Commit Graph

85 Commits

Author SHA1 Message Date
tls 4147a3c54a Add new Makefile knob, USE_FORT, which extends USE_SSP by turning on the
FORTIFY_SOURCE feature of libssp, thus checking the size of arguments to
various string and memory copy and set functions (as well as a few system
calls and other miscellany) where known at function entry.  RedHat has
evidently built all "core system packages" with this option for some time.

This option should be used at the top of Makefiles (or Makefile.inc where
this is used for subdirectories) but after any setting of LIB.

This is only useful for userland code, and cannot be used in libc or in
any code which includes the libc internals, because it overrides certain
libc functions with macros.  Some effort has been made to make USE_FORT=yes
work correctly for a full-system build by having the bsd.sys.mk logic
disable the feature where it should not be used (libc, libssp iteself,
the kernel) but no attempt has been made to build the entire system with
USE_FORT and doing so will doubtless expose numerous bugs and misfeatures.

Adjust the system build so that all programs and libraries that are setuid,
directly handle network data (including serial comm data), perform
authentication, or appear likely to have (or have a history of having)
data-driven bugs (e.g. file(1)) are built with USE_FORT=yes by default,
with the exception of libc, which cannot use USE_FORT and thus uses
only USE_SSP by default.  Tested on i386 with no ill results; USE_FORT=no
per-directory or in a system build will disable if desired.
2007-05-28 12:06:17 +00:00
hubertf 4c60e998e1 pw_lock(3): ``You should finish writing to and close the file descriptor
returned by pw_lock() before calling pw_mkdb().'' While there, also
close another open file descriptor that's no longer used.

Patch from Slava Semushin <slava.semushin@gmail.com>, tested by me.
2007-02-21 20:32:10 +00:00
elad 925c6f17f2 PR/29722: Andreas Kling: chpass temporary files in /etc not always unlinked
We had a (long) discussion about this in #NetBSD-code and the consensus was
that /tmp should always be sticky (+t), and as such it is safe to create
the temporary files for chpass(1) in there. We added a check to guarantee
this (and bail out otherwise) and now temporary files are created in /tmp,
not filling up /etc.

Thanks to rivo nurges et al.
2006-10-07 20:09:09 +00:00
hubertf 105b456cb7 Mention pwhash(1) in a few places,
suggested in PR 31125 by Stefan Schumacher.
2005-09-05 03:37:14 +00:00
lukem 8573d5e23d appease gcc -Wuninitialized 2005-06-02 01:42:11 +00:00
lukem 903f12a55a Ensure yflag is initialized before trying to use it.
Detected with gcc -Wuninitialized.
2005-06-02 01:41:38 +00:00
xtraeme 971b39df9c Kill __P(), use ANSI function declarations. 2005-02-17 16:53:45 +00:00
dsl 3145a29f62 Add (unsigned char) cast to ctype functions 2004-10-30 17:08:12 +00:00
agc 89aaa1bb64 Move UCB-licensed code from 4-clause to 3-clause licence.
Patches provided by Joel Baker in PR 22365, verified by myself.
2003-08-07 11:13:06 +00:00
lukem 3839e0f0c0 use CPPFLAGS.getpwent.c=... to set file-specific cpp flags 2003-07-22 12:25:57 +00:00
bouyer 726dca87dc Build custom getpwent.o only if USE_YP==no. Otherwise, chpass will not
get the current passwd entry from NIS. Problem reported by Stephen M. Jone
on tech-net.
2003-04-05 20:32:26 +00:00
wiz 8653efef97 Describe class field correctly. Addresses PR 20370 by Pavel Cahyna. 2003-02-16 16:18:23 +00:00
christos 16c1b99bf8 Open the file with O_NOFOLLOW, and only use if it still has one link (from
OpenBSD)
2003-02-03 17:45:20 +00:00
itojun 5f2d0b666f error handling on strdup failure 2002-11-16 15:59:26 +00:00
grant b8836fd1a4 New sentence, new line. Some mdoc cleanup. 2002-09-30 09:33:39 +00:00
lukem 5d4973fe97 makefile delint. use NETBSDSRCDIR as appropriate 2002-09-18 14:00:33 +00:00
enami ec0349cba1 Make this compiles again when compiled without YP.
From Makoto Fujiwara in private mail.
2002-08-16 01:06:28 +00:00
enami 809178f723 Don't leave temporary file on abnormal exit (like, interrupted by user).
Minor cosmetic chagnes while I'm here.
2002-08-08 04:49:26 +00:00
soren f2ad80d37a Mentions options -l and -y as in passwd.1.
PR misc/14574 from Hiramatsu Yoshifumi.
2002-08-07 23:20:29 +00:00
itojun f51456c273 err/errx/warn/warnx do not need \n at the end 2002-06-11 06:06:18 +00:00
simonb 0330994f83 Fix warnings found by gcc-current with alpha target:
There's no use assigning the output of strtoul() to a 32-bit variable
then checking that against ULONG_MAX.  Instead use a "unsigned long"
as the temporary variable.  Also, only check against UID_MAX/GID_MAX;
these are both going to be smaller than ULONG_MAX on both 32- and 64-bit
platforms.
2002-05-09 01:58:39 +00:00
thorpej 9c33b55e7c Split the notion of building Hesiod, Kerberos, S/key, and YP
infrastructure and using that infrastructure in programs.

