more on tame
42 tame calls have been commited to 28 userland programs so far.
For instance gzip, md5, ping, traceroute, tcpdump, script, arp,
whois, ntpd, sshd...
Below is a tree of roughly a hundred more programs. Not all are
fully verified yet, but they being placed in snapshots.
Some of these I did myself, but others were contributed. I am trying
to focus on the programs which do either file or socket behaviour, but
not both. Or, on the programs which do their fd setup early.
I appreciate the feedback I've received so far.
Index: bin/dd/dd.c
===
RCS file: /cvs/src/bin/dd/dd.c,v
retrieving revision 1.21
diff -u -p -u -r1.21 dd.c
--- bin/dd/dd.c 16 Jan 2015 06:39:31 - 1.21
+++ bin/dd/dd.c 28 Sep 2015 20:15:11 -
@@ -149,6 +149,9 @@ setup(void)
if (out.offset)
pos_out();
+ if (tame("stdio", NULL) == -1)
+ err(1, "tame");
+
/*
* Truncate the output file; ignore errors because it fails on some
* kinds of output files, tapes, for example.
Index: bin/df/df.c
===
RCS file: /cvs/src/bin/df/df.c,v
retrieving revision 1.52
diff -u -p -u -r1.52 df.c
--- bin/df/df.c 16 Jan 2015 06:39:31 - 1.52
+++ bin/df/df.c 2 Oct 2015 00:19:01 -
@@ -79,6 +79,9 @@ main(int argc, char *argv[])
int width, maxwidth;
char *mntpt;
+ if (tame("stdio rpath", NULL) == -1)
+ err(1, "tame");
+
while ((ch = getopt(argc, argv, "hiklnPt:")) != -1)
switch (ch) {
case 'h':
Index: bin/expr/expr.c
===
RCS file: /cvs/src/bin/expr/expr.c,v
retrieving revision 1.20
diff -u -p -u -r1.20 expr.c
--- bin/expr/expr.c 11 Aug 2015 17:15:46 - 1.20
+++ bin/expr/expr.c 28 Sep 2015 20:15:11 -
@@ -12,6 +12,7 @@
#include
#include
#include
+#include
#include
#include
@@ -499,6 +500,9 @@ main(int argc, char *argv[])
struct val *vp;
(void) setlocale(LC_ALL, "");
+
+ if (tame("stdio", NULL) == -1)
+ err(1, "tame");
if (argc > 1 && !strcmp(argv[1], "--"))
argv++;
Index: bin/ls/ls.c
===
RCS file: /cvs/src/bin/ls/ls.c,v
retrieving revision 1.41
diff -u -p -u -r1.41 ls.c
--- bin/ls/ls.c 25 Jun 2015 02:04:07 - 1.41
+++ bin/ls/ls.c 28 Sep 2015 20:15:11 -
@@ -123,6 +123,9 @@ ls_main(int argc, char *argv[])
termwidth = width;
}
+ if (tame("stdio rpath", NULL) == -1)
+ err(1, "tame");
+
/* Root is -A automatically. */
if (!getuid())
f_listdot = 1;
Index: bin/mkdir/mkdir.c
===
RCS file: /cvs/src/bin/mkdir/mkdir.c,v
retrieving revision 1.25
diff -u -p -u -r1.25 mkdir.c
--- bin/mkdir/mkdir.c 2 Apr 2013 20:26:17 - 1.25
+++ bin/mkdir/mkdir.c 3 Oct 2015 03:32:46 -
@@ -55,6 +55,9 @@ main(int argc, char *argv[])
setlocale(LC_ALL, "");
+ if (tame("stdio cpath rpath fattr", NULL) == -1)
+ err(1, "tame");
+
/*
* The default file mode is a=rwx (0777) with selected permissions
* removed in accordance with the file mode creation mask. For
Index: bin/pax/ar_io.c
===
RCS file: /cvs/src/bin/pax/ar_io.c,v
retrieving revision 1.50
diff -u -p -u -r1.50 ar_io.c
--- bin/pax/ar_io.c 22 Mar 2015 03:15:00 - 1.50
+++ bin/pax/ar_io.c 3 Oct 2015 23:42:07 -
@@ -75,6 +75,7 @@ static int wr_trail = 1; /* trailer was
static int can_unlnk = 0; /* do we unlink null archives? */
const char *arcname; /* printable name of archive */
const char *gzip_program; /* name of gzip program */
+const char *delayed_tame;/* tame request for after forking gzip_program */
static pid_t zpid = -1;/* pid of child process */
int force_one_volume; /* 1 if we ignore volume changes */
@@ -1276,4 +1277,6 @@ ar_start_gzip(int fd, const char *path,
err(1, "could not exec %s", path);
/* NOTREACHED */
}
+ if (delayed_tame != NULL && tame(delayed_tame, NULL) == -1)
