Commit Graph

1634 Commits

Author SHA1 Message Date
ed
da06e492c7 Really disable wtmp logging when chrooting.
Also perform a small cleanup to ftpd_logwtmp(). Just use a NULL
parameter for the username to indicate a logout, instead of an empty
string.

Reported by:	Alexey Shuvaev <shuvaev physik uni-wuerzburg de>
2010-01-18 23:28:25 +00:00
ed
c47f4ccef3 Phase out ttyslot(3).
The ttyslot() function was originally part for SUSv1, marked LEGACY in
SUSv2 and removed later on. This function only makes sense when using
utmp(5), because it was used to determine the offset of the record for
the controlling TTY. It makes little sense to keep it here, because the
new utmpx file format doesn't index based on TTY slots.
2010-01-14 05:35:32 +00:00
ed
6dd5ce59c1 Port all apps in libexec/ from libulog to utmpx. 2010-01-13 18:28:58 +00:00
ed
a0af351d02 Port ftpd to utmpx.
Unfortunately I have to partially wreck its functionality, though. ftpd
used to keep a file descriptor to the wtmp, which allowed it to work
from within a chroot. The current utmpx implementation doesn't offer a
way to do this. Maybe we can address this in the future, if it turns out
to be a real issue.
2010-01-13 18:28:41 +00:00
ed
14920edb23 Port comsat to utmpx.
It seems comsat stats the utmpx database each 15 seconds to see whether
it has been changed. I am changing this behaviour to look at the utmpx
database upon processing. I don't want to allow direct interference with
the database files. I also wonder whether this optimization has any
measurable performance benefit nowadays.
2010-01-13 18:25:43 +00:00
ed
4215376d31 Remove `dead code' from rlogind.
- It shouldn't call logwtmp(). Applications like login(1) already make
  sure both login and logout entries are written to the storage.
- There's no need to restore permissions on the pseudo-terminal, since
  it should be garbage collected by the kernel.
2010-01-13 18:24:04 +00:00
ed
b1c1be30d7 Make WARNS=6 the default for libexec/.
Just like bin/ and sbin/, I think setting WARNS to the highest value
possible will make it more attractive for people to fix warnings.

- The WARNS variable is set in the Makefile in the directory of the
  application itself, making it more likely that it will be removed out
  of curiosity to see what happens.
- New applications will most likely build with WARNS=6 out of the box,
  because the author would more likely fix the warnings during
  development than lower WARNS.

Unfortunately almost all apps in libexec require a lowered value of
WARNS.
2010-01-02 09:50:19 +00:00
ed
fc5b3c2f3d Fix several warnings.
- Add __unused keywords.
- Don't shadow a global variable called cr.
- Make the global cr variable const.
2010-01-02 09:45:59 +00:00
ed
f590bf3733 ANSIfy ldconfig and the aout bits it still uses from rtld-aout.
(Why is aout support still there?)
2009-12-29 21:07:17 +00:00
ed
e11903ba0f Make rpc.ruserd work with utmpx/libulog.
Because strings are now null-terminated, I've decided to just use an
array of utmpx structures, instead of the separated strings. This means
we just copy the entire utmpx structure and point to the strings within
the structures directly.
2009-12-29 10:28:20 +00:00
ed
f922449aa5 Perform cleanups to rpc.rusersd:
- Perform whitespace fixes. Use tabs instead of 8 spaces.
- Make it build at WARNS=6.
2009-12-28 23:01:24 +00:00
ed
5d9c8b273f Modify the sources to make WARNS=6 work. 2009-12-26 14:33:55 +00:00
ed
b204f94963 Unbreak the build.
I increased the WARNS, but it looks like it breaks certain architectures
with more strict alignment requirements (mips, sparc64, ia64).

Pointy hat to:	me
2009-12-26 11:00:18 +00:00
ed
95bce7e055 Let talkd use utmpx instead of utmp.
Because strings are null terminated now, there is no need to copy
ut_line into a separate buffer first. Also enable WARNS.
2009-12-25 11:12:05 +00:00
ed
d6471fa124 Don't use UT_NAMESIZE here to determine the maximum username length. 2009-12-25 10:30:54 +00:00
ed
460e546f24 Repair breakage to last-minute API change.
I changed ulog_log{in,out} to return a void, but forgot to change
ulog-helper as well.

