upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-05-22 18:05:40 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
opnsense-src/lib/libc
History
Kyle Evans c4ccb6d1be jail: allow root to implicitly widen its cpuset to attach 
The default behavior for attaching processes to jails is that the jail's
cpuset augments the attaching processes, so that it cannot be used to
escalate a user's ability to take advantage of more CPUs than the
administrator wanted them to.

This is problematic when root needs to manage jails that have disjoint
sets with whatever process is attaching, as this would otherwise result
in a deadlock. Therefore, if we did not have an appropriate common
subset of cpus/domains for our new policy, we now allow the process to
simply take on the jail set *if* it has the privilege to widen its mask
anyways.

With the new logic, root can still usefully cpuset a process that
attaches to a jail with the desire of maintaining the set it was given
pre-attachment while still retaining the ability to manage child jails
without jumping through hoops.

A test has been added to demonstrate the issue; cpuset of a process
down to just the first CPU and attempting to attach to a jail without
access to any of the same CPUs previously resulted in EDEADLK and now
results in taking on the jail's mask for privileged users.

PR:		253724

(cherry picked from commit 60c4ec806d)
2021-03-03 20:04:10 -06:00
..
aarch64 Fix initial exec TLS mode for dynamically loaded shared objects. 2019-03-29 17:52:57 +00:00
amd64 amd64: move memcmp checks upfront 2021-02-04 17:59:10 +00:00
arm arm/ffs.S: remove stale comment. 2019-12-28 02:11:41 +00:00
capability Fix a few mandoc issues 2020-10-09 19:12:44 +00:00
compat-43 Adjust history, info source from v1's manuals 2019-09-04 13:44:46 +00:00
db Remove the SYMVER build option. 2020-04-30 22:08:40 +00:00
gdtoa Remove sparc64 specific parts of libc. 2020-02-26 18:55:09 +00:00
gen Remove __NO_TLS. 2021-03-02 02:49:42 +02:00
gmon
i386 remove obsolete i386 MD memchr implementation 2019-09-25 16:49:22 +00:00
iconv Remove the SYMVER build option. 2020-04-30 22:08:40 +00:00
include libthr: wrap pdfork(2), same as fork(2). 2021-01-11 22:59:52 +02:00
inet
isc
locale Remove __NO_TLS. 2021-03-02 02:49:42 +02:00
md
mips mips: fix some mcount nits 2019-09-02 01:55:55 +00:00
nameser Bounds check again after advancing cp, otherwise we have a possible 2019-09-05 19:35:30 +00:00
net libc: Fix most issues reported by mandoc 2020-12-19 14:54:28 +00:00
nls Implement strerror_l(). 2020-12-16 09:02:09 +00:00
posix1e Drop "All rights reserved" from all my stuff. This includes 2020-10-28 13:46:11 +00:00
powerpc Add CFI start/end proc directives to arm64, i386, and ppc 2020-12-05 00:33:28 +00:00
powerpc64 Add CFI start/end proc directives to arm64, i386, and ppc 2020-12-05 00:33:28 +00:00
powerpcspe [PowerPC] Implement VDSO timebase access on powerpc* 2020-09-08 03:00:31 +00:00
quad Add casts and L suffixes to libc quad support, to work around various 2020-02-17 20:14:59 +00:00
regex libc: regex: rework unsafe pointer arithmetic 2021-01-08 13:58:35 -06:00
resolv Rather than using the legacy IP struct fields in the union for the 2019-06-04 20:53:35 +00:00
riscv libc: Provide sub fp(s|g)etmask() implementations for RISC-V 2020-08-03 12:48:51 +00:00
rpc libc: fix buffer overrun in getrpcport(3) 2021-03-02 18:43:26 +00:00
secure Remove the SYMVER build option. 2020-04-30 22:08:40 +00:00
softfloat
stdio libc: try to skip memcpy in _gettemp 2021-02-01 12:39:15 +00:00
stdlib libc: Fix null pointer arithmetic warning in mergesort 2021-01-20 09:56:01 +00:00
stdtime strptime: make %k and %l specifiers match their description in 2018-11-03 23:37:13 +00:00
string Remove __NO_TLS. 2021-03-02 02:49:42 +02:00
sys getdirentries.2: fix for NFS mounts 2021-03-01 13:00:38 -08:00
tests jail: allow root to implicitly widen its cpuset to attach 2021-03-03 20:04:10 -06:00
uuid
x86 x86: switch vdso TSC timecounter to RDTSCP on AMD Zen CPUs 2021-01-21 14:55:31 +02:00
xdr typo: s/impelmentation/implementation/. 2020-02-07 15:14:29 +00:00
yp Increase the size of the send and receive buffers for YP client rpc 2019-09-16 06:42:01 +00:00
libc.ldscript
libc_nossp.ldscript
Makefile [PowerPC64LE] Use a shared LIBC_ARCH for powerpc64le. 2020-09-23 00:21:51 +00:00
Makefile.depend Update Makefile.depend files 2019-12-11 17:37:53 +00:00
Makefile.depend.options Update libssp paths in various Makefile.depend* files 2020-01-06 18:15:55 +00:00
Versions.def Create namespace for the symbols added during 13-CURRENT cycle. 2018-11-12 19:12:14 +00:00