+ err(1, "tame");
}
Index: bin/pax/extern.h
===
RCS file: /cvs/src/bin/pax/extern.h,v
retrieving revision 1.53
diff -u -p -u -r1.53 extern.h
--- bin/pax/extern.h19 Mar 2015 05:14:24 - 1.53
+++ bin/pax/extern.h3 Oct 2015 23:42:07 -
@@ -45,6 +45,7 @@
*/
extern const char *arcname;
extern const char *gzip_program;
+extern const char *delayed_tame;
extern int force_one_volume;
int
Re: tame userland diff
On Sat, Oct 03, 2015 at 09:52:13PM +0200, Mike Burns wrote: > On 2015-10-03 09.53.54 -0600, Theo de Raadt wrote: > > > > I don't know why you added "proc". I don't see a need for it. Do > > you have a seperate test cases that prompts this? > > Yes, here is a simple test for it: > > $ echo "!echo ECHO" | dc > Killed > $ echo "!echo ECHO" > t ; dc t > Killed > $ echo $? > 137 > > This is because of the system(3) call in bcode.c, the bexec function. > Just a remark about "proc" request. It won't allow calling exec(2), but only fork(2) (and some others, see the man page for details). exec(2) is really special for a tamed program: allowing it could permit to defeat the purpose of tame. in hypothetic case of exec(2) with tame(2): - if an exec'ed program starts with TAME flags cleared: it could do what he want. so even if your process is tamed, it could potentially permit all things. it is bad. - if an exec'ed program starts with herited TAME flags: the initialisation of the program would be difficult as it would be already tamed. -- Sebastien Marie
Re: tame(2) nologin(8)
On Sun, Oct 04, 2015 at 01:33:12AM +0200, Mike Burns wrote:
> - Use stdio instead of rw because of mprotect(2) in atexit.
> - Pass the path to the file that can be opened.
with "rpath" request, you can already open the file you want. The `path'
argument of tame(2) is used to *restrict* the files you can access with
"rpath" (or other path related requests).
> - Switch to return instead of exit(3) in the nearby code.
it is a nop. calling return(1) from main() is near the same from calling
exit(1) (at least for this case): mprotect() will be called by atexit()
code.
> I suspect that the paths argument is unused or not yet ready, but I
> include in here regardless merely so that I can ask about it.
it could be used and is functional. if you have a specific problem,
please report it.
> There is one line of code between the initial tame(2) and the
> re-tame(2) -- this program has a tiny initialization, essentially. It
> reads oddly but again: included so that I can ask about it.
>
>
> Index: nologin.c
> ===
> RCS file: /cvs/src/sbin/nologin/nologin.c,v
> retrieving revision 1.5
> diff -u -p -r1.5 nologin.c
> --- nologin.c 10 Jul 2003 00:00:58 - 1.5
> +++ nologin.c 3 Oct 2015 23:26:44 -
> @@ -43,16 +43,24 @@ int main(int argc, char *argv[])
> int nfd;
> ssize_t nrd;
> char nbuf[BUFSIZ];
> + const char *paths[] = { _PATH_NOLOGIN_TXT };
the paths array should be NULL terminated:
const char *paths[] = { _PATH_NOLOGIN_TXT, NULL };
> +
> + if (tame("stdio rpath", paths) == -1)
> + perror("tame");
>
> nfd = open(_PATH_NOLOGIN_TXT, O_RDONLY);
> +
> + if (tame("stdio", NULL) == -1)
> + perror("tame");
> +
> if (nfd < 0) {
> write(STDOUT_FILENO, DEFAULT_MESG, strlen(DEFAULT_MESG));
> - exit (1);
> + return 1;
> }
>
> while ((nrd = read(nfd, nbuf, sizeof(nbuf))) != -1 && nrd != 0)
> write(STDOUT_FILENO, nbuf, nrd);
> close (nfd);
>
> - exit (1);
> + return 1;
> }
>
--
Sebastien Marie
tame(2) nologin(8)
- Use stdio instead of rw because of mprotect(2) in atexit.
