| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 8 Oct 2016 14:25:14 +0200
From: "Michael Kerrisk (man-pages)" <mtk.manpages@...il.com>
To: lkml <linux-kernel@...r.kernel.org>
Cc: mtk.manpages@...il.com
Subject: man-pages-4.08 is released
The Linux man-pages maintainer proudly announces:
man-pages-4.08 - man pages for Linux
This release includes input and contributions from
around 40 people. Nearly 200 pages saw changes, ranging
from typo fixes through to page rewrites and 1 new page.
Tarball download:
http://www.kernel.org/doc/man-pages/download.html
Git repository:
https://git.kernel.org/cgit/docs/man-pages/man-pages.git/
Online changelog:
http://man7.org/linux/man-pages/changelog.html#release_4.08
A short summary of the release is blogged at:
http://linux-man-pages.blogspot.com/2016/10/man-pages-408-is-released.html
The current version of the pages is browsable at:
http://man7.org/linux/man-pages/
A selection of changes in this release that may be of interest
to readers on LKML is shown below.
Cheers,
Michael
==================== Changes in man-pages-4.08 ====================
Released: 2016-10-08, Munich
New and rewritten pages
-----------------------
quotactl.2
Eugene Syromyatnikov [Michael Kerrisk]
Updated information regarding disk quota flags
Added information regarding DQF_SYS_FILE flag; updated definition
of V1_DQF_RSQUASH, which has been defined privately and defined
publicly as DQF_ROOT_SQUASH.
Eugene Syromyatnikov
Updated information regarding XFS-specific quotactl subcommands
Added information regarding structure definitions used for
XFS-specific subcommands, updated flag constants, added
information regarding ignored syscall arguments, added notes on
usage of kernel UAPI header.
Eugene Syromyatnikov
Additions regarding project quotas
Added information regarding presence of project quotas.
bswap.3
Michael Kerrisk
New page documenting bswap_16(), bswap_32(), and bswap_64()
cgroups.7
Michael Kerrisk
Substantial rewrites, additions, and corrections.
Newly documented interfaces in existing pages
---------------------------------------------
readv.2
Michael Kerrisk
Document the pwritev2() RWF_SYNC and RWF_DSYNC flags
proc.5
Michael Kerrisk
Document /proc/PID/seccomp
Jann Horn
Document /proc/[pid]/task/[tid]/children
Document the /proc/[pid]/task/[tid]/children interface from
CRIU, and more importantly, document why it's usually not
a good interface.
Changes to individual pages
---------------------------
chroot.2
Michael Kerrisk
Note user namespace requirements for CAP_SYS_CHROOT
clone.2
Keno Fischer [Josh Triplett]
Adjust syscall prototype and expand CLONE_SETTLS description
Michael Kerrisk [Josh Triplett, Josh Triplett]
Document raw syscall interfaces on various other architectures
Michael Kerrisk
Change types for 'ptid' and 'ctid' in syscall prototypes
These types changed from 'void *' to 'int *' back in Linux 3.8.
Michael Kerrisk
EINVAL is generated by glibc wrapper for NULL 'fn' or 'child_stack'
Clarify that this error is produced by the wrapper function, not
the underlying system call. In particular, the point is that the
raw system call can accommodate a NULL pointer for 'child_stack'.
Michael Kerrisk [Elliott Hughes]
Make the implications of CLONE_FILES more explicit
If CLONE_FILES is not set, the duplicated FDs nevertheless share
file offset and status flags via the open file description.
epoll_wait.2
Mike Crowe
Clarify that the timeout is measured against CLOCK_MONOTONIC
fcntl.2
Michael Kerrisk
Note an important detail of F_SETOWN permission rules for signals
F_SETOWN records the caller's credentials at the time of
the fcntl() call, and it is these saved credentials that
are used for subsequent permission checks.
