2023-07-24 00:07:38 +00:00
|
|
|
/*-*- mode:unix-assembly; indent-tabs-mode:t; tab-width:8; coding:utf-8 -*-│
|
|
|
|
|
│ vi: set noet ft=asm ts=8 sw=8 fenc=utf-8 :vi │
|
|
|
|
|
╞══════════════════════════════════════════════════════════════════════════════╡
|
|
|
|
|
│ Copyright 2023 Justine Alexandra Roberts Tunney │
|
|
|
|
|
│ │
|
|
|
|
|
│ Permission to use, copy, modify, and/or distribute this software for │
|
|
|
|
|
│ any purpose with or without fee is hereby granted, provided that the │
|
|
|
|
|
│ above copyright notice and this permission notice appear in all copies. │
|
|
|
|
|
│ │
|
|
|
|
|
│ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL │
|
|
|
|
|
│ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED │
|
|
|
|
|
│ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE │
|
|
|
|
|
│ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL │
|
|
|
|
|
│ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR │
|
|
|
|
|
│ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER │
|
|
|
|
|
│ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR │
|
|
|
|
|
│ PERFORMANCE OF THIS SOFTWARE. │
|
|
|
|
|
╚─────────────────────────────────────────────────────────────────────────────*/
|
|
|
|
|
#include "libc/macros.h"
|
|
|
|
|
|
|
|
|
|
// Calls _start() function of loaded program.
|
|
|
|
|
//
|
|
|
|
|
// When the program entrypoint is called, all registers shall be
|
|
|
|
|
// cleared, with the exception of (1) %rdi will be equal to %rsp
|
|
|
|
|
// on FreeBSD and (2) %cl will contain the detected host OS code
|
|
|
|
|
//
|
|
|
|
|
// We clear all the general registers we can to have some wiggle
|
|
|
|
|
// room, to extend the behavior of this loader in the future. We
|
|
|
|
|
// don't need to clear the XMM registers because your APE loader
|
|
|
|
|
// should be compiled using gcc/clang's -mgeneral-regs-only flag
|
|
|
|
|
//
|
|
|
|
|
// @param rdi is passed through as-is
|
|
|
|
|
// @param rsi is address of entrypoint (becomes zero)
|
Loader path security (#1012)
The ape loader now passes the program executable name directly as a
register. `x2` is used on aarch64, `%rdx` on x86_64. This is passed
as the third argument to `cosmo()` (M1) or `Launch` (non-M1) and is
assigned to the global `__program_executable_name`.
`GetProgramExecutableName` now returns this global's value, setting
it if it is initially null. `InitProgramExecutableName` first tries
exotic, secure methods: `KERN_PROC_PATHNAME` on FreeBSD/NetBSD, and
`/proc` on Linux. If those produce a reasonable response (i.e., not
`"/usr/bin/ape"`, which happens with the loader before this change),
that is used. Otherwise, if `issetugid()`, the empty string is used.
Otherwise, the old argv/envp parsing code is run.
The value returned from the loader is always the full absolute path
of the binary to be executed, having passed through `realpath`. For
the non-M1 loader, this necessitated writing `RealPath`, which uses
`readlinkat` of `"/proc/self/fd/[progfd]"` on Linux, `F_GETPATH` on
Xnu, and the `__realpath` syscall on OpenBSD. On FreeBSD/NetBSD, it
punts to `GetProgramExecutableName`, which is secure on those OSes.
With the loader, all platforms now have a secure program executable
name. With no loader or an old loader, everything still works as it
did, but setuid/setgid is not supported if the insecure pathfinding
code would have been needed.
Fixes #991.
2023-12-15 17:23:58 +00:00
|
|
|
// @param rdx is passed through as-is
|
2023-12-31 14:42:36 +00:00
|
|
|
// @param rcx is passed through as-is
|
|
|
|
|
// @param r8 is stack pointer (becomes zero)
|
2023-07-24 00:07:38 +00:00
|
|
|
// @noreturn
|
2023-07-26 20:54:49 +00:00
|
|
|
Launch:
|
|
|
|
|
#ifdef __aarch64__
|
|
|
|
|
|
|
|
|
|
mov x16,x1
|
2023-12-31 14:42:36 +00:00
|
|
|
mov sp,x4
|
2023-07-26 20:54:49 +00:00
|
|
|
mov x1,0
|
|
|
|
|
mov x4,0
|
|
|
|
|
mov x5,0
|
|
|
|
|
mov x6,0
|
|
|
|
|
mov x7,0
|
|
|
|
|
mov x8,0
|
|
|
|
|
mov x9,0
|
|
|
|
|
mov x10,0
|
|
|
|
|
mov x11,0
|
|
|
|
|
mov x12,0
|
|
|
|
|
mov x13,0
|
|
|
|
|
mov x14,0
|
|
|
|
|
mov x15,0
|
|
|
|
|
mov x17,0
|
|
|
|
|
mov x19,0
|
|
|
|
|
mov x20,0
|
|
|
|
|
mov x21,0
|
|
|
|
|
mov x22,0
|
|
|
|
|
mov x23,0
|
|
|
|
|
mov x24,0
|
|
|
|
|
mov x25,0
|
|
|
|
|
mov x26,0
|
|
|
|
|
mov x27,0
|
|
|
|
|
mov x28,0
|
|
|
|
|
mov x29,0
|
|
|
|
|
mov x30,0
|
|
|
|
|
br x16
|
|
|
|
|
|
|
|
|
|
#else
|
|
|
|
|
|
2023-12-31 14:42:36 +00:00
|
|
|
mov %r8,%rsp
|
2023-07-26 20:54:49 +00:00
|
|
|
xor %r8d,%r8d
|
2023-07-24 00:07:38 +00:00
|
|
|
xor %r9d,%r9d
|
|
|
|
|
xor %r10d,%r10d
|
|
|
|
|
xor %r11d,%r11d
|
|
|
|
|
xor %r12d,%r12d
|
|
|
|
|
xor %r13d,%r13d
|
|
|
|
|
xor %r14d,%r14d
|
|
|
|
|
xor %r15d,%r15d
|
|
|
|
|
push %rsi
|
|
|
|
|
xor %esi,%esi
|
|
|
|
|
xor %ebp,%ebp
|
|
|
|
|
xor %ebx,%ebx
|
|
|
|
|
xor %eax,%eax
|
|
|
|
|
ret
|
2023-07-26 20:54:49 +00:00
|
|
|
|
|
|
|
|
#endif
|
2023-07-24 00:07:38 +00:00
|
|
|
.endfn Launch,globl
|
