a78ff3f4f3
channel to a zygote process, rather than sending a function pointer or service pointer. This avoids transfering pointers between address spaces, which while robust in this case (due to the zygote being forked() from the parent) is not generally a good idea, especially in the presence of increasingly popular control-flow integrity and pointer protection mitigation schemes. With this change, ping(8) and other sandboxed tools using libcasper for DNS resolution now work on architectures with tagged memory again. Reviewed by: oshogbo MFC after: 1 week Sponsored by: DARPA, AFRL |
||
---|---|---|
.. | ||
libcasper | ||
services | ||
Makefile | ||
Makefile.inc |