This achieves two things:
- Programs can now intentionally perform arbitrary syscalls by calling
syscall(). This allows us to work on things like syscall fuzzing.
- It restricts the ability of userspace to make syscalls to a single
4KB page of code. In order to call the kernel directly, an attacker
must now locate this page and call through it.
Since this is useful in many places, let's have a common implementation
of walking the stack of a given thread via /proc and symbolicating each
of the frames.
The /boot directory is only accessible to root by default, but anyone
wanting access to kernel symbols for development can get them by making
/boot/Kernel accessible to the "symbol" user.
Usage: bt <PID>
This program will print a symbolicated backtrace for the main thread of
the process with the given PID. It uses SymbolServer for the
symbolication.
There's a lot of room for improvement in this command, but it is pretty
neat already. :^)
If an exception was thrown while printing the last computed value in
the REPL, it would always assert on next input.
Something like this would always assert:
> a=[];Object.defineProperty(a,"0",{get:()=>{throw ""}})
> 1 + 2
This parser will be used by the C++ langauge server to provide better
auto-complete (& maybe also other things in the future).
It is designed to be error tolerant, and keeps track of the position
spans of the AST nodes, which should be useful later for incremental
parsing.
Core::IODevice (which Core::File inherits from) does not have a
reasonable way to block for a line. grep was spinning on
IODevice::read_line, passing endless empty strings to the matcher
lambda. Use getline instead, which will at least block in the Kernel for
characters to be available on stdin and only return full lines (or eof)
This was just an alias for "unix" that I added early on back when there
was some belief that we might be compatible with OpenBSD. We're clearly
never going to be compatible with their pledges so just drop the alias.
Now that we've moved to atomic replacement of these files when altering
them, we don't need to keep them open for the lifetime of Core::Account
so just simplify this and close them when they are not needed.
Before this patch, we had a nasty race condition when changing a user's
password: there was a time window between truncating /etc/shadow and
writing out its new contents, where you could simply "su" to root
without using a password.
Instead of writing directly to /etc/passwd and /etc/shadow, we now
create temporary files in /etc and fill them with the new contents.
Those files are then atomically renamed to /etc/passwd and /etc/shadow.
Sadly, fixing this race requires giving the passwd program a lot more
privileges. This is something we can and should improve upon. :^)
Now, `chres 640 480 2` can set the UI to HighDPI 640x480 at runtime. A
real GUI for changing the display factor will come later.
(`chres 640 480 2` followed by `chres 1280 960` is very fast since
we don't have to re-allocate the framebuffer since both modes use
the exact same number of physical pixels.)
This API was a mostly gratuitous deviation from POSIX that gave up some
portability in exchange for avoiding the occasional strlen().
I don't think that was actually achieving anything valuable, so let's
just chill out and have the same open() API as everyone else. :^)
