instead of it being always provided by the rump kernel base. This
move accomplishes two things:
1) it is no longer necessary to provide sysproxy hypercall stubs for
platforms which do not want to use sysproxy
2) it is easier to reason about the security aspects, since configurations
not linking the sysproxy component simply do not support remote
system calls
discussed on rumpkernel-users
races while allowing consistent lockless sampling of the per-cpu
statistics without atomic operations. Update comment describing
the locking protocol to include this.
These files were fumble-fingered out of the last commit.
0001. Do not recognize paths, mail folders, and pipes in mail addresses
by default. That avoids a direct command injection with syntactically
valid email addresses starting with |.
Such addresses can be specified both on the command line, the mail
headers (with -t) or in address lines copied over from previous
while replying.
This was assigned CVE-2014-7844 for some versions of BSD mailx. It is
documented behavior for Heirloom mailx, and was mentioned in an old
technical report about BSD mailx (which does not usually make its way
into operating system installations). The patch switches off this
processing and updates the documentation.
Added expandaddr option to explicitly enable this behavior.
0002. When invoking sendmail, prevent option processing for email
address arguments. This prevents changing e.g. the Postfix
configuration file in unexpected ways. This behavior was documented for
BSD mailx (sort of), but not for Heirloom mailx. We did not assign a
CVE to this because it is more of a missing feature, and code invoking
mailx needs adjustment in the caller as well.
Fixed.
0003. Make wordexp support mandatory. (No functional change.)
Fixed (replaced explicit shell pipe implementation).
0004. Prevent command execution in the expand function, which is IMHO
unexpected. (Not really required with patch 1, and there is still
information disclosure/DoS potential if this expansion occurs.) This is
a historic vulnerability already fixed in the Debian package,
retroactively assigned CVE-2004-2771:
Fixed (as part of the pipe replacement with wordexp).
Define the default, empty "build_kernel" target, so that old source trees,
whose sys/conf/Makefile.kern.inc don't have "build_kernel" .USE target, can
be built.
(When "build_kernel" is defined, the target is overriden, as far as
sys/conf/Makefile.kern.inc is included later than the "netbsd: ..." definition
in sys/arch/*/conf/Makefile.*.)
This should address PR bin/49389.
in private mail, it broke rcp(1).
To achieve the documented behavior and to fix long standing incorrect
rsh(1) behavior which I've tried to fix in rev. 1.36, rcmd(1) should have
two operation mode; whether it should relay signal information on
auxiliary channel or not, depending on the argument `fd2p' passed to rcmd(3).
So, make rcmd(1) behave differntly depending on the environment variable and
set it when necessary in rcmd(3) according to how auxiliary channel
is set up by rcmd(3).
Defer seeking the *input* image, or winding it forward, until we are
certain we all ready in the cloop2 output, because when the input
image is a pipe, we don't get a chance to seek back to the beginning
and start from the top instead of restarting.
If restart does fail, don't try to seek the input image back to the
beginning unless we had already tried to seek or wind it forward.
Add some automatic tests for this and related cases.
XXX pullup to netbsd-7, netbsd-6
Sort per-module kernel objects (*.ko) by dependency weight. Important modules
are placed in lower addresses. The ``machdep'' module will be always placed
in the lowest.
(At this moment, the order is not exact because dependency information is
incomplete in config files (files.*). Thus ``sysmon_power.ko'' comes lower
than ``machdep.ko'' and/or ``uvm.ko''; but still much better than alphabetical
sort.)
christos