Age | Commit message (Collapse) | Author |
|
of ld.so boot.text region is now (silently) failing because the region is
contained within the text LOAD, which is immutable. So create a new btext
LOAD with flags PF_X|PF_R|PF_OPENBSD_MUTABLE, and place all boot.text objects
in there. This LOAD must also be page-aligned so it doesn't skip unmapping
some of the object region, previously it was hilariously unaligned.
ok kettenis and guenther seemed to like it also
This one is for powerpc64 and a modified version of the diff deraadt@ mailed
out to make sure the LOADs are in increasing address order.
|
|
can consider this same as the "booting" case, and instruct lower layers to
do immutability. With this change in place, the not-yet-commited
library-immutable diff leaves 1 page of libc (malloc related) and 6
non-RTLD_NODELETE libraries mutable in chrome.
Everything else is immutable, except for the program's transient memory
allocations & file mappings. This is an unexpected result.
|
|
so the mapping layer will know it can use mimmutable()
|
|
of ld.so boot.text region is now (silently) failing because the region is
contained within the text LOAD, which is immutable. So create a new btext
LOAD with flags PF_X|PF_R|PF_OPENBSD_MUTABLE, and place all boot.text objects
in there. This LOAD must also be page-aligned so it doesn't skip unmapping
some of the object region, previously it was hilariously unaligned.
ok kettenis and guenther seemed to like it also
This one is for 32-bit arm, tested by phessler
|
|
nodelete, so that _dl_relro() will immutable it's relro.
|
|
of ld.so boot.text region is now (silently) failing because the region is
contained within the text LOAD, which is immutable. So create a new btext
LOAD with flags PF_X|PF_R|PF_OPENBSD_MUTABLE, and place all boot.text objects
in there. This LOAD must also be page-aligned so it doesn't skip unmapping
some of the object region, previously it was hilariously unaligned.
ok kettenis and guenther seemed to like it also
This one is for riscv64, tested by jca
|
|
the gap, mmap a fresh MAP_FIXED MAP_ANON PROT_NONE and make it immutable
for good measure
ok guenther kettenis
|
|
|
|
of ld.so boot.text region is now (silently) failing because the region is
contained within the text LOAD, which is immutable. So create a new btext
LOAD with flags PF_X|PF_R|PF_OPENBSD_MUTABLE, and place all boot.text objects
in there. This LOAD must also be page-aligned so it doesn't skip unmapping
some of the object region, previously it was hilariously unaligned.
Similar changes for other architectures coming after more testing.
ok kettenis and guenther seemed to like it also
|
|
No need to hardcode a parent path if we can reuse an existing variable for
the specific path that is in being used.
Negate the file system type in df(1) so the `|| exit 1' can be dropped
in favour of the errexit option, as is done for everything else in there.
Clarify the comment how this is intentionally NOT logged, i.e. the test
happens before the error trap/syslog/logfile handling.
OK millert
|
|
If /usr is mounted read-only, kernel relinking fails silently without any
log trace:
# /usr/libexec/reorder_kernel
/usr/libexec/reorder_kernel[35]: cannot create /usr/share/relink/kernel/GENERIC.MP/relink.log: Read-only file system
This stderr line does not show up anywhere because init(8) redirects stdout
and stderr to /dev/null, executes rc(8) which inherits it and thus executes
reorder_kernel with both streams discarded.
So install the error handler first, then try to set up a log file.
Introduce ERRMSG to provide error messages to users, i.e. not say
"see .../relink.log" when creating this file is what failed:
# ksh ./reorder_kernel.sh
./reorder_kernel.sh[40]: cannot create /usr/share/relink/kernel/GENERIC.MP/relink.log: Read-only file system
# tail -n1 /var/log/message # or xconsole(1)
Nov 7 10:51:00 eru reorder_kernel.sh: failed
OK tb
|
|
library would never unload, and could be immutable. Pass a seperate
flag for our purposes
Noticed from regress tests by anton, ok kettenis
|
|
After text relocations are finished, these regions (in the binary) can become
immutable.
OPENBSD_MUTABLE section always overlaps writeable LOADs, so don't be afraid
of that case, it's covered.
|
|
right after it does mprotect PROT_READ.
|
|
tweaks them quite late. _dl_relro() is called when that work is done, and
the final mprotect PROT_READ happens. Then we can make mark it immutable.
ok kettenis
|
|
unloadable libraries. This allows us make consider making parts of those
libraries immutable (in future commits)
ok guenther kettenis
|
|
so the mapping can be immutable.
ok kettenis
|
|
ok kettenis
|
|
ok deraadt@
|
|
|
|
|
|
|
|
This contains snmpd's mib.c (and friends) adjusted for libagentx.
