From owner-freebsd-audit Mon Sep 9 11: 0:42 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 300ED37B405 for ; Mon, 9 Sep 2002 11:00:37 -0700 (PDT) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9A6A743E6A for ; Mon, 9 Sep 2002 11:00:36 -0700 (PDT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g89I0aJU047651 for ; Mon, 9 Sep 2002 11:00:36 -0700 (PDT) (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g89I0aD0047647 for audit@freebsd.org; Mon, 9 Sep 2002 11:00:36 -0700 (PDT) Date: Mon, 9 Sep 2002 11:00:36 -0700 (PDT) Message-Id: <200209091800.g89I0aD0047647@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: audit@FreeBSD.org Subject: Current problem reports assigned to you Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Current FreeBSD problem reports Critical problems Serious problems Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- a [1999/01/28] bin/9770 audit An openpty(3) auxiliary program 1 problem total. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Wed Sep 11 8:34:52 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9F53237B400 for ; Wed, 11 Sep 2002 08:34:08 -0700 (PDT) Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id EFCAA43E65 for ; Wed, 11 Sep 2002 08:34:07 -0700 (PDT) (envelope-from nectar@nectar.cc) Received: from madman.nectar.cc (madman.nectar.cc [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id 969D344 for ; Wed, 11 Sep 2002 10:34:07 -0500 (CDT) Received: by madman.nectar.cc (Postfix, from userid 1001) id 5FF1A137BAB; Wed, 11 Sep 2002 10:34:07 -0500 (CDT) Date: Wed, 11 Sep 2002 10:34:07 -0500 From: "Jacques A. Vidrine" To: freebsd-audit@FreeBSD.org Subject: res_send/res_query/res_search Message-ID: <20020911153407.GA3486@madman.nectar.cc> Mail-Followup-To: "Jacques A. Vidrine" , freebsd-audit@FreeBSD.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4i X-Url: http://www.celabo.org/ Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hello, When using res_send/res_query/res_search, the caller must either (1) insure enough space is available for the response (up to 64K) OR (2) check the return value and retry the request with a bigger buffer if the return value is larger than the buffer size A simple patch for (1) is included below. Please review. I'd like to commit this now, while if in some areas doing (2) is somehow better, then that can be followed up. Cheers! Index: net/getaddrinfo.c =================================================================== RCS file: /home/ncvs/src/lib/libc/net/getaddrinfo.c,v retrieving revision 1.9.2.9 diff -c -I\$FreeBSD -r1.9.2.9 getaddrinfo.c *** net/getaddrinfo.c 3 Mar 2002 18:45:30 -0000 1.9.2.9 --- net/getaddrinfo.c 6 Sep 2002 12:48:58 -0000 *************** *** 182,192 **** #define PTON_MAX 4 #endif ! #if PACKETSZ > 1024 ! #define MAXPACKET PACKETSZ ! #else ! #define MAXPACKET 1024 ! #endif typedef union { HEADER hdr; --- 182,188 ---- #define PTON_MAX 4 #endif ! #define MAXPACKET 65536 typedef union { HEADER hdr; Index: net/gethostbydns.c =================================================================== RCS file: /home/ncvs/src/lib/libc/net/gethostbydns.c,v retrieving revision 1.27.2.2 diff -c -I\$FreeBSD -r1.27.2.2 gethostbydns.c *** net/gethostbydns.c 26 Jun 2002 06:24:29 -0000 1.27.2.2 --- net/gethostbydns.c 6 Sep 2002 12:46:32 -0000 *************** *** 96,106 **** static void addrsort __P((char **, int)); #endif ! #if PACKETSZ > 1024 ! #define MAXPACKET PACKETSZ ! #else ! #define MAXPACKET 1024 ! #endif typedef union { HEADER hdr; --- 96,102 ---- static void addrsort __P((char **, int)); #endif ! #define MAXPACKET 65536 typedef union { HEADER hdr; Index: net/getnetbydns.c =================================================================== RCS file: /home/ncvs/src/lib/libc/net/getnetbydns.c,v retrieving revision 1.13.2.2 diff -c -I\$FreeBSD -r1.13.2.2 getnetbydns.c *** net/getnetbydns.c 26 Jun 2002 06:34:18 -0000 1.13.2.2 --- net/getnetbydns.c 6 Sep 2002 12:53:19 -0000 *************** *** 85,95 **** #define BYNAME 1 #define MAXALIASES 35 ! #if PACKETSZ > 1024 ! #define MAXPACKET PACKETSZ ! #else ! #define MAXPACKET 1024 ! #endif typedef union { HEADER hdr; --- 85,91 ---- #define BYNAME 1 #define MAXALIASES 35 ! #define MAXPACKET 65536 typedef union { HEADER hdr; Index: net/name6.c =================================================================== RCS file: /home/ncvs/src/lib/libc/net/name6.c,v retrieving revision 1.6.2.6 diff -c -I\$FreeBSD -r1.6.2.6 name6.c *** net/name6.c 26 Jun 2002 06:06:43 -0000 1.6.2.6 --- net/name6.c 6 Sep 2002 12:47:21 -0000 *************** *** 994,1004 **** int rtl_type; }; ! #if PACKETSZ > 1024 ! #define MAXPACKET PACKETSZ ! #else ! #define MAXPACKET 1024 ! #endif typedef union { HEADER hdr; --- 994,1000 ---- int rtl_type; }; ! #define MAXPACKET 65536 typedef union { HEADER hdr; Index: net/res_query.c =================================================================== RCS file: /home/ncvs/src/lib/libc/net/res_query.c,v retrieving revision 1.19.2.2 diff -c -I\$FreeBSD -r1.19.2.2 res_query.c *** net/res_query.c 7 Jul 2002 11:34:42 -0000 1.19.2.2 --- net/res_query.c 6 Sep 2002 12:54:01 -0000 *************** *** 89,99 **** #include "res_config.h" ! #if PACKETSZ > 1024 ! #define MAXPACKET PACKETSZ ! #else ! #define MAXPACKET 1024 ! #endif /* * Formulate a normal query, send, and await answer. --- 89,95 ---- #include "res_config.h" ! #define MAXPACKET 65536 /* * Formulate a normal query, send, and await answer. Index: net/res_update.c =================================================================== RCS file: /home/ncvs/src/lib/libc/net/res_update.c,v retrieving revision 1.2.2.1 diff -c -I\$FreeBSD -r1.2.2.1 res_update.c *** net/res_update.c 5 Mar 2001 10:47:11 -0000 1.2.2.1 --- net/res_update.c 6 Sep 2002 12:50:57 -0000 *************** *** 52,57 **** --- 52,58 ---- */ #define NSMAX 16 + #define MAXPACKET 65536 struct ns1 { char nsname[MAXDNAME]; *************** *** 72,78 **** int res_update(ns_updrec *rrecp_in) { ns_updrec *rrecp, *tmprrecp; ! u_char buf[PACKETSZ], answer[PACKETSZ], packet[2*PACKETSZ]; char name[MAXDNAME], zname[MAXDNAME], primary[MAXDNAME], mailaddr[MAXDNAME]; u_char soardata[2*MAXCDNAME+5*INT32SZ]; --- 73,79 ---- int res_update(ns_updrec *rrecp_in) { ns_updrec *rrecp, *tmprrecp; ! u_char buf[PACKETSZ], answer[MAXPACKET], packet[2*PACKETSZ]; char name[MAXDNAME], zname[MAXDNAME], primary[MAXDNAME], mailaddr[MAXDNAME]; u_char soardata[2*MAXCDNAME+5*INT32SZ]; -- Jacques A. Vidrine http://www.celabo.org/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Sep 13 13: 2:16 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E73EC37B401; Fri, 13 Sep 2002 13:02:10 -0700 (PDT) Received: from smtp.hccnet.nl (smtp.hccnet.nl [62.251.0.13]) by mx1.FreeBSD.org (Postfix) with ESMTP id F062843E42; Fri, 13 Sep 2002 13:01:52 -0700 (PDT) (envelope-from znerd@FreeBSD.org) Received: from there by smtp.hccnet.nl via uds69-45.dial.hccnet.nl [62.251.45.69] with SMTP id WAA09258 (8.8.8/1.13); Fri, 13 Sep 2002 22:01:49 +0200 (MET DST) Message-Id: <200209132001.WAA09258@smtp.hccnet.nl> Content-Type: text/plain; charset="iso-8859-1" From: Ernst de Haan Organization: FreeBSD Project To: audit@FreeBSD.org Subject: daemonctl.c: setuid/setgid Date: Fri, 13 Sep 2002 22:01:48 +0200 X-Mailer: KMail [version 1.3.2] MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Cc: Ari Suutari , Kris Kennaway , java@FreeBSD.org Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Dear audit :) Hereby I request a review of a patch for a daemon control program. The file in question is: ports/www/jakarta-tomcat4/files/daemonctl.c This program is specifically written for controlling the starting and stopping of Java-based web servers