Commit Graph

1984 Commits

Author SHA1 Message Date
ngie
5911324544 Fix a -Wsecurity warning with clang
Phabric: D525 (part of a larger patch)

Reviewed by: jmmv
Approved by: jmmv (co-mentor)
2014-08-04 05:46:10 +00:00
ngie
b396ce44d5 Remove hardcoded path to TESTSDIR (Makefile, ld_library_pathfds.c) at
build time by using atf_tc_get_config_var(tc, "srcdir"))

This will allow end-users to move the binaries to different locations
after they've been built without having to rebuild the binaries with
the new paths

Phabric: D525 (part of a larger patch)

Reviewed by: jmmv
Approved by: jmmv (co-mentor)
2014-08-04 05:45:09 +00:00
delphij
35981fe0b7 Don't save entropy inside jails.
As of r126744, we no longer feed the entropy device in jails upon
start, and collecting them is no longer useful.

PR:		conf/126744
Submitted by:	Eugene Grosbein <eugen grosbein net> (with minor changes)
MFC after:	1 week
Approved by:	so (des)
2014-07-22 06:40:27 +00:00
brooks
ea5a037d1f Replace all uses of libncurses and libtermcap with their wide character
variants.  This allows usable file system images (i.e. those with both a
shell and an editor) to be created with only one copy of the curses library.

Exp-run:	antoine
PR:		189842
Discussed with:	bapt
Sponsored by:	DARPA, AFRL
2014-07-17 18:24:34 +00:00
jmmv
fdb8c1ca62 libpythagoras needs libm.
This fixes "make tinderbox" failures on various architectures when
WITH_TESTS=yes is enabled.  Problem introduced in r267679.
2014-07-16 16:42:58 +00:00
jmmv
c2d032c26e Fix atf-sh's integration_test
With the move of atf-sh into /usr/libexec in r267181, some of the
tests in the integration_test program broke because they could not
execute atf-sh from the path any longer.

This slipped through because I do have a local atf installation in
my home directory that appears in my path, hence the tests could
still execute my own version.

Fix this by forcing /usr/libexec to appear at the beginning of the
path when attempting to execute atf-sh.

To make upgrading easy (and to avoid an unnecessary entry in UPDATING),
make integration_test depend on the Makefile so that a rebuild of the
shell script is triggered.  This requires a hack in the *.test.mk files
to ensure the Makefile is not treated as a source to the generated
program.  Ugly, I know, but I don't have a better way of doing this at
the moment.  Will think of one once I address the TODO in the *.test.mk
files that suggests generalizing the file generation functionality.

PR:		191052
Reviewed by:	Garrett Cooper
2014-07-09 00:55:50 +00:00
marcel
9f28abd980 Remove ia64.
This includes:
o   All directories named *ia64*
o   All files named *ia64*
o   All ia64-specific code guarded by __ia64__
o   All ia64-specific makefile logic
o   Mention of ia64 in comments and documentation

This excludes:
o   Everything under contrib/
o   Everything under crypto/
o   sys/xen/interface
o   sys/sys/elf_common.h

Discussed at: BSDcan
2014-07-07 00:27:09 +00:00
andrew
b9ea3f69fd Align the stack in _rtld_bind_start. Normally this is called with the
correct stack alignment, however when we have a leaf function that uses
thread local storage it calls __aeabi_read_tp to get the thread pointer.
Neither GCC or clang see this as a function call so will align the stack
to a 4-byte boundary. This may be a problem as _rtld_bind expects to be
on an 8-byte boundary.

The solution is to store a copy of the stack pointer and force the
alignment before calling _rtld_bind.

This fixes a problem with armeb where applications would crash in odd ways.
It should also remove the need for a local patch to clang to force the
stack alignment to an 8-byte boundary, even for leaf functions. Further
testing will be needed before reverting this local change to clang as we
may rely on it in other places.

Reviewed by:	jmg@
2014-07-06 10:24:06 +00:00
marcel
365201465e Fix r264346 for ia64. We need to allocate memory for the function
descriptors in order to relocate RTLD itself. To allocate memory,
we need the pagesizes array initialized, but that happens after
RTLD is relocated. This ordering is important for amd64, but it's
opposite of what ia64 needs. Handle this conflict with the define
called RTLD_INIT_PAGESIZES_EARLY. When defined, obtain the page
sizes before relocating rtld, otherwise do it after.
2014-07-02 22:04:12 +00:00
joel
d94b51f5b9 mdoc: remove superfluous paragraph macros. 2014-06-23 18:40:21 +00:00
jonathan
67c7333f64 Test RTLD's new LD_LIBRARY_PATH_FDS variable.
Test LD_LIBRARY_PATH_FDS by linking a binary that requires a shared
library that isn't in any of the usual search paths.  Ensure this fails
when we don't supply LD_LIBRARY_PATH_FDS or we pass invalid information
in it.  Ensure it works when we pass the correct directory in various
places in the variable.

