This avoids unintentionally adding a newline character at the end of
user passwords when they are set using passwd(1).
I also fixed these two issues:
- The return value of getline() was being saved in an `int` variable
instead of in a `ssize_t` variable; I replaced the `int` keyword with
`auto` to fix this issue.
- Prior to this patch, get_password() could potentially return
tcsetattr()'s errno instead of getline()'s errno in case of an error.
We now make sure it always returns the right errno in case of an error.
SystemServer now creates the /tmp/coredump and /tmp/profiler_coredumps
directories at startup, ensuring that they are owned by root, and with
basic 0755 permissions.
The kernel will also now refuse to put core dumps in a directory that
doesn't fulfill the following criteria:
- Owned by 0:0
- Directory with sticky bit not set
- 0755 permissions
Fixes#4435Fixes#4850
This was very obviously racy and would only succeed if we already own
the socket anyway. (And if we do, we can bind to it without unlinking!)
Work towards #4876.
This doesn't solve half of the problems with /tmp/rpc, but this way we
can at least make it sticky instead of having it fully world-writable
and owned by whoever was the first to bind an RPC socket.
We were not handling sticky parents properly in sys$rmdir(). Child
directories of a sticky parent should not be rmdir'able by just anyone.
Only the owner and root.
Fixes#4875.
This ioctl can fail if we're resizing the terminal right when the shell
inside it has exited. Instead of throwing up a crash reporter, whine a
little bit in the debug log and exit cleanly moments later.
This fixes an issue that shows up as a nice crash when "^R<enter>^C",
which is actually the event loop trying to call into a deleted object
(the search editor).
Before this change, truncating an Ext2FS inode to a larger size than it
was before would give you uninitialized on-disk data.
Fix this by zeroing out all the new space when doing an inode resize.
This is pretty naively implemented via Inode::write_bytes() and there's
lots of room for cleverness here in the future.
Move some more complex globals into a Singleton, which allows it being
used from global destructors. It solves problems where some global
variables, such as HashMaps may already be deleted, triggering crashes
trying to use them.
This enable using global raw pointers rather than Singleton objects,
which solves some problems because global Singleton object could
be deleted when destructors are run.
This allows adding and removing of asynchronous signal handlers while
executing signal handlers, even if it is for the same signal that is
being handled right now.
These changes are arbitrarily divided into multiple commits to make it
easier to find potentially introduced bugs with git bisect.Everything:
The modifications in this commit were automatically made using the
following command:
find . -name '*.cpp' -exec sed -i -E 's/dbg\(\) << ("[^"{]*");/dbgln\(\1\);/' {} \;
Once we have /etc/passwd and /etc/shadow open for writing, there's no
need for passwd to continue running as root.
We can also drop a bunch of pledge promises, further tightening things.
This patch moves the user account password hashes from /etc/passwd,
where they were world-readable, to /etc/shadow, where only root can
access them.
The Core::Account class is extended to support both authentication
against, and modification of /etc/shadow.
The default password for "anon" as of this commit is "foo" :^)
This will make it easier to keep macos tests and non-mac tests in
lockstep. Also, make sure flake8 and python are installed. This also
makes it easier to add other OS targets if we want.
This was missing a "toInt32()" which returns 0 for NaN and Infinity.
From the spec:
6.1.6.1.2 Number::bitwiseNOT ( x )
The abstract operation Number::bitwiseNOT takes argument x (a Number).
It performs the following steps when called:
Let oldValue be ! ToInt32(x).
Return the result of applying bitwise complement to oldValue.
The mathematical value of the result is exactly representable as
a 32-bit two's complement bit string.
Fixes#4868.
Instead of doing a forced layout synchronously whenever an element's
style is changed, use a zero-timer to do the forced relayout on next
event loop iteration.
This effectively coalesces a lot of layouts and makes many pages such
as GitHub spend way less time doing redundant layout work.
