Commit Graph

65 Commits

Author SHA1 Message Date
tls 4147a3c54a Add new Makefile knob, USE_FORT, which extends USE_SSP by turning on the
FORTIFY_SOURCE feature of libssp, thus checking the size of arguments to
various string and memory copy and set functions (as well as a few system
calls and other miscellany) where known at function entry.  RedHat has
evidently built all "core system packages" with this option for some time.

This option should be used at the top of Makefiles (or Makefile.inc where
this is used for subdirectories) but after any setting of LIB.

This is only useful for userland code, and cannot be used in libc or in
any code which includes the libc internals, because it overrides certain
libc functions with macros.  Some effort has been made to make USE_FORT=yes
work correctly for a full-system build by having the bsd.sys.mk logic
disable the feature where it should not be used (libc, libssp iteself,
the kernel) but no attempt has been made to build the entire system with
USE_FORT and doing so will doubtless expose numerous bugs and misfeatures.

Adjust the system build so that all programs and libraries that are setuid,
directly handle network data (including serial comm data), perform
authentication, or appear likely to have (or have a history of having)
data-driven bugs (e.g. file(1)) are built with USE_FORT=yes by default,
with the exception of libc, which cannot use USE_FORT and thus uses
only USE_SSP by default.  Tested on i386 with no ill results; USE_FORT=no
per-directory or in a system build will disable if desired.
2007-05-28 12:06:17 +00:00
christos eed7e5b25b c99 initializer 2006-10-16 03:39:42 +00:00
wiz ea31caa73b Remove trailing whitespace. 2006-10-13 21:07:34 +00:00
elad 4967fa3f06 PR/20875: Robert Elz: Incorrect facts in rtsol(8) man page
Patch applied, thanks! (yes, I've read the audit-trail. This is correct.)
2006-10-08 19:36:05 +00:00
elad 1232ea27c4 PR/18906: roskens at elfin dot net: misc. select() to poll() updates.
Adapted to -current by myself, thanks for the patch!
2006-10-07 17:27:57 +00:00
mrg 74e0882190 rs_data is u_char *, so assign it from a u_char *. 2006-05-11 08:38:38 +00:00
mrg c23edde436 inet_ntop() wants char[] not u_char[]. 2006-05-11 08:37:24 +00:00
dan 6ff40a4cfb prevent a potential resource leak, not found by coverity (perhaps masked by previous) 2006-03-18 21:41:23 +00:00
dan 3713fec029 catch another possible error case and exit early; CID 990 2006-03-18 21:35:35 +00:00
wiz a74bb8d083 Begin sentence with upper case letter, and uppercase an acronym. 2005-10-31 15:30:44 +00:00
wiz 25988cacf4 Sync usage with man page. From jmc@openbsd. 2005-10-31 15:22:10 +00:00
wiz 432e7125bf Use .Pp instead of less usual .Lp. From jmc@openbsd. 2005-10-31 15:21:02 +00:00
wiz 129d953b7a Improve description for /var/run/rtsold.dump. From jmc@openbsd. 2005-10-31 15:19:45 +00:00
wiz 710dff7215 Small cleanup. From jmc@openbsd. 2005-10-31 15:17:22 +00:00
wiz e7e684f30a Sort options. From jmc@openbsd. 2005-10-31 15:14:54 +00:00
christos c40b82ea42 constify. 2005-06-27 03:10:32 +00:00
wiz e6d8e1c083 -a cannot be specified with an interface; remove it from that part
of the usage. Closes PR 25917 by Kouichirou Hiratsuka.
2004-06-25 14:52:36 +00:00
itojun c257ec3afe backout previous change (removal of pidfile(3) call). requested by core. 2004-01-08 02:48:43 +00:00
wiz d495306cc1 Bump date for pid file removal. 2004-01-03 13:10:27 +00:00
itojun 592be49540 remove call to pidfile(3), it was just for debugging (and there was no proper
cleanup code).  from kame
2004-01-03 06:16:40 +00:00
itojun 85d26f975b rtsol: factor out dump.c if -DSMALL (for boot floppy)
use __func__ not __FUNCTION__
use timeradd() and timersub() from sys/time.h

