Commit graph

15758 commits

Author SHA1 Message Date
Itamar
f259d96871 Kernel: Avoid collision between dynamic loader and main program
When loading non position-independent programs, we now take care not to
load the dynamic loader at an address that collides with the location
the main program wants to load at.

Fixes #4847.
2021-01-10 22:04:43 +01:00
Itamar
40a8159c62 Kernel: Plumb the elf header of the main program down to Process::load
This will enable us to take the desired load address of non-position
independent programs into account when randomizing the load address
of the dynamic loader.
2021-01-10 22:04:43 +01:00
Linus Groh
f369229770 LibJS: Replace all uses of to_size_t() and remove it :^)
Yay for more spec compliance! This is pretty easy as everything using
to_size_t() should just be using one of the other abstract operations we
already have implemented.
This allows us to get rid of get_length() in ArrayPrototype, which is
basically a slightly incorrect implementation of length_of_array_like(),
and then finally remove to_size_t()!
Also fixes a couple of "argument is undefined" vs "argument isn't given"
issues along the way.
2021-01-10 21:57:03 +01:00
Linus Groh
9be0b664e3 LibJS: Make length_of_array_like() take an Object rather than Value
The pseudo-code from the spec says "Assert: Type(obj) is Object.", so we
can just enforce this at compile time rather than taking it literally
and doing "ASSERT(value.is_object())".

Also fix an issue where the absence of a "length" property on the object
would cause a crash (to_number() on empty value).
2021-01-10 21:57:03 +01:00
Andrew Kaster
a5e557472c Kernel: Defer handling of key press events in VirtualConsole
Trying to pass these onto the Terminal while handling an IRQ is a recipe
for disaster. Use Processor::deferred_call_queue to create an ad-hoc
"second half" of the interrupt handler.

Fixes #4889
2021-01-10 21:50:08 +01:00
Andrew Kaster
d8aed14dba SystemServer: Allow /dev/fb0 to not exist, for text mode support. 2021-01-10 21:50:08 +01:00
Marcin Gasperowicz
b24ce0b5ee LibJS: Implement String.prototype.split
This adds a String.prototype.split implementation modelled after 
ECMA262 specification. 

Additionally, `Value::to_u32` was added as an implementation of
the standard `ToUint32` abstract operation.

There is a tiny kludge for when the separator is an empty string. 
Basic tests and visiting google.com prove that this is working.
2021-01-10 21:27:59 +01:00
Brendan Coles
b53664a8ef UserspaceEmulator: Implement clock_settime syscall 2021-01-10 18:20:29 +01:00
Lenny Maiorani
700f213011 TestTypeTraits: Fix incorrectly namespaced nullptr_t
Problem:
- Clang ToT fails to build `AK/Tests/TestTypeTraits.cpp` because
  `nullptr_t` is missing the `std` namespace qualifier.

Solution:
- Prepend the namespace qualifier.
2021-01-10 18:20:14 +01:00
AnotherTest
43199e5613 LibLine: Implement support for C-V<key>
This commit adds support for inserting in a "verbatim" mode where a
single uninterpreted key is appended to the buffer.
As this allows the user to input control characters, all control
characters except \n (^M) are rendered in their caret form, with
reverse video (SGR 7) applied to it.
To not break cursor movement, the concept of "masked" characters is
introduced to the StringMetrics interface, which can be mostly ignored
by the rest of the system.

It should be noted that unlike some other line editing libraries,
LibLine does _not_ render a hard tab as a tab, but rather as '^I',
which greatly simplifies cursor handling.
2021-01-10 16:58:08 +01:00
AnotherTest
44305ea214 LibVT: Respect the Negative attribute when drawing text
This makes the "reverse video" SGR actually work.
2021-01-10 16:58:08 +01:00
Andreas Kling
2f3b901f7f AK: Make MappedFile heap-allocated and ref-counted
Let's adapt this class a bit better to how it's actually being used.

Instead of having valid/invalid states and storing an error in case
it's invalid, a MappedFile is now always valid, and the factory
function that creates it will return an OSError if mapping fails.
2021-01-10 16:49:13 +01:00
Andreas Kling
70fce5c4c7 LibCore: Use OSError in get_password() return type 2021-01-10 16:48:43 +01:00
Andreas Kling
a8681da4bf AK: Add AK::OSError, a wrapper for errno codes
This is a strongly typed carrier for "errno" error codes, intended for
use in return types, e.g Result<String, OSError>.
2021-01-10 16:46:13 +01:00
Emanuele Torre
a330f37f06 Base: Change anon's default password from "foo\n" to just "foo". 2021-01-10 16:40:05 +01:00
Emanuele Torre
91222a67c8 LibCore: get_password() now removes the trailing '\n' read by getline()
This avoids unintentionally adding a newline character at the end of
user passwords when they are set using passwd(1).

