summaryrefslogtreecommitdiff
path: root/libexec
AgeCommit message (Collapse)Author
2018-11-20On mips64, DT_DEBUG doesn't need mprotecting if it's in the GNU_RELRO segmentPhilip Guenther
ok visa@
2018-11-17need to closefrom(0) before execve(), otherwise tty isn't properlyTheo de Raadt
'hung up'; some testing by Theodore Wynnychenko
2018-11-16Finish ld.so's transition to GNU_RELRO: eliminate support for usingPhilip Guenther
__got_{start,end} to find a region to mark read-only. It was only used for binaries that didn't have a GNU_RELRO segment, but all archs have been using that for over a year. Since support for insecure-PLT layouts on powerpc and alpha have been removed, all archs handle GNU_RELRO the same way and the support can be moved from the MD code to the MI code. ok mpi@
2018-11-16Borrow an idea from DragonFly BSD: factor out the "does this symbol match whatPhilip Guenther
we're looking up?" logic from _dl_find_symbol_obj() into matched_symbol(), so that the former is just the "iterate across the hash" logic. matched_symbol() returns zero on "not found", one on "found strong symbol", and negative one on "found weak symbol". The last of those lets the caller give up on this object after finding a weak symbol, as there's no point in continuing to search for a strong symbol in the same object. ok mpi@
2018-11-15Put all the symbol lookup parameters (except the object being searched) andPhilip Guenther
the return pointers into a structure and pass that to _dl_find_symbol_obj(). Set sl->sl_obj_out in _dl_find_symbol_obj() so that the callers don't need to each record the object. ok mpi@
2018-11-15Theodore Wynnychenko discovered the gettytab "lo=path" feature didn't workTheo de Raadt
anymore with unveil wired to /usr/bin/login. So let's parse gettytab a bit earlier to learn which login path to unveil. Later in the loop gettytab is re-parsed, if the login changes re-exec getty to reach the unveil from the top. ok millert, also discussed with mestre
2018-11-12Delete support for non-secureplt binaries. The secure PLT format has beenPhilip Guenther
the default for years and ports doesn't appear to have anything patching to use the old format. ok deraadt@
2018-11-09Delete superfluous libc reach-around variables, left over from thePhilip Guenther
old syscall stubs. Prompted by miod@'s poke on m88k ok visa@
2018-11-09Delete superfluous libc reacharounds.Philip Guenther
Replace magic numbers with symbolic constants in ldasm.S Let the kernel do the cacheflush optimization. from miod@
2018-11-09Delete support for obsolete BSS PLT format, which was last known to bePhilip Guenther
used by the dearly departed editors/emacs21 port. Per naddy@, we'll keep an eye out for issues in the next ports bulk build
2018-11-02ld.so's malloc has no runtime option processing, so remove theOtto Moerbeek
setting flags and replace them by constants. ok deraadt@ guenther@
2018-10-25The compilers already put static arrays in .rodata when not written to;Philip Guenther
marking them const will keep a source change from silently moving them back to .data ok deraadt@ kettenis@
2018-10-25When spamd(8) runs in greylist mode in the parent process (which runsRicardo Mestre
greywatcher()) we know that the only files that it will ever access are PATH_SPAMD_DB in rw mode, alloweddomains_file in r and that it will need to execute PATH_PFCTL so we can unveil(2) them with those permissions. OK deraadt@ millert@ beck@
2018-10-25The only file that spamlogd(8) needs to access after calling pledge(2) isRicardo Mestre
PATH_SPAMD_DB, so unveil(2) it with O_RDWR permissions. OK millert@ beck@
2018-10-23Delay processing of ld.so's own PT_GNU_RELRO section until after environmentPhilip Guenther
processing and malloc initialization, and then move variables set by those steps, including malloc's mopts structure, into the .data.rel.ro segment. This protects more data and eliminates the extra padding of the mopts. ok kettenis@
2018-10-22More "explicitely" -> "explicitly" in various comments.Kenneth R Westerback
ok guenther@ tb@ deraadt@
2018-10-22Use int, not char*, for booleansPhilip Guenther
ok millert@
2018-10-01Add retguard to arm64 ld.so.mortimer
ok kettenis@
2018-09-30Remove the hopefully last remnants of kerberos in there: arg_login,Antoine Jacoutot
arg_notickets and invokinguser. ok kn@ millert@
2018-09-25document HUP;Jason McIntyre
based on a diff from katherine rohl, shortened by request of deraadt
2018-09-24unveil maildir, utmp, /tmp, and /dev. For the vast number of peopleTheo de Raadt
using biff.
