openbsd
9 years agounfortunately tame "stdio" can only happen well after the sequence of:
deraadt [Tue, 6 Oct 2015 03:25:02 +0000 (03:25 +0000)]
unfortunately tame "stdio" can only happen well after the sequence of:
utmp parsing, tty opening, setresgid to drop privs.  it only protects
a basic io loop.
discussed with doug

9 years agoadapt to recent sshkey_parse_private_fileblob() API change
djm [Tue, 6 Oct 2015 01:20:59 +0000 (01:20 +0000)]
adapt to recent sshkey_parse_private_fileblob() API change

9 years agoThe performance hit for -fstack-protector-all is worth it here.
deraadt [Tue, 6 Oct 2015 00:30:30 +0000 (00:30 +0000)]
The performance hit for -fstack-protector-all is worth it here.
ok gilles

9 years agoAppears that tame "stdio getpw rpath" will satisfy all code paths.
deraadt [Tue, 6 Oct 2015 00:24:20 +0000 (00:24 +0000)]
Appears that tame "stdio getpw rpath" will satisfy all code paths.

9 years agoDuring getopt(), an optional file may be opened. After that, tame "stdio"
deraadt [Mon, 5 Oct 2015 23:59:11 +0000 (23:59 +0000)]
During getopt(), an optional file may be opened.  After that, tame "stdio"
works.

Time for some commentary!  tame became possible because syslog(3) in
openbsd uses a system call -- sendsyslog(2) -- which does not require
an elaborate dance opening an AF_UNIX socket and using connect() or
send() to deliver to a "/dev/log" unix socket in the filesystem.
sendsyslog(2) was invented to ensure the stack-protector's
__stack_smash_handler() can gaurantee delivery of failure messages to
syslogd(8) in harsh conditions -- such as file descriptor exhaustion
or inside chroot(2).  Now it also works in tame(2)'d proceses, since
sendsyslog(2) is always allowed.  Our syslog(3) needs no elaborate
socket code, therefore piles of software does not have an inate need
for socket(2), connect(2), send(2), nor access to the filesystem.
syslog(3) remains fully compatible otherwise.

How does the stack protector report an error in fully capsicum'd
program?  Or in some other Linux protection mechanism, if someone
protectes a program too far and takes sockets away, how do they see
the stack protector working?

You can have nice things when the underlying rules change.

9 years agotame "stdio rpath wpath cpath", because this program reads and creates
deraadt [Mon, 5 Oct 2015 23:42:40 +0000 (23:42 +0000)]
tame "stdio rpath wpath cpath", because this program reads and creates
files, using stdio.   It does nothing else.

9 years agoRemove EXTERN from lex.h and put the definitions in lex.c, from Michael
nicm [Mon, 5 Oct 2015 23:32:15 +0000 (23:32 +0000)]
Remove EXTERN from lex.h and put the definitions in lex.c, from Michael
McConville.

9 years agoRemove EXTERN from table.h and put the definitions in table.c, from
nicm [Mon, 5 Oct 2015 23:26:58 +0000 (23:26 +0000)]
Remove EXTERN from table.h and put the definitions in table.c, from
Michael McConville.

9 years agoAnother trivial update, some extra bits for timezone, from file 5.x.
nicm [Mon, 5 Oct 2015 23:21:52 +0000 (23:21 +0000)]
Another trivial update, some extra bits for timezone, from file 5.x.

9 years agoSet the line file descriptor nonblocking and make it blocking again for
nicm [Mon, 5 Oct 2015 23:15:31 +0000 (23:15 +0000)]
Set the line file descriptor nonblocking and make it blocking again for
xmodem and child processes, makes xmodem work with -d. Reported by Kim
Zeitler via guenther@, tested by Jiri B. ok (and a small change) guenther

9 years agoFix efiboot not to use the usual kernel load address. Load the kernel in
yasuoka [Mon, 5 Oct 2015 22:59:39 +0000 (22:59 +0000)]
Fix efiboot not to use the usual kernel load address.  Load the kernel in
an allocated region and also move the stack to the end of the heap region.
Then move the kernel to the usual place just before run the kernel, after
calling ExitBootService().

report/test Toby Slight, Brian Conway

9 years agoVery trivial changes from file 5.x: spelling mistakes, %ld->%d and some
nicm [Mon, 5 Oct 2015 22:48:26 +0000 (22:48 +0000)]
Very trivial changes from file 5.x: spelling mistakes, %ld->%d and some
style nits.

