summaryrefslogtreecommitdiffstats
path: root/sys/kern/exec_elf.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* When killing a process, the signal is handled by any thread thatbluhm2019-05-131-2/+2
| | | | | | | | | | does not block the signal. If all threads block the signal, we delivered it to the main thread. This does not conform to POSIX. If any thread unblocks the signal, it should be delivered immediately to this thread. Mark such signals pending at the process instead of a single thread. Then any thread can handle it later. OK kettenis@ guenther@
* wxneeded binaries on wxallowed filesystems were refused execution. We havederaadt2019-05-111-14/+1
| | | | | | | | encountered a wxneeded binary that attempts correct operation when started on a nowxallowed filesystem (it tries mprotect with RWX, notices ENOTSUP and acts in a different way). So permit execution (but of course don't allow W^X violating mappings) ok sthen kettenis robert
* If mallocing the array program header fails, give up on coredumpingguenther2019-05-091-2/+4
| | | | | | instead of panicing ok deraadt@, tedu@, mpi@
* #define ELFROUNDSIZE 4 /* XXX Should it be sizeof(Elf_Word)? */deraadt2019-04-201-2/+2
| | | | Now that alpha is fixed, we can use sizeof().
* Core files with >65535 sections have to use PN_XNUM and a section headerguenther2018-12-061-8/+65
| | | | | | | | to pass the real count, with a minimal .shstrtab segment for consistency. Also, add support for PN_XNUM to readelf. problem reported and testing by claudio@ ok kettenis@
* Decouple unveil from the pledge flags, by adding dedicated unveil flagsbeck2018-08-051-1/+2
| | | | | | | | to the namei args. This fixes a bug where chmod would be allowed when with only READ. This also allows some further cleanup of some awkward things like PLEDGE_STAT that will follow Lots of assistence from semarie@ - thanks! ok semarie@
* Remove a few leftovers from the days of emulation, which could result inderaadt2018-07-201-3/+2
| | | | | a bad/corrupt binary not returning ENOEXEC but some other error. ok guenther kettenis bluhm
* Fail if a PT_LOAD segment has a memory size of 0. This prevents a panickettenis2018-07-201-3/+7
| | | | | | later on, and it makes no sense for a binary to have such a segment. ok bluhm@, guenther@
* Move from sendsig() to its callers the initsiginfo() calls andguenther2018-07-101-2/+1
| | | | | | | | instead of passing sendsig() the code+type+val, pass a siginfo_t* to copy from. Eliminate the indirection through struct emul for sendsig(); we no longer have a SunOS4-compat version of sendsig() ok deraadt@
* Don't pull in <sys/file.h> just to get fcntl.hguenther2017-12-301-2/+2
| | | | ok deraadt@ krw@
* In elf_load_file() to not call free(9) with an uninitialized sizebluhm2017-09-071-2/+2
| | | | | | | even if the pointer is NULL. This is not a real bug as free(9) checks the addr pointer before the size value, but the compiler cannot know that. found by clang -Wuninitialized; OK deraadt@
* Initialize the stack buffer used to build the auxiliary vector to zero tokettenis2017-03-201-1/+2
| | | | | | avoid leaking the contents of the kernel stack into userspace. ok guenther@, deraadt@
* Generating a coredump requires walking the map twice; changeguenther2017-03-051-125/+118
| | | | | | | uvm_coredump_walkmap() to do both with a callback in between so it can hold locks/change state across the two. ok stefan@
* Correct the entry point and base address calculations for anguenther2017-02-111-2/+4
| | | | | | interpreter whose entry point isn't in its first PT_LOAD segment. problem report and testing by patrick@
* Remove support for forcing the ELF interpreter to a specific address,guenther2017-02-081-21/+12
| | | | | | last used by COMPAT_SYSV which was removed in 2011. ok millert@
* In exec_elf.c: expand ELFNAME(), ELFNAME2(), and ELFNAMEEND() exceptguenther2017-02-081-78/+77
| | | | | | | | | | | | | | | | | | | | | | leaving out the size, so that ELFNAME2(exec,makecmds) becomes exec_elf_makecmds instead of exec_elf{32,64}_makecmds and then delete the ELFNAME2() and ELFNAMEEND() macros. Move the prototypes for functions local to exec_elf.c to there from exec_elf.h. Simplify the SMALL_KERNEL conditionals around the ELF coredump code. Change exec_conf.c to use the size-generic names and macros Remove exec_elf{32,64}.c and just build exec_elf.c; delete the _KERN_DO_ELF and _KERN_DO_ELF64 #defines. ok jca@, encouragement from deraadt@ and tom@
* Move ELF_AUX_ENTRIES from exec_elf.h to exec_elf.c; it's totally internalguenther2017-02-081-1/+6
