diff options
Diffstat (limited to 'libexec')
| -rw-r--r-- | libexec/comsat/comsat.c | 40 | ||||
| -rw-r--r-- | libexec/dma/dmagent/Makefile | 8 | ||||
| -rw-r--r-- | libexec/rc/rc | 4 | ||||
| -rw-r--r-- | libexec/rc/rc.conf | 2 | ||||
| -rw-r--r-- | libexec/rc/rc.d/Makefile | 2 | ||||
| -rwxr-xr-x | libexec/rc/rc.d/hostname | 4 | ||||
| -rwxr-xr-x | libexec/rc/rc.d/mountd | 2 | ||||
| -rwxr-xr-x | libexec/rc/rc.d/pf | 2 | ||||
| -rwxr-xr-x | libexec/rc/rc.d/routing | 2 | ||||
| -rwxr-xr-x | libexec/rc/rc.d/zfs | 8 | ||||
| -rwxr-xr-x | libexec/rc/rc.d/zfsbe | 2 | ||||
| -rw-r--r-- | libexec/rc/rc.shutdown | 4 | ||||
| -rw-r--r-- | libexec/rc/rc.subr | 4 | ||||
| -rw-r--r-- | libexec/rc/tests/rc_subr_test.sh | 4 | ||||
| -rw-r--r-- | libexec/rtld-elf/aarch64/reloc.c | 7 | ||||
| -rw-r--r-- | libexec/rtld-elf/map_object.c | 2 | ||||
| -rw-r--r-- | libexec/rtld-elf/riscv/reloc.c | 7 | ||||
| -rw-r--r-- | libexec/rtld-elf/rtld.c | 157 | ||||
| -rw-r--r-- | libexec/tftpd/tftpd.c | 6 |
19 files changed, 166 insertions, 101 deletions
diff --git a/libexec/comsat/comsat.c b/libexec/comsat/comsat.c index d5d1eedeb5f3..cb00ee4a9392 100644 --- a/libexec/comsat/comsat.c +++ b/libexec/comsat/comsat.c @@ -113,29 +113,24 @@ mailfor(char *name) char *file; off_t offset; int folder; - char buf[sizeof(_PATH_MAILDIR) + sizeof(utp->ut_user) + 1]; - char buf2[sizeof(_PATH_MAILDIR) + sizeof(utp->ut_user) + 1]; + char buf[MAXPATHLEN]; - if (!(cp = strchr(name, '@'))) + if ((cp = strchr(name, '@')) == NULL) return; *cp = '\0'; offset = strtoll(cp + 1, NULL, 10); - if (!(cp = strchr(cp + 1, ':'))) - file = name; - else - file = cp + 1; - sprintf(buf, "%s/%.*s", _PATH_MAILDIR, (int)sizeof(utp->ut_user), - name); - if (*file != '/') { - sprintf(buf2, "%s/%.*s", _PATH_MAILDIR, - (int)sizeof(utp->ut_user), file); - file = buf2; + if ((cp = strchr(cp + 1, ':')) != NULL && + strchr((file = cp + 1), '/') == NULL) { + snprintf(buf, sizeof(buf), "%s/%s", _PATH_MAILDIR, file); + folder = 1; + } else { + snprintf(buf, sizeof(buf), "%s/%s", _PATH_MAILDIR, name); + folder = 0; } - folder = strcmp(buf, file); setutxent(); while ((utp = getutxent()) != NULL) if (utp->ut_type == USER_PROCESS && !strcmp(utp->ut_user, name)) - notify(utp, file, offset, folder); + notify(utp, buf, offset, folder); endutxent(); } @@ -159,8 +154,7 @@ notify(struct utmpx *utp, char file[], off_t offset, int folder) utp->ut_line); return; } - (void)snprintf(tty, sizeof(tty), "%s%.*s", - _PATH_DEV, (int)sizeof(utp->ut_line), utp->ut_line); + (void)snprintf(tty, sizeof(tty), "%s%s", _PATH_DEV, utp->ut_line); if (stat(tty, &stb) == -1 || !