Reserved bits in the Floating-Point Control and Status Register (FCSR)
should not be implicitly cleared by fedisableexcept or feenableexcept,
there is no reason to. Among these are the 8 condition codes and one of
the two bits reserved for architecture implementers (bits #22 & #21).
As to the latter, there is no reason to treat any of them as reserved
either, they should be user controllable and settable via __fpu_control
override as the user sees fit. For example in processors implemented by
MIPS Technologies, such as the 5Kf or the 24Kf, these bits are used to
change the treatment of denormalised operands and tiny results: bit #22
is Flush Override (FO) and bit #21 is Flush to Nearest (FN). They cause
non-IEEE-compliant behaviour, but some programs may have a use for such
modes of operation; the library should not obstruct such use just as it
does not for the architectural Flush to Zero (FS) bit (bit #24).
Therefore the change adjusts the reserved mask accordingly and also
documents the distinction between bits 22:21 and 20:18.
This patch fixes backtrace for PPC32 and PPC64 to correctly handle
signal trampolines. The 'debug/tst-backtrace6.c' also check for
SA_SIGINFO handling, where is triggers another vDSO symbols for PPC32.
* sysdeps/powerpc/nofpu/sim-full.c: Add FIXME note about
the need for thread-specific variables preserved across signal
handlers.
* sysdeps/powerpc/nofpu/soft-supp.h: Likewise.
* sysdeps/powerpc/soft-fp/sfp-machine.h: Likewise.
This patch fixes dlfcn/tststatic5 for PowerPC where pagesize
variable was not properly initialized in certain cases. This patch
is based on other architecture code.
The helper binary pt_chown tricked into granting access to another
user's pseudo-terminal.
Pre-conditions for the attack:
* Attacker with local user account
* Kernel with FUSE support
* "user_allow_other" in /etc/fuse.conf
* Victim with allocated slave in /dev/pts
Using the setuid installed pt_chown and a weak check on whether a file
descriptor is a tty, an attacker could fake a pty check using FUSE and
trick pt_chown to grant ownership of a pty descriptor that the current
user does not own. It cannot access /dev/pts/ptmx however.
In most modern distributions pt_chown is not needed because devpts
is enabled by default. The fix for this CVE is to disable building
and using pt_chown by default. We still provide a configure option
to enable hte use of pt_chown but distributions do so at their own
risk.
The generated header is compiled with `-ffreestanding' to avoid any
circular dependencies against the installed implementation headers.
Such a dependency would require the implementation header to be
installed before the generated header could be built (See bug 15711).
In current practice the generated header dependencies do not include
any of the implementation headers removed by the use of `-ffreestanding'.
---
2013-07-15 Carlos O'Donell <carlos@redhat.com>
[BZ #15711]
* sysdeps/unix/sysv/linux/Makefile ($(objpfx)bits/syscall%h):
Avoid system header dependency with -ffreestanding.
($(objpfx)bits/syscall%d): Likewise.