Commit Graph

35 Commits

Author SHA1 Message Date
tls
4147a3c54a Add new Makefile knob, USE_FORT, which extends USE_SSP by turning on the
FORTIFY_SOURCE feature of libssp, thus checking the size of arguments to
various string and memory copy and set functions (as well as a few system
calls and other miscellany) where known at function entry.  RedHat has
evidently built all "core system packages" with this option for some time.

This option should be used at the top of Makefiles (or Makefile.inc where
this is used for subdirectories) but after any setting of LIB.

This is only useful for userland code, and cannot be used in libc or in
any code which includes the libc internals, because it overrides certain
libc functions with macros.  Some effort has been made to make USE_FORT=yes
work correctly for a full-system build by having the bsd.sys.mk logic
disable the feature where it should not be used (libc, libssp iteself,
the kernel) but no attempt has been made to build the entire system with
USE_FORT and doing so will doubtless expose numerous bugs and misfeatures.

Adjust the system build so that all programs and libraries that are setuid,
directly handle network data (including serial comm data), perform
authentication, or appear likely to have (or have a history of having)
data-driven bugs (e.g. file(1)) are built with USE_FORT=yes by default,
with the exception of libc, which cannot use USE_FORT and thus uses
only USE_SSP by default.  Tested on i386 with no ill results; USE_FORT=no
per-directory or in a system build will disable if desired.
2007-05-28 12:06:17 +00:00
christos
1acc910067 Coverity CID 587: Dead code detected because the loop was using the wrong
variable (rc instead of rv).
2006-03-19 23:05:50 +00:00
christos
44fad74b6a - Pass lint.
- Fix signness problems that confused error detection.
- Avoid possible buffer overflow.
2005-12-05 02:04:16 +00:00
uebayasi
f013145702 Split a sentence in SEE ALSO by a .Pp. 2004-06-10 13:58:47 +00:00
wiz
472351e13d Use
.In header.h
instead of
.Fd #include \*[Lt]header.h\*[Gt]
Much easier to read and write, and supported by groff for ages.
Okayed by ross.
2003-04-16 13:34:34 +00:00
lukem
e2d7870626 add RCSID 2003-03-08 07:42:33 +00:00
wiz
57a4de98d0 New sentence, new line. From Robert Elz. 2002-10-01 19:26:58 +00:00
lukem
ec5dbc56b8 Explicitly move setting of NOxxx and USE_SHLIBDIR to the top of the
Makefile (before including <bsd.own.mk>)
2002-08-19 14:55:14 +00:00
ross
814f296b77 Generate <>& symbolically. 2002-02-07 07:00:09 +00:00
tv
001067bbd1 Readability cleanups; MKfoo=no -> NOfoo. 2001-12-12 00:51:00 +00:00
lukem
6a973ed877 WARNS=2 fixes 2001-11-05 15:10:25 +00:00
wiz
abaac8cbb7 Fix xref sections, sort sections. 2001-10-16 09:26:20 +00:00
gmcgarry
6f9a424ab4 mdoc'ify. 2001-10-16 05:52:39 +00:00
wiz
14dbdf5518 Negative exit code cleanup: Replace exit(-x) with exit(x).
As seen on tech-userlevel.
2001-04-06 11:13:45 +00:00
enami
badab93fb1 Make this file compile again on alpha; size_t isn't always same size as int. 2001-01-05 05:42:45 +00:00
enami
43ca618d61 More cosmetic changes. 2001-01-05 05:40:38 +00:00
lukem
32dd941f7f convert to ANSI KNF 2001-01-04 15:30:15 +00:00
matt
6ac8d1ec06 More include cleanup. Remvoe (p) from #undef in libipsec. 2000-07-03 03:56:20 +00:00
lukem
d896261208 back out the #ifdef _DIAGNOSTIC argument checks; too many people complained.
_DIAGASSERT() is still retained.
1999-09-20 04:38:56 +00:00
lukem
b48252f365 * use _DIAGASSERT() to check pointer arguments against NULL and file
descriptors against -1 (as appropriate).
* add actual checks which to detect stuff that would trigger_DIAGASSERT(),
  and attempt to return a sane error condition.
* knf some code
* remove some `register' decls.

the first two items result in the addition of code similar to the
following in various functions:

		_DIAGASSERT(path != NULL)
	#ifdef _DIAGNOSTIC
		if (path == NULL) {
			errno = EFAULT;
			return (-1);
		}
	#endif
1999-09-16 11:44:54 +00:00
simonb
42724dd4d2 More trailing white space. 1999-07-02 15:37:33 +00:00
lukem
dcab0210a0 convert from NOxxx= to MKxxx=no.
include <bsd.own.mk> if testing a MKxxx variable.
1999-02-13 02:54:17 +00:00
mrg
5f2732ab6d - support RCMD_CMD, ala rcmd(3).
- put paths for rsh and rmt into "pathnames.h"
- document this.
1998-03-08 23:36:46 +00:00
perry
b51ed80fd5 RCS Id Police. 1998-01-09 04:11:49 +00:00
thorpej
6e190eed28 - Convert a few functions to variable arguments so that they can be
prototyped like the functions that they remap (open, fcntl, ioctl).
- Pull in prototypes from <rmt.h>.
1997-10-21 19:58:21 +00:00
mrg
395c20ea27 clean up WARNS on the alpha. 1997-10-10 08:45:29 +00:00
lukem
5542a7ca43 - define WARNS?=1 in the top-level Makefile.inc, and don't define
anywhere else.
- for now, override WARNS=0 in librpcsvc and libwrap, until they're
  cleaned up
- rcsid police

lib is now clean (except for librpcsvc and libwrap) on the i386, and
this should motivate the other ports to fix any other minor problems
that their compilers pick up that the i386 version doesn't.
1997-10-09 14:36:17 +00:00
lukem
ae6b9c674a WARNSify 1997-10-09 11:58:15 +00:00
mikel
e6077a7689 gcc -Wall fixes, including: end unterminated comment (!), add braces
to Ctp and Ptc array initializers, fix sprintf() format in
  _rmt_lseek(), add explicit return type for _rmt_ioctl(), and move
  isrmt() definition so that it's defined before it's used.
1997-06-20 04:24:23 +00:00
mrg
9cd5492c02 - convert unsafe strcpy(), strcat() and sprintf() to the `n' versions.
- some KNF.
1997-01-23 14:01:45 +00:00
thorpej
082a70252b Add an RCS id. 1996-08-13 20:13:35 +00:00
thorpej
dc06f7ce36 Change an instance of "int" to "unsigned long" (the correct type for
ioctl commands under NetBSD) so that this compiles on the Alpha.
1996-08-13 20:09:50 +00:00
jtc
7693327da9 rsh is now in /usr/bin, not /usr/ucb 1996-08-09 04:17:36 +00:00
jtc
8ee4077ea0 minor changes for better integration into NetBSD 1996-08-09 03:39:00 +00:00
jtc
67ead26177 Remote mag tape library from volume 18 of comp.sources.unix. 1996-08-09 03:35:17 +00:00