Approved by:	rwatson (mentor)
MFC after:	3 weeks
Sponsored by:	DARPA/AFRL
2014-06-20 17:14:59 +00:00
jonathan
ab3c026499 Add the LD_LIBRARY_PATH_FDS environmental variable.
This variable allows the loading of shared libraries via directory descriptors
rather than via library paths.  If LD_LIBRARY_PATH_FDS=3:4:12, the directories
represented by file descriptors 3, 4 and 12 will searched for shared libraries
before the normal path-based mechanisms are used.  This allows us to execute
unprivileged binaries from within a Capsicum sandbox even if they require
shared libraries.

Approved by:	rwatson (mentor)
Reviewed by:	kib
MFC after:	3 weeks
Sponsored by:	DARPA/AFRL
2014-06-20 17:08:32 +00:00
bapt
c0cd28f928 use .Mt to mark up email addresses consistently (part2)
PR:		191174
Submitted by:	Franco Fichtner  <franco@lastsummer.de>
2014-06-20 09:57:27 +00:00
bdrewery
989e2c6000 In preparation for ASLR [1] support add WITH_PIE to support building with -fPIE.
This is currently an opt-in build flag. Once ASLR support is ready and stable
it should changed to opt-out and be enabled by default along with ASLR.

Each application Makefile uses opt-out to ensure that ASLR will be enabled by
default in new directories when the system is compiled with PIE/ASLR. [2]

Mark known build failures as NO_PIE for now.

The only known runtime failure was rtld.

[1] http://www.bsdcan.org/2014/schedule/events/452.en.html
Submitted by:		Shawn Webb <lattera@gmail.com>
Discussed between:	des@ and Shawn Webb [2]
2014-06-08 17:29:31 +00:00
jmmv
7cc30227c9 Move atf-sh from /usr/bin/ to /usr/libexec/
In r266650, we made libatf-c and libatf-c++ private libraries so that no
components outside of the source tree could unintendedly depend on them.

This change does the same for the "atf-sh library" by moving the atf-sh
interpreter from its public location in /usr/bin/ to the private location
in /usr/libexec/.  Our build system will ensure that our own test programs
use the right binary, but users won't be able to depend on atf-sh by
"mistake".

Committing this now to ride the UPDATING notice added with r267172 today.
2014-06-06 18:58:06 +00:00
imp
0ed032933f When building picobsd, define WITHOUT_OPENSSL and WITHOUT_KERBEROS and
remove the now-redundant checks for RELEASE_CRUNCH. This originally
was defined for building smaller sysinstall images, but was later also
used by picobsd builds for a similar purpose. Now that we've moved
away from sysinstall, picobsd is the only remaining consumer of this
interface. Adding these two options reduces the RELEASE_CRUNCH
special cases in the tree by half.
2014-06-06 04:09:07 +00:00
jmmv
37c4c2e766 Change libatf-c and libatf-c++ to be private libraries.
We should not be leaking these interfaces to the outside world given
that it's much easier for third-party components to use the devel/atf
package from ports.

As a side-effect, we can also drop the ATF pkgconfig and aclocal files
from the base system.  Nothing in the base system needs these, and it
was quite ugly to have to get them installed only so that a few ports
could build.  The offending ports have been fixed to depend on
devel/atf explicitly.

Reviewed by:	bapt
2014-05-25 12:01:13 +00:00
kib
1b73f3761f Right now, the rtld prefork hook locks the rtld bind lock in the read
mode.  This allows the binder to be functional in the child after the
fork (assuming no lazy loading of a filter is needed), but other rtld
services which require write lock on rtld_bind_lock cause deadlock, if
called by child.

Change the _rtld_atfork() to lock the bind lock in write mode, making
the rtld fully functional after the fork.

Pre-resolve the symbols which are called by the libthr' fork()
interposer, since dynamic resolution causes deadlock due to the
rtld_bind_lock already owned in the write mode.

Reported and tested by:	pho
Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
2014-05-24 10:23:06 +00:00
kib
e860f4779d Fix LD_LIBMAP.
The r232862 passed the pointer to end of string to lmc_parse() and free().

Submitted by:	Wolfgang Jenkner <wjenkner@inode.at>
MFC after:	1 week
2014-05-18 17:14:08 +00:00
markj
0315ad1bd3 - Export the function added in r265456 rather than the non-existent
_rtld_debug_postinit(). [1]
- Use __compiler_membar() instead of inline asm in _r_debug_state() and
  _r_debug_postinit(). [2]

Pointy hat to:	markj [1]
Reported by:	attilio [2]
Discussed with:	kib
X-MFC-With:	r265456
2014-05-07 17:21:22 +00:00
markj
0ee8ca39ce Add a postinit debugger hook to rtld. This will be used by dtrace(1) to halt
the victim process before its entry point is called, at which point probes
and DOF data are registered with the kernel. The r_debug_state hook cannot
be used for this purpose, as it is called before the program's init routines
are invoked and in particular before DOF data is registered (via drti.o).

