In D9030#222200, @kib wrote:But important point is that new syscall extends kernel ABI, and by its nature, this change is with us forever. If we start consider the approach wrong and better approach emerges, we still must maintain the syscall, due to the backward compatibility guarantees.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed Advanced Search
Advanced Search
Advanced Search
May 15 2017
May 15 2017
May 13 2017
May 13 2017
In D9030#221824, @kib wrote:What is slightly less obvious is how to pass the binary to ld.so, but: ELF format specified a way to run binaries by filedescriptor for long time. Look at the AT_EXECFD aux vector, we still have this code in rtld.c (it might somewhat rotten, but this is easily fixable). Then the standalone-runnable ld.so only needs to grow an option to specify which fd points to the binary, in addition to AT_EXECFD.
- Don't honour setuid/setgid with custom interpreter.
- Don't honour setuid/setgid with custom interpreter.
In D9030#221740, @kib wrote:Let's split two things. I thought that your issue at hand was the conflict between the nature of capability mode disallowing implicit root and absolute lookups, badly interfering with the typical absolute path specification for ELF interpreters.
May 12 2017
May 12 2017
In D9030#221707, @kib wrote:As is, the thing is unbelievable security hole. Unprivileged user can execute suid binary with arbitrary code injected instead of official interpreter. Even for the static suid binary, it seems. Please correct me.
In D9030#221693, @brooks wrote:FWIW, I'm not a fan of the NULL terminated argv and envv arguments as they make argument validation in CheriABI harder, but I mostly think that ship has sailed. If I were to fix it I'd make the syscall a into a __ffexecve() that takes lengths and have ffexecve() be a user space wrapper that counts the lengths of the vectors and passes them down.
May 11 2017
May 11 2017
- Disable ffexecve(2) with non-ELF image activators.
jonathan retitled D9030: Create new fexecve() variant with explicit interpreter from First attempt at a new fexecve() variant that allows the interpreter to be
specified explicitly with a file descriptor. to Create new fexecve() variant with explicit interpreter.
- Merge 'origin/master' into arcpatch-D9030
- Add !have_interp for consistency.
- Rename fldexec to ffexecve.
- Add ffexecve to execve(2) man page.
Mar 29 2017
Mar 29 2017
Some of these questions may not make sense to those thoroughly versed in DTrace, but I'm new in this corner of the world. :)
Mar 17 2017
Mar 17 2017
- Fix MLINKS for fldexec.
Rebase onto -CURRENT
- Remove auto-generated files from diff.
Mar 11 2017
Mar 11 2017
Jan 3 2017
Jan 3 2017
jonathan retitled D9030: Create new fexecve() variant with explicit interpreter from to First attempt at a new fexecve() variant that allows the interpreter to be
specified explicitly with a file descriptor..
Nov 22 2016
Nov 22 2016
usbconfig output is here: http://pastebin.com/iqJix3h2
I think this might address all of the comments properly now?
- New port: devel/llbuild
- Change post-stage to post-install for docs.
- Fix typo: "swift-llbuild", not "switch-llbuild"!
- Add the llbuild binary to the build and plist.
- Fix licensing: use ports' multi-license support.
Nov 10 2016
Nov 10 2016
Nov 5 2016
Nov 5 2016
- Fix typo: "swift-llbuild", not "switch-llbuild"!
- Change post-stage to post-install for docs.
Nov 4 2016
Nov 4 2016
Nov 1 2016
Nov 1 2016
Add rules to build LLVM IR binaries and libraries.
Thanks for the comments: I think I've managed to address them.
- Add {BC,LL}OBJS to bsd.lib.mk's CLEANFILES.
- Remove redundant C++/non-C++ logic.
- Improve whitespace consistency.
Oct 31 2016
Oct 31 2016
jonathan retitled D8397: Add devd rule for Elantech touchscreens. from to Add devd rule for Elantech touchscreens..
jonathan retitled D8388: Add rules to build LLVM IR binaries and libraries. from to Add rules to build LLVM IR binaries and libraries..
Oct 24 2016
Oct 24 2016
The distinction between .bc and .bco was actually purposeful. The next step in the process is to add IR build rules for whole programs, and then we might end up with conflicts between the IR file that's analogous to cp.o and the IR file that's analogous to the cp binary (i.e., the result of llvm-link). So, we used .bco as the bitcode suffix that's analogous to .o (much like .pico is the PIC suffix for .o files).
Oct 20 2016
Oct 20 2016
Add make rules to build LLVM IR from C/C++ sources.
Oct 19 2016
Oct 19 2016
This is a much simpler change after rS307075. How does it look to everyone now?
Oct 12 2016
Oct 12 2016
Looks like a good idea to me. Perhaps it's worthy of a comment explaining why we use abort() within a library? It could contain the same text as at the top of this review, but it might be a slightly surprising thing to discover if you haven't been party to the review.
Rework this change based on rS307075 (suffix rule files).
Extract suffix rules into bsd.suffixes[-posix].mk.
Oct 11 2016
Oct 11 2016
- Merge 'origin/master' into arcpatch-D6805
Oct 7 2016
Oct 7 2016
A fairly cursory look didn't turn up any obvious problems for me, but I would like to take a deeper look over the next few days.
Thanks for responding... sounds like a tough problem until we make the leap to Python 3.
Oct 6 2016
Oct 6 2016
Indeed, I did have that exp-run done:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=210331
Not that we're well clear of code freezes on -CURRENT (and I think that I've addressed @bdrewery's comments), are folks ok with me committing this?