9 years agoGet BE and LE UTF-32 correct, from file 5.x.
nicm [Mon, 5 Oct 2015 22:45:26 +0000 (22:45 +0000)]
Get BE and LE UTF-32 correct, from file 5.x.

9 years agoUpdate compress magic from the upstream file 5.x magic files.
nicm [Mon, 5 Oct 2015 22:36:23 +0000 (22:36 +0000)]
Update compress magic from the upstream file 5.x magic files.

9 years agoactually use lbuf in getmailname()
stsp [Mon, 5 Oct 2015 22:08:14 +0000 (22:08 +0000)]
actually use lbuf in getmailname()
ok millert@ gilles@

9 years agochange a few examples to be more stylistic. pointed out by rob pierce
tedu [Mon, 5 Oct 2015 21:59:29 +0000 (21:59 +0000)]
change a few examples to be more stylistic. pointed out by rob pierce

9 years agoRemove the non-standard -l flag that pipes the output through pr(1).
millert [Mon, 5 Oct 2015 20:15:00 +0000 (20:15 +0000)]
Remove the non-standard -l flag that pipes the output through pr(1).
Based on a diff from and OK deraadt@

9 years agoAdd support for !:strength modifier to adjust strength of a test.
nicm [Mon, 5 Oct 2015 20:05:52 +0000 (20:05 +0000)]
Add support for !:strength modifier to adjust strength of a test.

9 years agoOffset into the file can be size_t and add some casts to remove warnings.
nicm [Mon, 5 Oct 2015 19:50:38 +0000 (19:50 +0000)]
Offset into the file can be size_t and add some casts to remove warnings.

9 years agoRevert if_oqdrops accounting changes done in kernel, per request from mpi@.
uebayasi [Mon, 5 Oct 2015 19:05:09 +0000 (19:05 +0000)]
Revert if_oqdrops accounting changes done in kernel, per request from mpi@.

(Especially adding IF_DROP() after IFQ_ENQUEUE() was completely wrong because
IFQ_ENQUEUE() already does it.  Oops.)

After this revert, the situation becomes:

- if_snd.ifq_drops is incremented in either IFQ_ENQUEUE() or IF_DROP(), but
  it is not shown to userland, and

- if_data.ifi_oqdrops is shown to userland, but it is not incremented by
  anyone.

9 years agoStyle nits on a couple of casts.
nicm [Mon, 5 Oct 2015 17:53:56 +0000 (17:53 +0000)]
Style nits on a couple of casts.

9 years agoUse explicit_bzero() instead of memset() for zeroing out secrets.
millert [Mon, 5 Oct 2015 17:31:17 +0000 (17:31 +0000)]
Use explicit_bzero() instead of memset() for zeroing out secrets.
OK deraadt@

9 years agothis process deserves -fstack-protector-all
deraadt [Mon, 5 Oct 2015 17:26:22 +0000 (17:26 +0000)]
this process deserves -fstack-protector-all

9 years agosome more bzero->explicit_bzero, from Michael McConville
djm [Mon, 5 Oct 2015 17:11:21 +0000 (17:11 +0000)]
some more bzero->explicit_bzero, from Michael McConville

9 years agocorrect picasso's birth date;
jmc [Mon, 5 Oct 2015 16:41:51 +0000 (16:41 +0000)]
correct picasso's birth date;
from comet (freebsd 116952), via richard

9 years agoalpha ramdisk ran out of space, very slightly. Probably due to the
deraadt [Mon, 5 Oct 2015 16:29:55 +0000 (16:29 +0000)]
alpha ramdisk ran out of space, very slightly.  Probably due to the
development of tame?  option CD9660 and mount_cd9660 are already
absent, so remove the cd(4) driver
ok miod

9 years agotame "stdio inet cmsg" should work well in the session engine.
deraadt [Mon, 5 Oct 2015 16:16:41 +0000 (16:16 +0000)]
tame "stdio inet cmsg" should work well in the session engine.
ok benno

9 years agoKNF a switch statement, moving a local variable up a frame as well -
deraadt [Mon, 5 Oct 2015 16:09:56 +0000 (16:09 +0000)]
KNF a switch statement, moving a local variable up a frame as well -
carefully.