Reviewed by:	kib
MFC after:	2 weeks
2014-05-06 18:07:58 +00:00
imp
2118f42afd Use src.opts.mk in preference to bsd.own.mk except where we need stuff
from the latter.
2014-05-06 04:22:01 +00:00
ghelmer
20f44825db Fix releasing the lock in the parent atrun process after the queue
directory has been processed. Otherwise, a long-running child process
caused other atrun invocations to stall unnecessarily.
2014-04-17 16:00:26 +00:00
kib
031881a3e7 Add dwarf annotations to the amd64 _rtld_bind_start to allow debuggers
to unwind around the calls from PLT to binder.

Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2014-04-14 22:44:50 +00:00
imp
c39e6fc2c9 NO_MAN= has been deprecated in favor of MAN= for some time, go ahead
and finish the job. ncurses is now the only Makefile in the tree that
uses it since it wasn't a simple mechanical change, and will be
addressed in a future commit.
2014-04-13 05:21:56 +00:00
alc
5f3ef7ae53 Before calling mmap() on a shared library's text and data sections, rtld
first calls mmap() with the arguments PROT_NONE and MAP_ANON to reserve a
single, contiguous range of virtual addresses for the entire shared library.
Later, rtld calls mmap() with the the shared library's file descriptor
and the argument MAP_FIXED to place the text and data sections within the
reserved range.  The rationale for mapping shared libraries in this way is
explained in the commit message for Revision 190885.  However, this approach
does have an unintended, negative consequence.  Since the first call to
mmap() specifies MAP_ANON and not the shared library's file descriptor, the
kernel has no idea what alignment the vm object backing the file prefers.
As a result, the reserved range's alignment is unlikely to be the same as
the vm object's, and so mapping with superpages becomes impossible.  To
address this problem, this revision adds the argument MAP_ALIGNED_SUPER to
the first call to mmap() if the text section is larger than the smallest
superpage size.

To determine if the text section is larger than the smallest superpage
size, rtld must always fetch the page size information.  As a result, the
private code for fetching the base page size in rtld's builtin malloc is
redundant.  Eliminate it.  Requested by: kib

Tested by:	zbb (on arm)
Reviewed by:	kib (an earlier version)
Discussed with:	jhb
2014-04-11 16:55:25 +00:00
jmmv
3cbab1b573 Make bsd.test.mk the only public mk fragment for the building of tests.
Change {atf,plain,tap}.test.mk to be internal implementation details of
bsd.test.mk.  Makefiles that build tests should now only include bsd.test.mk
and declaratively specify what they want to build, without worrying about
the internal implementation of the mk files.

The reason for this change is to permit building test programs of different
interfaces from a single directory, which is something I had a need for
while porting tests over from src/tools/regression/.

Additionally, this change makes it possible to perform some other requested
changes to bsd.test.mk in an easier manner.  Coming soon.
2014-03-14 08:56:19 +00:00
des
7a4e017987 Remove lukemftpd. It was disconnected from the build in 2009.
MFC after:	3 days
2014-03-14 08:43:56 +00:00
brueffer
6b6be802e0 Re-format the license to conform to our BSD license template as much
as possible.  This does not change the wording in any way.

Remove the 3rd clause ("advertising clause") of the BSD license as
permitted by the University of Berkeley on July 22, 1999.  While the
clause itself mentions Lawrence Berkeley Laboratory, UCB is the sole
copyright holder of this file.

Reviewed by:	imp, emaste, eadler
MFC after:	2 weeks
2014-03-13 23:31:05 +00:00
jilles
5ad2ce4e5b ttys(5): Pseudo-terminals are not listed and the network keyword is obsolete. 2014-03-09 22:38:11 +00:00
bapt
1951f8498f Rename WITHOUT_DMA into WITHOUT_DMAGENT to avoid confusion
Requested by:	ian
2014-02-22 13:05:23 +00:00
davidxu
d5fd940f42 Increase alignment to size of pointer if the alignment is too small.
Some modules do not align data at least to size of pointer, they uses a
smaller alignment, but our pointer should be aligned to its native
boundary, otherwise on some platforms, hardware alignment checking
will cause bus error.
2014-02-22 11:06:48 +00:00
bapt
dd12a82964 Lower warning level when built with gcc 2014-02-21 14:14:48 +00:00
bapt
2937fd4f1e Enforce mail user and group 2014-02-21 11:06:22 +00:00
bapt
2c1983d484 Add dma-mbox-create forgotten in the previous commit 2014-02-21 09:42:50 +00:00
bapt
44c7fbcbb3 Import Dragonfly Mail Agent into base system
It is a small and lightweight Mail Transport Agent.
It accepts mails from locally installed Mail User Agents (MUA) and delivers the
mails either locally or to a remote destination. Remote delivery includes
several features like TLS/SSL support, SMTP authentication and NULLCLIENT.

