bfd8098b8d
the manpage states that capabilities time out after a minute, so we add ticks field into the Caphash struct and record the time when the capability was inserted. freeing old capabilities is handled in trimcaps(), which makes room for one extra cap and frees timed out ones. we also limit the capuse write size to less than 1024 bytes to prevent denial of service as we have to copy the user buffer. (memory exhaustion). we have to check the from user *before* attempting to remove the capability! the wrong user shouldnt be able to change any state. this fixes the memory leak of the caphash. do the hash comparsion with tsmemcmp(), avoiding timing side channels. allocate the capabilities in secret memory pool to prevent debugger access. |
||
|---|---|---|
| .. | ||
| doc | ||
| games/lib | ||
| include | ||
| lib | ||
| man | ||
| src | ||