Commit Graph

101 Commits

Author SHA1 Message Date
tls 4147a3c54a Add new Makefile knob, USE_FORT, which extends USE_SSP by turning on the
FORTIFY_SOURCE feature of libssp, thus checking the size of arguments to
various string and memory copy and set functions (as well as a few system
calls and other miscellany) where known at function entry.  RedHat has
evidently built all "core system packages" with this option for some time.

This option should be used at the top of Makefiles (or Makefile.inc where
this is used for subdirectories) but after any setting of LIB.

This is only useful for userland code, and cannot be used in libc or in
any code which includes the libc internals, because it overrides certain
libc functions with macros.  Some effort has been made to make USE_FORT=yes
work correctly for a full-system build by having the bsd.sys.mk logic
disable the feature where it should not be used (libc, libssp iteself,
the kernel) but no attempt has been made to build the entire system with
USE_FORT and doing so will doubtless expose numerous bugs and misfeatures.

Adjust the system build so that all programs and libraries that are setuid,
directly handle network data (including serial comm data), perform
authentication, or appear likely to have (or have a history of having)
data-driven bugs (e.g. file(1)) are built with USE_FORT=yes by default,
with the exception of libc, which cannot use USE_FORT and thus uses
only USE_SSP by default.  Tested on i386 with no ill results; USE_FORT=no
per-directory or in a system build will disable if desired.
2007-05-28 12:06:17 +00:00
christos b0d544666a whitespace fixes. 2007-05-17 00:36:31 +00:00
christos 7ac2181da6 Deal with delta being negative on machines which signed shifts don't shift 1's. 2007-05-17 00:36:12 +00:00
cbiere 2ed96b7598 * timed and timedc:
* Sprinkle const.
   * Use EXIT_FAILURE instead of 1.
   * Use err(), errx().
   * Use calloc() instead of malloc()+memset().
 * timedc:
   * Non-terminated hostnames or unknown tsp_type could
     cause a crash due to out-of-bounds reads in msite().
   * Check the received packet size.
   * Merged duplicated code into functions.
   * Moved variables into the relevant scopes.
   * Use connect() so that only the receiver can reply,
     send()/recv() can be used and rejected packets
     are immediately noticed by recv() instead of causing
     timeouts.
   * Updated manpage.
2007-02-04 21:17:01 +00:00
cbiere 28ea2557d4 Let timedc use the dedicated account "_timedc" for dropping privileges
instead of abusing the account "nobody".
2007-01-28 13:51:29 +00:00
cbiere 0f2ebef2a8 * timedc is no longer setuid-root and is only usable by root due to the
use of a raw socket for ICMP; thus there is also no need to differ
   between privileged and unprivileged commands.
 * Switch to user "nobody" after allocating the raw socket.
 * Close all file descriptors above 2 (just in case).
2007-01-27 17:57:45 +00:00
cbiere 0a2098a6e9 bind() in priv_resources() is now unnecessary as pointed out by christos. 2007-01-27 00:37:56 +00:00
cbiere 2ca958bb2f * Fixed a 64-bit issue in daydiff().
* Check the packet size and sender address in daydiff().
 * priv_resources(): Use bind() instead of bindresvport() because an
   reserved port is not required. This also resolves the interoperability
   issue reported in PR bin/35479.
2007-01-27 00:15:50 +00:00
christos 07807b36a7 - centralize sendto tsp
- cleanup some casts
2007-01-26 16:12:41 +00:00
christos b841c08d29 WARNS=4 2007-01-25 23:51:28 +00:00
christos 7bc0bdf604 - merge the update code in one function
- support wtmpx
- kill local decls of logwtmp; use util.h
2007-01-25 23:51:11 +00:00
christos b772b1e89b sprinkle const. 2007-01-25 23:47:13 +00:00
cbiere 07c9d403fe * Modified in_cksum() so it can handle unaligned data.
* Replaced most strlcpy() with set_tsp_name() and get_tsp_name() because
   strlcpy() could potentially run out-of-bounds and doesn't zero out
   unused buffer space.
 * Replaced bcopy/bzero() with memcpy/memset().
 * Fixed potential alignment/aliasing issues in measure().
 * Replace u_short/u_long with uint16_t/uint32_t/in_addr_t where appropriate.
 * Renamed sin to addr because sin is a reserved identifier.
 * Use bindresvport() instead of looping over bind(); rresvport() returns
   a SOCK_STREAM socket not SOCK_DGRAM.
2007-01-25 23:25:20 +00:00
christos 06fe4f2600 - use rresvport() instead of open-coding it.
- use warn/err.
2007-01-25 22:28:03 +00:00
christos 2331183c52 PR/35479: djv AT bedford DOT net: fix byte order issue and zero the sockaddr. 2007-01-25 15:29:40 +00:00
hubertf e3b9ec947a #including <syslog.h> once is enough
From Slava Semushin <slava.semushin@gmail.com> in private mail
2007-01-16 12:08:23 +00:00
christos 8852dbf5f6 This has not worked since 2003. (Hello Itojun!) 2006-06-15 19:32:55 +00:00
mrg 084c052803 quell GCC 4.1 uninitialised variable warnings.
XXX: we should audit the tree for which old ones are no longer needed
after getting the older compilers out of the tree..
2006-05-10 21:53:14 +00:00
mrg 0c37c63edc change (mostly) int to socklen_t. GCC 4 doesn't like that int and
socklen_t are different signness.
2006-05-09 20:18:05 +00:00
christos b971501348 make master() return void. 2005-04-19 03:40:00 +00:00
perry 9cdb3caf29 remove obsolete register declarations. 2005-02-06 04:56:27 +00:00
dsl 3cca093e74 Add (unsigned char) cast to ctype functions 2004-10-30 15:51:20 +00:00
wiz 2ea7a74e40 Improvements from Christian "naddy" Weisgerber:
sync with FreeBSD/OpenBSD
- Add a standard option list and make appropriate changes to the
  body of the description.
- Document "-G netgroup".
- Miscellaneous grammar and mdoc fixes.