Make dma conditional to new WITHOUT_DMA option and make it respect WITHOUT_MAIL

Reviewed by:	peter
Discussed with:	emaste, bz, peter
2014-02-21 07:26:49 +00:00
davidxu
ea93c12602 malloc_aligned() may not leave enough space for pointer to allocated memory,
saving the pointer will overwrite bytes belongs to another memory block
unexpectly, to fix the problem, use (allocated address + sizeof(void *)) as
initial value, and slip to next aligned address, so maximum extra bytes is
sizeof(void *) + align - 1.

Tested by: Andre Albsmeier < mail at ma17 dot ata dot myota dot orgndre >
2014-02-21 03:36:16 +00:00
brueffer
73e4798829 Remove the 3rd clause ("advertising clause") of the BSD license as
permitted by the University of Berkeley on July 22, 1999.

Reviewed by:	imp
MFC after:	1 week
2014-02-17 22:27:32 +00:00
brueffer
932796ca36 Add $FreeBSD$.
MFC after:	1 week
2014-02-17 22:26:21 +00:00
brueffer
f6284841e3 In sgetpwnam(), save and free pw_class like all other char members
of struct passwd.  This fixes spurious "login_getclass: unknown class"
errors.

PR:		186439
Submitted by:	UEMURA Tetsuya <t_uemura at macome.co.jp>
MFC after:	1 week
2014-02-14 12:01:52 +00:00
nwhitehorn
875e23de1f Add a new flag to /etc/ttys: onifconsole. This is equivalent to "on" if the
device is an active kernel console and "off" otherwise. This is designed to
allow serial-booting x86 systems to provide a login prompt on the serial line
by default without providing one on all systems by default.

Comments and suggestions by:	grehan, dteske, jilles
MFC after:	1 month
2014-01-20 18:15:06 +00:00
ed
aee72141a1 Replace LIBGCC by LIBCOMPILER_RT.
We now use libcompiler_rt on all platforms now. Instead of referring
directly to -lgcc and LIBGCC, use -lcompiler_rt and LIBCOMPILER_RT.
2014-01-18 14:22:56 +00:00
kib
ab7bbad691 Cast Elf_Addr to void * to match the free_aligned() argument type.
Found by:	gcc
Sponsored by:	The FreeBSD Foundation
MFC after:	6 days
2013-12-07 15:49:16 +00:00
kib
6d8fd140de For variant II static TLS, properly align tls segments. Pre-calculate
the max required alignment for the static tls segments, and honor it
when carving the pieces for next module, from the static space.  Use
aligned allocator to get properly-aligned dynamic blocks.

Reported by:	dt71@gmx.com
Reviewed by:	kan
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2013-12-06 21:39:45 +00:00
kib
18ee928407 Build an allocator for the aligned memory on top of the rtld-private
malloc.

Reviewed by:	kan
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2013-12-06 21:30:31 +00:00
pjd
1073fb03ac Please welcome casperd daemon. It (and its services) will be responsible for
giving access to functionality that is not available in capability mode
sandbox. The functionality can be precisely restricted.

Start with the following services:
- system.dns - provides API compatible to:
	- gethostbyname(3),
	- gethostbyname2(3),
	- gethostbyaddr(3),
	- getaddrinfo(3),
	- getnameinfo(3),
- system.grp - provides getgrent(3)-compatible API,
- system.pwd - provides getpwent(3)-compatible API,
- system.random - allows to obtain entropy from /dev/random,
- system.sysctl - provides sysctlbyname(3-compatible API.

Sponsored by:	The FreeBSD Foundation
2013-12-02 08:21:28 +00:00
jmmv
a1626fee63 Build and install the atf tests.
Reviewed by:	freebsd-testing
Approved by:	rpaulo (mentor)
2013-11-08 14:33:41 +00:00
jmmv
627bb4f0bd Subsume the functionality of MK_ATF into MK_TESTS.
There is no reason to keep the two knobs separate: if tests are
enabled, the ATF libraries are required; and if tests are disabled,
the ATF libraries are not necessary.  Keeping the two just serves
to complicate the build.

Reviewed by:	freebsd-testing
Approved by:	rpaulo (mentor)
2013-11-08 14:24:47 +00:00
markj
c9136ef9a2 Include rtld itself when iterating over loaded ELF objects in
dl_iterate_phdr(3).

