While here, don't make too much use of one random value, and call
arc4random() directly. Allows for the removal of 'ep_random' from the
exec_package.
Prompted by and okay christos@.
For regular (non PIE) executables randomization is enabled for:
1. The data segment
2. The stack
For PIE executables(*) randomization is enabled for:
1. The program itself
2. All shared libraries
3. The data segment
4. The stack
(*) To generate a PIE executable:
- compile everything with -fPIC
- link with -shared-libgcc -Wl,-pie
This feature is experimental, and might change. To use selectively add
options PAX_ASLR=0
in your kernel.
Currently we are using 12 bits for the stack, program, and data segment and
16 or 24 bits for mmap, depending on __LP64__.
- the code to convert from a vnode to a path is commented out now until
a better solution is implemented. Only absolute paths work for now
(which is most of the cases).
requested by core
The general trend is to remove it from all kernel interfaces and
this is a start. In case the calling lwp is desired, curlwp should
be used.
quick consensus on tech-kern
avoid wasting OS flag bits. In the future we'll probably use fileassoc to
achieve this (once there is a way to make fileassoc persistent) or in the
shorter term libelf, so that we can add and remove the note on demand instead
of burning bits on each binary. Of course since this is a tool, this means
that we'll need to think about how to handle libelf...
avoid having to allocate space in the 'stackgap'
- which is very LWP unfriendly.
The additional code for non-emulation namei() is trivial, the reduction for
the emulations is massive.
The vnode for a processes emulation root is saved in the cwdi structure
during process exec.
If the emulation root the TRYEMULROOT flag are set, namei() will do an initial
search for absolute pathnames in the emulation root, if that fails it will
retry from the normal root.
".." at the emulation root will always go to the real root, even in the middle
of paths and when expanding symlinks.
Absolute symlinks found using absolute paths in the emulation root will be
relative to the emulation root (so /usr/lib/xxx.so -> /lib/xxx.so links
inside the emulation root don't need changing).
If the root of the emulation would be returned (for an emulation lookup), then
the real root is returned instead (matching the behaviour of emul_lookup,
but being a cheap comparison here) so that programs that scan "../.."
looking for the root dircetory don't loop forever.
The target for symbolic links is no longer mangled (it used to get the
CHECK_ALT_xxx() treatment, so could get /emul/xxx prepended).
CHECK_ALT_xxx() are no more. Most of the change is deleting them, and adding
TRYEMULROOT to the flags to NDINIT().
A lot of the emulation system call stubs could now be deleted.
COMPAT_16 and earlier that results in a current shared linker running at
address 0 (and thus allows NULL pointer derefs to work).
As noted by Matthias Drochner, this "fix" just checks the first psection
and not the first loadable psection. This isn't a problem with the
binutils up to now, but might be in the future.
* For sparc64 and amd64, define *SIZ32 VM constants.
* Add a new function pointer to struct emul, pointing at a function
that will return the default VM map address. The default function
is uvm_map_defaultaddr, which just uses the VM_DEFAULT_ADDRESS
macro. This gives emulations control over the default map address,
and allows things to be mapped at the right address (in 32bit range)
for COMPAT_NETBSD32.
* Add code to adjust the data and stack limits when a COMPAT_NETBSD32
or COMPAT_SVR4_32 binary is executed.
* Don't use USRSTACK in kern_resource.c, use p_vmspace->vm_minsaddr
instead (emulations might have set it differently)
* Since this changes struct emul, bump kernel version to 3.99.2
Tested on amd64, compile-tested on sparc64.
section headers. We only allocate memory for those headers on compat_linux
and compat_ibcs2 while we probe, and although 32K is not such a big number,
we could fix the code in those two places to read section-by-section instead
of all the sections at once as it does now, if we really felt like it.
-obey ELF_LINK_ADDR in ELF_load_file()
-set ELF_LINK_ADDR in the probe() function if needed
-make ELF_NULL_ADDR the default, so that probe() functions dont need
to set it explicitely
-allocate buffer for interpreter name only if needed
be inserted into ktrace records. The general change has been to replace
"struct proc *" with "struct lwp *" in various function prototypes, pass
the lwp through and use l_proc to get the process pointer when needed.
Bump the kernel rev up to 1.6V
this alignment would have been backward into the dataspace covered by
MAXDSIZ. Now the alignment is done forward. XXX It is expected that
in the TOPDOWN case, VM_DEFAULT_ADDRESS will make sure any address it
returns has the proper alignment for that architecure.
psection alignment. XXX If the psection alignment is greater than the page
alignment, extra pages may be mapped that will never be needed. This is
inefficient and wasteful of swap space and needs to be fixed.
VM_DEFAULT_ADDRESS from elf*_makecmds to elf*_load_file. In load_file,
actually determine ahead of time how much space will be needed and pass
that to VM_DEFAULT_ADDRESS. Now we have a relatistic starting address
so we can do the loading of psections normally with no extra topdown
code in load_psection. Also, if there is a gap in betweeen psections
zero map an inaccessible region between (just like ld.elf_so does) to
avoid inadvertant mmaps in the gap.
yamt