aboutsummaryrefslogtreecommitdiff
path: root/sys/sys/imgact_binmisc.h
Commit message (Collapse)AuthorAgeFilesLines
* imgact_binmisc: limit the extent of match on incoming entriesKyle Evans2020-11-081-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | imgact_binmisc matches magic/mask from imgp->image_header, which is only a single page in size mapped from the first page of an image. One can specify an interpreter that matches on, e.g., --offset 4096 --size 256 to read up to 256 bytes past the mapped first page. The limitation is that we cannot specify a magic string that exceeds a single page, and we can't allow offset + size to exceed a single page either. A static assert has been added in case someone finds it useful to try and expand the size, but it does seem a little unlikely. While this looks kind of exploitable at a sideways squinty-glance, there are a couple of mitigating factors: 1.) imgact_binmisc is not enabled by default, 2.) entries may only be added by the superuser, 3.) trying to exploit this information to read what's mapped past the end would be worse than a root canal or some other relatably painful experience, and 4.) there's no way one could pull this off without it being completely obvious. The first page is mapped out of an sf_buf, the implementation of which (or lack thereof) depends on your platform. MFC after: 1 week Notes: svn path=/head/; revision=367477
* imgact_binmisc: validate flags coming from userlandKyle Evans2020-11-071-0/+2
| | | | | | | | | | | We may want to reserve bits in the future for kernel-only use, so start rejecting any that aren't the two that we're currently expecting from userland. MFC after: 1 week Notes: svn path=/head/; revision=367442
* SPDX: mostly fixes to previous changes.Pedro F. Giffuni2017-12-131-0/+2
| | | | | | | | Introduce the recently approved BSD-1-Clause and replace 0BSD which never did fit well our use cases. Notes: svn path=/head/; revision=326823
* sys/sys: missed in r298981.Pedro F. Giffuni2016-05-031-1/+1
| | | | | | | | | | I am sure I've missed others as well, but at least it should be more readable now. No functional change. Notes: svn path=/head/; revision=298986
* sys/sys: minor spelling fixes.Pedro F. Giffuni2016-05-031-1/+1
| | | | | | | | | While the changes are minor, these headers are very visible. MFC after: 2 weeks Notes: svn path=/head/; revision=298981
* sys/kern/imgact_binmisc.c -- free the right pointer mask vs magicSean Bruno2014-04-081-4/+4
| | | | | | | | | | sys/sys/imagact_binmisc.h -- cleanup white space tabs vs spaces -- remove stray " in comment Submitted by: jmallett@ Notes: svn path=/head/; revision=264282
* Add Stacey Son's binary activation patches that allow remapping ofSean Bruno2014-04-081-0/+172
execution to a emumation program via parsing of ELF header information. With this kernel module and userland tool, poudriere is able to build ports packages via the QEMU userland tools (or another emulator program) in a different architecture chroot, e.g. TARGET=mips TARGET_ARCH=mips I'm not connecting this to GENERIC for obvious reasons, but this should allow the kernel module to be built by default and enable the building of the userland tool (which automatically loads the kernel module). Submitted by: sson@ Reviewed by: jhb@ Notes: svn path=/head/; revision=264269