mirrors/cosmopolitan
1
0
Fork 0
mirror of https://github.com/jart/cosmopolitan.git synced 2025-06-28 07:18:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Rewrite Linux pledge() code so it can be a payload

Browse source 
It's now possible to build our pledge() polyfill as a dynamic shared
object that can be injected into a glibc executable using LD_PRELOAD
This commit is contained in:
Justine Tunney 2022-08-08 11:41:08 -07:00
parent 7bd4179b9b
commit 0277d7d6e9
37 changed files with 1980 additions and 1600 deletions
Download patch file Download diff file Expand all files Collapse all files

14
test/tool/build/pledge_test.sh
View file

@ -116,7 +116,7 @@ elif [ "$1" = ape_assimilated_test_suite ]; then
startit ape assimilated curl.com
cp o//examples/curl.com $t/assimilated
o//tool/build/assimilate.com $t/assimilated/curl.com
[ "$(o/$m/tool/build/pledge.com -p 'stdio inet dns' $t/assimilated/curl.com https://justine.lol/hello.txt)" = "hello world" ]
[ "$(o/$m/tool/build/pledge.com -p 'stdio rpath inet dns' $t/assimilated/curl.com https://justine.lol/hello.txt)" = "hello world" ]
checkem
elif [ "$1" = ape_native_test_suite ]; then
@ -131,7 +131,7 @@ elif [ "$1" = ape_native_test_suite ]; then
checkem
startit ape native curl.com
[ "$(o/$m/tool/build/pledge.com -p 'stdio inet dns' o/$m/examples/curl.com https://justine.lol/hello.txt)" = "hello world" ]
[ "$(o/$m/tool/build/pledge.com -p 'stdio rpath inet dns' o/$m/examples/curl.com https://justine.lol/hello.txt)" = "hello world" ]
checkem
elif [ "$1" = setuid_test_suite ]; then
@ -146,23 +146,23 @@ elif [ "$1" = setuid_test_suite ]; then
checkem
startit setuid curl.com
[ "$($t/pledge.com -p 'stdio inet dns' o/$m/examples/curl.com https://justine.lol/hello.txt)" = "hello world" ]
[ "$($t/pledge.com -p 'stdio rpath inet dns' o/$m/examples/curl.com https://justine.lol/hello.txt)" = "hello world" ]
checkem
startit setuid getuid
[ "$($t/pledge.com -pstdio o/$m/examples/printargs.com 2>&1 | grep getuid | grep -o [[:digit:]]*)" = "$(id -u)" ]
[ "$($t/pledge.com -p 'stdio rpath proc tty' o/$m/examples/printargs.com 2>&1 | grep getuid | grep -o [[:digit:]]*)" = "$(id -u)" ]
checkem
startit setuid geteuid
[ "$($t/pledge.com -pstdio o/$m/examples/printargs.com 2>&1 | grep geteuid | grep -o [[:digit:]]*)" = "$(id -u)" ]
[ "$($t/pledge.com -p 'stdio rpath proc tty' o/$m/examples/printargs.com 2>&1 | grep geteuid | grep -o [[:digit:]]*)" = "$(id -u)" ]
checkem
startit setuid no capabilities
[ "$($t/pledge.com -pstdio o/$m/examples/printargs.com 2>&1 | grep CAP_ | wc -l)" = 0 ]
[ "$($t/pledge.com -p 'stdio rpath proc tty' o/$m/examples/printargs.com 2>&1 | grep CAP_ | wc -l)" = 0 ]
checkem
startit setuid maximum nice
$t/pledge.com -np 'stdio proc' o/$m/examples/printargs.com 2>&1 | grep SCHED_IDLE >/dev/null
$t/pledge.com -np 'stdio rpath proc tty' o/$m/examples/printargs.com 2>&1 | grep SCHED_IDLE >/dev/null
checkem
startit setuid chroot

2
test/tool/net/lunix_test.lua
View file

@ -82,7 +82,7 @@ function UnixTest()
unix.close(reader)
pid, ws = assert(unix.wait())
assert(unix.WIFSIGNALED(ws))
assert(unix.WTERMSIG(ws) == unix.SIGSYS)
assert(unix.WTERMSIG(ws) == unix.SIGABRT)
elseif GetHostOs() == "OPENBSD" then
if assert(unix.fork()) == 0 then
assert(unix.pledge("stdio"))