adjustment for all virtual addresses encoded into the ELF structures of
it. PIE binary could and should be loaded at non-zero mapbase.
For sym_zero pseudosymbol used as a return value from find_symdef()
for undefined weak symbols, st_value also should be adjusted, since
_rtld_bind corrects symbol values by relocbase.
Discussed with: bz
Reviewed by: kan
Tested by: bz (i386, amd64), bsam (linux)
MFC after: some time
ELF header from the front of the file. As all other I/O on the binary
is done using mmap(), this avoids the need for seek privileges on the
file descriptor during run-time linking.
MFC after: 1 month
Sponsored by: Google
it from the build.
If you are using the FTP daemon, please consider using the port ftp/tnftpd
which is the same FTP server, but newer and might have more/better
functionality.
This results in us providing only one ftp daemon by default.
Reviewed by: bz
Approved by: imp (mentor, implicit)
MFC after: 3 days
Silence from: obrien
is not equal to its memory size.
This eliminates unneeded clearing of the text segment that often
happens due to text end not being page-aligned.
For instance,
$ readelf -l /lib/libedit.so.6
Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
LOAD 0x000000 0x00000000 0x00000000 0x139e1 0x139e1 R E 0x1000
LOAD 0x014000 0x00014000 0x00014000 0x00f04 0x00f14 RW 0x1000
DYNAMIC 0x014cc4 0x00014cc4 0x00014cc4 0x000d0 0x000d0 RW 0x4
$ procstat -v $$ (for /bin/sh)
68585 0x28097000 0x280aa000 r-x 6 0 21 14 CN vn /lib/libedit.so.6
68585 0x280aa000 0x280ab000 r-x 1 0 1 0 CN vn /lib/libedit.so.6 <==
68585 0x280ab000 0x280ac000 rwx 1 0 1 0 CN vn /lib/libedit.so.6
Note the splitted map entry marked by '<=='.
Reviewed by: kan
Approved by: re (kensmith)
MFC after: 1 month
compiled with stack protector.
Use libssp_nonshared library to pull __stack_chk_fail_local symbol into
each library that needs it instead of pulling it from libc. GCC
generates local calls to this function which result in absolute
relocations put into position-independent code segment, making dynamic
loader do extra work every time given shared library is being relocated
and making affected text pages non-shareable.
Reviewed by: kib
Approved by: re (kib)
Use libssp_nonshared library to pull __stack_chk_fail_local symbol into
each library that needs it instead of pulling it from libc. GCC generates
local calls to this function which result in absolute relocations put into
position-independent code segment, making dynamic loader do extra work everys
time given shared library is being relocated and making affected text pages
non-shareable.
Reviewed by: kib
Approved by: re (kensmith)
altered through their .init code. This might happen if init
vector calls dlopen on its own and that dlopen causes some not
yet initialized object to be initialized earlier as part of that
dlopened DAG.
Do not reset module reference counts to zero on final fini vector
run when process is exiting. Just add an additional parameter to
force fini vector invocation regardless of current reference count
value if object was not destructed yet. This allows dlclose called
from fini vector to proceed normally instead of failing with handle
validation error.
Reviewed by: kib
Reported by: venki kaps
dlsym seaches using this handle are expected to look for symbol
definitions in all objects loaded at the program start time along
with all objects currently in RTLD_GLOBAL scope.
Discussed with: kib
Reported by: Maho NAKATA
MFC after: 2 weeks
The makekey utility has been deprecated and will be removed in a future
release of FreeBSD.
Actually removing it was approved back on 10/29/2007 by re (kensmith) but
I dropped the ball on actually removing it. It's doubtful that it's become
more relevant/useful in the intervening time.
for the mapping by the object' file with the protection and mode of
the first loadable segment over the whole region. Then, it maps other
segments at the appropriate addresses inside the region.
On amd64, due to default alignment of the segments being 1Gb, the
subsequent segment mappings leave the holes in the region, that usually
contain mapping of the object' file past eof. Such mappings prevent
wiring of the address space, because the pages cannot be faulted in.