9 years agoOut, damned whitespace!
krw [Mon, 5 Oct 2015 16:07:57 +0000 (16:07 +0000)]
Out, damned whitespace!

9 years agoCount IFQ_ENQUEUE() failure as output drop.
uebayasi [Mon, 5 Oct 2015 15:57:27 +0000 (15:57 +0000)]
Count IFQ_ENQUEUE() failure as output drop.

mpi@ prefers checking IFQ_ENQUEUE() error, and this matches that.

OK dlg@

9 years agoDon't count IF_DROP()'ed packets as if_oerrors too.
uebayasi [Mon, 5 Oct 2015 15:52:46 +0000 (15:52 +0000)]
Don't count IF_DROP()'ed packets as if_oerrors too.

mpi@ plans to clean-up IF_DROP()'s, but fix consistent use of it for now.

OK dlg@

9 years agoRemove unused errstr variable.
millert [Mon, 5 Oct 2015 15:50:01 +0000 (15:50 +0000)]
Remove unused errstr variable.

9 years agouse different tame requests if TMPDIR is in env:
semarie [Mon, 5 Oct 2015 15:42:54 +0000 (15:42 +0000)]
use different tame requests if TMPDIR is in env:
- tmppath for when mktemp() operates in /tmp proper
- cpath+wpath for use of $TMPDIR

based on log-message from previous commit

ok deraadt@

9 years agoHandle ifi_oqdrops in netstat(8).
uebayasi [Mon, 5 Oct 2015 15:40:39 +0000 (15:40 +0000)]
Handle ifi_oqdrops in netstat(8).

OK mpi@ dlg@

9 years agoAccumulate ifq_drops into if_oqdrops if if_start().
uebayasi [Mon, 5 Oct 2015 15:39:01 +0000 (15:39 +0000)]
Accumulate ifq_drops into if_oqdrops if if_start().

mpi@ questioned usefulness of if_snd.ifq_drops, but this is what exists now.
This area is going to be readily polished.

OK dlg@

9 years agoTeach snmpd(8) about if_oqdrops.
uebayasi [Mon, 5 Oct 2015 15:29:14 +0000 (15:29 +0000)]
Teach snmpd(8) about if_oqdrops.

OK mpi@ dlg@

9 years agoIf expression omits -exec/execdir/-ok primaries, then find will never
deraadt [Mon, 5 Oct 2015 15:25:16 +0000 (15:25 +0000)]
If expression omits -exec/execdir/-ok primaries, then find will never
enter the fork+execve codepath.  That allows use of "stdio getpw rpath"!
Use of -exec methods have been discouraged for years anyways, with
-print0/xargs -0 now considered safer practice.
ok guenther millert

9 years agoAdd ifi_oqdrops and its alias to struct if_data.
uebayasi [Mon, 5 Oct 2015 15:19:29 +0000 (15:19 +0000)]
Add ifi_oqdrops and its alias to struct if_data.

Necessary bumps in Ports will be handled by sthen@.

OK mpi@ dlg@

9 years agoIf the -l flag is set, diff will fork/execve pr on a pipe. But other
deraadt [Mon, 5 Oct 2015 15:16:23 +0000 (15:16 +0000)]
If the -l flag is set, diff will fork/execve pr on a pipe.  But other
uses can tame "stdio wpath rpath cpath tmppath".  tmppath for when
mktemp() operates in /tmp proper, but cpath+wpath for use of $TMPDIR.
ok sthen millert

9 years agocorrect a rtget() error check
semarie [Mon, 5 Oct 2015 14:58:37 +0000 (14:58 +0000)]
correct a rtget() error check
this function could only return 0 or 1, and 1 on error.

avoid to deref an uninitialised variable if rtget() return an error.

ok millert@ benno@ deraadt@

9 years agothese 3 files do not need sys/socket.h
deraadt [Mon, 5 Oct 2015 14:18:33 +0000 (14:18 +0000)]
these 3 files do not need sys/socket.h

