mirror of
				https://github.com/jart/cosmopolitan.git
				synced 2025-10-26 11:10:58 +00:00 
			
		
		
		
	Use LD_PRELOAD to inject pledge() in glibc progs
We're now able to drop both `exec` and `prot_exec` privileges automatically when launching glibc dynamic executables. We also have really outstanding standard error logging now, that explains which promises are needed, even in cases where `exec` is used.
This commit is contained in:
		
							parent
							
								
									0277d7d6e9
								
							
						
					
					
						commit
						6b3d257588
					
				
					 5 changed files with 286 additions and 178 deletions
				
			
		|  | @ -86,7 +86,7 @@ TEST(pledge, testKillProcessMode) { | |||
| TEST(pledge, testLogMessage_inSoftyMode) { | ||||
|   if (IsOpenbsd()) return; | ||||
|   int fds[2]; | ||||
|   char msg[64] = {0}; | ||||
|   char msg[256] = {0}; | ||||
|   ASSERT_SYS(0, 0, pipe(fds)); | ||||
|   SPAWN(fork); | ||||
|   __pledge_mode = kPledgeModeErrno; | ||||
|  | @ -98,13 +98,13 @@ TEST(pledge, testLogMessage_inSoftyMode) { | |||
|   read(fds[0], msg, sizeof(msg)); | ||||
|   close(fds[0]); | ||||
|   if (IsLinux()) { | ||||
|     ASSERT_STARTSWITH("error: has not pledged inet", msg); | ||||
|     ASSERT_STARTSWITH("error: maybe pledge inet", msg); | ||||
|   } | ||||
| } | ||||
| 
 | ||||
| TEST(pledge, testLogMessage_onKillProcess) { | ||||
|   int fds[2]; | ||||
|   char msg[64] = {0}; | ||||
|   char msg[256] = {0}; | ||||
|   ASSERT_SYS(0, 0, pipe(fds)); | ||||
|   SPAWN(fork); | ||||
|   __pledge_mode = kPledgeModeKillThread; | ||||
|  | @ -116,13 +116,13 @@ TEST(pledge, testLogMessage_onKillProcess) { | |||
|   read(fds[0], msg, sizeof(msg)); | ||||
|   close(fds[0]); | ||||
|   if (IsLinux()) { | ||||
|     ASSERT_STARTSWITH("error: has not pledged inet", msg); | ||||
|     ASSERT_STARTSWITH("error: maybe pledge inet", msg); | ||||
|   } | ||||
| } | ||||
| 
 | ||||
| TEST(pledge, testNoLogOrAbrtsignoPossibleSadly_becausePledgedExec) { | ||||
|   int fds[2]; | ||||
|   char msg[64] = {0}; | ||||
|   char msg[256] = {0}; | ||||
|   ASSERT_SYS(0, 0, pipe(fds)); | ||||
|   SPAWN(fork); | ||||
|   ASSERT_SYS(0, 2, dup2(fds[1], 2)); | ||||
|  |  | |||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue