the environment rather than simply turning into posix_spawn() in that case.
Also, we cannot use strtok() to parse PATH, the semantics don't fit the API.
Borrow the guts of execvp for the PATH search.
We still simply check for a file with 'x' permission, and assume that one
will do, whatever it is, which isn't really correct, but ...
Still being discussed in tech-userlevel. If we wait any longer someone
is going to try the excuse that the discussion is entirely pointless, since
removing symbols is too hard.
Posted to tech-userlevel@ a week ago and reviewed by riastradh@.
GETENTROPY(3) Library Functions Manual GETENTROPY(3)
NAME
getentropy - fill a buffer with high quality random data
LIBRARY
Standard C Library (libc, -lc)
SYNOPSIS
#include <unistd.h>
int
getentropy(void *buf, size_t buflen);
DESCRIPTION
The getentropy() function fills a buffer with high quality random data,
suitable for seeding cryptographically secure psuedorandom number
generators.
getentropy() is only intended for seeding random number generators and is
not intended for use by regular code which simply needs secure random
data. For this purpose, please use arc4random(3).
The maximum value for buflen is 256 bytes.
IMPLEMENTATION NOTES
getentropy() reads from the sysctl(7) variable kern.arandom.
RETURN VALUES
The getentropy() function returns 0 on success, and -1 if an error
occurred.
ERRORS
getentropy() will succeed unless:
[EFAULT] The buf argument points to an invalid memory address.
[EIO] Too many bytes were requested.
SEE ALSO
arc4random(3), rnd(4)
STANDARDS
The getentropy() function is non-standard.
HISTORY
The getentropy() function first appeared in OpenBSD 5.6, then in
FreeBSD 12.0, and NetBSD 10.
rtld and libc use different storage, so the initial version would
incorrectly report the failure reason for fork().
There is still a small race condition inside ld.elf_so as it doesn't use
thread-safe errno internally, but that's a more contained internal
issue.
in a consistent state. This most importantly avoids races between dlopen
and friends and fork, potentially resulting in dead locks in the child
when it itself tries to acquire locks.
This avoid bootstrapping malloc too early when libc+libpthread are not
ready. It is called through pthread__init() -> _pthread_atfork().
This also helps LLVM Leak Sanitizer to pacify false positive reports.
_SC_SEM_NSEMS_MAX. Report no limit for getconf(3). The ressource is
naturally limited by the backing file descriptor, so no separate limit
is necessary. Keep the accounting for debugging as it is part of the
sysctl ABI exposed by the kernel.
gcc 8 -Wstringop-overflow is uhappy when the specified bounds depend
on the length of the source and is not smart enough to see the check
we do. Besides we don't want the padding effect of strncpy() here.
Define _REENTRANT for MKSANITIZER build. This is needed for at least stdio
code. This caused new build issued with duplicated symbols in few places
and rump kernel code picking different code paths borrowed from libc.
Handle all this in one go.
Add bsd.sanitizer.mk to share common code used by programs and libraries.
Switch from realall to beforeinstall target in .syms files. This is more
reliable in MKSANITIZER.
(Unclear why they were different, it was only the comments that
differed)
Add a comment describing why the generic version works for both 80-bit
and 128-bit double.
When auto scaling, and the buffer is bigger than big enough
for the biggest possible number, don't try and calculate
the max value that will fit in the buffer - that calc
will overflow (guaranteed) and is useless, the value
we're formatting cannot possibly be bigger. So simply
use the unscaled value (the raw number).
While here, also avoid returning values that are larger
than the buffer len ... while it would be nice to be able
to find out how big the buffer should be so the data will
fit, the interface doesn't really allow that (the buffer
length passed in controls the scaling - at least when
auto scaling) and the code already does "return -1" when
it detects the buffer length is too small, even before
it works out how much would have been needed. So, rather
than returning a value > len (while truncating the result
to fit in len ... all courtesy of snprintf()) return -1
in this case as well.
Also, allow suffix==NULL (meaning "") - there's no reason
not to, and requiring users to pass in an explicit "" is
not useful.
there is no need to copy the path into the output buffer, it is already
there....
All this has to change to become compat with a forthcoming POSIX update.
Do not change the signedness bit with a left shift operation.
Cast to unsigned integer to prevent this.
ftok.c:56:10, left shift of 123456789 by 24 places cannot be represented in type 'int'
ftok.c:56:10, left shift of 4160 by 24 places cannot be represented in type 'int'
Detected with micro-UBSan in the user mode.
"Include namespace.h in a few of libc source files
[...]
