standard. This change inspired by Apple's "Secure Empty Trash" functionality
in MacOS 10.3. However, it is important to understand that this change
does not -- and can not -- actually achieve conformance to the current
revision of the standard. To quote the manual page:
The -P option attempts to conform to U.S. DoD 5220-22.M, "National Indus-
trial Security Program Operating Manual" ("NISPOM") as updated by Change
2 and the July 23, 2003 "Clearing & Sanitization Matrix". However,
unlike earlier revisions of NISPOM, the 2003 matrix imposes requirements
which make it clear that the standard does not and can not apply to the
erasure of individual files, in particular requirements relating to spare
sector management for an entire magnetic disk. Because these
requirements are not met, the -P option does not conform to the standard.
This also makes the -P option a *lot* more expensive than it used to be.
It used to overwrite with 0xff, overwrite with 0x00, overwrite with 0xff,
with an fsync after each write. Now it overwrites with a random character,
overwrites with 0xff, overwrites with 0x00, reads to validate the 0x00
overwrite, then overwrites with random data -- calling sync() after every
operation in an attempt to force seeks that will clear the data from the
cache of disks that lie about whether data has been committed to the
platters. Also, the file's opened with O_SYNC|O_RSYNC to cause metadata
updates on every read/write, which should cause still more seeks.
This is better than it used to be, but it's by no means adequate if you
have data you really don't want read by an adversary who can pull the
disk apart.
(like executing "pax -Z" by itself), this caused a shr of 32 bits, which is
undefined behavior (C99) if the variable is 32 bits wide, too. Also solves
a problem where the flgch array could be indexed out of bounds.
Thanks to uwe@ and lha@ for their suggestions... I just found the bug :p
run out of inodes. df -i was saying, however, that such file systems
had 100% of their inodes in use, which would do things like trigger
alarms in scripts looking for file systems that have run out.
Instead, say 0% are in use, which although not strictly true is at
least less wrong, fixes scripts and is less worrying in nightly reports.
outputting to the files being manipulated by opening a file in the standard IO
descriptor space. In particular, an output file unlucky enough to be sitting
on descriptor 2 (stderr) is certain to be corrupted.
Addresses PR bin/8521, and passes the recently committed regression test
"bin/dd".
- Make 'pwd -L' fall back to 'pwd -P' if PWD is incorrect.
- Ignore PWD if it contains "/./" or "/../".
- Garbage collect some redundant code.
It is still non-conformant because posix mandates that the default
be 'pwd -L' (aka ksh), not 'pwd -P' (historic practise everywhere else).
Changing the default will break too much...
* Rename "config.h" to "nbtool_config.h" and
HAVE_CONFIG_H to HAVE_NBTOOL_CONFIG_H.
This makes in more obvious in the source when we're using
tools/compat/config.h versus "standard autoconf" config.h
* Consistently move the inclusion of nbtool_config.h to before
<sys/cdefs.h> so that the former can provide __RCSID() (et al),
and there's no need to protect those macros any more.
These changes should make it easier to "tool-ify" a program by adding:
#if HAVE_NBTOOL_CONFIG_H
#include "nbtool_config.h"
#endif
to the top of the source files (for the general case).
* Don't bother prefixing commands with a line of ${_MKCMD}\
and instead rely upon "make -s". This is less intrusive on
all the Makefiles than the former. Idea from David Laight.
* Rename the variables use to print messages. The scheme now is:
_MKMSG_FOO Run _MKMSG 'foo'
_MKTARGET_FOO Run _MKMSG_FOO ${.TARGET}
From discussion with Alistair Crooks.
use strlcpy() and snprintf() in the host tools...
Should fix part of [toolchain/22504], and build problems on other
platforms that don't have strlcpy() or snprintf()...
suggested by uwe@, inspired by FreeBSD. The three flags override
each other (and the '-q' flag) and behave as follows:
-B Force printing of non-printable characters in file names as
\xxx, where xxx is the numeric value of the character in octal.
-b As -B, but use C escape codes whenever possible.
-w Force raw printing of non-printable characters. This is the
default when output is not to a terminal.
set force_push to TRUE in x_del_bword and x_del_fword.
Fixes behaviour where <meta-y> would put the previously yanked word in the yank buffer another time.
revision 1.21
date: 2003/08/02 19:26:15; author: fgsch; state: Exp; lines: +4 -2
On ESC-y ESC-y (yank-pop), also check that there is something to
insert (some text has been killed before). from otto@, fix bug report 3384.