(stb.st_mode & (S_IXUSR | S_IXGRP))) { dsyslog(LOG_DEBUG, "%s: wrong mode on %s", utp->ut_user, tty); return; @@ -187,26 +181,20 @@ notify(struct utmpx *utp, char file[], off_t offset, int folder) initgroups(p->pw_name, p->pw_gid) == -1 || setgid(p->pw_gid) == -1 || setuid(p->pw_uid) == -1) - return; + _exit(1); - switch (stb.st_mode & (S_IXUSR | S_IXGRP)) { - case S_IXUSR: - case (S_IXUSR | S_IXGRP): + if (stb.st_mode & S_IXUSR) { (void)fprintf(tp, "%s\007New mail for %s@%.*s\007 has arrived%s%s%s:%s----%s", cr, utp->ut_user, (int)sizeof(hostname), hostname, folder ? cr : "", folder ? "to " : "", folder ? file : "", cr, cr); jkfprintf(tp, file, offset); - break; - case S_IXGRP: + } else if (stb.st_mode & S_IXGRP) { (void)fprintf(tp, "\007"); (void)fflush(tp); (void)sleep(1); (void)fprintf(tp, "\007"); - break; - default: - break; } (void)fclose(tp); _exit(0); diff --git a/libexec/dma/dmagent/Makefile b/libexec/dma/dmagent/Makefile index 5f7deeea0b05..f707cfa3264f 100644 --- a/libexec/dma/dmagent/Makefile +++ b/libexec/dma/dmagent/Makefile @@ -15,14 +15,16 @@ SRCS= aliases_parse.y \ net.c \ spool.c \ util.c -MAN8= dma.8 +MAN= dma.8 MLINKS= dma.8 dma.conf.5 -CONFS= dma.conf +CONFSMODE= 0640 +CONFSGRP= mail +CONFS= auth.conf dma.conf CONFSDIR= ${CONFDIR}/dma CFLAGS+= -DOPENSSL_API_COMPAT=0x10100000L YFLAGS+= -i CLEANFILES= aliases_parse.i -FILES= auth.conf mailer.conf +FILES= mailer.conf FILESDIR= ${SHAREDIR}/examples/dma BINMODE= 2555 diff --git a/libexec/rc/rc b/libexec/rc/rc index 5ed47d6eac20..db3c3e20ab44 100644 --- a/libexec/rc/rc +++ b/libexec/rc/rc @@ -83,9 +83,9 @@ fi trap "_rc_conf_loaded=false; load_rc_config" ALRM skip="-s nostart" -if [ `/sbin/sysctl -n security.jail.jailed` -eq 1 ]; then +if check_jail jailed; then skip="$skip -s nojail" - if [ `/sbin/sysctl -n security.jail.vnet` -ne 1 ]; then + if ! check_jail vnet; then skip="$skip -s nojailvnet" fi fi diff --git a/libexec/rc/rc.conf b/libexec/rc/rc.conf index 00f4b718bfad..d502361eca37 100644 --- a/libexec/rc/rc.conf +++ b/libexec/rc/rc.conf @@ -694,7 +694,7 @@ entropy_file="/entropy" # Set to NO to disable late (used when going multi-user) entropy_dir="/var/db/entropy" # Set to NO to disable caching entropy via cron. entropy_save_sz="4096" # Size of the entropy cache files. entropy_save_num="8" # Number of entropy cache files to save. -harvest_mask="511" # Entropy device harvests all but the very invasive sources. +harvest_mask="4607" # Entropy device harvests all but the very invasive sources. # (See 'sysctl kern.random.harvest' and random(4)) osrelease_enable="YES" # Update /var/run/os-release on boot (or NO). osrelease_file="/var/run/os-release" # File to update for os-release. diff --git a/libexec/rc/rc.d/Makefile b/libexec/rc/rc.d/Makefile index 8199779e5772..27d8a7526691 100644 --- a/libexec/rc/rc.d/Makefile +++ b/libexec/rc/rc.d/Makefile @@ -223,7 +223,7 @@ FTPDPACKAGE= ftpd .if ${MK_GSSAPI} != "no" CONFGROUPS+= GSSD GSSD= gssd -GSSDPACKAGE= kerberos +GSSDPACKAGE= gssd .endif .if ${MK_HAST} != "no" diff --git a/libexec/rc/rc.d/hostname b/libexec/rc/rc.d/hostname index 8b26c4f60633..0bc31ccd787e 100755 --- a/libexec/rc/rc.d/hostname +++ b/libexec/rc/rc.d/hostname @@ -42,8 +42,8 @@ hostname_start() # If we are not inside a jail, set the host name. # If we are inside a jail, set the host name if it is permitted. # - if [ `$SYSCTL_N security.jail.jailed` -eq 1 ]; then - if [ `$SYSCTL_N security.jail.set_hostname_allowed` -eq 0 ]; then + if check_jail jailed; then + if ! check_jail set_hostname_allowed; then return fi else diff --git a/libexec/rc/rc.d/mountd b/libexec/rc/rc.d/mountd index 8c0aa87e1d13..dfd2431f9c35 100755 --- a/libexec/rc/rc.d/mountd +++ b/libexec/rc/rc.d/mountd @@ -70,6 +70,8 @@ mountd_precmd() } load_rc_config $name +load_rc_config nfsd +load_rc_config zfs # precmd is not compatible with svcj mountd_svcj="NO" diff --git a/libexec/rc/rc.d/pf b/libexec/rc/rc.d/pf index 0b4c086db22b..46fb085e5175 100755 --- a/libexec/rc/rc.d/pf +++ b/libexec/rc/rc.d/pf @@ -38,7 +38,7 @@ pf_fallback() $pf_program -f "$pf_fallback_rules_file" $pf_flags else warn "Loading fallback rules: $pf_fallback_rules" - echo $pf_fallback_rules | $pf_program -f - $pf_flags + echo "$pf_fallback_rules" | $pf_program -f - $pf_flags fi } diff --git a/libexec/rc/rc.d/routing b/libexec/rc/rc.d/routing index 893acb83cf4a..dd75604125a3 100755 --- a/libexec/rc/rc.d/routing +++ b/libexec/rc/rc.d/routing @@ -331,7 +331,7 @@ _check_dynamicrouting() # copied from /etc/rc skip="-s nostart" - if [ `/sbin/sysctl -n security.jail.jailed` -eq 1 ]; then + if check_jail jailed; then skip="$skip -s nojail" fi [ -n "$local_startup" ] && find_local_scripts_new diff --git a/libexec/rc/rc.d/zfs b/libexec/rc/rc.d/zfs index 26bf3046444b..f88f65c2ec18 100755 --- a/libexec/rc/rc.d/zfs +++ b/libexec/rc/rc.d/zfs @@ -18,7 +18,7 @@ required_modules="zfs" zfs_start_jail() { - if [ `$SYSCTL_N security.jail.mount_allowed` -eq 1 ]; then + if check_jail mount_allowed; then zfs mount -a fi } @@ -34,7 +34,7 @@ zfs_start_main() zfs_start() { - if [ `$SYSCTL_N security.jail.jailed` -eq 1 ]; then + if check_jail jailed; then zfs_start_jail else zfs_start_main @@ -54,7 +54,7 @@ zfs_poststart() zfs_stop_jail() { - if [ `$SYSCTL_N security.jail.mount_allowed` -eq 1 ]; then + if check_jail mount_allowed; then zfs unmount -a fi } @@ -67,7 +67,7 @@ zfs_stop_main() zfs_stop() { - if [ `$SYSCTL_N security.jail.jailed` -eq 1 ]; then + if check_jail jailed; then zfs_stop_jail else zfs_stop_main diff --git a/libexec/rc/rc.d/zfsbe b/libexec/rc/rc.d/zfsbe index f61f3bf097f0..22d53f219679 100755 --- a/libexec/rc/rc.d/zfsbe +++ b/libexec/rc/rc.d/zfsbe @@ -64,7 +64,7 @@ activate_bootonce() be_start() { - if [ `$SYSCTL_N security.jail.jailed` -eq 1 ]; then + if check_jail jailed; then : else mount -p | while read _dev _mp _type _rest; do