9 years agotame "stdio rpath" or tame "stdio" suffices for all of these programs.
deraadt [Mon, 5 Oct 2015 13:30:30 +0000 (13:30 +0000)]
tame "stdio rpath" or tame "stdio" suffices for all of these programs.
fairly easy to audit by running nm and noticing nothing beyond base
stdio except for fopen/freopen.  Then review all callpaths to those
functions, and place the tame() calls.
ok sthen

9 years agoThis can use tame "stdio rpath" from the top. If we are only working on
deraadt [Mon, 5 Oct 2015 13:27:45 +0000 (13:27 +0000)]
This can use tame "stdio rpath" from the top.  If we are only working on
stdin, an additional tame "stdio" is easy.
same diff from sthen

9 years agotame "stdio rpath" works. (Someone could refactor the processing loop
deraadt [Mon, 5 Oct 2015 13:24:39 +0000 (13:24 +0000)]
tame "stdio rpath" works.  (Someone could refactor the processing loop
to handle the stdin case without rpath, but it looks a bit invasive.
ok sthen

9 years agoSimplify iwm(4) newstate task by only queuing one state transition
stsp [Mon, 5 Oct 2015 13:05:08 +0000 (13:05 +0000)]
Simplify iwm(4) newstate task by only queuing one state transition
at a time. The newstate task now always transitions to the most
recently requested state, rather than hopping along with every request.

This allows us get rid of the silly newstate generation counter, and
we can now task_del() a pending transition when the interface goes down.
While several issues with this driver remain, I believe this change
does not introduce new problems.

Tested by myself, jasper@, and zhuk@

9 years agoFactor LACP frame processing out to a separate task
mikeb [Mon, 5 Oct 2015 13:00:04 +0000 (13:00 +0000)]
Factor LACP frame processing out to a separate task

This is slightly refactored version of the diff by jmatthew@
that makes use of a single per-trunk task but retains per-port
mbuf queues.

Running LACP frame processing in a task context allows a simple
way to synchronize changes to the trunk ports and trunk itself
performed from the ioctl, timeout and task contexts with a kernel
lock.

OK mpi

9 years agoRemove 'landisk' from the comment about NUMBOOT archs. Only one
krw [Mon, 5 Oct 2015 12:49:58 +0000 (12:49 +0000)]
Remove 'landisk' from the comment about NUMBOOT archs. Only one
NUMBOOT arch is left: Vax.

9 years agofix some spelling messes.
sobrado [Mon, 5 Oct 2015 10:25:59 +0000 (10:25 +0000)]
fix some spelling messes.

9 years agotypo.
sobrado [Mon, 5 Oct 2015 10:25:19 +0000 (10:25 +0000)]
typo.

9 years agoFix missing checks for truncation of long file names. Rather than
ratchov [Mon, 5 Oct 2015 07:18:03 +0000 (07:18 +0000)]
Fix missing checks for truncation of long file names. Rather than
checking for truncation every time we touch the string, simply allocate
a memory chunk large enough to store the full path.

9 years agotame "stdio rpath" works fine, as long as we sidestep the demangling
deraadt [Mon, 5 Oct 2015 07:16:03 +0000 (07:16 +0000)]
tame "stdio rpath" works fine, as long as we sidestep the demangling
process which involves fork+execve....
ok doug

9 years agoSince the dawn of time, this has contained freopen() for the tty path
deraadt [Mon, 5 Oct 2015 07:09:46 +0000 (07:09 +0000)]
Since the dawn of time, this has contained freopen() for the tty path
with mode "w", as root, since "w" implies O_CREAT.  That will create
the raw file in /dev if it does not yet exist (due to a lie in utmp).
It should use "r+", to open it for for O_RDWR only.
Oh man this reminds me of 1988, how old is this bug?
ok doug

9 years agotame "stdio rpath" initially; if we find out the only file operated on
deraadt [Mon, 5 Oct 2015 06:59:18 +0000 (06:59 +0000)]
tame "stdio rpath" initially; if we find out the only file operated on
is stdin, then we can drop directly to tame "stdio"
ok doug

9 years agotame "stdio rpath wpath cpath fattr", because this creates new files,
deraadt [Mon, 5 Oct 2015 06:57:01 +0000 (06:57 +0000)]
tame "stdio rpath wpath cpath fattr", because this creates new files,
fchmod's them, and possibly renames them.
ok doug

9 years agorefactor, so we don't a C function in a .h file, yuck!
deraadt [Mon, 5 Oct 2015 06:54:59 +0000 (06:54 +0000)]
refactor, so we don't a C function in a .h file, yuck!

