summaryrefslogtreecommitdiff
path: root/libexec
AgeCommit message (Collapse)Author
2018-11-02ld.so's malloc has no runtime option processing, so remove theOtto Moerbeek
setting flags and replace them by constants. ok deraadt@ guenther@
2018-10-25The compilers already put static arrays in .rodata when not written to;Philip Guenther
marking them const will keep a source change from silently moving them back to .data ok deraadt@ kettenis@
2018-10-25When spamd(8) runs in greylist mode in the parent process (which runsRicardo Mestre
greywatcher()) we know that the only files that it will ever access are PATH_SPAMD_DB in rw mode, alloweddomains_file in r and that it will need to execute PATH_PFCTL so we can unveil(2) them with those permissions. OK deraadt@ millert@ beck@
2018-10-25The only file that spamlogd(8) needs to access after calling pledge(2) isRicardo Mestre
PATH_SPAMD_DB, so unveil(2) it with O_RDWR permissions. OK millert@ beck@
2018-10-23Delay processing of ld.so's own PT_GNU_RELRO section until after environmentPhilip Guenther
processing and malloc initialization, and then move variables set by those steps, including malloc's mopts structure, into the .data.rel.ro segment. This protects more data and eliminates the extra padding of the mopts. ok kettenis@
2018-10-22More "explicitely" -> "explicitly" in various comments.Kenneth R Westerback
ok guenther@ tb@ deraadt@
2018-10-22Use int, not char*, for booleansPhilip Guenther
ok millert@
2018-10-01Add retguard to arm64 ld.so.mortimer
ok kettenis@
2018-09-30Remove the hopefully last remnants of kerberos in there: arg_login,Antoine Jacoutot
arg_notickets and invokinguser. ok kn@ millert@
2018-09-25document HUP;Jason McIntyre
based on a diff from katherine rohl, shortened by request of deraadt
2018-09-24unveil maildir, utmp, /tmp, and /dev. For the vast number of peopleTheo de Raadt
using biff.
2018-09-24unveil(2) in getty. This has been in snaps for more than 2 months,Theo de Raadt
since I worry that a mistake in here will cause significant grief.
2018-09-02update tradcpp to 0.5.2Jonathan Gray
ok miko@ bcallah@ deraadt@
2018-08-29make ld.so build reproducible by including a FILE symbol and by removingRobert Nagy
-x from ld; this is only used for syspatch creation so builds are still randomized just as before ok guenther@
2018-08-08lockspool only plays with files in _PATH_MAILDIR, so unveil that path.Theo de Raadt
2018-08-03Move pledge to after getopt, when the finger program becomes knownTheo de Raadt
(defaults to /usr/bin/finger, but can be redefined with -P option). Then unveil that program for "x" (execution), and pledge as before. No other filesystem accesses occur after that point.
2018-07-24Fix address calculation for _DYNAMIC. We want to address of _DYNAMIC itself,Mark Kettenis
not the address of its GOT entry. The current code mixed the high bits of the GOT entry address with the low bits of the true address. This only worked by accident for small binaries where _DYNAMIC and its GOT entry happen to reside on the same page. ok guenther@, mortimer@
2018-07-09unify the various per-arch syscall.h as much as possibleTheo de Raadt
ok kettenis guenther
2018-06-28add missing ${LIBCRYPTO} to DPADDGleydson Soares
OK deraadt@ millert@ jca@
2018-06-16Add add PIE support for m88k (requires gcc4 toolchain)Philip Guenther
Convert __cerror to hidden visibility. from miod@
2018-06-14silence a compiler warningGleydson Soares
OK millert
2018-06-13Call pledge(2) earlier before opening the auth channel and readpassphrase()Reyk Floeter
Before this change, only the password validation was pledged, now it also includes some more code including the "Password:" prompt. To pledge the code earlier, the getpwnam_shadow() had to be moved up - it works under "getpw" but it does not return the actual password hash under pledge. This also works with yp(ldap). OK deraadt@ tb@ brynet@
2018-06-13Remove #ifdef PASSWD, it was always enabled and is a leftover from krb5 days.Reyk Floeter
No other uses of -DPASSWD were found in the tree. OK deraadt@ tb@ brynet@
2018-06-08Bail out if fchmod(2) fails.cheloha