| | | | | | and not something we guarantee to userspace ok jca@
* Change ELFNAME(read_from)'s buf parameter to be void*, eliminating a castguenther2017-02-081-9/+8
| | | | | | from all but one call ok jca@
* elf{32,64}_check_brand() isn't used; delete itguenther2017-02-081-13/+1
| | | | ok jca@
* Provide size-generic ELF_NO_ADDR in <sys/exec_elf.h> and use that insteadguenther2017-02-081-11/+11
| | | | | | of ELFDEFNNAME(NO_ADDR) ok jca@
* Since we expect to never do binary compat with other OSes again,guenther2017-02-051-23/+5
| | | | | | delete the no-longer-used probe hook support. ok mpi@ jca@
* p_comm is the process's command and isn't per thread, so move it fromguenther2017-01-211-2/+2
| | | | | | struct proc to struct process. ok deraadt@ kettenis@
* Split PID from TID, giving processes a PID unrelated to the TID of theirguenther2016-11-071-2/+2
| | | | | | initial thread ok jsing@ kettenis@
* Display/test/use the process PID, not the thread's TID, in a few places.guenther2016-10-051-2/+2
| | | | ok mpi@ mikeb@
* When trying to run an ELF binary marked PT_OPENBSD_WXNEEDED from aschwarze2016-09-121-5/+6
| | | | | | | file system mounted without MNT_WXALLOWED, fail with EACCES rather than with ENOEXEC, to discourage the shell from trying to run the file as a shell script. OK deraadt@ millert@; tedu@ and halex@ agreed with the general direction.
* Since epp->ep_name is a userland pointer, use copyinstr(9) to get a copy okkettenis2016-06-111-2/+5
| | | | | | the string into kernel space before logging the W^X binary warning. ok jca@, guenther@
* Enforce W^X and map W|X segments without X permission initially. Thekettenis2016-06-081-2/+9
| | | | | | | | dynamic linker will make these read-only and add back X permission after elocation processing. Static executables with W|X segments will probably crash. ok deraadt@, guenther@
* Identify W^X labelled binaries at execve() time based upon WX_OPENBSD_WXNEEDEDderaadt2016-05-301-1/+19
| | | | | | | | | | | flag set by ld -zwxneeded. Such binaries are allowed to run only on wxallowed mountpoints. They do not report mmap/mprotect problems. Rate limit mmap/mprotect reports from other binaries. These semantics are chosen to encourage progress in the ports ecosystem, without overwhelming the developers who work in the area. ok sthen kettenis
* backout to insert correct commit messagederaadt2016-05-301-19/+1
|
* *** empty log message ***deraadt2016-05-301-1/+19
|
* SROP mitigation. sendsig() stores a (per-process ^ &sigcontext) cookiederaadt2016-05-101-2/+3
| | | | | | | | inside the sigcontext. sigreturn(2) checks syscall entry was from the exact PC addr in the (per-process ASLR) sigtramp, verifies the cookie, and clears it to prevent sigcontext reuse. not yet tested on landisk, sparc, *88k, socppc. ok kettenis
* Support for running Linux binaries under emulation is going away.naddy2016-02-281-8/+1
| | | | | | | Remove "option COMPAT_LINUX" and everything directly tied to it from the kernel and the corresponding man page documentation. ok visa@ guenther@
* move the pledgenote annotation from `struct proc' to `struct nameidata'semarie2015-11-021-2/+2
| | | | | | | | | | pledgenote is used for annotate the policy for a namei context. So make it tracking the nameidata. It is expected for the caller to explicitly define the policy. It is a kernel bug to not do so. ok deraadt@
* Paranoa: p_pledgenote the NAMEI for ld.so loadingderaadt2015-10-281-1/+3
|
* Track size of an opaque allocation to pass to free() laterderaadt2015-09-281-3/+4
| | | | ok guenther tedu
* Now we use p_filesz - 1 to test for NUL check that p_filesz isjsg2015-04-301-2/+2
| | | | | | | | at least two and while here allow the upper bound to be MAXPATHLEN by changing a >= to > as suggested by krw@ in a thread on tech where Maxime Villard proposed additional PT_INTERP checks. tested by and ok guenther@
* Error out if the PT_INTERP segment isn't NUL terminatedguenther2015-04-301-1/+3
| | | | ok deraadt@ millert@ miod@
* Require a PT_LOAD segment's p_filesz to be no larger than its p_memsz.guenther2015-04-261-1/+7
| | | | | test cases provided by Alejandro Herna'ndez (nitrousenador (at) gmail.com) ok deraadt@ jsg@
* Extend uvm_map_hint() to get an address range as extra arguments, and makemiod2015-03-301-2/+3
| | | | | | | | | | sure it will return an address within that range. Use this in uaddr_rnd_select() to make sure we will not attempt to pick an address beyond what we are allowed to map. In my trees for 9 months, blackmailed s2k15 attendees into agreeing now would be a good time to commit.
