killing self, instead of the other way around.
Fixes a bug where the child process would use 100% CPU spinning
while it waited for its parent to arm a non-existent watchdog timer.
Now, the child process gets killed, as was intended.
+ style (KNF).
. don't cast NULL
. white space clean up
+ use consistent format for error messages.
+ plug memory leaks and avoid malloc(0).
+ verbose message should display even when routing table is empty
(flushroutes).
opendisk() declared in that file is not used in this case anyway, and
<util.h> pulls in unwatned includes (e.g. <utmpx.h> doesn't exist on
FreeBSD 4.*).
getlabel{offset,sector} and opendisk functions declared in that file
are not used in this case anyway, and <util.h> pulls in unwatned
includes (e.g. <utmpx.h> doesn't exist on FreeBSD 4.*).
XXX: We can probably undo the #if !HAVE_NBTOOL_CONFIG_H kludge in
<util.h> now.
family is unset. Either the destination or interface address socket address
family value is used. This change prevents the following sort of output:
RTM_NEWADDR: address being added to iface: len 60, metric 0, flags:<UP>
sockaddrs: <NETMASK,IFA,BRD>
(0) 00.00.ff.00.00 127.0.0.1 127.0.0.1
With this change the last line becomes:
255.0.0.0 127.0.0.1 127.0.0.1
Also make sure that when using a generated inet netmask the address family
is set. With this change a generated netmask will print appropriately
when using the verbose (-v) option.
like the following work as expected.
#!/bin/sh
if ! route -sn get default >/dev/null 2>&1; then
echo default gateway not set
exit 1
fi
echo default gateway set
Handle routing socket write(2) errors when they occur. This produces
better diagnostics by allowing for handling of the special route errno
values ESRCH, EBUSY, and ENOBUFS even with the quiet (-q) option or
when doing a get command.
<ufs/lfs/lfs.h> before including the second of them, and also after
including the second, to ensure the rest of the code doesn't depend
on their (ambigious) definition.
This fixes a build problem for vax; gcc 2.95.3's preprocessor
apparently doesn't like redefinition of macros.
Discussed with xtraeme.
- Verified Exec -> Veriexec
- pseudo-device is `veriexec'
- veriexec.conf -> signatures, and mention /etc/signatures as the default
location
- We use veriexec's strict level, not the system securelevel
- Mention the `direct' option
- Mention that the signatures file can have multiple options in a single
entry, comma-separated
- Mention that both `direct' and `indirect' access modes are implied
if no access modes are explicitly mention in the options
- Bump date
routing socket, e.g. running route flush as non-root.
* When quiet (-q) don't append error string to a non-existent
diagnostic output (stdout). The error diagnostic is still written
to stderr. [from FreeBSD]
* Use warn(3) in place of perror(3).
shadowing warnings for variables with the same name used both in global and
local context. Really this needs either to rename all the global variables
something different (prefix them with gl_ or something) or even better get
rid of them altogether.
system-specific values. Submitted by Chris Demetriou in Nov 1995 (!)
in PR kern/1781, modified only slighly by me.
This is enabled on a per-mount basis with the MNT_MAGICLINKS mount
flag. It can be enabled at mountroot() time by building the kernel
with the ROOTFS_MAGICLINKS option.
The following magic strings are supported by the implementation:
@machine value of MACHINE for the system
@machine_arch value of MACHINE_ARCH for the system
@hostname the system host name, as set with sethostname()
@domainname the system domain name, as set with setdomainname()
@kernel_ident the kernel config file name
@osrelease the releaes number of the OS
@ostype the name of the OS (always "NetBSD" for NetBSD)
Example usage:
mkdir /arch/i386/bin
mkdir /arch/sparc/bin
ln -s /arch/@machine_arch/bin /bin
implementation didn't used a good random generator, this is not true
anymore since arc4random(3) is used these days.
Pointed out by Jeff Ito in PR/30321
- Report line numbers correctly.
- Don't perform a 2nd pass when there are were errors during 1st.
