crypto bits installed and/or NOCRYPTO/NO_OPENSSL is defined. This unfortunately
meants that usr.bin/chkey, usr.bin/newkey and usr.sbin/keyserv have also to
be disconnected.
IMO it is merely a workaround, the proper solution is to move libmp to
src/crypto where it belongs and use libgmp for the cryptoless builds instead.
Missed by: dd
Use '' quotes instead of `' to delimit names of files and packages in
warning and error messages, because it is easier to cut-n-paste name in
question that way (single click) without confusing the shell. And yes,
I know that it is less eye-candy...
MFC after: 1 month
to hang or panic kernel by detaching disk from which fs is mounted;
- replace "md" with MD_NAME in yet another place.
Reviewed by: phk
Approved by: phk
debugging support as well. Debugging module support is handled
identically to kernel debugging support, right down to poor
choice of make variable names.
1) allocate fewer buckets
2) when failing to allocate swap zone, keep reducing the zone by
a third rather than a half in order to reduce the chance of
allocating way too little.
I also moved around some code for readability.
Suggested by: dillon
Reviewed by: dillon
some of the config problems that we've been seeing (where wi0 tries to
allocate 0x138-0x198, for example).
Use err(1,"foo") rather than perror + exit while I'm here.
system installation process. This allows users installing via serial
console to enable serial console login during the installation
process using an un-customized install. The user is not prompted to
modify /etc/ttys during a normal install, but is offered the
opportunity during post-install configuration.
- Introduce configTTYs(), which describes the benefits of editing
/etc/ttys, and asks for confirmation before spawning the editor.
- add configTTYs to the post-install configuration, as well as to
the global configuration index.
by providing the opportunity to edit inetd.conf during the system
installation process. The following modifications were made:
(1) Expand the Anonymous FTP description dialog to indicate that inetd
and ftpd must be enabled before it can be used.
(2) Introduce a new configInetd() pair of dialogs, the first describing
inetd, giving a couple of examples of services that require it, and
hinting at potential risk, then asking the user if they wish to
enable it. The second indicates that inetd.conf must be configured
to enabled specific services, and asks if the user would like to
load inetd.conf into the editor to modify it. Add this
configuration action to the index.
There are some further improvements that might be considered:
(1) Provide a more inetd.conf-specific configuration tool that speaks
inetd.conf(5). However, this is made difficult by the "yet another
configuration format" nature of inetd.conf, as well as its use of
commenting to disable services, rather than an in-syntax way to
disable a service without commenting it out. Submissions here
would probably be welcome.
(2) There's some overlap between settings in the somewhat obtuse
Security Profile mechanism and other settings, including the inetd
setting, and NFS server configuration. As features become
individually tunable, they should probably be removed from the
security profile mechanism. Otherwise, somewhat counter-intuitively,
sysinstall (in practice) queries multiple times whether inetd, nfsd,
etc, should be enabled/disabled. A possible future direction might
be to drive profiles not by degree of paranoia, rather, the set
of services desired. Or simply to remove the Security Profile
mechanism and resort to feature-driven configuration.
Reviewed by: imp, chris, jake, nate, -arch, -stable
and ftpd. This more conservative default reduces the exposure of
freshly installed machines, which is especially valuable for machines
that receive minimal further configuration before being put into
production. Generally speaking, SSH has superseded the use of both
telnet and ftp in many environments. In light of recent remotely
exploitable security holes in both telnetd and ftpd, this choice
retains flexibility (both telnetd and ftpd daemons remain installed
and easily enableable) while protecting users who don't need the
additional risk. This change brings our configuration into line with
the majority of other UNIX vendors, including OpenBSD and NetBSD.
To address the concerns of those requiring remote access via telnet
from first install, changes will shortly be committed to sysinstall
to provide the ability to edit inetd.conf during the installation
process, allowing telnetd and ftp to be re-enabled during the
installation process.
While I'm at it, slightly improve commenting for inetd.conf so that
it's more clear to users how to enable and disable services.
Further commenting to indicate the functions of various columns would
probably also be useful.
Reviewed by: imp, chris, jake, nate, -arch, -stable
gets lost, he simply drops the fiber on the ground, waits ten minutes,
then asks the backhoe operator for directions.
-- Bill Bradford <mrbill@mrbill.net>
Submitted by: Kris Kirby <kris@catonic.net>
This paniced my one of my machines one time too many :-( and there is
no sign of a solution in the pipeline. The deltas are still easily
available in cvs. The problem is that if the parent has been swapped
out, the child process cannot grope around in the parent's UPAGES to
see the sigact[] array or it will fault. This probably is a showstopper
for this implementation anyway.
is the diagnostics register at offset 0x93. When bit 5 is set in this
register, bits 4-7 in ExCA register 0x5 being 0000 are required for
pci interrupt routing. When it is clear, then bit 4 of ExCA register
0x3 is used to enable it.
The only other issue is that when you route interrupts this way, you
must read ExCA register 0x4 in order to clear the interrupt, else you
get an interrupt storm.
Deal with this requirement by setting things up. It is believed that
this won't hurt other chipsets, but other chipsets may require their
own work arounds.
a temporary array to store struct buf pointers if the list doesn't
fit in a local array. Usually it frees the array when finished,
but if it jumps to the 'again' label and the new list does fit in
the local array then it can forget to free a previously malloc'd
M_TEMP memory.
Move the free() up a line so that it frees any previously allocated
memory whether or not it needs to malloc a new array.
Reviewed by: dillon