kdump perjury: syscall 5

While ktrace'ing firefox, I managed to produce a ktrace.out file that makes pledge(2) abort kdump: $ kdump >/dev/null Killed $ dmesg | tail -1 kdump(24965): syscall 5 The problem is that the "rpath" request is dropped in kdump's second pledge call. However, kdump's sockoptlevelname() formatter

queue.3: missing curly bracket

That's what I get for copy out of a manual... The LIST_EMPTY example lacks an opening curly bracket. The other examples have it, so it's a pretty obvious fix. Index: queue.3 === RCS file: /cvs/src/share/man/man3/queue.3,v

Hey USA americans - Are you at a well connected place? Can you do something for us?

One of the major USA anoncvs servers (anoncvs.usa.openbsd.org) needs a new home.. It's former hosting location at ISC is going away. Todd Miller runs this and does a great job of it. What we need is someone with a well connected place to host the machine. So - if you can host a box for OpenBSD

patch for two nits around pf_insert_src_node() et. al.

Hello, Patch fixes two small nits related to source node table in PF (a.k.a. pf_src_tree_tracking). The first issue comes to `global` argument of pf_insert_src_node(). It is always 0 everywhere in source code. The `global` is supposed to indicate whether particular state is bound to global/main

Re: queue.3: missing curly bracket

On Sat, Oct 10, 2015 at 02:55:34PM +0200, Tobias Stoeckmann wrote: > That's what I get for copy out of a manual... > > The LIST_EMPTY example lacks an opening curly bracket. The other > examples have it, so it's a pretty obvious fix. ok, -Otto > > > Index: queue.3 >

Re: pledge(2) and exec

> I am however curious to this patch. By pledging ksh with exec it appears > to me that once a pledged process is execve(2)d it looses it's already > made pledges. Yes, because that is what it needs. > This to me seems like > something that might be undesirable (find remote code

don't need to use SUN_LEN() w/bind + connect

For userspace, SUN_LEN() is an unnecessary BSD-ism. The kernel has to accept sizeof(struct sockaddr_un) here, so do the simple, portable thing. ok? Philip Guenther Index: nc/netcat.c === RCS file: /cvs/src/usr.bin/nc/netcat.c,v

Re: ftp: ctype interfaces need unsigned chars

> Some isfoo(char) usages crept back into ftp Hmm. I wonder how we can keep these errors out of base. Having to re-audit all the time is painful.

Re: ftp: ctype interfaces need unsigned chars

On Sat, 10 Oct 2015, Bob Beck wrote: > On Sat, Oct 10, 2015 at 04:35:02PM -0700, Philip Guenther wrote: ... > > @@ -1409,7 +1410,7 @@ recode_credentials(const char *userinfo) > > char > > hextochar(const char *str) > > { > > - char c, ret; > > + unsigned char c, ret; > > > > c =

Re: ftp: ctype interfaces need unsigned chars

On Sat, 10 Oct 2015, Michael McConville wrote: ... > FWIW, this is a perfect use case for Coccinelle. Below is what I dredged > up in src/usr.sbin (diff not yet carefully audited, but apparently > sane). I'm replying to this multiple times, cc'ing in the particular maintainers as appropriate.

npppd: simplify and lock down priv_open()

Currently, npppd's PRIVSEP_OPEN message (abstracted as priv_open()) accepts arbitrary open() flags and passes a mode argument. That seems...unwise. In particular, it never passes O_CREAT, so the mode argument isn't needed. Indeed, the only open 'flags' it needs are O_RDONLY and O_RDWR. If

ftp: ctype interfaces need unsigned chars

Some isfoo(char) usages crept back into ftp ok? Philip Guenther Index: ftp/fetch.c === RCS file: /cvs/src/usr.bin/ftp/fetch.c,v retrieving revision 1.142 diff -u -p -r1.142 fetch.c --- ftp/fetch.c 10 Sep 2015 13:43:35 -

prefer dprintf() over snprintf()+write()

