| Age | Commit message (Collapse) | Author |
|---|
|
|
|
SystemServer now creates the /tmp/coredump and /tmp/profiler_coredumps
directories at startup, ensuring that they are owned by root, and with
basic 0755 permissions.
The kernel will also now refuse to put core dumps in a directory that
doesn't fulfill the following criteria:
- Owned by 0:0
- Directory with sticky bit not set
- 0755 permissions
Fixes #4435
Fixes #4850
|
|
This was very obviously racy and would only succeed if we already own
the socket anyway. (And if we do, we can bind to it without unlinking!)
Work towards #4876.
|
|
This doesn't solve half of the problems with /tmp/rpc, but this way we
can at least make it sticky instead of having it fully world-writable
and owned by whoever was the first to bind an RPC socket.
|
|
We were not handling sticky parents properly in sys$rmdir(). Child
directories of a sticky parent should not be rmdir'able by just anyone.
Only the owner and root.
Fixes #4875.
|
|
|
|
This ioctl can fail if we're resizing the terminal right when the shell
inside it has exited. Instead of throwing up a crash reporter, whine a
little bit in the debug log and exit cleanly moments later.
|
|
|
|
Fixes #4855.
|
|
e.g. completing `foo\ bar` now works as expected.
|
|
Since we always restart on a new line, there's no reason to clear the
previous lines.
|
|
This fixes an issue that shows up as a nice crash when "^R<enter>^C",
which is actually the event loop trying to call into a deleted object
(the search editor).
|
|
This leaves us with a total pledge of "stdio" when writing to
/etc/passwd and /etc/shadow which is kinda neat. :^)
|
|
There's not much work left to do at this point, but let's be strict.
|
|
|
|
Before this change, truncating an Ext2FS inode to a larger size than it
was before would give you uninitialized on-disk data.
Fix this by zeroing out all the new space when doing an inode resize.
This is pretty naively implemented via Inode::write_bytes() and there's
lots of room for cleverness here in the future.
|
|
Also remove some dbg()'s that were printing incorrect information.
|
|
Move some more complex globals into a Singleton, which allows it being
used from global destructors. It solves problems where some global
variables, such as HashMaps may already be deleted, triggering crashes
trying to use them.
|
|
This enable using global raw pointers rather than Singleton objects,
which solves some problems because global Singleton object could
be deleted when destructors are run.
|
|
This allows adding and removing of asynchronous signal handlers while
executing signal handlers, even if it is for the same signal that is
being handled right now.
|
|
These changes are arbitrarily divided into multiple commits to make it
easier to find potentially introduced bugs with git bisect.Everything:
The modifications in this commit were automatically made using the
following command:
find . -name '*.cpp' -exec sed -i -E 's/dbg\(\) << ("[^"{]*");/dbgln\(\1\);/' {} \;
|
|
These changes are arbitrarily divided into multiple commits to make it
easier to find potentially introduced bugs with git bisect.
|
|
These changes are arbitrarily divided into multiple commits to make it
easier to find potentially introduced bugs with git bisect.
|
|
These changes are arbitrarily divided into multiple commits to make it
easier to find potentially introduced bugs with git bisect.
|
|
|
|
|
|
This is a variant of bzero() that is guaranteed to not get optimized
away by the compiler. Useful for clearing out sensitive data.
|
|
These are nice when you want to move something out of the result,
and match the API we already have for Optional.
|
|
|
|
|
|
Not sure why we hadn't done this one sooner, seems like a high-value
program to pledge.
|
|
Once we have /etc/passwd and /etc/shadow open for writing, there's no
need for passwd to continue running as root.
We can also drop a bunch of pledge promises, further tightening things.
|
|
This patch moves the user account password hashes from /etc/passwd,
where they were world-readable, to /etc/shadow, where only root can
access them.
The Core::Account class is extended to support both authentication
against, and modification of /etc/shadow.
The default password for "anon" as of this commit is "foo" :^)
|
|
This will make it easier to keep macos tests and non-mac tests in
lockstep. Also, make sure flake8 and python are installed. This also
makes it easier to add other OS targets if we want.
|
|
|
|
|
|
|
|
This was missing a "toInt32()" which returns 0 for NaN and Infinity.
From the spec:
6.1.6.1.2 Number::bitwiseNOT ( x )
The abstract operation Number::bitwiseNOT takes argument x (a Number).
It performs the following steps when called:
Let oldValue be ! ToInt32(x).
Return the result of applying bitwise complement to oldValue.
The mathematical value of the result is exactly representable as
a 32-bit two's complement bit string.
Fixes #4868.
|
|
|
|
If we can fail with EFAULT early, might as well avoid switching the
paging scope.
|
|
These things happen, and it's not particularly noteworthy.
|
|
Instead of doing a forced layout synchronously whenever an element's
style is changed, use a zero-timer to do the forced relayout on next
event loop iteration.
This effectively coalesces a lot of layouts and makes many pages such
as GitHub spend way less time doing redundant layout work.
|
|
|
|
|
|
Fixes #4865.
|
|
|
|
|
|
When the font is changed in the Terminal application, we now resize the
terminal window to accomodate the new font.
|
|
The system language is US English. :^)
|
|
|