Reviewed by:	kib
2013-11-07 20:45:50 +00:00
glebius
3b6f8b896c Drop support for historic ioctls and also undefine them, so that code
that checks their presence via ifdef, won't use them.

Bump __FreeBSD_version as safety measure.
2013-11-05 10:29:47 +00:00
des
1fb35847da By popular demand, move freebsd-version(1) from /libexec to /bin.
Approved by:	re (gjb)
2013-10-09 20:47:20 +00:00
des
4de78d2f62 Explicitly pass the full path to the input file to sed. This unbreaks
the WITHOUT_BMAKE build.

Approved by:	re (gjb)
2013-10-09 19:37:51 +00:00
des
8984ced46c Introduce the /libexec/freebsd-version script, which is intended to be
used by auditing tools to determine the userland patch level when it
differs from what `uname -r` reports.  This can happen when the system
is kept up-to-date using freebsd-update and the last SA did not touch
the kernel, or when a new kernel has been installed but the system has
not yet rebooted.

Approved by:	re (glebius)
2013-10-07 10:26:38 +00:00
kib
c727c7bc75 Implement support for the interpose dso flag.
Requested by:	bf
Reviewed by:	kan
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Approved by:	re (glebius)
2013-10-07 08:19:30 +00:00
emaste
207f0bc65b Populate .rld_map on MIPS for debuggers
On MIPS the .dynamic section is read-only, so the pointer to rtld
information for debuggers cannot be stored there (in DT_DEBUG).
Instead, a special section .rld_map is used.

Sponsored by:	DARPA, AFRL
Approved by:	re (delphij)
2013-10-02 02:32:58 +00:00
des
b4fc46964b Make the directory mapping functionality, which was previously only
available in 32-bit compatibility mode, unconditional.

Overhaul the man page, which had evolved more by accretion than by design.

Approved by:	re (gjb)
MFC after:	3 weeks
2013-09-21 21:03:52 +00:00
avg
4e6c4b2a36 Revert r253748,253749
This WIP should not have been committed yet.

Pointyhat to:	avg
2013-07-28 18:44:17 +00:00
avg
c8737cbf1c remove needless inclusion of machine/cpu.h in userland
MFC after:	21 days
2013-07-28 18:35:43 +00:00
ghelmer
0ae9c65c0f Add the name of the file that could not be opened to the error message
regarding the failure.

Suggested while working on PR bin/113239.
2013-06-11 18:46:46 +00:00
ghelmer
acb2956b5b Prevent races running the queue by serializing access to the
queue directory.

PR:		bin/113239
2013-06-11 18:43:27 +00:00
joel
05a725b2d7 mdoc sweep. 2013-05-12 22:22:12 +00:00
kib
1d1f555665 Properly terminate the result string for intermediate results, to
allow the final strcpy() to start at the intended place.

Reported and tested by:	pgj
Pointy hat to:	kib
MFC after:	3 days
2013-04-29 21:12:25 +00:00
kib
df68f62846 The origin_subst_one() function limits the length of the string to
PATH_MAX after the token substitution.  This is wrong, because
origin_subst_one() performs the substitution on the whole rpath and
similar strings, which contain several pathes separated by colon.  As
result, long (but correct) rpath consisting of many path elements is
rejected by the function.

Correct the problem by rewriting the origin_subst_one() to perform two
passes, first pass to calculate the number of substitutions to be
performed, and second pass to generate the resulting string.  Second
pass allocates the memory for the result based on the count from the
first pass, without enforcing a limit.

Reported and tested by:	pgj
Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
2013-04-15 20:06:56 +00:00
tijl
1378fd6863 Map libraries linked with -Ttext-segment=base_addr at base_addr.
Normal libraries have base address 0 and are unaffected by this change.

PR:		176216
Submitted by:	Damjan Jovanovic <damjan.jov@gmail.com>
Reviewed by:	kib
MFC after:	1 week
2013-02-27 09:34:09 +00:00
dim
c19ac081a3 Since clang 3.2 now has an option to suppress warnings about implicitly
promoted K&R parameters, remove the workarounds added for sendmail
components in r228558.

MFC after:	1 week
2013-02-16 20:17:31 +00:00
nwhitehorn
c07bb76c81 Avoid use of register variables, which some compilers (e.g. clang)
don't like. It makes the code a little clearer as well.

MFC after:	1 week
2013-02-08 17:44:44 +00:00
glebius
7f832c3059 Retire struct sockaddr_inarp.
Since ARP and routing are separated, "proxy only" entries
don't have any meaning, thus we don't need additional field
in sockaddr to pass SIN_PROXY flag.

New kernel is binary compatible with old tools, since sizes
of sockaddr_inarp and sockaddr_in match, and sa_family are
filled with same value.