Reported by:	stefanf
2009-12-03 21:44:41 +00:00
ed
879c7d2730 Add a new library: libulog.
One of the things I really want to do, is to get rid of the limitations
of our current utmp(5) mechanism:

- It only allows 8 byte TTY device names.
- The hostname only allows 16 bytes of storage.

I'm not a big fan of <utmpx.h>, but I think we should at least try to
add parts of it. Unfortunately we cannot implement <utmpx.h>, because we
miss various fields, such as ut_id, ut_pid, etc. The API provided by
libulog shares some similarities with <utmpx.h>, so it shouldn't be too
hard to port these applications eventually. In most simple cases, it
should just be a matter of removing the ulog_ prefix everywhere.

As a bonus, it also implements a function called ulog_login_pseudo(),
which allows unprivileged applications to write log entries, provided
they have a valid file descriptor to a pseudo-terminal master device.

libulog will allow a smoother transition to a new file format by adding
a library interface to deal with utmp/wtmp/lastlog files. I initially
thought about adding the functionality to libutil, but because I'm not
planning on keeping this library around forever, we'd better keep it
separated.

Next items on the todo list:

1. Port applications in the base system (and ports) to libulog, instead
   of letting them use <utmp.h>.
2. Remove <utmp.h>, implement <utmpx.h> and reimplement this library on
   top.
3. Port as many applications as possible back to <utmpx.h>.
2009-12-03 15:48:24 +00:00
cperciva
dbccfb34d9 Fix local root vulnerability.
Security:	Advisory will be coming soon.
X-MFC-After:	30 seconds
2009-12-01 02:57:06 +00:00
kib
d9873126f6 Allow to load not-openable dso when tracing. This fixes ldd on such dso or
dso linked to non-openable object.
Remove '\n' at the end of error message.
End comments with dot.

MFC after:	3 weeks (together with r199829)
2009-11-28 14:29:32 +00:00
kib
8f8a9dcd17 Implement rtld part of the support for -z nodlopen (see ld(1)).
Reviewed by:	kan
MFC after:	3 weeks
2009-11-26 13:57:20 +00:00
kib
0dba9623fa Flag controlling origin expansion in DT_FLAGS is DF_ORIGIN, not DF_1_ORIGIN.
Reviewed by:	kan
MFC after:	3 days
2009-11-26 13:55:49 +00:00
rwatson
0fc93714b1 Fix white space in rtld runtime error printf.
MFC after:	3 days
2009-11-14 15:08:44 +00:00
kib
69e50b966c Calculate relocation base for the main object, and apply the relocation
adjustment for all virtual addresses encoded into the ELF structures of
it. PIE binary could and should be loaded at non-zero mapbase.

For sym_zero pseudosymbol used as a return value from find_symdef()
for undefined weak symbols, st_value also should be adjusted, since
_rtld_bind corrects symbol values by relocbase.

Discussed with:	bz
Reviewed by:	kan
Tested by:	bz (i386, amd64), bsam (linux)
MFC after:	some time
2009-10-10 15:27:10 +00:00
rwatson
63d44e1faa In rtld's map_object(), use pread(..., 0) rather than read() to read the
ELF header from the front of the file.  As all other I/O on the binary
is done using mmap(), this avoids the need for seek privileges on the
file descriptor during run-time linking.

MFC after:	1 month
Sponsored by:	Google
2009-10-06 17:14:39 +00:00
des
6079decb90 printerr_reply() has never been used for as long as we've had this code in
our tree (13+ years).  This is an excellent argument for aggressive use
of "static".
2009-09-26 23:05:01 +00:00
des
d38c1275ec Other minor style issues. 2009-09-25 23:03:24 +00:00
des
5c2742e3da Slight style cleanup. 2009-09-25 22:20:30 +00:00
remko
dcd2780b1c Do the first step in removing lukemftpd from the base system. Disconnect
it from the build.

If you are using the FTP daemon, please consider using the port ftp/tnftpd
which is the same FTP server, but newer and might have more/better
functionality.

This results in us providing only one ftp daemon by default.

