[request-sponsor] Requesting sponsor for CR #6807179 (ksh93 does unneccesary |libc::getpwnam()| lookups for ~(modifer)pattern patterns)
Casper.Dik at Sun.COM wrote: This is a sponsor request to fix CR #6807179 (ksh93 does unneccesary |libc::getpwnam()| lookups for ~(modifer)pattern patterns) My contributor ID is OS0025. Webrev can be found at http://cr.opensolaris.org/~gisburn/ksh93_integration_cr_6807179_001/ (matching ksh93 test suite module comes later) I'll take this. I hope to get this in this build (110). Thanks! :-) So, if I can have some codereviewers then I can putback this change to build 110. Casper
[request-sponsor] BUG 5007142 Add ntohll and htonll to sys/byteorder.h
On Thu, Feb 14, 2008 at 08:04:57PM +0530, Rishi M Nair wrote: --- byteorder.h.orig Tue Oct 2 19:44:36 2007 +++ byteorder.h Thu Feb 14 17:53:39 2008 @@ -50,6 +50,17 @@ #include asm/byteorder.h #endif +#ifndef htonll +#ifdef _BIG_ENDIAN +#define htonll(x) (x) +#define ntohll(x) (x) +#else +#define htonll(x) uint64_t)htonl(x)) 32) + htonl(x 32)) +#define ntohll(x) uint64_t)ntohl(x)) 32) + ntohl(x 32)) +#endif +#endif + + #ifdef __cplusplus extern C { #endif Be careful - sometimes these simple bugfixes aren't that simple. There are other definitions of htonll() you'll need to plug in as well: usr/src/stand/lib/xdr/byteorder.c usr/src/uts/intel/ia32/ml/ia32.il usr/src/uts/intel/ia32/ml/i86_subr.s usr/src/uts/intel/amd64/ml/amd64.il Also, there are some htonll macros defined for specific modules that should be ripped out so they start using systemwide ones. And you must make sure that the htonll macros are not visible in strict standard conformant mode. Casper
[request-sponsor] Request Sponsor Bug : 6638873 :usermod -m could optimize the move
Avinash Joshi wrote: I just wanted to know how to rename a directory. For moving the dir, there is a built in function ret = move_dir(pstruct-pw_dir, dir, logname); which is defined in usr/src/cmd/oamuser/user/movedir.c Is there a similar function that renames a directory? If the new name is on the same filesystem, see the rename(2) man page. And if not, cobble something together with posix_spawn and mv(1). Casper
[request-sponsor] Request Sponsor for 6613349
My personal stance on this one is that it'd be a good idea to report the mountpoint instead of the device major/minor. What did you have in mind ? Here's what I was thinking: --- a/usr/src/uts/common/os/exec.c Mon Oct 08 20:24:50 2007 -0700 +++ b/usr/src/uts/common/os/exec.c Fri Oct 05 17:02:44 2007 -0600 @@ -604,8 +604,12 @@ gexec( if ((vp-v_vfsp-vfs_flag VFS_NOSETUID) (vattr.va_mode (VSUID|VSGID))) { cmn_err(CE_NOTE, - !%s, uid %d: setuid execution not allowed, dev=%lx, - exec_file, cred-cr_uid, vp-v_vfsp-vfs_dev); + zone: %s, uid %d: setuid execution not allowed, + file=%s, + cred-cr_zone-zone_name, cred-cr_uid, args-pathname); I wasn't sure what things in the vnode might be valid for use in this context (i.e. would vp-v_vfsp-vfs_mntpt be safe to deference), however the args struct from all appearances seems to be safe. For me, I'm more interested in knowing what was being run (or attempted at least). exec_file appears (if I'm understanding the code correctly) to be the unresolved path, while args-pathname appears to be the resolved pathname. Note that args-pathname may be an simple relative pathname. Why have you removed the initial '!' from the message? It has special meaning to cmn_err. I was also wondering if perhaps instead of cmn_err, if it should be zcmn_err instead -- seems like it should go to the zone's console where the suid violation occurred instead of always to the global zone (or perhaps both). If you have any suggestions on that, please let me know (though I'm guessing it'd be better to move the discussion to a different list if more discussion is needed). If not, I'll try to get you a build log from that sometime in the next few days. May I suggest opensolaris-code? Casper