from kame
2004-01-03 01:40:31 +00:00
fvdl 5f002aff6f Add missing initializer field. 2003-10-21 02:37:22 +00:00
itojun f189be338c unifdef HAVE_ARC4RANDOM 2003-09-06 12:56:43 +00:00
itojun 3d2b0dbc0e strncpy -> strlcpy 2003-05-17 18:13:55 +00:00
itojun 68452c0c92 assume presense of getifaddrs(3). 2003-05-15 14:44:57 +00:00
itojun 6cad7b99db simplify by using strdup. from kame 2003-05-15 00:19:30 +00:00
itojun 079ee2105d fix typo. from jason@openbsd 2003-04-02 23:29:29 +00:00
wiz 990562bfef .Nm does not need a dummy argument ("") before punctuation or
for correct formatting of the SYNOPSIS any longer.
2003-02-25 10:34:36 +00:00
wiz e4a36f578d Whitespace nit. Use .Nm instead of crossreferencing ourselves. 2002-10-24 16:22:49 +00:00
jonb 996cd2788d Add a better hint about proper kernel configs than just "See Also sysctl(8)" 2002-10-24 16:06:05 +00:00
mycroft aae6c28cf9 null commit 2002-09-23 12:44:34 +00:00
itojun 3ca6603d44 sys/poll.h -> poll.h
reduce diff w/ kame tree.
2002-09-20 22:04:31 +00:00
mycroft a5f0bfc173 Set fd of unused pollfd entries to -1. 2002-09-20 19:51:33 +00:00
mycroft 648377324d select() -> poll() 2002-09-20 13:08:21 +00:00
itojun bdbbb53d75 signal handler must take "int" arg. from deraadt, sync w/kame 2002-09-08 01:42:55 +00:00
wiz c807c0dfe6 Finish ANSIfication. Remove ifndef __STDC__. 2002-07-14 00:37:46 +00:00
itojun d816e24b39 avoid fd_set overrun. 2002-05-31 22:10:18 +00:00
itojun 559a9eafce strlcpy 2002-05-31 21:24:26 +00:00
itojun b31318e482 KNF, from openbsd via kame 2002-05-31 10:22:11 +00:00
wiz e5b8ea6058 Fix typo in warning, reported by Tero Kivinen in bin/16055. 2002-03-25 19:55:41 +00:00
ross 2a76afae02 Generate <>& symbolically. I'm avoiding .../dist/... directories for now. 2002-02-08 01:36:18 +00:00
itojun 4a1ad619af daemon(3) has to be called before opening file descriptors.
noticed by markus@openbsd, sync with kame
2002-01-11 04:20:55 +00:00
itojun d67d6cd1bb initialize sockaddr_in6 correctly. sync with kame 2001-11-14 01:56:29 +00:00
itojun a6b4b2d5a5 use strncpy instead of strcpy, just in case. sync with kame 2001-11-14 01:55:38 +00:00
itojun 029bd4843d sync with kame better. snprintf return value audit. 2001-08-22 05:24:37 +00:00
itojun 052c0d9a64 sync with kame.
KAME rtsold.c 1.28
watch routing socket, and check for pcmcia card removal.
if pcmcia card gets removed, bring the interface state into IFS_DOWN.

KAME rtsold.c 1.29
changed the timeout period after sending MAX_RTR_SOLICITATIONS solicitation
from RTR_SOLICITATION_INTERVAL to MAX_RTR_SOLICITATION_DELAY according to
the last paragraph of RFC 2461 Section 6.3.7.
in response to a comment from Pekka Savola <pekkas@netcore.fi>
2001-07-09 06:04:28 +00:00
bjh21 ee64a7181e Minor grammatical touch-ups. 2000-10-15 12:25:17 +00:00
itojun 74b478c63c printf-format audit. from sommrfeld@netbsd.org. sync with kame. 2000-10-06 00:13:01 +00:00
kleink 4918722a89 For commands and utilities, use EXIT STATUS rather than RETURN VALUES or
DIAGNOSTICS as appropriate (and documented in mdoc(7)).
2000-09-04 07:35:15 +00:00
itojun 8702beec4d warn if net.inet6.ip6.forwarding == 1. rtsol{,d} is not supposed to be used
on routers.
update manpage (talk about -a twists more).
2000-08-13 18:19:12 +00:00