- Pass the path to the file that can be opened.
- Switch to return instead of exit(3) in the nearby code.
I suspect that the paths argument is unused or not yet ready, but I
include in here regardless merely so that I can ask about it.
There is one line of code between the initial tame(2) and the
re-tame(2) -- this program has a tiny initialization, essentially. It
reads oddly but again: included so that I can ask about it.
Index: nologin.c
===
RCS file: /cvs/src/sbin/nologin/nologin.c,v
retrieving revision 1.5
diff -u -p -r1.5 nologin.c
--- nologin.c 10 Jul 2003 00:00:58 - 1.5
+++ nologin.c 3 Oct 2015 23:26:44 -
@@ -43,16 +43,24 @@ int main(int argc, char *argv[])
int nfd;
ssize_t nrd;
char nbuf[BUFSIZ];
+ const char *paths[] = { _PATH_NOLOGIN_TXT };
+
+ if (tame("stdio rpath", paths) == -1)
+ perror("tame");
nfd = open(_PATH_NOLOGIN_TXT, O_RDONLY);
+
+ if (tame("stdio", NULL) == -1)
+ perror("tame");
+
if (nfd < 0) {
write(STDOUT_FILENO, DEFAULT_MESG, strlen(DEFAULT_MESG));
- exit (1);
+ return 1;
}
while ((nrd = read(nfd, nbuf, sizeof(nbuf))) != -1 && nrd != 0)
write(STDOUT_FILENO, nbuf, nrd);
close (nfd);
- exit (1);
+ return 1;
}
Re: Removing GCC 2 support from cdefs.h
On Sat, Oct 3, 2015 at 2:33 PM, Michael McConville wrote: > Philip Guenther wrote: >> On Thu, Oct 1, 2015 at 10:52 PM, Jonathan Gray wrote: >> > This isn't just removing support for gcc 2 it is removing support >> > for anything that doesn't define __GNUC__ and implement all the gnu >> > attributes which isn't what we want. >> >> Yep. We've now seen a couple diffs labeled "remove gcc2 support" >> which were unable to contain themselves to that. If you want to >> suggest something contentious, then say so instead of rolling it into >> something everyone can agree on...and then don't be surprised when >> it's contentious. If you want to do something sure and simple, then >> DO SOMETHING SIMPLE. > > I wasn't trying to suggest something contentious, I just (incorrectly) > thought that there were different cdefs.h copies for the kernel and > userland. Mistake acknowledged. Sure, but seeing as someone else made a parallel flub reminding the list of a pothole in getting their diffs committed seemed wise. Philip
Re: tame userland diff
I see that I am too late:
http://marc.info/?l=openbsd-cvs&m=144388023505289&w=2
http://marc.info/?l=openbsd-cvs&m=144388037405304&w=2
On 2015-10-03 22.44.22 +0200, Mike Burns wrote:
> Fix tame(2) for patch(1). To recreate:
>
> /usr/src/regress/usr.bin/diff$ cat t2.1
> Below is an example license to be used for new code in OpenBSD,
> modeled after the ISC license.
>
> It is important to specify the year of the copyright. Additional years
> should be separated by a comma, e.g.
> Copyright (c) 2003, 2004
>
> If you add extra text to the body of the license, be careful not to
> add further restrictions.
>
> /*
> * Copyright (c) CCYY YOUR NAME HERE
> *
> * Permission to use, copy, modify, and distribute this software for any
> * purpose with or without fee is hereby granted, provided that the above
> * copyright notice and this permission notice appear in all copies.
> *
> * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
> * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
> * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
> * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
> * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
> * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
> * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
> */
> /usr/src/regress/usr.bin/diff$ cat t2.e.patch
> 25a
> An extra line
> .
> 14d
> 6c
> Copyright (c) 2003, 2004, 2005
> .
