(0 == user allowed in /etc/ftpusers, 1 == user denied in /etc/ftpusers).
from Jim Bernard <jbernard@tater.mines.edu> in [security/4061] with mods
- getopt returns -1 not EOF
- in lostcon(), call dologout(1) not dologout(-1);
257 "dirname" some message
(any "s in dirname should be doubled, per the RFC)
- don't put an extra / in the output of NLST if the last char in the
directory is a /
- bump the version to 7.01 because of these fixes
from Tatoku Ogaito <tacha@tera.fukui-med.ac.jp> in [bin/3967]
* fgetln() doesn't \0 terminate its string. look for the \n and replace
it with \0 (if no \n, ignore the line - it's most likely corrupt)
* more intensive checks on strdup() returns (not a current mem leak,
but depended upon code elsewhere to cleanup - not good)
* cleanup some syslog error messages
had not be implemented. It would cause an "adress space leak" and, if
the same object would opened multiple time, unwanted relocations.
Re: Comment from Chris:
"The a.out ld.so has some problems with dlclose. It doesn't properly
unmap objects which are dlclosed. That's a known problem (though a
serious one for programs which dlopen then dlclose lots of objects,
because it causes address space exhaustion), but it has a
previously-unknown side-effect.
If a single object is dlopened, then dlclosed, then dlopened _again_,
the relocations will be processed again. That causes obvious
problems."
printf format strings, you've got to make sure you cast quantities
passed to %qd to long long because on 64-bit machines they're often
just long, which is not the same, even when it's the same size.
controllable on a per class (which is one of: real, chroot, guest,
all or none) basis:
* on-the-fly execution of a command to build the file (a ``conversion''),
providing support for "get dirname.tar" and the like.
* displaying the contents of a file when a directory is entered
for the first time.
* maximum value for timeout (replaces -T).
* control usage of CHMOD, DELE, MKD, RMD, UMASK; replacing -DINSECURE_GUEST.
* notifying the user of the existance of a files matching a glob
pattern when a directory is entered for the first time.
* default value for timeout (replaces -t).
* default umask (replaces -DGUEST_CMASK and -u).
The conversion, display, and notify functionality was based on code by
Simon Burge <simonb@telstra.com.au>.
* clean up and re-order parts of the man page into subsections.
* STAT displays the settings defined for the class of the current user.
* bump version from 6.00 to 7.00, because of ftpd.conf.
* deprecate -DGUEST_CMASK and -DINSECURE_GUEST in the Makefile, and
-t, -T and -u, as ftpd.conf allows finer control of these.
* add "nostderr" argument to ftpd_popen(), because you don't want the
stderr stream mixing with the stdout stream during a conversion,
as this can corrupt the stream.
and libs in the object tree, if you use a separate object tree,
while maintaining backward compatability with other build methods.
See the notes in src/share/mk/bsd.README for full details. Note
that the `make includes' target now only installs the include files
in the build directory (if you use one--otherwise they go in DESTDIR
just like before); `make install' will install include files in
DESTDIR.
- separate out the common files used by rtld ldd ld
- move machine dependent files into arch
- move ld in its own directory
- factor out .PATH and CFLAGS common to all Makefiles
information in the same file by following the username with `allow'
or `deny'. Also, the user `*' can be used to set the default for
users not listed in the file. This is entirely backward compatable
with old /etc/ftpusers files.
Also, do the /etc/ftpusers and the valid login shell checks after
the password is verified, rather than before, so as not to give away
whether or not a particular user ID is present on the system.
* Set umask to 707;
* Disable UMASK, CHMOD, DELE, RMD and MKD commands.
Compile-time options let you change that umask and go back to the
old, insecure way if you like.
RLTD_LAZY + 1 (for now), if it's not defined. RTLD_NOW should be defined
in dlfcn.h, since some code (e.g. X11) wants it and assumes that it has
the value currently used by our RTLD_LAZY.
kit, then hacked on by Matt Thomas <matt@3am-software.com>, then by me (to
make it work with new versions of the toolchain, etc.). This runs, but it's
in serious need of cleaning and/or a fair bit of reworking. See the README
file for more information, and a list of things to do.
closes [misc/543] and [bin/1295]
- syslog() failures of iruserok(), which should help debugging why
a .rhosts authentication failed.
- log a successful iruserok() if -L given. idea from rshd(8).
- allow root .rhosts to authenticate, the same way that rshd(8) does.
the prior behaviour meant that 'rsh foo csh -i' could get a shell
without a password, but 'rlogin foo' couldn't; very inconsistant.
closes [bin/1078] and [bin/1239]
this should be updated to use the new disk statistics structures, but it
would be good if there were an efficient way to get them from the kernel
before that's done. Also, while here, terminate nlist struct array with
an entry with a NULL name, not the name "".
we're doing a dynamic link for, and change the page size used for offset
and size calculations if necessary. Allows the same ld.so to be used with
mixed m68k4k and m68k8k executables and libraries.
Thanks a million to Gordon Ross for the help in making this work!
to keep stuff out of the environment on the way to exec (we already have
one in the state machine that keeps them from arriving over the wire, so
this should be redundant, but it'll make any further updates easier to
have it present).
also, RCS Id police.