For now, this also still uses the existing realpath implmentation
and emits a syslog if we see differening results. Once we have run
with that for a little while we will remove the old code
ok deraadt@
allocate pages, don't call abort() because of corefile data leakage
concerns, but simply _exit(). The reasoning is _rs_init() will only
fail if someone finds a way to apply specific pressure against this
failure point, for the purpose of leaking information into a core which
they can read. We don't need a corefile in this instance to debug that.
So take this "lever" away from whoever in the future wants to do that.
* mention LC_COLLATE;
* clarify that all these functions are infested, including the *_l() versions;
* avoid ENVIRONMENT, these functions don't inspect it;
* and point to the C library functions that change the locale.
OK millert@
clearly stating which arguments have to be avoided, and mention the
header files defining the constants required for the checks.
Feedback and OK guenther@, OK bluhm@.
CAVEATS pointing to the new CAVEATS section in setlocale(3).
Make those in wprintf(3) and wscanf(3) more concise
since duplicate information is a bad idea.
Incompleteness of information originally pointed out by millert@.
OK millert@
making the number of pools variable. Do not document the malloc
conf settings atm, don't know yet if they will stay. Thanks to all
the testers. ok deraadt@
libs have it, it is a function that is considered harmful, so:
Delete malloc_usable_size(). It is a function that blurs the line
between malloc managed memory and application managed memory and
exposes some of the internal workings of malloc. If an application
relies on that, it is likely to break using another implementation
of malloc. If you want usable size x, just allocate x bytes. ok
deraadt@ and other devs
The C implementation of str{,r}chr are not linked to the build, because
assembly implementations are used, but change to code for easier reference.
At least the i386 and amd64 are checked and seem to do the correct thing.
Found thanks to the csh any/strchr change.
minor pointers and OK millert@
- Start with a full page of struct region_info's
- Save an mprotect in the init code: allocate 3 pages with none and
make the middle page r/w instead of a r/w allocation and two calls to make the
guard pages none
but at that time ffs function calls were generated instead of the
compiler inlining the code. Now that ffs is marked protected in
libc this is handled better. Thanks to kshe who prompted me to
look at this again.
dance, mark it protected. This works better for both gcc and clang: gcc
blocks overriding of internal calls, while clang permits inlining again.
ok otto@