As of e67975d331 ("Fix 'calendar -a' in several ways."), `calendar -a`
will now fork off a new process for each user and do all of its own
processing in the user's own context.
As a side-effect, calendar(1) started calling setlogin(2) in each of the
forked processes and inadvertently hijacked the login name for the
session it was running under, which was typically not a fresh session
but rather that of whatever cron/periodic run spawned it. Thus, daily
and security e-mails started coming from completely arbitrary user.
We could create a new session, but it appears that nothing calendar(1)
does really needs the login name to be clobbered; opt to just avoid the
setlogin(2) call entirely rather than incur the overhead of a new
session for each process.
PR: 280418
Reviewed by: des, olce
Fixes: e67975d331 ("Fix 'calendar -a' in several ways.")
Differential Revision: https://reviews.freebsd.org/D46095
The man page states that the -d flag can be used to show the dropped
packets. But, the number of dropped input packets are always shown,
independent of the -d flag. This commit clarifies that the -d flag will
add the number of dropped output packets to the output.
MFC after: 3 days
Reviewed by: imp, Alexander Ziaee
Pull Request: https://github.com/freebsd/freebsd-src/pull/1332
The legacy Stone algorithm uses `int` to represent line numbers, array
indices, and array lengths. If given inputs approaching `INT_MAX` lines,
it would overflow and attempt to allocate ridiculously large amounts of
memory. To avoid this without penalizing non-pathological inputs,
switch a few variables to `size_t` and add checks while and immediately
after reading both inputs.
MFC after: 3 days
PR: 280371
Sponsored by: Klara, Inc.
Reviewed by: allanjude
Differential Revision: https://reviews.freebsd.org/D46169
The `--ignore-all-space` option was incorrectly documented as
`--ignore-all-spaces`.
MFC after: 3 days
Sponsored by: Klara, Inc.
Reviewed by: 0mp, markj
Differential Revision: https://reviews.freebsd.org/D46161
The `--ignore-all-space` option was incorrectly documented as
`--ignore-all-blanks` in some (but not all) places.
MFC after: 3 days
PR: 280434
Sponsored by: Klara, Inc.
Reviewed by: 0mp, markj
Differential Revision: https://reviews.freebsd.org/D46160
Implement the improved SEG.ACK validation described in RFC 5961.
In addition to that, also detect ghost ACKs, which are ACKs for data
that has never been sent.
The additional checks are enabled by default, but can be disabled
by setting the sysctl-variable net.inet.tcp.insecure_ack to a
non-zero value.
PR: 250357
Reviewed by: Peter Lei, rscheff (older version)
MFC after: 1 week
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D45894
Either due to a race, or to the privilege restrictions, it is not
guaranteed that kern.files returned file information for all pcbs
read from net.inet.<proto>.pcblist. In this case the file rbtree does
not return the matching file by data address, and code must avoid
dereferencing NULL.
PR: 279875
Reviewed by: asomers
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D46050
A new Kyua concept is added -- "execution environment". A test can be
configured to be run within a specific environment. The test case
lifecycle is extended respectively:
- execenv init (creates a jail or does nothing for default
execenv="host")
- test exec
- cleanup exec (optional)
- execenv cleanup (removes a jail or does nothing for default
execenv="host")
The following new functionality is provided, from bottom to top:
1 ATF based tests
- The new "execenv" metadata property can be set to explicitly ask for
an execution environment: "host" or "jail". If it's not defined, as
all existing tests do, then it implicitly means "host".
- The new "execenv.jail.params" metadata property can be optionally
defined to ask Kyua to use specific jail(8) parameters during creation
of a temporary jail. An example is "vnet allow.raw_sockets".
Kyua implicitly adds "children.max" to "execenv_jail_params"
parameters with the maximum possible value. A test case can override
it.
2 Kyuafile
- The same new metadata properties can be defined on Kyuafile level:
"execenv" and "execenv_jail_params".
- Note that historically ATF uses dotted style of metadata naming, while
Kyua uses underscore style. Hence "execenv.jail.params" vs.
"execenv_jail_params".
3 kyua.conf, kyua CLI
- The new "execenvs" engine configuration variable can be set to a list
of execution environments to run only tests designed for. Tests of not
listed environments are skipped.
- By default, this variable lists all execution environments supported
by a Kyua binary, e.g. execenvs="host jail".
- This variable can be changed via "kyua.conf" or via kyua CLI's "-v"
parameter. For example, "kyua -v execenvs=host test" will run only
host-based tests and skip jail-based ones.
