use of non-exported function __ivaliduser{,_sa}().
we cannot make __ivaliduser{,_sa}() static yet, since doing that would choke
compiled lpd binaries. we should do it on next libc major version bump.
added a memo on lib/libc/shlib_version.
From: hiro@takechi.org
XXX checkremote() should be improved. gethostname -> getaddrinfo is
not the right thing to do, we cannot assume DNS FQDNs is configured
as hostname. if the goal here is to check if it is really remote or not,
getifaddrs() is the way to go.
struct dirent *, rather than non-const. this makes scandir(3) the
same as the scandir implementations in libiberty and glibc, and the
select function has no need to modify the dirent.
this changes function prototype for __ivalid*.
This commit breaks binary compatibility for __ivalid*. I believe this can be
forgiven due to the following:
- this is not really exported function. no function prototype is in headers.
function name starts with underbars. No third-party applications are
expected to use it.
- the function was introduced very recently, when rcmd.c was made IPv6-ready.
- the only customer in NetBSD tree is lpd.
(lpd.c) sync with rcmd.c change.
and use these timeout in the lpq, lpd and lprm programs.
these stop hung remote printers that accept tcp connections but do
not process jobs from hanging the whole system and letting the sysadmin
have a clue about what is going on with this rogue printer.
- add a -r flag to lpd to allow `of' filters for remote jobs.
i know there are ways around this, but i just don't care.
- add a -f flag to lpf to add missing carriage returns.
useful when printing UNIX files to an, eg, LaserWriter that wants CR's
as well as LF's in raw text. stair-stepped text is no fun.
- implement child process accounting: we just have a limit on the number
of children we can have (settable by the sysadmin), and we sleep when
this number is reached. this can reduce malicious not-so-malicious
attacks on the print server by a rogue remote client..
- use setproctitle() where appropriate so the sysadmin has a clue about
what each of the lpd's here are doing.
this was useful to help diagnose a problem (that the above child process
accounting change reduces the lossages of) where a rogue client was
attempting "lpq" operations on one stuck queue in rapid succession,
causing the lpd server to be extremely slow, due to the large number
of lpd processes running.
i have been running these changes in production for about a year.
24 characters would be displayed correctly.
Fixes bin/8880 by Brian Stark <bstark@uswest.net>.
While here, convert code to use getopt(3) and do some const poisoning.
Also g/c variables uid and euid, they are no longer needed after
the split of ../common_source/common.c
- ensure hostname from gethostname() is nul-terminated in all cases
- minor KNF
- use MAXHOSTNAMELEN over various other values/defines
- be safe will buffers that hold hostnames
- be safe with unlinking files (from freebsd)
- remove register
- clean up $NetBSD$'s.
- use inet_ntoa() in one place (from openbsd)
- nul terminate after a bunch of strncpy()'s
- #ifdef __STDC__ rather than #if (from freebsd)
- be safe with a bunch of string operations (from freebsd)
- use warn()/err() over home grown versions (some from freebsd)
- rename warn() to nodaemon() to remove conflict with above
- check errno from failed kill(2) against ESRCH (from freebsd)
- use getopt() rather than home grown versions (from freebsd)
- clean up a bunch of man pages (some from freebsd)
- check for hostname spoof (from freebsd)
- use POSIX wait() interfaces
- use sysconf(_SC_OPEN_MAX) in preference to NOFILE (from freebsd)
- deal with fork() failure
- index/rindex -> strchr/strrchr (some from freebsd)
- add B57600 and B115200 speeds (from freebsd)
- some KNF
- be safe with files passed in over the network (some from freebsd)
- check return value of malloc(), calloc() and strdup()
(1) incorrect check on length of data being written (fix provided by
Paul Sijben <Paul.Sijben@huygens.org>), and
(2) inadequate buffer (too small) for data being sent to remote meant
that properly-formed messages couldn't be created, so job removal
didn't work properly.
(1.2 release is, however, and this should be pulled up and released ASAP)
The previous version (1.11) checked into current limits the duration of
setuid-root periods much more than the 1.2 released version does, so the
attacker DID get a shell, but it was not a root shell.
lpd run in a mode where the it listens only to the local unix domain
socket and not to the network. Changes are similar but not identical
to the supplied patches.
The problem here is setuid(euid) is used far too much. Since I removed
many of these calls, and added no new ones, I do not think this weakens
security. In fact, it quite likely improves it quite a bit, since
access() is called as the real userid, and the file is opened for printing
as the real userid rather than the (setuid-root) effective one.
there are some PC/Mac oriented devices that use non-standard speeds,
furthermore that's just not the way we do things anymore.
"Bad" baud rates are no longer caught with their own error message,
but the condition will still be diagnosed when the tcsetattr() fails.
Also, change `.Os 4.2' => `.Os 4.4' (this man page is from 4.4 lite), and
for now, refer to the "BSD 4.3 Line printer manual", because that is what
we now have in lpr/SMM.doc (SMM.doc needs updating too).