Discussion of non-kernel related technical issues

S.P.Zeidler | 4 Apr 2012 22:57

Picon

duplicate uid warning in daily security check

Hi,

I have a few intentional duplicate UIDs, and the daily warning is
annoying me. Proposed fix: make a configurable list of user ids that
aren't considered for the purpose of duplicate uid detection, and adjust
/etc/security to fit.

This gives us a new entry in defaults listing "toor":

RCS file: /cvsroot/src/etc/defaults/security.conf,v
retrieving revision 1.23
diff -u -u -r1.23 security.conf
--- defaults/security.conf      5 Feb 2010 16:29:02 -0000       1.23
+++ defaults/security.conf      4 Apr 2012 20:46:16 -0000
 <at>  <at>  -41,6 +41,7  <at>  <at> 

 check_passwd_nowarn_shells="/sbin/nologin"
 check_passwd_nowarn_users=""
+check_passwd_permit_dups="toor"
 check_passwd_permit_star=NO
 check_passwd_permit_nonalpha=NO
 max_loginlen=16

and:

RCS file: /cvsroot/src/etc/security,v
retrieving revision 1.110
diff -u -u -r1.110 security
--- security    2 Mar 2011 17:00:28 -0000       1.110
+++ security    4 Apr 2012 20:46:16 -0000

(Continue reading)

Christos Zoulas | 5 Apr 2012 05:05

Re: duplicate uid warning in daily security check

In article <20120404205716.GO7066 <at> serpens.de>,
S.P.Zeidler <spz <at> serpens.de> wrote:
>Hi,
>
>I have a few intentional duplicate UIDs, and the daily warning is
>annoying me. Proposed fix: make a configurable list of user ids that
>aren't considered for the purpose of duplicate uid detection, and adjust
>/etc/security to fit.
>
>This gives us a new entry in defaults listing "toor":
>
>RCS file: /cvsroot/src/etc/defaults/security.conf,v
>retrieving revision 1.23
>diff -u -u -r1.23 security.conf
>--- defaults/security.conf      5 Feb 2010 16:29:02 -0000       1.23
>+++ defaults/security.conf      4 Apr 2012 20:46:16 -0000
> <at>  <at>  -41,6 +41,7  <at>  <at> 
> 
> check_passwd_nowarn_shells="/sbin/nologin"
> check_passwd_nowarn_users=""
>+check_passwd_permit_dups="toor"
> check_passwd_permit_star=NO
> check_passwd_permit_nonalpha=NO
> max_loginlen=16
>
>and:
>
>RCS file: /cvsroot/src/etc/security,v
>retrieving revision 1.110
>diff -u -u -r1.110 security

(Continue reading)

David Holland | 9 Apr 2012 06:44

Picon

Re: duplicate uid warning in daily security check

On Wed, Apr 04, 2012 at 10:57:17PM +0200, S.P.Zeidler wrote:
 > I have a few intentional duplicate UIDs, and the daily warning is
 > annoying me. Proposed fix: make a configurable list of user ids that
 > aren't considered for the purpose of duplicate uid detection, and adjust
 > /etc/security to fit.
 > 
 > This gives us a new entry in defaults listing "toor":
 > [...]

one quibble: maybe the name of the variable should be
"check_passwd_expected_dups"?

Otherwise looks fine to me.

--

-- 
David A. Holland
dholland <at> netbsd.org

Tamas Toth | 10 Apr 2012 11:41

Picon

chfs support in makefs

Hi,

I added chfs support to makefs. It's a bit ugly, because I had to copy  
some parts of sys/vnode.h to chfs/mkfs_chfs.c. (Tools can't be compiled  
with build.sh if I include the sys/vnode.h.)

Does anyone have a better solution to this problem and/or comments on the  
code or can I commit it?

ttoth

Attachment (mkfs.chfs.diff): application/octet-stream, 29 KiB

Martin Husemann | 10 Apr 2012 13:13

Picon

Re: chfs support in makefs

On Tue, Apr 10, 2012 at 11:41:11AM +0200, Tamas Toth wrote:
> I added chfs support to makefs. It's a bit ugly, because I had to copy  
> some parts of sys/vnode.h to chfs/mkfs_chfs.c. (Tools can't be compiled  
> with build.sh if I include the sys/vnode.h.)

I wonder if we should run a second "late tools" build for tools only needed
to prepare installation images and similar, which then can rely on the 
installed target headers.

Duplicating this definitions sounds dangerous.

Martin

Joerg Sonnenberger | 10 Apr 2012 15:20

Picon

Re: chfs support in makefs

On Tue, Apr 10, 2012 at 11:41:11AM +0200, Tamas Toth wrote:
> I added chfs support to makefs. It's a bit ugly, because I had to
> copy some parts of sys/vnode.h to chfs/mkfs_chfs.c. (Tools can't be
> compiled with build.sh if I include the sys/vnode.h.)

Create a local copy of vnode.h in the Makefile and include that with
#include "vnode.h"  for the host program case?

Joerg

Alan Barrett | 10 Apr 2012 15:56

Re: chfs support in makefs

On Tue, 10 Apr 2012, Tamas Toth wrote:
>I added chfs support to makefs. It's a bit ugly, because I had to copy 
>some parts of sys/vnode.h to chfs/mkfs_chfs.c. (Tools can't be 
>compiled with build.sh if I include the sys/vnode.h.)

What goes wrong when you try to build tools?