9 years agoFix ip_is_idle_packet() to parse packets properly.
yasuoka [Mon, 5 Oct 2015 06:51:50 +0000 (06:51 +0000)]
Fix ip_is_idle_packet() to parse packets properly.
diff from Yuuichi Someya

9 years agotame "stdio getpw" right at the top; this runs the whole gamut of
deraadt [Mon, 5 Oct 2015 06:43:31 +0000 (06:43 +0000)]
tame "stdio getpw" right at the top; this runs the whole gamut of
getpw/gr type functions allowed in that set.
ok doug

9 years agotame "stdio rpath" for the entire lifetime. newsyntax() could open a file
deraadt [Mon, 5 Oct 2015 06:36:18 +0000 (06:36 +0000)]
tame "stdio rpath" for the entire lifetime.  newsyntax() could open a file
very early on, but next() can open one quite late.
ok doug

9 years agosmall KNF
deraadt [Mon, 5 Oct 2015 06:30:37 +0000 (06:30 +0000)]
small KNF

9 years agotame "stdio rpath" early on, but if we discover only stdin is being
deraadt [Mon, 5 Oct 2015 06:26:33 +0000 (06:26 +0000)]
tame "stdio rpath" early on, but if we discover only stdin is being
operated on switch to tame "stdio".  Reformat a very ugly code block
without braces to squeeze the tame calls in.
ok doug

9 years agouse the normal -1 check for tame failure
deraadt [Mon, 5 Oct 2015 06:23:34 +0000 (06:23 +0000)]
use the normal -1 check for tame failure

9 years agouse the normal -1 check for tame failure
deraadt [Mon, 5 Oct 2015 06:21:15 +0000 (06:21 +0000)]
use the normal -1 check for tame failure

9 years agotame "stdio rpath" is enough for the general case, which opens file
deraadt [Mon, 5 Oct 2015 06:17:05 +0000 (06:17 +0000)]
tame "stdio rpath" is enough for the general case, which opens file
after file from argv.  If it is discovered to be reading from stdin only,
go to tame "stdio"
ok doug

9 years agoMake sure dot is not set after tz - fixes incorrect handling, which allows
jsing [Mon, 5 Oct 2015 06:13:58 +0000 (06:13 +0000)]
Make sure dot is not set after tz - fixes incorrect handling, which allows
20151005171301+1.09Z to be treated as a valid time.

ok beck@

9 years agotame "stdio rpath" works here. It may look like the stdin case can avoid
deraadt [Mon, 5 Oct 2015 06:05:42 +0000 (06:05 +0000)]
tame "stdio rpath" works here.  It may look like the stdin case can avoid
opening files, but no... a file could indicate nested import of another
file, so rpath is needed.
ok doug

9 years agocol can be locked down with tame "stdio", in case it is fed nasty input,
deraadt [Mon, 5 Oct 2015 06:04:18 +0000 (06:04 +0000)]
col can be locked down with tame "stdio", in case it is fed nasty input,
or if it has bugs.  The previous commits by schwarze indicate the latter
case was very true until recently...
ok doug

9 years agobanner can be restricted to tame "stdio". if this program is put into a
deraadt [Mon, 5 Oct 2015 05:33:29 +0000 (05:33 +0000)]
banner can be restricted to tame "stdio".  if this program is put into a
foreign-data pipeline, and happens to contain a string handling bug, i do
not want it being controlled to open a socket.
ok doug

9 years agotame "stdio rpath" works for all use cases of pwd(1). In part this
deraadt [Mon, 5 Oct 2015 05:24:12 +0000 (05:24 +0000)]
tame "stdio rpath" works for all use cases of pwd(1).  In part this
success could be because our getcwd() is backed by a system call, unlike
historical practice.  Didn't think it through competely, but this could
burn someone else later, if they try to port this code to another system.
Anyways, good enough for us.
all cases tested by doug

9 years agoRemove disklabel -B support on landisk - superseded by MI installboot.
miod [Mon, 5 Oct 2015 04:43:03 +0000 (04:43 +0000)]
Remove disklabel -B support on landisk - superseded by MI installboot.