The structure declaration is left for compatibility with
third party software, but in tree code no longer use it.

Reviewed by:	ru, andre, net@
2013-01-31 08:55:21 +00:00
marius
a236fc7fcc Mark tftp_log() as __printflike() (which would have caught the bug
fixed in r246106) and deal with the fallout.

MFC after:	2 weeks
2013-01-31 00:02:36 +00:00
sbruno
4a8d6a5695 Remove extra %s from debug statement that ends up crashing tftpd if
debug is set very high (like -d15 in my case).

Obtained from:	Yahoo! Inc
MFC after:      2 weeks
2013-01-30 01:36:04 +00:00
andrew
ce40a2ab5f When building for ARM EABI link against libgcc for the __aeabi_* functions. 2013-01-19 04:34:33 +00:00
antoine
155ea9795f Use correct size in snprintf.
Remove unused buffer.

PR:		174631
Submitted by:	Henning Petersen
MFC after:	1 month
2012-12-25 17:06:05 +00:00
pjd
cd58bea1d9 Use absolute path for /usr/libexec/ld-elf.so.1 symlink.
Requested by:	kan, kib

Use -h flags for chflags, so we won't remove 'schg' flag from system's
/libexec/ld-elf.so.1.

MFC after:	2 weeks
2012-12-04 14:36:01 +00:00
pjd
411b868f8c Do not change entire BINDIR, it might be needed later, just change
symlink target.

MFC after:	2 weeks
2012-12-04 12:51:33 +00:00
pjd
82729d86f3 Change /usr/libexec/ld-elf.so.1 to point at ../../libexec/ld-elf.so.1
instead of /libexec/ld-elf.so.1. Below in the Makefile we execute
'chflags noschg ${DESTDIR}/usr/libexec/ld-elf.so.1', which follows
symlink and removes 'schg' flag from system's /libexec/ld-elf.so.1
instead of the one in DESTDIR. It is also more friendly to use
replative paths in symlink in case of jail/chroot environments.

Obtained from:	WHEEL Systems
MFC after:	2 weeks
2012-12-04 12:39:26 +00:00
jilles
d793145a72 rtld: Fix fd leak with parallel dlopen and fork/exec.
Rtld did not set FD_CLOEXEC on its internal file descriptors; therefore,
such a file descriptor may be passed to a process created by another thread
running in parallel to dlopen() or fdlopen().

No other threads are expected to be running during parsing of the hints
and libmap files but the file descriptors need not be passed to child
processes so add O_CLOEXEC there as well.

This change will break fdlopen() (as used by OpenPAM) on kernels without
F_DUPFD_CLOEXEC (added in July). Note that running new userland on old
kernels is not supported.

Reviewed by:	kib
2012-11-04 21:42:24 +00:00
mjg
cc3711d225 atrun(8): scale default load average limit with the number of CPUs
Previously atrun refused to run jobs if load average was not below fixed limit of 1.5.

PR:		173175
Reviewed by:	peterj
Approved by:	trasz (mentor)
MFC after:	2 weeks
2012-10-30 19:46:00 +00:00
eadler
a603c87b02 Check the return error of set[e][ug]id. While this can never fail in the
current version of FreeBSD, this isn't guarenteed by the API.
Custom security modules, or future implementations of the setuid and
setgid may fail.

Submitted by:	Erik Cederstrand
Approved by:	cperciva
MFC after:	3 days
2012-10-22 03:07:05 +00:00
marcel
8412efbea8 Add ATF to the build. This is may be a bit rought around the egdes,
but committing it helps to get everyone on the same page and makes
sure we make progress.

Tinderbox breakages that are the result of this commit are entirely
the committer's fault -- in other words: buildworld testing on amd64
only.

Credits follow:

Submitted by:	Garrett Cooper <yanegomi@gmail.com>
Sponsored by:	Isilon Systems
Based on work by:	keramida@
Thanks to:	gnn@, mdf@, mlaier@, sjg@
Special thanks to:	keramida@
2012-10-22 01:18:41 +00:00
ed
c23d2a42d7 More -Wmissing-variable-declarations fixes.
In addition to adding missing `static' keywords:
- bin/dd: Pull in `extern.h' to guarantee consistency with source file.
- libexec/rpc.rusersd: Move shared globals into an extern.h.
- libexec/talkd: Move `debug' and `hostname' into extern.h.
- usr.bin/cksum: Put counters in extern.h, as they are used by ckdist/mtree.
- usr.bin/m4: Move `end_result' into extern.h.
- usr.sbin/services_mkdb: Move shared globals into an extern.h.
2012-10-20 10:33:15 +00:00
ed
af31e8843c More -Wmissing-variable-declarations fixes.
In addition to adding `static' where possible:

