| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 35305a8dc114 (r211393) added a check on whether 'uid' was equal
to getuid() before calling setlogincontext(). Doing so still allows
a setuid program to apply resource limits and priorities specified in
a user-controlled configuration file ('~/.login_conf') where
a non-setuid program could not. Plug the hole by checking instead that
the process' effective UID is the target one (which is likely what was
meant in the initial commit).
PR: 271750
Reviewed by: kib, des
MFC after: 2 weeks
Sponsored by: Kumacom SAS
Differential Revision: https://reviews.freebsd.org/D40351
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Modified functions: login_getcaptime(), login_getcapnum(),
login_getcapsize().
They all call cgetstr(), which returns -2 on such conditions and already
sets errno to ENOMEM, arguably the appropriate value for these functions
as well.
No in-tree consumer currently checks for errno on error reported by
these functions, so this change has no other code impact.
Reviewed by: kib
MFC after: 2 weeks
Sponsored by: Kumacom SAS
Differential Revision: https://reviews.freebsd.org/D40342
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The login.conf's "priority" capability allows to set priorities in the
idle or realtime classes in addition to the classical nice values (-20
to 20), through a natural extension where values greater than 20 put the
processes in the idle class (with priority adjusted within RTP_PRIO_MIN
and RTP_PRIO_MAX, 21 being converted to 0, 22 to 1, etc.) and values
lower than -20 put the process in the realtime class (with priority
adjusted within RTP_PRIO_MIN and RTP_PRIO_MAX, -21 being converted to
RTP_PRIO_MAX (31), -22 to 30, etc.).
Before this fix, in the latter case (realtime class), -21 was converted
to 30, and RTP_PRIO_MAX (31) could never be specified.
While here, change the priority computation for the idle-class case to
be symmetrical and use RTP_PRIO_MIN (in practice, this changes nothing
at all, since RTP_PRIO_MIN is 0; but this is the correct theoretical
formula, which would work as well with other values of RTP_PRIO_MIN).
PR: 271727
Reviewed by: imp, kib
MFC after: 2 weeks
Sponsored by: Kumacom SAS
Differential Revision: https://reviews.freebsd.org/D40339
|
| |
|
|
|
|
|
| |
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: allanjude
Differential Revision: https://reviews.freebsd.org/D41491
|
| | |
|
| |
|
|
| |
Remove /^\.\\"\s*\$FreeBSD\$$\n/
|
| |
|
|
| |
Remove /^\.\\"\n\.\\"\s*\$FreeBSD\$$\n/
|
| |
|
|
| |
Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/
|
| |
|
|
| |
Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/
|
| |
|
|
| |
Remove /^\s*\*+\s*\$FreeBSD\$.*$\n/
|
| |
|
|
| |
Remove /^\s*\*\n \*\s+\$FreeBSD\$$\n/
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We include paths.h in getlocalbase.c, which defines _PATH_LOCALBASE.
This will override a definition on the command line, meaning it is
impossible to override like how the manpage says you can, and it means
the code to provide a fallback default is dead as the macro is always
defined.
Instead, introduce a new LOCALBASE_PATH macro like LOCALBASE_CTL_LEN
that can be set on the command line and will default to the system's
existing _PATH_LOCALBASE to avoid duplicating the default here.
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D40975
|
| |
|
|
| |
MFC after: 1 week
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
As of f32db406504e quotes may be used to specify login class
capabilities that include commas. This is true in general but is
particularly relevant for setenv, a comma-separated list of environment
variables and values, so mention it there.
PR: 236204
Sponsored by: The FreeBSD Foundation
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The current code silently ignores characters after the unit as long
the unit themselves were recognized. This commit makes expand_number(3)
to fail with EINVAL if buf did not terminate after the unit character.
Historically, the function accepts and ignores "B" as a SI unit, this
behavior is preserved and e.g. KB, MB are still accepted as aliases of
K and M, document this behavior in the manual page.
While I am there, also write a few test cases to validate the behavior.
Reviewed-by: emaste
MFC-after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D40482
|
| |
|
|
| |
Differential Revision: https://reviews.freebsd.org/D13046
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to allow to add cpuset(2) functionality to more utilities than just
cpuset(1) move the parselist code into libutil
While here, make the code a little more "library" friendly, by returning a range
of various errors so that the consumer can check for them and report appropriate
error message to the users
(One of the planed usage is the jail(8) utility)
Reviewed by: jilles
Differential Revision: https://reviews.freebsd.org/D12873
|
| |
|
|
|
|
|
|
|
| |
The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of BSD-2-Clause.