I also fixed these two issues:

- The return value of getline() was being saved in an `int` variable
instead of in a `ssize_t` variable; I replaced the `int` keyword with
`auto` to fix this issue.

- Prior to this patch, get_password() could potentially return
tcsetattr()'s errno instead of getline()'s errno in case of an error.
We now make sure it always returns the right errno in case of an error.
2021-01-10 16:40:05 +01:00
Andrew Kaster
9e5aa6f794 Meta: Only complain about linter tools if relevant files have changed 2021-01-10 16:39:21 +01:00
Andreas Kling
190e0e1551 Kernel+SystemServer+CrashDaemon: Better control where we put core dumps
SystemServer now creates the /tmp/coredump and /tmp/profiler_coredumps
directories at startup, ensuring that they are owned by root, and with
basic 0755 permissions.

The kernel will also now refuse to put core dumps in a directory that
doesn't fulfill the following criteria:

- Owned by 0:0
- Directory with sticky bit not set
- 0755 permissions

Fixes #4435
Fixes #4850
2021-01-10 11:38:28 +01:00
Andreas Kling
f152b6f7ed LibCore: Don't try to unlink stale sockets in /tmp/rpc/
This was very obviously racy and would only succeed if we already own
the socket anyway. (And if we do, we can bind to it without unlinking!)

Work towards #4876.
2021-01-10 11:25:59 +01:00
Andreas Kling
d38b9916c9 SystemServer+LibCore: Move /tmp/rpc/ directory creation to SystemServer
This doesn't solve half of the problems with /tmp/rpc, but this way we
can at least make it sticky instead of having it fully world-writable
and owned by whoever was the first to bind an RPC socket.
2021-01-10 10:34:45 +01:00
Andreas Kling
795bccbf69 Kernel: Don't allow non-root, non-owners to rmdir any child of sticky
We were not handling sticky parents properly in sys$rmdir(). Child
directories of a sticky parent should not be rmdir'able by just anyone.
Only the owner and root.

Fixes #4875.
2021-01-10 10:14:33 +01:00
Andreas Kling
f35a723f61 Everywhere: Convert a bunch of dbgprintf() to dbgln() 2021-01-10 10:02:20 +01:00
Andreas Kling
13e8a2a671 LibVT: Don't assert if ioctl(TIOCSWINSZ) fails
This ioctl can fail if we're resizing the terminal right when the shell
inside it has exited. Instead of throwing up a crash reporter, whine a
little bit in the debug log and exit cleanly moments later.
2021-01-10 09:40:59 +01:00
Andreas Kling
e855aac1f5 LibELF: Convert many dbgprintf() to dbgln() and tweak debug macro name 2021-01-10 09:40:47 +01:00
AnotherTest
d3f51ee5c3 LibLine: It's okay to be interrupted while reading the DSR response
Fixes #4855.
2021-01-10 00:03:52 +01:00
AnotherTest
9523bcbfe1 Shell: Fix completing barewords with escapes
e.g. completing `foo\ bar` now works as expected.
2021-01-10 00:03:52 +01:00
AnotherTest
7059ca9b15 LibLine: Don't clear the displayed buffer when interrupted
Since we always restart on a new line, there's no reason to clear the
previous lines.
2021-01-10 00:03:52 +01:00
AnotherTest
9b126a2250 LibLine: Unregister signal handlers on destruction
This fixes an issue that shows up as a nice crash when "^R<enter>^C",
which is actually the event loop trying to call into a deleted object
(the search editor).
2021-01-10 00:03:52 +01:00
Andreas Kling
d07ac4130f passwd: Drop "tty" pledge promise after getting password from user
This leaves us with a total pledge of "stdio" when writing to
/etc/passwd and /etc/shadow which is kinda neat. :^)
2021-01-09 22:22:07 +01:00
Andreas Kling
96c346cfb0 su: Drop "tty" pledge promise after getting password from user
There's not much work left to do at this point, but let's be strict.
2021-01-09 22:19:31 +01:00
Andreas Kling
2b41155c07 passwd+su: Convert fprintf(stderr, ...) to warnln() 2021-01-09 22:15:33 +01:00
Andreas Kling
77656aed8e Ext2FS: Zero out new space when growing an inode
Before this change, truncating an Ext2FS inode to a larger size than it
was before would give you uninitialized on-disk data.

