had been granted access to the portmapper via hosts.{allow,deny} could use
PMAPPROC_CALLIT to call PMAPPROC_{SET,UNSET} to (un)register services as if
they were running on the local host.
The new code disallows all indirect calls to the portmapper except for
PMAPPROC_NULL unless the -i (insecure) flag has been specified.
While there, add a new flag, -p (paranoid) which also disallows indirect calls
to a small number of other services, including key parts of NFS and NIS. This
code hardcodes the services to be disallowed, and is thus somewhat of a hack,
but will serve for the time being (until portmap is replaced by rpcbind as part
of fvdl's current rpc work, due to happen before 1.5).
Problem pointed out by Frank van der Linden <fvdl@netbsd.org>, solution determined
in discussion with Frank van der Linden and with Bill Sommerfeld <sommerfeld@netbsd.org>.
Some inspiration drawn from the (less general) handling of this problem in Wietse
Venema's libwrap'ed portmap.
case, which created inodes with dependencies, but no IN_* flag set,
so the dependencies were never flushed (after the waitfor check in
ffs_update was removed).
and bus-independent module that just begins to print things out. No real
code behind it. THIS IS A WORK IN PROGRESS. The *reg.h are woefully
incomplete.
- ftp(1): treats IPv4 mapped destination as IPv4 peer, not native IPv6 peer.
this does not support network with SIIT translator.
- rshd(8)/rlogind(8): rejects accesses from IPv4 mapped peer, to avoid
possible abuse of IPv4 mapped addr (rshd/rlogind use source address-based
auth so it is important to check the condition).
long as at least one of the master or the mirror is available for each
of the N/2 'rows' of the set. (No, RAIDframe doesn't do N-way mirroring..)
Thanks to Manuel Bouyer for noting the problem.
problems such as using modifiers on .for loop iterators derived from
local variables (eg .TARGET).
Unless the variable already exists in a global context, these assignments are
local to the current context (this is usually what is wanted).
asm statements, obsoluting asm routines in locore.S. They are
designed to work in symmetry as names suggests. savefpregs()
does not clear a global variable fpcurproc. Both would be noops when
NOFPU global symbol is defined.
- MDP_FPUSED flag is not turned on for FPA-less processors like Vr4100
and TX3900 even when processes execute FP insns.
use of non-exported function __ivaliduser{,_sa}().
we cannot make __ivaliduser{,_sa}() static yet, since doing that would choke
compiled lpd binaries. we should do it on next libc major version bump.
added a memo on lib/libc/shlib_version.
deberg