freebsd-nq/lib/libcasper
Robert Watson 9612674f64 In libcasper, prefer to send a function index or service name over the IPC
channel to a zygote process, rather than sending a function pointer or
service pointer.  This avoids transfering pointers between address spaces,
which while robust in this case (due to the zygote being forked() from the
parent) is not generally a good idea, especially in the presence of
increasingly popular control-flow integrity and pointer protection
mitigation schemes.  With this change, ping(8) and other sandboxed tools
using libcasper for DNS resolution now work on architectures with tagged
memory again.

Reviewed by:	oshogbo
MFC after:	1 week
Sponsored by:	DARPA, AFRL
2017-03-23 14:35:21 +00:00
..
libcasper In libcasper, prefer to send a function index or service name over the IPC 2017-03-23 14:35:21 +00:00
services Set SHLIBDIR before .including src.opts.mk in libcapser services 2016-10-24 14:37:18 +00:00
Makefile These can build in parallel. 2016-02-26 22:14:04 +00:00
Makefile.inc Remove unneeded lines. 2016-02-26 22:14:08 +00:00