autoconf function tests run without --std and have c11 visibility
timespec_get(3), a c11 function is found this way.
With gcc < 4.6 Mesa will build with --std=gnu99 with clang it will
build with --std=c99 and timespec_get() will no longer be visibile.
Further complicating things gcc 4.2 does not recognise --std=c11.
This was not noticed on linux as they build with _GNU_SOURCE which
among other things gives c11 visibility even with --std=c99.
discussed with millert@
issetugid(), not just the sloppy uid != euid test. gid != egid cases
can occur also.
Part of 6.6/009_mesaxlock.patch.sig and 6.5/020_mesaxlock.patch.sig
From Qualys, ok
From Brian Paul
02c3dad0f3b4d26e0faa5cc51d06bc50d693dcdc in mainline Mesa
"A security advisory (TALOS-2019-0857/CVE-2019-5068) found that
creating shared memory regions with permission mode 0777 could allow
any user to access that memory. Several Mesa drivers use shared-
memory XImages to implement back buffers for improved performance.
This path changes the shmget() calls to use 0600 (user r/w).
Tested with legacy Xlib driver and llvmpipe."
These calls are useless to toxic and come in the way of adding pledge
to applications (would require 'fattr' which is quite wide).
Discussed with deraadt, millert and jcs.
Submitted upstreams too.
use it when running withour root privileges which prevents us from
scanning the PCI bus.
This makes startx(1)/xinit(1) work again on modern systems with inteldrm(4),
radeondrm(4) and amdgpu(4). In some cases this will result in using a
different driver than with xenodm(4) which may expose issues (e.g. when
we prefer the intel Xorg driver) or loss of acceleration (e.g. older
cards supported by radeondrm(4)).
ok jsg@, matthieu@