and application servers. The idea is that anyone in a certain group (typically group 'www') can call this program. The program will then assume a certain identity (typically user 'www') before starting the Java virtual machine. The daemonctl program is installed as both setuid and setgid. This daemonctl program is first preprocessed by the makefile to customize it for a certain web/application server. The daemonctl program is used for these ports: o Tomcat 3.x (www/jakarta-tomcat3) o Tomcat 4.0.x (www/jakarta-tomcat4) o Tomcat 4.1.x (www/jakarta-tomcat41) o Orion/stable (www/orion) o Orion/current (www/orion-devel) o JBoss 2.x (java/jboss2) o JBoss 3.x (java/jboss3) The problem is that a number of Java virtual machines need an environment to be set up before starting up. This includes the native FreeBSD JDK 1.3.1 (from ports/java/jdk13). A suggested solution (by Ari Suutari) is that at the beginning of the daemonctl program the following code is executed: setuid(geteuid()); setgid(getegid()) (Just above the ``argument = argv[1];'' line). I ask for this review because I don't know what the exact consequences of this are. Kris suggested that I should get this reviewed by audit. Is it okay to commit these changes or would they impact security? SEE ALSO: 1. The thread about this subject on freebsd-java: http://www.geocrawler.com/mail/thread.php3?subject=Jboss3ctl+update+%28I+think+I+know+the+problem%29&list=162 2. The CVS log for daemonctl.c: http://www.freebsd.org/cgi/cvsweb.cgi/ports/www/jakarta-tomcat4/files/daemonctl.c -- E: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Sep 13 16:28:22 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8A10737B400; Fri, 13 Sep 2002 16:28:19 -0700 (PDT) Received: from gnuppy.monkey.org (wsip68-15-8-100.sd.sd.cox.net [68.15.8.100]) by mx1.FreeBSD.org (Postfix) with ESMTP id 664A843E81; Fri, 13 Sep 2002 16:28:18 -0700 (PDT) (envelope-from billh@gnuppy.monkey.org) Received: from billh by gnuppy.monkey.org with local (Exim 3.36 #1 (Debian)) id 17pzrE-0000Vb-00; Fri, 13 Sep 2002 16:28:16 -0700 Date: Fri, 13 Sep 2002 16:28:16 -0700 To: Ernst de Haan Cc: audit@FreeBSD.org, Ari Suutari , Kris Kennaway , java@FreeBSD.org Subject: Re: daemonctl.c: setuid/setgid Message-ID: <20020913232816.GA1933@gnuppy.monkey.org> References: <200209132001.WAA09258@smtp.hccnet.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200209132001.WAA09258@smtp.hccnet.nl> User-Agent: Mutt/1.4i From: Bill Huey (Hui) Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Fri, Sep 13, 2002 at 10:01:48PM +0200, Ernst de Haan wrote: > Dear audit :) > > Hereby I request a review of a patch for a daemon control program. > > The file in question is: ports/www/jakarta-tomcat4/files/daemonctl.c I was just looking at it last night and the first thing that came to mind was the hard coded JVM path. I'd like that turned into a macro or something that's command line specifiable at startup. bill To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sat Sep 14 10:32: 1 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6F2C337B400 for ; Sat, 14 Sep 2002 10:31:57 -0700 (PDT) Received: from south.nanolink.com (south.nanolink.com [217.75.134.10]) by mx1.FreeBSD.org (Postfix) with SMTP id 4835D43E6A for ; Sat, 14 Sep 2002 10:31:56 -0700 (PDT) (envelope-from roam@straylight.ringlet.net) Received: (qmail 75645 invoked by uid 85); 14 Sep 2002 17:40:16 -0000 Received: from discworld.nanolink.com (HELO straylight.ringlet.net) (217.75.135.248) by south.nanolink.com with SMTP; 14 Sep 2002 17:40:14 -0000 Received: (qmail 1668 invoked by uid 1000); 14 Sep 2002 17:26:02 -0000 Date: Sat, 14 Sep 2002 20:26:02 +0300 From: Peter Pentchev To: freebsd-audit@FreeBSD.org Subject: [CFR] ncal(1): month names on the cmdline Message-ID: <20020914172602.GA1621@straylight.oblivion.bg> Mail-Followup-To: freebsd-audit@FreeBSD.