Change the way the mapping of the ELF objects is constructed, by first
mapping PROT_NONE anonymous memory over the whole range, and then
mapping the segments of the object over it. Take advantage of this new
order and allocate .bss by changing the protection of the range instead
of remapping.
Note that we cannot simply keep the holes between segments, because
other mappings may be made there. Among other issues, when the dso is
unloaded, rtld unmaps the whole region, deleting unrelated mappings.
The kernel ELF image activator does put the holes between segments, but
this is not critical for now because kernel loads only executable image
and interpreter, both cannot be unloaded. This will be fixed later, if
needed.
Reported and tested by: Hans Ottevanger <fbsdhackers beasties demon nl>
Suggested and reviewed by: kan, alc
dlfunc() called dlsym() to do the work, and dlsym() determines the dso
that originating the call by the return address. Due to this, dlfunc()
operated as if the caller is always the libc.
To fix this, move the dlfunc() to rtld, where it can call the internal
implementation of dlsym, and still correctly fetch return address.
Provide usual weak stub for the symbol from libc for static binaries.
dlfunc is put to FBSD_1.0 symver namespace in the ld.so export to
override dlfunc@FBSD_1.0 weak symbol, exported by libc.
Reported, analyzed and tested by: Tijl Coosemans <tijl ulyssis org>
PR: standards/133339
Reviewed by: kan
the rtld hints file. This environment variable would be unset if the
process is considered as tainted with setuid/setgid. This feature gives
a convenient way of using a custom set of shared library that is not
located in the default location and switch back.
Feature requested by: iXsystems
Original patch by: John Hixson
MFC after: 2 weeks
soneeded pathes. The $ORIGIN, $OSNAME, $OSREL and $PLATFORM tokens
are supported. Enabling the substitution requires DF_ORIGIN flag in
DT_FLAGS or DF_1_ORIGIN if DF_FLAGS_1, that may be set with -z origin
gnu ld flag. Translation is unconditionally disabled for setuid/setgid
processes.
The $ORIGIN translation relies on the AT_EXECPATH auxinfo supplied
by kernel.
Requested by: maho
Tested by: maho, pho
Reviewed by: kan
Pseudo-terminals allocated with posix_openpt(2) will have more slashes
in their path names than comsat(8) allows, so allow slashes when the
character device name starts with "pts/".
This patch is loosely based on NetBSD's changes, revision 1.33. Because
it also included the changes to fork(), I imported them here as well.
Maybe we could import even more fixes from the other BSD's?
Original commit message from the NetBSD folks:
PR/30170: Markus W Kilbinger: src/libexec/comsat complains
about: '/' in "/dev/pts/1"
Reported by: Robert Huff <roberthuff rcn com>
long commands into multiple requests. [08:12]
Avoid calling uninitialized function pointers in protocol switch
code. [08:13]
Merry Christmas everybody...
Approved by: so (cperciva)
Approved by: re (kensmith)
Security: FreeBSD-SA-08:12.ftpd, FreeBSD-SA-08:13.protosw
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.
Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion
does not use any external symbols, thus avoiding possible recursion into
rtld to resolve symbols, when called.
Reviewed by: kan, davidxu
Tested by: rink
MFC after: 1 month
Threading library calls _pre before the fork, allowing the rtld to
lock itself to ensure that other threads of the process are out of
dynamic linker. _post releases the locks.
This allows the rtld to have consistent state in the child. Although
child may legitimately call only async-safe functions, the call may
need plt relocation resolution, and this requires working rtld.
Reported and debugging help by: rink
Reviewed by: kan, davidxu
MFC after: 1 month (anyway, not before 7.1 is out)
Some time ago I got some reports MPSAFE TTY broke telnetd(8). Even
though it turned out to be a different problem within the TTY code, I
spotted a small issue with telnetd(8). Instead of allocating PTY's using
openpty(3) or posix_openpt(2), it used its own PTY allocation routine.
This means that telnetd(8) still uses /dev/ptyXX-style devices.
