Whitelist some more system calls with pledge()

2025-01-31 03:27:39 +00:00 · 2022-07-19 02:54:10 -07:00 · 2022-07-19 02:54:10 -07:00 · f716435260
commit f716435260
parent 6e52a84a51
2 changed files with 34 additions and 8 deletions
--- a/libc/mem/pledge.c
+++ b/libc/mem/pledge.c
@ -50,7 +50,13 @@
 #define LOCK      0x8000
 #define TTY       0x8000

+// TODO(jart): fix chibicc
+#ifdef __chibicc__
+#define OFF(f) -1
+#else
 #define OFF(f) offsetof(struct seccomp_data, f)
+#endif
+
 #define PLEDGE(pledge) pledge, ARRAYLEN(pledge)

 struct Filter {
@ -105,8 +111,13 @@ static const uint16_t kPledgeLinuxStdio[] = {
    __NR_linux_getresuid,          //
    __NR_linux_getitimer,          //
    __NR_linux_setitimer,          //
+    __NR_linux_timerfd_create,     //
+    __NR_linux_timerfd_settime,    //
+    __NR_linux_timerfd_gettime,    //
    __NR_linux_gettimeofday,       //
    __NR_linux_copy_file_range,    //
+    __NR_linux_sendfile,           //
+    __NR_linux_vmsplice,           //
    __NR_linux_splice,             //
    __NR_linux_lseek,              //
    __NR_linux_tee,                //
@ -114,6 +125,7 @@ static const uint16_t kPledgeLinuxStdio[] = {
    __NR_linux_mmap,               //
    __NR_linux_msync,              //
    __NR_linux_munmap,             //
+    __NR_linux_mincore,            //
    __NR_linux_madvise,            //
    __NR_linux_fadvise,            //
    __NR_linux_mprotect,           //
@ -123,10 +135,20 @@ static const uint16_t kPledgeLinuxStdio[] = {
    __NR_linux_pipe,               //
    __NR_linux_pipe2,              //
    __NR_linux_poll,               //
+    __NR_linux_ppoll,              //
    __NR_linux_select,             //
+    __NR_linux_pselect6,           //
+    __NR_linux_epoll_create,       //
+    __NR_linux_epoll_create1,      //
+    __NR_linux_epoll_ctl,          //
+    __NR_linux_epoll_wait,         //
+    __NR_linux_epoll_pwait,        //
+    __NR_linux_epoll_pwait2,       //
    __NR_linux_recvfrom,           //
    __NR_linux_sendto | ADDRLESS,  //
    __NR_linux_ioctl,              //
+    __NR_linux_alarm,              //
+    __NR_linux_pause,              //
    __NR_linux_shutdown,           //
    __NR_linux_sigaction,          //
    __NR_linux_sigaltstack,        //
@ -138,6 +160,7 @@ static const uint16_t kPledgeLinuxStdio[] = {
    __NR_linux_wait4,              //
    __NR_linux_uname,              //
    __NR_linux_prctl,              //
+    __NR_linux_sched_yield,        //
 };

 static const uint16_t kPledgeLinuxFlock[] = {
@ -275,6 +298,7 @@ static const uint16_t kPledgeLinuxProc[] = {
 static const uint16_t kPledgeLinuxThread[] = {
    __NR_linux_clone,            //
    __NR_linux_futex,            //
+    __NR_linux_tgkill,           //
    __NR_linux_set_robust_list,  //
    __NR_linux_get_robust_list,  //
 };
@ -1206,11 +1230,14 @@ static void FixupOpenbsdPromises(char *p) {
 *   weird flags aren't allowed), mprotect (PROT_EXEC isn't allowed),
 *   msync, munmap, nanosleep, pipe, pipe2, read, readv, pread, recv,
 *   poll, recvfrom, preadv, write, writev, pwrite, pwritev, select,
- *   send, sendto (only if addr is null), setitimer, shutdown, sigaction
- *   (but SIGSYS is forbidden), sigaltstack, sigprocmask, sigreturn,
- *   sigsuspend, umask, socketpair, ioctl(FIONREAD), ioctl(FIONBIO),
- *   ioctl(FIOCLEX), ioctl(FIONCLEX), fcntl(F_GETFD), fcntl(F_SETFD),
- *   fcntl(F_GETFL), fcntl(F_SETFL).
+ *   pselect6, copy_file_range, sendfile, splice, vmsplice, alarm,
+ *   pause, send, sendto (only if addr is null), setitimer, shutdown,
+ *   sigaction (but SIGSYS is forbidden), sigaltstack, sigprocmask,
+ *   sigreturn, sigsuspend, umask, mincore, socketpair, ioctl(FIONREAD),
+ *   ioctl(FIONBIO), ioctl(FIOCLEX), ioctl(FIONCLEX), fcntl(F_GETFD),
+ *   fcntl(F_SETFD), fcntl(F_GETFL), fcntl(F_SETFL), sched_yield,
+ *   epoll_create, epoll_create1, epoll_ctl, epoll_wait, epoll_pwait,
+ *   epoll_pwait2.
 *
 * - "rpath" (read-only path ops) allows chdir, getcwd, open(O_RDONLY),
 *   openat(O_RDONLY), stat, fstat, lstat, fstatat, access,
--- a/libc/sysv/syscalls.sh
+++ b/libc/sysv/syscalls.sh
@ -58,8 +58,7 @@ scall	sys_writev		0x0790790792079014	globl hidden
 scall	sys_access		0x0210210212021015	globl hidden
 scall	__sys_pipe		0x02a10721e202a016	globl hidden # NOTE: pipe2() on FreeBSD; XNU is pipe(void)→eax:edx
 scall	sys_select		0x1a104705d205d017	globl hidden
-scall	pselect			0x1b406e20a218afff	globl
-scall	pselect6		0xfffffffffffff10e	globl
+scall	pselect			0x1b406e20a218a10e	globl # pselect6() on gnu/systemd
 scall	sys_sched_yield		0x15e12a14bf25d018	globl hidden # select() on XNU (previously swtch() but removed in 12.4)
 scall	__sys_mremap		0x19bffffffffff019	globl hidden
 scall	sys_mincore		0x04e04e04e204e01b	globl hidden