This standalone binary is to be used by snmpd to achieve privilege
separation.
If people need net-snmpd, but want some of the base snmpd metrics they can
start this binary as a normal daemon and connect to net-snmpd's agentx
socket.
Tested, Feedback, and OK sthen@
Release build test, and OK tb@
|
|
ok gnezdo@ kn@ martijn@
|
|
This contains snmpd's mib.c (and friends) adjusted for libagentx.
This standalone binary is to be used by snmpd to achieve privilege
separation.
If people need net-snmpd, but want some of the base snmpd metrics they can
start this binary as a normal daemon and connect to net-snmpd's agentx
socket.
Tested, Feedback, and OK sthen@
Release build test, and OK tb@
|
|
|
|
0-127, where immediate addressing can be used to load the system call number
in r0, rather than performing a memory load using pc-relative addressing.
No functional change, but rm(1) runs a couple cycles faster per file now.
|
|
OK tb@, sthen@
|
|
This contains snmpd's mib.c (and friends) adjusted for libagentx.
This standalone binary is to be used by snmpd to achieve privilege
separation.
If people need net-snmpd, but want some of the base snmpd metrics they can
start this binary as a normal daemon and connect to net-snmpd's agentx
socket.
Tested, Feedback, and OK sthen@
Release build test, and OK tb@
|
|
ok miod@ guenther@
|
|
|
|
Also includes some minor cleanup inspired by the NetBSD version.
OK jmc@ sthen@
|
|
Explain when and how LD_LIBRARY_PATH, DT_RUNPATH and DT_RPATH are used.
Input OK guenther
|
|
* add _?ENTRY_NB to arm/asm.h
* make sure ld.so's arm asm bits see the same includes as libc
* switch libc's arm bits to the generic DEFS.h
* switch arm ASM bits from ENTRY to ENTRY_NB as necessary
ok kettenis@ miod@
|
|
logged stdout output, but forgot to handle stderr. Fix that so that
the error log includes stderr output in that case (otherwise the log
is usually empty). From Lauri Tirkkonen, plus comment adjusted. ok tb
|
|
relocations.
ok guenther@
|
|
relocations.
ok guenther@
|
|
jmc@ dislikes a comma before "then" in a conditional, so leave those
untouched.
ok jmc@
|
|
This caused the last attribute to be dropped.
Reported by Allan Streib (astreib <at> fastmail <dot> fm)
Reminded by Raf Czlonka (rczlonka <at> gmail <dot> com)
OK tb@ claudio@
|
|
pointed out by brynet@
|
|
the latter the program then also calls stat(2) and therefore it never actually
worked correctly since they were added almost 20 years now.
while here remove an implementation detail from the manpage which covered the
chroot part.
pointed out by and ok deraadt@
|
|
so delete the #includes and hide the RELOC_* functions that are
only used by lib/csu behind "#ifdef RCRT0"
matches the others and it's hard to see how it will fail
|
|
we can verify at build time. Track dt_pltgot as an Elf_Addr instead
of an Elf_Addr* to eliminat casts on both setting and using. Set
RELATIVE_RELOC so the ld.so Makefile can verify that it has just
the relocation types we expect.
Nothing depends on archdep.h pulling in other #includes anymore, so delete
the #includes and hide the RELOC_* functions that are only used by lib/csu
behind "#ifdef RCRT0"
Tested with full build.
|
|
noted by miod
|
|
sys/time.h now gets NBBY and howmany() also
ok guenther
|
|
and ld.so itself: support for that in dynamic objects was removed
in 2010.
Inline RELOC_GOT() into boot_md.c and clean up the result like
boot.c, snag just the three DT_MIPS_* tags needed, and delete the
error case which is verified at build time.
ok visa@
|
|
so delete the #includes and hide the RELOC_* functions that are
only used by lib/csu behind "#ifdef RCRT0"
these are the ones I tested; kettenis@ was on board with the concept
|
|
so delete the #includes and hide the RELOC_* functions that are
only used by lib/csu behind "#ifdef RCRT0"
ok jca@
|
|
so delete the #includes and hide the RELOC_* functions that are
only used by lib/csu behind "#ifdef RCRT0"
ok kettenis@
|
|
so delete the #includes and hide the RELOC_* functions that are
only used by lib/csu behind "#ifdef RCRT0"
ok aoyama@
|