Stop the canonicalization of the path in pledge_namei() callback since
we know is providing strictly normalized paths, and it leads to a subtle
problem a little bit like a TOCTOU. However, this pathcode can also be
reached by non-libc callers, so we need one validation step: the zoneinfo
sub-directory inspections may not attempt walks upwards through "..", we
don't need to consider symbolic links because root does not place them there.
From discussions with david leadbeater, ok beck
Add following statistics:
- ASPA table size and count
- RIB entry queue lenght (both per-peer and global)
- ibuf queue length and size (both per-peer and global)
OK tb@
In peer_delete ensure that the rib_pq_head TAILQ is empty by concatenating
it onto the peerself queue.
In general this should never happen since the peer is down for 1h before
being removed and during that time the queue should empty but better safe
than sorry.
OK tb@
In peer_up() call peer_down() instead of inlineing the work.
This is now possible since the split of peer_down() and peer_delete()
changed peer_down() to no longer free the peer.
OK tb@
Send the new system statistics command if supported by iwx(4) firmware.
This will be needed for BZ devices.
ok phessler@, kettenis@
Tested:
AX200: stsp
AX201: kirill
AX210 (MA): kettenis
AX211: phessler
AX211 (BZ): stsp
Further improve the log messages for attribute parse errors.
Add an extra case for the case where the length of the attribute
overflows the attribute buffer. This is a reasonably common issues
and therefor the extra message that includes attribute, flags and length.
OK tb@
Fix in the OTC attribute parser for ROLE_PEER.
For sessions with peer role the ASnum of the OTC attribute is compared to
the remote ASnum of the session. At that point in the parser the data
should not be consumed. So use an extra temporary buffer to extract the
OTC value. This is similar to the case in ATTR_AS4_AGGREGATOR where the
same trick is used.
OK tb@
Adjust mrt config setting of the group id.
The code in the session engine expect group id to be 0 for any case where
only a single peer is targeted. Only set the group id for group matches.
Adjust the logic in printconf.c to follow this behaviour. Add a comment
to better explain why the logic is the way it is for future me.
OK tb@
Move banner exchange to sshd-auth process
Previously, exchange of the initial SSH- banners was performed
by the privileged sshd-session monitor. This moves it to the
unprivileged sshd-auth subprocess, removing ~200 LoC from the
monitor's privileged attack surface.
The monitor gains a new "setcompat" RPC to allow sshd-auth to
inform it of bug compat flags picked up from the client's banner.
feedback dtucker@, ok markus@ deraadt@
These programs are using pledge "tmppath" with "rpath wpath cpath".
The "tmppath" is not needed.
from deraadt@; ok semarie and others
this is errata/7.7/023_tmppath.patch.sig
These programs are using pledge "tmppath" with "rpath wpath cpath".
The "tmppath" is not needed.
from deraadt@; ok semarie and others
this is errata/7.8/017_tmppath.patch.sig
fix replace-regexp issues
- an infinite loop with (replace-regexp "^.*$" "") because it does not
advance to the next line
- replace-regexp replaces all occurrences of ^pattern in a line.
diff from Mark Willson (mark [at] hydrus.org.uk,) thanks!
minor tweak by me, I've used gotoeol() instead of setting curwp->w_doto
manually.
Remove the IOMMU-specific bus_dmamap_sync() implementation and just call
the default implementation instead. The current #ifdef'ed out code just
doesn't make sense.
ok chris@
delete pledge_sysctl() printing of the failing mibs, because it truncates
it's buffer, produces misleading output, and is pointless tty output,
Like with other system calls failuress, the standard pledge_fail() tty output
should lead the user to use ktrace which will provide an accurate view.
from deraadt@; discussed with bluhm
this is errata/7.7/022_pledge_sysctl.patch.sig
delete pledge_sysctl() printing of the failing mibs, because it truncates
it's buffer, produces misleading output, and is pointless tty output,
Like with other system calls failuress, the standard pledge_fail() tty output
should lead the user to use ktrace which will provide an accurate view.
from deraadt@; discussed with bluhm
this is errata/7.8/016_pledge_sysctl.patch.sig
replace pledge "stdio rpath tmppath" with unveil "/tmp" "rwc" to satisfy
mktemp(3) type operations, unveil "/" "r" for reading all over the tree,
and pledge "stdio rpath wpath cpath" to permit both unveils subject to
their own limitations.
pledge "rpath tmppath" is replace with unveil "/" "r", unveil "/tmp" "rwc",
and "rpath wpath cpath"
from deraadt@; ok semarie
This was using pledge "tmppath" with "rpath wpath cpath".
The "tmppath" is not needed.
from deraadt@; ok semarie and others
uses tmpfile(), which is why it used "tmppath", which is why it now
needs "rpath wpath cpath"
from deraadt@; spotted by brynet
Instead of pledge "tmppath rpath", setup a "rwc" unveil on "/tmp", a
"r" unveil on "/", and then pledge "rpath wpath cpath".
[28 lines not shown]
replace pledge "stdio rpath tmppath" with unveil "/tmp" "rwc" to satisfy
mktemp(3) type operations, unveil "/" "r" for reading all over the tree,
and pledge "stdio rpath wpath cpath" to permit both unveils subject to
their own limitations.
pledge "rpath tmppath" is replace with unveil "/" "r", unveil "/tmp" "rwc",
and "rpath wpath cpath"
from deraadt@; ok semarie
This was using pledge "tmppath" with "rpath wpath cpath".
The "tmppath" is not needed.
from deraadt@; ok semarie and others
uses tmpfile(), which is why it used "tmppath", which is why it now
needs "rpath wpath cpath"
from deraadt@; spotted by brynet
Instead of pledge "tmppath rpath", setup a "rwc" unveil on "/tmp", a
"r" unveil on "/", and then pledge "rpath wpath cpath".
[28 lines not shown]
