has many small functions without significant local storage, therefore
less tail protection from -fstack-protector-strong to prevent their use
as ROP gadgets. It is used in security contexts. Also many functions
dribble pointers onto the stack, allowing discovery of gadgets via the
fixed relative addresses, so let's randomly bias those.
ok tedu jsing
The rc script will soon need a strategy for skipping this step on
machines with poor IO performance. Or maybe do it less often? However,
I don't see many more libraries we'll do this with, these are the two
most important ones.
of "ok" so the user is warned and has a chance to fix it (most of the time
due to bogus flags). Daemons reaching the timeout without being able to
start are still marked as "failed" (which should also give a clue to the
user that some investigation is needed).
prodded by beck@ a while ago
discussed with and ok sthen@
to know which daemon cannot background themselves (actually we want to
know the opposite, but there are much more). However, it's only needed in
_rc_wait and rc.subr still does its magic without the need to add `&'.
- prevent a daemon from hanging the boot
(typo in your flagsm e.g. httpd_flags=-d)
- make sure we can get the status of a backgrounded daemon instead of always
returning success
Side effect of this is that we can kill a knob! rip rc_bg :-)
Ports will need love, and a second commit is coming for that.
The diff is small yet not trivial so I am committing early in the release
process in one shot so it can easily be reverted if needed. I started working on
this during g2k16 in Cambridge then finished it in Brisbane for a2k17 where
robert@, beck@ and sthen@ agreed it was the correct way to go and I should move
ahead with it post 6.1.
If you see any regression, please talk to me!
when the recursion depth reaches 2*lg(n + 1). This avoids quicksort's
quadratic behavior for pathological input without appreciably
changing the average run time.
side of the array being partitioned to save on stack space. Greater
savings can be gained by choosing recursion for the smaller side
of the partition and eliminating recursion for the larger side.
This also results in a small but measurable performance gain.
OK otto@ schwarze@
done in ifstart(). Remove ipv6autoconf() and replace rtsolif with a boolean
variable V6_AUTOCONF. Replace dhcpif with a boolean variable V4_DHCPCONF.
Both are later used in defaultroute() to decide whether or not to configre
defaultroutes from /etc/mygate.
OK krw@
Now that route are automatically G/C with the address they are attached
to there's no reason to duplicate the kernel's job.
Fix a regression introduced with multipath default routes.
ok deraadt@
use fallback mechanims if unsuccessful.
The design of Linux getrandom is broken. It has an
uninitialized phase coupled with blocking behaviour, which
is unacceptable from within a library at boot time without
possible recovery.
ok deraadt@ jsing@
or carp. Ensure that the noglob option is disabled at the end of
parse_hn_line() and ifstart().
Reported by Christer Solskogen and Stefan Wollny, thanks!
hostname.if(5) parsing code in ifstart().
Add a -n option to netstart to only print the interface configuration
commands instead of executing them.
Add a HN_DIR variable, that points to the directory of the hostname.if
files (default /etc) that allows for future regression tests.
- add new parse_hn_line() function
- change ifstart()
- rename $if to $_if
- don't ifconfig or ifconfig create if -n option is used
- replace hostname.if(5) parsing code with new parse_hn_line()
- just print configuration commands if -n option is used
- autoconf now happens in ifstart(), remove ifv6autoconf()
- introduce HN_DIR variable for the hostname.if file location
- add handling of the -n option to only print config commands
- ensure -n is only used if interfaces are specified as parameters
Discussed with and positive feedback from many
'commit' deraadt@
OK sthen@
size if canaries are enabled. In that case we have the exact requested
size of the allocation. But we can at least check the given size
against the chunk size if C is not enabled. Plus add some braces
so my brain doesn't have to scan for dangling else problems when I
see this code.
This gives fast access to the address on systems that implement
the UserLocal register. TCB caching is still used when running
in the single-threaded mode in order not to penalize old systems.
The kernel counterpart of this change must be in place before
using this diff!
With guenther@
without -Q during the build and in weekly(8). According to tests
by many developers, makewhatis(8) takes a few minutes at most even
on slower hardware like octeon, loongson, ALIX, RPI3, Soekris,
cubox, softiron etc., and security(8) is often worse than makewhatis(8).
In case this causes excessive weekly(8) run times on even slower
(~50 MHz-class) CPUs, consider adding "MAKEWHATISARGS=-Q" to
/etc/weekly.local on machines that feel unhappy.
OK sthen@ kettenis@ millert@ deraadt@