summaryrefslogtreecommitdiffstats
path: root/libexec (follow)
Commit message (Collapse)AuthorAgeFilesLines
* On i386 don't attempt to map shared libraries in low memory whenkurt2021-03-163-5/+21
| | | | | | | | | | | | | | | | a large executable's .text section crosses the 512MB exec line. Executables that have MAXTSIZ > 64MB can map above the default 512MB exec line. When this happens, shared libs that attempt to map into low memory will find their .data section can not be mapped. ld.so will attempt to remap the share lib at higher addresses until it can be mapped. For very large executables like chrome this process is very time consuming. This change detects how much of the executable's .text section exceeds 512MB and uses that as the initial hint for shared libs to map into which avoids attempting to map into blocked memory. okay deraadt@
* Check auth_mkvalue(3) return value for NULL (malloc failure).millert2021-01-024-20/+41
| | | | | For constant strings we don't actually need to use auth_mkvalue(3). Problem reported by Ross L Richardson.
* We know about optreset from unistd.h.florian2020-12-271-2/+1
| | | | | From Jan Stary, thanks. OK martijn
* Fix a nasty mem leak in ld.so's own malloc. This was hard to diagnose, sinceotto2020-12-261-4/+1
| | | | | | malloc dumping and gdb do not help at all when studying ld.so. In the end it turns out ot be a simple merge error causing extra mmap calls. ok miller@ tb@
* Add retguard to macppc kernel locore.S, ofwreal.S, setjmp.Sgkoehler2020-11-281-3/+3
| | | | | | | | | This changes RETGUARD_SETUP(ffs) to RETGUARD_SETUP(ffs, %r11, %r12) and RETGUARD_CHECK(ffs) to RETGUARD_CHECK(ffs, %r11, %r12) to show that r11 and r12 are in use between setup and check, and to pick registers other than r11 and r12 in some kernel functions. ok mortimer@ deraadt@
* Retguard asm macros for powerpc libc, ld.sogkoehler2020-10-261-2/+5
| | | | | | | | | | Add retguard to some, but not all, asm functions in libc. Edit SYS.h in libc to remove the PREFIX macros and add SYSENTRY (more like aarch64 and powerpc64), so we can insert RETGUARD_SETUP after SYSENTRY. Some .S files in this commit don't get retguard, but do stop using the old prefix macros. Tested by deraadt@, who put this diff in a macppc snap.
* Use the retguard macros from asm.h to protect the system call stubs.deraadt2020-10-161-2/+5
| | | | ok mortimer kettenis
* make three mib[] arrays const, as was done in libcderaadt2020-10-152-12/+10
|
* Don't skip file systems just because the parent fs is nodev and nosuid.millert2020-10-111-8/+13
| | | | | | Fixes instances where a mount point uses the nodev and nosuid options but another file system mounted inside that hierarchy does not. OK schwarze@
* afs, nnpfs, and procfs are no longer supported,schwarze2020-09-171-3/+3
| | | | | | so stop looking for them in mount(8) output; no functional change intended; OK millert@
* Do not bother scanning file systems that are both nodev and nosuidschwarze2020-09-141-3/+4
| | | | | | | | | | | for SUID, SGID, and device files, implementing an idea that deraadt@ came up with based on a somewhat similar idea from millert@ after a loosely related comment from Rupert Gallagher on misc@. While here, minimally simplify the way mount options are parsed, hoping to make the parsing more readable and also more robust. OK millert@ deraadt@
* No need to check for NULL before calling free.martijn2020-09-141-17/+9
| | | | from miod@
* Documentation fixes by jmc.martijn2020-09-122-35/+45
|
* Import login_ldap.martijn2020-09-1210-2/+2961
| | | | | | | | | | The code is based login_ldap port, but uses our own aldap implementation instead of openldap. It also uses a stand alone configuration file instead of login.conf, since setting this up might contain information not destined for everyone to see. OK bluhm@ "Go for it" deraadt@
* Move definiton of struct token_types *tt to init.c from header file.mortimer2020-09-062-3/+5
| | | | | | Makes it build with -fno-common. ok deraadt
* clang 10 now emits calls to __multi3 from libcompiler_rtjca2020-08-111-1/+9
| | | | Hints from kettenis@, ok kettenis@ deraadt@
* Use the same names as the 64-bit PowerPC ELF ABI for the relocations.kettenis2020-07-182-13/+15
|
* Rewrite loop to match what is written down in the ABI document.kettenis2020-07-161-6/+5
| | | | ok drahn@
* Make lazy binding work.kettenis2020-07-162-14/+37
| | | | Committing on behalf of drahn@ who is a bit busy.
