| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
|
|
|
|
Reported by Tobias Nygren using gcc10.
|
|
spawn-new-terminal() functions.
|
|
utmp and wtmp files at startup. real-uid / effective-uid flipping was
used to cleanup the records in these two files at logout-time. Over
time it was recognized that setuid root is too dangerous, later on
even uid flipping became an unacceptable practice (because an attacker
who finds a bug will simply flip the uid back to root before
continuing exploitation). Some OS's helped xterm (and other similar
login-related tooling) by making utmp writeable by a new utmp group,
but most did not do the same for wtmp. xterm started using this new
utmp gid, and the wtmp code moved to "try, and if it fails, ignore the
failure".
The obvious way to use this uid is for xterm to open the utmp file for
write (early on), discard the egid, and keep the file descriptor
around until utmp cleanup at termination. 10-20 lines of code, maybe.
But no,.... that's not what happened.
The previous setuid root flipping code (which is nearly a hundred
lines of #ifdef-wrapped code for portability reasons) was copied and
repurposed by adding new #ifdef code for setgid utmp flipping, and
thus nearly a hundred lines of #ifdef-wrapped code was added). setgid
flipping has less severe security risks than setuid flipping, but it
is remains an excessively strong and unneccessary power (compared to a
single writeable fd).
When pledge() arrived on the scene, "wpath" was required so that the
utmp file could be opened late, and "id" was required to support egid
flipping. unveil() arrived on the scene, and the utmp path was added
to the list of viable paths, once again not considering that an incorrect
approach was being taken by the code.
I tried rewriting the portable USE_UTMP_SETGID code to follow the
open-drop-reuse-fd approach, to help out upstream xterm, but it is such
a brain-melting shitshow I gave up, we'll have a (small) intrusive patch
which opens utmp early, drops the gid, and reuses the fd later on.
Maybe upstream will take care of this eventually to reduce the risk of
egid other operating systems.
ok matthieu, much feedback from millert
|
|
because we dropped setuid root around the, but the code to attempt it
it was erroneously left behind
ok matthieu
|
|
ok matthieu
|
|
ok matthieu
|
|
the top-level features are disabled because our xterm uses pledge
without "exec" support.
ok matthieu
|
|
|
|
0cfc01fe835fe727e9ff7485fd6b5c8180bfd7b7 in mainline Mesa
|
|
0cfc01fe835fe727e9ff7485fd6b5c8180bfd7b7 in mainline Mesa
|
|
From Jordan Justen
d257494ec4d826aec8841845479215820e612917 in mainline Mesa
|
|
From Jordan Justen
4e0eca7dc34942759638ab00eb006ba40284a7c in mainline Mesa
|
|
From Jordan Justen
03cc5a8295e239b45623c89faac88030b33a4a14 in mainline Mesa
|
|
From Jordan Justen
fd646c2d2f8b3efed92630d548448a1bdd6ba2b1 in mainline Mesa
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Commit 19eb8cef by Alan Coopersmith.
|
|
|
|
|
|
|
|
|
|
from Walter Alejandro Iglesias.
|
|
ok matthieu@
|
|
|
|
While here, flesh out the rest of the MWM hints.
|
|
lld can remove unused c++ sections from u_printf.cpp with --gc-sections
ld.bfd from binutils 2.17 can't unless this function is moved
u_printf_length() was added to u_printf.cpp upstream in
vulkan: Add vk_asprintf and vk_vasprintf helpers
2db5536a461734a818caf4f519e3286accb0818f
problem reported by deraadt@ and visa@ on sparc64 and octeon
|
|
to loader_dri_create_image with ld.bfd from binutils 2.17
reported and tested by visa@
|
|
ifdef out a linux specific path introduced upstream in:
gallivm: add basic mips64 support and set mcpu to mips64r5 on ls3a4000
88b234d7a7cd71fcb4955428010f238ec9530431
https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/11955
to fix build on mips64
reported by deraadt@ tested by visa@
|
|
link libmesa_util.a users with --gc-sections
avoids unwanted external references in shared libraries:
_ZNKSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE4findEcm
_ZNKSt3__121__basic_string_commonILb1EE20__throw_length_errorEv
_ZdlPv
_Znwm
__gxx_personality_v0
follows what the meson build does
problem reported by sthen@ when building sd2-ttf on i386
|
|
|
|
|
