Re: New wpi driver
Florent Thoumie wrote: On Nov 8, 2006, at 1:36 PM, Massimo Lusetti wrote: Hi all, I'm pleased to tell you i got the latest wpi driver from Damien Bergamini to work properly on a latest -stable on an Acer laptop. Nice work! Unfortunately, it seems that this is still that unfinished driver from Damien, that circulates on the net everywhere, but it only works for some lucky people. As for me, I get an error message when loading the module, that it could not allocate resources. -- Cheers, Gabor ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: [Patch] sys/kern/kern_descrip.c: remove double limit check in fcntl()
* Ed Schouten <[EMAIL PROTECTED]> wrote: > The patch below prevents this by performing this check by do_dup(). It > will prevent fcntl() from PROC_LOCK()'ing twice. It also fixes the > return value of fcntl(). The manual page states that it should return > EMFILE when it exceeds its limit, though the actual code sets EINVAL. Woops - It looks like I wasn't awake when I was reading the fcntl() manual page. fcntl() should return EINVAL when the minimum value is higher than the limit and EMFILE when it can't find a free descriptor in the range from the minimum value to the maximum. dup() generalizes this to EMFILE. It cannot return EINVAL. I decided to change the patch that do_dup() can return EINVAL for the fcntl() scenario and that the dup()/dup2() system calls readjust the errno right before returning. Please use the patch below. %%% --- src/sys/kern/kern_descrip.c Thu Nov 9 20:18:41 2006 +++ src/sys/kern/kern_descrip.c Thu Nov 9 20:26:25 2006 @@ -283,8 +283,14 @@ dup2(struct thread *td, struct dup2_args *uap) { - return (do_dup(td, DUP_FIXED, (int)uap->from, (int)uap->to, - td->td_retval)); + int error; + + error = do_dup(td, DUP_FIXED, (int)uap->from, (int)uap->to, + td->td_retval); + /* dup2() should only return EMFILE when exceeding limits */ + if (error == EINVAL) + error = EMFILE; + return (error); } /* @@ -302,8 +308,13 @@ int dup(struct thread *td, struct dup_args *uap) { + int error; - return (do_dup(td, DUP_VARIABLE, (int)uap->fd, 0, td->td_retval)); + error = do_dup(td, DUP_VARIABLE, (int)uap->fd, 0, td->td_retval); + /* dup() should only return EMFILE when exceeding limits */ + if (error == EINVAL) + error = EMFILE; + return (error); } /* @@ -358,7 +369,6 @@ struct proc *p; char *pop; struct vnode *vp; - u_int newmin; int error, flg, tmp; int giant_locked; @@ -396,16 +406,7 @@ case F_DUPFD: /* mtx_assert(&Giant, MA_NOTOWNED); */ FILEDESC_UNLOCK(fdp); - newmin = arg; - PROC_LOCK(p); - if (newmin >= lim_cur(p, RLIMIT_NOFILE) || - newmin >= maxfilesperproc) { - PROC_UNLOCK(p); - error = EINVAL; - break; - } - PROC_UNLOCK(p); - error = do_dup(td, DUP_VARIABLE, fd, newmin, td->td_retval); + error = do_dup(td, DUP_VARIABLE, fd, arg, td->td_retval); break; case F_GETFD: @@ -629,7 +630,7 @@ maxfd = min((int)lim_cur(p, RLIMIT_NOFILE), maxfilesperproc); PROC_UNLOCK(p); if (new >= maxfd) - return (EMFILE); + return (EINVAL); FILEDESC_LOCK(fdp); if (old >= fdp->fd_nfiles || fdp->fd_ofiles[old] == NULL) { %%% -- Ed Schouten <[EMAIL PROTECTED]> WWW: http://g-rave.nl/ pgpqP8VPzFHz8.pgp Description: PGP signature
Re: USB Video class driver
On Thursday 09 November 2006 17:29, Thinker wrote: > Hi, > > I am interest to know if FreeBSD has a USB Video Class driver project. > I had seem a news from Creative which announce a new webcam following > USB Video Class. It is time to start a Video Class driver for FreeBSD. Hi, No, FreeBSD does not have a video class driver. But there is a USB mailing list for FreeBSD: freebsd-usb@freebsd.org If you want to develop a Video Class driver, you might want to have a look at my new USB driver for FreeBSD: http://www.turbocat.net/~hselasky/usb4bsd If you install anything, install the SVN version. --HPS ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: RFC: pam_krb5: minimum_[ug]id options
On Thu, Nov 09, 2006 at 02:36:19PM +0300, Ruslan Ermilov wrote: > On Thu, Nov 09, 2006 at 01:18:44AM +, Shaun Amott wrote: > > Thanks for reviewing the patch. Here's an updated version with your > > suggestions incorporated. > > > Please don't remove me from Cc:. I prefer to receive directed > replies, and I didn't ask for non-directed reply via setting the > Mail-Followup-To: header like you seem to prefer. Thanks. Actually, I prefer to receive two copies of the message too. It seems mutt defaults to adding the header... but somewhat inconsistently. Even so, being omitted from the Cc: is such a rare event that I assumed you also didn't want to be Cc'ed. > > diff -u -r1.6 pam_krb5.8 > > --- pam_krb5.8 24 Nov 2001 23:41:32 - 1.6 > > +++ pam_krb5.8 9 Nov 2006 01:14:18 - > > @@ -1,7 +1,7 @@ > > .\" > > .\" $Id: pam_krb5.5,v 1.5 2000/01/05 00:59:56 fcusack Exp $ > > .\" $FreeBSD: src/lib/libpam/modules/pam_krb5/pam_krb5.8,v 1.6 2001/11/24 > > 23:41:32 dd Exp $ > > -.Dd January 15, 1999 > > +.Dd Thursday 09, 2006 > > > It should be ".Dd November 9, 2006". Thanks again for your review... and apologies for such a careless patch. I've submitted a PR with an updated version. -- Shaun Amott // PGP: 0x6B387A9A "A foolish consistency is the hobgoblin of little minds." - Ralph Waldo Emerson pgp1bHmigxBAs.pgp Description: PGP signature
USB Video class driver
Hi, I am interest to know if FreeBSD has a USB Video Class driver project. I had seem a news from Creative which announce a new webcam following USB Video Class. It is time to start a Video Class driver for FreeBSD. -- Thinker Li (李圭烽) Mobile: 0968776647 E-Mail: [EMAIL PROTECTED] [EMAIL PROTECTED] ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Hardening FreeBSD, does anyone have any documentation that may help?
Vini Engel wrote: > This may not seem to be the best place to ask for this but as this is > supposed to be a list for high level discussions I am assuming that some > people have must know how to harden FreeBSD and/or may have articles and > other docs that can be shared. A good place to start is the security(7) manual page, and the security-related sections in the FreeBSD Handbook. Of course, pretty much any generic book on UNIX security applies to FreeBSD, too. Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. "UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things." -- Doug Gwyn ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
[Patch] sys/kern/kern_descrip.c: remove double limit check in fcntl()
Hello, I'm working on a project at school to develop a multimedia system (a la Windows Media Center) based on FreeBSD. I was looking at some code in sys/kern/kern_descrip.c to figure out how the fcntl() with F_DUPFD and dup() differ. I discovered that kern_fcntl() contains some redundant code. Right before calling do_dup(), it locks the process and checks that the minimal file descriptor is lower than the limit for the process. The do_dup() call does exactly the same check almost at the beginning. This causes the fcntl() call to call PROC_LOCK() once too much. The patch below prevents this by performing this check by do_dup(). It will prevent fcntl() from PROC_LOCK()'ing twice. It also fixes the return value of fcntl(). The manual page states that it should return EMFILE when it exceeds its limit, though the actual code sets EINVAL. %%% --- kern_descrip.c Thu Nov 9 13:23:40 2006 +++ kern_descrip.c Thu Nov 9 13:32:28 2006 @@ -355,7 +355,6 @@ struct proc *p; char *pop; struct vnode *vp; - u_int newmin; int error, flg, tmp; int giant_locked; @@ -393,16 +392,7 @@ case F_DUPFD: /* mtx_assert(&Giant, MA_NOTOWNED); */ FILEDESC_UNLOCK(fdp); - newmin = arg; - PROC_LOCK(p); - if (newmin >= lim_cur(p, RLIMIT_NOFILE) || - newmin >= maxfilesperproc) { - PROC_UNLOCK(p); - error = EINVAL; - break; - } - PROC_UNLOCK(p); - error = do_dup(td, DUP_VARIABLE, fd, newmin, td->td_retval); + error = do_dup(td, DUP_VARIABLE, fd, arg, td->td_retval); break; case F_GETFD: %%% -- Ed Schouten <[EMAIL PROTECTED]> WWW: http://g-rave.nl/ pgpyNumRS83bw.pgp Description: PGP signature
Hardening FreeBSD, does anyone have any documentation that may help?
