Commit Graph

34 Commits

Author SHA1 Message Date
tls 4147a3c54a Add new Makefile knob, USE_FORT, which extends USE_SSP by turning on the
FORTIFY_SOURCE feature of libssp, thus checking the size of arguments to
various string and memory copy and set functions (as well as a few system
calls and other miscellany) where known at function entry.  RedHat has
evidently built all "core system packages" with this option for some time.

This option should be used at the top of Makefiles (or Makefile.inc where
this is used for subdirectories) but after any setting of LIB.

This is only useful for userland code, and cannot be used in libc or in
any code which includes the libc internals, because it overrides certain
libc functions with macros.  Some effort has been made to make USE_FORT=yes
work correctly for a full-system build by having the bsd.sys.mk logic
disable the feature where it should not be used (libc, libssp iteself,
the kernel) but no attempt has been made to build the entire system with
USE_FORT and doing so will doubtless expose numerous bugs and misfeatures.

Adjust the system build so that all programs and libraries that are setuid,
directly handle network data (including serial comm data), perform
authentication, or appear likely to have (or have a history of having)
data-driven bugs (e.g. file(1)) are built with USE_FORT=yes by default,
with the exception of libc, which cannot use USE_FORT and thus uses
only USE_SSP by default.  Tested on i386 with no ill results; USE_FORT=no
per-directory or in a system build will disable if desired.
2007-05-28 12:06:17 +00:00
elad 1b28df2fb7 strncpy -> strlcpy 2006-06-17 08:22:06 +00:00
christos 67a132acdc PR/28474: Geoff C. Wing: write does some weird checking and can't handle ptyfs 2004-11-30 04:08:38 +00:00
christos 74c9d10c58 make the atime and msgok optional. If we did not request atime, then we
don't want strict checking and in this case if the tty is not found we
don't exit. write calls this with atime != NULL and wall calls this with
atime == NULL.
2004-10-27 17:48:47 +00:00
christos 4b03e4a99f Allow root to write even if it does not have a tty. 2004-10-26 19:24:00 +00:00
agc 89aaa1bb64 Move UCB-licensed code from 4-clause to 3-clause licence.
Patches provided by Joel Baker in PR 22365, verified by myself.
2003-08-07 11:13:06 +00:00
christos 2d67d54fef PR/21568: Martin Husemann: Shutdown gets permission denied error from wall 2003-05-13 23:05:34 +00:00
christos b0eade51fd improve error handling and knf. 2003-05-03 15:57:11 +00:00
christos 73b3e2ae58 separate the term check stuff. 2003-04-20 23:53:04 +00:00
lukem 5d4973fe97 makefile delint. use NETBSDSRCDIR as appropriate 2002-09-18 14:00:33 +00:00
itojun 2abe377059 defend against malicious line in ut_line, which could cause unwanted
writes to anything under /dev.  revoke setuid/gid privs earlier.
From: xs@kittenz.org
2002-08-16 20:21:48 +00:00
christos c020d65e19 utmpx support. 2002-08-02 01:52:13 +00:00
mjl e1d9ba796d un__Pify, ANSIfy and constify. 2001-01-03 13:25:11 +00:00
mjl a640361563 /dev -> _PATH_DEV 2001-01-03 13:14:26 +00:00
matt fcd0fb118f Make gcc 2.96 (and maybe earlier) happier. Include <stdlib.h>,<string.>,
etc. as appropriate to get exit,srncmp,abs,abort,etc.
Add -I${.CURDIR} to a few Makefiles
2000-07-03 02:51:12 +00:00
drochner 85cbf55d16 Since our gcc doesn't warn about NULL format strings anymore, we can
fix the incorrect err(1, "%s", "") et al.
Closes PR bin/7592 by cgd.
1999-11-09 15:06:30 +00:00
christos 18d277be6d char -> unsigned char 1998-12-20 15:04:40 +00:00
ross f670fa10c5 Add { and } to shut up egcs. Reformat the more questionable code. 1998-08-25 20:59:36 +00:00
mycroft af26acbc65 const poisoning. 1998-07-26 23:14:40 +00:00
mrg 448f5de7fb KNF. use S_IWGRP instead of homegrown crap. ensure tty buffer is nul-terminated. 1998-07-06 11:17:30 +00:00
mrg 32f519716b - use an array MAXHOSTNAMELEN+1 size to hold hostnames
- ensure hostname from gethostname() is nul-terminated in all cases
- minor KNF
- use MAXHOSTNAMELEN over various other values/defines
- be safe will buffers that hold hostnames
1998-07-06 06:56:06 +00:00
lukem f4100846b8 deprecate register 1997-10-20 03:24:44 +00:00
mrg 658077dbfb WARNSify; clean up .Nm 1997-10-19 14:35:28 +00:00
mrg a4d8e69073 remove possibly dangerous sprintf and strcpy calls. 1997-02-11 08:21:03 +00:00
explorer 8b5cdff515 sprintf -> snprintf, from David A. Holland <dholland@eecs.harvard.edu> 1997-01-20 19:04:59 +00:00
perry 9cb735d26b fix write to print a warning if the sender has "mesg n" set, instead
of dying with an error. From Mark Weaver
closes pr-355, per thorpej
1997-01-17 01:52:12 +00:00
tls 9d225a1783 RCS ID police 1997-01-09 20:18:21 +00:00
jtc 5a441adfaf sync with 4.4lite2 1995-08-31 21:48:32 +00:00
jtc 5720e226ae misc cleanup by jimj and myself. 1994-12-21 07:11:00 +00:00
mycroft 180e70c1db Update to 4.4-Lite version, converted to use err*(3) and warn*(3). 1994-09-19 08:18:22 +00:00
mycroft e9d867ef50 Add RCS identifiers. 1993-08-01 17:54:45 +00:00
mycroft c3e42d1c64 Add RCS indentifiers. 1993-08-01 07:22:47 +00:00
mycroft d0f8d5d2bb Add RCS identifiers. 1993-07-30 22:28:22 +00:00
cgd 61f282557f initial import of 386bsd-0.1 sources 1993-03-21 09:45:37 +00:00