Instead of formatting to a buffer and then writing the buffer to an fd, just use dprintf to write formatted output directly to the fd. Note that our dprintf() has the same async-signal-safety as our snprintf() ok? Philip Guenther Index: newfs/mkfs.c

Re: ftp: ctype interfaces need unsigned chars

On Sat, 10 Oct 2015, Michael McConville wrote: > FWIW, this is a perfect use case for Coccinelle. Below is what I dredged > up in src/usr.sbin (diff not yet carefully audited, but apparently > sane). These look good to me. bluhm? Side note: bluhm, please rename the dprintf() macro to

diff: use s/.// ed-substitution

GNU patch only allows s/.// as a regular expression in substitutions. Our diff implementation writes s/^\.\././ which is basically the same, because they are used to change ".." lines into ".". This is required if an ed-formatted diff tries to create a line that only has a dot in it. Normally,

sleep: don't return errno from main()

As a general rule, programs should not use errno values as an exit status. Compare "sleep 10001" w/ and w/o this diff. ok? Index: sleep.c === RCS file: /data/src/openbsd/src/bin/sleep/sleep.c,v retrieving revision 1.23 diff -u

Re: ftp: ctype interfaces need unsigned chars

On Sat, 10 Oct 2015, Theo de Raadt wrote: > > Some isfoo(char) usages crept back into ftp > > Hmm. I wonder how we can keep these errors out of base. > Having to re-audit all the time is painful. Right now, _ctype_ is a generic const char * pointer. Maybe there's way to make it a pointer to

Re: Don't allow "rm -rf /"

committed with a minor tweak Thanks! > > Do I miss something simpler? > > Index: bin/rm/rm.1 > === > RCS file: /var/cvs/src/bin/rm/rm.1,v > retrieving revision 1.37 > diff -u -p -r1.37 rm.1 > --- bin/rm/rm.1 25 May 2014 19:07:36

Re: npppd: simplify and lock down priv_open()

> Currently, npppd's PRIVSEP_OPEN message (abstracted as priv_open()) > accepts arbitrary open() flags and passes a mode argument. That > seems...unwise. > > In particular, it never passes O_CREAT, so the mode argument isn't needed. > Indeed, the only open 'flags' it needs are O_RDONLY and

Re: ftp: ctype interfaces need unsigned chars

On Sat, Oct 10, 2015 at 04:35:02PM -0700, Philip Guenther wrote: > > Some isfoo(char) usages crept back into ftp > > ok? > > Philip Guenther > > > Index: ftp/fetch.c > === > RCS file: /cvs/src/usr.bin/ftp/fetch.c,v > retrieving

Re: ftp: ctype interfaces need unsigned chars

On Sat, 10 Oct 2015, Michael McConville wrote: > FWIW, this is a perfect use case for Coccinelle. Below is what I dredged > up in src/usr.sbin (diff not yet carefully audited, but apparently > sane). I'm replying to this multiple times, cc'ing in the particular maintainers as appropriate. >

Re: ftp: ctype interfaces need unsigned chars

On Sat, 10 Oct 2015, Michael McConville wrote: > FWIW, this is a perfect use case for Coccinelle. Below is what I dredged > up in src/usr.sbin (diff not yet carefully audited, but apparently > sane). The ypserv chunks show your Coccinelle script could use an enhancement... > ---

Re: npppd: simplify and lock down priv_open()

On Sat, 10 Oct 2015, Theo de Raadt wrote: > I don't know the code either, but it is probably better if privsep's had > more narrow task-specific operations. Like open-specific-file-for-read, > and open log-over-there. Privsep operations should be tightly > specified, not very generic. > >

mail: better timestamp updating

alter() wants to set the file's access time to the future without changing the modification time. utimensat() can do the latter directly with UTIME_OMIT, eliminating the need for the stat(). Since we're using timespecs instead of timevals, we can use clock_gettime(CLOCK_REALTIME) instead of