- bin/date: Move `retval' into extern.h to make it visible to date.c.
- bin/ed: Move globally used variables into ed.h.
- sbin/camcontrol: Move `verbose' into camcontrol.h and fix shadow warnings.
- usr.bin/calendar: Remove unneeded variables.
- usr.bin/chat: Make `line' local instead of global.
- usr.bin/elfdump: Comment out unneeded function.
- usr.bin/rlogin: Use _Noreturn instead of __dead2.
- usr.bin/tset: Pull `Ospeed' into extern.h.
- usr.sbin/mfiutil: Put global variables in mfiutil.h.
- usr.sbin/pkg: Remove unused `os_corres'.
- usr.sbin/quotaon, usr.sbin/repquota: Remove unused `qfname'.
2012-10-19 14:49:42 +00:00
ed
fbb83e78c0 Fix warnings found by -Wmising-variable-declarations.
This self-written compiler warning, which is hopefully going to be
committed into LLVM sources soon, warns about potentially missing
`static' keywords, similar to -Wmissing-prototypes.

- bin/pax: Move external declaration of chdname and s_mask into extern.h.
- bin/setfacl: Move setfacl.c-specific stuff out of setfacl.h.
- sbin/mount_fusefs: Remove char *progname; use getprogname().
- others: add `static' where possible.
2012-10-19 05:43:38 +00:00
jilles
f250e5973c atrun: Do not assume that MAXLOGNAME <= 100.
The reserved space for fmt was exactly sufficient for a two-digit value of
MAXLOGNAME - 1.

PR:		bin/171815
Submitted by:	Jeremy Huddleston Sequoia
MFC after:	1 week
2012-09-26 20:47:39 +00:00
kib
1bcc5f9efe Do not reference z_nodeflib for !objgiven case, thus fixing LD_PRELOAD
for a non-absolute path.

PR:	bin/171604
MFC after:	3 days
2012-09-19 05:11:25 +00:00
eadler
e08a8123c5 Bump date missed in r202756
PR:		docs/171624
Submitted by:	bdrewery
Approved by:	gabor
MFC after:	3 days
2012-09-14 17:50:42 +00:00
dougb
83d50f9dde 1. Use install -d to create the entropy_dir if missing so that we can do it
all in one command, with no permissions race.
2. Simplify the rotation logic by cd'ing into the directory, with a test
   to make sure that it succeeds.
3. Remove any files numbered higher than entropy_save_num. This helps when
   the user reduces the number, and may be useful for other purposes down
   the road.
4. Simplify the rotation logic by first testing the common case (it's a
   regular file) then testing if something else exists with the same name
   using elif. Also switch from using jot to simpler countdown format.
5. Fix logger lines and error messages to be more consistent, and wrap the
   code more consistently in the 80 column range. The "not a regular file"
   error message was mistakenly wrapped entirely in "quotes" which caused
   logger to include line-wrapping whitespace. Change that to wrap only
   the variables in quotes, which is both consistent and works better.
6. Update copyright to reflect the fact that changes were made this year.

Parts of 2-4 were taken from etc/periodic/daily/310.accounting
2012-09-04 16:00:51 +00:00
ed
02dcf28b58 Rework all non-contributed files that use `struct timezone'.
This structure is not part of POSIX. According to POSIX, gettimeofday()
has the following prototype:

	int gettimeofday(struct timeval *restrict tp, void *restrict tzp);

Also, POSIX states that gettimeofday() shall return 0 (as long as tzp is
not used). Remove dead error handling code. Also use NULL for a
nul-pointer instead of integer 0.

While there, change all pieces of code that only use tv_sec to use
time(3), as this provides less overhead.
2012-09-01 14:45:15 +00:00
kan
60b8513247 Do not call process_nodelete with NULL object pointer.
The place where the function is called can be reached if object loading
and relocation fails too, in which case obj pointer will be NULL. Do not
call process_nodelete then, or crash will follow.

Pointy hat to: kan
2012-08-20 23:43:03 +00:00
zeising
95e0d3cd6b Fix two instances of the file names generated by revnetgroup(8).
Approved by:	joel (mentor)
2012-08-18 09:26:51 +00:00
gonzo
2187caf32a Merging of projects/armv6, part 2
Handle TLS for ARMv6 and ARMv7
2012-08-15 03:07:41 +00:00
kan
225422a69d Pospone the DF_1_NODELETE processing until object DAG is fully loaded.
Trying to up the reference from the load loop risks missing dependencies
that have not been loaded yet.