[request-sponsor] request-sponsor(BUG ID(s): 6569630,6604676
Bug ID Number1 : *6569630* synopsis: Vi cannot append text to named buffers category : *utility s*ubcategory : *editor *description : In Single Unix Specification version 2 and 3 vi is required that if a named buffer is specified with an upper-case letter, then the text from a yank or delete command is appended to that buffer instead of replacing it.* This is rather strange because I use this feature often and it works for me. I just tried the steps in the bug report and again it worked for me. So is this even a bug? So is this even a bug? So is this even a bug? Three times because I did: ayy Ayy ap Casper
[request-sponsor] 6344436 FIXed
/solarisws/usr/src/cmd/mv/mv.c this problem exist for unix domain sockets since 'mknod' cannot be used to create socket files. fix is, to check whether the file is a unix domain socket or not. note :value for S_IFSOCK = c000(hex) 'socketfile' __ __ bash-3.00# diff -u mv.c.org mv.c --- mv.c.orgTue Oct 2 20:15:24 2007 +++ mv.cSat Dec 29 11:15:49 2007 @@ -898,11 +898,21 @@ } goto cleanup; } - (void) fprintf(stderr, - gettext(%s: %s: unknown file type 0x%x\n), cmd, - source, (s1.st_mode S_IFMT)); - return (1); + if (( st.st_mode S_IFMT) == S_IFSOCK) { + (void) fprintf(stderr, + gettext(%s: %s: cannot create unix socket file \n), cmd, source); Technically you could create a unix domain socket there (using bind(2)) Casper
[request-sponsor] Can this be a fix for Bug-6490935?
Hi Carol, Now , I have come to know that Ctrl-D doesnot generate a signal but signals EOF. So , i made the following changes in the code again. * char *getresponse(char *oldval) { charresp[MAX_INPUT_LEN]; char*retval = NULL; int resplen; char c; c=getchar(); getchar() returns an int and so c must be of type int. Casper
[request-sponsor] [ksh93-integration-discuss] Requesting sponsor for CR #6451262 (RFE:
On 9/1/07, Roland Mainz roland.mainz at nrubsig.org wrote: Richard L. Hamilton wrote: This is a sponsor request to implement the RFE/CR #6451262 (RFE: /usr/bin/sleep should support floating-point values - considering that /usr/gnu/bin/sleep already does that, how important it is to have yet another implementation of that feature ? So people don't have to add /usr/gnu/bin to $PATH? Casper
[request-sponsor] Adding status support to dd
Note that SA_RESTART must be set; otherwise dd from a pipe or other slow device will return an error condition. I also like Casper's suggestion to use sprintf and write to stderr, since sprintf is now async-signal-safe. Note also that there are three gettext()s of constant strings; these should probably be cached at the beginning of the program so that we completely avoid any unsafe pitfalls. const char *instr = gettext(%llu+%llu records in\n; const char *outstr = gettext(%llu+%llu records out\n; const char *truncstr = gettext(%llu truncated record(s)\n; Casper
[request-sponsor] Request Sponsor for: 6536837 (add -z option to zlogin)
I'd like to request a sponsor for this enhancement: === *Synopsis*: zlogin: Add a -z zonename option http://bt2ws.central.sun.com/CrPrint?id=6536837 *Change Request ID*: 6536837 *Synopsis*: zlogin: Add a -z zonename option Product: solaris Category: opensolaris Subcategory: triage-queue Type: RFE Subtype: Status: 1-Dispatched Substatus: Priority: 4-Low Introduced In Release: Introduced In Build: Responsible Manager: bonnie.corwin at sun.com Responsible Engineer: Initial Evaluator: opensolaris-bugs-triage at sun.com === I am not able to find that bug in bugs.opensolaris.org however I have received a forwarded e-mail that gave me the above information. More notes can be seen in the bug report (if and when you have access to it). So you want to break the current usage of zlogin? zlogin works like telnet/rsh/rlogin/ssh. Casper