--apb (Alan Barrett)

Chuck Silvers | 10 Apr 2012 16:02

Re: chfs support in makefs

On Tue, Apr 10, 2012 at 11:41:11AM +0200, Tamas Toth wrote:
> Hi,
> 
> I added chfs support to makefs. It's a bit ugly, because I had to
> copy some parts of sys/vnode.h to chfs/mkfs_chfs.c. (Tools can't be
> compiled with build.sh if I include the sys/vnode.h.)
> 
> Does anyone have a better solution to this problem and/or comments
> on the code or can I commit it?

sys/vnode.h should not be used to define the on-disk format of any file system.
everything it contains is for in-core use only.  chfs should provide its own
definition for anything that it wants to store on disk.

-Chuck

Tamas Toth | 10 Apr 2012 16:24

Picon

Re: chfs support in makefs

> What goes wrong when you try to build tools?

sys/vnode.h include some uvm related files and they need vaddr_t and  
vsize_t types. They should come from machine/types.h, but only if  
_NETBSD_SOURCE is defined.

I think that sys/vnode.h shouldn't be included in a userspace program  
anyway.

Tamas Toth | 10 Apr 2012 16:33

Picon

Re: chfs support in makefs


> Create a local copy of vnode.h in the Makefile and include that with
> #include "vnode.h"  for the host program case?

I think this solution would be as ugly as the current code.

Group

gmane.os.netbsd.devel.userlevel.

Search Archive

Page

1 | 2 | 3 | 4 | 5 | 6 | 7

Articles in period: 68

April 2012

Language

Change language

Options

Current view: Threads only / Showing only 20 lines / Not hiding cited text.
Change to All messages, whole messages, or hide cited text.

Post a message
NNTP Newsgroup
Classic Gmane web interface
XML

XML

RSS Feed
List Information

About Gmane

Recent entries

Incompat change (6 weeks ago) in stdio breaks formail (from procmail) (19 May 2013)
Alternative access for C locale (9 May 2013)
clang build of libc on netbsd-6 fails (9 May 2013)
build.sh -Uuom i386 fails on i386: sysinstmsgs.* missing (9 May 2013)
where is res_nupdate()? (8 May 2013)
dhcpcd-5.99.5 final testing for DHCPv6 (3 May 2013)
test(1)/find(1) time comparison with timespec (2 May 2013)
Support for non-default rounding modes in the softfloat layer (30 Apr 2013)
compiler_rt -- separate or part of libc? (30 Apr 2013)
vndcompress (29 Apr 2013)
RFC: Fix for PR 47645 (28 Apr 2013)
Namespace pollution in strings.h (27 Apr 2013)
radiusd: Error detected by libpthread: Invalid mutex. (26 Apr 2013)
RT-11 filesystem support for makefs (25 Apr 2013)
utility to call getaddrinfo(3) (25 Apr 2013)
duplocale/freelocale/newlocale support (23 Apr 2013)
[PATCH] Support for mbsnrtowcs and wcsnrtomb (21 Apr 2013)
NetBSD Live upgrade, GSoC 2013 (10 Apr 2013)
sys/stat.h (7 Apr 2013)
HELP DESK (4 Apr 2013)
unified man page (1 Apr 2013)

Archives

50	May 2013
158	April 2013
177	March 2013
130	February 2013
203	January 2013
111	December 2012
43	November 2012
104	October 2012
52	September 2012
125	August 2012
75	July 2012
72	June 2012
75	May 2012
64	April 2012
107	March 2012
140	February 2012
132	January 2012
34	December 2011
158	November 2011
170	October 2011
69	September 2011
108	August 2011
104	July 2011
64	June 2011
160	May 2011
115	April 2011
192	March 2011
133	February 2011
148	January 2011
179	December 2010
17	November 2010
142	October 2010
87	September 2010
88	August 2010
87	July 2010
81	June 2010
57	May 2010
136	April 2010
106	March 2010
94	February 2010
190	January 2010
48	December 2009
122	November 2009
196	October 2009
55	September 2009
114	August 2009
122	July 2009
201	June 2009
48	May 2009
94	April 2009
243	March 2009
177	February 2009
74	January 2009
66	December 2008
68	November 2008
81	October 2008
180	September 2008
191	August 2008
91	July 2008
159	June 2008
170	May 2008
178	April 2008
131	March 2008
77	February 2008
121	January 2008
129	December 2007
43	November 2007
145	October 2007
99	September 2007
84	August 2007
152	July 2007
76	June 2007
40	May 2007
39	April 2007
79	March 2007
147	February 2007
86	January 2007
138	December 2006
96	November 2006
240	October 2006
147	September 2006
112	August 2006
118	July 2006
55	June 2006
54	May 2006
72	April 2006
73	March 2006
17	February 2006
87	January 2006
96	December 2005
23	November 2005
64	October 2005
58	September 2005
89	August 2005
69	July 2005
280	June 2005
82	May 2005
82	April 2005
182	March 2005
99	February 2005
237	January 2005
46	December 2004
121	November 2004
145	October 2004
149	September 2004
64	August 2004
145	July 2004
178	June 2004
151	May 2004
93	April 2004
117	March 2004
51	February 2004
232	January 2004
194	December 2003
108	November 2003
123	October 2003
287	September 2003
45	August 2003
125	July 2003
172	June 2003
106	May 2003
140	April 2003
211	March 2003
220	February 2003
199	January 2003
213	December 2002
130	November 2002
221	October 2002
258	September 2002
105	August 2002
208	July 2002
256	June 2002
83	May 2002
209	April 2002
51	March 2002

Design

Zawodny | Right Menu | Left Menu

Your Own Design

Paste the URL of your CSS below. Download CSS template