Discussed with: pfg
MFC After: 3 days
Sponsored by: Netflix
|
| |
|
|
| |
by adding a version of strcspn that allows quoting.
|
| |
|
|
|
|
|
|
|
|
| |
- missing comma before name
- possible typo in section name: Sh CAVEAT instead of CAVEATS
- useless macro: Tn
- blank line in fill mode, using .sp
- no blank before trailing delimiter: Dv NULL?
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously we invoked the sysctl with a NULL buffer to query the size,
allocated a buffer, then invoked it again to fetch the data.
As we only handle the case where the sysctl provides data of the
expected size we can just allocate a correctly-sized buffer to begin
with.
Reported by: Thomas Hurst via Twitter
Reviewed by: kevans
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D35140
|
| |
|
|
| |
Differential Revision: https://reviews.freebsd.org/D34681
|
| |
|
|
|
|
|
|
|
| |
which is the wrapper around the vm.swap_objects sysctl, same as
kinfo_getvmobject(3) wraps vm.objects.
Submitted by: Yoshihiro Ota
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D29754
|
| |
|
|
|
|
|
|
|
|
|
| |
login.conf.5 listed passwordtime in RESERVED CAPABILITIES, which is a
section for capabilities not implemented in the base system. However,
passwordtime has been implemented in the base for several years now.
PR: 246099
Reported by: avg
Reviewed by: 0mp
MFC after: 3 days
|
| |
|
|
|
|
| |
PR: 258701
Based on the submission by: sigsys@gmail.com
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
| |
Trim leading spaces in variable names when the list is e.g.
pretty-formatted in /etc/login.conf or ~/.login_conf.
PR: 247947
Reviewed by: allanjude
Differential Revision: https://reviews.freebsd.org/D25649
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After the commit of the current version, Scott Long pointed out, that an
attacker might be able to cause a use-after-free access if this function
returned the value of the sysctl variable "user.localbase" by freeing
the allocated memory without the cached address being cleared in the
library function.
To resolve this issue, I have proposed the originally suggested version
with a statically allocated buffer in a review (D27370). There was no
feedback on this review and after waiting for more than 2 weeks, the
potential security issue is fixed by this commit. (There was no security
risk in practice, since none of the programs converted to use this
function attempted to free the buffer. The address could only have
pointed into the heap if user.localbase was set to a non-default value,
into r/o data or the environment, else.)
This version uses a static buffer of size LOCALBASE_CTL_LEN, which
defaults to MAXPATHLEN. This does not increase the memory footprint
of the library at this time, since its data segment grows from less
than 7 KB to less than 8 KB, i.e. it will get two 4 KB pages on typical
architectures, anyway.
Compiling with LOCALBASE_CTL_LEN defined as 0 will remove the code
that accesses the sysctl variable, values between 1 and MAXPATHLEN-1
will limit the maximum size of the prefix. When built with such a
value and if too large a value has been configured in user.localbase,
the value defined as ILLEGAL_PREFIX will be returned to cause any
file operations on that result to fail. (Default value is "/dev/null/",
the review contained "/\177", but I assume that "/dev/null" exists and
can not be accessed as a directory. Any other string that can be assumed
not be a valid path prefix could be used.)
I do suggest to use LOCALBASE_CTL_LEN to size the in-kernel buffer for
the user.localbase variable, too. Doing this would guarantee that the
result always fit into the buffer in this library function (unless run
on a kernel built with a different buffer size.)
The function always returns a valid string, and only in case it is built
with a small static buffer and run on a system with too large a value in
user.localbase, the ILLEGAL_PREFIX will be returned, effectively causing
the created path to be non-existent.
Differential Revision: https://reviews.freebsd.org/D27370
Notes:
svn path=/head/; revision=368577
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This function returns the path to the local software base directory, by
default "/usr/local" (or the value of _PATH_LOCALBASE in include/paths.h
when building the world).
The value returned can be overridden by 2 methods:
- the LOCALBASE environment variable (ignored by SUID programs)
- else a non-default user.localbase sysctl value
Reviewed by: hps (earlier version)
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D27236
Notes:
svn path=/head/; revision=367813
|
| |
|
|
|
|
|
| |
hashed out.
