Commits
- Commit:
f7ee799023657126a89134cd64ab6a7638b4d1bf
- From:
- Omar Polo <op@omarpolo.com>
- Date:
enforce PR_SET_NO_NEW_PRIVS in the logger process
otherwise landlock will refuse to enable itself and the logger process
dies.
- Commit:
0c66b6ad55416d9fca326c04b038784a9e59a84e
- From:
- Omar Polo <op@omarpolo.com>
- Date:
forgot include
- Commit:
6f27d2595ae350dc6f9ce226d079370645dbff03
- From:
- Omar Polo <op@omarpolo.com>
- Date:
[seccomp] allow ioctl(FIONREAD)
it's needed by bufferevent_read
- Commit:
2a44a2ab6e380de2a13acc60309fa9bcb38fb64b
- From:
- Omar Polo <op@omarpolo.com>
- Date:
sync changelog
- Commit:
741b69be96397e0ec6db0c84b4ead4f41363ea98
- From:
- Omar Polo <op@omarpolo.com>
- Date:
fastcgi completely asynchronous
This changes the fastcgi implementation from a blocking I/O to an
async implementation on top of libevent' bufferevents.
Should improve the responsiveness of gmid especially when using remote
fastcgi applications.
- Commit:
83fe545a2b8c892e70ecf6b48180c27e6bc6b414
- From:
- Omar Polo <op@omarpolo.com>
- Date:
initialize mbufhead
- Commit:
cb28978f0a91612f91f0bf4b8bda365941b5df25
- From:
- Omar Polo <op@omarpolo.com>
- Date:
refactor landlock
refactor the landlock-related code into something more manageable.
The only real difference is that before the logger process would try
to landlock itself to "/" without perms, something that landlock
doesn't support (now it enables landlock and then restrict itself,
which is the correct move.)
- Commit:
775ef04f82b0cbcdfe62660fc0454717dcac8cc6
- From:
- Omar Polo <op@omarpolo.com>
- Date:
mention the thanks to cage for the bugfix
Since I was in a hurry, I forgot to mention it in the tag message :/
- Commit:
0d9a5b7a181d1456d3aba46ba75a70317d2e7886
- From:
- Omar Polo <op@omarpolo.com>
- Date:
sync release
- Commit:
3571854e942b2354ae216f340add076d71d0776a
- From:
- Omar Polo <op@omarpolo.com>
- Date:
fix possible out-of-bound access
While computing the parent directory it an out-of-bound access can
occur, which usually means the server process dies.
In particular, it can be triggered by making a request for a
non-existent file in the root of a virtual host if the path matches
the `cgi` pattern.
Thanks cage for helping in debugging!
- Commit:
353e3c8ebe516943a38d051a0bf390bb6116574c
- From:
- Omar Polo <op@omarpolo.com>
- Date:
style
- Commit:
e15fc9573666054bdff5feecf8b2b130ca00cc76
- From:
- Omar Polo <op@omarpolo.com>
- Date:
change struct initialization
makes more explicit which fields we're setting.
(and kill an extra empty line)
- Commit:
81e0f0007842bc82fe234ffe4e5e0ce362b3a280
- From:
- Omar Polo <op@omarpolo.com>
- Date:
fmt
- Commit:
df0c2926ccb753d07a3f20f3626a20f7079453ee
- From:
- Omar Polo <op@omarpolo.com>
- Date:
use memset(3) rather than bzero(3)
There's no difference, but bzero(3) says
STANDARDS
The bzero() function conforms to the X/Open System Interfaces option of
the IEEE Std 1003.1-2004 (“POSIX.1”) specification. It was removed from
the standard in IEEE Std 1003.1-2008 (“POSIX.1”), which recommends using
memset(3) instead.
so here we are.
- Commit:
a91ad7f2ffac3f1cec0c6c42e780ab5efc92ba5c
- From:
- Omar Polo <op@omarpolo.com>
- Date:
drop unnecessary bzero
the whole struct client is already memset'd to 0 in do_accept.
handle_handshake doesn't touch the request or iri buffer in the code
path that leads to handle_open_conn. (It does so in the error router
alone.)