| Age | Commit message (Collapse) | Author |
|---|
|
right now we defer to fallbacks otherwise, which
is wrong.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
now this code should be stable. no leaks.
yes. hardened mkhtemp. oh yeah mate.
now all i need is a main() and a getopt
loop, and pledge, unveil, and blackjack,
and something dubious of a titilating
nature.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
yeah, of course we don't bloody own /tmp
duh
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
the fd in fs_resolve_at is subsequently used
note that in practise, this is not a real fix:
the best fix is to cache all descriptors and
free them at the end, once resolution is done.
not a real fix, because now fd leaks,
but it's dealt with on program close.
not a util yet. just just stubbing this in
main to test various features.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
where the path is quite short and the number of X
is quite big compared to the rest of it, this
check will actually cause a false overflow
error. the maths are correct, just not the error
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
causes error on cross mount links
e.g. /tmp tmpfs
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
bloat
unveil can get pledged
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
yes. mkhtemp is ccoming along nicely
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
why would i write a secure mktemp to be used
on linux from 1999?????
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
i'm pretty much nearly there. still no dir support,
only files.
i won't keep amending now - will do more, then
squash later.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
err if buf NULL, len -1
also getrandom may return fewer bytes, so
loop that too.
why can't linux be like bsd? bsd is:
arc4random_buf(buf, len);
no checks needed. it never errs.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
for 1989
enabled via ifdef. not enabled by default.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
openbsd 2.1 has arc4random, which we detect here.
arandom was apparently added much later, so this
is dead code. remove it.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
we still fall back to the old /dev/urandom read
on older linux, via runtime detection (ENOSYS).
getrandom is better, because it guarantees entropy
via blocking, and works even when /dev/urandom
is unavailable.
it has the same practical benefit as arc4random,
which i use on bsd. linux can have arc4random,
but not every linux libc has it, so it's better
to use getrandom on linux.
older linux will fall back to /dev/urandom
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
also generally tidied the code and made
it more robust e.g. retries
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
more random characters
i added support for higher than the standard 6
characters so i can go nuts
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
200 retries, not 100.
and open with O_NOFOLLOW and O_CLOEXEC
check X on mkstemp
support more than 6 X in mkstemp
make PATH_LEN 4096
1024 is a bit low
make default mkstemp length 4096
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
that's what it does!
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
that's what it does. waits for eintr to stop firing
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
this is technically incorrect. we don't control
faults in the hardware.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
that's what it does. waits on eintr.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
rename to fsync_on_eintr, because that's what it does
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
i had this idea in my head of later porting this
to k&r c for fun. but screw it.
compiling on everything since 1989 is enough
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
handle init in xstatus()
it's now a singleton design
also tidied up some other code
also removed todo.c. bloat.
will do all those anyway.
too much change. i just kept
touching the code until it
looked good
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
only keep nvmutil.c in main
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
