This cause problems with pledged applications like xterm, as reported by
Benjamin Baier and also lacks support for IPv6 as shown in
Xorg bug #7611https://bugs.freedesktop.org/show_bug.cgi?id=7611
Discussed with jca@ and deraadt@ and submitted upstreams
autoconf function tests run without --std and have c11 visibility
timespec_get(3), a c11 function is found this way.
With gcc < 4.6 Mesa will build with --std=gnu99 with clang it will
build with --std=c99 and timespec_get() will no longer be visibile.
Further complicating things gcc 4.2 does not recognise --std=c11.
This was not noticed on linux as they build with _GNU_SOURCE which
among other things gives c11 visibility even with --std=c99.
discussed with millert@
issetugid(), not just the sloppy uid != euid test. gid != egid cases
can occur also.
Part of 6.6/009_mesaxlock.patch.sig and 6.5/020_mesaxlock.patch.sig
From Qualys, ok
From Brian Paul
02c3dad0f3b4d26e0faa5cc51d06bc50d693dcdc in mainline Mesa
"A security advisory (TALOS-2019-0857/CVE-2019-5068) found that
creating shared memory regions with permission mode 0777 could allow
any user to access that memory. Several Mesa drivers use shared-
memory XImages to implement back buffers for improved performance.
This path changes the shmget() calls to use 0600 (user r/w).
Tested with legacy Xlib driver and llvmpipe."
These calls are useless to toxic and come in the way of adding pledge
to applications (would require 'fattr' which is quite wide).
Discussed with deraadt, millert and jcs.
Submitted upstreams too.