Re: kdump perjury: syscall 5

> Index: sys/kern/kern_pledge.c > === > RCS file: /var/cvs/src/sys/kern/kern_pledge.c,v > retrieving revision 1.4 > diff -u -p -r1.4 kern_pledge.c > --- sys/kern/kern_pledge.c9 Oct 2015 05:30:03 - 1.4 > +++

Re: don't need to use SUN_LEN() w/bind + connect

On Sat, 10 Oct 2015, Philip Guenther wrote: > For userspace, SUN_LEN() is an unnecessary BSD-ism. The kernel has to > accept sizeof(struct sockaddr_un) here, so do the simple, portable thing. That was the usr.bin diff; here's the usr.sbin diff. This also switches some strncpy() to strlcpy(),

Re: ftp: ctype interfaces need unsigned chars

Theo de Raadt wrote: > > Some isfoo(char) usages crept back into ftp > > Hmm. I wonder how we can keep these errors out of base. > Having to re-audit all the time is painful. FWIW, this is a perfect use case for Coccinelle. Below is what I dredged up in src/usr.sbin (diff not yet carefully

Re: ftp: ctype interfaces need unsigned chars

On Sat, 10 Oct 2015, Michael McConville wrote: > Theo de Raadt wrote: > > > Some isfoo(char) usages crept back into ftp > > > > Hmm. I wonder how we can keep these errors out of base. > > Having to re-audit all the time is painful. > > FWIW, this is a perfect use case for Coccinelle. Below is

Re: ftp: ctype interfaces need unsigned chars

> as well as this: > > > --- tcpdump/print-ipsec.c > > +++ /tmp/cocci-output-17550-499a71-print-ipsec.c > > @@ -101,7 +101,7 @@ esp_init (char *espspec) > > s[0] = espkey[2*i]; > > s[1] = espkey[2*i + 1]; > > s[2] = 0; > > - if (!isxdigit(s[0]) ||

pledge(2) and exec

On 10/10/15 02:10, Theo de Raadt wrote: CVSROOT:/cvs Module name:src Changes by: dera...@cvs.openbsd.org 2015/10/09 18:10:08 Modified files: bin/ksh: Makefile c_sh.c main.c distrib/special/ksh: Makefile Log message: ksh can run with pledge "stdio rpath

iwm: set mbuf pointers to NULL after free

Just in case. NULL derefs are easier to find than use-after-frees. Index: if_iwm.c === RCS file: /cvs/src/sys/dev/pci/if_iwm.c,v retrieving revision 1.53 diff -u -p -r1.53 if_iwm.c --- if_iwm.c6 Oct 2015 09:12:00 - 1.53

iwm: name for magic number + wait for sync commands

sc_wantresp -1 is special, so give it a proper name. Also, have all commands wait for completion of active sync commands. Right now only sync commands wait. We don't use async commands yet, but if we do in the future they could be sent while a sync command is still in progress, and I don't think

Re: iwm: set mbuf pointers to NULL after free

10 окт. 2015 г. 11:45 пользователь "Stefan Sperling" написал: > > Just in case. NULL derefs are easier to find than use-after-frees. > > Index: if_iwm.c > === > RCS file: /cvs/src/sys/dev/pci/if_iwm.c,v > retrieving

Re: pledge(2) and exec

On Sat, Oct 10, 2015 at 08:17:13AM +0200, Martijn van Duren wrote: > I am however curious to this patch. By pledging ksh with exec it appears to > me that once a pledged process is execve(2)d it looses it's already made > pledges. (how else could applications spawned from the shell and still get >

Fwd: [DIFF] user & group delete named in upgrade57.html

Fwd from misc@: - Forwarded message from Craig Skinner - Date: Wed, 9 Sep 2015 10:10:08 +0100 From: Craig Skinner To: m...@openbsd.org Subject: Re: [DIFF] user & group delete named in upgrade57.html User-Agent: Mutt/1.5.23 (2014-03-12)