: Peter Wemm Cc: CVS-commiters@freefall.freebsd.org, cvs-lib@freefall.freebsd.org Subject: Re: cvs commit: src/lib/libc/gen syslog.c In-Reply-To: <199509151353.GAA02069@freefall.freebsd.org> References: <199509151353.GAA02069@freefall.freebsd.org> Sender: owner-cvs-lib@FreeBSD.org Precedence: bulk Peter Wemm writes: > peter 95/09/15 06:53:41 > > Modified: lib/libc/gen syslog.c > Log: > Fix security bugs with a "new approach", using stdio's powerful buffer > control hooks. Thanks for someone doing this. Even if it's not completely secure, it's gotta be better than the original version. Any chance of this getting into 2.1? Nate From owner-cvs-lib Fri Sep 15 09:15:04 1995 Return-Path: owner-cvs-lib Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id JAA18092 for cvs-lib-outgoing; Fri, 15 Sep 1995 09:15:04 -0700 Received: from jhome.DIALix.COM (root@jhome.DIALix.COM [192.203.228.69]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id JAA18028 ; Fri, 15 Sep 1995 09:14:44 -0700 Received: (from peter@localhost) by jhome.DIALix.COM (8.6.12/8.6.9) id AAA03634; Sat, 16 Sep 1995 00:14:24 +0800 Date: Sat, 16 Sep 1995 00:14:23 +0800 (WST) From: Peter Wemm To: Nate Williams cc: CVS-commiters@freefall.freebsd.org, cvs-lib@freefall.freebsd.org Subject: Re: cvs commit: src/lib/libc/gen syslog.c In-Reply-To: <199509151558.JAA16368@rocky.sri.MT.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-cvs-lib@FreeBSD.org Precedence: bulk On Fri, 15 Sep 1995, Nate Williams wrote: > Peter Wemm writes: > > peter 95/09/15 06:53:41 > > > > Modified: lib/libc/gen syslog.c > > Log: > > Fix security bugs with a "new approach", using stdio's powerful buffer > > control hooks. > > Thanks for someone doing this. Even if it's not completely secure, it's > gotta be better than the original version. Any chance of this getting > into 2.1? Lets let it settle for a couple of days of full scale acid testing first... :-) (unless time is of the essence). I personally think it's 100% bombproof from a security point of view, and nobody's pointed out any holes in it of the people who've had this shoved under their noses.. I guess a wider audience is certainly going to prove/disprove it.. :-) Paul Traina was worried that I was not null terminating the buffer being transmitted, and was allowing null characters to be transmitted to syslogd.. I feel that it's more syslogd's problem *if* it chokes on null characters, because *anybody* can compile a program to transmit nulls to syslogd either over /dev/log or via the internet... My testing in that area suggests that syslogd simply truncates the line being logged, which isn't exactly a crisis.. I think it does need to go into 2.1 sooner or later though, because since we ship binaries, it is inevitable that somebody will calculate the magic numbers for 2.0, 2.0.5, 2.1 etc sooner or later. > Nate Cheers, -Peter From owner-cvs-lib Sat Sep 16 02:28:27 1995 Return-Path: owner-cvs-lib Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id CAA09730 for cvs-lib-outgoing; Sat, 16 Sep 1995 02:28:27 -0700 Received: (from phk@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id CAA09720 ; Sat, 16 Sep 1995 02:28:19 -0700 Date: Sat, 16 Sep 1995 02:28:19 -0700 From: Poul-Henning Kamp Message-Id: <199509160928.CAA09720@freefall.freebsd.org> To: CVS-commiters, cvs-lib Subject: cvs commit: src/lib/libc/stdlib Makefile.inc malloc.3 malloc.c free.3 realloc.3 Sender: owner-cvs-lib@FreeBSD.org Precedence: bulk phk 95/09/16 02:28:15 Modified: lib/libc/stdlib Makefile.inc malloc.3 malloc.c Removed: lib/libc/stdlib free.3 realloc.3 Log: ``phkmalloc'' Performance is comparable to gnumalloc if you have sufficient RAM, and it screams around it if you don't. Compiled with "EXTRA_SANITY" until further notice. see malloc.3 for more details. From owner-cvs-lib Sat Sep 16 03:25:08 1995 Return-Path: owner-cvs-lib Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id DAA13945 for cvs-lib-outgoing; Sat, 16 Sep 1995 03:25:08 -0700 Received: from time.cdrom.com (time.cdrom.com [192.216.222.226]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id DAA13930 ; Sat, 16 Sep 1995 03:24:59 -0700 Received: from localhost (localhost [127.0.0.1]) by time.cdrom.com (8.6.12/8.6.9) with SMTP id DAA14786; Sat, 16 Sep 1995 03:21:06 -0700 To: Poul-Henning Kamp cc: CVS-commiters@freefall.freebsd.org, cvs-lib@freefall.freebsd.org Subject: Re: cvs commit: src/lib/libc/stdlib Makefile.inc malloc.3 malloc.c free.3 realloc.3 In-reply-to: Your message of "Sat, 16 Sep 1995 02:28:19 PDT." <199509160928.CAA09720@freefall.freebsd.org> Date: Sat, 16 Sep 1995 