On yank-pop error (no yank before), reset the index to killstack so
another yank-pop does not mangle the prompt if nothing was yanked, and
to avoid replacing a text when it shouldn't
(yank <something> yank-pop yank-pop).
otto@ ok.
revision 1.18
date: 2003/08/22 18:17:10; author: fgsch; state: Exp; lines: +2 -2
in word location, fix forward scanning so it correctly account for any
escaped char and not only spaces.
for "foo (bar.a)" and "foo (bar a)", cd foo\ \(bar.<tab> will correctly
expand to foo\ \(bar.a\).
otto@ and pval@ ok.
revision 1.23
date: 2003/08/23 02:30:59; author: fgsch; state: Exp; lines: +2 -2
under emacs mode, fix the case when the globbed file and the longest
prefix lenghts are equal ("a .b" and "a ab" by instance).
found and tested by otto@.
and the subsequent namei(): inform the kernel portion of
valid filenames and then disallow symlink lookups for
those filenames by means of a hook in namei().
with suggestions from provos@
also, add (currently unused) seqnr field to struct
systrace_replace, from provos@
If stdout is a tty, use vis(3) to print any filenames to prevent garbage
from being printed if the filename contains control- or other non-printable
characters.
While here, sprinkle some EXIT_FAILURE and NOTREACHED where appropriate.
* DPSRCS contains extra dependencies, but is _NOT_ added to CLEANFILES.
This is a change of behaviour. If a Makefile wants the clean semantics
it must specifically append to CLEANFILES.
Resolves PR toolchain/5204.
* To recap: .d (depend) files are generated for all files in SRCS and DPSRCS
that have a suffix of: .c .m .s .S .C .cc .cpp .cxx
* If YHEADER is set, automatically add the .y->.h to DPSRCS & CLEANFILES
* Ensure that ${OBJS} ${POBJS} ${LOBJS} ${SOBJS} *.d depend upon ${DPSRCS}
* Deprecate the (short lived) DEPENDSRCS
Update the various Makefiles to these new semantics; generally either
adding to CLEANFILES (because DPSRCS doesn't do that anymore), or replacing
specific .o dependencies with DPSRCS entries.
Tested with "make -j 8 distribution" and "make distribution".
program/tool from "FOO" to "TOOL_FOO". The new variables are:
TOOL_ASN1_COMPILE TOOL_CAP_MKDB TOOL_CAT TOOL_CKSUM TOOL_COMPILE_ET
TOOL_CONFIG TOOL_CRUNCHGEN TOOL_CTAGS TOOL_DB TOOL_EQN TOOL_FGEN
TOOL_GENCAT TOOL_GROFF TOOL_HEXDUMP TOOL_INDXBIB TOOL_INSTALLBOOT
TOOL_INSTALL_INFO TOOL_M4 TOOL_MAKEFS TOOL_MAKEINFO TOOL_MAKEWHATIS
TOOL_MDSETIMAGE TOOL_MENUC TOOL_MKCSMAPPER TOOL_MKESDB
TOOL_MKLOCALE TOOL_MKMAGIC TOOL_MKTEMP TOOL_MSGC TOOL_MTREE
TOOL_PAX TOOL_PIC TOOL_PREPMKBOOTIMAGE TOOL_PWD_MKDB TOOL_REFER
TOOL_ROFF_ASCII TOOL_ROFF_DVI TOOL_ROFF_HTML TOOL_ROFF_PS
TOOL_ROFF_RAW TOOL_RPCGEN TOOL_SOELIM TOOL_SUNLABEL TOOL_TBL
TOOL_UUDECODE TOOL_VGRIND TOOL_ZIC
For each, provide default in <bsd.sys.mk> of the form:
TOOL_FOO?= foo
and for the ${USETOOLS}=="yes" case in <bsd.own.mk>, provide override:
TOOL_FOO= ${TOOLDIR}/bin/${_TOOL_PREFIX}foo
Document all of these in bsd.README.
This cleans up a chunk of potential (and actual) namespace collision
within our build infrastructure, as well as improves consistency in
the share/mk documentation and provision of appropriate defaults for
each of these variables.
of the second argument are exhausted, call the appropriate getopt() routine
to process the rest of the arguments instead of finishing option processing.
Fixes:
tar cf - -T foo
policy has been freed. this allows us to enforce the kernel policy size
limit for users while users are still able to execute an arbitary number
of applications; the protocol change is backwards compatible.
as requested by several users.
POSIX-2001 is unclear on conflicting option letters as far as the -g
option is concerned; a clarification request will be made.
Addresses PR bin/21519 by Geoff Wing.
-G was chosen as SuSv2 specified -g was already used in ls(1), but ls
has no blocksize options like df/du, so this was redundant.
bump date in man page.