While ktrace'ing firefox, I managed to produce a ktrace.out file that
makes pledge(2) abort kdump:
$ kdump >/dev/null
Killed
$ dmesg | tail -1
kdump(24965): syscall 5
The problem is that the "rpath" request is dropped in kdump's second
pledge call. However, kdump's sockoptlevelname() formatter
That's what I get for copy out of a manual...
The LIST_EMPTY example lacks an opening curly bracket. The other
examples have it, so it's a pretty obvious fix.
Index: queue.3
===
RCS file: /cvs/src/share/man/man3/queue.3,v
One of the major USA anoncvs servers (anoncvs.usa.openbsd.org) needs
a new home.. It's former hosting location at ISC is going away.
Todd Miller runs this and does a great job of it. What we need is someone
with a well connected place to host the machine. So - if you can host
a box for OpenBSD
Hello,
Patch fixes two small nits related to source node table in PF (a.k.a.
pf_src_tree_tracking).
The first issue comes to `global` argument of pf_insert_src_node(). It is
always 0 everywhere in source code. The `global` is supposed to indicate
whether particular state is bound to global/main
On Sat, Oct 10, 2015 at 02:55:34PM +0200, Tobias Stoeckmann wrote:
> That's what I get for copy out of a manual...
>
> The LIST_EMPTY example lacks an opening curly bracket. The other
> examples have it, so it's a pretty obvious fix.
ok,
-Otto
>
>
> Index: queue.3
>
> I am however curious to this patch. By pledging ksh with exec it appears
> to me that once a pledged process is execve(2)d it looses it's already
> made pledges.
Yes, because that is what it needs.
> This to me seems like
> something that might be undesirable (find remote code
For userspace, SUN_LEN() is an unnecessary BSD-ism. The kernel has to
accept sizeof(struct sockaddr_un) here, so do the simple, portable thing.
ok?
Philip Guenther
Index: nc/netcat.c
===
RCS file: /cvs/src/usr.bin/nc/netcat.c,v
> Some isfoo(char) usages crept back into ftp
Hmm. I wonder how we can keep these errors out of base.
Having to re-audit all the time is painful.
On Sat, 10 Oct 2015, Bob Beck wrote:
> On Sat, Oct 10, 2015 at 04:35:02PM -0700, Philip Guenther wrote:
...
> > @@ -1409,7 +1410,7 @@ recode_credentials(const char *userinfo)
> > char
> > hextochar(const char *str)
> > {
> > - char c, ret;
> > + unsigned char c, ret;
> >
> > c =
On Sat, 10 Oct 2015, Michael McConville wrote:
...
> FWIW, this is a perfect use case for Coccinelle. Below is what I dredged
> up in src/usr.sbin (diff not yet carefully audited, but apparently
> sane).
I'm replying to this multiple times, cc'ing in the particular maintainers
as appropriate.
Currently, npppd's PRIVSEP_OPEN message (abstracted as priv_open())
accepts arbitrary open() flags and passes a mode argument. That
seems...unwise.
In particular, it never passes O_CREAT, so the mode argument isn't needed.
Indeed, the only open 'flags' it needs are O_RDONLY and O_RDWR. If
Some isfoo(char) usages crept back into ftp
ok?
Philip Guenther
Index: ftp/fetch.c
===
RCS file: /cvs/src/usr.bin/ftp/fetch.c,v
retrieving revision 1.142
diff -u -p -r1.142 fetch.c
--- ftp/fetch.c 10 Sep 2015 13:43:35 -
Instead of formatting to a buffer and then writing the buffer to an fd,
just use dprintf to write formatted output directly to the fd.
Note that our dprintf() has the same async-signal-safety as our snprintf()
ok?
Philip Guenther
Index: newfs/mkfs.c
On Sat, 10 Oct 2015, Michael McConville wrote:
> FWIW, this is a perfect use case for Coccinelle. Below is what I dredged
> up in src/usr.sbin (diff not yet carefully audited, but apparently
> sane).
These look good to me. bluhm?
Side note: bluhm, please rename the dprintf() macro to
GNU patch only allows s/.// as a regular expression in substitutions.
Our diff implementation writes s/^\.\././ which is basically the same,
because they are used to change ".." lines into ".".
This is required if an ed-formatted diff tries to create a line that
only has a dot in it. Normally,
As a general rule, programs should not use errno values as an exit status.
Compare "sleep 10001" w/ and w/o this diff.
ok?
Index: sleep.c
===
RCS file: /data/src/openbsd/src/bin/sleep/sleep.c,v
retrieving revision 1.23
diff -u
On Sat, 10 Oct 2015, Theo de Raadt wrote:
> > Some isfoo(char) usages crept back into ftp
>
> Hmm. I wonder how we can keep these errors out of base.
> Having to re-audit all the time is painful.
Right now, _ctype_ is a generic const char * pointer. Maybe there's way
to make it a pointer to
committed with a minor tweak Thanks!
>
> Do I miss something simpler?
>
> Index: bin/rm/rm.1
> ===
> RCS file: /var/cvs/src/bin/rm/rm.1,v
> retrieving revision 1.37
> diff -u -p -r1.37 rm.1
> --- bin/rm/rm.1 25 May 2014 19:07:36
> Currently, npppd's PRIVSEP_OPEN message (abstracted as priv_open())
> accepts arbitrary open() flags and passes a mode argument. That
> seems...unwise.
