FreeBSD cvs-src summary for 27/09/04 to 04/10/04 ++++++++++++++++++++++++++++++++++++++++++++++++ This is a regular weekly summary of FreeBSD's cutting-edge development. It is intended to help the FreeBSD community keep up with the fast-paced work going on in FreeBSD-CURRENT by distilling the deluge of data from the CVS mailing list into a (hopefully) easy-to-read newsletter. This newsletter is marked up in reStructuredText_, so any odd punctuation that you see is likely intended for the reST parser. .. _reStructuredText: http://docutils.sourceforge.net/rst.html You can get old summaries, and an HTML version of this one, at http://www.xl0.org/FreeBSD/. Please send any comments to Mark Johnston (mark at xl0.org). If you would like to get the summary without subscribing to current_at_, please send mail to freebsd-cvs-summary-subscribe_at_lists.enderunix.org. Thanks to Omer Faruk Sen and EnderUNIX for hosting this list. For Lukasz Dudek and Szymon Roczniak's Polish translations of these summaries, which may lag the English ones slightly, please see http://mocart.pinco.pl/FreeBSD/. .. contents:: ============ New features ============ IPFW integrated with ALTQ ------------------------- Brian Feldman (green) added code to IPFW, the FreeBSD packet filter, to allow it to work with the ALTQ traffic shaper, by classifying packets to give them certain bandwidth levels. If an ipfw rule includes the "altq" keyword, followed by a queue name, it will be tagged to go into the named queue. Before ALTQ queues can be used, pfctl must be used to set them up, and if the queues are rearranged, the ipfw rules should be reloaded. You can enable and disable altq entirely by running "ipfw enable altq" or "ipfw disable altq". http://www.freebsd.org/cgi/mid.cgi?200410030017.i930Hk21032869 IPFW tags for diverted status and TCP data length ------------------------------------------------- Brian Feldman (green) added support to IPFW for matching packets based on diverted status -- that is, whether they came from a divert socket -- and TCP data length. The new diversion-related keywords are: "diverted", which matches only packets generated by a divert socket; "diverted-loopback", which matches only packets coming from a divert socket and destined for the local system; and "diverted-output", which matches only packets going from a divert socket to the IP stack output to be sent elsewhere. The TCP data length keyword is "tcpdatalen" followed by a value or list of values or ranges, like the "ports" keyword. http://www.freebsd.org/cgi/mid.cgi?200410030026.i930QaBb033215 http://www.freebsd.org/cgi/mid.cgi?200410030047.i930lFo8040250 BIND now chroot'ed by default ----------------------------- Along with the introduction of BIND 9, mentioned `two summaries ago`_, Doug Barton (dougb) has changed the configuration of named, the system DNS server, to run in a chroot jail by default. This jail is located in /var/named. For instructions on converting from the old /etc/namedb configuration to the new /var/named way, please see `/usr/src/UPDATING`_. .. _`two summaries ago`: http://excel.xl0.org/FreeBSD/20-09-04.html#bind-upgraded-to-version-9-3-0rc4 .. _`/usr/src/UPDATING`: http://www.freebsd.org/cgi/cvsweb.cgi/~checkout~/src/UPDATING?rev=1.365&content-type=text/plain http://www.freebsd.org/cgi/mid.cgi?200409280946.i8S9k0le070558 Recovery tool for damaged disks added ------------------------------------- Poul-Henning Kamp (phk) added a new utility, recoverdisk, that recovers as much data as possible from damaged disks. The tool will read an entire disk or partition 1 MB at a time, optionally writing the output to a specified file. Any 1 MB chunks that have read errors in them will be retried 64 kbytes at a time, and any 64 kbyte chunks with read errors will be retried sector-by-sector. The program keeps running and retrying the errored sectors until interrupted. As an example, Poul-Henning gives:: recoverdisk /dev/fd0 myfloppy.flp The tool is located in /usr/src/tools/tools/recoverdisk. http://www.freebsd.org/cgi/mid.cgi?200409282200.i8SM015j016818 =============== Notable changes =============== USB serial devices renamed -------------------------- Poul-Henning Kamp (phk) changed the ucom driver, for USB serial devices, to use generic TTY device names instead of customized ones. USB serial devices are now named /dev/ttyU# and /dev/cuaU# for call-in and call-out devices respectively, with # being replaced by the device number. Previously, the devices were named /dev/ucom#. These changes also improve the stability of the system when USB serial devices are unplugged unexpectedly. http://www.freebsd.org/cgi/mid.cgi?200409282023.i8SKNnx8007168 Specialix serial devices renamed -------------------------------- Similarly to the USB commit above, Poul-Henning Kamp (phk) renamed the serial devices for Specialix multiport serial cards. The old names were /dev/ttyA# and /dev/cuaA#, and the new ones are /dev/ttyA or /dev/cuaA followed by the card number, then the port number. http://www.freebsd.org/cgi/mid.cgi?200410021656.i92Gu8Ef013366 CVS version string format changed --------------------------------- Peter Wemm (peter) changed the format of the version string for the cvs and cvsbug tools. It was previously displayed as "Concurrent Versions System (CVS) '1.11.15'-FreeBSD (client/server)", with the version number in single quotes. The quotes have now been eliminated, so you will need to update any scripts that parse the cvs -v output. http://www.freebsd.org/cgi/mid.cgi?200409282102.i8SL2iwj015034 ================= Discussion topics ================= Changing the behavior of rm --------------------------- (Editor's note: This is a difficult thread to summarize. I'll do my best to give all arguments equal time and avoid insinuating my own opinion; apologies in advance if this comes out biased. I've also dispensed with the usual cutesy attributions in favor of "said"; I may actually just start doing that all the time.) Dag-Erling Smorgrav (des) made a commit to rm, with the message "Find out how flame-proof my underwear really is." The effect of the commit was to have rm discard any arguments that consisted solely of "/". Max Laier (mlaier) said, "From the committer-guide: 'Good commit messages are important. [ . . . ]' Other than that, this seems to be an outcome of the *ongoing* thread in hackers. If there is any consensus in that thread, then it's that every such goof should be conditionalized by a environment variable. Any particular reason for this change?" Giorgios Keramidas (keramida) said, "I do respect Dag-Erling's technical expertise a lot of times every day, but since I was the one who kindled the flames of the particular thread, I'm not comfortable at all with this change. Most of the replies in the thread were against, not for, the change in the behavior of rm(1)." Max, responding to his earlier post, said, "You never answered to this question. Neither on the list nor in your very rude private mail. While it is true that this change does nothing bad, I still completely fail to see the point." Max then gave a few examples of other ways to rm -r / that would not be prevented by Dag-Erling's change, saying, "Unfortunately it's seldom the obvious way that this happens." Tim Robbins (tjr), in another thread starting from Dag-Erling's commit, said, "I object to this change." Dag-Erling said, "Do you really have nothing better to do with your time? Did you even bother to read the blog entry Giorgios referred to, which specifically mentioned that the relevant standards have been amended to allow this?" Ceri Davies (ceri) said, "It didn't mention which standard, and I guess from the lack of citation that you have that information to hand either." Dag-Erling said, "And this is where you'd be wrong. Check the Austin Group mailing list archives and the SCU Defect Report in Aardvark. [ . . . ] As far as I can tell, the resolution was that 'the wording in the current version of the standard does not allow this, but future versions will.'" Kevin Oberman said, "Look! I might or might not care about the actual change, but this needs a REAL commit message. [ . . . ] Please do a forced commit with a real log entry! Then we can get back to the discussion of its appropriateness." M. Warner Losh (imp) said, in response to Dag-Erling's last post, "Just because the standard allows the insane behavior of not allow rm -rf / doesn't mean it requires it. Your commit is disruptive, rude and disrespectful of your fellow committers. Please back it out." Dag-Erling said, "You admitted yourself that the only semi-rational argument you had against this patch was based on a misunderstanding. [ . . . ] Rude, disruptive and disrespectful behaviour is what Giorgios was subjected to when he proposed a perfectly reasonable change which is supported by the relevant standards body and has precedent in other operating systems. Now back off, then come back in three days and see if you still honestly care when the heat of the moment has worn off." Warner replied to Ceri's post, saying, "I'm quite prepared to back it out if DES doesn't want to, but that would be rude. However, I don't want to see rude behavior rewarded." Ceri said, "That won't really help. What the code actually does isn't the issue for me." Jun Kuriyama (kuriyama) said, in response to Dag-Erling's first post, "\*Your\* commit log is wasting committers' time to be forced checking actual diffs because we cannot know what changes are made from your commit log." [backslashes added] Tim replied to the same post, saying, "Your commit adds no value whatsoever to FreeBSD, and your general behaviour borders on spiteful." Christian S. J. Peron (csjp) replied to Dag-Erling's initial commit, saying, "I am sure people could tell you how flame proof your underwear is if you would tell us exactly what you changed." John Baldwin (jhb) also replied to the commit, saying, "Not very if you're too cowardly to say what you changed." Warner replied to the commit as well, saying, "Please back this out. There's an ungoing discussion and it is far from clear that this is a sane idea." Dag-Erling said, "Take a deep breath and a couple of days off, then re-read the so- called 'ongoing discussion'. It is a textbook example of the bikeshed phenomenon, with hardly a single rational argument." Garance A. Drosihn (gad) said, "There were some ration arguments. Few of the rational arguments were for making this change. I'd say back this change out." Warner responded to the initial commit, saying, "I contend that this change is technically flawed. While it is allowed by the standards, I believe we should exit entirely when we hit this 'third rail' rather than just ignoring the offending arg. [ . . . ] So from a technical point of view, my opinion is that the only error in this commit is a warn(...) where there should be an errx(1, ...)." Dag-Erling said, "I don't personally object to the behaviour you propose, but it is not what will be in the standard." Makoto Matsushita (matusita) said, "[P]lease don't "discuss" on cvs-src -- use hackers_at_ where this topic came from." http://www.freebsd.org/cgi/mid.cgi?200410041126.i94BQ273055417 =================== Important bug fixes =================== Console screenshot security bug fixed ------------------------------------- Jacques Vidrine (nectar) updated the syscons code to disallow negative coordinates and sizes when taking a screenshot using the CONS_SCRSHOT ioctl. This closes a security hole that could have resulted in portions of kernel memory being returned. In order to exploit the security hole, a user would have to be able to open a /dev/ttyv* device, which requires local console access on a normally-configured FreeBSD machine. This security issue affected all 5.x releases, but 4.x was not vulnerable. It was reported by Christer Oberg and addressed in `FreeBSD-SA-04:15.syscons`_. .. _`FreeBSD-SA-04:15.syscons`: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:15.syscons.asc http://www.freebsd.org/cgi/mid.cgi?200409292136.i8TLa741099967 =============== Other bug fixes =============== Warner Losh (imp) fixed a bug in init that prevented it from being used to keep daemons running as described in the man page. http://www.freebsd.org/cgi/mid.cgi?200409280422.i8S4Mu7g047371Received on Tue Oct 05 2004 - 15:06:02 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:15 UTC