2018-09-24unveil(2) in getty. This has been in snaps for more than 2 months,Theo de Raadt
since I worry that a mistake in here will cause significant grief.
2018-09-02update tradcpp to 0.5.2Jonathan Gray
ok miko@ bcallah@ deraadt@
2018-08-29make ld.so build reproducible by including a FILE symbol and by removingRobert Nagy
-x from ld; this is only used for syspatch creation so builds are still randomized just as before ok guenther@
2018-08-08lockspool only plays with files in _PATH_MAILDIR, so unveil that path.Theo de Raadt
2018-08-03Move pledge to after getopt, when the finger program becomes knownTheo de Raadt
(defaults to /usr/bin/finger, but can be redefined with -P option). Then unveil that program for "x" (execution), and pledge as before. No other filesystem accesses occur after that point.
2018-07-24Fix address calculation for _DYNAMIC. We want to address of _DYNAMIC itself,Mark Kettenis
not the address of its GOT entry. The current code mixed the high bits of the GOT entry address with the low bits of the true address. This only worked by accident for small binaries where _DYNAMIC and its GOT entry happen to reside on the same page. ok guenther@, mortimer@
2018-07-09unify the various per-arch syscall.h as much as possibleTheo de Raadt
ok kettenis guenther
2018-06-28add missing ${LIBCRYPTO} to DPADDGleydson Soares
OK deraadt@ millert@ jca@
2018-06-16Add add PIE support for m88k (requires gcc4 toolchain)Philip Guenther
Convert __cerror to hidden visibility. from miod@
2018-06-14silence a compiler warningGleydson Soares
OK millert
2018-06-13Call pledge(2) earlier before opening the auth channel and readpassphrase()Reyk Floeter
Before this change, only the password validation was pledged, now it also includes some more code including the "Password:" prompt. To pledge the code earlier, the getpwnam_shadow() had to be moved up - it works under "getpw" but it does not return the actual password hash under pledge. This also works with yp(ldap). OK deraadt@ tb@ brynet@
2018-06-13Remove #ifdef PASSWD, it was always enabled and is a leftover from krb5 days.Reyk Floeter
No other uses of -DPASSWD were found in the tree. OK deraadt@ tb@ brynet@
2018-06-08Bail out if fchmod(2) fails.cheloha
Don't quietly install ld.so.hints with mode 0600 because this adds overhead to shlib lookup for non-root processes. From Nan Xiao. ok guenther@
2018-06-01Bump ELF_RANDOMIZE_LIMIT to 1MB.mortimer
ok deraadt@
2018-05-15On arm64 negate the whole 64-bit register otherwise system call wrappersMark Kettenis
that return ssize_t will not return a negative value upon error. Fixes dynamical loading of shared objects using dlopen(). ok guenther@
2018-05-01Add an explanation to relink.log what a failed checksum of /bsdRobert Peichaer
means and show how to re-enable KARL. Prodded by and OK deraadt Feedback and OK tb
2018-04-27Make sure ld.so doesn't use floating point registers, as the lazy-bindingPhilip Guenther
stub doesn't preserve them and some may be used for passing arguments ok kettenis@ deraadt@ mlarkin@
2018-04-26Use <fcntl.h> instead of <sys/file.h> for open() and friends.Philip Guenther
Delete a bunch of unnecessary #includes and sort to match style(9) while doing the above cleanup. ok deraadt@ krw@
2018-04-26nuke trailing whitespaceBob Beck
2018-03-09Add support for the DF_TEXTREL flag.Mark Kettenis
ok patrick@, millert@
2018-02-09Use a static chacha instance to fill randomdata sections. Avoids loopingmortimer
over a syscall for randomdata sections larger than 256B. ok djm@ deraadt@ kettenis@
2018-02-07sync with libc malloc: use consistent style for for loop in unmap(),Otto Moerbeek
no functional change
2018-02-04Expand Type strings by one space, to fit ld.so, in the same ugly way "exe "Theo de Raadt
was being handled.
2018-02-01don't forget to increment loop var; infinite loops spotted by sthen@Otto Moerbeek
2018-01-30No need to add ffs.c as we use .VPATH to reach over into libc/string.Mark Kettenis
ok otto@
2018-01-30provide ffs, gcc generates calls to it, even when __builtin_ffs() is used.Otto Moerbeek
ok deraadt@
2018-01-30kill a gcc warningOtto Moerbeek
2018-01-30port over the malloc changes from libc. prompted by deraadt@Otto Moerbeek
2018-01-18Unlike other archs, mips64 needs ld.so to know about symbol visibility andPhilip Guenther
skip symbol lookup on protected symbols. Add visibility #defines to <sys/exec_elf.h> to support that. ok kettenis@ visa@