>
> In particular, it never passes O_CREAT, so the mode argument isn't needed.
> Indeed, the only open 'flags' it needs are O_RDONLY and
On Sat, Oct 10, 2015 at 04:35:02PM -0700, Philip Guenther wrote:
>
> Some isfoo(char) usages crept back into ftp
>
> ok?
>
> Philip Guenther
>
>
> Index: ftp/fetch.c
> ===
> RCS file: /cvs/src/usr.bin/ftp/fetch.c,v
> retrieving
On Sat, 10 Oct 2015, Michael McConville wrote:
> FWIW, this is a perfect use case for Coccinelle. Below is what I dredged
> up in src/usr.sbin (diff not yet carefully audited, but apparently
> sane).
I'm replying to this multiple times, cc'ing in the particular maintainers
as appropriate.
>
On Sat, 10 Oct 2015, Michael McConville wrote:
> FWIW, this is a perfect use case for Coccinelle. Below is what I dredged
> up in src/usr.sbin (diff not yet carefully audited, but apparently
> sane).
The ypserv chunks show your Coccinelle script could use an enhancement...
> ---
On Sat, 10 Oct 2015, Theo de Raadt wrote:
> I don't know the code either, but it is probably better if privsep's had
> more narrow task-specific operations. Like open-specific-file-for-read,
> and open log-over-there. Privsep operations should be tightly
> specified, not very generic.
>
>
alter() wants to set the file's access time to the future without changing
the modification time. utimensat() can do the latter directly with
UTIME_OMIT, eliminating the need for the stat(). Since we're using
timespecs instead of timevals, we can use clock_gettime(CLOCK_REALTIME)
instead of
> Index: sys/kern/kern_pledge.c
> ===
> RCS file: /var/cvs/src/sys/kern/kern_pledge.c,v
> retrieving revision 1.4
> diff -u -p -r1.4 kern_pledge.c
> --- sys/kern/kern_pledge.c9 Oct 2015 05:30:03 - 1.4
> +++
On Sat, 10 Oct 2015, Philip Guenther wrote:
> For userspace, SUN_LEN() is an unnecessary BSD-ism. The kernel has to
> accept sizeof(struct sockaddr_un) here, so do the simple, portable thing.
That was the usr.bin diff; here's the usr.sbin diff.
This also switches some strncpy() to strlcpy(),
Theo de Raadt wrote:
> > Some isfoo(char) usages crept back into ftp
>
> Hmm. I wonder how we can keep these errors out of base.
> Having to re-audit all the time is painful.
FWIW, this is a perfect use case for Coccinelle. Below is what I dredged
up in src/usr.sbin (diff not yet carefully
On Sat, 10 Oct 2015, Michael McConville wrote:
> Theo de Raadt wrote:
> > > Some isfoo(char) usages crept back into ftp
> >
> > Hmm. I wonder how we can keep these errors out of base.
> > Having to re-audit all the time is painful.
>
> FWIW, this is a perfect use case for Coccinelle. Below is
> as well as this:
>
> > --- tcpdump/print-ipsec.c
> > +++ /tmp/cocci-output-17550-499a71-print-ipsec.c
> > @@ -101,7 +101,7 @@ esp_init (char *espspec)
> > s[0] = espkey[2*i];
> > s[1] = espkey[2*i + 1];
> > s[2] = 0;
> > - if (!isxdigit(s[0]) ||
On 10/10/15 02:10, Theo de Raadt wrote:
CVSROOT:/cvs
Module name:src
Changes by: dera...@cvs.openbsd.org 2015/10/09 18:10:08
Modified files:
bin/ksh: Makefile c_sh.c main.c
distrib/special/ksh: Makefile
Log message:
ksh can run with pledge "stdio rpath
Just in case. NULL derefs are easier to find than use-after-frees.
Index: if_iwm.c
===
RCS file: /cvs/src/sys/dev/pci/if_iwm.c,v
retrieving revision 1.53
diff -u -p -r1.53 if_iwm.c
--- if_iwm.c6 Oct 2015 09:12:00 - 1.53
sc_wantresp -1 is special, so give it a proper name.
Also, have all commands wait for completion of active sync commands.
Right now only sync commands wait. We don't use async commands yet,
but if we do in the future they could be sent while a sync command
is still in progress, and I don't think
10 окт. 2015 г. 11:45 пользователь "Stefan Sperling"
написал:
>
> Just in case. NULL derefs are easier to find than use-after-frees.
>
> Index: if_iwm.c
> ===
> RCS file: /cvs/src/sys/dev/pci/if_iwm.c,v
> retrieving
On Sat, Oct 10, 2015 at 08:17:13AM +0200, Martijn van Duren wrote:
> I am however curious to this patch. By pledging ksh with exec it appears to
> me that once a pledged process is execve(2)d it looses it's already made
> pledges. (how else could applications spawned from the shell and still get
>
Fwd from misc@:
- Forwarded message from Craig Skinner -
Date: Wed, 9 Sep 2015 10:10:08 +0100
From: Craig Skinner
To: m...@openbsd.org
Subject: Re: [DIFF] user & group delete named in upgrade57.html
User-Agent: Mutt/1.5.23 (2014-03-12)
35 matches
Mail list logo