[request-sponsor] Request Sponsor for: 6536837 (add -z option to zlogin)
* But I am suggesting we add a -z option so that: zlogin -z THEHOST [other commands] ...is equivalent to: zlogin THEHOST [other commands] How are you supposed to make this work? How do you propose to make it work, given that the following should work: zlogin -z host zlogin host ... zlogin -C -z host but the following must not: zlogin -z -C host zlogin -z -z host Casper
[request-sponsor] Request Sponsor for: 6536837 (add -z option to zlogin)
* But I am suggesting we add a -z option so that: zlogin -z THEHOST [other commands] ...is equivalent to: zlogin THEHOST [other commands] How are you supposed to make this work? How do you propose to make it work, given that the following should work: zlogin -z host zlogin host ... zlogin -C -z host but the following must not: zlogin -z -C host zlogin -z -z host Ok, zo that's easy enough as long as you have -z be an option which accepts an argument and in that case not accept the zonename argument. Casper
[request-sponsor] 1218270 *cat*: cat reports errors in a non-standard fashion
hello, i'm looking for a sponsor for the CR mentioned in the subject. a patch can be found here: http://itanic.attenuate.org/~river/1218270.diff my contributor agreement # is OS0050. I'll take it (this behaviour just happened to bite me again yesterday) Casper
[shell-discuss] Re: [request-sponsor] Requesting sponsor for CR# 6488593(/etc/profile should set TMPDIR to /tmp/$LOGNAME/) ...
Casper.Dik at Sun.COM wrote: Yeah, you'll notice that if you try to su to root and run installers that run pkgadd internally. I use this method, and the StarOffice 8 installer failed quite mysteriously until I realized it was just an instance of that problem and reset TMPDIR to something else. This, unfortunately, kills the whole idea in my mind. (I vaguely remembered similar issues from the past) Why ? the whole idea is about usuablity and not security (see my other postings) ... Ok, if the proposal is ammended to mode 1777 then that is good. Casper
[shell-discuss] Re: [request-sponsor] Requesting sponsor for CR#6488593(/etc/profile should set TMPDIR to /tmp/$LOGNAME/) ...
I disagree. The flat layout in /tmp for all temporary files of all users is very very annoying for both admins and users. I doubt mode 1777 is insecure (yes, you can always craft a case where it goes wrong...). Why? I hard ever look in /tmp. OTOH, GNOME already dumps 3 or four temporary directories plus one for StarOffice so that is a bit much already; organizing them is good. What guarantees that all temporary files are delivered there? Should this really be an administrative option? The code, I pressume, would look something like: if mkdir -p -m 1777 /tmp/$LOGNAME then if [ -w /tmp/$LOGNAME ] then TMPDIR=/tmp/$LOGNAME export TMPDIR fi fi But if we really want to prevent denial of service, then we need to do even more. Casper
[security-discuss] sync as non privileged user (Was Re: [request-sponsor] 4967733 and 6400646)
Assuming we do steps 1 and 2 above, do we get into any problems with POSIX compliance if the default basic privilege set does not include PRIV_SYS_SYNC? There is no such thing as a default basic set. There's a basic set and there's the default set users get when they login; they are generally the same but need not be. An administrator CANNOT manipulate the basic set; he can manipulate the default. Making sync() privileged would violate POSIX; but with basic privileges that is not an issue because everyone gets them in the default configuration. Casper
[request-sponsor] Requesting sponsor for CR# 6488593 (/etc/profile should set TMPDIR to /tmp/$LOGNAME/) ...