Don't quietly install ld.so.hints with mode 0600 because this adds overhead to shlib lookup for non-root processes. From Nan Xiao. ok guenther@
2018-06-01Bump ELF_RANDOMIZE_LIMIT to 1MB.mortimer
ok deraadt@
2018-05-15On arm64 negate the whole 64-bit register otherwise system call wrappersMark Kettenis
that return ssize_t will not return a negative value upon error. Fixes dynamical loading of shared objects using dlopen(). ok guenther@
2018-05-01Add an explanation to relink.log what a failed checksum of /bsdRobert Peichaer
means and show how to re-enable KARL. Prodded by and OK deraadt Feedback and OK tb
2018-04-27Make sure ld.so doesn't use floating point registers, as the lazy-bindingPhilip Guenther
stub doesn't preserve them and some may be used for passing arguments ok kettenis@ deraadt@ mlarkin@
2018-04-26Use <fcntl.h> instead of <sys/file.h> for open() and friends.Philip Guenther
Delete a bunch of unnecessary #includes and sort to match style(9) while doing the above cleanup. ok deraadt@ krw@
2018-04-26nuke trailing whitespaceBob Beck
2018-03-09Add support for the DF_TEXTREL flag.Mark Kettenis
ok patrick@, millert@
2018-02-09Use a static chacha instance to fill randomdata sections. Avoids loopingmortimer
over a syscall for randomdata sections larger than 256B. ok djm@ deraadt@ kettenis@
2018-02-07sync with libc malloc: use consistent style for for loop in unmap(),Otto Moerbeek
no functional change
2018-02-04Expand Type strings by one space, to fit ld.so, in the same ugly way "exe "Theo de Raadt
was being handled.
2018-02-01don't forget to increment loop var; infinite loops spotted by sthen@Otto Moerbeek
2018-01-30No need to add ffs.c as we use .VPATH to reach over into libc/string.Mark Kettenis
ok otto@
2018-01-30provide ffs, gcc generates calls to it, even when __builtin_ffs() is used.Otto Moerbeek
ok deraadt@
2018-01-30kill a gcc warningOtto Moerbeek
2018-01-30port over the malloc changes from libc. prompted by deraadt@Otto Moerbeek
2018-01-18Unlike other archs, mips64 needs ld.so to know about symbol visibility andPhilip Guenther
skip symbol lookup on protected symbols. Add visibility #defines to <sys/exec_elf.h> to support that. ok kettenis@ visa@
2017-12-24Fix one possible buffer overflow and one underflow. Also some minorTodd C. Miller
cleanups. From Jan Kokemueller. OK deraadt@
2017-12-21Implement missing bits to support lazy binding. Note that the codeMark Kettenis
deliberately does not save the floating-point argument registers before calling _dl_bind(). Doing so would force an FPU context switch upon every function call through the PLT. But since we compile ld.so with -march=armv8-a+nofp+nosimd this is safe since nothing in the _dl_bind() codepath uses he FPU registers. ok guenther@, drahn@
2017-12-12ld.so's syscall _dl_* API/ABI doesn't reurn errno, but -errno.Theo de Raadt
Reviewing behaviour artifacts with pledge, I discover a close(-ENOSYS).. ok guenther
2017-12-12spacingTheo de Raadt
2017-12-08also cleanout ld.so.aTheo de Raadt
2017-12-08Everyone knows this as ld.so, nor by the ancient name rtld.Theo de Raadt
ok guenther
2017-12-01Redo the calculation of the alignment and placement of static TLS data toPhilip Guenther
correctly take into account the segment p_align. Previously, anything with a size belong the natural alignment or with alignment larger than the natural one would either not be intialized correctly, be misaligned, or result in the TIB being misaligned. Problems reported by Charles Collicutt (charles (at) collicutt.co.uk) ok kettenis@
2017-11-28Implement a DL_REFERENCE dlctl. To be used by the upcomingMark Kettenis
__cxa_thread_atexit() implementation. ok guenther@
2017-11-15Tweak bitmask calculation to match i386 and avoid clang warning.Mark Kettenis
ok tom@
2017-11-05Consolidate lib.so.*.a, ld.so.a and the kernel relink kit intoRobert Peichaer
one location under /usr/share/relink. Be more specific in src/etc/rc reorder_libs() what filesystems need r/w remount and ensure that their mount state is restored. Idea and positive feedback from deraadt@ OK aja@ tb@