summaryrefslogtreecommitdiffstats
path: root/lib/libc
diff options
context:
space:
mode:
Diffstat (limited to 'lib/libc')
-rw-r--r--lib/libc/posix1e/mac.313
-rw-r--r--lib/libc/posix1e/mac.conf.513
-rw-r--r--lib/libc/stdlib/system.316
-rw-r--r--lib/libc/sys/reboot.22
-rw-r--r--lib/libc/sys/shutdown.242
5 files changed, 28 insertions, 58 deletions
diff --git a/lib/libc/posix1e/mac.3 b/lib/libc/posix1e/mac.3
index af162f8..5d2d5c4 100644
--- a/lib/libc/posix1e/mac.3
+++ b/lib/libc/posix1e/mac.3
@@ -31,7 +31,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd August 7, 2009
+.Dd July 25, 2015
.Dt MAC 3
.Os
.Sh NAME
@@ -163,14 +163,3 @@ Support for Mandatory Access Control was introduced in
as part of the
.Tn TrustedBSD
Project.
-.Sh BUGS
-The
-.Tn TrustedBSD
-MAC Framework and associated policies, interfaces, and
-applications are considered to be an experimental feature in
-.Fx .
-Sites considering production deployment should keep the experimental
-status of these services in mind during any deployment process.
-See also
-.Xr mac 9
-for related considerations regarding the kernel framework.
diff --git a/lib/libc/posix1e/mac.conf.5 b/lib/libc/posix1e/mac.conf.5
index a8dfba2..3946be1 100644
--- a/lib/libc/posix1e/mac.conf.5
+++ b/lib/libc/posix1e/mac.conf.5
@@ -29,7 +29,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd April 19, 2003
+.Dd July 25, 2015
.Dt MAC.CONF 5
.Os
.Sh NAME
@@ -110,14 +110,3 @@ Support for Mandatory Access Control was introduced in
as part of the
.Tn TrustedBSD
Project.
-.Sh BUGS
-The
-.Tn TrustedBSD
-MAC Framework and associated policies, interfaces, and
-applications are considered to be an experimental feature in
-.Fx .
-Sites considering production deployment should keep the experimental
-status of these services in mind during any deployment process.
-See also
-.Xr mac 9
-for related considerations regarding the kernel framework.
diff --git a/lib/libc/stdlib/system.3 b/lib/libc/stdlib/system.3
index 3cea71e..4fd61bc 100644
--- a/lib/libc/stdlib/system.3
+++ b/lib/libc/stdlib/system.3
@@ -32,7 +32,7 @@
.\" @(#)system.3 8.1 (Berkeley) 6/4/93
.\" $FreeBSD$
.\"
-.Dd June 4, 1993
+.Dd July 25, 2015
.Dt SYSTEM 3
.Os
.Sh NAME
@@ -87,7 +87,8 @@ failed.
.Xr execve 2 ,
.Xr fork 2 ,
.Xr waitpid 2 ,
-.Xr popen 3
+.Xr popen 3 ,
+.Xr posix_spawn 3
.Sh STANDARDS
The
.Fn system
@@ -97,3 +98,14 @@ conforms to
and is expected to be
.St -p1003.2
compatible.
+.Sh SECURITY CONSIDERATIONS
+The
+.Fn system
+function is easily misused in a manner that enables a malicious
+user to run arbitrary command,
+because all meta-characters supported by
+.Xr sh 1
+would be honored.
+User supplied parameters should always be carefully santized
+before they appear in
+.Fa string.
diff --git a/lib/libc/sys/reboot.2 b/lib/libc/sys/reboot.2
index f5571ae..caaba58 100644
--- a/lib/libc/sys/reboot.2
+++ b/lib/libc/sys/reboot.2
@@ -82,7 +82,7 @@ Dump kernel memory before rebooting; see
.Xr savecore 8
for more information.
.It Dv RB_HALT
-the processor is simply halted; no reboot takes place.
+The processor is simply halted; no reboot takes place.
This option should be used with caution.
.It Dv RB_POWEROFF
After halting, the shutdown code will do what it can to turn
diff --git a/lib/libc/sys/shutdown.2 b/lib/libc/sys/shutdown.2
index e8a434b..35c464e 100644
--- a/lib/libc/sys/shutdown.2
+++ b/lib/libc/sys/shutdown.2
@@ -29,7 +29,7 @@
.\" @(#)shutdown.2 8.1 (Berkeley) 6/4/93
.\" $FreeBSD$
.\"
-.Dd March 5, 2007
+.Dd July 27, 2015
.Dt SHUTDOWN 2
.Os
.Sh NAME
@@ -79,40 +79,26 @@ The following protocol specific actions apply to the use of
based on the properties of the socket associated with the file descriptor
.Fa s .
.Bl -column ".Dv PF_INET6" ".Dv SOCK_STREAM" ".Dv IPPROTO_SCTP"
-.It Sy Domain Ta Sy Type Ta Sy Protocol Ta Sy Return value and action
+.It Sy Domain Ta Sy Type Ta Sy Protocol Ta Sy Action
.It Dv PF_INET Ta Dv SOCK_DGRAM Ta Dv IPPROTO_SCTP Ta
-Return \-1.
-The global variable
-.Va errno
-will be set to
-.Er EOPNOTSUPP .
+Failure,
+as socket is not connected.
.It Dv PF_INET Ta Dv SOCK_DGRAM Ta Dv IPPROTO_UDP Ta
-Return 0.
-ICMP messages will
-.Em not
-be generated.
+Failure,
+as socket is not connected.
.It Dv PF_INET Ta Dv SOCK_STREAM Ta Dv IPPROTO_SCTP Ta
-Return 0.
Send queued data and tear down association.
.It Dv PF_INET Ta Dv SOCK_STREAM Ta Dv IPPROTO_TCP Ta
-Return 0.
Send queued data, wait for ACK, then send FIN.
.It Dv PF_INET6 Ta Dv SOCK_DGRAM Ta Dv IPPROTO_SCTP Ta
-Return \-1.
-The global variable
-.Va errno
-will be set to
-.Er EOPNOTSUPP .
+Failure,
+as socket is not connected.
.It Dv PF_INET6 Ta Dv SOCK_DGRAM Ta Dv IPPROTO_UDP Ta
-Return 0.
-ICMP messages will
-.Em not
-be generated.
+Failure,
+as socket is not connected.
.It Dv PF_INET6 Ta Dv SOCK_STREAM Ta Dv IPPROTO_SCTP Ta
-Return 0.
Send queued data and tear down association.
.It Dv PF_INET6 Ta Dv SOCK_STREAM Ta Dv IPPROTO_TCP Ta
-Return 0.
Send queued data, wait for ACK, then send FIN.
.El
.\"
@@ -131,16 +117,10 @@ argument is not a valid file descriptor.
The
.Fa how
argument is invalid.
-.It Bq Er EOPNOTSUPP
-The socket associated with the file descriptor
-.Fa s
-does not support this operation.
.It Bq Er ENOTCONN
The
.Fa s
-argument specifies a
-.Dv SOCK_STREAM
-socket which is not connected.
+argument specifies a socket which is not connected.
.It Bq Er ENOTSOCK
The
.Fa s
OpenPOWER on IntegriCloud