Some option resorting by yours truly.
2004-09-28 16:37:08 +00:00
wiz d77d1962dd s/transmitts/transmits/
From Gavin Atkinson (FreeBSD bug 62346) via jmc@openbsd
2004-02-09 15:43:05 +00:00
itojun 912235966a makeargv overrun. from openbsd 2003-10-13 06:14:04 +00:00
itojun 757e458559 SIOCGIFCONF -> getifaddrs conversion 2003-08-18 05:39:52 +00:00
agc 326b2259b7 Move UCB-licensed code from 4-clause to 3-clause licence.
Patches provided by Joel Baker in PR 22366, verified by myself.
2003-08-07 11:25:11 +00:00
lukem 001c68bd94 Rename a large chunk of the make(1) variables which refer to a
program/tool from "FOO" to "TOOL_FOO".  The new variables are:
	TOOL_ASN1_COMPILE  TOOL_CAP_MKDB  TOOL_CAT  TOOL_CKSUM  TOOL_COMPILE_ET
	TOOL_CONFIG  TOOL_CRUNCHGEN  TOOL_CTAGS  TOOL_DB  TOOL_EQN  TOOL_FGEN
	TOOL_GENCAT  TOOL_GROFF  TOOL_HEXDUMP  TOOL_INDXBIB  TOOL_INSTALLBOOT
	TOOL_INSTALL_INFO  TOOL_M4  TOOL_MAKEFS  TOOL_MAKEINFO  TOOL_MAKEWHATIS
	TOOL_MDSETIMAGE  TOOL_MENUC  TOOL_MKCSMAPPER  TOOL_MKESDB
	TOOL_MKLOCALE  TOOL_MKMAGIC  TOOL_MKTEMP  TOOL_MSGC  TOOL_MTREE
	TOOL_PAX  TOOL_PIC  TOOL_PREPMKBOOTIMAGE  TOOL_PWD_MKDB  TOOL_REFER
	TOOL_ROFF_ASCII  TOOL_ROFF_DVI  TOOL_ROFF_HTML  TOOL_ROFF_PS
	TOOL_ROFF_RAW  TOOL_RPCGEN  TOOL_SOELIM  TOOL_SUNLABEL  TOOL_TBL
	TOOL_UUDECODE  TOOL_VGRIND  TOOL_ZIC

