Saw a mention somewhere a while back that the gotdata() function in
here could creates non-uniformity since very short fetches of 0 would
be excluded. blocks of 0 are just as random as any other data, including
blocks of 4 4 4.. This is a misguided attempt to identify errors from the
entropy churn/gather code doesn't make sense, errors don't happen.
ok bcook
The C implementation of str{,r}chr are not linked to the build, because
assembly implementations are used, but change to code for easier reference.
At least the i386 and amd64 are checked and seem to do the correct thing.
Found thanks to the csh any/strchr change.
minor pointers and OK millert@
It replaces the existing pwcache.c functions user_from_uid(3) and
group_from_gid(3) with the pax equivalents. Adapted from NetBSD
(mycroft) changes from our own pax's cache.c. OK guenther@
job at startup. After much anguish I accept dlg's solution of chdir
for the problem ("starting ntpd on a filesystem I want to unmount"),
but we cannot change the main-process daemon() call. Why? Because
the ntpd privsep design predates more modern designs where the config
file is parsed once, and configuration marshalled to the fork+exec
children. Instead each ntpd process re-parses the config, and if
we chdir before fork+exec startup, it will move the basedir causing
-f "relativepath" to fail.
discussed with florian
script) did 'ifconfig <if> down' before starting dhclient(8). This was
a way of ensuring old running copies of dhclient were killed before a
new one started. Current dhclient does not need this assist, so change
"ifconfig <if> down" to "ifconfig <if> up" pending further script
optimizations.
Similar to a 2014 attempt by halex@. Prompted by a misc@ report
from Kristjan Komlosi reporting hanging diskless setups.
ok halex@ kn@
We're aiming to work towards an examples/bgpd.conf file that is a good starting
point for real world deployments rather than a showcase of all capabilities
bgpd(8) has.
OK deraadt@ claudio@
with the syzkaller kernel fuzzer. So far, 8 distinct panics have been found and
fixed. This effort will continue.
kcov is limited to architectures using Clang as their default compiler and is
not enabled by default.
With help from mpi@, thanks!
ok kettenis@ mpi@ visa@
that, the macro used was password and if we changed it to something like
pass="secret" it would log it if the daemon was ran in verbose mode.
Hint and OK claudio@
harm if not deleted after the daemon is shutdown and at the same time we also
tackle another attack surface by not allowing the program to create/delete
any more files (by removing "cpath" promise from pledge(2)).
Discussion initiated by a question from deraadt@ OK florian@
currently doesn't call the function control_cleanup to do so. The solution is
to simply call that function just before the program quits.
"sure" henning@
to unveil. Unfortunately the auth subsystem uses _PATH_AUTHPROG =
"/usr/libexec/auth/login_", which it auth-program is appended to -- a
rather gross idea which now shows lack of wisdom.
This brings unveil into the tree, disabled by default - Currently
this will return EPERM on all attempts to use it until we are
fully certain it is ready for people to start using, but this
now allows for others to do more tweaking and experimentation.
Still needs to send the unveil's across forks and execs before
fully enabling.
Many thanks to robert@ and deraadt@ for extensive testing.
ok deraadt@