> /usr/src/regress/usr.bin/diff$ patch -sb t2.1 t2.e.patch
> zsh: killed patch -sb t2.1 t2.e.patch
>
>
>
> Fixed by adding "proc" to the list of valid tame(2) requests. I'm not
> happy with this patch -- not sure if I'm just not happy with patch.c, or
> if I'm concerned about the `for' loop.
>
> ***
>
> Index: patch.c
> ===
> RCS file: /cvs/src/usr.bin/patch/patch.c,v
> retrieving revision 1.55
> diff -u -p -r1.55 patch.c
> --- patch.c 3 Oct 2015 02:35:56 - 1.55
> +++ patch.c 3 Oct 2015 20:43:25 -
> @@ -147,7 +147,7 @@ main(int argc, char *argv[])
> const char *tmpdir;
> char*v;
>
> - if (tame("stdio rpath wpath cpath tmppath fattr", NULL) == -1)
> + if (tame("stdio rpath wpath cpath tmppath fattr proc", NULL) == -1)
> perror("tame");
>
> setvbuf(stdout, NULL, _IOLBF, 0);
> @@ -223,6 +223,10 @@ main(int argc, char *argv[])
> do_ed_script();
> continue;
> }
> +
> + if (tame("stdio rpath wpath cpath tmppath fattr", NULL) == -1)
> + perror("tame");
> +
> /* initialize the patched file */
> if (!skip_rest_of_patch)
> init_output(TMPOUTNAME);
>
Re: Removing GCC 2 support from cdefs.h
Philip Guenther wrote: > On Thu, Oct 1, 2015 at 10:52 PM, Jonathan Gray wrote: > > This isn't just removing support for gcc 2 it is removing support > > for anything that doesn't define __GNUC__ and implement all the gnu > > attributes which isn't what we want. > > Yep. We've now seen a couple diffs labeled "remove gcc2 support" > which were unable to contain themselves to that. If you want to > suggest something contentious, then say so instead of rolling it into > something everyone can agree on...and then don't be surprised when > it's contentious. If you want to do something sure and simple, then > DO SOMETHING SIMPLE. I wasn't trying to suggest something contentious, I just (incorrectly) thought that there were different cdefs.h copies for the kernel and userland. Mistake acknowledged.
Re: tame userland diff
Fix tame(2) for patch(1). To recreate:
/usr/src/regress/usr.bin/diff$ cat t2.1
Below is an example license to be used for new code in OpenBSD,
modeled after the ISC license.
It is important to specify the year of the copyright. Additional years
should be separated by a comma, e.g.
Copyright (c) 2003, 2004
If you add extra text to the body of the license, be careful not to
add further restrictions.
/*
* Copyright (c) CCYY YOUR NAME HERE
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/usr/src/regress/usr.bin/diff$ cat t2.e.patch
25a
An extra line
.
14d
6c
Copyright (c) 2003, 2004, 2005
.
/usr/src/regress/usr.bin/diff$ patch -sb t2.1 t2.e.patch
zsh: killed patch -sb t2.1 t2.e.patch
Fixed by adding "proc" to the list of valid tame(2) requests. I'm not
happy with this patch -- not sure if I'm just not happy with patch.c, or
if I'm concerned about the `for' loop.
***
Index: patch.c
===
RCS file: /cvs/src/usr.bin/patch/patch.c,v
retrieving revision 1.55
diff -u -p -r1.55 patch.c
--- patch.c 3 Oct 2015 02:35:56 - 1.55
+++ patch.c 3 Oct 2015 20:43:25 -
@@ -147,7 +147,7 @@ main(int argc, char *argv[])
const char *tmpdir;
char*v;
- if (tame("stdio rpath wpath cpath tmppath fattr", NULL) == -1)
+ if (tame("stdio rpath wpath cpath tmppath fattr proc", NULL) == -1)
perror("tame");
setvbuf(stdout, NULL, _IOLBF, 0);
@@ -223,6 +223,10 @@ main(int argc, char *argv[])
do_ed_script();
continue;
}
+
+ if (tame("stdio rpath wpath cpath tmppath fattr", NULL) == -1)
+ perror("tame");
+
/* initialize the patched file */
if (!skip_rest_of_patch)
init_output(TMPOUTNAME);
Re: Removing GCC 2 support from cdefs.h
On Thu, Oct 1, 2015 at 10:52 PM, Jonathan Gray wrote: > This isn't just removing support for gcc 2 it is removing support for > anything that doesn't define __GNUC__ and implement all the gnu > attributes which isn't what we want. Yep. We've now seen a couple diffs labeled "remove gcc2 support" which were unable to contain themselves to that. If you want to suggest something contentious, then say so instead of rolling it into something everyone can agree on...and then don't be surprised when it's contentious. If you want to do something sure and simple, then DO SOMETHING SIMPLE. Philip
Re: iwm(4) newstate task (again)
On Sun, Sep 27, 2015 at 08:00:19PM +0200, Stefan Sperling wrote:
> This is yet another attempt at improving the iwm(4) newstate task.
