| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
(cherry picked from commit 047684a7cd651f889dd4bad41d95a8feb5717815)
Signed-off-by: Sam James <sam@gentoo.org>
|
| |
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
(cherry picked from commit 4bfa4576e7b64b16937f71094641ec0f39ee47c7)
Signed-off-by: Sam James <sam@gentoo.org>
|
| |
|
|
|
|
|
|
| |
Add a basic test that simply makes sure pspax executes just fine, i.e.
doesn't get killed by the seccomp policy.
Signed-off-by: Mathias Krause <minipli@grsecurity.net>
Signed-off-by: Mike Gilbert <floppym@gentoo.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
If alloca allocates too much stack space, program behavior is undefined,
and basically we segfault. There is no way to check whether this will
happen ahead of time, so our only choice is to switch to malloc. If we
try to allocate too much memory from the heap, we'll get a NULL pointer,
and we can diagnose & exit ourselves. Kind of sucks as alloca was a
perfect fit here, but since the size is coming directly from user input,
we can't trust it is always "reasonable".
Bug: https://bugs.gentoo.org/890579
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
| |
|
|
|
|
|
|
|
| |
Use the more standard HAVE_xxx convention, and only define when
available. This avoids further confusion with code that is using
"#ifdef" already.
Signed-off-by: Mike Frysinger <vapier@chromium.org>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
| |
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@chromium.org>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Not sure why, but the dumpelf.fuzz fuzzer fails when it's calling
prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, ...) at security_init.
So I suggest disabling seccomp for fuzzy testing.
Also, in order to not run indefinitely,
the fuzzer must be executed with some reasonable options.
https://releases.llvm.org/14.0.0/docs/LibFuzzer.html#options
Signed-off-by: Aliaksei Urbanski <aliaksei.urbanski@gmail.com>
Closes: https://github.com/gentoo/pax-utils/pull/13
Signed-off-by: Sam James <sam@gentoo.org>
|
| |
|
|
| |
Signed-off-by: Sam James <sam@gentoo.org>
|
| |
|
|
| |
Signed-off-by: Sam James <sam@gentoo.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Meson doesn't have an idiomatic way of doing this (for once!)
so we have to (per Eli Schwartz, thanks!) have:
1. a dist script which duplicates the build rule;
2. some meson.build if/else logic with fs.exists() to prefer the built manpage when using tarballs
Sadly, still can't easily regenerate man pages if
you apply a patch downstream though.
We use Michael Stapelberg's example from the linked bug as inspiration.
Bug: https://github.com/mesonbuild/meson/issues/2166
Reported-by: psykose <alice@ayaya.dev>
Thanks-to: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Sam James <sam@gentoo.org>
|
| |
|
|
| |
Signed-off-by: Sam James <sam@gentoo.org>
|
|
|
Some notes about the new build systems:
- I don't fully understand the testing system, but I think I understood
it well enough to implement an equivalent one.
- use_seccomp could be replaced by detecting seccomp support at runtime
(without support, Linux returns -EINVAL in include/linux/seccomp.h)
- The fuzzing test is broken and seems to have been for a while (see
commit 67f3ba64c91b5e1ac9fbbd0bc039fb8ca653cae1, it fails to fuzz on
my machine)
- make-tarball.sh has been replaced with meson dist - hopefully this
works. meson dist should also call seccomp-bpf.c to update
seccomp-bpf.h
Signed-off-by: Arsen Arsenović <arsen@aarsen.me>
Signed-off-by: Sam James <sam@gentoo.org>
|
Mike Frysinger
Mathias Krause
Mike Frysinger
Aliaksei Urbanski
Sam James
Arsen Arsenović
GitWeb