Hi guys, This may not seem to be the best place to ask for this but as this is supposed to be a list for high level discussions I am assuming that some people have must know how to harden FreeBSD and/or may have articles and other docs that can be shared. We have a set of simple policies that are used to harden FreeBSD machines but I would like make it better and also would like to see how people do it out there so that I can pick the ideas that we find interesting/useful for us here and improve our hardening skills. Our machines range from dns servers to mail servers and a few router/firewalls. Some of them don't have to have anything special but some others have to comply with the policy of the highly protected networks that they live in, hence the reason why I want to improve my hardening skills. Any info will be greatly appreciated! Regards, Vini ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: New wpi driver
On Nov 8, 2006, at 1:36 PM, Massimo Lusetti wrote: Hi all, I'm pleased to tell you i got the latest wpi driver from Damien Bergamini to work properly on a latest -stable on an Acer laptop. Nice work! The driver is available here: http://www.datacode.it/wpi-freebsd/wpi-freebsd.tgz If anyone from FreeBSD team or else is willing to put it on a host with more bandwidth it's more then welcome. I've mirrored it at http://people.freebsd.org/~flz/local/wpi/wpi- freebsd-20061109.tgz. -- Florent Thoumie [EMAIL PROTECTED] FreeBSD Committer ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: RFC: pam_krb5: minimum_[ug]id options
On Thu, Nov 09, 2006 at 01:18:44AM +, Shaun Amott wrote: > Thanks for reviewing the patch. Here's an updated version with your > suggestions incorporated. > Please don't remove me from Cc:. I prefer to receive directed replies, and I didn't ask for non-directed reply via setting the Mail-Followup-To: header like you seem to prefer. Thanks. Below are some more comments; it's still not being perfect... > Index: pam_krb5.8 > === > RCS file: /home/ncvs/src/lib/libpam/modules/pam_krb5/pam_krb5.8,v > retrieving revision 1.6 > diff -u -r1.6 pam_krb5.8 > --- pam_krb5.824 Nov 2001 23:41:32 - 1.6 > +++ pam_krb5.89 Nov 2006 01:14:18 - > @@ -1,7 +1,7 @@ > .\" > .\" $Id: pam_krb5.5,v 1.5 2000/01/05 00:59:56 fcusack Exp $ > .\" $FreeBSD: src/lib/libpam/modules/pam_krb5/pam_krb5.8,v 1.6 2001/11/24 > 23:41:32 dd Exp $ > -.Dd January 15, 1999 > +.Dd Thursday 09, 2006 > It should be ".Dd November 9, 2006". > Index: pam_krb5.c > === > RCS file: /home/ncvs/src/lib/libpam/modules/pam_krb5/pam_krb5.c,v > retrieving revision 1.23 > diff -u -r1.23 pam_krb5.c > --- pam_krb5.c7 Jul 2005 14:16:38 - 1.23 > +++ pam_krb5.c9 Nov 2006 01:14:19 - > @@ -88,6 +88,8 @@ > #define PAM_OPT_CCACHE "ccache" > #define PAM_OPT_DEBUG"debug" > #define PAM_OPT_FORWARDABLE "forwardable" > +#define PAM_OPT_MINIMUM_GID "minimum_gid" > +#define PAM_OPT_MINIMUM_UID "minimum_uid" > #define PAM_OPT_NO_CCACHE"no_ccache" > #define PAM_OPT_REUSE_CCACHE "reuse_ccache" > > @@ -110,6 +112,9 @@ > const char *user, *pass; > const void *sourceuser, *service; > char *principal, *princ_name, *ccache_name, luser[32], *srvdup; > + const char *retstr; > + uid_t minuid = 0; > + gid_t mingid = 0; Initializations can be done later, please see below. > > retval = pam_get_user(pamh, &user, USER_PROMPT); > if (retval != PAM_SUCCESS) > @@ -222,6 +227,39 @@ > > PAM_LOG("Done getpwnam()"); > > + retstr = openpam_get_option(pamh, PAM_OPT_MINIMUM_UID); > + if (retstr != NULL) { > + if ((minuid = (uid_t)strtoul(retstr, NULL, 10)) == 0) { > + if (errno == ERANGE || errno == EINVAL) { > Checking for ERANGE here is pointless, as when it's set, the return value will be ULONG_MAX and not zero. > + PAM_LOG("Error in minimum_uid: %s", > + strerror(errno)); > + return (PAM_SERVICE_ERR); > + } > + } else if (minuid > UID_MAX) { Err, you should be range checking an uncasted "unsigned long" value against UID_MAX because by casting it to (uid_t) this condition is always false. On 32-bit platforms where "long" is 4 bytes it's moot anyway, but on 64-bit platforms with 8-byte longs it will make a difference. I think a correct code would look something like this (assuming it's guaranteed that sizeof(uid_t) <= sizeof(long) ;-): : unsigned long val; : : val = strtoul(retstr, NULL, 10); : if ((val == ULONG_MAX && errno == ERANGE) || : (val == 0 && errno == EINVAL)) : /* error1 */ : else if (val > UID_MAX) : /* error2 */ : else : uid = (uid_t)val; > + PAM_LOG("Error in minimum_uid: invalid UID"); > + return (PAM_SERVICE_ERR); > + } > + } It probably makes sense to initialize "minuid = 0" only here (in the "else" clause), rather than doing it in the declaration part. > + > + retstr = openpam_get_option(pamh, PAM_OPT_MINIMUM_GID); > + if (retstr != NULL) { > + if ((mingid = (gid_t)strtoul(retstr, NULL, 10)) == 0) { > + if (errno == ERANGE || errno == EINVAL) { > + PAM_LOG("Error in minimum_gid: %s", > + strerror(errno)); > + return (PAM_SERVICE_ERR); > + } > + } else if (mingid > GID_MAX) { > + PAM_LOG("Error in minimum_gid: invalid GID"); > + return (PAM_SERVICE_ERR); > + } > + } > + > + if (pwd->pw_uid < minuid || pwd->pw_gid < mingid) > + return (PAM_IGNORE); Ditto for the GID code. Cheers, -- Ruslan Ermilov [EMAIL PROTECTED] FreeBSD committer pgpfD2rHnQDuM.pgp Description: PGP signature