Oct 3 2016
Oct 3 2016
Looks good to me in principle; see inline comment above.
jonathan retitled D8127: Build with GUI enabled by default. from to Build with GUI enabled by default..
Sep 30 2016
Sep 30 2016
Sep 27 2016
Sep 27 2016
Sep 26 2016
Sep 26 2016
jonathan added a reviewer for D8015: Make kern.hostname and friends readable in capability mode: rwatson.
I think that these are all fine to make readable, for the same reason that the hostname is ok: allowing information to "leak" in a way that enables more software to use Capsicum sandboxing is a net win. If we wanted to obscure the host UUID then we should also be hiding anything that could be used to identify the machine, which seems distinctly unhelpful in our overall goal of World Domination (tm).
In D8000#165698, @rwatson wrote:I'm fine with exposing the hostname here -- the goal of Capsicum has always been to be pragmatic about getting software running where it doesn't violate isolation properties. You could argue that this is an information leak and/or might cause problems for deterministic replay-style applications of Capsicum -- but I'd rather we had more code working in a sandboxing. :-)
Sep 22 2016
Sep 22 2016
Switch libpololu-avr port to GitHub sources.
New port: devel/libgrading Library for grading C/C++ assignments
Sep 21 2016
Sep 21 2016
Agreed: this change makes perfect sense to me after rS305756.
- Simplify {BUILD,RUN}_DEPENDS.
- Remove superfluous GH_PROJECT variable.
- Move GitHub details to below LIB_DEPENDS.
- Clean up COMMENT to satisfy portlint -A.
- Change pkg-plist to PLIST_FILES.
Sep 19 2016
Sep 19 2016
I think I'd be more comfortable if the bug fixes were committed separately from the Capsicum changes (making everything easier to upstream?) and if the Capsicum-specific stuff could be refactored out as much as possible to reduce the in-line #ifdef content. In particular, it would be nice if there could be struct sandbox or the like to capture all of the additional state required by Capsicum, and the contents of that structure could be different on FreeBSD, OpenBSD, etc. If there were a function called start_sandbox(struct sandbox *sbp) or the like, possibly together with a set_flags(int fd, struct sandbox *) or something, it would allow a nice, fair comparison between the Capsicum and Pledge LoC.
In D7773#164148, @cem wrote:I'm not a fan of introducing additional forks into otherwise straightforward programs. I think we might introduce more bugs that way than we mitigate with capsicum. I'd rather just allocate a list or array and preopen all inputs.
Updated port to Fix All The Things (TM)
- Remove PREFIX hack from libpolou-avr.
- Add RUN_DEPENDS to libpololu-avr.
Sep 13 2016
Sep 13 2016
jonathan retitled D7879: Switch libpololu-avr port to GitHub sources. from to Switch libpololu-avr port to GitHub sources..
Sep 1 2016
Sep 1 2016
jonathan edited this Badge.
Works for me.
Aug 26 2016
Aug 26 2016
Works for me with a variant of 11-STABLE when I use nvidia-modeset. If I just try to use kldload nvidia by itself, however, I get strange artifacts and no visible X.
Jul 28 2016
Jul 28 2016
Address @mjg 's point about EPERM.
- MFC r303406
- Treat EPERM slightly less specially.
Jul 27 2016
Jul 27 2016
Remove `Requires.private: zlib` on FreeBSD <10.
This seems to have been obviated by rS303274.
Jul 22 2016
Jul 22 2016
Of course, if we wanted to ignore the --no-fatal-warnings flag altogether, we could just do:
jonathan retitled D7291: Allow suppression of --no-fatal-warnings. from to Allow suppression of --no-fatal-warnings..
Jul 19 2016
Jul 19 2016
- switch to Makefile-based patching with OSVERSION
Jun 17 2016
Jun 17 2016
jonathan retitled D6883: Add x11 and xcb to redshift's USE_XORG. from to Add x11 and xcb to redshift's USE_XORG..
- Extract suffix rules into bsd.suffixes[-posix].mk.
- Add bsd.suffixes[-posix].mk to share/mk/Makefile.
- Don't clear suffix rules in bsd.lib.mk.
Jun 16 2016
Jun 16 2016
- Move .SUFFIXES definitions into suffix rule files, too.
Thanks, I've added those to share/mk/Makefile and will request an exp-run.
- Add bsd.suffixes[-posix].mk to share/mk/Makefile.
Jun 11 2016
Jun 11 2016
jonathan retitled D6805: Extract suffix rules into bsd.suffixes[-posix].mk. from to Extract suffix rules into bsd.suffixes[-posix].mk..
Jun 8 2016
Jun 8 2016
- Generalize the metadata we can look for.
- Don't output None attributes.
- Normalize paths.
- Give re-definitions a different shape from definitions.
- Add more filename sanitizing.
- Add flags to filter singletons and unconnected components.
- Print the total number of files being parsed.
May 31 2016
May 31 2016
jonathan retitled D6664: Allow rc.initdiskless to find configuration in subdirectories. from to Allow rc.initdiskless to find configuration in subdirectories..
May 28 2016
May 28 2016
jonathan abandoned D5547: Fix shebang lines in DTrace Toolkit scripts.
Perl, on FreeBSD, is no longer found at /usr/bin/perl. This commit fixes
three shebang lines from the DTrace Toolkit to use /usr/bin/env instead..
Obviated by rS300226.
jonathan retitled D6616: Add script to parse makefile include graph. from to Add script to parse makefile include graph..
May 15 2016
May 15 2016