We should not rely on the Kernel to unveil this for us, so if a program
needs to execute another program it should unveil the dynamic loader too
to prevent crashing.
To do this, we check if the user program tried to unveil a binary with
at least using the 'x' permission, so we will try to also unveil the
dynamic loader too.
Depending on what OS LibCore is being built for (either SerenityOS or
not-SerenityOS), the library does not just wrap functions from LibC,
but it also implements syscalls itself. Therefore, it needs to link
against LibSystem, as that is the only library that is allowed to do
syscalls.
When cross-compiling the OS this is currently not an issue because
LibC links against LibSystem, and CMake passes that dependency through
transitively by accident. However, on Lagom, LibC is just a dummy
INTERFACE library, so the LibSystem dependency is never pulled in,
resulting in undefined symbols whenever we build LibCore on SerenityOS
as a part of Lagom.
By deferring to the CMakeLists in each of these libraries' directories,
we can get rid of a lot of curious GLOB patterns and list removals in
the Lagom CMakeLists.
This was being used as a default version argument in a couple of APIs,
so those need to change signature and the caller always needs to provide
a version.
By passing AF_UNSPEC to getaddrinfo, we're telling the system's
implementation that we are ok getting either (or both) IPv4 and IPv6
addresses in our result. On my Ubuntu 22.04 system, the first addrinfo
returned for "www.google.com" holds an IPv6 address, which when
interpreted as an IPv4 sockaddr_in gives an address of 0.0.0.0.
This fixes TestTLSHandshake in Lagom locally.
All the required bits were already there. Also, this would probably
work on FreeBSD without modification but I don't currently have
a system to test this on.
This commit does three things atomically:
- switch over Core::Account+SystemServer+LoginServer to sid based socket
names.
- change socket names with %uid to %sid.
- add/update necessary pledges and unveils.
Userland: Switch over servers to sid based sockets
Userland: Properly pledge and unveil for sid based sockets
Plumbs synchronous calls for adding and removing group entries to
config files. This is useful for services like SystemServer which
default to group names for executable paths, and for removing all
keys at once.
This check happens very often in LibGUI code. 25% of time spent
layouting the emoji input dialog was wasted on RTTI. Adding a simple
fast_is<Widget>() melts almost all of that away.
Core::Acount is only used within ``#ifdef __serenity__`` blocks in these
files, so guard the inclusion of Account.h in the same way.
This fixes the Android build of these files.
The previous version relied on manually setting the amount of data to
read for the next chunk and was overall unclear. The new version uses
the Bytes API to vastly improve readability, and fixes a bug where
reading from files where a single read that wasn't of equal size to the
block size would cause the byte buffer to be incorrectly resized causing
corrupted output.
We previously had at least three different implementations for resolving
executables in the PATH, all of which had slightly different
characteristics.
Merge those into a single implementation to keep the behaviour
consistent, and maybe to make that implementation more configurable in
the future.
This deadlock would incorrectly change the queue from almost empty to
full on dequeue because someone else could empty the queue after we had
checked its non-emptyness. The test would deadlock on this, which
doesn't happen anymore.
Since we already have the directory open, let's have an API to fchown()
the underlying file descriptor instead of forcing clients to do another
path lookup.
Other programs use Core::Account::login(), notably su(1), which stopped
working due to a missing "cpath" pledge promise.
This patch moves the /tmp/user/ creation logic to a separate function
that LoginServer can call.
This patch allows to insert "%uid" in `IPC_CLIENT_CONNECTION`
declaration and in SystemServer's ini files. This pattern is replaced
then replaced by the UID of the owner of the service. It opens a path
for seamlessly managed, per-user portal.
The `/tmp/user` directory is owned by root, this solution prevents
malicious users to interfere with other users' portals.
This commit also moves `launch`'s portal in the user directory.
Previously, we were incorrectly assuming that the daylight global
variable indicated whether the current time zone is in DST. In reality,
the daylight variable only indicates whether a time zone *can* be in
DST.
Instead, the tm structure has a tm_isdst member that should be used for
this purpose. Ensure our LibC handles tm_isdst, and avoid errant usage
of the daylight variable in Core::DateTime.
