Troy Davis | 23 Nov 17:28 2014

[patch] tcp.7: Clarify tcp_tw_recycle on Internet-facing hosts

Clarify that tcp_tw_recycle will break communication with many
general-purpose remote Internet hosts (namely, remote NAT devices)
even when the Linux device itself is not behind NAT.

Sources:
  - BCP to make NAT implementors aware of this problem (2013):
https://tools.ietf.org/html/draft-penno-behave-rfc4787-5382-5508-bis-04#section-3.1.2
  - RFC 1323 (PAWS)
  - RFC 6191: Reducing the TIME-WAIT State Using TCP Timestamps
  - The many users who unknowingly enabled this option on devices
communicating with the general-purpose Internet:
https://www.google.com/search?q=tcp_tw_recycle%20ip%20nat%20timestamp

Patched against git HEAD as of this email
(ac5ba355d52a5a29f2d26badc96e6da9e48c0097).

diff --git a/man7/tcp.7 b/man7/tcp.7
index e6f5aee..06cc127 100644
--- a/man7/tcp.7
+++ b/man7/tcp.7
 <at>  <at>  -780,10 +780,11  <at>  <at>  building larger TSO frames.
 .TP
 .IR tcp_tw_recycle " (Boolean; default: disabled; since Linux 2.4)"
 .\" Since 2.3.15
-Enable fast recycling of TIME_WAIT sockets.
-Enabling this option is not
-recommended since this causes problems when working
-with NAT (Network Address Translation).
+Enable fast recycling of TIME_WAIT sockets. Enabling this option is
+not recommended for devices communicating with the general Internet
(Continue reading)

Carlos O'Donell | 19 Nov 20:45 2014
Picon

[PATCH] wordexp.3: Make it clear that WRDE_NOCMD prevents command substitution.

The use of WRDE_NOCMD prevents command substitution. If the flag
WRDE_NOCMD is set then no command substitution shall occur and
the error WRDE_CMDSUB will be returned if such substitution is
requested when processing the words.

The manual page as-is makes it seem like the command substitution
occurs, and an error is returned *after* the substitution.

This patch clarifies that.

Patch against trunk.

Signed-off-by: Carlos O'Donell <carlos@...>

diff --git a/man3/wordexp.3 b/man3/wordexp.3
index c695c08..e457943 100644
--- a/man3/wordexp.3
+++ b/man3/wordexp.3
 <at>  <at>  -169,7 +169,7  <at>  <at>  flag
 told us to consider this an error.
 .TP
 .B WRDE_CMDSUB
-Command substitution occurred, and the
+Command substitution requested, but the
 .B WRDE_NOCMD
 flag told us to consider this an error.
 .TP
---

Cheers,
(Continue reading)

Mark Veltzer | 19 Nov 04:57 2014
Picon

Missing manual pages for pthread_mutexattr_{get|set}robust(3)

These functions actually exist and work in current day distributions
(I am on ubuntu 13.10, 14.04 and 14.10) but are not documented in any
way.

I actually found out that these functions exist using the pthread
library on win32...:)

These functions determine whether a futex is robust or not.

I have checked the latest version of manpages to make sure that it is
indeed missing.

Cheers,
    Mark
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo@...
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Michael Haardt | 17 Nov 09:07 2014
Picon

Addition to memcmp(3)

Hello,

memcmp(3) does not document the return value for length 0 and the
CPU time depending on the number of compared bytes.  While both
is obvious, it should still be documented.

Michael

--- memcmp.3.orig	2014-11-17 08:53:53.848805576 +0100
+++ memcmp.3	2014-11-17 08:58:39.699005856 +0100
 <at>  <at>  -27,6 +27,7  <at>  <at> 
 .\"     Lewine's _POSIX Programmer's Guide_ (O'Reilly & Associates, 1991)
 .\"     386BSD man pages
 .\" Modified Sat Jul 24 18:55:27 1993 by Rik Faith (faith@...)
+.\" Modified Mon Nov 17 07:45:13 2014 by Michael Haardt (michael@...)
 .TH MEMCMP 3  2014-03-14 "" "Linux Programmer's Manual"
 .SH NAME
 memcmp \- compare memory areas
 <at>  <at>  -42,6 +43,11  <at>  <at> 
 function compares the first \fIn\fP bytes (each interpreted as
 .IR "unsigned char" )
 of the memory areas \fIs1\fP and \fIs2\fP.
+.PP
+Do not use
+.BR memcmp ()
+to compare security critical data, such as cryptographic secrets,
+because the required CPU time depends on the amount of equal bytes.
 .SH RETURN VALUE
 The
 .BR memcmp ()
(Continue reading)

Richard Weinberger | 16 Nov 23:36 2014
Picon

[PATCH] pid_namespaces.7: tfix

s/PR_GET_CHILD_SUBREAPER/PR_SET_CHILD_SUBREAPER

Signed-off-by: Richard Weinberger <richard@...>
---
 man7/pid_namespaces.7 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/man7/pid_namespaces.7 b/man7/pid_namespaces.7
index 2090101..8582da3 100644
--- a/man7/pid_namespaces.7
+++ b/man7/pid_namespaces.7
 <at>  <at>  -70,7 +70,7  <at>  <at>  to this process rather than
 (unless one of the ancestors of the child
 in the same PID namespace employed the
 .BR prctl (2)
-.B PR_GET_CHILD_SUBREAPER
+.B PR_SET_CHILD_SUBREAPER
 command to mark itself as the reaper of orphaned descendant processes).

