Rewrite Linux pledge() code so it can be a payload

It's now possible to build our pledge() polyfill as a dynamic shared object that can be injected into a glibc executable using LD_PRELOAD
2025-07-04 10:18:31 +00:00 · 2022-08-08 11:41:08 -07:00 · 2022-08-08 11:41:08 -07:00 · 0277d7d6e9
commit 0277d7d6e9
parent 7bd4179b9b
37 changed files with 1980 additions and 1600 deletions
--- a/libc/sysv/calls/memfd_create.s
+++ b/libc/sysv/calls/memfd_create.s
@ -1,2 +0,0 @@
-.include "o/libc/sysv/macros.internal.inc"
-.scall memfd_create,0xfffffffffffff13f,globl
--- a/libc/sysv/calls/sys_memfd_create.s
+++ b/libc/sysv/calls/sys_memfd_create.s
@ -0,0 +1,2 @@
+.include "o/libc/sysv/macros.internal.inc"
+.scall sys_memfd_create,0xfffffffffffff13f,globl,hidden
--- a/libc/sysv/consts.sh
+++ b/libc/sysv/consts.sh
@ -417,14 +417,6 @@ syscon	at	AT_REMOVEDIR				0x0200			0x80			0x0800			8			0x800			0x0200			# faked
 syscon	at	AT_EACCESS				0x0200			0x10			0x0100			1			0x100			0			# performs check using effective uid/gid; unnecessary nt
 syscon	at	AT_EMPTY_PATH				0x1000			0			0			0			0			0			# linux 2.6.39+; see unlink, O_TMPFILE, etc.

-#	memfd_create() flags
-#
-#	Unsupported flags are encoded as 0.
-#
-#	group	name					GNU/Systemd		XNU's Not UNIX!		FreeBSD			OpenBSD			NetBSD			The New Technology	Commentary
-syscon	memfd	MFD_CLOEXEC				1			0			0			0			0			0
-syscon	memfd	MFD_ALLOW_SEALING			2			0			0			0			0			0
-
 #	utimensat() special values
 #
 #	group	name					GNU/Systemd		XNU's Not UNIX!		FreeBSD			OpenBSD			NetBSD			The New Technology	Commentary
--- a/libc/sysv/consts/CANBSIZ.S
+++ b/libc/sysv/consts/CANBSIZ.S
@ -1,2 +0,0 @@
-#include "libc/sysv/consts/syscon.internal.h"
-.syscon termios,CANBSIZ,255,0,0,0,0,0
--- a/libc/sysv/consts/IPPORT_RESERVED.S
+++ b/libc/sysv/consts/IPPORT_RESERVED.S
@ -1,2 +0,0 @@
-#include "libc/sysv/consts/syscon.internal.h"
-.syscon misc,IPPORT_RESERVED,0x0400,0x0400,0x0400,0x0400,0x0400,0x0400
--- a/libc/sysv/consts/MFD_ALLOW_SEALING.S
+++ b/libc/sysv/consts/MFD_ALLOW_SEALING.S
@ -1,2 +0,0 @@
-#include "libc/sysv/consts/syscon.internal.h"
-.syscon memfd,MFD_ALLOW_SEALING,2,0,0,0,0,0
--- a/libc/sysv/consts/MFD_CLOEXEC.S
+++ b/libc/sysv/consts/MFD_CLOEXEC.S
@ -1,2 +0,0 @@
-#include "libc/sysv/consts/syscon.internal.h"
-.syscon memfd,MFD_CLOEXEC,1,0,0,0,0,0
--- a/libc/sysv/consts/mfd.h
+++ b/libc/sysv/consts/mfd.h
@ -1,16 +1,7 @@
 #ifndef COSMOPOLITAN_LIBC_SYSV_CONSTS_MFD_H_
 #define COSMOPOLITAN_LIBC_SYSV_CONSTS_MFD_H_
-#include "libc/runtime/symbolic.h"
-#if !(__ASSEMBLER__ + __LINKER__ + 0)
-COSMOPOLITAN_C_START_

-extern const unsigned int MFD_CLOEXEC;
-extern const unsigned int MFD_ALLOW_SEALING;
-
-COSMOPOLITAN_C_END_
-#endif /* !(__ASSEMBLER__ + __LINKER__ + 0) */
-
-#define MFD_CLOEXEC       SYMBOLIC(MFD_CLOEXEC)
-#define MFD_ALLOW_SEALING SYMBOLIC(MFD_ALLOW_SEALING)
+#define MFD_CLOEXEC       1
+#define MFD_ALLOW_SEALING 2

 #endif /* COSMOPOLITAN_LIBC_SYSV_CONSTS_MFD_H_ */
--- a/libc/sysv/syscalls.sh
+++ b/libc/sysv/syscalls.sh
@ -350,7 +350,7 @@ scall	sched_getattr		0xfffffffffffff13b	globl #  ├─ karen sandler requires s
 scall	renameat2		0xfffffffffffff13c	globl #  └─ debian founder ian murdock found strangled with vacuum cord
 #scall	seccomp			0xfffffffffffff13d	globl # wrapped manually
 scall	sys_getrandom		0xfff00723321f413e	globl hidden  # Linux 3.17+ and getentropy() on XNU/OpenBSD, coming to NetBSD in 9.2
-scall	memfd_create		0xfffffffffffff13f	globl # wut
+scall	sys_memfd_create	0xfffffffffffff13f	globl hidden
 scall	kexec_file_load		0xfffffffffffff140	globl
 scall	bpf			0xfffffffffffff141	globl
 scall	execveat		0xfffffffffffff142	globl