Reviewed by:	bz
Approved by:	imp (mentor, implicit)
MFC after:	3 days
Silence from:	obrien
2009-09-03 16:34:20 +00:00
kib
a106aba3da Implement RTLD_NOLOAD flag for dlopen(3).
Requested and tested by:	jkim
Reviewed by:	kan
Approved by:	re (kensmith)
2009-07-17 19:45:42 +00:00
kib
a1f78e1642 Only perform .bss mapping and cleaning operations when segment file size
is not equal to its memory size.

This eliminates unneeded clearing of the text segment that often
happens due to text end not being page-aligned.

For instance,
$ readelf -l /lib/libedit.so.6
Program Headers:
  Type           Offset   VirtAddr   PhysAddr   FileSiz MemSiz  Flg Align
  LOAD           0x000000 0x00000000 0x00000000 0x139e1 0x139e1 R E 0x1000
  LOAD           0x014000 0x00014000 0x00014000 0x00f04 0x00f14 RW  0x1000
  DYNAMIC        0x014cc4 0x00014cc4 0x00014cc4 0x000d0 0x000d0 RW  0x4
$ procstat -v $$ (for /bin/sh)
68585 0x28097000 0x280aa000 r-x    6    0  21  14 CN vn /lib/libedit.so.6
68585 0x280aa000 0x280ab000 r-x    1    0   1   0 CN vn /lib/libedit.so.6 <==
68585 0x280ab000 0x280ac000 rwx    1    0   1   0 CN vn /lib/libedit.so.6
Note the splitted map entry marked by '<=='.

Reviewed by:	kan
Approved by:	re (kensmith)
MFC after:	1 month
2009-07-17 19:32:04 +00:00
kan
ef443476d9 Second attempt at eliminating .text relocations in shared libraries
compiled with stack protector.

Use libssp_nonshared library to pull __stack_chk_fail_local symbol into
each library that needs it instead of pulling it from libc. GCC
generates local calls to this function which result in absolute
relocations put into position-independent code segment, making dynamic
loader do extra work every time given shared library is being relocated
and making affected text pages non-shareable.

Reviewed by:        kib
Approved by:        re (kib)
2009-07-14 21:19:13 +00:00
kan
a3faeb1b41 Back out previous revision until better tested fix is ready.
Approved by: re (impliciti, by approving previos check-in)
2009-06-29 01:33:59 +00:00
kan
f780ef8f19 Eliminate .text relocations in shared libraries compiled with stack protector.
Use libssp_nonshared library to pull __stack_chk_fail_local symbol into
each library that needs it instead of pulling it from libc. GCC generates
local calls to this function which result in absolute relocations put into
position-independent code segment, making dynamic loader do extra work everys
time given shared library is being relocated and making affected text pages
non-shareable.

Reviewed by:        kib
Approved by:        re (kensmith)
2009-06-28 23:51:39 +00:00
ed
9400451d81 Fix a typo in the same comment, one line below.
Submitted by:	bf1783 googlemail com
2009-06-23 14:12:49 +00:00
ed
367665ede0 Fix typo in comment.
Submitted by:	Christoph Mallon
2009-06-23 09:50:50 +00:00
kan
51b981d72b Allow order of initialization of loaded shared objects to be
altered through their .init code. This might happen if init
vector calls dlopen on its own and that dlopen causes some not
yet initialized object to be initialized earlier as part of that
dlopened DAG.

Do not reset module reference counts to zero on final fini vector
run when process is exiting. Just add an additional parameter to
force fini vector invocation regardless of current reference count
value if object was not destructed yet. This allows dlclose called
from fini vector to proceed normally instead of failing with handle
validation error.

Reviewed by:	kib
Reported by:	venki kaps
2009-06-20 14:16:41 +00:00
kan
5b73b70b12 FreeBSD returns main object handle from dlopen(NULL, ...) calls.
dlsym seaches using this handle are expected to look for symbol
definitions in all objects loaded at the program start time along
with all objects currently in RTLD_GLOBAL scope.