- Current value of this variable can be examined with "kyua config".
[markj] This feature has not landed upstream yet.
See the discussion in https://github.com/freebsd/kyua/pull/224 .
Having the ability to automatically jail tests allows many network tests
to run in parallel, giving a drastic speedup. So, let's import the
feature and start using it in main.
Signed-off-by: Igor Ostapenko <pm@igoro.pro>
Reviewed by: markj, kp
Tested by: markj, kp
MFC after: 3 months
Differential Revision: https://reviews.freebsd.org/D45865
Also, --no-dereference should not imply --recurse.
MFC after: 3 days
Sponsored by: Klara, Inc.
Reviewed by: allanjude
Differential Revision: https://reviews.freebsd.org/D45779
When running regression tests in paralle, this one occasionally fails
because uniq exits with status 0. I believe this is because the test is
a bit racy: it assumes that true(1) will exit before uniq writes to
standard out.
Just sleep for a bit to give the other end of the pipe to exit.
Reviewed by: des
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D45534
Following commit a87651e2ff add xrefs to intro(2) and sigaction(2),
and use a consistent form.
Suggested by: kib, arrowd
Reviewed by: kib (earlier)
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D45555
namei was mistaken for a typo (see GitHub pull request #1284). Add an
xref to make it clear.
Reviewed by: imp
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D45546
I/O errors should be reported; however lam currently does not
disambiguate between EOF because end-of-file was reached and EOF because
an I/O error occurred.
This commit changes lam to exit with EX_IOERR when an I/O error occurs.
Reviewed by: imp, allanjude
Sponsored by: Apple Inc.
Differential Revision: https://reviews.freebsd.org/D45437
If one of the files has ended, we won't show the column, but we still
need to drain the file pointer to avoid potentially hitting a pipe
failure.
This commit moves the NULL offset checks inside show() so that getline()
and ferror() are still called on fp.
Reviewed by: allanjude
Sponsored by: Apple Inc.
Differential Revision: https://reviews.freebsd.org/D45440
UNIX conformance wants utilities to catch any errors when doing I/O, as
opposed to relying on the implicit flush upon exit.
comm currently does not do that.
This commit adds handling of I/O errors on stdout prior to exit.
Reviewed by: imp, allanjude
Sponsored by: Apple Inc.
Differential Revision: https://reviews.freebsd.org/D45439
PR: 279182
Some manual pages have a copyright notice or commit id before including
other files with the .so macro. We need to skip comments and empty lines
at the beginning of the manpage while checking for the first .so macro.
MFC after: 1 week
After top registers load average of at least 100 which then gets reduced to
below 100, there are left stray digits.
Supporting load over 100 requires increasing the width only to 6, but since
we support over 1000 CPU's now, let's increase it to 7.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D45284
This policy enables a user to become another user without having to be
root (hence no setuid binary). it is configured via rules using sysctl
security.mac.do.rules
For example:
security.mac.do.rules=uid=1001:80,gid=0:any
The above rule means the user identifier by the uid 1001 is able to
become user 80
Any user of the group 0 are allowed to become any user on the system.
The mdo(1) utility expects the MAC/do policy to be installed and its
rules defined.
Reviewed by: des
Differential Revision: https://reviews.freebsd.org/D45145
The previous width of Netif (10 or 8) was too short for modern interface
names; make it 12, which is long enough to display "epair0a.1000".
This came up in practice with genet(4) interfaces, since the base
interface name is long enough that with the previous limit, VLAN
identifiers would be truncated at 1 character in the IPv6 output:
"genet0.100" becomes "genet0.1".
The width is now fixed, and doesn't depend on the address family,
because there's no reason that length of the interface name would vary
based on the AF.
Reviewed by: imp,zlei,Mina Galić
Pull Request: https://github.com/freebsd/freebsd-src/pull/1223
It turns out this wasn't in 4.4BSD. I had a false positive for gdc.c
(which is in 4.4BSD, but part of gated, not this). gdc.c comes from the
ncurses tests, so it shouldn't have this copyright. This version is
mostly Amos Shapir and John Lupien's code. It comes from ncurses test
directory. ncurses has made dozens of improvements to this file since
we imported it in 1997 (which pre-dates their online history), so it's
not clear if their new copyright applies (which doesn't mention Amos
or John) or if some other copyright applies. In any case, it wasn't
4.4BSD, so revert this.
This reverts commit 6ed7d0e3ac.
Sponsored by: Netflix
