mirrors/cosmopolitan
1
0
Fork 0
mirror of https://github.com/jart/cosmopolitan.git synced 2025-07-01 16:58:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix some regressions with execution

Browse source
This commit is contained in:
Justine Tunney 2022-08-07 22:10:18 -07:00
parent 5546559034
commit b77cae2d57
28 changed files with 58 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

30
third_party/make/job.c vendored
View file

@ -1714,7 +1714,9 @@ child_execute_job (struct childbase *child, int good_stdin, char **argv)
if (argv[0][0] == '/' && IsDynamicExecutable (argv[0]))
{
/* weaken sandbox if user is using dynamic shared lolbjects */
/*
* weaken sandbox if user is using dynamic shared lolbjects
*/
Unveil ("/bin", "rx");
Unveil ("/lib", "rx");
Unveil ("/lib64", "rx");
@ -1733,13 +1735,25 @@ child_execute_job (struct childbase *child, int good_stdin, char **argv)
Unveil ("/usr/share/locale-langpack", "r");
}
else
/* permit launching actually portable executables */
if (!Unveil ("/usr/bin/ape", "rx"))
Unveil (xjoinpaths (firstnonnull (getenv ("TMPDIR"),
firstnonnull (getenv ("HOME"),
".")),
".ape"),
"rx");
{
/*
* permit launching actually portable executables
*
* we assume launching make.com already did the expensive
* work of extracting the ape loader program, via /bin/sh
* and we won't need to do that again, since sys_execve()
* will pass ape binaries directly to the ape loader, but
* only if the ape loader exists on a well-known path.
*/
if (!Unveil ("/usr/bin/ape", "rx"))
{
char *s;
if ((s = getenv ("TMPDIR")))
Unveil (xjoinpaths (s, ".ape"), "rx");
if ((s = getenv ("HOME")))
Unveil (xjoinpaths (s, ".ape"), "rx");
}
}
/* unveil executable */
Unveil (argv[0], "rx");