Discussed with: kib
Reported by:	Maho NAKATA
MFC after:	2 weeks
2009-06-16 16:38:54 +00:00
dfr
954b6f0f3b Increase the size of the static TLS area slightly (required for the NVidia's
OpenGL driver on amd64).
2009-05-27 18:54:31 +00:00
dougb
8af28beff7 Per the man page:
The makekey utility has been deprecated and will be removed in a future
release of FreeBSD.

Actually removing it was approved back on 10/29/2007 by re (kensmith) but
I dropped the ball on actually removing it. It's doubtful that it's become
more relevant/useful in the intervening time.
2009-05-26 00:07:02 +00:00
rwatson
8c6f0d9418 Prefer <sys/param.h> to <machine/param.h> for the definition of
CACHE_LINE_SIZE.

Submitted by:	bde
MFC after:	2 weeks
2009-04-20 10:35:50 +00:00
rwatson
fab10a1822 Explicitly include machine/param.h for CACHE_LINE_SIZE.
MFC after:	2 weeks
2009-04-19 23:03:57 +00:00
rwatson
9d69b9825b Now that the kernel defines CACHE_LINE_SIZE in machine/param.h, use
that definition in the custom locking code for the run-time linker
rather than local definitions.

Pointed out by:	tinderbox
MFC after:	2 weeks
2009-04-19 23:02:50 +00:00
kib
5a12c5d70e Currently, when mapping an object, rtld reserves the whole address space
for the mapping by the object' file with the protection and mode of
the first loadable segment over the whole region. Then, it maps other
segments at the appropriate addresses inside the region.

On amd64, due to default alignment of the segments being 1Gb, the
subsequent segment mappings leave the holes in the region, that usually
contain mapping of the object' file past eof. Such mappings prevent
wiring of the address space, because the pages cannot be faulted in.

Change the way the mapping of the ELF objects is constructed, by first
mapping PROT_NONE anonymous memory over the whole range, and then
mapping the segments of the object over it. Take advantage of this new
order and allocate .bss by changing the protection of the range instead
of remapping.

Note that we cannot simply keep the holes between segments, because
other mappings may be made there. Among other issues, when the dso is
unloaded, rtld unmaps the whole region, deleting unrelated mappings.

The kernel ELF image activator does put the holes between segments, but
this is not critical for now because kernel loads only executable image
and interpreter, both cannot be unloaded. This will be fixed later, if
needed.

Reported and tested by:	Hans Ottevanger <fbsdhackers beasties demon nl>
Suggested and reviewed by:	kan, alc
2009-04-10 10:14:04 +00:00
kib
4ea821c223 Update comment to the reality, rtld supports any number of loadable segments.
Fix spacing.

Reviewed by:	kan
2009-04-10 09:52:42 +00:00
obrien
674fad2600 Move variable externs into extern.h so they are checked against the definitions. 2009-04-07 20:34:34 +00:00
kib
d2fcac0ee2 Allow the NULL, RTLD_SELF and RTLD_NEXT handles to work with dlfunc(3).
dlfunc() called dlsym() to do the work, and dlsym() determines the dso
that originating the call by the return address. Due to this, dlfunc()
operated as if the caller is always the libc.

To fix this, move the dlfunc() to rtld, where it can call the internal
implementation of dlsym, and still correctly fetch return address.
Provide usual weak stub for the symbol from libc for static binaries.
dlfunc is put to FBSD_1.0 symver namespace in the ld.so export to
override dlfunc@FBSD_1.0 weak symbol, exported by libc.

Reported, analyzed and tested by:	Tijl Coosemans <tijl ulyssis org>
PR: standards/133339
Reviewed by:	kan
2009-04-03 19:17:23 +00:00
kib
2b9fbfce36 Document RTLD_NODELETE, -z nodelete and -z origin support. 2009-04-01 14:38:20 +00:00
cognet
b31803623e Use RTF_LLDATA. 2009-03-31 23:02:51 +00:00
kib
566c4f31f1 Implement support for RTLD_NODELETE flag for dlopen() and -z nodelete
static linker option. Do it by incrementing reference count on the loaded
object and its dependencies.

Reviewed by:	davidxu, kan
2009-03-30 08:47:28 +00:00
kib
1552563928 Do not dereference NULL pointer. refobj is NULL for the objects that are
preloaded.

Reported and tested by:	ed
2009-03-28 15:54:08 +00:00