| Age | Commit message (Collapse) | Author |
|---|
|
|
|
(defaults to /usr/bin/finger, but can be redefined with -P option).
Then unveil that program for "x" (execution), and pledge as before.
No other filesystem accesses occur after that point.
|
|
not the address of its GOT entry. The current code mixed the high bits of
the GOT entry address with the low bits of the true address. This only
worked by accident for small binaries where _DYNAMIC and its GOT entry
happen to reside on the same page.
ok guenther@, mortimer@
|
|
ok kettenis guenther
|
|
OK deraadt@ millert@ jca@
|
|
Convert __cerror to hidden visibility.
from miod@
|
|
OK millert
|
|
Before this change, only the password validation was pledged, now it
also includes some more code including the "Password:" prompt.
To pledge the code earlier, the getpwnam_shadow() had to be moved up -
it works under "getpw" but it does not return the actual password hash
under pledge. This also works with yp(ldap).
OK deraadt@ tb@ brynet@
|
|
No other uses of -DPASSWD were found in the tree.
OK deraadt@ tb@ brynet@
|
|
Don't quietly install ld.so.hints with mode 0600 because this adds
overhead to shlib lookup for non-root processes.
From Nan Xiao.
ok guenther@
|
|
ok deraadt@
|
|
that return ssize_t will not return a negative value upon error.
Fixes dynamical loading of shared objects using dlopen().
ok guenther@
|
|
means and show how to re-enable KARL.
Prodded by and OK deraadt
Feedback and OK tb
|
|
stub doesn't preserve them and some may be used for passing arguments
ok kettenis@ deraadt@ mlarkin@
|
|
Delete a bunch of unnecessary #includes and sort to match style(9)
while doing the above cleanup.
ok deraadt@ krw@
|
|
|
|
ok patrick@, millert@
|
|
over a syscall for randomdata sections larger than 256B.
ok djm@ deraadt@ kettenis@
|
|
no functional change
|
|
was being handled.
|
|
|
|
ok otto@
|
|
ok deraadt@
|
|
|
|
|
|
skip symbol lookup on protected symbols. Add visibility #defines to
<sys/exec_elf.h> to support that.
ok kettenis@ visa@
|
|
cleanups. From Jan Kokemueller. OK deraadt@
|
|
deliberately does not save the floating-point argument registers
before calling _dl_bind(). Doing so would force an FPU context switch
upon every function call through the PLT. But since we compile ld.so
with -march=armv8-a+nofp+nosimd this is safe since nothing in the _dl_bind()
codepath uses he FPU registers.
ok guenther@, drahn@
|
|
Reviewing behaviour artifacts with pledge, I discover a close(-ENOSYS)..
ok guenther
|
|
|
|
|
|
ok guenther
|
|
correctly take into account the segment p_align. Previously, anything
with a size belong the natural alignment or with alignment larger than
the natural one would either not be intialized correctly, be misaligned,
or result in the TIB being misaligned.
Problems reported by Charles Collicutt (charles (at) collicutt.co.uk)
ok kettenis@
|
|
__cxa_thread_atexit() implementation.
ok guenther@
|
|
ok tom@
|
|
one location under /usr/share/relink.
Be more specific in src/etc/rc reorder_libs() what filesystems
need r/w remount and ensure that their mount state is restored.
Idea and positive feedback from deraadt@
OK aja@ tb@
|
|
ok jca@, deraadt@
|
|
ok jasper@, jca@, deraadt@
|
|
when the object is loaded. Since kbind(2) will never be used in that
case, disable it early, before invoking any library or application code.
ok deraadt@ kettenis@
|
|
assignment and isn't used by clang/lld.
ok jsg@
|
|
in greylisting mode, it is not uncommon for an IP to get whitelisted
before it shows up on a spam blacklist. With this change, spamd
will check its blacklists before adding a WHITE entry to the
<spamd-white> pf table. If the IP matches a blacklist, the WHITE
entry will be removed. OK phessler@
|
|
|
|
|
|
pointer will remain unchanged when fails. OK deraadt@
|
|
superseded by the generic ?WX and RELRO support. Stop trying to look
up and use them.
ok kettenis@ deraadt@
|
|
|
|
While here, change the mbstowcs() error checking making it complaint with what's
documented in the manual and zap some stray whitespace.
ok benno@ tb@
|
|
the generic handling of RWX segments.
ok aoyama@
|
|
- move _dl_cerror function from SYS.h to ldasm.S to avoid duplicate
definition when linking
- [SYS.h] pull some macros from lib/libc/arch/m88k/DEFS.h
- [ldasm.S] add "'never hit' but needed" br again in _dl_cacheflush
(thanks to Miod Vallat)
- [ldasm.S] change ld.hu into ld.h in order to get a correctly signed
and sign-extended value (also thanks to Miod Vallat)
ok deraadt@
|
|
|
