Commit Graph

64 Commits

Author SHA1 Message Date
lukem 6bc6e73b91 Fix -Wsign-compare issues 2009-04-19 06:09:42 +00:00
joerg bd027b10ec Fix markup. 2009-04-08 14:36:41 +00:00
perry 36c7456d7c include sys/cdefs.h so that __attribute__ can be fixed later 2007-12-15 16:32:05 +00:00
tls 4147a3c54a Add new Makefile knob, USE_FORT, which extends USE_SSP by turning on the
FORTIFY_SOURCE feature of libssp, thus checking the size of arguments to
various string and memory copy and set functions (as well as a few system
calls and other miscellany) where known at function entry.  RedHat has
evidently built all "core system packages" with this option for some time.

This option should be used at the top of Makefiles (or Makefile.inc where
this is used for subdirectories) but after any setting of LIB.

This is only useful for userland code, and cannot be used in libc or in
any code which includes the libc internals, because it overrides certain
libc functions with macros.  Some effort has been made to make USE_FORT=yes
work correctly for a full-system build by having the bsd.sys.mk logic
disable the feature where it should not be used (libc, libssp iteself,
the kernel) but no attempt has been made to build the entire system with
USE_FORT and doing so will doubtless expose numerous bugs and misfeatures.

Adjust the system build so that all programs and libraries that are setuid,
directly handle network data (including serial comm data), perform
authentication, or appear likely to have (or have a history of having)
data-driven bugs (e.g. file(1)) are built with USE_FORT=yes by default,
with the exception of libc, which cannot use USE_FORT and thus uses
only USE_SSP by default.  Tested on i386 with no ill results; USE_FORT=no
per-directory or in a system build will disable if desired.
2007-05-28 12:06:17 +00:00
christos 10dfada83b Coverity CID 1321: False -gative detection. 2006-05-24 21:47:25 +00:00
christos 4c1a6c8705 Coverity CID 3671: Cast close to void and don't close negative fds. 2006-05-23 01:36:36 +00:00
itojun 522016be88 plug memory leak. Patrick Latifi 2005-03-16 05:05:06 +00:00
dsl cfe7f80ff0 Add (unsigned char) cast to ctype functions 2004-10-29 20:51:11 +00:00
grant 2c571f8f4d fix a typo 2003-11-12 13:31:44 +00:00
grant cacf2d0f45 s/netbsd.org/NetBSD.org/i 2003-11-12 13:31:07 +00:00
itojun a038ecb5ba poll() argument mistake. Tatoku Ogaito 2003-10-16 05:25:51 +00:00
wiz 47190e80b8 Consistently use 'RFC 1234' instead of 'RFC1234' or 'RFC-1234'.
From jmc@openbsd.
2003-09-07 16:22:20 +00:00
itojun ecf557376f use poll(2) instead of select(2). based on patch from deraadt@openbsd, via kame 2003-09-02 22:57:29 +00:00
itojun 9b81bd5614 initialize sentinel.next so that config_list does not get garbage 2003-09-02 22:56:11 +00:00
itojun 7fb76a1cf3 no longer in use 2003-08-20 01:31:12 +00:00
wiz 1c59e224c1 Remove superfluous Ns. 2003-07-04 12:56:58 +00:00
wiz e38cc56dbd Ic Ar -> Ar. 2003-07-01 10:27:47 +00:00
dogcow 62509eec36 make the given example actually work. 2003-07-01 00:08:52 +00:00
itojun 0f0398257d simplify by strdup. expilcitly specify IPPROTO_TCP (to cope with sctp-ready
getaddrinfo).
2003-05-15 00:23:54 +00:00
wiz 990562bfef .Nm does not need a dummy argument ("") before punctuation or
for correct formatting of the SYNOPSIS any longer.
2003-02-25 10:34:36 +00:00
itojun 52c469ffaa socklen_t audit. from deraadt, sync w/kame 2002-09-08 01:41:12 +00:00
itojun 00975d3872 die if fd_set overrun. explicitly turn off use of IPv4 mapped addr on AF_INET6
socket.
2002-08-20 23:02:44 +00:00