- Support multiple, comma-separated flags. This is mostly a reworking of
some parser internals preparing for planned features.
to main.c to avoid a name collision with lib/libc/gen/disklabel.c
when we build nbdisklabel. Still todo: commit host-tool build
infrastructure to src/tools/disklabel/.
this is currently turned off with "#ifdef notyet" since the
kernel will not correctly clean up extended attribute blocks on truncation
Originally written by Kirk McKusick and Network Associates Laboratories for
FreeBSD.
when there is no memory available to do so. Use the uvnode's strategy
routine to retrieve data from the device, rather than always using pread().
Add a buffer header flag that specifies external management of the buffer's
data area.
All of this in support of a new cleaner, which is not included in this commit.
New features:
- Add a veriexec_report() routine to make most reporting consistent and
remove some common code.
- Add 'strict' mode that controls how veriexec behaves.
- Add sysctl knobs:
o kern.veriexec.verbose controls verbosity levels. Value: 0, 1.
o kern.veriexec.strict controls strict level. Values: 0, 1, 2. See
documentation in sysctl(3) for details.
o kern.veriexec.algorithms returns a string with a space separated
list of supported hashing algorithms in veriexec.
- Updated documentation in man pages for sysctl(3) and sysctl(8).
Bug fixes:
- veriexec_removechk(): Code cleanup + handle FINGERPRINT_NOTEVAL
correctly.
- exec_script(): Don't pass 0 as flag when executing a script; use the
defined VERIEXEC_INDIRECT - which is 1. Makes indirect execution
enforcement work.
- Fix some printing formats and types..
netmask value of 0xffffffff (INADDR_NONE). Fix by using inet_aton(3).
Note it was possible to specify the same mask as the dotted quad
255.255.255.255 because of a later call to gethostbyname(3).
[From FreeBSD]
from the default CIDR (host/mask) interpretation. As discussed on
tech-net.
* Use errx() in place of fprintf() and exit(). Make the error message
formats consistent.
denote that a flag was readable/writeable, but that is achieved by passing
a 0 as the flags.
Thanks to uwe@ for finding this out and explaining me why it was wrong.
Use -I${.CURDIR} instead of -I. to support placement of objects elsewhere.
Make sure arguments to ctype functions are unsigned char by changing the
type of one function argument.
Fix "local declaration shadows global" warnings by renaming variables.
Fix printing of size_t variable to use %zu format instead of %u.
* We now use hash tables instead of a list to store the in kernel
fingerprints.
* Fingerprint methods handling has been made more flexible, it is now
even simpler to add new methods.
* the loader no longer passes in magic numbers representing the
fingerprint method so veriexecctl is not longer kernel specific.
* fingerprint methods can be tailored out using options in the kernel
config file.
* more fingerprint methods added - rmd160, sha256/384/512
* veriexecctl can now report the fingerprint methods supported by the
running kernel.
* regularised the naming of some portions of veriexec.
- New option `-x backup' takes the dump from a snapshot backed up by `backup'.
The snapshot will be deleted on exit.
- New option `-X' as a synonym for `-x mountpoint' where `mountpoint' is the
file system to be dumped.
Reviewed and Approved by: Manuel Bouyer <bouyer@netbsd.org>
and a number of sectors per track.
According to sys/fs/msdosfs/msdosfs_vfsops.c:msdosfs_mountfs(),
the kernel doesn't accept BPB with spt (sector per track) > 63
or hds (drive heads) > 255, so if values taken from disklabel
don't match these restrictions, use popular BIOS default values
(255/63) instead.
the "security" extension and to "freeze" it. With the security extension
frozen, disk passwords cannot be set anymore, until the next hard reset.
Normally, this is the business of the BIOS, but older/buggy/embedded
BIOSes don't care. This leaves the (theoretical) possibility that a
malicious program in posession of superuser rights sets a disk password,
rendering the disk useless (or at least uneconomical to recover from).
Inspired by an article in the german "ct" magazine.
Being here, consolidate the implementations of IDENTIFY into one, and
fix an obvious alignment problem.