03:21:06 -0700 Message-ID: <14783.811246866@time.cdrom.com> From: "Jordan K. Hubbard" Sender: owner-cvs-lib@FreeBSD.org Precedence: bulk > ``phkmalloc'' As if the current crop of sig 11's in -current wasn't already enough to turn one's hair white.. :-) :-) Jordan From owner-cvs-lib Sat Sep 16 09:25:32 1995 Return-Path: owner-cvs-lib Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id JAA07471 for cvs-lib-outgoing; Sat, 16 Sep 1995 09:25:32 -0700 Received: (from paul@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id JAA07445 ; Sat, 16 Sep 1995 09:25:27 -0700 Date: Sat, 16 Sep 1995 09:25:27 -0700 From: Paul Richards Message-Id: <199509161625.JAA07445@freefall.freebsd.org> To: CVS-commiters, cvs-lib Subject: cvs commit: src/lib/libforms/examples Makefile Sender: owner-cvs-lib@FreeBSD.org Precedence: bulk paul 95/09/16 09:25:26 Modified: lib/libforms/examples Makefile Log: Removed libdialog. From owner-cvs-lib Sat Sep 16 10:15:23 1995 Return-Path: owner-cvs-lib Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id KAA11432 for cvs-lib-outgoing; Sat, 16 Sep 1995 10:15:23 -0700 Received: from precipice.shockwave.com (precipice.shockwave.com [171.69.108.33]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id KAA11427 ; Sat, 16 Sep 1995 10:15:18 -0700 Received: from localhost (localhost [127.0.0.1]) by precipice.shockwave.com (8.6.12/8.6.12) with SMTP id KAA00186; Sat, 16 Sep 1995 10:14:47 -0700 Message-Id: <199509161714.KAA00186@precipice.shockwave.com> To: Poul-Henning Kamp cc: CVS-commiters@freefall.freebsd.org, cvs-lib@freefall.freebsd.org Subject: Re: cvs commit: src/lib/libc/stdlib Makefile.inc malloc.3 malloc.c free.3 realloc.3 In-reply-to: Your message of "Sat, 16 Sep 1995 02:28:19 PDT." <199509160928.CAA09720@freefall.freebsd.org> Date: Sat, 16 Sep 1995 10:14:46 -0700 From: Paul Traina Sender: owner-cvs-lib@FreeBSD.org Precedence: bulk Am I blind, or was there no discussion or code review of this in current or committers first? Malloc/free/sbrk is one of those areas where EVERYONE thinks they can do a better job, and usually they end up screwing up. I don't want a faster malloc(), I want one that's not going to break. There are a bunch of programs that break with gnumalloc(), and that's gotten years of pounding on by a large community. I am extremely unhappy that you've taken it upon yourself to change one of the most complicated and central library functions in FreeBSD without a long testing period by dozens of people and with no way to back out. My suggestion is to back out this change immediately, and create a libpmalloc.a library that you and others who wish to use your malloc may use. Consider me really really really pissed. This isn't a game or anyone's personal system. Paul From: Poul-Henning Kamp Subject: cvs commit: src/lib/libc/stdlib Makefile.inc malloc.3 malloc.c free. >>3 realloc.3 phk 95/09/16 02:28:15 Modified: lib/libc/stdlib Makefile.inc malloc.3 malloc.c Removed: lib/libc/stdlib free.3 realloc.3 Log: ``phkmalloc'' Performance is comparable to gnumalloc if you have sufficient RAM, and it screams around it if you don't. Compiled with "EXTRA_SANITY" until further notice. see malloc.3 for more details. From owner-cvs-lib Sat Sep 16 14:38:28 1995 Return-Path: owner-cvs-lib Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id OAA27140 for cvs-lib-outgoing; Sat, 16 Sep 1995 14:38:28 -0700 Received: (from mpp@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id OAA27101 ; Sat, 16 Sep 1995 14:38:18 -0700 From: Mike Pritchard Message-Id: <199509162138.OAA27101@freefall.freebsd.org> Subject: Re: cvs commit: src/lib/libc/stdlib Makefile.inc malloc.3 malloc.c free.3 realloc.3 To: phk@freefall.freebsd.org (Poul-Henning Kamp) Date: Sat, 16 Sep 1995 14:38:18 -0700 (PDT) Cc: CVS-commiters@freefall.freebsd.org, cvs-lib@freefall.freebsd.org In-Reply-To: <199509160928.CAA09720@freefall.freebsd.org> from "Poul-Henning Kamp" at Sep 16, 95 02:28:19 am X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 584 Sender: owner-cvs-lib@FreeBSD.org Precedence: bulk Poul-Henning Kamp wrote: > > phk 95/09/16 02:28:15 > > Modified: lib/libc/stdlib Makefile.inc malloc.3 malloc.c > Removed: lib/libc/stdlib free.3 realloc.3 > Log: > ``phkmalloc'' > Performance is comparable to gnumalloc if you have sufficient RAM, and > it screams around it if you don't. > Compiled with "EXTRA_SANITY" until further notice. > see malloc.3 for more details. Just two comments on this: Is this the best time to bring this in, given the rash of sig11 problems we are currently trying to sort out? Has this been reviewed by anyone?