9 years agoNo need to create {sd,wd}boot links to xxboot anymore.
miod [Mon, 5 Oct 2015 04:38:27 +0000 (04:38 +0000)]
No need to create {sd,wd}boot links to xxboot anymore.

9 years agoUse MI installboot instead of disklabel -B to put boot blocks on installation
miod [Mon, 5 Oct 2015 04:31:21 +0000 (04:31 +0000)]
Use MI installboot instead of disklabel -B to put boot blocks on installation
media.

9 years agoCopy the stage2 file to / in md_installboot().
miod [Mon, 5 Oct 2015 04:30:35 +0000 (04:30 +0000)]
Copy the stage2 file to / in md_installboot().

9 years agoOops. Missed file in fdisk commit.
krw [Mon, 5 Oct 2015 03:13:25 +0000 (03:13 +0000)]
Oops. Missed file in fdisk commit.

9 years agoWrap <resolv.h> so that internal calls go direct
guenther [Mon, 5 Oct 2015 02:57:16 +0000 (02:57 +0000)]
Wrap <resolv.h> so that internal calls go direct

ok millert@

9 years agoWhen the SIA state is declared for a given destination, reset the
renato [Mon, 5 Oct 2015 01:59:33 +0000 (01:59 +0000)]
When the SIA state is declared for a given destination, reset the
adjacency with the unresponsive neighbor(s).

9 years agoTweak man page to describe newly enhanced '-g' operation.
krw [Mon, 5 Oct 2015 01:48:48 +0000 (01:48 +0000)]
Tweak man page to describe newly enhanced '-g' operation.

9 years agoEnhance '-g' to create a default GPT label in addition to the protective
krw [Mon, 5 Oct 2015 01:39:07 +0000 (01:39 +0000)]
Enhance '-g' to create a default GPT label in addition to the protective
MBR. If '-b' is specified an EFI System partition of the requested size is
created. All remaining space is put into an OpenBSD partition.

Minimal enhancement necessary for upcoming UEFI install support.
Committed first to flush out any unexpected impacts on 'normal' MBR
operation and install media.

ok deraadt@

9 years agouser land -> userland; from Rob Pierce
deraadt [Mon, 5 Oct 2015 01:23:17 +0000 (01:23 +0000)]
user land -> userland; from Rob Pierce

9 years agouser land -> userland; from Rob Pierce
deraadt [Mon, 5 Oct 2015 01:22:34 +0000 (01:22 +0000)]
user land -> userland; from Rob Pierce

9 years agoIgnore IPv4 TLVs in IPv6 instances and vice-versa.
renato [Sun, 4 Oct 2015 23:08:57 +0000 (23:08 +0000)]
Ignore IPv4 TLVs in IPv6 instances and vice-versa.

9 years agoFix warnings and add safeguards to protect against corrupted data.
renato [Sun, 4 Oct 2015 23:00:10 +0000 (23:00 +0000)]
Fix warnings and add safeguards to protect against corrupted data.

9 years agoAdd option to configure or disable the DUAL active timeout.
renato [Sun, 4 Oct 2015 22:54:38 +0000 (22:54 +0000)]
Add option to configure or disable the DUAL active timeout.

9 years agomention sendto(2) destination address restriction for "rw"
djm [Sun, 4 Oct 2015 20:47:16 +0000 (20:47 +0000)]
mention sendto(2) destination address restriction for "rw"
subset; ok deraadt, feedback & ok jmc

9 years agotweak initial output a bit: do not show number of light sensors, just show if
jung [Sun, 4 Oct 2015 20:00:50 +0000 (20:00 +0000)]
tweak initial output a bit: do not show number of light sensors, just show if
some is found or not, also remove kbdled output as there is no (known) way to
test if (not) available at all

9 years agodmesg has two modes. The normal sysctl mode, and the -M/-N kvm searcher.
deraadt [Sun, 4 Oct 2015 18:49:30 +0000 (18:49 +0000)]
dmesg has two modes.  The normal sysctl mode, and the -M/-N kvm searcher.
In both cases once the relevant setup is done, it can drop to tame "stdio".

