Commit Graph

4480 Commits

Author SHA1 Message Date
elad
53ca07b4d7 If Veriexec enforces access type, don't allow mmap() to use PROT_EXEC on
files that don't have the "indirect" flag. Also change the "library" alias
in veriexecctl(8) to mean "file, indirect".

okay blymn@
2006-09-30 10:56:31 +00:00
perseant
554662dc37 Call fcntl on the file descriptor *before* closing it. 2006-09-28 23:23:01 +00:00
elad
38e12255a4 Change error message to say "setuid", forgotten in previous commit.
Pointed out by Ray Lai, thanks!
2006-09-28 16:01:16 +00:00
christos
6bc6175052 Don't record runlvl transitions before we have a read-write /var. Noticed
by lrou at x dot ua.
2006-09-28 15:20:14 +00:00
christos
c5acbf4d6b Coverity CID 3788: comment out impossible code. 2006-09-27 18:52:11 +00:00
wiz
730e1c55de End sentence with a dot. 2006-09-27 17:42:34 +00:00
elad
5c38108d28 Change the PaX mprotect(2) restrictions' "global_protection" knob to
just "global" -- it's shorter and more readable. Update documentation.
2006-09-26 14:48:40 +00:00
elad
fd2bf79719 Add a DIAGNOSTICS section, specifically to address the "Operation not
supported by device" error. Reference options(4). Bump date.
2006-09-25 20:07:17 +00:00
christos
6accae529c Error message consistency:
1. don't print the program name in the message [syslog does it]
2. no extraneous \n [syslog takes care of it]
3. quote strings as `%s' [we are using syslog]
4. use %m instead of error = %d
2006-09-25 19:42:04 +00:00
wiz
da100ff1d9 Use more macros. New sentence, new line. 2006-09-24 15:52:12 +00:00
jmcneill
4fd9dcb2a0 PR# 28660: how to remove bootmenu text from some partition 2006-09-24 15:22:01 +00:00
elad
d13f82cf17 On 2nd thought, setuid() is better here. 2006-09-24 11:17:09 +00:00
elad
545c393d67 PR/28741: Michael Santos: ping does [not] drop root privileges
Moved socket calls way up, and called seteuid(getuid()).
2006-09-24 11:05:09 +00:00
xtraeme
91254d0d23 It's WDCC_SECURITY_FREEZE not WCDD_SECURITY_FREEZE.
Noticed by Sergey Svishchev.
2006-09-24 08:33:30 +00:00
pooka
4df78a97d5 print the L flag for routes with llinfo. makes you not wonder why
non-llinfo routes are being printed for route show -llinfo
2006-09-23 23:01:01 +00:00
dyoung
6333e1495e Let us qualify 'route flush' and 'route show' commands with -llinfo
and -host flags, which is useful for displaying/flushing ARP entries:

# route -n show -inet -llinfo -host
Routing table

Internet:
Destination        Gateway            Flags
169.254.1.119      link#1             UH
169.254.230.110    00:02:6f:21:e6:6e  UH
# route -n flush -inet -llinfo -host
169.254.1.119                             done
169.254.230.110      0.2.6f.21.e6.6e      done
169.254.237.70                            done
# route -n show -inet -llinfo -host
Routing table
#

This will help me address bin/11079, "dhclient may require arp and sed".

Extract common code from flushroutes() and show(), creating
parse_show_opts().

While I'm here, make small cosmetic changes to flushroutes().
2006-09-23 22:41:25 +00:00
dyoung
29655a0cbb Move the #ifndef SMALL code together. 2006-09-23 21:55:47 +00:00
dyoung
07474a8f36 Use the symbol AF_UNSPEC instead of 0 as appropriate. 2006-09-23 21:51:05 +00:00
dyoung
bf71bcc951 Remove dead code. 2006-09-23 21:11:53 +00:00
he
fa8dee8628 Um, correct previous, so that current_state def/use is consistent. 2006-09-23 18:57:26 +00:00
elad
30d1b3f220 PR/30226: Nino Dehne: ping6(8) and ping(8) are inconsistent in the output
of round-trip times.

okay rpaulo@
2006-09-23 16:18:04 +00:00
xtraeme
e2e3ea2b19 Do not print "SMART not supported" when SMART was disabled, this
fixes PR bin/18666.
2006-09-23 15:24:24 +00:00
he
54f712bd18 Since current_state is conditionally defined, make sure its uses are as well. 2006-09-23 14:04:26 +00:00
christos
c34b6372d0 Try entertain who(1) because it has been sad since it was swallowed by the
Death Star: add utmpx entries for boot time, down time, run level, login
process.
2006-09-22 21:49:21 +00:00
thorpej
ef731d9e00 - Add a new DRVCTLCOMMAND ioctl to /dev/drvctl. This is a generic
"execute a command" ioctl that takes a dictionary as an argument
  (specifying the command and arguments) and returns a dictionary
  with the results (error code, optional error message, optional
  result data).

