This patch adds a new "accept" promise that allows you to call accept()
on an already listening socket. This lets programs set up a socket for
for listening and then dropping "inet" and/or "unix" so that only
incoming (and existing) connections are allowed from that point on.
No new outgoing connections or listening server sockets can be created.
In addition to accept() it also allows getsockopt() with SOL_SOCKET
and SO_PEERCRED, which is used to find the PID/UID/GID of the socket
peer. This is used by our IPC library when creating shared buffers that
should only be accessible to a specific peer process.
This allows us to drop "unix" in WindowServer and LookupServer. :^)
It also makes the debugging/introspection RPC sockets in CEventLoop
based programs work again.
Add "Link", "ActiveLink" and "VisitedLink" colors to the system theme
definition, and implement support for them in LibHTML.
Note that <body link="foo" alink="bar" vlink="baz"> takes precedence
over the system colors. Author style also takes precedence, since we
only fetch the system color in case the CSS color is -libhtml-link.
This is probably not the final design we'll want for this, but for now
let's run the HTTP client code as a separate user to reduce exposure
for the standard "anon" user account.
Note that "protocol" is also added to the "lookup" group, in order to
allow ProtocolServer to contact LookupServer for DNS requests.
This new view, backed by a GColumnsView, joins the existing table and icon
views :^) Even though it displays a file tree, its data is provided by the very
same GFileSystemModel that the other two views use.
This commit also includes my attempt at making an icon for the new mode.
LookupServer now runs as lookup:lookup, allowing connections from other
members of the "lookup" group.
This is enforced through file system permissions by having the service
socket (/tmp/portal/lookup) be mode 0660.
Now the LookupServer program can't overwrite other people's files if it
starts misbehaving. That's pretty cool :^)
We now pick up all the user's extra GIDs from /etc/group and make
sure those are set before exec'ing a service.
This means we finally get to enjoy being in more than one group. :^)
Add missing keymap entries for the dollar sign and escape key and reformat
the Hungarian keymap.
Remove the workaround for "0x08", replace it with '\b'.
Fix the octal/hex mixup in the value of escape key. (033 != 0x33, 033 == 0x1B)
All threads were running with iomapbase=0 in their TSS, which the CPU
interprets as "there's an I/O permission bitmap starting at offset 0
into my TSS".
Because of that, any bits that were 1 inside the TSS would allow the
thread to execute I/O instructions on the port with that bit index.
Fix this by always setting the iomapbase to sizeof(TSS32), and also
setting the TSS descriptor's limit to sizeof(TSS32), effectively making
the I/O permissions bitmap zero-length.
This should make it no longer possible to do I/O from userspace. :^)
This prevents code running outside of kernel mode from using the
following instructions:
* SGDT - Store Global Descriptor Table
* SIDT - Store Interrupt Descriptor Table
* SLDT - Store Local Descriptor Table
* SMSW - Store Machine Status Word
* STR - Store Task Register
There's no need for userspace to be able to use these instructions so
let's just disable them to prevent information leakage.
Add an option "-A", that will run all of the crash types in the crash
program. In this mode, all crash tests are run in a child process so
that the crash program does not crash.
Crash uses the return status of the child process to ascertain whether
the crash happened as expected.
The tool currently supports drawing an elliptical line of a specified
thickness. Further improvements can include adding a fill mode, and
holding down shift to draw a perfect circle.
Closes#375.
