Commit Graph

61 Commits

Author SHA1 Message Date
tls
4147a3c54a Add new Makefile knob, USE_FORT, which extends USE_SSP by turning on the
FORTIFY_SOURCE feature of libssp, thus checking the size of arguments to
various string and memory copy and set functions (as well as a few system
calls and other miscellany) where known at function entry.  RedHat has
evidently built all "core system packages" with this option for some time.

This option should be used at the top of Makefiles (or Makefile.inc where
this is used for subdirectories) but after any setting of LIB.

This is only useful for userland code, and cannot be used in libc or in
any code which includes the libc internals, because it overrides certain
libc functions with macros.  Some effort has been made to make USE_FORT=yes
work correctly for a full-system build by having the bsd.sys.mk logic
disable the feature where it should not be used (libc, libssp iteself,
the kernel) but no attempt has been made to build the entire system with
USE_FORT and doing so will doubtless expose numerous bugs and misfeatures.

Adjust the system build so that all programs and libraries that are setuid,
directly handle network data (including serial comm data), perform
authentication, or appear likely to have (or have a history of having)
data-driven bugs (e.g. file(1)) are built with USE_FORT=yes by default,
with the exception of libc, which cannot use USE_FORT and thus uses
only USE_SSP by default.  Tested on i386 with no ill results; USE_FORT=no
per-directory or in a system build will disable if desired.
2007-05-28 12:06:17 +00:00
christos
10dfada83b Coverity CID 1321: False -gative detection. 2006-05-24 21:47:25 +00:00
christos
4c1a6c8705 Coverity CID 3671: Cast close to void and don't close negative fds. 2006-05-23 01:36:36 +00:00
itojun
522016be88 plug memory leak. Patrick Latifi 2005-03-16 05:05:06 +00:00
dsl
cfe7f80ff0 Add (unsigned char) cast to ctype functions 2004-10-29 20:51:11 +00:00
grant
2c571f8f4d fix a typo 2003-11-12 13:31:44 +00:00
grant
cacf2d0f45 s/netbsd.org/NetBSD.org/i 2003-11-12 13:31:07 +00:00
itojun
a038ecb5ba poll() argument mistake. Tatoku Ogaito 2003-10-16 05:25:51 +00:00
wiz
47190e80b8 Consistently use 'RFC 1234' instead of 'RFC1234' or 'RFC-1234'.
From jmc@openbsd.
2003-09-07 16:22:20 +00:00
itojun
ecf557376f use poll(2) instead of select(2). based on patch from deraadt@openbsd, via kame 2003-09-02 22:57:29 +00:00
itojun
9b81bd5614 initialize sentinel.next so that config_list does not get garbage 2003-09-02 22:56:11 +00:00
itojun
7fb76a1cf3 no longer in use 2003-08-20 01:31:12 +00:00
wiz
1c59e224c1 Remove superfluous Ns. 2003-07-04 12:56:58 +00:00
wiz
e38cc56dbd Ic Ar -> Ar. 2003-07-01 10:27:47 +00:00
dogcow
62509eec36 make the given example actually work. 2003-07-01 00:08:52 +00:00
itojun
0f0398257d simplify by strdup. expilcitly specify IPPROTO_TCP (to cope with sctp-ready
getaddrinfo).
2003-05-15 00:23:54 +00:00
wiz
990562bfef .Nm does not need a dummy argument ("") before punctuation or
for correct formatting of the SYNOPSIS any longer.
2003-02-25 10:34:36 +00:00
itojun
52c469ffaa socklen_t audit. from deraadt, sync w/kame 2002-09-08 01:41:12 +00:00
itojun
00975d3872 die if fd_set overrun. explicitly turn off use of IPv4 mapped addr on AF_INET6
socket.
2002-08-20 23:02:44 +00:00
itojun
184465092f correct ftp relay functionality. 2002-06-24 06:03:13 +00:00
itojun
8a4859803b remove unmaintained option (#ifdef FAITH4). sync w/kame 2002-06-07 00:20:45 +00:00
itojun
fd53f7c428 drop support for rsh/rlogin relaying.
use of .rhosts authentication should be discouraged with relaying service.
sync w/kame
2002-05-09 14:24:03 +00:00
itojun
3f18342704 handle ECONNABORTED at accept(2). correct error handling for connect(2)
sync w/ kame
2002-04-24 12:14:42 +00:00
wiz
c982600639 Drop .Pp before subsection, whitespace nit and sort sections. 2002-01-19 03:12:56 +00:00
itojun
4a1ad619af daemon(3) has to be called before opening file descriptors.
noticed by markus@openbsd, sync with kame
2002-01-11 04:20:55 +00:00
itojun
f8e9dbe7d3 assume the presense of getifaddrs(3). sync with kame 2001-11-21 06:53:13 +00:00
itojun
d1fee0dd15 deal with wait3() returning -1. be careful on malloc failures. sync with kame 2001-11-21 06:52:35 +00:00
itojun
bc0d6cdd22 sync with the latest kame.
- select() with the right maxfd.
- don't write() with len <= 0.
- no wacky macro ERRSTR.
2001-09-05 01:22:24 +00:00
itojun
55ae625187 faith(4) is now documented in RFC3142. 2001-06-30 01:01:36 +00:00
itojun
4db33fdf62 avoid null pointer deref. sync with kame. 2001-04-25 11:25:51 +00:00
itojun
722e18b9a5 avoid zombies on abnormal disconnects. sync with kame 2001-03-20 01:13:46 +00:00
itojun
20540573e7 pull latest faithd from kame. /etc/faithd.conf allows you to filter by prefix.
manpage cleanups.
2001-02-15 17:58:55 +00:00
lukem
06680ddb2d fix tyop 2001-01-11 03:28:03 +00:00
itojun
74b478c63c printf-format audit. from sommrfeld@netbsd.org. sync with kame. 2000-10-06 00:13:01 +00:00
itojun
a5d0cbc5e5 sync with latest kame.
- improve logging.
- correct multicast address check for the relayed destination.
- repair EPRT translation.
- support 227 result without paren.
- change behavior on no-argument to more sensible side
  (before: relay telnet, now: error)
  WARNING: you may need to change your startup script.
2000-09-14 00:36:10 +00:00
itojun
ed870024f2 sync document with latest kame. now uses 3ffe:501:ffff::/48 in example. 2000-09-14 00:30:23 +00:00
kleink
4918722a89 For commands and utilities, use EXIT STATUS rather than RETURN VALUES or
DIAGNOSTICS as appropriate (and documented in mdoc(7)).
2000-09-04 07:35:15 +00:00
itojun
31431ac193 always use %s for setproctitle. from openbsd-current 2000-07-05 17:59:58 +00:00
thorpej
6851dd879b Update ifconfig example to show that the interface has to be created. 2000-07-04 20:08:32 +00:00
itojun
e9bf9cf7a1 allow faithd(8) to be invoked via inetd(8), just like tcpd (of tcp_wrappers).
sync with kame.