Notes:
svn path=/head/; revision=367711
|
| |
|
|
|
|
|
|
| |
internally. Do that, and make sure that conversations between signed and
unsigned don't overflow
Notes:
svn path=/head/; revision=367701
|
| |
|
|
|
|
|
|
|
| |
escaped prior testing, but it should be better now.
Reported by: lots
Notes:
svn path=/head/; revision=367689
|
| |
|
|
|
|
|
|
|
|
|
| |
unify the retrieval of the various ways that the local software base directory,
typically "/usr/local", is expressed in the system.
Reviewed by: se
Differential Revision: https://reviews.freebsd.org/D27022
Notes:
svn path=/head/; revision=367686
|
| |
|
|
|
|
|
|
|
|
| |
- skipping paragraph macro: Pp after Sh
- sections out of conventional order: Sh EXAMPLES
- whitespace at end of input line
- normalizing date format
Notes:
svn path=/head/; revision=366583
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CAP_EVENT was omitted on pidfiles (in
pidfile_open()). There seems no reason why a process that creates
and writes a pidfile cannot monitor events on that file. This mod adds
the capability.
Reviewed by: cem@
MFC after: 2 weeks
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D25363
Notes:
svn path=/head/; revision=362634
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Unable to find an editor, vipw would give this error:
# env EDITOR=fnord vipw
vipw: pw_edit(): No such file or directory
vigr or crontab do better:
# env EDITOR=fnord crontab -e
crontab: no crontab for root - using an empty one
crontab: fnord: No such file or directory
crontab: "fnord" exited with status 1
After this change, vipw behaves more like vigr or crontab:
# env EDITOR=fnord vipw
vipw: fnord: No such file or directory
vipw: "fnord" exited with status 1
Reviewed by: rpokala, emaste
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D25369
Notes:
svn path=/head/; revision=362430
|
| |
|
|
|
|
|
| |
Each of the err() family of functions already takes care of that.
Notes:
svn path=/head/; revision=362429
|
| |
|
|
|
|
|
|
|
|
| |
Reviewed by: bcr (mentor)
Approved by: bcr (mentor)
MFC after: 7 days
Differential Revision: https://reviews.freebsd.org/D24795
Notes:
svn path=/head/; revision=362169
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This allows it to be easily suppressed in, e.g., the "daemon" class where it
will not be properly expanded.
This is a part of D21481.
Submitted by: Andrew Gierth <andrew_tao173.riddles.org.uk>
Notes:
svn path=/head/; revision=357560
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Update a bunch of Makefile.depend files as
a result of adding Makefile.depend.options files
Reviewed by: bdrewery
MFC after: 1 week
Sponsored by: Juniper Networks
Differential Revision: https://reviews.freebsd.org/D22494
Notes:
svn path=/head/; revision=355617
|
| |
|
|
|
|
|
|
|
|
|
|
| |
All of them are needed to be able to boot to single user and be able
to repair a existing FreeBSD installation so put them directly into
FreeBSD-runtime.
Reviewed by: bapt, gjb
Differential Revision: https://reviews.freebsd.org/D21503
Notes:
svn path=/head/; revision=351855
|
| |
|
|
|
|
|
|
|
|
| |
It was a workaround for cases where the kernel lacks setloginclass(2),
added in the 9.x era.
Submitted by: Pawel Biernacki
Notes:
svn path=/head/; revision=351699
|
| |
|
|
|
|
|
|
|
|
| |
While here, tidy the opening sentence a bit.
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D20791
Notes:
svn path=/head/; revision=350179
|
| |
|
|
|
|
|
|
| |
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/head/; revision=348545
|
| |
|
|
| |
Notes:
svn path=/head/; revision=345984
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
r322369's use of basename(3) was incorrect and worked by accident so
long as the pidfile path was absolute or consisted of a single
component. Fix the basename() usage and add a regression test.
Reported by: 0mp
Reviewed by: cem
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D19728
Notes:
svn path=/head/; revision=345596
|
| |
|
|
|
|
|
|
|
| |
Reviewed by: rgrimes
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D19485
Notes:
svn path=/head/; revision=344855
|
| |
|
|
|
|
|
|
|
|
|
| |
PR: 233849
Reported by: Andre Albsmeier
MFC after: 1 month
Sponsored by: iXsystems Inc
Differential Revision: https://reviews.freebsd.org/D18785
Notes:
svn path=/head/; revision=343882
|
