about summary refs log tree commit diff
Commit message (Collapse)AuthorAgeFilesLines
* add setxid.c for new set*id() framework. missed in last commit.Rich Felker2011-07-291-0/+49
|
* new attempt at making set*id() safe and robustRich Felker2011-07-2913-130/+130
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | changing credentials in a multi-threaded program is extremely difficult on linux because it requires synchronizing the change between all threads, which have their own thread-local credentials on the kernel side. this is further complicated by the fact that changing the real uid can fail due to exceeding RLIMIT_NPROC, making it possible that the syscall will succeed in some threads but fail in others. the old __rsyscall approach being replaced was robust in that it would report failure if any one thread failed, but in this case, the program would be left in an inconsistent state where individual threads might have different uid. (this was not as bad as glibc, which would sometimes even fail to report the failure entirely!) the new approach being committed refuses to change real user id when it cannot temporarily set the rlimit to infinity. this is completely POSIX conformant since POSIX does not require an implementation to allow real-user-id changes for non-privileged processes whatsoever. still, setting the real uid can fail due to memory allocation in the kernel, but this can only happen if there is not already a cached object for the target user. thus, we forcibly serialize the syscalls attempts, and fail the entire operation on the first failure. this *should* lead to an all-or-nothing success/failure result, but it's still fragile and highly dependent on kernel developers not breaking things worse than they're already broken. ideally linux will eventually add a CLONE_USERCRED flag that would give POSIX conformant credential changes without any hacks from userspace, and all of this code would become redundant and could be removed ~10 years down the line when everyone has abandoned the old broken kernels. i'm not holding my breath...
* remove ugly prng from mk*temp and just re-poll time on retryRich Felker2011-07-281-6/+5
|
* eliminate mk*temp dependency on snprintfRich Felker2011-07-281-3/+4
| | | | | this helps some tiny programs be even more tiny, and barly increases code size even if both are used.
* fix for setenv bogus var argument handlingRich Felker2011-07-281-1/+1
| | | | | | | | | | | thanks to mikachu per POSIX: The setenv() function shall fail if: [EINVAL] The name argument is a null pointer, points to an empty string, or points to a string containing an '=' character.
* when resolving symbols with only weak defs, use first def, not last defRich Felker2011-07-251-0/+1
|
* comment non-obvious de bruijn sequence code in int parserRich Felker2011-07-251-0/+2
|
* fix resolution of weak symbols (hopefully right now) and vdsoRich Felker2011-07-241-3/+9
|
* workaround for gcc's optimizer breaking dynamic symbol resolutionRich Felker2011-07-241-1/+2
|
* load vdso, if present, into the dso listRich Felker2011-07-241-2/+31
|
* const correctness on function pointerRich Felker2011-07-241-1/+1
|
* simplify dynamic linker startupRich Felker2011-07-241-23/+17
| | | | | | instead of creating temp dso objects on the stack and moving them to the heap if dlopen/dlsym are used, use static objects to begin with, and just donate them to malloc if we no longer need them.
* some preliminaries for vdso clock supportRich Felker2011-07-233-7/+35
| | | | | | | | these changes also make it so clock_gettime(CLOCK_REALTIME, &ts) works even on pre-2.6 kernels, emulated via the gettimeofday syscall. there is no cost for the fallback check, as it falls under the error case that already must be checked for storing the error code in errno, but which would normally be hidden inside __syscall_ret.
* check for fd exhaustion in forkptyRich Felker2011-07-221-2/+15
| | | | | | | we cannot report failure after forking, so the idea is to ensure prior to fork that fd 0,1,2 exist. this will prevent dup2 from possibly hitting a resource limit and failing in the child process. fcntl rather than dup2 is used prior to forking to avoid race conditions.
* incorrect check for open failure in openpty functionRich Felker2011-07-221-1/+1
| | | | -1, not 0, indicates failure
* socket headers macro adjustment - workaround for buggy programsRich Felker2011-07-212-2/+2
| | | | some program was undefining AF_NETLINK and thereby breaking AF_ROUTE...
* fix errno value when fdopendir is given an invalid file descriptorRich Felker2011-07-211-1/+4
| | | | this resolves an issue reported by Vasiliy Kulikov
* ensure in fork that child gets its own new robust mutex listRich Felker2011-07-161-0/+1
|
* fix logic error in freadRich Felker2011-07-161-6/+1
| | | | | | | | fread was calling f->read without checking that the file was in reading mode. this could: 1. crash, if f->read was a null pointer 2. cause unwanted blocking on a terminal already at eof 3. allow reading on a write-only file
* fix various bugs in new integer parser frameworkRich Felker2011-07-145-10/+15
| | | | | | | | | | 1. my interpretation of subject sequence definition was wrong. adjust parser to conform to the standard. 2. some code for handling tail overflow case was missing (forgot to finish writing it). 3. typo (= instead of ==) caused ERANGE to wrongly behave like EINVAL
* fix wcsto[iu]max with high charactersRich Felker2011-07-142-4/+2
| | | | | | | | stopping without letting the parser see a stop character prevented getting a result. so treat all high chars as the null character and pass them into the parser. also eliminated ugly tmp var using compound literals.