I've also increased the size of line[]. Even though 16 should be enough,
we already use 13 bytes ("/dev/pts/999", including '\0'). 32 bytes gives
us a little more freedom.
Also enable -DSTREAMSPTY. Otherwise telnetd(8) strips the PTY's pathname
to the latest slash instead of just removing "/dev/" (e.g. /dev/pts/0 ->
0, instead of pts/0).
Reviewed by: rink
derivitive of NetBSD's mips_reloc.c, so pull in the copyright notice
from there.
Also, a minor tweak to load/store pointers. Other changes from NetBSD
likely would be useful too...
Obtained from: NetBSD
from working.
From p4 filelog of the upstream file in p4
//depot/projects/mips2-jnpr/src/libexec/rtld-elf/mips/reloc.c
... #6 change 140737 edit on 2008/04/27 by gonzo@gonzo_jeeves (text+ko)
o Looks like handler for R_MIPS_REL32 brought by CS 137942
is broken for tradmips. Code from NetBSD's
libexec/ld.elf_so/arch/mips/mips_reloc.c works just fine.
... #3 change 137942 edit on 2008/03/17 by rrs@rrs-mips2-jnpr (text+ko)
Any relocation symbol lookup if its 0. It looks like
this is the way the compiler indicates you need to
look in another shared library. When we hit these
as we relocate a object we will do the symbol
lookups and setup the relocation table with the
right value.
Submitted by: rrs@, gonzo@
control over the result of buildworld and installworld; this especially
helps packaging systems such as nanobsd
Reviewed by: various (posted to arch)
MFC after: 1 month
bit flag, otherwise if a thread acquired a lock, another thread
or the current thread itself can no longer acquire another lock
because thread_mask_set() return whole flag word, this results
bit leaking in the word and misbehavior in later locking and
unlocking.
contexts as rtld's malloc is not thread safe and is only supposed to be
called with exclusive bind lock already held.
The originating PR submitted a patch on top of different pre-requisite
workaroud for unsafe dlopen calls, and the patch was midief slighlty to apply
to stock sources for the purpose of this commit. Running rtld malloc from
unlocked contexts is a bug on its own.
PR: 126950
Submited by: Oleg Dolgov
Before we had a posix_openpt() that allocated PTY's with proper
permissions in place, we used this set-uid utility to change the
ownership of PTY slave devices to the real user ID of the process. This
utility was used to implement grantpt().
In my first designs of the MPSAFE TTY layer, I replaced this by adding
an ioctl() called TIOCGRANTPT, which was used to change the ownership.
I left the pt_chown utility, because older C libraries needed it to work
properly.
After some discussions back in June I changed the PTY code to set
permissions properly upon creation. Fortunately the previous grantpt()
implementation changed permissions by hand when pt_chown is not
installed, which always succeeds. This means grantpt() still works
properly, even though the set-uid utility is missing.
I've done tests with FreeBSD 5.2.1, FreeBSD 6.3 and FreeBSD 7.0 jails.
All of them still work if I remove pt_chown.
Reviewed by: philip (ex-mentor)
understand which code paths aren't possible.
This commit eliminates 117 false positive bug reports of the form
"allocate memory; error out if pointer is NULL; use pointer".
- It is opt-out for now so as to give it maximum testing, but it may be
turned opt-in for stable branches depending on the consensus. You
can turn it off with WITHOUT_SSP.
- WITHOUT_SSP was previously used to disable the build of GNU libssp.
It is harmless to steal the knob as SSP symbols have been provided
by libc for a long time, GNU libssp should not have been much used.
- SSP is disabled in a few corners such as system bootstrap programs
(sys/boot), process bootstrap code (rtld, csu) and SSP symbols themselves.
- It should be safe to use -fstack-protector-all to build world, however
libc will be automatically downgraded to -fstack-protector because it
breaks rtld otherwise.
- This option is unavailable on ia64.
Enable GCC stack protection (aka Propolice) for kernel:
- It is opt-out for now so as to give it maximum testing.
- Do not compile your kernel with -fstack-protector-all, it won't work.
Submitted by: Jeremie Le Hen <jeremie@le-hen.org>