This diff has been working nicely for me, with many suspend/resume cycles.
Never had a problem connecting to several wifis.
Any objections? Any Oks?
> The goal is to simplify things by only queuing one state transition
> at a time. The newstate task now always transitions to the most
> recently requested state, rather than hopping along with every request.
>
> This allows us get rid of the silly newstate generation counter, and
> allows us to simply cancel any outstanding transition when the interface
> goes down.
>
> The old code was queuing *additional* work from iwm_stop(). Which meant,
> for example, that every time upon resume, a task ran only to discover that
> it is no longer relevant.
>
> This probably needs some testing to shake out bugs.
> Test reports are very much appreciated!
>
> This change might also fix semi-frequent firmware errors during association.
> But not all -- I've found that running with IWM_DEBUG cranked up produces
> sufficient printfs to make firmware commands time out more often.
> It all seems very sensitive to timing which is hard to get completely
> right with tasks involved.
>
> Index: if_iwm.c
> ===
> RCS file: /cvs/src/sys/dev/pci/if_iwm.c,v
> retrieving revision 1.51
> diff -u -p -r1.51 if_iwm.c
> --- if_iwm.c 27 Sep 2015 16:53:38 - 1.51
> +++ if_iwm.c 27 Sep 2015 17:33:58 -
> @@ -195,14 +195,6 @@ const struct iwm_rate {
> #define IWM_RIDX_IS_CCK(_i_) ((_i_) < IWM_RIDX_OFDM)
> #define IWM_RIDX_IS_OFDM(_i_) ((_i_) >= IWM_RIDX_OFDM)
>
> -struct iwm_newstate_state {
> - struct task ns_wk;
> - struct ieee80211com *ns_ic;
> - enum ieee80211_state ns_nstate;
> - int ns_arg;
> - int ns_generation;
> -};
> -
> int iwm_store_cscheme(struct iwm_softc *, uint8_t *, size_t);
> int iwm_firmware_store_section(struct iwm_softc *, enum iwm_ucode_type,
> uint8_t *, size_t);
> @@ -406,7 +398,7 @@ struct ieee80211_node *iwm_node_alloc(st
> void iwm_calib_timeout(void *);
> void iwm_setrates(struct iwm_node *);
> int iwm_media_change(struct ifnet *);
> -void iwm_newstate_cb(void *);
> +void iwm_newstate_task(void *);
> int iwm_newstate(struct ieee80211com *, enum ieee80211_state, int);
> void iwm_endscan_cb(void *);
> int iwm_init_hw(struct iwm_softc *);
> @@ -5263,43 +5255,29 @@ iwm_media_change(struct ifnet *ifp)
> }
>
> void
> -iwm_newstate_cb(void *wk)
> +iwm_newstate_task(void *psc)
> {
> - struct iwm_newstate_state *iwmns = (void *)wk;
> - struct ieee80211com *ic = iwmns->ns_ic;
> - enum ieee80211_state nstate = iwmns->ns_nstate;
> - int generation = iwmns->ns_generation;
> + struct iwm_softc *sc = (struct iwm_softc *)psc;
> + struct ieee80211com *ic = &sc->sc_ic;
> + enum ieee80211_state nstate = sc->ns_nstate;
> + enum ieee80211_state ostate = ic->ic_state;
> struct iwm_node *in;
> - int arg = iwmns->ns_arg;
> - struct ifnet *ifp = IC2IFP(ic);
> - struct iwm_softc *sc = ifp->if_softc;
> + int arg = sc->ns_arg;
> int error;
>
> - free(iwmns, M_DEVBUF, sizeof(*iwmns));