* Don't use an uninitialized variable when a PT_LOAD segment withguenther2015-02-101-11/+10
| | | | | | | | | | alignment 0 or 1 is encountered. The result before was just a spurious failure by execve(), though I had to manually mangle a binary to hit this case: segments are all long-aligned or better in practice. uninitialized variable noted by Maxime Villard (rustyBSD (at) gmx.fr) ok and prod jsg@
* Raise ELF_RANDOMIZE_LIMIT to 64K, so that programs and libraries canderaadt2015-02-061-4/+1
| | | | | | | legitimately use random section variables without execve failures... Because this section is not demand faulted, yield() every page during the fill otherwise the costs are charged poorly. ok tedu matthew
* Require EFT shared objects have a PT_PHDR entry to be consideredkurt2015-01-271-5/+11
| | | | | | | | | | a pie binary. The kernel will now reject executing a typical shared library with EINVAL. This breaks compatibility with initial static pie binaries and requires a recent user-land prior to upgrading. In addition, more fine grained errors can be returned from execve(2) when errors occur while attempting to execute ELF objects. okay guenther@, kettenis@, deraadt@
* Move ps_strings "after" the random stackgap. This makes its location akettenis2015-01-201-2/+2
| | | | | | | | per-process value, and therefpore turns the VM_PSSTRINGS sysctl into a per-process one as well. This gets rid of a pointer to the bottom of the stack at a fixed location. Also clears the road for unmapping the stackgap. ok deraadt@
* Make it possible to execute PIE binaries that don't have an PT_INTERP segmentkettenis2014-12-221-9/+12
| | | | | | | | | | | | (and therefore no interpreter). Necessary to make self-relocating "static" PIE working. This will also allow execution of shared libraries that have the 'x' bit set. Those shouldn't exist, but unfortunately people outside OpenBSD think differently which means third-party software sometimes installs shared libraries with the 'x' bit set. ok kurt@, deraadt@
* primary change: move uvm_vnode out of vnode, keeping only a pointer.tedu2014-12-161-1/+3
| | | | | | objective: vnode.h doesn't include uvm_extern.h anymore. followup changes: include uvm_extern.h or lock.h where necessary. ok and help from deraadt
* Replace a plethora of historical protection options with justderaadt2014-11-161-10/+10
| | | | | | | PROT_NONE, PROT_READ, PROT_WRITE, and PROT_EXEC from mman.h. PROT_MASK is introduced as the one true way of extracting those bits. Remove UVM_ADV_* wrapper, using the standard names. ok doug guenther kettenis
* prefer sizeof(*ptr) to sizeof(struct) for malloc and freetedu2014-11-141-2/+2
|
* printf debugging worked! figured out the bug (in free()) just aftertedu2014-11-061-3/+1
| | | | committing the printfs. revert.
* Make better use of the value of psectionslen instead of recomputingmillert2014-11-061-11/+8
| | | | it multiple times. Also remove an unused variable. OK deraadt@ tedu@
* resort to printf debugging hints until we can figure this out. ok deraadttedu2014-11-061-1/+3
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.