third argument - the old version relies on the compiler to use the same
address for identical strings.
Spotted by segv at netctl dot net in libnbcompat context, details
in PR pkg/32097.
2. return ENAMETOOLONG instead of ENOMEM if name is too long to fit.
3. only decrement cp if we are pointing to the end of the string.
[this fixes the cp truncation of the last char problem reported]
XXX: All this is done backwards, and is a mess. Really the _foo.c files should
include the _foo function definition, not the foo.c files, like everywhere
else.
The current code resolves paths like `/foo/bar/', `/foo/bar/./', and
`/foo/bar/../', even if `bar' is a regular file and not a directory.
Reviewed by cube@.
under HAVE_NBTOOL_CONFIG_H for disktab.h as well. This means
disktab.h has to be installed in the nbinclude include directory.
(Failure mode: with TOOLDIR as a subdirectory of /usr, the host's disktab.h
got picked up, and not the in-tree copy.)
Reviewed by dyoung.
- Change #ifdef VERIFIED_EXEC_VERBOSE to another verbose level, 2. Add
sysctl(3) bits.
- Simplify access type conflict handling during load. This depends on
the values of access type defines to be ordered from least to most
'strict'.
- Better organize strict level. Now we have 4 levels:
- Level 0, learning mode: Warnings only about anything that might've
resulted in 'access denied' or similar in a higher strict level.
- Level 1, IDS mode:
- Deny access on fingerprint mismatch.
- Deny modification of veriexec tables.
- Level 2, IPS mode:
- All implications of strict level 1.
- Deny write access to monitored files.
- Prevent removal of monitored files.
- Enforce access type - 'direct', 'indirect', or 'file'.
- Level 3, lockdown mode:
- All implications of strict level 2.
- Prevent creation of new files.
- Deny access to non-monitored files.
- Update sysctl(3) man-page with above. (date bumped too :)
- Remove FINGERPRINT_INDIRECT from possible fp_status values; it's no
longer needed.
- Simplify veriexec_removechk() in light of new strict level policies.
- Eliminate use of 'securelevel'; veriexec now behaves according to
its strict level only.
not correct since, as far as reading the source, it is impossible for
cgetset() to set such errno. I guess `seq' is not a typo of `set' but
abbreviation of `sequen...'.
and install ${TOOLDIR}/bin/${MACHINE_GNU_PLATFORM}-disklabel,
${TOOLDIR}/bin/${MACHINE_GNU_PLATFORM}-fdisk by "reaching over" to
the sources in ${NETBSDSRCDIR}/sbin/{disklabel fdisk}/.
To avoid clashes with a build-host's header files, especially on
*BSD, the host-tools versions of fdisk and disklabel search for
#includes such as disklabel.h, disklabel_acorn.h, disklabel_gpt.h,
and bootinfo.h in a new #includes namespace, nbinclude/. That is,
they #include <nbinclude/sys/disklabel.h>, <nbinclude/machine/disklabel.h>,
<nbinclude/sparc64/disklabel.h>, instead of <sys/disklabel.h> and
such. I have also updated the system headers to #include from
nbinclude/-space when HAVE_NBTOOL_CONFIG_H is #defined.
New features:
- Add a veriexec_report() routine to make most reporting consistent and
remove some common code.
- Add 'strict' mode that controls how veriexec behaves.
- Add sysctl knobs:
o kern.veriexec.verbose controls verbosity levels. Value: 0, 1.
o kern.veriexec.strict controls strict level. Values: 0, 1, 2. See
documentation in sysctl(3) for details.
o kern.veriexec.algorithms returns a string with a space separated
list of supported hashing algorithms in veriexec.
- Updated documentation in man pages for sysctl(3) and sysctl(8).
Bug fixes:
- veriexec_removechk(): Code cleanup + handle FINGERPRINT_NOTEVAL
correctly.
- exec_script(): Don't pass 0 as flag when executing a script; use the
defined VERIEXEC_INDIRECT - which is 1. Makes indirect execution
enforcement work.
- Fix some printing formats and types..
Return the correct result. (broken in rev 1.56 -- Hi Christos!)
getgr{ent,nam,uid}_r():
Return 0 "entry not found" and errno for other failures.
("entry not found" still sets *result to NULL).
Various backends:
don't set the retval to errno (or modify errno) for NS_NOTFOUND.
Per discussion with Klaus Klein.
Return 0 "entry not found" and errno for other failures.
("entry not found" still sets *result to NULL).
Various backends:
don't set the retval to errno (or modify errno) for NS_NOTFOUND.
Per discussion with Klaus Klein.
distinction between signalling NaNs and quiet NaNs back into the
machine-dependent headers; treat the implementation of __nanf in the
same spirit.
IEEE 754 leaves the distinction between signalling NaNs and quiet NANs
to the implementation, and unlike our headers used to suggest they're
not identical in the interpretation of the fraction's MSb; in due
course, make those of hppa, mips, sh3, and sh5 reflect reality.
as target for a bunch of MLINKS. This had the effect that whatever came
last in install overwrote everything from the other camp.
Solve this by renaming the libc page -- this makes sense because no
function is really named "getcap" here.
christos