mirror of
https://github.com/Interlisp/maiko.git
synced 2026-03-02 17:54:38 +00:00
5ce292ed32
* Fix buffer overrun vulnerability: use strncpy read_Xoption uses a char buffer defined in main.c with length MAXPATHLEN, aka PATH_MAX in POSIX. Unfortunately it was using strcpy to copy from the command-line arguments (via argv) and the environment (via getenv) without any bounds checking whatsoever. This could very easily cause an overflow. It's unlikely that a user will want to provide a path longer than PATH_MAX-1 (a generous 1023 bytes on my machine). If they try, we should stop them from causing any damage. * Use strlcpy instead of strncpy Thanks to Nick Briggs for the suggestion. It would be best to use sizeof(sysout_name) instead of hardcoding a reference to the PATH_MAX constant, but unfortunately sysout_name is an extern in xrdopt.c and so the compiler doesn't know its size. I don't want to mess with that coupling in this commit, because I assume there was a reason for doing it that way rather than putting sysout_name in a header; I'll keep the scope of the changes here small. * Revert "Use strlcpy instead of strncpy" Ah. This is not great. Turns out strlcpy is a nonstandard BSD extension with its own set of problems [https://en.wikibooks.org/wiki/C_Programming/C_Reference/nonstandard/strlcpy] that we may be best served by avoiding. On Linux, it's only accessible through libbsd, and we have no other reason (as far as I can tell) to require that. Unless we want to provide our own strlcpy implementation, we should stick with strncpy. It's far safer than what was there before and doesn't present any edge cases in this scenario that are apparent to me.
Maiko
Maiko is the implementation of the Medley Interlisp virtual machine, for a byte-coded Lisp instruction set and some low-level functions for connecting with Lisp for access to display (via X11) and disk etc.
For an overview, see Medley Interlisp Introduction.
See the Medley repository for
- Issues (note that maiko issues are there too)
- Discussions (Q&A, announcements, etc)
- Medley's README
Bug reports, feature requests, fixes and improvements, support for additional platforms and hardware are all welcome.
Development Platforms
We are developing on FreeBSD, Linux, MacOS, and Solaris currently on arm7l, arm64, PowerPC, SPARC, i386, and x86_64 hardware.
Building Maiko
Building requires clang, make, X11 client libraries (libx11-dev). For example,
$ sudo apt update
$ sudo apt install clang make x11dev
$ cd maiko/bin
$ ./makeright x
- The build will (attempt to) detect the OS-type and cpu-type. It will build binaries
ldeandldexin../ostype.cputype(with .o files in..ostype.cputype-x. For example, Linux on a 64-bit x86 will uselinux.x86_64, while MacOS 11 on a (new M1) Mac will usedarwin.aarch64. - If you prefer using
gccoverclang, you will need to edit the makefile fragment for your configuration (makefile-ostype.cputype-x) and comment out the line (with a #) that definesCCforclangand uncomment the line (delete the #) for the line that definesCCforgcc. - There is a cmake configuration (TBD To Be Described here).
Building For MacOS
- Running on MacOS requires an X server, and building on a Mac requires X client libraries. An X-server for MacOS (and X11 client libraries) can be freely obtained at https://www.xquartz.org/releases
Building for Windows 10
Windows 10 currently requires "Docker for Desktop" or WSL2 and a (Windows X-server). See Medley's README for more.