summaryrefslogtreecommitdiffstats
path: root/libexec (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* rm dead code and simplify ftpd_popen. this code has only calledtedu2019-05-085-75/+42
| | | | | | its statically linked ls_main for some time now. from Jan Klemkow ok deraadt
* On retguard systems, remove the ld.so-local stack-protector handlingderaadt2019-05-081-7/+9
| | | | | functions because retguard uses hard-traps instead. ok mortimer.
* Pull tname initialization up since it's used in an error path.florian2019-05-011-2/+3
| | | | Pointed out by jsg, just fix it deraadt@
* Now that all Elf_foo types are correct, we don't need to use Elf32_Wordderaadt2019-04-212-15/+15
| | | | | anywhere and can use Elf_Word instead. ok guenther
* On alpha, the buckets of DT_HASH are 8 bytes instead of 4 bytes. This wasguenther2019-04-212-6/+13
| | | | | | | | previously 'implemented' by having the Elf_Word typedef in <sys/exec_elf.h> vary, but that doesn't match the spec and breaks libelf so it's gone away. Implement the variation here by defining our own type locally for this. ok deraadt@
* Prevent clang from using builtins and jump tables in _dl_boot_bind()visa2019-04-191-1/+4
| | | | | | | on mips64. They need relocation and consequently cannot be used in that function. OK kettenis@
* spelling/consistency fix; from nam nguyenjmc2019-02-141-3/+3
|
* Simplify NFS checkkn2019-02-101-3/+2
| | | | | | | | Instead of getting all filesystems with df(1), filter /usr/share/ and check with mount(1) whether it's NFS, make df error out directly if the filesystem type matches nfs. OK sthen tb
* _dl_cerror is trivial on powerpc; just inline the handling into the stubsguenther2019-02-031-4/+2
| | | | based on a diff from miod@
* _dl_cerror is trivial on alpha and m88k; just inline the hanlding intoguenther2019-02-033-14/+6
| | | | | | the stubs noted by miod@
* On i386, ensure that the first PT_LOAD segment is below the W^Xkurt2019-01-251-31/+20
| | | | | | | | | | | | | line unless it is writable. lld places read-only sections below the gap so this is needed to be able to retain W^X with lld. Note however the read-only sections below the W^X line are now executable on pre-NX machines and a possible source of gadgets. This is a change from Gnu ld where RO sections were ordered above the W^X line and not executable. okay drahn@ kettenis@ deraadt@
* I am retiring my old email address; replace it with my OpenBSD one.millert2019-01-258-18/+18
|
* Flip snprintf(3) error check to align it with the man page example.bluhm2018-12-111-2/+2
| | | | | No functional change. suggested by tb@; from Jan Klemkow
* Convert some variables with non-negative values to unsigned typebluhm2018-12-111-6/+7
| | | | | to avoid comparison of integers of different signs. from Jan Klemkow; OK tb@
* Delete an unused struct member that has hid out here for 17 yearsguenther2018-12-051-3/+1
|
* DT_MIPS_RLD_MAP is an offset, so relocate it when present.guenther2018-12-031-3/+4
| | | | | | This fixes handling of lld-linked executables on mips64. problem reported by visa@ and worked out with him
* Implement support for DT_GNU_HASH, taking all the interesting bitsguenther2018-11-282-21/+136
| | | | | | | | | | from Matt Dillon's implementation in DragonFlyBSD commit 7629c631. One difference is that as long as DT_HASH is still present, ld.so will use that to get the total number of symbols rather than walking the GNU hash chains. Note that the GPLv2 binutils we have doesn't support DT_GNU_HASH, so this only helps archs were lld is used. ok kettenis@ mpi@
* Make alpha less special: _dl_boot_bind() is written to completeguenther2018-11-223-45/+15
| | | | | | | | | relocation of ld.so's GOT without using it, so _reloc_alpha_got() merely made the call to _dl_boot_bind() from asm simpler...while itself being a call that required special handling. diff and muild baking by miod@ ok guenther@
* On mips64, DT_DEBUG doesn't need mprotecting if it's in the GNU_RELRO segmentguenther2018-11-201-6/+8
| | | | ok visa@
* need to closefrom(0) before execve(), otherwise tty isn't properlyderaadt2018-11-171-1/+2
| | | | 'hung up'; some testing by Theodore Wynnychenko
* Finish ld.so's transition to GNU_RELRO: eliminate support for usingguenther2018-11-1614-139/+38
| | | | | | | | | | __got_{start,end} to find a region to mark read-only. It was only used for binaries that didn't have a GNU_RELRO segment, but all archs have been using that for over a year. Since support for insecure-PLT layouts on powerpc and alpha have been removed, all archs handle GNU_RELRO the same way and the support can be moved from the MD code to the MI code. ok mpi@
* Borrow an idea from DragonFly BSD: factor out the "does this symbol match whatguenther2018-11-161-38/+54
| | | | | | | | | | | | we're looking up?" logic from _dl_find_symbol_obj() into matched_symbol(), so that the former is just the "iterate across the hash" logic. matched_symbol() returns zero on "not found", one on "found strong symbol", and negative one on "found weak symbol". The last of those lets the caller give up on this object after finding a weak symbol, as there's no point in continuing to search for a strong symbol in the same object. ok mpi@
* Put all the symbol lookup parameters (except the object being searched) andguenther2018-11-151-72/+60
| | | | | | | | the return pointers into a structure and pass that to _dl_find_symbol_obj(). Set sl->sl_obj_out in _dl_find_symbol_obj() so that the callers don't need to each record the object. ok mpi@