This change finishes elimination of usage of the global name of the
following symbols:
- close -> _close
- execve -> _execve
- fcntl -> _fcntl
- setcontext -> _setcontext
- wait6 -> _wait6
- write -> _write
- writev -> _writev"
"Register more syscalls in namespace.h (of libc)
Add weak symbols for:
- fcntl
- close
- execve
- setcontext
- wait6
- write
- writev"
These changes broke:
fs/nfs/t_rquotad:get_nfs_be_1_both
fs/nfs/t_rquotad:get_nfs_be_1_group
fs/nfs/t_rquotad:get_nfs_be_1_user
fs/nfs/t_rquotad:get_nfs_le_1_both
fs/nfs/t_rquotad:get_nfs_le_1_group
fs/nfs/t_rquotad:get_nfs_le_1_user
lib/librumphijack/t_config:fdoff
lib/librumphijack/t_tcpip:http
lib/librumphijack/t_tcpip:nfs
lib/librumphijack/t_vfs:cpcopy
lib/librumphijack/t_vfs:mv_x
lib/librumphijack/t_vfs:paxcopy
net/net/t_forwarding:ipforwarding_fastforward_v4
net/net/t_forwarding:ipforwarding_fastforward_v6
net/net/t_forwarding:ipforwarding_fragment_v4
net/net/t_forwarding:ipforwarding_misc
net/net/t_mtudisc6:mtudisc6_basic
This revert fixes the failures, except lib/librumphijack/t_vfs.
The original changes were added in order to facilitate a usage of
sanitizers against programs linked with NetBSD's libc. It is no longer
needed, so abandon these changes.
Sponsored by <The NetBSD Foundation>
The NetBSD Standard C Library uses internally some of its functions with
a mangled symbol name, usually "_symbol". The internal functions shall not
use the global (public) symbols.
This change finishes elimination of usage of the global name of the
following symbols:
- close -> _close
- execve -> _execve
- fcntl -> _fcntl
- setcontext -> _setcontext
- wait6 -> _wait6
- write -> _write
- writev -> _writev
Sponsored by <The NetBSD Foundation>
The NetBSD Standard C Library uses internally some of its functions with
a mangled symbol name, usually "_symbol". The internal functions shall not
use the global (public) symbols.
This change eliminates usage of the global changes of the following symbols:
- strlcat -> _strlcat
- sysconf -> __sysconf
- closedir -> _closedir
- fparseln -> _fparseln
- kill -> _kill
- mkstemp -> _mkstemp
- reallocarr -> _reallocarr
- strcasecmp -> _strcasecmp
- strncasecmp -> _strncasecmp
- strptime -> _strptime
- strtok_r -> _strtok_r
- sysctl -> _sysctl
- dlopen -> __dlopen
- dlclose -> __dlclose
- dlsym -> __dlsym
Sponsored by <The NetBSD Foundation>
Remove rest of the names from the NAME section
(These names have their own individual man pages, as such it doesn't make sense
to have their names in the NAME section in this man page as well. Moreover,
we have been trying to fix such man pages so that apropos(1)/whatis(1) are
able to search these man pages. Other examples of such fixed man pages include
memory(3), string(3) etc.)
ok wiz@
Improve clarity of devname(3) mentioning that it returns a pointer to the
buffer pointer. This approach is not thread-safe and not reentrant.
Not that devname(3) does not set errno on failure and document it as a bug.
We used -DSMALL to exclude code from libc in order to build
libhack. Introduce -DLIBHACK to do this without so that
-DSMALL does not remove code necessary for building a shared libc
This as discussed on current-users in the thread
entitled:
Proposal: new libc/libutil functions to map SIGXXXX <-> "XXXX"
that can be found (starting at):
http://mail-index.netbsd.org/current-users/2017/04/28/msg031600.html
These functions provide the mechanism to enable applications
to divorce themselves from internal details of the signal
implementation.
Libc minor bumped, prototypes in <signal.h>, sets lists updated (and sorted).
One and all: feel free to improve the sources & man page (etc), but
please do not change the function signatures without discussion.
syslog(3) is the one stop method of logging system events and diagnostics.
When debugging a daemon in the foreground on a terminal, each line is
prefixed with tag[pid]: which is very repetative and can take up valuable
screen estate.
LOG_PTRIM solves this by removing this prefix from stderr output.
There is also the case where the debugging could involve a dry-run and
syslog(3) calls would pollute the system log with incorrect data.
LOG_NLOG solves this by not writing the the system log, but allowing
LOG_PERROR to operate as before.
Initially discussed here:
https://mail-index.netbsd.org/tech-userlevel/2016/10/06/msg010330.html