Improve pledge() and unveil() further

- Fix getpriority() - Add AT_MINSIGSTKSZ - Fix bugs in BPF code - Show more stuff in printargs.com - Write manual test for pledge.com - pledge() now generates tinier BPF code - Have pledge("exec") only enable execve() - Fix pledge.com chroot setuid functionality - Improve pledge.com unveiling of ape loader
2025-06-28 07:18:30 +00:00 · 2022-07-24 02:56:03 -07:00 · 2022-07-24 02:56:03 -07:00 · f968e2a726
commit f968e2a726
parent 31ac58a57b
17 changed files with 722 additions and 412 deletions
--- a/libc/calls/getpriority.c
+++ b/libc/calls/getpriority.c
@ -24,6 +24,10 @@
 /**
 * Returns nice value of thing.
 *
+ * Since -1 might be a valid return value for this API, it's necessary
+ * to clear `errno` beforehand and see if it changed, in order to truly
+ * determine if an error happened.
+ *
 * @param which can be PRIO_PROCESS, PRIO_PGRP, PRIO_USER
 * @param who is the pid, pgid, or uid (0 means current)
 * @return value ∈ [-NZERO,NZERO) or -1 w/ errno
@ -32,7 +36,9 @@
 int getpriority(int which, unsigned who) {
  int rc;
  if (!IsWindows()) {
-    rc = sys_getpriority(which, who) - 20;
+    if ((rc = sys_getpriority(which, who)) != -1) {
+      rc = 20 - rc;
+    }
  } else {
    rc = sys_getsetpriority_nt(which, who, 0, sys_getpriority_nt);
  }
--- a/libc/calls/sched_getparam.c
+++ b/libc/calls/sched_getparam.c
@ -21,6 +21,8 @@

 /**
 * Gets scheduler policy parameter.
+ *
+ * @return 0 on success, or -1 w/ errno
 * @raise ENOSYS on XNU, Windows
 */
 int sched_getparam(int pid, struct sched_param *param) {
--- a/libc/calls/sched_getscheduler.c
+++ b/libc/calls/sched_getscheduler.c
@ -20,12 +20,22 @@
 #include "libc/calls/strace.internal.h"
 #include "libc/calls/struct/sched_param.h"
 #include "libc/dce.h"
+#include "libc/intrin/describeflags.internal.h"