* Clarify man pagejob2020-07-081-5/+9
| | | | OK sobrado@ jmc@
* Disable powerpc64 lazy binding, code was not for 64 bit ABIdrahn2020-06-281-25/+2
| | | | DT_PPC_GOT is not used on powerpc64, delete.
* Powerpc64 ld.so asm code needs to conform to Powerpc64 abi, not 32bit.drahn2020-06-281-27/+28
| | | | ok kettenis@
* PowerPC64 ld.so code.drahn2020-06-257-0/+749
| | | | | | | | | Mostly ported, code runs far enough to start first symbol string lookup. build with -gdwarf-4 to remove asm warnings. Do not bother supporting 32 bit non-pic relocations in shared libraries. (however leave the code there for now)
* Remove support for world-writable mail spools.millert2020-05-272-89/+17
| | | | | They won't work any more due to pledge restrictions so just print an error and exit if the spool is world-writable. OK beck@
* Fix handling of passwd entries with an empty password.millert2020-05-151-4/+5
| | | | | | Initialize "pass" to the empty string instead of NULL, otherwise crypt_checkpass() will dereference NULL. From Yuichiro Naito via yasuoka@. OK deraadt@
* ld.so(1) also ignores LD_LIBRARY_PATH an friends for set-group-ID executablesjca2020-05-081-6/+4
| | | | | | | While here, use consistent casing and don't use .Ev for set-user-ID/set-group-ID. from Miod
* LD_DEBUG is ignored for set-user-ID and set-group-ID executablesjca2020-05-081-2/+3
| | | | from Miod
* Add missing space in stack smash handler error message.matthieu2020-03-271-2/+2
| | | | ok kettenis@, deraadt@
* Anthony Steinhauser reports that 32-bit arm cpus have the same speculationderaadt2020-03-132-5/+5
| | | | | | | | | | | problems as 64-bit models. To resolve the syscall speculation, as a first step "nop; nop" was added after all occurances of the syscall ("swi 0") instruction. Then the kernel was changed to jump over the 2 extra instructions. In this final step, those pair of nops are converted into the speculation-blocking sequence ("dsb nsh; isb"). Don't try to build through these multiple steps, use a snapshot instead. Packages matching the new ABI will be out in a while... ok kettenis
* Anthony Steinhauser reports that 32-bit arm cpus have the same speculationderaadt2020-03-131-2/+2
| | | | | | problems as 64-bit models. For the syscall instruction issue, add nop;nop after swi 0, in preparation for jumping over a speculation barrier here later. (a lonely swi 0 was hiding in __asm in this file)
* Anthony Steinhauser reports that 32-bit arm cpus have the same speculationderaadt2020-03-111-2/+4
| | | | | | problems as 64-bit models. For the syscall instruction issue, add nop;nop after swi 0, in preparation for jumping over a speculation barrier here later. ok kettenis
* Avoid passing a NULL name to retrieve(), use "." instead.millert2020-03-041-2/+2
| | | | | Fixes a "vfprintf %s NULL" warning in ftpd. OK deraadt@ tb@
* Now that the kernel skips the two instructions immediately followingkettenis2020-02-182-5/+5
| | | | | | | | a syscall, replace the double nop with a dsb nsh; isb; sequence which stops the CPU from speculating any further. This fix was suggested by Anthony Steinhauser. ok deraadt@
* Use sysexits.h exit values to distinguish between tempfail and permfail.millert2020-02-094-49/+57
| | | | | | Unix MTAs use the exit value of the MDA (here mail.local) to determine whether or not a failure to deliver mail should be considered to be a temporary or permanent failure. OK semarie@ beck@
* correct Research Unix edition "appeared in" use in HISTORYjsg2020-02-082-6/+6
