| Age | Commit message (Collapse) | Author |
|---|
|
right now we defer to fallbacks otherwise, which
is wrong.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
now this code should be stable. no leaks.
yes. hardened mkhtemp. oh yeah mate.
now all i need is a main() and a getopt
loop, and pledge, unveil, and blackjack,
and something dubious of a titilating
nature.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
yeah, of course we don't bloody own /tmp
duh
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
the fd in fs_resolve_at is subsequently used
note that in practise, this is not a real fix:
the best fix is to cache all descriptors and
free them at the end, once resolution is done.
not a real fix, because now fd leaks,
but it's dealt with on program close.
not a util yet. just just stubbing this in
main to test various features.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
where the path is quite short and the number of X
is quite big compared to the rest of it, this
check will actually cause a false overflow
error. the maths are correct, just not the error
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
causes error on cross mount links
e.g. /tmp tmpfs
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
bloat
unveil can get pledged
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
yes. mkhtemp is ccoming along nicely
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
why would i write a secure mktemp to be used
on linux from 1999?????
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
i'm pretty much nearly there. still no dir support,
only files.
i won't keep amending now - will do more, then
squash later.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
err if buf NULL, len -1
also getrandom may return fewer bytes, so
loop that too.
why can't linux be like bsd? bsd is:
arc4random_buf(buf, len);
no checks needed. it never errs.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
for 1989
enabled via ifdef. not enabled by default.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
openbsd 2.1 has arc4random, which we detect here.
arandom was apparently added much later, so this
is dead code. remove it.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
we still fall back to the old /dev/urandom read
on older linux, via runtime detection (ENOSYS).
getrandom is better, because it guarantees entropy
via blocking, and works even when /dev/urandom
is unavailable.
it has the same practical benefit as arc4random,
which i use on bsd. linux can have arc4random,
but not every linux libc has it, so it's better
to use getrandom on linux.
older linux will fall back to /dev/urandom
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
also generally tidied the code and made
it more robust e.g. retries
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
more random characters
i added support for higher than the standard 6
characters so i can go nuts
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
200 retries, not 100.
and open with O_NOFOLLOW and O_CLOEXEC
check X on mkstemp
support more than 6 X in mkstemp
make PATH_LEN 4096
1024 is a bit low
make default mkstemp length 4096
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
that's what it does!
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
that's what it does. waits for eintr to stop firing
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
this is technically incorrect. we don't control
faults in the hardware.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
that's what it does. waits on eintr.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
rename to fsync_on_eintr, because that's what it does
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
i had this idea in my head of later porting this
to k&r c for fun. but screw it.
compiling on everything since 1989 is enough
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
handle init in xstatus()
it's now a singleton design
also tidied up some other code
also removed todo.c. bloat.
will do all those anyway.
too much change. i just kept
touching the code until it
looked good
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
but git still has these directories
in history now, so people should have
it now when cloning.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
only keep nvmutil.c in main
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
question mark respects environmental variables
but isn't portable
you can just pass as argument on the command line
question mark is more useful for build systems,
but i'm not really bothered. the old way works.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
this is a big program now. act like it.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
make a singleton function instead
now there are technically no global variables,
so i can more easily start splitting this up
into multiple linked programs
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