diff --git a/libexec/rc/rc.shutdown b/libexec/rc/rc.shutdown index 18f67f5ca124..3dfd7a7e0936 100644 --- a/libexec/rc/rc.shutdown +++ b/libexec/rc/rc.shutdown @@ -83,9 +83,9 @@ fi # and perform the operation # rcorder_opts="-k shutdown" -if [ `/sbin/sysctl -n security.jail.jailed` -eq 1 ]; then +if check_jail jailed; then rcorder_opts="$rcorder_opts -s nojail" - if [ `/sbin/sysctl -n security.jail.vnet` -ne 1 ]; then + if ! check_jail vnet; then rcorder_opts="$rcorder_opts -s nojailvnet" fi fi diff --git a/libexec/rc/rc.subr b/libexec/rc/rc.subr index 2eaf336b5220..a2e2e98a5087 100644 --- a/libexec/rc/rc.subr +++ b/libexec/rc/rc.subr @@ -1689,7 +1689,7 @@ $_cpusetcmd $command $rc_flags $command_args" start) # We cannot use protect(1) inside jails. if [ -n "$_oomprotect" ] && [ -f "${PROTECT}" ] && - [ "$(sysctl -n security.jail.jailed)" -eq 0 ]; then + ! check_jail jailed; then [ -z "${rc_pid}" ] && eval $_pidcmd case $_oomprotect in [Aa][Ll][Ll]) @@ -2671,7 +2671,7 @@ check_required_after() } # check_jail mib -# Return true if security.jail.$mib exists and set to 1. +# Return true if security.jail.$mib exists and is set to 1. check_jail() { diff --git a/libexec/rc/tests/rc_subr_test.sh b/libexec/rc/tests/rc_subr_test.sh index 60f77c2c2de3..9931389e7a02 100644 --- a/libexec/rc/tests/rc_subr_test.sh +++ b/libexec/rc/tests/rc_subr_test.sh @@ -52,7 +52,7 @@ oomprotect_all_body() _rc_arg="$4" setvar "${name}_oomprotect" all command="/usr/sbin/daemon" - command_args="-P $pidfile -p $_childpidfile -- /bin/sleep 5" + command_args="-P $pidfile -p $_childpidfile -- /bin/sleep 60" run_rc_command "$_rc_arg" LITERAL @@ -92,7 +92,7 @@ oomprotect_yes_body() setvar "${name}_oomprotect" yes procname="/bin/sleep" command="/usr/sbin/daemon" - command_args="-p $pidfile -- $procname 5" + command_args="-p $pidfile -- $procname 60" run_rc_command "$_rc_arg" LITERAL diff --git a/libexec/rtld-elf/aarch64/reloc.c b/libexec/rtld-elf/aarch64/reloc.c index 2b64b48585db..62d664f8fb80 100644 --- a/libexec/rtld-elf/aarch64/reloc.c +++ b/libexec/rtld-elf/aarch64/reloc.c @@ -37,13 +37,6 @@ #include "rtld_printf.h" /* - * It is possible for the compiler to emit relocations for unaligned data. - * We handle this situation with these inlines. - */ -#define RELOC_ALIGNED_P(x) \ - (((uintptr_t)(x) & (sizeof(void *) - 1)) == 0) - -/* * This is not the correct prototype, but we only need it for * a function pointer to a simple asm function. */ diff --git a/libexec/rtld-elf/map_object.c b/libexec/rtld-elf/map_object.c index 04d17072af77..c6a98b50a165 100644 --- a/libexec/rtld-elf/map_object.c +++ b/libexec/rtld-elf/map_object.c @@ -337,7 +337,7 @@ map_object(int fd, const char *path, const struct stat *sb, bool ismain) obj->tlsalign = phtls->p_align; obj->tlspoffset = phtls->p_offset; obj->tlsinitsize = phtls->p_filesz; - obj->tlsinit = mapbase + phtls->p_vaddr; + obj->tlsinit = obj->relocbase + phtls->p_vaddr; } obj->stack_flags = stack_flags; if (note_start < note_end) diff --git a/libexec/rtld-elf/riscv/reloc.c b/libexec/rtld-elf/riscv/reloc.c index 390e8c458c28..25c0befb774e 100644 --- a/libexec/rtld-elf/riscv/reloc.c +++ b/libexec/rtld-elf/riscv/reloc.c @@ -40,13 +40,6 @@ #include "rtld.h" #include "rtld_printf.h" -/* - * It is possible for the compiler to emit relocations for unaligned data. - * We handle this situation with these inlines. - */ -#define RELOC_ALIGNED_P(x) \ - (((uintptr_t)(x) & (sizeof(void *) - 1)) == 0) - uint64_t set_gp(Obj_Entry *obj) { diff --git a/libexec/rtld-elf/rtld.c b/libexec/rtld-elf/rtld.c index 1459b38f3720..17196f55c271 100644 --- a/libexec/rtld-elf/rtld.c +++ b/libexec/rtld-elf/rtld.c @@ -82,9 +82,15 @@ struct dlerror_save { char *msg; }; +struct tcb_list_entry { + TAILQ_ENTRY(tcb_list_entry) next; +}; + /* * Function declarations. */ +static bool allocate_tls_offset_common(size_t *offp, size_t tlssize, + size_t tlsalign, size_t tlspoffset); static const char *basename(const char *); static void digest_dynamic1(Obj_Entry *, int, const Elf_Dyn **, const Elf_Dyn **, const Elf_Dyn **); @@ -92,7 +98,7 @@ static bool digest_dynamic2(Obj_Entry *, const Elf_Dyn *, const Elf_Dyn *, const Elf_Dyn *); static bool digest_dynamic(Obj_Entry *, int); static Obj_Entry *digest_phdr(const Elf_Phdr *, int, caddr_t, const char *); -static void distribute_static_tls(Objlist *, RtldLockState *); +static void distribute_static_tls(Objlist *); static Obj_Entry *dlcheck(void *); static int dlclose_locked(void *, RtldLockState *); static Obj_Entry *dlopen_object(const char *name, int fd, Obj_Entry *refobj, @@ -303,6 +309,10 @@ static size_t tls_static_max_align; Elf_Addr tls_dtv_generation = 1; /* Used to detect when dtv size changes */ int tls_max_index = 1; /* Largest module index allocated */ +static TAILQ_HEAD(, tcb_list_entry) tcb_list = + TAILQ_HEAD_INITIALIZER(tcb_list); +static size_t tcb_list_entry_offset; + static bool ld_library_path_rpath = false; bool ld_fast_sigblock = false; @@ -929,6 +939,19 @@ _rtld(Elf_Addr *sp, func_ptr_type *exit_proc, Obj_Entry **objp) allocate_tls_offset(entry->obj); } + if (!allocate_tls_offset_common(&tcb_list_entry_offset, + sizeof(struct tcb_list_entry), _Alignof(struct tcb_list_entry), + 0)) { + /* + * This should be impossible as the static block size is not + * yet fixed, but catch and diagnose it failing if that ever + * changes or somehow turns out to be false. + */ + _rtld_error("Could not allocate offset for tcb_list_entry"); + rtld_die(); + } + dbg("tcb_list_entry_offset %zu", tcb_list_entry_offset); + if (relocate_objects(obj_main, ld_bind_now != NULL && *ld_bind_now != '\0', &obj_rtld, SYMLOOK_EARLY, NULL) == -1) @@ -3973,7 +3996,7 @@ dlopen_object(const char *name, int fd, Obj_Entry *refobj, int lo_flags, if ((lo_flags & RTLD_LO_EARLY) == 0) { map_stacks_exec(lockstate); if (obj != NULL) - distribute_static_tls(&initlist, lockstate); + distribute_static_tls(&initlist); } if (initlist_objects_ifunc(&initlist, (mode & RTLD_MODEMASK) == @@ -5400,6 +5423,44 @@ tls_get_addr_common(struct tcb *tcb, int index, size_t offset) return (tls_get_addr_slow(tcb, index, offset, false)); } +static struct tcb * +tcb_from_tcb_list_entry(struct tcb_list_entry *tcbelm) +{ +#ifdef TLS_VARIANT_I + return ((struct tcb *)((char *)tcbelm - tcb_list_entry_offset)); +#else + return ((struct tcb *)((char *)tcbelm + tcb_list_entry_offset)); +#endif +} + +static struct tcb_list_entry * +tcb_list_entry_from_tcb(struct tcb *tcb) +{ +#ifdef TLS_VARIANT_I + return ((struct tcb_list_entry *)((char *)tcb + tcb_list_entry_offset)); +#else + return ((struct tcb_list_entry *)((char *)tcb - tcb_list_entry_offset)); +#endif +} + +static void +tcb_list_insert(struct tcb *tcb) +{ + struct tcb_list_entry *tcbelm; + + tcbelm = tcb_list_entry_from_tcb(tcb); + TAILQ_INSERT_TAIL(&tcb_list, tcbelm, next); +} + +static void +tcb_list_remove(struct tcb *tcb) +{ + struct tcb_list_entry *tcbelm; + + tcbelm = tcb_list_entry_from_tcb(tcb); + TAILQ_REMOVE(&tcb_list, tcbelm, next); +} + #ifdef TLS_VARIANT_I /* @@ -5513,6 +5574,7 @@ allocate_tls(Obj_Entry *objs, void *oldtcb, size_t tcbsize, size_t tcbalign) } } + tcb_list_insert(tcb); return (tcb); } @@ -5524,6 +5586,8 @@ free_tls(void *tcb, size_t tcbsize, size_t tcbalign __unused) size_t post_size; size_t i, tls_init_align __unused; + tcb_list_remove(tcb); + assert(tcbsize >= TLS_TCB_SIZE); tls_init_align = MAX(obj_main->tlsalign, 1); @@ -5624,6 +5688,7 @@ allocate_tls(Obj_Entry *objs, void *oldtcb, size_t tcbsize, size_t tcbalign) } } + tcb_list_insert(tcb); return (tcb); } @@ -5635,6 +5700,8 @@ free_tls(void *tcb, size_t tcbsize __unused, size_t tcbalign) size_t i; uintptr_t tlsstart, tlsend; + tcb_list_remove(tcb); + /* * Figure out the size of the initial TLS block so that we can * find stuff which ___tls_get_addr() allocated dynamically. @@ -5698,32 +5765,22 @@ allocate_module_tls(struct tcb *tcb, int index) return (p); } -bool -allocate_tls_offset(Obj_Entry *obj) +static bool +allocate_tls_offset_common(size_t *offp, size_t tlssize, size_t tlsalign, + size_t tlspoffset __unused) { size_t off; - if (obj->tls_dynamic) - return (false); - - if (obj->tls_static) - return (true); - - if (obj->tlssize == 0) { - obj->tls_static = true; - return (true); - } - if (tls_last_offset == 0) - off = calculate_first_tls_offset(obj->tlssize, obj->tlsalign, - obj->tlspoffset); + off = calculate_first_tls_offset(tlssize, tlsalign, + tlspoffset); else off = calculate_tls_offset(tls_last_offset, tls_last_size, - obj->tlssize, obj->tlsalign, obj->tlspoffset); + tlssize, tlsalign, tlspoffset); - obj->tlsoffset = off; + *offp = off; #ifdef TLS_VARIANT_I - off += obj->tlssize; + off += tlssize; #endif /* @@ -5735,12 +5792,34 @@ allocate_tls_offset(Obj_Entry *obj) if (tls_static_space != 0) { if (off > tls_static_space) return (false); - } else if (obj->tlsalign > tls_static_max_align) { - tls_static_max_align = obj->tlsalign; + } else if (tlsalign > tls_static_max_align) { + tls_static_max_align = tlsalign; } tls_last_offset = off; - tls_last_size = obj->tlssize; + tls_last_size = tlssize; + + return (true); +} + +bool +allocate_tls_offset(Obj_Entry *obj) +{ + if (obj->tls_dynamic) + return (false); + + if (obj->tls_static) + return (true); + + if (obj->tlssize == 0) { + obj->tls_static = true; + return (true); + } + + if (!allocate_tls_offset_common(&obj->tlsoffset, obj->tlssize, + obj->tlsalign, obj->tlspoffset)) + return (false); + obj->tls_static = true; return (true); @@ -6124,25 +6203,29 @@ map_stacks_exec(RtldLockState *lockstate) } static void -distribute_static_tls(Objlist *list, RtldLockState *lockstate) +distribute_static_tls(Objlist *list) { - Objlist_Entry *elm; + struct tcb_list_entry *tcbelm; + Objlist_Entry *objelm; + struct tcb *tcb; Obj_Entry *obj; - void (*distrib)(size_t, void *, size_t, size_t); + char *tlsbase; - distrib = (void (*)(size_t, void *, size_t, size_t))( - uintptr_t)get_program_var_addr("__pthread_distribute_static_tls", - lockstate); - if (distrib == NULL) - return; - STAILQ_FOREACH(elm, list, link) { - obj = elm->obj; + STAILQ_FOREACH(objelm, list, link) { + obj = objelm->obj; if (obj->marker || !obj->tls_static || obj->static_tls_copied) continue; - lock_release(rtld_bind_lock, lockstate); - distrib(obj->tlsoffset, obj->tlsinit, obj->tlsinitsize, - obj->tlssize); - wlock_acquire(rtld_bind_lock, lockstate); + TAILQ_FOREACH(tcbelm, &tcb_list, next) { + tcb = tcb_from_tcb_list_entry(tcbelm); +#ifdef TLS_VARIANT_I + tlsbase = (char *)tcb + obj->tlsoffset; +#else + tlsbase = (char *)tcb - obj->tlsoffset; +#endif + memcpy(tlsbase, obj->tlsinit, obj->tlsinitsize); + memset(tlsbase + obj->tlsinitsize, 0, + obj->tlssize - obj->tlsinitsize); + } obj->static_tls_copied = true; } } diff --git a/libexec/tftpd/tftpd.c b/libexec/tftpd/tftpd.c index f8f9bd549a2e..a3faee86e7d0 100644 --- a/libexec/tftpd/tftpd.c +++ b/libexec/tftpd/tftpd.c @@ -351,10 +351,14 @@ main(int argc, char *argv[]) tftp_log(LOG_ERR, "chdir: %s", strerror(errno)); exit(1); } - if (setgroups(1, &nobody->pw_gid) != 0) { + if (setgroups(0, NULL) != 0) { tftp_log(LOG_ERR, "setgroups failed"); exit(1); } + if (setgid(nobody->pw_gid) != 0) { + tftp_log(LOG_ERR, "setgid failed"); + exit(1); + } if (setuid(nobody->pw_uid) != 0) { tftp_log(LOG_ERR, "setuid failed"); exit(1); |