POSIX permits the Right Thing (resetting SIGCHLD, as we do), but doesn't
require it. Document both that we do it and that it's not portable to
require it.
I'm moderately concerned that the first bit should be merged into the
sentence at the start of the context. Which is clearer, what I have
I suspect I haven't gone far enough.
Simplify and correct signal handling in tcpdump:
* RETSIGTYPE == void, so kill the define for it
* simplify and strengthen setsignal():
* we have sigaction(), so use it
* in general, CLI tools shouldn't catch a signal that was ignored on
entry.
On Sat, 10 Oct 2015, Theo de Raadt wrote:
> I don't know the code either, but it is probably better if privsep's had
> more narrow task-specific operations. Like open-specific-file-for-read,
> and open log-over-there. Privsep operations should be tightly
> specified, not very generic.
>
> The
> Currently, npppd's PRIVSEP_OPEN message (abstracted as priv_open())
> accepts arbitrary open() flags and passes a mode argument. That
> seems...unwise.
>
> In particular, it never passes O_CREAT, so the mode argument isn't needed.
> Indeed, the only open 'flags' it needs are O_RDONLY and O_
Currently, npppd's PRIVSEP_OPEN message (abstracted as priv_open())
accepts arbitrary open() flags and passes a mode argument. That
seems...unwise.
In particular, it never passes O_CREAT, so the mode argument isn't needed.
Indeed, the only open 'flags' it needs are O_RDONLY and O_RDWR. If we
alter() wants to set the file's access time to the future without changing
the modification time. utimensat() can do the latter directly with
UTIME_OMIT, eliminating the need for the stat(). Since we're using
timespecs instead of timevals, we can use clock_gettime(CLOCK_REALTIME)
instead of
> as well as this:
>
> > --- tcpdump/print-ipsec.c
> > +++ /tmp/cocci-output-17550-499a71-print-ipsec.c
> > @@ -101,7 +101,7 @@ esp_init (char *espspec)
> > s[0] = espkey[2*i];
> > s[1] = espkey[2*i + 1];
> > s[2] = 0;
> > - if (!isxdigit(s[0]) || !isx
On Sat, 10 Oct 2015, Michael McConville wrote:
> Theo de Raadt wrote:
> > > Some isfoo(char) usages crept back into ftp
> >
> > Hmm. I wonder how we can keep these errors out of base.
> > Having to re-audit all the time is painful.
>
> FWIW, this is a perfect use case for Coccinelle. Below is wh
committed with a minor tweak Thanks!
>
> Do I miss something simpler?
>
> Index: bin/rm/rm.1
> ===
> RCS file: /var/cvs/src/bin/rm/rm.1,v
> retrieving revision 1.37
> diff -u -p -r1.37 rm.1
> --- bin/rm/rm.1 25 May 2014 19:07:36 -
On Sat, 10 Oct 2015, Michael McConville wrote:
> FWIW, this is a perfect use case for Coccinelle. Below is what I dredged
> up in src/usr.sbin (diff not yet carefully audited, but apparently
> sane).
These look good to me. bluhm?
Side note: bluhm, please rename the dprintf() macro to something
On Sat, 10 Oct 2015, Michael McConville wrote:
> FWIW, this is a perfect use case for Coccinelle. Below is what I dredged
> up in src/usr.sbin (diff not yet carefully audited, but apparently
> sane).
The ypserv chunks show your Coccinelle script could use an enhancement...
> --- ypserv/ypserv/acl
On Sat, 10 Oct 2015, Michael McConville wrote:
> FWIW, this is a perfect use case for Coccinelle. Below is what I dredged
> up in src/usr.sbin (diff not yet carefully audited, but apparently
> sane).
I'm replying to this multiple times, cc'ing in the particular maintainers
as appropriate.
> ---
On Sat, 10 Oct 2015, Michael McConville wrote:
...
> FWIW, this is a perfect use case for Coccinelle. Below is what I dredged
> up in src/usr.sbin (diff not yet carefully audited, but apparently
> sane).
I'm replying to this multiple times, cc'ing in the particular maintainers
as appropriate.
>
Theo de Raadt wrote:
> > Some isfoo(char) usages crept back into ftp
>
> Hmm. I wonder how we can keep these errors out of base.
> Having to re-audit all the time is painful.
FWIW, this is a perfect use case for Coccinelle. Below is what I dredged
up in src/usr.sbin (diff not yet carefully audit
On Sat, 10 Oct 2015, Bob Beck wrote:
> On Sat, Oct 10, 2015 at 04:35:02PM -0700, Philip Guenther wrote:
...
> > @@ -1409,7 +1410,7 @@ recode_credentials(const char *userinfo)
> > char
> > hextochar(const char *str)
> > {
> > - char c, ret;
> > + unsigned char c, ret;
> >
> > c = str[0]
On Sat, 10 Oct 2015, Theo de Raadt wrote:
> > Some isfoo(char) usages crept back into ftp
>
> Hmm. I wonder how we can keep these errors out of base.
> Having to re-audit all the time is painful.
Right now, _ctype_ is a generic const char * pointer. Maybe there's way
to make it a pointer to ch
> Some isfoo(char) usages crept back into ftp
Hmm. I wonder how we can keep these errors out of base.
Having to re-audit all the time is painful.
On Sat, 10 Oct 2015, Philip Guenther wrote:
> For userspace, SUN_LEN() is an unnecessary BSD-ism. The kernel has to
> accept sizeof(struct sockaddr_un) here, so do the simple, portable thing.
