summaryrefslogtreecommitdiffstats
path: root/usr.sbin
Commit message (Collapse)AuthorAgeFilesLines
* - Only print a clarifying message about which HCI node has been used if theremarkus2006-06-021-4/+6
| | | | | | | | is more than one HCI node present - Use errx(3) instead of err(3) if there is no HCI node present as errno is 0 in this case and the resulting error message wouldn't make much sense Approved by: emax (mentor)
* o Better be safe than sorry: check return code from setuid(2),maxim2006-06-012-8/+30
| | | | | | | | setgid(2), setlogin(2) and initgroups(3). In theory they could fail for root with some third party mac(4) policies. Submitted by: Kostik Belousov MFC after: 1 month
* Enable inadvertantly disabled "securenet" access controls in ypserv. [1]cperciva2006-05-311-15/+22
| | | | | | | | Correct a bug in the handling of backslash characters in smbfs which can allow an attacker to escape from a chroot(2). [2] Security: FreeBSD-SA-06:15.ypserv [1] Security: FreeBSD-SA-06:16.smbfs [2]
* Bring the "just copy" hit list closer to date.ceri2006-05-311-2/+9
| | | | | Approved by: jhb MFC after: 1 month
* Update the location of the kernel for upgrades.ceri2006-05-311-6/+7
| | | | | | | | | I considered leaving /boot/kernel out of the chflags noschg line, but I seem to remember that there was a period where /boot/kernel was schg, so have left it in for safety's sake. Approved by: jhb MFC after: 1 month
* Use some features of sh(1) which I didn't know about until today ("read"cperciva2006-05-301-5/+2
| | | | | | | | | can read two variables at once; and suffix pattern deletion) to make the extract command fork fewer processes. With the portsnap snapshot and the ports tree in swap-backed memory disks on my 1.4GHz laptop, this reduces 178800 processes and 195/56/126 seconds of real/user/sys time to 44600 processes and 103/34/60 seconds.
* Do not log "can't delete export" messages if nmount() returns ENOTSUP.rodrigc2006-05-281-1/+1
| | | | | This eliminates spurious log entries for trying to delete exports for filesystems like devfs and procfs.
* Revert 1.73, since mounting devfs without a devfs ruleset inside asimon2006-05-281-1/+0
| | | | | | | jail is a very bad idea security wise. Approved by: trhodes (jcamou mentor) No response: jcamou
* Mention ruleset #4 (devfsrules_jail) in jail's man page.matteo2006-05-281-1/+3
| | | | MFC after: 3
* avoid null ptr derefsam2006-05-271-5/+6
| | | | Obtained from: netbsd
* correct static array overrunsam2006-05-271-1/+1
| | | | Obtained from: netbsd
* Move call to ignore SIGPIPE signals before calling fork(),rodrigc2006-05-271-1/+3
| | | | | | | | so that both parent and child processes ignore this signal. PR: bin/97768 Submitted by: Gea-Suan Lin <gslin at csie dot nctu dot edu dot tw> MFC after: 3 days
* Ignore SIGPIPE signals on write() failures.rodrigc2006-05-251-0/+1
| | | | | | | | | We already check for write() failures and handle EPIPE. Failure to handle SIGPIPE was resulting in rpc.lockd terminating. PR: bin/97768 Reported by: Gea-Suan Lin <gslin at csie dot nctu dot edu dot tw> MFC after: 1 day
* Unnest includes before forthcoming editing.glebius2006-05-2416-20/+95
|
* Convert to nmount() and remove hardcoded checks for ufs, msdosfs, ntfs,rodrigc2006-05-241-25/+19
| | | | | | and cd9660. PR: bin/97642
* If the user asks for "kernel sources" to be installed, extract thecperciva2006-05-241-1/+1
| | | | | | | | | SRC_BASE package (src/[A-Z]*) as well as SRC_SYS (src/sys/*). This allows users who only install the kernel source code to use the modern "make buildkernel" approach. Discussed with: re (scottl, kensmith) MFC after: 3 days
* Convert mountd to nmount(). Remove some hardcoded dependenciesrodrigc2006-05-232-69/+142
| | | | on ufs, cd9660, msdosfs, and ntfs, but not all dependencies.
