Also, before calling the main program entry function, inform the kernel
that no more syscall regions can be registered.
This effectively bans syscalls from everywhere except LibC and
LibPthread. Pretty neat! :^)
The WM_* IPC messages are intended for "outsider" window management,
not for a client's own windows. Make a separate StartWindowResize
message for this.
This was the only reason that every IPC client had to know its server
side client ID.
Because it was 'static const' and also shared with userland programs,
the default keymap was defined in multiple places. This commit should
save several kilobytes! :^)
During "Emulator hacking: Let's make the userspace emulator go faster!",
the switch implented in read() was inlined (toward the end of the video).
This patch restore the assert check for any read other than 8, 16 or 32
bits was lost during the code conversion.
ctype's `iscntrl` truncates its input, making some codepoints appear as
control characters. Avoid this by checking whether the character is in
ascii to begin with.
Just wrapping to_string() in urlencode() will break the link as too many
characters are encoded. Also wrap in escape_html_entities() as well -
most relevant chars are already URL-encoded, but this will change '&' to
'&', for example.
Just ignore all these environment flags if the AT_SECURE flag is set in
the program's auxiliary vector.
This prevents a user from tricking set-uid programs into dumping debug
information via environment flags.
load_from_image() becomes map() and link(). This allows us to map
an object before mapping its dependencies.
This solves an issue where fixed-position executables (like GCC)
would clash with the ASLR placement of their own shared libraries.
Validation was happening in two steps, some in the constructor, and then
some later on, in load_from_image().
This made no sense so just move all the validation to the constructor.
Refactor DynamicLoader construction with a try_create() helper so that
we can call mmap() before making a loader. This way the loader doesn't
need to have an "mmap failed" state.
This patch also takes care of determining the ELF file size in
try_create() instead of expecting callers to provide it.
The PIDs were used for sharing shbufs between processes, but now that
we have migrated to file descriptor passing, we no longer need to know
the PID of the other side.
This patch adds an IPC call for debugging requests. It's stringly typed
and very simple, and allows us to easily implement all the features in
the Browser's Debug menu.
Frick it, let's just enable this by default and give ourselves a reason
to improve things! Some things are broken, and there's a bit of flicker
when resizing, but we can do this.
This drastically improves our web browsing security model by isolating
each tab into its own WebContent process that runs as an unprivileged
user with a tight pledge+unveil sandbox.
To get a single-process browser, you can start it with -s.
This is a workaround until we can implement a proper <input type=text>
in terms of LibWeb primitives.
This makes google.com not crash in multi-process mode (but there is no
search box.)
