Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 10 Dec 2001 20:19:09 -0600
From:      Alfred Perlstein <bright@mu.org>
To:        John Baldwin <jhb@FreeBSD.org>
Cc:        mini@haikugeek.com, cvs-all@FreeBSD.org, cvs-committers@FreeBSD.org
Subject:   Re: cvs commit: src/sys/boot/i386/loader version src/share/examp
Message-ID:  <20011210201909.O92148@elvis.mu.org>
In-Reply-To: <XFMail.011210165224.jhb@FreeBSD.org>; from jhb@FreeBSD.org on Mon, Dec 10, 2001 at 04:52:24PM -0800
References:  <200112110049.fBB0nYW71109@freefall.freebsd.org> <XFMail.011210165224.jhb@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
* John Baldwin <jhb@FreeBSD.org> [011210 18:52] wrote:
> 
> On 11-Dec-01 John Baldwin wrote:
> > jhb         2001/12/10 16:49:34 PST
> > 
> >   Modified files:
> >     sys/boot/i386/loader version 
> >     share/examples/bootforth boot.4th loader.rc 
> >     sys/boot/alpha/cdboot version 
> >     sys/boot/alpha/loader version 
> >     sys/boot/common      loader.8 
> >     sys/boot/ficl        loader.c 
> >     sys/boot/forth       loader.4th pnp.4th support.4th 
> >   Log:
> >   - Add 'fwrite' and 'fseek' words for writing to and seeking on files.
> >   - Change the 'fopen' keyword to accept a mode parameter.  Note that this
> >     will break existing 4th scripts that use fopen.  Thus, the loader
> >     version has been bumped and loader.4th has been changed to check for a
> >     sufficient version on i386 and alpha.  Be sure that you either do a full
> >     world build or install or full build and install of sys/boot after this
> >     since loader.old won't work with the new 4th files and vice versa.
> >   
> >   PR:             kern/32389
> >   Submitted by:   Jonathan Mini <mini@haikugeek.com>
> >   Sponsored by:   ClickArray, Inc.
> 
> All these loader commits make it possible to overwrite the existing contents of
> a file on a UFS filesystem.

Yay!  One "cool" feaure at least from a security standpoint would
be adding a write once variable to turn this off so that one can't
use loader to smash /etc/passwd.

John, or Jonathan... ? any plans on giving this a shot?

-Alfred

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011210201909.O92148>