summaryrefslogtreecommitdiff
path: root/src/env
AgeCommit message (Collapse)AuthorLines
2012-08-25ensure canary is setup if stack-prot libs are dlopen'd into non-ssp appRich Felker-1/+2
previously, this usage could lead to a crash if the thread pointer was still uninitialized, and otherwise would just cause the canary to be zero (less secure).
2012-07-27save AT_HWCAP from auxv for subsequent use in machine-specific codeRich Felker-0/+1
it's expected that this will be needed/useful only in asm, so I've given it its own symbol that can be addressed in pc-relative ways from asm rather than adding a field in the __libc structure which would require hard-coding the offset wherever it's used.
2012-06-14direct syscall to open in __init_security needs O_LARGEFILERich Felker-1/+1
it probably does not matter for /dev/null, but this should be done consistently anyway.
2012-05-10fix missing static (namespace clash)Rich Felker-1/+1
2012-05-03overhaul SSP support to use a real canaryRich Felker-8/+17
pthread structure has been adjusted to match the glibc/GCC abi for where the canary is stored on i386 and x86_64. it will need variants for other archs to provide the added security of the canary's entropy, but even without that it still works as well as the old "minimal" ssp support. eventually such changes will be made anyway, since they are also needed for GCC/C11 thread-local storage support (not yet implemented). care is taken not to attempt initializing the thread pointer unless the program actually uses SSP (by reference to __stack_chk_fail).
2012-04-30make stack protector work with gcc configured for non-tls canaryRich Felker-0/+2
2012-04-24first attempt at enabling stack protector supportRich Felker-0/+21
the code is written to pre-init the thread pointer in static linked programs that pull in __stack_chk_fail or dynamic-linked programs that lookup the symbol. no explicit canary is set; the canary will be whatever happens to be in the thread structure at the offset gcc hard-coded. this can be improved later.
2011-08-23bring back ___environ symbol (3 underscores)Rich Felker-0/+1
its existence doesn't hurt anything, and dynamic-linked binaries using previous versions of musl were wrongly binding to it instead of __environ.
2011-08-23security hardening: ensure suid programs have valid stdin/out/errRich Felker-13/+38
this behavior (opening fds 0-2 for a suid program) is explicitly allowed (but not required) by POSIX to protect badly-written suid programs from clobbering files they later open. this commit does add some cost in startup code, but the availability of auxv and the security flag will be useful elsewhere in the future. in particular auxv is needed for static-linked vdso support, which is still waiting to be committed (sorry nik!)
2011-07-28fix for setenv bogus var argument handlingRich Felker-1/+1
thanks to mikachu per POSIX: The setenv() function shall fail if: [EINVAL] The name argument is a null pointer, points to an empty string, or points to a string containing an '=' character.
2011-04-06add startup abi functions, dummy for now. eventually needed for c++ support.Rich Felker-0/+10
2011-02-12initial check-in, version 0.5.0v0.5.0Rich Felker-0/+178