We only need to ensure that there are no concurrent modifications to
the rtld data structures in flight, since the threads that began
those modifications will not exist in the child and will therefore be
unable to complete them in the child.
A shared lock suffices to ensure there are no such concurrent
modifications in flight; an exclusive lock is not necessary, and can
cause deadlock if fork is executed from a signal handler, which is
explicitly allowed by POSIX (and our own sigaction(2) man page) which
marks fork as async-signal-safe.
PR lib/56979
Usefull when running multiple instances and some for (high traffic)
APIs e.g. to receive log data from appliences - it makes not sense
to duplicate the whole log in the xferlog file (but we can't configure
that at the syslog level due to other httpd instances using that).
(Move initialization of the slc table earlier so it doesn't get
accessed before that happens.)
Calling the crash a DoS or security problem is a bit overwrought; it's
just a bug.
allow conditionally disabling the building of certain user space
programs in the 'base' set.
There is not enough consensus that this is the right way and a few
people had strong objections, see source-changes-d@.
right value if they're called before _start. This is true of bash where
it provides its own getenv.
Part of port-hppa/56118: sporadic app crashes in HPPA -current
NetBSD-SA2016-006 included an incomplete fix for CVE-2016-6253,
a local privilege escalation vulnerability in mail.local(8).
mail.local(8) attempts to open(2) a user's existing mailbox file
to append to it. If that call fails, mail.local(8) will then issue
a second open(2) call to create the file (O_CREAT).
An attacker had the opportunity to create the file in question (as
a symlink, or link to some other file) in between these two open(2) calls.
Fix this by using O_EXCL in the 2nd open call, if the file exists when
that one happens, something is going wrong, so just abort. Also, only
attempt that 2nd open if the reason the first failed was that the file
did not exist (this doesn't fix the issue, but it potentially saves
some cycles).
Thanks to Jan Schaumann for bringing this to our attention.
These are basic CAS-based locking primitives needing release and
acquire semantics, nothing fancy here -- except the membar_sync parts
which are questionable but not relevant to the present audit.
support for indirect functions was added. This fixes {init,fini}_array support
on hppa where each member of the array is (already) a plabel.
Discussed with joerg.
4 files changed, 29 insertions(+), 39 deletions(-)
: ----------------------------------------------------------------------
This (apparently very old!) workaround to ensure that DTR stays down long
enough to be detected is now handled by serial drivers themselves. For
console devices (framebuffer, serial console, etc) this was an unnecessary
2 second penalty that we have all been paying since the beginning of time.
mostly from sunil@nimmagadda.net in PR#55830, though i moved the
member into the main http structure, so that it doesn't trigger
sslinfo being allocated via command line without the rest of the
ssl being setup (which then leads to crashes.)
skrll