MFC afer: 1 week
Reported by: nox
Reviewd by: kib
2012-08-14 13:28:30 +00:00
andrew
bff18849d0 Ensure we align the stack to 8 bytes in rtld.
This is not strictly required with the current ABI but will be when we
switch to the ARM EABI. The aapcs requires the stack to be 4 byte aligned
at all times and 8 byte aligned when calling a public subroutine where the
current ABI only requires sp to be a multiple of 4.
2012-08-04 05:30:20 +00:00
kan
ba82fcb2d8 Parse notes only after object structure had been allocated.
Reported by: kargl
Reviewed by: kib (sans whitespace)
2012-08-03 17:04:41 +00:00
kib
a78a2e3c36 Import the DragonFly BSD commit 4f0bc915b65fcf5a23214f6d221d65c80be68ad4
by John Marino <draco@marino.st>, with the following (edited) commit
message
Date: Sat, 24 Mar 2012 06:40:50 +0100
Subject: [PATCH 1/1] rtld: Implement DT_RUNPATH and -z nodefaultlib

DT_RUNPATH is incorrectly being considered as an alias of DT_RPATH.  The
purpose of DT_RUNPATH is to have two different types of rpath: one that
can be overridden by the environment variable LD_LIBRARY_PATH and one that
can't.  With the currently implementation, LD_LIBRARY_PATH will always
trump any embedded rpath or runpath tags.

Current path search order by rtld:
==================================
LD_LIBRARY_PATH
DT_RPATH / DT_RUNPATH (always the same)
ldconfig hints file (default: /var/run/ld-elf.so.hints)
/usr/lib

New path search order by rtld:
==============================
DT_RPATH of the calling object if no DT_RUNPATH
DT_RPATH of the main binary if no DT_RUNPATH and binary isn't calling obj
LD_LIBRARY_PATH
DT_RUNPATH
ldconfig hints file
/usr/lib

The new path search matches how the linux runtime loader works.  The other
major added feature is support for linker flag "-z nodefaultlib".  When
this flag is passed to the linker, rtld will skip all references to the
standard library search path ("/usr/lib" in this case but it could handle
more color delimited paths) except in DT_RPATH and DT_RUNPATH.

New path search order by rtld with -z nodefaultlib flag set:
============================================================
DT_RPATH of the calling object if no DT_RUNPATH
DT_RPATH of the main binary if no DT_RUNPATH and binary isn't calling obj
LD_LIBRARY_PATH
DT_RUNPATH
ldconfig hints file (skips all references to /usr/lib)

FreeBSD notes:
- we fixed some bugs which were submitted to DragonFly and merged there
  as commit 1ff8a2bd3eb6e5587174c6a983303ea3a79e0002;
- we added LD_LIBRARY_PATH_RPATH environment variable to switch to
  the previous behaviour of considering DT_RPATH a synonym for DT_RUNPATH;
- the FreeBSD default search path is /lib:/usr/lib and not /usr/lib.

Reviewed by:   kan
MFC after:     1 month
MFC note:      flip the ld_library_path_rpath default value for stable/9
2012-07-15 10:53:48 +00:00
kib
5c55d5df9a Ensure that for the object which is a dependency for some filtee,
relocations are performed before the object's initializer is called.
When dlopen()ing an object, relocate the whole DAG rooted in the
object instead of only relocating the object itself and list of newly
loaded dependencies.

Reversed sequence currently can occur if the same object is a
dependency for both filtee and filter, since filtees are loaded
typically during the relocation processing, when some filter
dependencies might be already loaded but not relocated yet.

Reported and tested by:	swills
Reviewed by:	kan
MFC after:	1 week
2012-06-27 20:24:25 +00:00
kib
0e0ae17971 Eliminate the static buffer used to read the first page of the mapped
object, and eliminate the pread(2) call as well [1]. Mmap the first
page of the object temporaly, and unmap it on error or last use.
Potentially, this leaves one-page gap between succeeding dlopen(3),
but there are other mmap(2) consumers as well.

Fix several cases were the whole mapping of the object leaked on error.

Use MAP_PREFAULT_READ for mmap(2) calls which map real object pages [2].

Insipired by the patch by:	Ian Lepore <freebsd damnhippie dyndns org> [1]
Suggested by:	alc [2]
MFC after:	2 weeks
2012-06-14 11:20:22 +00:00
des
307fcde100 None of these programs actually use auth.conf.
MFC after:	1 week
2012-06-11 16:18:39 +00:00
joel
1e811ebbe3 mdoc: Only use macros inside a reference block. 2012-05-23 20:29:16 +00:00
joel
ae2c00aeef mdoc: fix .Bl -offset. 2012-05-23 20:22:09 +00:00
marcel
f25872b3c3 Properly use LDADD & DPADD to link against libwrap. 2012-05-19 05:10:47 +00:00
bapt
1483e7e7af open the resolved path
fix debug message

Submitted by:	John Marino <draco@marino.st>
Approved by:	des (mentor)
2012-05-05 16:37:14 +00:00