For each, provide default in <bsd.sys.mk> of the form:
	TOOL_FOO?=	foo
and for the ${USETOOLS}=="yes" case in <bsd.own.mk>, provide override:
	TOOL_FOO=	${TOOLDIR}/bin/${_TOOL_PREFIX}foo

Document all of these in bsd.README.

This cleans up a chunk of potential (and actual) namespace collision
within our build infrastructure, as well as improves consistency in
the share/mk documentation and provision of appropriate defaults for
each of these variables.
2003-07-10 10:33:58 +00:00
wiz 40bce18021 Simplify macro usage. 2003-06-30 11:55:11 +00:00
itojun c428db5b2f use strlcpy 2003-05-17 20:55:44 +00:00
itojun bd26fba38c avoid possible buffer overrun 2003-05-16 18:28:18 +00:00
wiz 990562bfef .Nm does not need a dummy argument ("") before punctuation or
for correct formatting of the SYNOPSIS any longer.
2003-02-25 10:34:36 +00:00
simonb 276fd1665c The Double-Semi-Colon Police. 2003-01-20 05:29:53 +00:00
wiz c053751628 compatibility, not compatiblity. 2003-01-06 13:26:24 +00:00
pooka 732f4c9fa5 Add ${MACROS} to ${ROFF} usage to make output readable
from jbernard@mines.edu in misc/19685
2003-01-05 12:24:22 +00:00
mycroft 8efb63f066 select() -> poll(), nanosleep() 2002-09-19 00:01:33 +00:00
christos 3fd7285df0 Don't include utmp.h 2002-08-02 02:13:46 +00:00
wiz babf9fcdb0 Make compile with -DHAVENIS. Also make compile with WARNS=2, and
set WARNS=2 in Makefile.
2002-07-10 22:44:22 +00:00
wiz 0fb8fdab47 ANSIfy, remove __P(). 2002-07-06 22:08:30 +00:00
wiz 557fe0a8de ANSIfy and de-__P() a bit more. 2002-07-06 22:01:40 +00:00
wiz 8fb60bde2d Remove unused files (cf. timed{,c}/timed{,c}-extern.h). 2002-07-06 21:59:26 +00:00
perry 46c82860b1 Fix a variable initializer where CLK_TCK was assumed to be a compile
time constant. Soon it won't be.
2002-06-23 17:47:45 +00:00
wiz 09141f935a Sort sections. 2002-02-02 02:02:44 +00:00
reinoud ec98fbc0db Code cleanup; remove all `#ifdef sgi' from the code... this clobbered the
code considerably and was mainly providing SGI specific logging facilities
and some hacks to improve the relyablility on SGI systems by increasing
priorities etc...
2001-09-02 00:13:05 +00:00
wiz 1e378c4c12 precede, not preceed. 2001-08-20 12:00:46 +00:00
wiz 6e20d67676 Add sections to xrefs. Whitespace fixes. 2001-04-05 11:53:46 +00:00
wiz 57feeb4802 Xref ntpd(8), not NTP. Whitespace fixes. 2001-04-05 11:53:11 +00:00
itojun 0dff585654 cope with malformed packets better.
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:28/timed.patch
2001-03-13 00:14:39 +00:00
garbled 3812bc3f00 Remove __FILE__ and __LINE__ from a normal error message reported via
syslog.  Closes PR 5875
2001-03-07 21:46:04 +00:00
lukem 30724dba3e LOG_ODELAY is deprecated; it's the default 2001-01-11 03:05:42 +00:00