| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some packages that do library tricks like sandbox override the mmap()
symbols. If their implementation ends up calling functions that sandbox
has overridden, then we can easily hit an infinite loop.
sb-fopen -> sb-malloc -> external mmap -> sb-open -> whoops!
So for the internal memory functions, make sure we call directly to the
C library's mmap() functions. This way our internal memory implementation
should be free from external forces.
URL: http://bugs.gentoo.org/290249
Reported-by: Diego E. Pettenò <flameeyes@gentoo.org>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
The commit 0a539b142f24 tried to fix RTLD_NEXT issues seen under certain
kernel/glibc combos, but in reality all it did was force dlopening of the
C library for every symbol lookup. So rewrite the code to handle things
on the fly as needed -- if RTLD_NEXT returned a bum symbol, load the C
library and try again.
URL: http://bugs.gentoo.org/202765
URL: http://bugs.gentoo.org/206678
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Since hardened systems may return -1 in the case of an error, but this
isn't a "real" error, we need to save/restore errno. Otherwise we corrupt
the errno value of the caller. This is a regression on hardened systems
due to the recent commit bab59e2c which optimized symbol loading a bit.
URL: http://bugs.gentoo.org/260765
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Reported-by: Magnus Granberg <zorry@ume.nu>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
| |
If the symbol lookup function failed, then we abort. If the lookup
worked, then errno is not touched. In either case, there is no need to
save/restore the errno value.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
|
| |
It seems that on hardened systems, USE_RTLD_NEXT is not always usable, and
this trips up sandbox.
URL: http://bugs.gentoo.org/206678
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
Signed-off-by: Ned Lud <solar@gentoo.org>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Martin Schlemmer <azarah@gentoo.org>
|
|
|
|
|
|
| |
URL: http://bugs.gentoo.org/135745
Signed-off-by: Martin Schlemmer <azarah@gentoo.org>
Reported-by: Torbjörn Svensson <azoff@se.linux.org>
|
|
|
|
| |
Signed-off-by: Martin Schlemmer <azarah@gentoo.org>
|
|
|
|
| |
Signed-off-by: Martin Schlemmer <azarah@gentoo.org>
|
|
libsbutil.
Signed-off-by: Martin Schlemmer <azarah@gentoo.org>
|