| Age | Commit message (Collapse) | Author |
|---|
|
line unless it is writable.
lld places read-only sections below the gap so this is needed
to be able to retain W^X with lld. Note however the read-only
sections below the W^X line are now executable on pre-NX
machines and a possible source of gadgets. This is a change
from Gnu ld where RO sections were ordered above the W^X line
and not executable.
okay drahn@ kettenis@ deraadt@
|
|
|
|
No functional change.
suggested by tb@; from Jan Klemkow
|
|
to avoid comparison of integers of different signs.
from Jan Klemkow; OK tb@
|
|
|
|
This fixes handling of lld-linked executables on mips64.
problem reported by visa@ and worked out with him
|
|
from Matt Dillon's implementation in DragonFlyBSD commit 7629c631.
One difference is that as long as DT_HASH is still present, ld.so
will use that to get the total number of symbols rather than walking
the GNU hash chains. Note that the GPLv2 binutils we have doesn't
support DT_GNU_HASH, so this only helps archs were lld is used.
ok kettenis@ mpi@
|
|
relocation of ld.so's GOT without using it, so _reloc_alpha_got()
merely made the call to _dl_boot_bind() from asm simpler...while
itself being a call that required special handling.
diff and muild baking by miod@
ok guenther@
|
|
ok visa@
|
|
'hung up'; some testing by Theodore Wynnychenko
|
|
__got_{start,end} to find a region to mark read-only. It was only used
for binaries that didn't have a GNU_RELRO segment, but all archs have
been using that for over a year. Since support for insecure-PLT layouts
on powerpc and alpha have been removed, all archs handle GNU_RELRO the
same way and the support can be moved from the MD code to the MI code.
ok mpi@
|
|
we're looking up?" logic from _dl_find_symbol_obj() into matched_symbol(), so
that the former is just the "iterate across the hash" logic.
matched_symbol() returns zero on "not found", one on "found strong
symbol", and negative one on "found weak symbol". The last of those lets
the caller give up on this object after finding a weak symbol, as there's
no point in continuing to search for a strong symbol in the same object.
ok mpi@
|
|
the return pointers into a structure and pass that to _dl_find_symbol_obj().
Set sl->sl_obj_out in _dl_find_symbol_obj() so that the callers don't
need to each record the object.
ok mpi@
|
|
anymore with unveil wired to /usr/bin/login. So let's parse gettytab a bit
earlier to learn which login path to unveil. Later in the loop gettytab is
re-parsed, if the login changes re-exec getty to reach the unveil from the top.
ok millert, also discussed with mestre
|
|
the default for years and ports doesn't appear to have anything patching
to use the old format.
ok deraadt@
|
|
old syscall stubs. Prompted by miod@'s poke on m88k
ok visa@
|
|
Replace magic numbers with symbolic constants in ldasm.S
Let the kernel do the cacheflush optimization.
from miod@
|
|
used by the dearly departed editors/emacs21 port.
Per naddy@, we'll keep an eye out for issues in the next ports bulk build
|
|
setting flags and replace them by constants. ok deraadt@ guenther@
|
|
marking them const will keep a source change from silently moving them
back to .data
ok deraadt@ kettenis@
|
|
greywatcher()) we know that the only files that it will ever access are
PATH_SPAMD_DB in rw mode, alloweddomains_file in r and that it will need to
execute PATH_PFCTL so we can unveil(2) them with those permissions.
OK deraadt@ millert@ beck@
|
|
PATH_SPAMD_DB, so unveil(2) it with O_RDWR permissions.
OK millert@ beck@
|
|
processing and malloc initialization, and then move variables set by those
steps, including malloc's mopts structure, into the .data.rel.ro segment.
This protects more data and eliminates the extra padding of the mopts.
ok kettenis@
|
|
ok guenther@ tb@ deraadt@
|
|
ok millert@
|
|
ok kettenis@
|
|
arg_notickets and invokinguser.
ok kn@ millert@
|
|
based on a diff from katherine rohl, shortened by request of deraadt
|
|
using biff.
|
|
since I worry that a mistake in here will cause significant grief.
|
|
ok miko@ bcallah@ deraadt@
|
|
-x from ld; this is only used for syspatch creation so builds are still
randomized just as before
ok guenther@
|
|
|
|
(defaults to /usr/bin/finger, but can be redefined with -P option).
Then unveil that program for "x" (execution), and pledge as before.
No other filesystem accesses occur after that point.
|
|
not the address of its GOT entry. The current code mixed the high bits of
the GOT entry address with the low bits of the true address. This only
worked by accident for small binaries where _DYNAMIC and its GOT entry
happen to reside on the same page.
ok guenther@, mortimer@
|
|
ok kettenis guenther
|
|
OK deraadt@ millert@ jca@
|
|
Convert __cerror to hidden visibility.
from miod@
|
|
OK millert
|
|
Before this change, only the password validation was pledged, now it
also includes some more code including the "Password:" prompt.
To pledge the code earlier, the getpwnam_shadow() had to be moved up -
it works under "getpw" but it does not return the actual password hash
under pledge. This also works with yp(ldap).
OK deraadt@ tb@ brynet@
|
|
No other uses of -DPASSWD were found in the tree.
OK deraadt@ tb@ brynet@
|
|
Don't quietly install ld.so.hints with mode 0600 because this adds
overhead to shlib lookup for non-root processes.
From Nan Xiao.
ok guenther@
|
|
ok deraadt@
|
|
that return ssize_t will not return a negative value upon error.
Fixes dynamical loading of shared objects using dlopen().
ok guenther@
|
|
means and show how to re-enable KARL.
Prodded by and OK deraadt
Feedback and OK tb
|
|
stub doesn't preserve them and some may be used for passing arguments
ok kettenis@ deraadt@ mlarkin@
|
|
Delete a bunch of unnecessary #includes and sort to match style(9)
while doing the above cleanup.
ok deraadt@ krw@
|
|
|
|
ok patrick@, millert@
|
|
over a syscall for randomdata sections larger than 256B.
ok djm@ deraadt@ kettenis@
|