* Theodore Wynnychenko discovered the gettytab "lo=path" feature didn't workderaadt2018-11-152-10/+26
| | | | | | | anymore with unveil wired to /usr/bin/login. So let's parse gettytab a bit earlier to learn which login path to unveil. Later in the loop gettytab is re-parsed, if the login changes re-exec getty to reach the unveil from the top. ok millert, also discussed with mestre
* Delete support for non-secureplt binaries. The secure PLT format has beenguenther2018-11-122-109/+11
| | | | | | | the default for years and ports doesn't appear to have anything patching to use the old format. ok deraadt@
* Delete superfluous libc reach-around variables, left over from theguenther2018-11-091-4/+1
| | | | | | old syscall stubs. Prompted by miod@'s poke on m88k ok visa@
* Delete superfluous libc reacharounds.guenther2018-11-093-20/+15
| | | | | | | Replace magic numbers with symbolic constants in ldasm.S Let the kernel do the cacheflush optimization. from miod@
* Delete support for obsolete BSS PLT format, which was last known to beguenther2018-11-091-314/+38
| | | | | | used by the dearly departed editors/emacs21 port. Per naddy@, we'll keep an eye out for issues in the next ports bulk build
* ld.so's malloc has no runtime option processing, so remove theotto2018-11-021-75/+72
| | | | setting flags and replace them by constants. ok deraadt@ guenther@
* The compilers already put static arrays in .rodata when not written to;guenther2018-10-256-18/+18
| | | | | | | marking them const will keep a source change from silently moving them back to .data ok deraadt@ kettenis@
* When spamd(8) runs in greylist mode in the parent process (which runsmestre2018-10-251-1/+13
| | | | | | | | greywatcher()) we know that the only files that it will ever access are PATH_SPAMD_DB in rw mode, alloweddomains_file in r and that it will need to execute PATH_PFCTL so we can unveil(2) them with those permissions. OK deraadt@ millert@ beck@
* The only file that spamlogd(8) needs to access after calling pledge(2) ismestre2018-10-251-1/+3
| | | | | | PATH_SPAMD_DB, so unveil(2) it with O_RDWR permissions. OK millert@ beck@
* Delay processing of ld.so's own PT_GNU_RELRO section until after environmentguenther2018-10-235-86/+70
| | | | | | | | processing and malloc initialization, and then move variables set by those steps, including malloc's mopts structure, into the .data.rel.ro segment. This protects more data and eliminates the extra padding of the mopts. ok kettenis@
* More "explicitely" -> "explicitly" in various comments.krw2018-10-221-2/+2
| | | | ok guenther@ tb@ deraadt@
* Use int, not char*, for booleansguenther2018-10-224-19/+20
| | | | ok millert@
* Add retguard to arm64 ld.so.mortimer2018-10-012-7/+7
| | | | ok kettenis@
* Remove the hopefully last remnants of kerberos in there: arg_login,ajacoutot2018-09-301-12/+1
| | | | | | arg_notickets and invokinguser. ok kn@ millert@
* document HUP;jmc2018-09-251-2/+8
| | | | based on a diff from katherine rohl, shortened by request of deraadt
* unveil maildir, utmp, /tmp, and /dev. For the vast number of peoplederaadt2018-09-241-1/+9
| | | | using biff.
* unveil(2) in getty. This has been in snaps for more than 2 months,deraadt2018-09-241-1/+14
| | | | since I worry that a mistake in here will cause significant grief.
* update tradcpp to 0.5.2jsg2018-09-0218-148/+650
| | | | ok miko@ bcallah@ deraadt@
* make ld.so build reproducible by including a FILE symbol and by removingrobert2018-08-291-4/+12
| | | | | | | -x from ld; this is only used for syspatch creation so builds are still randomized just as before ok guenther@
* lockspool only plays with files in _PATH_MAILDIR, so unveil that path.deraadt2018-08-081-1/+4
|
* Move pledge to after getopt, when the finger program becomes knownderaadt2018-08-031-4/+6
| | | | | | (defaults to /usr/bin/finger, but can be redefined with -P option). Then unveil that program for "x" (execution), and pledge as before. No other filesystem accesses occur after that point.
* Fix address calculation for _DYNAMIC. We want to address of _DYNAMIC itself,kettenis2018-07-241-2/+2
| | | | | | | | | not the address of its GOT entry. The current code mixed the high bits of the GOT entry address with the low bits of the true address. This only worked by accident for small binaries where _DYNAMIC and its GOT entry happen to reside on the same page. ok guenther@, mortimer@
* unify the various per-arch syscall.h as much as possiblederaadt2018-07-0911-74/+80
| | | | ok kettenis guenther
* add missing ${LIBCRYPTO} to DPADDgsoares2018-06-281-2/+2
| | | | OK deraadt@ millert@ jca@
* Add add PIE support for m88k (requires gcc4 toolchain)guenther2018-06-161-3/+5
| | | | | | Convert __cerror to hidden visibility. from miod@
* silence a compiler warninggsoares2018-06-141-2/+2
| | | | OK millert
* Call pledge(2) earlier before opening the auth channel and readpassphrase()reyk2018-06-133-8/+15
| | | | | | | | | | | Before this change, only the password validation was pledged, now it also includes some more code including the "Password:" prompt. To pledge the code earlier, the getpwnam_shadow() had to be moved up - it works under "getpw" but it does not return the actual password hash under pledge. This also works with yp(ldap). OK deraadt@ tb@ brynet@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.