Fix this by zeroing out all the new space when doing an inode resize.

This is pretty naively implemented via Inode::write_bytes() and there's
lots of room for cleverness here in the future.
2021-01-09 22:08:53 +01:00
Andreas Kling
f0093e5d59 Ext2FS: Convert dbg() to dbgln()
Also remove some dbg()'s that were printing incorrect information.
2021-01-09 21:54:27 +01:00
Tom
21e6f5176c LibCore: Harden signal handling code to be called in global destrcutors
Move some more complex globals into a Singleton, which allows it being
used from global destructors. It solves problems where some global
variables, such as HashMaps may already be deleted, triggering crashes
trying to use them.
2021-01-09 21:12:31 +01:00
Tom
1fc7d65aad AK: Add static Singleton::get function to allow destructible globals
This enable using global raw pointers rather than Singleton objects,
which solves some problems because global Singleton object could
be deleted when destructors are run.
2021-01-09 21:12:31 +01:00
Tom
8548ec357c LibCore: Allow adding/removing signal handlers while handling signals
This allows adding and removing of asynchronous signal handlers while
executing signal handlers, even if it is for the same signal that is
being handled right now.
2021-01-09 21:12:31 +01:00
asynts
938e5c7719 Everywhere: Replace a bundle of dbg with dbgln.
These changes are arbitrarily divided into multiple commits to make it
easier to find potentially introduced bugs with git bisect.Everything:

The modifications in this commit were automatically made using the
following command:

    find . -name '*.cpp' -exec sed -i -E 's/dbg\(\) << ("[^"{]*");/dbgln\(\1\);/' {} \;
2021-01-09 21:11:09 +01:00
asynts
40b8e21115 Everywhere: Replace a bundle of dbg with dbgln.
These changes are arbitrarily divided into multiple commits to make it
easier to find potentially introduced bugs with git bisect.
2021-01-09 21:11:09 +01:00
asynts
4e8fd0216b Everywhere: Replace a bundle of dbg with dbgln.
These changes are arbitrarily divided into multiple commits to make it
easier to find potentially introduced bugs with git bisect.
2021-01-09 21:11:09 +01:00
asynts
019c9eb749 Everywhere: Replace a bundle of dbg with dbgln.
These changes are arbitrarily divided into multiple commits to make it
easier to find potentially introduced bugs with git bisect.
2021-01-09 21:11:09 +01:00
asynts
7235ddfd98 LibGUI: Add formatter for Widget. 2021-01-09 21:11:09 +01:00
asynts
1160817a9e AK: Add Formatter<FormatString> as helper class. 2021-01-09 21:11:09 +01:00
Andreas Kling
9a842ec419 LibC: Add explicit_bzero()
This is a variant of bzero() that is guaranteed to not get optimized
away by the compiler. Useful for clearing out sensitive data.
2021-01-09 20:04:18 +01:00
Andreas Kling
4a83a37f79 AK: Add release_value() and release_error() to AK::Result
These are nice when you want to move something out of the result,
and match the API we already have for Optional.
2021-01-09 19:57:50 +01:00
Andreas Kling
b4918bbe2f LibC: Move bzero() and bcopy() per Dr. POSIX 2021-01-09 19:56:59 +01:00
Andreas Kling
9766f61f7b su+passwd: Don't copy Core::Account unnecessarily 2021-01-09 19:41:28 +01:00
Andreas Kling
2ba9e6c866 su: Use pledge() :^)
Not sure why we hadn't done this one sooner, seems like a high-value
program to pledge.
2021-01-09 19:41:24 +01:00
Andreas Kling
71d23bb262 passwd: Drop privileges after opening files for writing
Once we have /etc/passwd and /etc/shadow open for writing, there's no
need for passwd to continue running as root.

We can also drop a bunch of pledge promises, further tightening things.
2021-01-09 19:41:17 +01:00
Andreas Kling
9a688af4b1 LibCore+passwd+su+Base: Add /etc/shadow to hide hashes from users :^)
This patch moves the user account password hashes from /etc/passwd,
where they were world-readable, to /etc/shadow, where only root can
access them.

The Core::Account class is extended to support both authentication
against, and modification of /etc/shadow.

The default password for "anon" as of this commit is "foo" :^)
2021-01-09 19:41:12 +01:00
Andrew Kaster
c17056cf09 Meta: Unify build-and-test jobs using a matrix build
This will make it easier to keep macos tests and non-mac tests in
lockstep. Also, make sure flake8 and python are installed. This also
makes it easier to add other OS targets if we want.
2021-01-09 19:22:23 +01:00