Strengthen the pledge() polyfill

libc/calls/fcntl-sysv.c

@@ -19,14 +19,27 @@
 #include "libc/calls/struct/flock.h"
 #include "libc/calls/syscall-sysv.internal.h"
 #include "libc/calls/syscall_support-sysv.internal.h"
+#include "libc/dce.h"
+#include "libc/intrin/asan.internal.h"
 #include "libc/sysv/consts/f.h"
+#include "libc/sysv/errfuns.h"
 
 int sys_fcntl(int fd, int cmd, uintptr_t arg) {
   int rc;
   bool islock;
-  islock = cmd == F_SETLK || cmd == F_SETLKW || cmd == F_GETLK;
-  if (islock) cosmo2flock(arg);
+  if ((islock = cmd == F_GETLK ||  //
+                cmd == F_SETLK ||  //
+                cmd == F_SETLKW)) {
+    if ((!IsAsan() && !arg) ||
+        (IsAsan() &&
+         !__asan_is_valid((struct flock *)arg, sizeof(struct flock)))) {
+      return efault();
+    }
+    cosmo2flock(arg);
+  }
   rc = __sys_fcntl(fd, cmd, arg);
-  if (islock) flock2cosmo(arg);
+  if (islock) {
+    flock2cosmo(arg);
+  }
   return rc;
 }

libc/calls/getttysize.c

@@ -0,0 +1,47 @@
+/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│
+│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8                                :vi│
+╞══════════════════════════════════════════════════════════════════════════════╡
+│ Copyright 2020 Justine Alexandra Roberts Tunney                              │
+│                                                                              │
+│ Permission to use, copy, modify, and/or distribute this software for         │
+│ any purpose with or without fee is hereby granted, provided that the         │
+│ above copyright notice and this permission notice appear in all copies.      │
+│                                                                              │
+│ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL                │
+│ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED                │
+│ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE             │
+│ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL         │
+│ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR        │
+│ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER               │
+│ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR             │
+│ PERFORMANCE OF THIS SOFTWARE.                                                │
+╚─────────────────────────────────────────────────────────────────────────────*/
+#include "libc/bits/safemacros.internal.h"
+#include "libc/calls/calls.h"
+#include "libc/calls/termios.h"
+#include "libc/fmt/conv.h"
+#include "libc/log/internal.h"
+#include "libc/log/log.h"
+#include "libc/runtime/runtime.h"
+#include "libc/sysv/consts/termios.h"
+
+/**
+ * Returns dimensions of controlling terminal.
+ *
+ * It is recommended that programs err on the side of showing more
+ * information, if this value can't be obtained with certainty.
+ *
+ * @param out stores determined dimensions, only on success
+ * @returns -1 on error or something else on success
+ */
+int getttysize(int fd, struct winsize *out) {
+  if (__nocolor) {
+    out->ws_col = strtoimax(firstnonnull(getenv("COLUMNS"), "80"), NULL, 0);
+    out->ws_row = strtoimax(firstnonnull(getenv("ROWS"), "40"), NULL, 0);
+    out->ws_xpixel = 0;
+    out->ws_ypixel = 0;
+    return 0;
+  } else {
+    return ioctl(fd, TIOCGWINSZ, out);
+  }
+}

libc/calls/isatty-metal.c

@@ -0,0 +1,36 @@
+/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│
+│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8                                :vi│
+╞══════════════════════════════════════════════════════════════════════════════╡
+│ Copyright 2022 Justine Alexandra Roberts Tunney                              │
+│                                                                              │
+│ Permission to use, copy, modify, and/or distribute this software for         │
+│ any purpose with or without fee is hereby granted, provided that the         │
+│ above copyright notice and this permission notice appear in all copies.      │
+│                                                                              │
+│ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL                │
+│ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED                │
+│ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE             │
+│ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL         │
+│ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR        │
+│ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER               │
+│ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR             │
+│ PERFORMANCE OF THIS SOFTWARE.                                                │
+╚─────────────────────────────────────────────────────────────────────────────*/
+#include "libc/calls/calls.h"
+#include "libc/calls/internal.h"
+#include "libc/calls/syscall_support-sysv.internal.h"
+#include "libc/sysv/errfuns.h"
+
+bool32 sys_isatty_metal(int fd) {
+  if (__isfdopen(fd)) {
+    if (__isfdkind(fd, kFdSerial)) {
+      return true;
+    } else {
+      enotty();
+      return false;
+    }
+  } else {
+    ebadf();
+    return false;
+  }
+}

libc/calls/isatty-nt.c

@@ -22,7 +22,17 @@
 #include "libc/sysv/errfuns.h"
 
 textwindows bool32 sys_isatty_nt(int fd) {
-  return __isfdkind(fd, kFdConsole) ||
-         (__isfdkind(fd, kFdFile) &&
-          GetFileType(__getfdhandleactual(fd)) == kNtFileTypeChar);
+  if (__isfdopen(fd)) {
+    if (__isfdkind(fd, kFdConsole) ||
+        (__isfdkind(fd, kFdFile) &&
+         GetFileType(g_fds.p[fd].handle) == kNtFileTypeChar)) {
+      return true;
+    } else {
+      enotty();
+      return false;
+    }
+  } else {
+    ebadf();
+    return false;
+  }
 }

libc/calls/isatty.c

@@ -22,32 +22,39 @@
 #include "libc/calls/struct/winsize.h"
 #include "libc/calls/syscall-nt.internal.h"
 #include "libc/calls/syscall-sysv.internal.h"
-#include "libc/dce.h"
+#include "libc/calls/syscall_support-sysv.internal.h"
 #include "libc/errno.h"
 #include "libc/sysv/consts/termios.h"
+#include "libc/sysv/errfuns.h"
 