* - Document the new Read_Node_List command, autodetection of HCI nodes andmarkus2006-05-221-8/+9
| | | | | | | | | that the '-n' parameter is now optional - Grammar fixes Reviewed by: emax Approved by: emax MFC after: 1 week
* - Add HCI node autodetection. As a consequence of this, make the '-n'markus2006-05-223-7/+89
| | | | | | | | | | parameter optional. - Add Read_Node_List command which prints a list of available HCI nodes, their Netgraph IDs and connected hooks Reviewed by: emax Approved by: emax MFC after: 1 week
* s/packages/packets/joel2006-05-221-2/+2
| | | | Noticed by: maxim
* Add manual page for ipfwpcap(8).joel2006-05-222-1/+130
| | | | | Reviewed by: phk, brueffer Submitted by: Niclas Zeising <lothrandil@n00b.apagnu.se>
* - Add support for filtering the the list of providers by a regularsimon2006-05-203-41/+159
| | | | | | | | | | | | | | | | | expression, which makes it possible to only see interesting providers. "f" is used inside gstat to set a filter, "F" is used to remove current filter. - Do not print some uninteresting values in the gstat title line. - Do not print past the end of the screen. - Read multiple keystrokes per "wait" when gstat is running. - Remove a redundant != check, right after check of NULL against the same variable ("gid"). - Use sysexits.h. - Do not link against libkvm and libsbuf, they are not actually used. - Fix a few style(9) issues where I had to touch nearby code anyway. Approved by: cperciva (mentor) MFC after: 2 weeks
* o SIOCGIFCONF -> getifaddrs(3) conversion. As a side effect fixmaxim2006-05-172-97/+44
| | | | | | | | | bin/95041: subnet mask mismatch. PR: bin/95041 Obtained from: NetBSD Tested by: Hans Lambermont MFC after: 2 months
* - Update to ntp-4.2.0pav2006-05-177-1340/+2457
| | | | | PR: docs/79857 Submitted by: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>
* Send the pcvt(4) driver off to retirement.phk2006-05-1788-12434/+0
|
* Fix formatting. Add missing break;emax2006-05-141-2/+3
| | | | | Submitted by: Iain Hibbert MFC after: 3 days
* Fix typo.cperciva2006-05-131-1/+1
| | | | Pointed out by: ceri
* Add a mechanism for constructing INDEX files which include local ports.cperciva2006-05-132-2/+22
| | | | Requested by: brooks
* PR: bin/71663hm2006-05-132-7/+7
| | | | | | | | Submitted by: Dan Lukes Reviewed by: hm@ fix compile warnings in isdnd and isdntest. some more compile time warnings also mentioned in this PR were already fixed in an earlier commit today.
* fix conflicting types for log(), add some prototypes to isdnd.hhm2006-05-1317-545/+547
|
* correct strtol(3) usage and style(9)matteo2006-05-121-4/+8
| | | | | Reviewed by: maxim MFC after: 2 weeks
* Use 'rm -rf foo/bar' to remove a port instead of 'rm -rf foo/bar/'.cperciva2006-05-121-3/+6
| | | | | | | When /usr/ports/foo/bar is a symlink pointing outside the tree, this deletes the symlink instead of the directory it points to. Requested by: delphij
* o Style(9) the previous commit a bit.maxim2006-05-111-13/+7
|
* Use sysctlbyname() instead of sysctlphk2006-05-111-4/+1
|
* Add the -s option to set jail's securelevel. This is useful for jails run ↵matteo2006-05-112-4/+26
| | | | | | | with non-root privileges. PR: bin/80242 MFC after: 2 weeks
* Alpha doesn't support linux ABI compat now.jhb2006-05-102-2/+2
|
* Use .Vt for struct xprisonmatteo2006-05-101-2/+4
| | | | Suggested by: keramida
* document security.jail.list sysctl in jail(8)matteo2006-05-081-1/+9
| | | | | PR: docs/96807 MFC after: 3
* If perform-actual-lookups is enabled, getservbyname() matches an entryume2006-05-052-24/+20
| | | | | | even when proto is not valid. Submitted by: Michael Bushkov <bushman__at__rsu.ru>
* Allow the HTTP_PROXY environment variable to be (mis)spelled ascperciva2006-05-052-2/+4
| | | | | "http_proxy", since some people apparently do this and fetch(3) allows it.