 If the "init" process of a PID namespace terminates,
--

-- 
2.1.0

--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo@...
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Chris Mayo | 16 Nov 18:03 2014
Picon

[patch] capabilities.7: NOTES: add last kernel versions for obsolete options


CONFIG_SECURITY_CAPABILITIES option removed by:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/security?id=5915eb53861c5776cfec33ca4fcc1fd20d66dd27

CONFIG_SECURITY_FILE_CAPABILITIES option removed in Linux 2.6.33 as already mentioned in DESCRIPTION

Signed-off-by: Chris Mayo <aklhfex@...>
---
 man7/capabilities.7 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/man7/capabilities.7 b/man7/capabilities.7
index a1adcb5..bc461a4 100644
--- a/man7/capabilities.7
+++ b/man7/capabilities.7
 <at>  <at>  -1124,7 +1124,7  <at>  <at>  is based on the withdrawn POSIX.1e draft standard; see
 .UR http://wt.tuxomania.net\:/publications\:/posix.1e/
 .UE .
 .SH NOTES
-Since kernel 2.5.27, capabilities are an optional kernel component,
+From kernel 2.5.27 to kernel 2.6.26, capabilities are an optional kernel component,
 and can be enabled/disabled via the
 .B CONFIG_SECURITY_CAPABILITIES
 kernel configuration option.
 <at>  <at>  -1161,7 +1161,7  <at>  <at>  It can be found at
 .UR http://www.kernel.org\:/pub\:/linux\:/libs\:/security\:/linux-privs
 .UE .

-Before kernel 2.6.24, and since kernel 2.6.24 if
+Before kernel 2.6.24, and from kernel 2.6.24 to kernel 2.6.32 if
(Continue reading)

Josh Triplett | 15 Nov 10:00 2014

[PATCH 1/2] groups: Factor out a function to set a pre-sorted group list

This way, functions that already need to sort the group list need not do
so twice.

The new set_groups_sorted is intentionally not exported.

Signed-off-by: Josh Triplett <josh@...>
---
 kernel/groups.c | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/kernel/groups.c b/kernel/groups.c
index 451698f..f0667e7 100644
--- a/kernel/groups.c
+++ b/kernel/groups.c
 <at>  <at>  -154,16 +154,26  <at>  <at>  int groups_search(const struct group_info *group_info, kgid_t grp)
 }

 /**
+ * set_groups_sorted - Change a group subscription in a set of credentials
+ *  <at> new: The newly prepared set of credentials to alter
+ *  <at> group_info: The group list to install; must be sorted
+ */
+static void set_groups_sorted(struct cred *new, struct group_info *group_info)
+{
+	put_group_info(new->group_info);
+	get_group_info(group_info);
+	new->group_info = group_info;
+}
+
+/**
(Continue reading)

Andrea Balboni | 14 Nov 18:33 2014
Picon

[PATCH] pthread_attr_init.3: tfix

---
 man3/pthread_attr_init.3 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/man3/pthread_attr_init.3 b/man3/pthread_attr_init.3
index 6092283..3875519 100644
--- a/man3/pthread_attr_init.3
+++ b/man3/pthread_attr_init.3
 <at>  <at>  -106,7 +106,7  <at>  <at>  we see the following:
 .in +4n
 .nf
 .\" Results from glibc 2.8, SUSE 11.0; Oct 2008
-.RB "$" " ulimit \-s" "       # No stack imit ==> default stack size is 2MB"
+.RB "$" " ulimit \-s" "       # No stack limit ==> default stack size is 2MB"
 unlimited
 .RB "$" " ./a.out"
 Thread attributes:
--

-- 
2.1.3

--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo@...
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Jonny Grant | 11 Nov 23:27 2014

getopt.3

http://man7.org/linux/man-pages/man3/getopt.3.html

Hello

I noticed that "nsecs = 0;" is not needed in the getopt source code example.

GCC gives warning about this variable being initialised.

Regards, Jonny
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo@...
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Weijie Yang | 11 Nov 08:18 2014

[bug report] fadvise64.2: Linux actually returns ESPIPE on FIFO/pipe

In man-page fadvise64.2(and its variants), the following is outdated:

"ESPIPE The specified file descriptor refers to a pipe or FIFO.  (Linux actually returns EINVAL in this case.)"

In Linux 2.6.12, kernel was modified to match the POSIX: return ESPIPE on FIFO/pipe

See detail:

commit 87ba81dba431232548ce29d5d224115d0c2355ac
Author: Valentine Barshak <vbarshak@...>
Date:   Sun Jan 8 01:03:44 2006 -0800

    [PATCH] fadvise: return ESPIPE on FIFO/pipe

    The patch makes posix_fadvise return ESPIPE on FIFO/pipe in order to be
    fully POSIX-compliant.

    Signed-off-by: Andrew Morton <akpm@...>
    Signed-off-by: Linus Torvalds <torvalds@...>

diff --git a/mm/fadvise.c b/mm/fadvise.c
index 5f19e87..d257c89 100644
--- a/mm/fadvise.c
+++ b/mm/fadvise.c
 <at>  <at>  -37,6 +37,11  <at>  <at>  asmlinkage long sys_fadvise64_64(int fd, loff_t offset, loff_t len, int advice)
        if (!file)
                return -EBADF;

+       if (S_ISFIFO(file->f_dentry->d_inode->i_mode)) {
+               ret = -ESPIPE;
(Continue reading)

Michael Kerrisk (man-pages | 11 Nov 06:17 2014
Picon

Re: [patch] sched_setscheduler.2 tfix

On 11/10/2014 11:08 AM, Adam Jiang wrote:
> Fix typo in sched_setscheduler.2.

Thanks, Adam. Applied.

Cheers,

Michael

--

-- 
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo@...
More majordomo info at  http://vger.kernel.org/majordomo-info.html


Gmane