 /**
- * Returns true if file descriptor is backed by a terminal device.
+ * Tells if file descriptor is a terminal.
+ *
+ * @param fd is file descriptor
+ * @return 1 if is terminal, otherwise 0 w/ errno
+ * @raise EBADF if fd isn't a valid file descriptor
+ * @raise ENOTTY if fd is something other than a terminal
+ * @raise EPERM if pledge() was used without tty
  */
 bool32 isatty(int fd) {
   int e;
   bool32 res;
   struct winsize ws;
-  e = errno;
-  if (fd >= 0) {
-    if (__isfdkind(fd, kFdZip)) {
-      res = false;
-    } else if (IsMetal()) {
-      res = false;
-    } else if (!IsWindows()) {
-      res = sys_ioctl(fd, TIOCGWINSZ, &ws) != -1;
-    } else {
-      res = sys_isatty_nt(fd);
-    }
+  if (__isfdkind(fd, kFdZip)) {
+    enotty();
+    res = false;
+  } else if (IsWindows()) {
+    res = sys_isatty_nt(fd);
+  } else if (IsMetal()) {
+    res = sys_isatty_metal(fd);
+  } else if (!sys_ioctl(fd, TIOCGWINSZ, &ws)) {
+    res = true;
   } else {
     res = false;
+    if (errno != EBADF && errno != EPERM) {
+      enotty();
+    }
   }
   STRACE("isatty(%d) → %hhhd% m", fd, res);
-  errno = e;
   return res;
 }

libc/calls/islinux.c

@@ -20,7 +20,7 @@
 #include "libc/errno.h"
 #include "libc/sysv/consts/pr.h"
 
-bool __is_linux_2_6_23(void) {
+privileged bool __is_linux_2_6_23(void) {
   int rc;
   if (!IsLinux()) return false;
   asm volatile("syscall"

libc/calls/prctl.c

@@ -28,7 +28,7 @@
  *
  * @raise ENOSYS on non-Linux.
  */
-int prctl(int operation, ...) {
+privileged int prctl(int operation, ...) {
   int rc;
   va_list va;
   intptr_t a, b;

libc/calls/seccomp.c

@@ -34,7 +34,7 @@
  *
  * @raise ENOSYS on non-Linux.
  */
-int seccomp(unsigned operation, unsigned flags, void *args) {
+privileged int seccomp(unsigned operation, unsigned flags, void *args) {
   int rc;
   if (IsLinux()) {
     asm volatile("syscall"

libc/calls/struct/bpf.h

@@ -62,15 +62,15 @@ COSMOPOLITAN_C_START_
 #define BPF_TO_BE   0x08
 #define BPF_FROM_LE BPF_TO_LE
 #define BPF_FROM_BE BPF_TO_BE
-#define BPF_JNE     0x50
-#define BPF_JLT     0xa0
-#define BPF_JLE     0xb0
-#define BPF_JSGT    0x60
-#define BPF_JSGE    0x70
-#define BPF_JSLT    0xc0
-#define BPF_JSLE    0xd0
-#define BPF_CALL    0x80
-#define BPF_EXIT    0x90
+#define BPF_JNE     0x50 /* != */
+#define BPF_JLT     0xa0 /* unsigned < */
+#define BPF_JLE     0xb0 /* unsigned <= */
+#define BPF_JSGT    0x60 /* signed > */
+#define BPF_JSGE    0x70 /* signed >= */
+#define BPF_JSLT    0xc0 /* signed < */
+#define BPF_JSLE    0xd0 /* signed <= */
+#define BPF_CALL    0x80 /* call */
+#define BPF_EXIT    0x90 /* ret */
 #define BPF_FETCH   0x01
 #define BPF_XCHG    (0xe0 | BPF_FETCH)
 #define BPF_CMPXCHG (0xf0 | BPF_FETCH)

libc/calls/struct/filter.h

@@ -26,8 +26,8 @@ struct sock_fprog {
 
 #define BPF_STMT(code, k) \
   { (unsigned short)(code), 0, 0, k }
-#define BPF_JUMP(code, k, jt, jf) \
-  { (unsigned short)(code), jt, jf, k }
+#define BPF_JUMP(code, k, jumptrue, jumpfalse) \
+  { (unsigned short)(code), jumptrue, jumpfalse, k }
 
 #define BPF_MEMWORDS 16
 

libc/calls/syscall_support-sysv.internal.h

@@ -19,6 +19,7 @@ void __restore_rt() hidden;
 void __restore_rt_netbsd(void) hidden;
 void cosmo2flock(uintptr_t);
 void flock2cosmo(uintptr_t);
+bool32 sys_isatty_metal(int);
 
 COSMOPOLITAN_C_END_
 #endif /* !(__ASSEMBLER__ + __LINKER__ + 0) */