| | | | | | | | | | | | | | | | | Starting from "Combined Table of Contents" in Doug McIlroy's "A Research UNIX Reader" a table of which edition manuals appeared in. Checked against manuals from bitsavers/TUHS and source from TUHS where available. Ingo points out there are cases where something is included but not documented until a later release. bcd(6) v6 v7 printf(3) v2 v4 abort(3) v5 v6 system(3) v6 v7 fmod(3) v5 v6 ok schwarze@
* Remove backward compatibility for obsolete -H flag.millert2020-02-071-14/+5
| | | | The -H flag was deprecated in 1998. OK jung@
* Allow mail.local to be run as non-root.millert2020-02-023-12/+71
| | | | | | | If mail.local is invoked by a non-root user, open a pipe to lockspool(1) for file locking. It is only possible to delivery to a pre-existing mail spool when running mail.local as non-root. OK gilles@ deraadt@
* Insert two nop instructions after each svc #0 instruction in userland.kettenis2020-01-262-6/+8
| | | | | | | | The will be replaced by a speculation barrier as soon as we teach the kernel to skip over these two instructions when returning from a system call. ok patrick@, deraadt@
* Simplify globbing of ftpd(8)s list and nlst commands.jan2020-01-153-34/+25
| | | | | | Also avoid command option injection for ls(1). OK martijn@
* Merge two missed fixes from login.c to login_passwd.c.millert2019-12-241-4/+5
| | | | | | - use the correct length when checking for "-v lastchance=yes" - don't try to zero pass if it is NULL From miod@
* Replace modular version with origin BSDi version with our updates.millert2019-12-214-252/+133
| | | | | | In 2001 login_passwd was made modular so we could use the same source for passwd and kerberos auth. Now that we no longer have kerberos integrated we can simplify login_passwd. OK deraadt@
* Eliminate failure returns from _dl_split_path(): if malloc fails just _dl_oom()guenther2019-12-172-8/+10
| | | | | | | Prompted by Qualys's leveraging malloc failure in _dl_split_path() to get stuff past. ok deraadt@ millert@
* Don't look up env variables until we know we'll trust them. Otherwise,guenther2019-12-171-32/+21
| | | | | | just delete them without looking. ok millert@
* Return BI_SILENT not BI_AUTH if the challenge service is requested.millert2019-12-141-2/+2
| | | | | This bug was introduced in the login_passwd rewrite back in 2001. From Tom Longshine.
* ld.so may fail to remove the LD_LIBRARY_PATH environment variable formillert2019-12-111-5/+7
| | | | | set-user-ID and set-group-ID executables in low memory conditions. Reported by Qualys
* When loading a library, mmap(2) may fail. Then everything getsbluhm2019-12-091-9/+10
| | | | | | | unmapped and ld.so tries again with different random address layout. In this case, use the new libc executable address for msyscall(2), not one from the first try. Fixes sporadic bogus syscall on i386. OK deraadt@
* print addresses upon msyscall failure, for nowderaadt2019-12-092-4/+6
|
* Disable ltrace for objects linked with -znow, as at least on amd64, linkingguenther2019-12-0712-47/+24
| | | | | | | | | that was deletes the lazy relocation trampoline which ltrace currently depends on problem reported by tb@ directional feedback kettenis@ ok mpi@
* It is not always clear what ld.so was backed up to ld.so.backup, andderaadt2019-12-021-2/+1
| | | | better that folk doing development in here use their own cp tooling.
* Sigh, fix i386 msyscall() case to permission the correct address range.deraadt2019-11-301-6/+8
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.