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="TRYliJ5NKNqkz5bu" Content-Disposition: inline User-Agent: Mutt/1.5.1i X-Virus-Scanned: by Nik's Monitoring Daemon (AMaViS perl-11d ) Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --TRYliJ5NKNqkz5bu Content-Type: multipart/mixed; boundary="+QahgC5+KEYLbs62" Content-Disposition: inline --+QahgC5+KEYLbs62 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, What do people think about the attached patch, which teaches ncal(1) (and cal(1)) to parse month names if invoked with both a month and year specification? It is not terribly necessary, but it just might turn out to be useful :) Examples: [roam@straylight:v2 ~]$ LANG=3DC ncal August 2002 August 2002 Mo 5 12 19 26 Tu 6 13 20 27 We 7 14 21 28 Th 1 8 15 22 29 Fr 2 9 16 23 30 Sa 3 10 17 24 31 Su 4 11 18 25 [roam@straylight:v2 ~]$ LANG=3DC cal sep 2001 September 2001 Su Mo Tu We Th Fr Sa 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 [roam@straylight:v2 ~]$ (warning: Windows-1251 character set in the following example) [roam@straylight:v2 ~]$ cal =D1=84=D0=B5=D0=B2 2000 =D0=A4=D0=B5=D0=B2=D1=80=D1=83=D0=B0=D1=80=D0=B8 2000 =D0=9D=D0=B4 =D0=9F=D0=BD =D0=92=D1=82 =D0=A1=D1=80 =D0=A7=D1=82 =D0=9F=D1= =82 =D0=A1=D0=B1 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 [roam@straylight:v2 ~]$ G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 because I didn't think of a good beginning of it. --+QahgC5+KEYLbs62 Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="usr.bin-ncal.patch" Index: src/usr.bin/ncal/ncal.1 =================================================================== RCS file: /home/ncvs/src/usr.bin/ncal/ncal.1,v retrieving revision 1.14 diff -u -r1.14 ncal.1 --- src/usr.bin/ncal/ncal.1 3 Jun 2002 15:02:02 -0000 1.14 +++ src/usr.bin/ncal/ncal.1 14 Sep 2002 10:52:43 -0000 @@ -99,7 +99,8 @@ will .Em not display a calendar for 1989. -Two parameters denote the month (1 - 12) and year. +Two parameters denote the month and year; the month is either a number between +1 and 12, or a full or abbreviated name as specified by the current locale. .Pp A year starts on Jan 1. .Sh SEE ALSO Index: src/usr.bin/ncal/ncal.c =================================================================== RCS file: /home/ncvs/src/usr.bin/ncal/ncal.c,v retrieving revision 1.17 diff -u -r1.17 ncal.c --- src/usr.bin/ncal/ncal.c 28 Apr 2002 12:25:03 -0000 1.17 +++ src/usr.bin/ncal/ncal.c 14 Sep 2002 10:57:40 -0000 @@ -162,6 +162,7 @@ void mkmonth(int year, int month, int jd_flag, struct monthlines * monthl); void mkmonthb(int year, int month, int jd_flag, struct monthlines * monthl); void mkweekdays(struct weekdays * wds); +int parsemonth(const char *s); void printcc(void); void printeaster(int year, int julian, int orthodox); void printmonth(int year, int month, int jd_flag); @@ -306,9 +307,11 @@ case 2: if (flag_easter) usage(); - m = atoi(*argv++); + m = parsemonth(*argv++); if (m < 1 || m > 12) - errx(EX_USAGE, "month %d not in range 1..12", m); + errx(EX_USAGE, + "%s is neither a month number (1..12) or a name", + argv[-1]); /* FALLTHROUGH */ case 1: y = atoi(*argv++); @@ -847,4 +850,21 @@ memset(blanks, ' ', sizeof(blanks)); sprintf(s, "%.*s%s", (int)(w - strlen(t)) / 2, blanks, t); return (s); +} + +int +parsemonth(const char *s) +{ + int v; + char *cp; + struct tm tm; + + v = (int)strtol(s, &cp, 10); + if (cp != s) + return (v); + if (strptime(s, "%B", &tm) != NULL) + return (tm.tm_mon + 1); + if (strptime(s, "%b", &tm) != NULL) + return (tm.tm_mon + 1); + return (0); } --+QahgC5+KEYLbs62-- --TRYliJ5NKNqkz5bu Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE9g3Eq7Ri2jRYZRVMRAqh+AJ41AeZUEVdVkDqcqSWdz3briZEXyQCfeurU RHBbZER+gwmD5FLUi9Jn3xE= =2mZk -----END PGP SIGNATURE----- --TRYliJ5NKNqkz5bu-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message