Age | Commit message (Collapse) | Author |
|
If these files are being relinked at reboot, this causes false positives
and alert fatigue.
Prompted by florian@
Feedback from millert@ and deraadt@
|
|
ssh tools. The dynamic objects are entirely ret-clean, static binaries
will contain a blend of cleaning and non-cleaning callers.
|
|
non-sensical 0 filled string.
OK florian@
|
|
partly checked by millert@
|
|
|
|
|
|
|
|
Add missing error checks to all calls under libexec/
Input kettenis, millert
OK millert
|
|
Add missing error checks to all calls under libexec/
Input & OK millert
|
|
about to be removed. Please be careful building through this, you need
a kernel at least March 29th or so to build through it, otherwise use
snapshots to cross over.
ok various people
|
|
Fixes potential interoperability issues when the real MTA
supports those extensions. From Arnt Gulbrandsen, OK benno@
|
|
|
|
|
|
Extend "Check for changes to the disklabels of mounted disks" to those that
host online softraid volumes, e.g installations with root inside CRYPTO sd0a
(and EFI System partition on sd0i).
That produces /var/backup/disklabel.sd0.current, previously missing in such
setups; noticed after someone dd(1)ed miniroot onto sd0 by accident and had
no disklabel(8) backup to restore.
Feedback OK bluhm
|
|
|
|
a reference reaching the execve(2) stub. The new pinsyscalls(2) that
applies to all system calls has made this redundant.
|
|
|
|
pinsyscalls(2).
ok kettenis
|
|
libraries will request a different (major) libc version from the one
requested by the binary itself. For various reasons loading multiple libc
versions is not a good idea, and since the introduction of msyscall(2)
support, system calls will only work when called from one of the two loaded
libcs. This really means that when we have a libc major bump, users must
update all dynamic executables and shared libraries in the system.
However, to ease this transition, change ld.so to only load the first libc
version that we encounter (in a breadth first sense) and substitute that
libc version for all further loads of libc, even if different versions are
requested. This is done silently since I can't come up with a good warning
message. In practice this means the libc version requested by the
executable itself will be loaded. This means that shared libraries may
fail to load if they use a symbol that has been removed. But given the
constraints, this is the best that we can do. Even when we bump the
libc major, the set of changes is typically small and most binaries and
shared libraries will continue to run and allow the user to run pkg_add -u
without any fallout.
ok deraadt@, gkoehler@
|
|
|
|
Twice, I have seen the sigtramp mapping land inside that hole. This
causes grief for the upcoming pinsyscalls() work which operates on
address space ranges. But the micro-optimization is silly.
ok kettenis
|
|
placed head of the btext (boot.text) segment. (the boot.text segment is
"unmapped" after initization, as a self-protection mechanism). this meant
the LOAD's virtual addresses were not in sequence, which clearly isn't
what we intended.
|
|
|
|
|
|
noticed by gnezdo
|
|
ok deraadt@
|
|
|
|
function. Therefore we cannot create a precise pinsyscall label. Instead
create a duplicate entry (using inline asm) to force the kernel's pinsyscall
code to skip validation, rather than labelling it illegal. kbind(2) remains
safe because it self-protects by checking its calling address.
ok kettenis
|
|
Required for strict-alignment architectures and a good idea on others.
same as kettenis commit to libc
|
|
arguments, so we have to cope.
|
|
with {uint offset, uint syscall#} entries in libc & ld.so.
In libc a few syscall# entries (break, sigprocmask, _tfork, _threxit)
are duplicated because additional or inline uses occur (that situation
is handled elsewhere)
ok kettenis
|
|
ok tb gnezdo
|
|
non-libc users. This is a two-liner macro anyway, and this will make
deraadt@'s future changes in this area easier to make. NFC
|
|
intended, instead of filtering out everything.
OK sthen@
|
|
reproducing the relevant defines and code in a different place) to perform
minor relocations. If things go very wrong, it would call _dl_exit() --
a locally defined crt0 function which is syscall exit(2). We don't need
to call exit(2) for this obscure case which doesn't happen and provides no
debugging information. An 'abort' is going to provide better information.
So let's change the function name to _dso_abort() and make it a single
illegal instruction.
ok guenther
|
|
to be a descriptive name, where hrSWRunPath should give the full path to
the binary. While argv[0] can contain any of a simple binary name, the
full path, or a custom name given by the application itself, it gives us
the option to retrieve both pieces of information. This is also the
same distinction made by netsnmp.
This also keeps the default command column from top(1) and snmptop in
sync, and now allows for identical output in the column between `top -C`
and `snmptop -Cpa`
OK tb@
|
|
hrSWRunPerfCPU and hrSWRunPerfMem. This allows snmptop to work with
snmpd(8). Math copied from top(1).
OK tb@
|
|
fails
clang-16 warning reported by robert@, ok tb@ millert@
|
|
at the dlopen vs execve split, dropping either "proc" or "prot_exec".
ok gnezdo
|
|
is already loaded:
* add a 'trace' argument to _dl_show_objects() and exit the
walk-the-objects loop if you hit that traced object
* in dlopen(), pass the trace object to _dl_show_objects()
* also, invoke _dl_show_objects() + exit if the object was
already opened
* pass NULL to _dl_show_objects() for all the other calls
* oh hey, _dl_tracelib is now superfluous: _dl_show_objects()
should do the walk-the-objects loop only if trace is not NULL.
Problem noted by gnezdo@
ok millert@
|
|
Problem noted by gnezdo@
ok millert@
|
|
Promote size from int to size_t.
From: lucas at sexy dot is
Regress tests by gnezdo@
deraadt: yes
|
|
for more than a year code which could use it; but in all non-trivial
circumstances (programs which would benefit), I was stopped by issues
(in particular by environment variable behavious). But I never looked
in ldd(1). This is the FIRST one which is completely obvious.
spledge(NULL, "stdio rpath")
ok guenther
|
|
- reject non-sensical program header values which would result in a crash
when accessing the 0 bytes sized buffer allocated due to it
ok deraadt@ kettenis@
|
|
|
|
sure deraadt@
|
|
ok deraadt@
|
|
periodically read rules from pf(4) to consume all kernel
memory. The bug has been discovered and root caused by florian@.
In this particular case it was snmpd(8) what ate all kernel
memory.
This commit introduces DIOCXEND to pf(4) so applications such
as snmpd(8) and systat(1) to close ticket/transaction when
they are done with fetching the rules. This change also
updates snmpd(8) and systat(1) to use newly introduced
DIOCXEND ioctl(2).
OK claudio@, deraadt@, kn@
|
|
while here simplify the "From " check too.
ok millert@
|
|
indirect branch, so include an endbr64 Just In Case.
ok deraadt@
|