itojun 184465092f correct ftp relay functionality. 2002-06-24 06:03:13 +00:00
itojun 8a4859803b remove unmaintained option (#ifdef FAITH4). sync w/kame 2002-06-07 00:20:45 +00:00
itojun fd53f7c428 drop support for rsh/rlogin relaying.
use of .rhosts authentication should be discouraged with relaying service.
sync w/kame
2002-05-09 14:24:03 +00:00
itojun 3f18342704 handle ECONNABORTED at accept(2). correct error handling for connect(2)
sync w/ kame
2002-04-24 12:14:42 +00:00
wiz c982600639 Drop .Pp before subsection, whitespace nit and sort sections. 2002-01-19 03:12:56 +00:00
itojun 4a1ad619af daemon(3) has to be called before opening file descriptors.
noticed by markus@openbsd, sync with kame
2002-01-11 04:20:55 +00:00
itojun f8e9dbe7d3 assume the presense of getifaddrs(3). sync with kame 2001-11-21 06:53:13 +00:00
itojun d1fee0dd15 deal with wait3() returning -1. be careful on malloc failures. sync with kame 2001-11-21 06:52:35 +00:00
itojun bc0d6cdd22 sync with the latest kame.
- select() with the right maxfd.
- don't write() with len <= 0.
- no wacky macro ERRSTR.
2001-09-05 01:22:24 +00:00
itojun 55ae625187 faith(4) is now documented in RFC3142. 2001-06-30 01:01:36 +00:00
itojun 4db33fdf62 avoid null pointer deref. sync with kame. 2001-04-25 11:25:51 +00:00
itojun 722e18b9a5 avoid zombies on abnormal disconnects. sync with kame 2001-03-20 01:13:46 +00:00
itojun 20540573e7 pull latest faithd from kame. /etc/faithd.conf allows you to filter by prefix.
manpage cleanups.
2001-02-15 17:58:55 +00:00
lukem 06680ddb2d fix tyop 2001-01-11 03:28:03 +00:00
itojun 74b478c63c printf-format audit. from sommrfeld@netbsd.org. sync with kame. 2000-10-06 00:13:01 +00:00
itojun a5d0cbc5e5 sync with latest kame.
- improve logging.
- correct multicast address check for the relayed destination.
- repair EPRT translation.
- support 227 result without paren.
- change behavior on no-argument to more sensible side
  (before: relay telnet, now: error)
  WARNING: you may need to change your startup script.
2000-09-14 00:36:10 +00:00
itojun ed870024f2 sync document with latest kame. now uses 3ffe:501:ffff::/48 in example. 2000-09-14 00:30:23 +00:00
kleink 4918722a89 For commands and utilities, use EXIT STATUS rather than RETURN VALUES or
DIAGNOSTICS as appropriate (and documented in mdoc(7)).
2000-09-04 07:35:15 +00:00
itojun 31431ac193 always use %s for setproctitle. from openbsd-current 2000-07-05 17:59:58 +00:00
thorpej 6851dd879b Update ifconfig example to show that the interface has to be created. 2000-07-04 20:08:32 +00:00
itojun e9bf9cf7a1 allow faithd(8) to be invoked via inetd(8), just like tcpd (of tcp_wrappers).
sync with kame.

benefits: allows us to access-control inbound traffic by using hosts.allow(5).
possible drawbacks: inetd mode has no chance for multi-connection-per-single-
process enhancement.  current faithd(8) needs 1 process per 1 connection
anyways.
2000-07-04 13:28:13 +00:00
itojun 1f62fd302f add more security notice about relaying rsh/rlogin taffic. (sync with kame) 2000-07-03 08:37:20 +00:00
itojun f244aa6821 correct usage of route(8) in example. 2000-07-02 09:17:30 +00:00
itojun 7f153848ab use %s with syslog, to prevent abuse. from: deraadt (sync with kame) 2000-06-29 01:24:11 +00:00
itojun 5599a3d879 sync with latest kame code. a bug with malloc() size (that can lead to
SEGV) is corrected.
2000-05-31 03:18:02 +00:00
itojun c415e8231f wording 2000-03-12 16:56:42 +00:00
itojun db69080b84 improve SECURITY section. (sync with kame) 2000-03-12 16:47:24 +00:00
itojun 0395cd74d3 use getifaddrs, not SIOCGIFCONF. 2000-02-25 10:05:46 +00:00