Darren J Moffat wrote: Roland Mainz wrote: Hi! Requesting sponsor for CR# 6488593 (/etc/profile should set TMPDIR to /tmp/$LOGNAME/) - patch is included in the RFE... This will I believe need an ARC case since it is a change in default behaviour. It also should be done for all shells not just ones that read /etc/profile. Since I do this myself in my own .profile I feel duty bound to stand up to the plate and by your sponsor for this. So sign me up for putback sponsor and I'll be ARC case submitter too. Good idea (I use this myself :-)). Should the directory be created 700 by default? There's a risk in setting $TMPDIR and making it mode 700; the risk is that programs started under a different uid may start to fail. But it should either by mode 1777 (to mitigate that risk) or 700 for privacy. Casper
[request-sponsor] Requesting sponsor for CR# 6488593 (/etc/profile should set TMPDIR to /tmp/$LOGNAME/) ...
Yeah, you'll notice that if you try to su to root and run installers that run pkgadd internally. I use this method, and the StarOffice 8 installer failed quite mysteriously until I realized it was just an instance of that problem and reset TMPDIR to something else. This, unfortunately, kills the whole idea in my mind. (I vaguely remembered similar issues from the past) And while we all agree that not being able to use $TMPDIR should not cause a horrid failure in any application, I'm afraid that we'd need to fix those bugs first. (Strange, though, since installers usually run as root; so this was with an NFS $TMPDIR?) Casper
[security-discuss] sync as non privileged user (Was Re: [request-sponsor] 4967733 and 6400646)
Why, other than the returning an error we already have 5 such privileges in the basic set. Now in each of those cases (proc_info, proc_session, proc_fork, proc_exec, file_link_any) there is a way to return an error for sync(2) but there is for 'lockfs -f'. And it's exactly what the basic set is intended for. Casper
libast.so and /usr/lib/extendedFILE.so / was: Re: [request-sponsor] telnet(1) cannot handle more than 15 fds
Casper.Dik at Sun.COM wrote: Due to the 32-bit ABI's stdio file descriptor limit, an interposer is being used to F_DUPFD non-stdio file descriptors to 256 and above. This mitigates a problem with 3rd party modules and plugins that use fopen(3C), et al. streams in processes such as Apache HTTP Server that open a large number of file descriptors. Unfortunately, using the interposer causes failures when a child process (e.g. CGI program) subsequently invokes telnet(1). If telnet passed the correct nfds value to select(3C), that failure would be eliminated. In build 39 of Nevada we provide a standard interposer, /usr/lib/extendedFILE.so, which has a similar, but different property. Umpf... for the same reason we were thinking about making the stdio-replacement API in libast public since it it supports an almost unlimited number of stdio channels... Note that /usr/lib/extendedFILE.so does *not* use F_DUPFD; it calls enable_extended_FILE_stdio(-1, -1) which makes a gaurantee on behalf of the application that it does not reference FILE._file and in return the C Library allows for the use of file descriptors 255. The kernel and the C library conspire such that any use of a FILE._file for FILE's opened with a file descriptor over 255 will cause the application to die with SIGABRT. Casper
[request-sponsor] Re: 6317146: syseventd refuses to use custom configuration files on nfs v
On Thu, Sep 01, 2005 at 11:18:50AM -0700, J?rgen Keil wrote: See http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6317146 The workaround section contains the suggested fix. I've got this one. This request for sponser can now be canceled. snv_28 includes a fix for bugid 6346636: expunge readdir_r uses from Solaris, and it has removed the pathconf() call that was failing with an NFS v2 root filesystem. Bug ID 6317146, Synopsis: syseventd refuses to use custom configuration files on nfs v2 root filesystem should probably be closed, too, with a reference to bugid 6346636. I've closed the bug as a duplicate of 6346636. Casper