	* MKHESIOD, MKKERBEROS, MKSKEY, and MKYP control building
	  of the infratsructure (libraries, support programs, etc.)

	* USE_HESIOD, USE_KERBEROS, USE_SKEY, and USE_YP control
	  building of support for using the corresponding API
	  in various libraries/programs that can use it.

As discussed on tech-toolchain.
2002-03-22 18:10:19 +00:00
wiz d4e11e2117 Sort sections, punctuation fixes, sort SEE ALSO. 2001-12-01 18:55:17 +00:00
wiz aded0d2cce Whitespace cleanup. 2001-12-01 16:43:07 +00:00
ad 1e8e78ed07 Update for pw_mkdb() change: restrict updates to one user's records and/or
the secure database where appropriate.
2001-08-18 19:35:32 +00:00
cgd d2d8d25fe6 progname not used here, so don't extern it 2001-02-13 00:11:45 +00:00
christos 32d9714048 fix redundant decls 2001-02-05 01:37:33 +00:00
phil 18ee5233a8 getpwuid() and getpwnam() both support YP maps, insecure and secure.
Remove local ypgetpw{uid,nam} which don't support secure maps.
(Using chpass/chfn with secure maps and these local functions turns off
users by putting * in password entry.)
2000-10-27 16:16:03 +00:00
is 135600f947 More format string cleanup by sommerfeld. 2000-10-11 14:46:00 +00:00
itojun 58b3b7a40a plug warn() call with variable only, just in case - honor behavior of warn(NULL) 2000-10-04 08:38:09 +00:00
itojun bbef2fbaac errx?/warnx? audit. do not pass variable alone, use %s. idea from openbsd 2000-07-07 15:10:32 +00:00
ad 470c73e831 Xref passwd.conf. 2000-07-06 11:26:14 +00:00
simonb 299578ebd5 Spell "privilege" correctly (correct spelling from Jonathan Stone). 1999-08-16 02:59:22 +00:00
mjl eb4489ce10 Fix for PR 5507 and 6686, using mostly patch by Rick Byers. 1999-02-08 22:21:44 +00:00
thorpej af7b5d4d71 Set close-on-exec on all opened files. Partially from OpenBSD. 1998-12-19 02:23:46 +00:00
thorpej fef2d92ecd Better error message if opening the temp file fails. 1998-12-19 02:13:43 +00:00
kim 1e454491c8 We need to initialize the "save" member in the list for GECOS fields.
If the user deletes a field while editing (as an easy way of making
that field empty) then "save" for that field will not get initialized
before referencing it when constructing the new GECOS field.
1998-08-10 23:21:05 +00:00
mycroft a5b2c458ca const poisoning. 1998-07-26 21:25:16 +00:00
mycroft decd62c2bf const poisoning. 1998-07-26 15:13:14 +00:00
mycroft 0db548a927 const poisoning. 1998-07-26 14:57:56 +00:00
mrg c9987f1692 KNF 1998-07-05 14:26:06 +00:00
fair dc026e0515 Change occurrences of "UNIX" to .Ux or .At as appropriate. 1998-04-28 06:00:51 +00:00
mikel 80f08d107b capitalize title of Morris&Thompson paper, use .Ev for EDITOR 1998-03-18 06:05:10 +00:00
perry 34a98169f0 macroize BSD, NetBSD, FreeBSD and misc cleanup 1998-02-06 05:54:12 +00:00
christos 91fe434141 Use strftime and strptime. 1998-02-04 15:21:52 +00:00
mrg 9f84449ae5 add missing .Nm sections. 1997-11-11 14:39:59 +00:00
lukem 8ba07ab0b3 use CPPFLAGS instead of CFLAGS 1997-10-24 09:00:17 +00:00
mrg 66f7b9fd72 fix compile warnings on the alpha. 1997-10-19 14:05:56 +00:00
lukem ad23fe25bd WARNSify, fix .Nm usage, bzero -> memset 1997-10-18 12:49:10 +00:00
lukem 5645d77b1c WARNSify, fix .Nm usage, bzero -> memset 1997-10-18 12:48:40 +00:00