* Fix the test for whether ${HTTP_PROXY} is set -- I got it backwards.cperciva2006-05-051-1/+1
| | | | | Pointy hat to: cperciva Pointed out by: pjd
* Fix binary upgrades by accounting for the schg flag on /var/empty.ceri2006-05-041-1/+1
| | | | | | | PR: 96711, 96780 Submitted by: Nobuyuki Koganemaru, Martin Jackson Approved by: re (scottl) MFC after: 1 day
* Remove two lines of debugging which I forgot to remove before the lastcperciva2006-05-031-2/+0
| | | | | | commit. Noticed by: simon
* The approach portsnap uses of "pick a random HTTP mirror" doesn'tcperciva2006-05-031-3/+16
| | | | | | | | | | | | | | | | | | | | interact very nicely with HTTP proxies: Since proxies do not know that all the files on portsnap1.freebsd.org are identical to the files with the same names on portsnap2.freebsd.org, said proxies end up downloading and storing files in duplicate. This commit uses the HTTP_PROXY environment variable, if set, to generate a random number seed for use in selecting a mirror. This means that if several systems all have the same HTTP_PROXY value set, they will ask the proxy to fetch files from the same mirror (unless that mirror fails, in which case all the systems will use the same second choice, et cetera). Portsnap still doesn't interact very well with "transparent" HTTP proxies, but there's nothing I can do about those. Requested by: simon Sponsored by: FreeBSD security development fundraiser
* Instead of selecting a mirror and failing if it is inaccessible, keepcperciva2006-05-031-25/+50
| | | | | | | | | | | | | | | | | | | track of which mirrors we have tried and try a different mirror if we fail when trying to download the SSL public key or the snapshot signature. Failures later in the download process will not result in switching to a different mirror, for two reasons: 1. If is very unlikely that a mirror will fail partway through the process of downloading updates. 2. If we switched from a more recently updated mirror to a less recently updated mirror partway through the download process, we would end up failing anyway because we would be trying to fetch files which the second mirror didn't have yet. PR: bin/96288 Requested by: lots of people Sponsored by: FreeBSD security development fundraiser
* o Document security.jail.jailed sysctl.maxim2006-05-031-1/+6
| | | | | | PR: docs/94711 Submitted by: Andreas Kohn MFC after: 2 weeks
* Fix alignment problem on AMD64.ume2006-05-022-12/+16
| | | | | | Reported by: Pascal Hofstee <caelian__at__gmail.com> Submitted by: Michael Bushkov <bushman__at__rsu.ru> Tested by: Pascal Hofstee <caelian__at__gmail.com>
* Note that when -d flag is used, mountd(8) will not detach from thekeramida2006-05-021-1/+4
| | | | | | | | controlling terminal. PR: docs/96660 Submitted by: Jeff Ito <ijk@speakeasy.net> MFC after: 1 week
* Teach portsnap to parse the output of the host(1) in BIND 8 as well ascperciva2006-05-021-3/+7
| | | | | | | | | the host(1) from BIND 9. This doesn't matter for HEAD, but will help people who install portsnap from the ports tree onto older versions of FreeBSD. PR: ports/93901 Sponsored by: FreeBSD security development fundraiser
* Add missed SYNOPSIS flag for auto upgrade.gordon2006-04-301-1/+1
| | | | Submitted by: marck at rinet dot ru
OpenPOWER on IntegriCloud