- Define and implement a "get-properties" command for DRVCTLCOMMAND
  that returns the properties dictionary of the specified device.

- Add a -p flag to drvctl(8) to fetch and display the properties of
  the specified device.

This is a great example of how to use prop_dictionary_sendrecv_ioctl().
2006-09-22 04:37:36 +00:00
elad
58375355b4 .Sh -> .Ss
mmm mdoclint. :)
2006-09-17 13:03:02 +00:00
elad
efffcc37c4 Reference veriexecgen(8) instead of the old scripts. Bump date. 2006-09-16 21:06:13 +00:00
hubertf
8e46fd3f16 Fix typo, noted by Nino Dehne <ndehne@gmail.com> 2006-09-16 20:15:49 +00:00
elad
3ea3b1e63e Scripts don't have to be *shell* scripts. 2006-09-16 17:17:23 +00:00
elad
172a3fa471 Remove securelevel-related text from init(8) man-page as they're now in
secmodel_bsd44(9).

I'm not sure I agree with the BUGS section, but for now move it to
secmodel_bsd44(9) as well.
2006-09-15 20:20:06 +00:00
wiz
d4ee8b696e Bump date for previous. 2006-09-15 20:11:13 +00:00
elad
56b99b4fca Remove sentence no longer true. 2006-09-15 14:41:57 +00:00
wiz
49751ff510 Sort options in usage and SYNOPSIS. 2006-09-10 20:28:52 +00:00
xtraeme
a0a2046917 - Change the cast of st_size to uint64_t to avoid future problems
with large files.
- u_uintXX_t -> uintXX_t
2006-09-08 12:38:32 +00:00
riz
7bbc0ebe95 include <bsd.own.mk>. From Geoff Wing on source-changes. 2006-09-07 23:53:41 +00:00
dogcow
f2d329dca0 remove more vestiges of CCITT, LLC, HDLC, NS, and NSIP. 2006-09-07 02:40:31 +00:00
xtraeme
96734c01d1 Change -f to -F, per mrg's suggestion. 2006-09-07 02:24:51 +00:00
xtraeme
7aa92d971b Add -f file support. Useful to search for partitions on disk images. 2006-09-07 00:48:21 +00:00
riz
d28b2bee5d Deal with wedges and the new disk geometry structures, instead of using
struct disklabel.  (Shrinking a file system still seems to have problems,
though, independent of this change)
2006-09-05 19:46:14 +00:00
riz
3d1e464b85 Deal with wedges and the new disk geometry structures, instead of using
struct disklabel.  From Christos Zoulas.
2006-09-05 19:44:44 +00:00
elad
95ed982c27 Fix two horrible bugs found during a routine audit session with Brett Lymn.
First one was incorrectly loading entries -- we were treating each file as
a mount, which resulted in huge mess. I have no excuse for how I didn't
catch this earlier.

Second, use the table name we create for the Veriexec sysctl node and not
the fixed "table0".

Both are fileassoc(9) integration fallout.
2006-09-05 13:02:16 +00:00
rpaulo
2fb2ae3251 Import of TCP ECN algorithm for congestion control.
Both available for IPv4 and IPv6.
Basic implementation test results are available at
http://netbsd-soc.sourceforge.net/projects/ecn/testresults.html.

Work sponsored by the Google Summer of Code project 2006.
Special thanks to Kentaro Kurahone, Allen Briggs and Matt Thomas for their
help, comments and support during the project.
2006-09-05 00:29:35 +00:00
liamjfoy
2e60755ac8 add net.inet.ip.maxflows. Bump date. 2006-09-04 23:40:18 +00:00
wiz
fa959b48e1 Bump date for previous. 2006-09-04 18:34:42 +00:00
wiz
9f28457331 errx() provides a newline on its own, so remove the one from the error string. 2006-09-04 18:34:22 +00:00
riz
16da560700 Correct usage: "-s" is the flag for the new size of the LFS, not "-n". 2006-09-04 15:45:29 +00:00
simonb
ea0fd530d1 One "const" is enough... 2006-09-04 01:20:44 +00:00
simonb
f87636ddd9 Const poisoning. 2006-09-04 01:20:14 +00:00
wiz
84f9a9145e Sort sections. Fix typo. Start sentence with upper-case letter. 2006-09-02 23:58:41 +00:00
uwe
cc439cea4f New NetBSD/landisk port uses MBR too. 2006-09-01 21:44:02 +00:00