* new restartable integer parsing framework.Rich Felker2011-07-146-156/+197
| | | | | | | | | this fixes a number of bugs in integer parsing due to lazy haphazard wrapping, as well as some misinterpretations of the standard. the new parser is able to work character-at-a-time or on whole strings, making it easy to support the wide functions without unbounded space for conversion. it will also be possible to update scanf to use the new parser.
* gb18030 support in iconv (only from, not to)Rich Felker2011-07-122-2/+1887
| | | | | also support (and restrict to subsets) older chinese sets, and explicitly refuse to convert to cjk (since there's no code for it yet)
* "implement" getnetbyaddr and getnetbynameRich Felker2011-07-121-0/+12
| | | | | these are useless legacy functions but some old software contains cruft that expects them to exist...
* legacy japanese charset support in iconv (only from, not to)Rich Felker2011-07-122-0/+597
|
* simplify iconv and support more legacy codepagesRich Felker2011-07-123-352/+331
|
* add missing signalfd flagsRich Felker2011-07-091-0/+3
|
* printf: "if a precision is specified, the '0' flag shall be ignored."Rich Felker2011-07-041-1/+1
|
* zero precision with zero value should not inhibit prefix/width printingRich Felker2011-07-041-1/+4
|
* printf("%#x",0) should print 0 not 0x0Rich Felker2011-07-041-1/+1
|
* iconv was not returning -1 on most failureRich Felker2011-07-031-0/+2
| | | | | this broke most uses of iconv in real-world programs, especially glib's iconv wrappers.
* 0.7.12 release notes v0.7.12Rich Felker2011-07-031-0/+16
|
* fix dlopen UB due to longjmp/volatile rules violationRich Felker2011-07-011-1/+1
|
* res_search symbol, aliased to res_query for now (better than nothing)Rich Felker2011-06-301-0/+3
|
* simple rpath support (no token expansion yet) for dynamic linkerRich Felker2011-06-301-2/+8
|
* fill in junk in stropts.hRich Felker2011-06-301-1/+123
| | | | | | STREAMS are utterly useless as far as I can tell, but some software was apparently broken by the presence of stropts.h but lack of macros it's supposed to define...
* fix error in previous ld80 fpclassify commitRich Felker2011-06-301-1/+1
|
* catch invalid ld80 bit patterns and treat them as nanRich Felker2011-06-301-2/+2
| | | | | | | this should not be necessary - the invalid bit patterns cannot be created except through type punning. however, some broken gnu software is passing them to printf and triggering dangerous stack-smashing, so let's catch them anyway...
* fix logic in __fwritingRich Felker2011-06-301-1/+1
|
* add and consolidate nasty stdio_ext junkRich Felker2011-06-304-17/+84
| | | | | hopefully this resolves the rest of the issues with hideously nonportable hacks in programs that use gnulib.
* implement the nonstandard GNU function fpurgeRich Felker2011-06-302-0/+12
| | | | | | this is a really ugly and backwards function, but its presence will prevent lots of broken gnulib software from trying to define its own version of fpurge and thereby failing to build or worse.
* fix buffer overrun in getgrent code when there are no group membersRich Felker2011-06-301-4/+8
|
* posix_memalign should fail if size is not a multiple of sizeof(void *)Rich Felker2011-06-291-1/+1
|
* avoid errors in ucontext.h when no feature test macros are definedRich Felker2011-06-291-3/+5
|
* locking support for random() prngRich Felker2011-06-291-7/+28
| | | | | | these interfaces are required to be thread-safe even though they are not state-free. the random number sequence is shared across all threads.
* work around linux bug in mprotectRich Felker2011-06-291-1/+5
| | | | | | | | | | | per POSIX: The mprotect() function shall change the access protections to be that specified by prot for those whole pages containing any part of the address space of the process starting at address addr and continuing for len bytes. on the other hand, linux mprotect fails with EINVAL if the base address and/or length is not page-aligned, so we have to align them before making the syscall.
* textrel support, cheap and uglyRich Felker2011-06-291-0/+5
|
* release notes for 0.7.11 v0.7.11Rich Felker2011-06-281-0/+22
|
* reclaim the memory wasted by dynamic linking for use by mallocRich Felker2011-06-281-0/+39
|
* use type directives for fenv asm functionsRich Felker2011-06-282-0/+14
|