9 years agoremove tame "proc". it is not useful, because the "ed" diffs require
deraadt [Sun, 4 Oct 2015 18:11:22 +0000 (18:11 +0000)]
remove tame "proc".  it is not useful, because the "ed" diffs require
fork+execve, and execve is not going to become available in this fashion.
ed diffs should be handled using a built-in handler, and various folks
have been discussing this behind the scenes.

9 years agoMove getcwd to a seperate area, with a hand-waving explanation for why
deraadt [Sun, 4 Oct 2015 17:55:21 +0000 (17:55 +0000)]
Move getcwd to a seperate area, with a hand-waving explanation for why
it is RPATH|WPATH... nothing changes, just the new explanation.

9 years agoAlso needs "rpath" for some circumstances.
deraadt [Sun, 4 Oct 2015 16:50:29 +0000 (16:50 +0000)]
Also needs "rpath" for some circumstances.

9 years agoadd _eigrpd user/group
deraadt [Sun, 4 Oct 2015 16:35:01 +0000 (16:35 +0000)]
add _eigrpd user/group

9 years agoexpr can use tame "stdio"
deraadt [Sun, 4 Oct 2015 16:01:07 +0000 (16:01 +0000)]
expr can use tame "stdio"
ok semarie

9 years agols can use tame "stdio rpath getpw". It does uid/gid lookups, using
deraadt [Sun, 4 Oct 2015 16:00:43 +0000 (16:00 +0000)]
ls can use tame "stdio rpath getpw".  It does uid/gid lookups, using
the 4.4bsd libc caching varients called user_from_uid/group_from_uid,
which are backed by getpw*/getgr* type functions.
ok semarie

9 years agodf is a tame "stdio rpath" program, the rpath due to getfsstat and statfs.
deraadt [Sun, 4 Oct 2015 15:54:15 +0000 (15:54 +0000)]
df is a tame "stdio rpath" program, the rpath due to getfsstat and statfs.
those two system calls were put into the "rpath" catagory because they
expose pathname information.

9 years agoRemove useless pattern_t typedef, POSIX regex is here to stay so
millert [Sun, 4 Oct 2015 15:23:24 +0000 (15:23 +0000)]
Remove useless pattern_t typedef, POSIX regex is here to stay so
just use regex_t directly.

9 years agoApply some style(9), tweak a few things for readability and add some
jsing [Sun, 4 Oct 2015 15:15:11 +0000 (15:15 +0000)]
Apply some style(9), tweak a few things for readability and add some
additional bounds checks.

ok beck@

9 years agoRemove #ifdefs for non-POSIX systems. Also remove #ifdef for
millert [Sun, 4 Oct 2015 15:03:24 +0000 (15:03 +0000)]
Remove #ifdefs for non-POSIX systems.  Also remove #ifdef for
SIGWINCH, it is not POSIX but it is a defacto standard.
OK deraadt@

9 years agoafter dd has opened it's files and done the tape positioning ioctl, we
deraadt [Sun, 4 Oct 2015 15:01:47 +0000 (15:01 +0000)]
after dd has opened it's files and done the tape positioning ioctl, we
can tame "stdio" it.
ok semarie

9 years agoPlural.
ajacoutot [Sun, 4 Oct 2015 13:38:25 +0000 (13:38 +0000)]
Plural.

9 years agoMake it possible to give the same action to several daemons at once.
ajacoutot [Sun, 4 Oct 2015 13:38:11 +0000 (13:38 +0000)]
Make it possible to give the same action to several daemons at once.
e.g.
# rcctl restart sshd ntpd

from Martijn van Duren with tweaks
ok sthen@

9 years agoa macmini has no light sensor, but reading from light sensor keys is
jung [Sun, 4 Oct 2015 12:07:58 +0000 (12:07 +0000)]
a macmini has no light sensor, but reading from light sensor keys is
successful, while info/type reading from same keys fails and avoids
initialization;
so check the validity flag earlier and do not try to attach invalid
(non-existing) keys

debugged with help from kettenis

9 years agofix custom popen to return pid to caller instead of tracking in a giant
tedu [Sun, 4 Oct 2015 11:58:09 +0000 (11:58 +0000)]
fix custom popen to return pid to caller instead of tracking in a giant
array. this implies we can't use a function pointer for close, but also
means we get to repair some abuse of the comma operator.
ok miod