> -
> - DPRINTF(("Prepare to switch state %s->%s\n",
> - ieee80211_state_name[ic->ic_state],
> - ieee80211_state_name[nstate]));
> - if (sc->sc_generation != generation) {
> - DPRINTF(("newstate_cb: someone pulled the plug meanwhile\n"));
> - if (nstate == IEEE80211_S_INIT) {
> - DPRINTF(("newstate_cb: nstate == IEEE80211_S_INIT:
> calling sc_newstate()\n"));
> - sc->sc_newstate(ic, nstate, arg);
> - }
> - return;
> - }
> -
> DPRINTF(("switching state %s->%s\n",
> - ieee80211_state_name[ic->ic_state],
> + ieee80211_state_name[ostate],
> ieee80211_state_name[nstate]));
>
> - if (ic->ic_state == IEEE80211_S_SCAN && nstate != ic->ic_state)
> + if (ostate == IEEE80211_S_SCAN && nstate != ostate)
> iwm_led_blink_stop(sc);
>
> /* disable beacon filtering if we're hopping out of RUN */
> - if (ic->ic_state == IEEE80211_S_RUN && nstate != ic->ic_state) {
> + if (ostate == IEEE80211_S_RUN && nstate != ostate)
> iwm_mvm_disable_beacon_filter(sc, (void *)ic->ic_bss);
>
> + /* Reset the device if moving out of AUTH, ASSOC, or RUN. */
> + if (ostate > IEEE80211_S_SCAN && nstate < ostate) {
> if (((in = (void *)ic->ic_bss) != NULL))
> in->in_assoc = 0;
> iwm_release(sc, NULL);
> @@ -5393,25 +5371,15 @@ iwm_newstate_cb(void *wk)
> int
> iwm_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg)
> {
> - struct iwm_newstate_state *iwmns;
> struct ifnet *ifp = IC2IFP(ic);
> struct iw
Re: tame userland diff
On 2015-10-03 09.53.54 -0600, Theo de Raadt wrote:
> > Before, from the tame patch in snapshots:
> >
> > $ dc /dev/null
> > Killed
> > $
> >
> > After the below patch:
> >
> > $ dc /dev/null
> > $
> >
> > Found via the regress tests.
>
> I don't know why you added "proc". I don't see a need for it. Do
> you have a seperate test cases that prompts this?
Yes, here is a simple test for it:
$ echo "!echo ECHO" | dc
Killed
$ echo "!echo ECHO" > t ; dc t
Killed
$ echo $?
137
This is because of the system(3) call in bcode.c, the bexec function.
Index: dc.c
===
RCS file: /cvs/src/usr.bin/dc/dc.c,v
retrieving revision 1.13
diff -u -p -r1.13 dc.c
--- dc.c26 Nov 2014 18:34:51 - 1.13
+++ dc.c3 Oct 2015 19:46:35 -
@@ -47,6 +47,8 @@ main(int argc, char *argv[])
char*buf, *p;
struct stat st;
+ if (tame("stdio rpath proc", NULL) == -1)
+ err(1, "tame");
if ((buf = strdup("")) == NULL)
err(1, NULL);
@@ -89,6 +91,8 @@ main(int argc, char *argv[])
file = fopen(argv[0], "r");
if (file == NULL)
err(1, "cannot open file %s", argv[0]);
+ if (tame("stdio proc", NULL) == -1)
+ err(1, "tame");
if (fstat(fileno(file), &st) == -1)
err(1, "%s", argv[0]);
if (S_ISDIR(st.st_mode))
@@ -103,6 +107,8 @@ main(int argc, char *argv[])
*/
return (0);
}
+ if (tame("stdio proc", NULL) == -1)
+ err(1, "tame");
src_setstream(&src, stdin);
reset_bmachine(&src);
eval();
Re: CVS: cvs.openbsd.org: src