getdomainname.2
Michael Kerrisk
Note user namespace requirements for CAP_SYS_ADMIN
getgroups.2
Michael Kerrisk
Note user namespace requirements for CAP_SETGID
gethostname.2
Michael Kerrisk
Note user namespace requirements for CAP_SYS_ADMIN
getrlimit.2
Michael Kerrisk
Note user namespace semantics for CAP_SYS_RESOURCE
kcmp.2
Michael Kerrisk
Add an example program
kill.2
Michael Kerrisk
Note the user namespace requirement for CAP_KILL
mlock.2
Sebastian Andrzej Siewior
Document that fork() after mlock() may be a bad idea in a RT process
mmap.2
Jann Horn
Describe treatment of 'offset' for MAP_ANONYMOUS
msgctl.2
msgget.2
msgop.2
semctl.2
semget.2
semop.2
shmctl.2
shmget.2
shmop.2
Michael Kerrisk
Note the user namespace requirements for CAP_IPC_OWNER
open.2
Michael Kerrisk
Clarify user namespace capability requirements for O_NOATIME
Michael Kerrisk
F2FS support for O_TMPFILE was added in Linux 3.16
Michael Kerrisk
Clarify the rules about how the group ID of a new file is determined
prctl.2
Michael Kerrisk
Simplify list of cases where "dumpable" attribute is reset
Michael Kerrisk
Note user namespace requirements for PR_CAPBSET_DROP CAP_SETPCAP
readlink.2
Michael Kerrisk [Ursache Vladimir]
Make example program handle links that report a size of zero
Some "magic" symlinks created by the kernel (e.g., those under
/proc and /sys) report 'st_size' as zero. Modify the example
program to handle that possibility.
readv.2
Michael Kerrisk [Christoph Hellwig]
Clarify that RWF_DSYNC and RWF_SYNC apply only to data being written
reboot.2
Michael Kerrisk
Note user namespace requirements around CAP_SYS_BOOT
sched_setaffinity.2
Michael Kerrisk
Note user namespace requirements for CAP_SYS_NICE
seccomp.2
Michael Kerrisk
CAP_SYS_ADMIN is required only in caller's user namespace
seteuid.2
Michael Kerrisk
Note user namespace requirements for CAP_SETUID and CAP_SETGID
setgid.2
Michael Kerrisk
Note user namespace requirements for CAP_SETGID
setresuid.2
Michael Kerrisk
Note user namespace requirements for CAP_SETUID
setreuid.2
Michael Kerrisk
Note user namespace requirements for CAP_SETUID and CAP_SETGID
setuid.2
Michael Kerrisk
Note user namespace requirements for CAP_SETUID
sigprocmask.2
Keno Fischer
Expand/clarify libc/kernel sigset_t difference
bindresvport.3
rcmd.3
ip.7
Michael Kerrisk
Note user namespace requirements for CAP_NET_BIND_SERVICE
core.5
Mike Frysinger [Michael Kerrisk]
Add more details for output paths and the crash handler
People sometimes assume that the crash handler runs in the same
context as the crashing process. They would be incorrect :).
proc.5
Mike Frysinger
Clarify the root symlink and mount namespaces
If the target process is in a different mount namespace, the root
symlink actually shows that view of the filesystem.
Michael Kerrisk [Mike Frysinger]
Expand discussion of /proc/[pid]/root
Add a shell example showing that /proc/[pid]/root is more
than a symlink. Based on an example provided by Mike Frysinger
in an earlier commit message.
Michael Kerrisk
Explain rules determining ownership of /proc/PID/* files
Describe the effect of the "dumpable" attribute on ownership
of /proc/PID files.
Michael Kerrisk
Note effect of 'suid_dumpable' on ownership of /proc/PID files
Michael Kerrisk
Note that 'suid_dumpable' mode 1 is insecure
Michael Kerrisk
Document /proc/meminfo '+ShmemHugePages' and 'ShmemPmdMapped' fields
Michael Kerrisk
Document /proc/PID/status 'RssAnon', 'RssFile', and 'RssShmem' fields
Michael Kerrisk
Document /proc/PID/status 'HugetlbPages' field
Michael Kerrisk [Zefram]
Clarify that /proc/PID/statm 'shared' field counts *resident* pages
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741360
Michael Kerrisk
Clarify user namespace requirements for /proc/sys/fs/protected_hardlinks
Michael Kerrisk
Clarify description of /proc/PID/statm 'lib' and 'dt' fields
These fields are always zero since Linux 2.6.
Namhyung Kim [Petr Cermak]
Add description of CLEAR_REFS_MM_HIWATER_RSS
capabilities.7
Michael Kerrisk
Add note about nosuid to file capabilities section
packet.7
Michael Kerrisk
Clarify user namespace requirements for CAP_NET_RAW
pipe.7
Michael Kerrisk [Patrick McLean]
Document FIONREAD
raw.7
Michael Kerrisk
Clarify user namespace requirements for CAP_NET_RAW
Also remove mention of UID 0 as a method or creating
a raw socket. As far as I can tell from reading the
kernel source (net/ipv4/af_inet.c), this is not true.
ld.so.8
Michael Kerrisk
Expand description of LD_DEBUG
Provide a list of the categories, and note that multiple
categories can be specified.
Michael Kerrisk
Clarify text describing whether secure-mode programs preload libraries
--
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/
Powered by blists - more mailing lists