had been granted access to the portmapper via hosts.{allow,deny} could use
PMAPPROC_CALLIT to call PMAPPROC_{SET,UNSET} to (un)register services as if
they were running on the local host.
The new code disallows all indirect calls to the portmapper except for
PMAPPROC_NULL unless the -i (insecure) flag has been specified.
While there, add a new flag, -p (paranoid) which also disallows indirect calls
to a small number of other services, including key parts of NFS and NIS. This
code hardcodes the services to be disallowed, and is thus somewhat of a hack,
but will serve for the time being (until portmap is replaced by rpcbind as part
of fvdl's current rpc work, due to happen before 1.5).
Problem pointed out by Frank van der Linden <fvdl@netbsd.org>, solution determined
in discussion with Frank van der Linden and with Bill Sommerfeld <sommerfeld@netbsd.org>.
Some inspiration drawn from the (less general) handling of this problem in Wietse
Venema's libwrap'ed portmap.
use of non-exported function __ivaliduser{,_sa}().
we cannot make __ivaliduser{,_sa}() static yet, since doing that would choke
compiled lpd binaries. we should do it on next libc major version bump.
added a memo on lib/libc/shlib_version.
while here, do some whitespace/const cleanup, convert to use addentry(),
g/c section[] (now uses buf[] directly) - 10 character limit for section
name is gone
- decrease warning level on missing rtadvd.conf (actually, the file
can be omitted)
- strict prototype
- gather stats better, emit stats on SIGUSR1 to /var/run
+ Use _PATH_GROUP and _PATH_MASTERPASSWD (from OpenBSD)
+ Use -G group1,group2,group3 for multiple groups in useradd and usermod
(pointed out by Matt Green, and also changed in OpenBSD, but done more
efficiently here)
+ is_number should not be inside #ifdef EXTENSIONS (from OpenBSD)
+ clear up yet another usage message (for user(8) and group(8)) - noticed
in passing, unknown if fixed anywhere else
support the address family (like including "tcp6" in inetd.conf, on
non-IPv6 kernel).
was:
inetd[185]: ftp/tcp6: *: hostname nor servname provided, or not known
now:
inetd[315]: ftp/tcp6: *: the address family is not supported by the kernel
1. if there is a colon present, use that as a separator for user:group
2. if there is no colon, attempt to convert the arg into a username,
searching backwards in the string for a '.' for us.er.group
3. if the arg doesn't match a username and has a '.' in it, split it
up and try user.group
package matching a certain pattern. Examples:
yui# cd /usr/pkgsrc/packages/i386ELF/All/
yui# ls unzip*
unzip-5.40.tgz unzip-5.41.tgz
yui# pkg_admin lsall 'unzip*'
unzip-5.40.tgz
unzip-5.41.tgz
yui# pkg_admin lsall 'unzip>=5.40'
unzip-5.40.tgz
unzip-5.41.tgz
yui# pkg_admin lsall 'unzip>=5.41'
unzip-5.41.tgz
yui# pkg_admin lsbest 'unzip>=5.40'
unzip-5.41.tgz
yui# pkg_admin lsall /usr/pkgsrc/packages/i386ELF/All/'{mit,unproven}-pthread*'
/usr/pkgsrc/packages/i386ELF/All/mit-pthreads-1.60b6.tgz
This adds a shell/user-interface to pkg-patterns, which are a superset
of sh/csh patterns and can't be expanded by any shell.
a static once-generated version instead. We know we have IPv6
headers available here.
The probing was problematical for several reasons:
o it probed the host headers, not the headers in the build or DESTDIR
tree (could be fixed in another way)
o the probe_ipv6 script mucks with PATH, which would be problematical
for cross compilation.
contents of that header (the only file that includes it compiles to the
same object code on multiple architectures with or without including
<ieeefp.h>), so remove all references to it.
Fix sent to NTP maintainers - they will probably implement this change
after the immenient 4.1.0 release, but don't want to change it so close
to the release date.
enami