[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
101/118: On Linux, disable address space randomization
|
From: |
Ludovic Courtès |
|
Subject: |
101/118: On Linux, disable address space randomization |
|
Date: |
Tue, 19 May 2015 14:45:59 +0000 |
civodul pushed a commit to branch nix
in repository guix.
commit e63c8aaa0511d1d0a5487c45dec9f8cbd66b4cc6
Author: Eelco Dolstra <address@hidden>
Date: Wed Sep 17 17:21:13 2014 +0200
On Linux, disable address space randomization
---
nix/libstore/build.cc | 14 +++++++++-----
1 files changed, 9 insertions(+), 5 deletions(-)
diff --git a/nix/libstore/build.cc b/nix/libstore/build.cc
index 36c6ea8..19d22ac 100644
--- a/nix/libstore/build.cc
+++ b/nix/libstore/build.cc
@@ -57,9 +57,8 @@
#include <netinet/ip.h>
#endif
-#if HAVE_SYS_PERSONALITY_H
+#if __linux__
#include <sys/personality.h>
-#define CAN_DO_LINUX32_BUILDS
#endif
#if HAVE_STATVFS
@@ -1194,7 +1193,7 @@ static string get(const StringPairs & map, const string &
key)
static bool canBuildLocally(const string & platform)
{
return platform == settings.thisSystem
-#ifdef CAN_DO_LINUX32_BUILDS
+#if __linux__
|| (platform == "i686-linux" && settings.thisSystem == "x86_64-linux")
#endif
;
@@ -2107,7 +2106,7 @@ void DerivationGoal::initChild()
/* Close all other file descriptors. */
closeMostFDs(set<int>());
-#ifdef CAN_DO_LINUX32_BUILDS
+#if __linux__
/* Change the personality to 32-bit if we're doing an
i686-linux build on an x86_64-linux machine. */
struct utsname utsbuf;
@@ -2115,7 +2114,7 @@ void DerivationGoal::initChild()
if (drv.platform == "i686-linux" &&
(settings.thisSystem == "x86_64-linux" ||
(!strcmp(utsbuf.sysname, "Linux") && !strcmp(utsbuf.machine,
"x86_64")))) {
- if (personality(0x0008 | 0x8000000 /* == PER_LINUX32_3GB */) == -1)
+ if (personality(PER_LINUX32_3GB) == -1)
throw SysError("cannot set i686-linux personality");
}
@@ -2125,6 +2124,11 @@ void DerivationGoal::initChild()
int cur = personality(0xffffffff);
if (cur != -1) personality(cur | 0x0020000 /* == UNAME26 */);
}
+
+ /* Disable address space randomization for improved
+ determinism. */
+ int cur = personality(0xffffffff);
+ if (cur != -1) personality(cur | ADDR_NO_RANDOMIZE);
#endif
/* Fill in the environment. */
- 85/118: Get rid of "killing <pid>" message for unused build hooks, (continued)
- 85/118: Get rid of "killing <pid>" message for unused build hooks, Ludovic Courtès, 2015/05/19
- 93/118: Reduce verbosity, Ludovic Courtès, 2015/05/19
- 92/118: Propagate remote timeouts properly, Ludovic Courtès, 2015/05/19
- 87/118: Refactor, Ludovic Courtès, 2015/05/19
- 79/118: Allow regular files as GC roots, Ludovic Courtès, 2015/05/19
- 89/118: Doh, Ludovic Courtès, 2015/05/19
- 78/118: Remove some dead code, Ludovic Courtès, 2015/05/19
- 82/118: Eliminate redundant copy, Ludovic Courtès, 2015/05/19
- 95/118: Make hook shutdown more reliable, Ludovic Courtès, 2015/05/19
- 81/118: findRoots(): Prevent a call to lstat(), Ludovic Courtès, 2015/05/19
- 101/118: On Linux, disable address space randomization,
Ludovic Courtès <=
- 91/118: Use regular file GC roots if possible, Ludovic Courtès, 2015/05/19
- 102/118: Remove bogus comment, Ludovic Courtès, 2015/05/19
- 80/118: Make readDirectory() return inode / file type, Ludovic Courtès, 2015/05/19
- 94/118: Doh, Ludovic Courtès, 2015/05/19
- 96/118: fix disappearing bash arguments, Ludovic Courtès, 2015/05/19
- 104/118: createDirs(): Handle ‘path’ being a symlink, Ludovic Courtès, 2015/05/19
- 103/118: nix-daemon: Close unnecessary fd, Ludovic Courtès, 2015/05/19
- 97/118: Introduce allowedRequisites feature, Ludovic Courtès, 2015/05/19
- 113/118: Clean up temp roots in a more C++ way, Ludovic Courtès, 2015/05/19
- 105/118: Remove some duplicate code, Ludovic Courtès, 2015/05/19