From 88fbcebb08fcec7ec231377713235c9794b5d4bc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C5=8Dshin?= <git@wholezero.org>
Date: Sun, 17 Dec 2023 13:38:58 +0000
Subject: [PATCH] secure set-id shell script support

---
 libc/calls/getprogramexecutablename.greg.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/libc/calls/getprogramexecutablename.greg.c b/libc/calls/getprogramexecutablename.greg.c
index 4816bf69c..e750152ed 100644
--- a/libc/calls/getprogramexecutablename.greg.c
+++ b/libc/calls/getprogramexecutablename.greg.c
@@ -37,6 +37,7 @@
 #define KERN_PROC                  14
 #define KERN_PROC_PATHNAME_FREEBSD 12
 #define KERN_PROC_PATHNAME_NETBSD  5
+#define DEV_FD                     "/dev/fd/"
 
 static struct {
   atomic_uint once;
@@ -114,6 +115,15 @@ static inline void InitProgramExecutableNameImpl(void) {
     return;
   }
 
+  if (issetugid() && __program_executable_name &&
+      (IsNetbsd() || IsOpenbsd() || IsXnu()) &&
+      !strncmp(DEV_FD, __program_executable_name, sizeof(DEV_FD) - 1) &&
+      isdigit(__program_executable_name[sizeof(DEV_FD)]) &&
+      !strchr(__program_executable_name + sizeof(DEV_FD) + 1, '/')) {
+    /* loader passed us a secure path */
+    return;
+  }
+
   b = g_prog.u.buf;
   n = sizeof(g_prog.u.buf) - 1;
   if (IsFreebsd() || IsNetbsd()) {