On Sat, Oct 3, 2015 at 2:12 AM, Vadim Zhukov wrote: > CVSROOT:/cvs > Module name:src > Changes by: z...@cvs.openbsd.org2015/10/03 03:12:39 > > Modified files: > usr.bin/kdump : kdump.c > > Log message: > Fix wrong cast. > > This one should be an unsigned long in theory, but the formatter function > argument we're printing from is already an int (being casted from register_t > at the formatter call time). So lets fix one bug at a time. To expand a bit on why the use of int vs long is not a problem here: the only thing using long gains is 32 more bits on LP64 archs. That's critical for pointers and buffer sizes, of course, where they really are limited to 32bit on ILP32 archs, but for enumeration and bitsets/flags like ioctl's 'request' argument, an enumeration value or flag bit >=2^32 would make that value impossible to use on ILP32 archs. Perhaps some day someone will come up with an ioctl() request that is legitimately specific to LP64 archs and can thus be safely assigned a request value >=2^32, but I don't foresee that and even then we would need to be running out of ioctl requests <2^32 to make it worth it. Until then, kdump can stick with ints for enumerations and flags, perhaps serve as a compilation check against someone breaking that rule accidentally. If a bitset/flag argument needs to exceed 32bits in an MD way, it should be typed as long long and thus be portably sized. Philip Guenther
Re: rcctl action multiple daemons
On Wed, Sep 30, 2015 at 01:40:44PM +0200, Antoine Jacoutot wrote: > On Wed, Sep 30, 2015 at 12:30:52PM +0200, Martijn van Duren wrote: > > ping > > I am still pondering the pros and cons... I'll probably commit your diff tomorrow, thanks. -- Antoine
Re: tame userland diff
> Before, from the tame patch in snapshots:
>
> $ dc /dev/null
> Killed
> $
>
> After the below patch:
>
> $ dc /dev/null
> $
>
> Found via the regress tests.
I don't know why you added "proc". I don't see a need for it. Do
you have a seperate test cases that prompts this?
So we can do better than your diff. Enable "rpath" at the start,
but drop it later on when it is no longer needed:
Index: dc.c
===
RCS file: /cvs/src/usr.bin/dc/dc.c,v
retrieving revision 1.13
diff -u -p -u -r1.13 dc.c
--- dc.c26 Nov 2014 18:34:51 - 1.13
+++ dc.c3 Oct 2015 15:15:11 -
@@ -47,6 +47,8 @@ main(int argc, char *argv[])
char*buf, *p;
struct stat st;
+ if (tame("stdio rpath", NULL) == -1)
+ err(1, "tame");
if ((buf = strdup("")) == NULL)
err(1, NULL);
@@ -89,6 +91,8 @@ main(int argc, char *argv[])
file = fopen(argv[0], "r");
if (file == NULL)
err(1, "cannot open file %s", argv[0]);
+ if (tame("stdio", NULL) == -1)
+ err(1, "tame");
if (fstat(fileno(file), &st) == -1)
err(1, "%s", argv[0]);
if (S_ISDIR(st.st_mode))
@@ -103,6 +107,8 @@ main(int argc, char *argv[])
*/
return (0);
}
+ if (tame("stdio", NULL) == -1)
+ err(1, "tame");
src_setstream(&src, stdin);
reset_bmachine(&src);
eval();
Re: tame userland diff
Before, from the tame patch in snapshots:
$ dc /dev/null
Killed
$
After the below patch:
$ dc /dev/null
$
Found via the regress tests.
Index: dc.c
===
RCS file: /cvs/src/usr.bin/dc/dc.c,v
retrieving revision 1.13
diff -u -p -r1.13 dc.c
--- dc.c26 Nov 2014 18:34:51 - 1.13
+++ dc.c3 Oct 2015 15:07:24 -
@@ -47,6 +47,8 @@ main(int argc, char *argv[])
char*buf, *p;
struct stat st;
+ if (tame("stdio rpath proc", NULL) == -1)
+ err(1, "tame");
if ((buf = strdup("")) == NULL)
err(1, NULL);
Re: login_radius(8)
On Fri, Oct 02, 2015 at 11:09:06AM +0100, Stuart Henderson wrote: > On 2015/10/01 14:35, Jason McIntyre wrote: > > CVSROOT:/cvs > > Module name:src > > Changes by: j...@cvs.openbsd.org2015/10/01 14:35:55 > > > > Modified files: > > libexec/login_radius: login_radius.8 > > share/man/man5 : login.conf.5 > > > > Log message: > > some radiusd updates, from theo buehler > > > > I think most of these references to radiusd(8) are wrong, this > isn't server-specific and indeed radiusd(8) doesn't support some > of the things the manual is talking about in ".Xr radiusd" > sections. > > I think this would be more correct, also fixes capitalisation > of RADIUS while there. Agreed, OK claudio@ > Index: login_radius.8 > === > RCS file: /cvs/src/libexec/login_radius/login_radius.8,v > retrieving revision 1.13 > diff -u -p -r1.13 login_radius.8 > --- login_radius.81 Oct 2015 20:35:55 - 1.13 > +++ login_radius.82 Oct 2015 10:08:07 - > @@ -37,7 +37,7 @@ > .Os > .Sh NAME > .Nm login_radius > -.Nd contact radiusd for authentication > +.Nd contact RADIUS server for authentication > .Sh SYNOPSIS > .Nm login_radius > .Op Fl d > @@ -48,9 +48,7 @@ > .Sh DESCRIPTION > The > .Nm > -utility contacts the > -.Xr radiusd 8 > -daemon to authenticate a > +utility contacts a RADIUS server to authenticate a > .Ar user . > If no > .Ar class > @@ -59,9 +57,7 @@ is specified, the login class will be ob > When executed as the name > .Pa login_ Ns Ar style , > .Nm > -will request > -.Xr radiusd 8 > -use the authentication specified by > +will request that the RADIUS server use the authentication specified by > .Ar style . > .Pp > The options are as follows: > @@ -85,7 +81,7 @@ This option and its value are ignored. > .Pp > The > .Nm > -utility needs to know a shared secret for each radius server it talks to. > +utility needs to know a shared secret for each RADIUS server it talks to. > Shared secrets are stored in the file > .Pa /etc/raddb/servers > with the format: > @@ -93,10 +89,8 @@ with the format: > server shared_secret > .Ed > .Pp > -It is expected that rather than requesting the radius style directly > -(in which case the > -.Xr radiusd 8 > -server uses a default style) > +It is expected that rather than requesting the RADIUS style directly > +(in which case the server server uses a default style) > that > .Nm > will be linked to the various mechanisms desired. > @@ -110,36 +104,35 @@ modules and link > to both of those names. > Now when the user requests one of those authentication styles, > .Nm > -will automatically forward the request to the remote > -.Xr radiusd 8 > +will automatically forward the request to the remote RADIUS server > and request it do the requested style of authentication. > .Sh LOGIN.CONF VARIABLES > The > .Nm > -utility uses the following radius-specific > +utility uses the following RADIUS-specific > .Pa /etc/login.conf > variables: > .Bl -tag -width radius-challenge-styles > .It radius-port > -Port name or number to connect to on the radius server. > +Port name or number to connect to on the RADIUS server. > .It radius-server > -Hostname of the radius server to contact. > +Hostname of the RADIUS server to contact. > .It radius-server-alt > -Alternate radius server to use when the primary is not responding. > +Alternate RADIUS server to use when the primary is not responding. > .It radius-challenge-styles > -Comma-separated list of authentication styles that the radius server > +Comma-separated list of authentication styles that the RADIUS server > knows about. > If the user's authentication style is in this list the challenge will > -be provided by the radius server. > +be provided by the RADIUS server. > If not, > .Nm > will prompt the user for the password before sending the request > -(along with the password) to the radius server. > +(along with the password) to the RADIUS server. > .It radius-timeout > -Number of seconds to wait for a response from the radius server. > +Number of seconds to wait for a response from the RADIUS server. > Defaults to 2 seconds. > .It radius-retries > -Number of times to attempt to contact the radius server before giving up > +Number of times to attempt to contact the RADIUS server before giving up > (or falling back to the alternate server if there is one). > Defaults to 6 tries. > .El > @@ -148,11 +141,12 @@ Defaults to 6 tries. > .It Pa /etc/login.conf > login configuration database > .It Pa /etc/raddb/servers > -list of radius servers and their associated shared secrets > +list of RADIUS servers and their associated shared secrets > .El > .Sh SEE ALSO > .Xr login 1 , > -.Xr login.conf 5 > +.Xr login.conf 5 , > +.Xr radiusd 8 > .Sh CAVEATS > For > .Nm > -- :wq Claudio