That was the usr.bin diff; here's the usr.sbin diff.
This also switches some strncpy() to strlcpy(), as
For userspace, SUN_LEN() is an unnecessary BSD-ism. The kernel has to
accept sizeof(struct sockaddr_un) here, so do the simple, portable thing.
ok?
Philip Guenther
Index: nc/netcat.c
===
RCS file: /cvs/src/usr.bin/nc/netcat.c,v
On Sat, Oct 10, 2015 at 04:35:02PM -0700, Philip Guenther wrote:
>
> Some isfoo(char) usages crept back into ftp
>
> ok?
>
> Philip Guenther
>
>
> Index: ftp/fetch.c
> ===
> RCS file: /cvs/src/usr.bin/ftp/fetch.c,v
> retrieving re
Some isfoo(char) usages crept back into ftp
ok?
Philip Guenther
Index: ftp/fetch.c
===
RCS file: /cvs/src/usr.bin/ftp/fetch.c,v
retrieving revision 1.142
diff -u -p -r1.142 fetch.c
--- ftp/fetch.c 10 Sep 2015 13:43:35 - 1
Instead of formatting to a buffer and then writing the buffer to an fd,
just use dprintf to write formatted output directly to the fd.
Note that our dprintf() has the same async-signal-safety as our snprintf()
ok?
Philip Guenther
Index: newfs/mkfs.c
==
GNU patch only allows s/.// as a regular expression in substitutions.
Our diff implementation writes s/^\.\././ which is basically the same,
because they are used to change ".." lines into ".".
This is required if an ed-formatted diff tries to create a line that
only has a dot in it. Normally, tha
As a general rule, programs should not use errno values as an exit status.
Compare "sleep 10001" w/ and w/o this diff.
ok?
Index: sleep.c
===
RCS file: /data/src/openbsd/src/bin/sleep/sleep.c,v
retrieving revision 1.23
diff -u
> I am however curious to this patch. By pledging ksh with exec it appears
> to me that once a pledged process is execve(2)d it looses it's already
> made pledges.
Yes, because that is what it needs.
> This to me seems like
> something that might be undesirable (find remote code execution->ins
> Index: sys/kern/kern_pledge.c
> ===
> RCS file: /var/cvs/src/sys/kern/kern_pledge.c,v
> retrieving revision 1.4
> diff -u -p -r1.4 kern_pledge.c
> --- sys/kern/kern_pledge.c9 Oct 2015 05:30:03 - 1.4
> +++ sys/kern/kern_
On Sat, Oct 10, 2015 at 02:55:34PM +0200, Tobias Stoeckmann wrote:
> That's what I get for copy&pasting out of a manual...
>
> The LIST_EMPTY example lacks an opening curly bracket. The other
> examples have it, so it's a pretty obvious fix.
ok,
-Otto
>
>
> Index: queue.3
> ==
That's what I get for copy&pasting out of a manual...
The LIST_EMPTY example lacks an opening curly bracket. The other
examples have it, so it's a pretty obvious fix.
Index: queue.3
===
RCS file: /cvs/src/share/man/man3/queue.3,v
re
One of the major USA anoncvs servers (anoncvs.usa.openbsd.org) needs
a new home.. It's former hosting location at ISC is going away.
Todd Miller runs this and does a great job of it. What we need is someone
with a well connected place to host the machine. So - if you can host
a box for OpenBSD i
Hello,
Patch fixes two small nits related to source node table in PF (a.k.a.
pf_src_tree_tracking).
The first issue comes to `global` argument of pf_insert_src_node(). It is
always 0 everywhere in source code. The `global` is supposed to indicate
whether particular state is bound to global/main r
While ktrace'ing firefox, I managed to produce a ktrace.out file that
makes pledge(2) abort kdump:
$ kdump >/dev/null
Killed
$ dmesg | tail -1
kdump(24965): syscall 5
The problem is that the "rpath" request is dropped in kdump's second
pledge call. However, kdump's sockoptlevelname() formatter c
Fwd from misc@:
- Forwarded message from Craig Skinner -
Date: Wed, 9 Sep 2015 10:10:08 +0100
From: Craig Skinner
To: m...@openbsd.org
Subject: Re: [DIFF] user & group delete named in upgrade57.html
User-Agent: Mutt/1.5.23 (2014-03-12)
Resend:
On 2015-08-31 Mon 10:52 AM |, Craig Skinn
10 окт. 2015 г. 11:45 пользователь "Stefan Sperling"
написал:
>
> Just in case. NULL derefs are easier to find than use-after-frees.
>
> Index: if_iwm.c
> ===
> RCS file: /cvs/src/sys/dev/pci/if_iwm.c,v
> retrieving revision 1.53
> di
sc_wantresp -1 is special, so give it a proper name.
Also, have all commands wait for completion of active sync commands.
Right now only sync commands wait. We don't use async commands yet,
but if we do in the future they could be sent while a sync command
is still in progress, and I don't think t
Just in case. NULL derefs are easier to find than use-after-frees.
Index: if_iwm.c
===
RCS file: /cvs/src/sys/dev/pci/if_iwm.c,v
retrieving revision 1.53
diff -u -p -r1.53 if_iwm.c
--- if_iwm.c6 Oct 2015 09:12:00 - 1.53
35 matches
Mail list logo
