| created | 2018-12-02T20:30:47Z |
|---|---|
| begin | 2018-10-30T00:00:00Z |
| end | 2018-10-31T00:00:00Z |
| path | src/sys |
| commits | 4 |
| date | 2018-10-30T03:27:45Z | |||
|---|---|---|---|---|
| author | deraadt | |||
| files | src/sys/kern/kern_exec.c | log | diff | annotate |
| message |
If we execute a #!shell binary, the shell is an integral part of the binary so it should bypass unveil restrictions. This is similar (but different...) to how the ELF linker (ld.so) is loaded (after unveils get dropped). Discovered in doas, due to more accurate unveil semantics. ok guenther tedu beck |
|||
| date | 2018-10-30T11:08:30Z | |||
|---|---|---|---|---|
| author | kettenis | |||
| files | src/sys/arch/amd64/conf/Makefile.amd64 | log | diff | annotate |
| src/sys/arch/i386/conf/Makefile.i386 | log | diff | annotate | |
| message |
The way we currently generate gap.o using a linker script results in .rodata and .data segments that have the X (executable) flag set when using lld. This doesn't result in those sections being mapped executable in the bsd kernel, but it does result in the X flag being set on those sections in the final kernel binary, which confuses some scanning tools for (ROP) gadgets. Fix this by tweaking the generated gapdummy.c file that is used for building gap.o. It now defines the .rodata section using inline asm. This also fixes .data as it will inherit its flags from .rodata. ok deraadt@, mortimer@ |
|||
| date | 2018-10-30T11:10:03Z | |||
|---|---|---|---|---|
| author | kettenis | |||
| files | src/sys/arch/arm64/conf/Makefile.arm64 | log | diff | annotate |
| src/sys/arch/armv7/conf/Makefile.armv7 | log | diff | annotate | |
| message |
The way we currently generate gap.o using a linker script results in .rodata and .data segments that have the X (executable) flag set when using lld. This doesn't result in those sections being mapped executable in the bsd kernel, but it does result in the X flag being set on those sections in the final kernel binary, which confuses some scanning tools for (ROP) gadgets. Fix this by tweaking the generated gapdummy.c file that is used for building gap.o. It now defines the .rodata section using inline asm. This also fixes .data as it will inherit its flags from .rodata. ok deraadt@, mortimer@ |
|||
| date | 2018-10-30T19:53:51Z | |||
|---|---|---|---|---|
| author | kettenis | |||
| files | src/sys/dev/pci/drm/drm_mipi_dsi.h | log | diff | annotate |
| message |
Replace with minimal version written from scratch that just defines the data structures and function prototypes that we need. The original file doesn't even a suitable license even though the associated drm_mipi_dsi.c file is MIT-licensed. Probably a mistake upstream, but better safe than sorry. ok deraadt@ |
|||