benefits: allows us to access-control inbound traffic by using hosts.allow(5).
possible drawbacks: inetd mode has no chance for multi-connection-per-single-
process enhancement.  current faithd(8) needs 1 process per 1 connection
anyways.
2000-07-04 13:28:13 +00:00
itojun
1f62fd302f add more security notice about relaying rsh/rlogin taffic. (sync with kame) 2000-07-03 08:37:20 +00:00
itojun
f244aa6821 correct usage of route(8) in example. 2000-07-02 09:17:30 +00:00
itojun
7f153848ab use %s with syslog, to prevent abuse. from: deraadt (sync with kame) 2000-06-29 01:24:11 +00:00
itojun
5599a3d879 sync with latest kame code. a bug with malloc() size (that can lead to
SEGV) is corrected.
2000-05-31 03:18:02 +00:00
itojun
c415e8231f wording 2000-03-12 16:56:42 +00:00
itojun
db69080b84 improve SECURITY section. (sync with kame) 2000-03-12 16:47:24 +00:00
itojun
0395cd74d3 use getifaddrs, not SIOCGIFCONF. 2000-02-25 10:05:46 +00:00
itojun
440fe60685 add reference to i-d. 2000-02-25 10:05:26 +00:00
itojun
7579d175ac fix pathname for netbsd-current (/usr/local/v6/libexec -> /usr/libexec). 2000-02-25 10:05:01 +00:00
itojun
5dd97131d3 typo (sa_family must be sa_len)
NetBSD PR: 9084
1999-12-30 15:39:40 +00:00