 /**
 * Gets scheduler policy for `pid`.
 *
- * @param pid is id of process (where 0 is same as getpid())
+ * @param pid is the id of the process whose scheduling policy should be
+ *     queried. Setting `pid` to zero means the same thing as getpid().
+ *     This applies to all threads associated with the process. Linux is
+ *     special; the kernel treats this as a thread id (noting that
+ *     `getpid() == gettid()` is always the case on Linux for the main
+ *     thread) and will only take effect for the specified tid.
+ *     Therefore this function is POSIX-compliant iif `!__threaded`.
 * @return scheduler policy, or -1 w/ errno
+ * @error ESRCH if `pid` not found
+ * @error EPERM if not permitted
+ * @error EINVAL if `pid` is negative on Linux
 */
 int sched_getscheduler(int pid) {
  int rc;
@ -34,6 +44,6 @@ int sched_getscheduler(int pid) {
  } else {
    rc = sys_sched_getscheduler(pid);
  }
-  STRACE("sched_getscheduler(%d) → %d% m", pid, rc);
+  STRACE("sched_getscheduler(%d) → %s% m", pid, DescribeSchedPolicy(rc));
  return rc;
 }
--- a/libc/calls/sched_setscheduler.c
+++ b/libc/calls/sched_setscheduler.c
@ -35,12 +35,12 @@
 * before processes with numerically lower priority values.
 *
 * @param pid is the id of the process whose scheduling policy should be
- *     changed. This applies to all threads associated with the process.
- *     Linux is special; the kernel treats this as a thread id (noting
- *     that `getpid() == gettid()` is always the case on Linux for the
- *     main thread) and will only take effect for the specified tid.
+ *     changed. Setting `pid` to zero means the same thing as getpid().
+ *     This applies to all threads associated with the process. Linux is
+ *     special; the kernel treats this as a thread id (noting that
+ *     `getpid() == gettid()` is always the case on Linux for the main
+ *     thread) and will only take effect for the specified tid.
 *     Therefore this function is POSIX-compliant iif `!__threaded`.
- *     Setting `pid` to zero means the same thing as getpid().
 *
 * @param policy specifies the kernel's timesharing strategy.
 *
--- a/libc/calls/setpriority.c
+++ b/libc/calls/setpriority.c
@ -27,12 +27,14 @@
 * @param which can be PRIO_PROCESS, PRIO_PGRP, PRIO_USER
 * @param who is the pid, pgid, or uid, 0 meaning current
 * @param value ∈ [-NZERO,NZERO) which is clamped automatically
- * @return nonzero on success or -1 w/ errno
+ * @return 0 on success or -1 w/ errno
+ * @error EACCES if lower that RLIMIT_NICE
+ * @error EACCES on Linux without CAP_SYS_NICE
 * @see getpriority(), nice()
 */
 int setpriority(int which, unsigned who, int value) {
  if (!IsWindows()) {
-    return sys_setpriority(which, who, value); /* TODO(jart): -20 */
+    return sys_setpriority(which, who, value);
  } else {
    return sys_getsetpriority_nt(which, who, value, sys_setpriority_nt);
  }
--- a/libc/intrin/describeschedpolicy.c
+++ b/libc/intrin/describeschedpolicy.c
@ -27,14 +27,29 @@
 * Describes clock_gettime() clock argument.
 */
 const char *(DescribeSchedPolicy)(char buf[48], int x) {
-  struct DescribeFlags flags[] = {
-      {SCHED_RESET_ON_FORK, "RESET_ON_FORK"},  //
-      {SCHED_OTHER, "OTHER"},                  //
-      {SCHED_FIFO, "FIFO"},                    //
-      {SCHED_RR, "RR"},                        //
-      {SCHED_BATCH, "BATCH"},                  //
-      {SCHED_IDLE, "IDLE"},                    //
-      {SCHED_DEADLINE, "DEADLINE"},            //
-  };
-  return DescribeFlags(buf, 48, flags, ARRAYLEN(flags), "SCHED_", x);
+  char *p = buf;
+  if (x == -1) {
+    goto DoNumber;
+  }
+  if (x & SCHED_RESET_ON_FORK) {
+    x &= ~SCHED_RESET_ON_FORK;
+    p = stpcpy(p, "SCHED_RESET_ON_FORK");
+  }
+  if (x == SCHED_OTHER) {
+    stpcpy(p, "SCHED_OTHER");
+  } else if (x == SCHED_FIFO) {
+    stpcpy(p, "SCHED_FIFO");
+  } else if (x == SCHED_RR) {
+    stpcpy(p, "SCHED_RR");
+  } else if (x == SCHED_BATCH) {
+    stpcpy(p, "SCHED_BATCH");
+  } else if (x == SCHED_IDLE) {
+    stpcpy(p, "SCHED_IDLE");
+  } else if (x == SCHED_DEADLINE) {
+    stpcpy(p, "SCHED_DEADLINE");
+  } else {
+  DoNumber:
+    FormatInt32(p, x);
+  }
+  return buf;
 }
--- a/libc/mem/pledge.c
+++ b/libc/mem/pledge.c
--- a/libc/runtime/printargs.c
+++ b/libc/runtime/printargs.c
@ -19,6 +19,7 @@
 #include "libc/calls/calls.h"
 #include "libc/calls/strace.internal.h"
 #include "libc/calls/struct/rlimit.h"
+#include "libc/calls/struct/sched_param.h"
 #include "libc/calls/struct/sigset.h"
 #include "libc/calls/struct/termios.h"
 #include "libc/calls/struct/utsname.h"
@ -29,6 +30,7 @@
 #include "libc/errno.h"
 #include "libc/intrin/describeflags.internal.h"
 #include "libc/intrin/kprintf.h"
+#include "libc/intrin/promises.internal.h"
 #include "libc/macros.internal.h"
 #include "libc/nexgen32e/cpuid4.internal.h"
 #include "libc/nexgen32e/kcpuids.h"
@ -52,6 +54,7 @@
 #include "libc/sysv/consts/f.h"
 #include "libc/sysv/consts/poll.h"
 #include "libc/sysv/consts/pr.h"
+#include "libc/sysv/consts/prio.h"
 #include "libc/sysv/consts/rlim.h"
 #include "libc/sysv/consts/sig.h"
 #include "libc/sysv/consts/termios.h"
@ -107,6 +110,7 @@ static const struct AuxiliaryValue {
    {"%-14p", &AT_TIMEKEEP, "AT_TIMEKEEP"},
    {"%-14p", &AT_STACKPROT, "AT_STACKPROT"},
    {"%-14p", &AT_EHDRFLAGS, "AT_EHDRFLAGS"},
+    {"%-14d", &AT_MINSIGSTKSZ, "AT_MINSIGSTKSZ"},
 };

 static const char *FindNameById(const struct IdName *names, unsigned long id) {
@ -161,6 +165,7 @@ textstartup void __printargs(const char *prologue) {
  uintptr_t *auxp;
  struct rlimit rlim;
  struct utsname uts;
+  struct sched_param sp;
  struct termios termios;
  struct AuxiliaryValue *auxinfo;
  union {
@ -168,6 +173,8 @@ textstartup void __printargs(const char *prologue) {
    struct pollfd pfds[128];
  } u;

+  if (!PLEDGED(STDIO)) return;
+
  --__ftrace;
  --__strace;
  e = errno;
@ -296,6 +303,24 @@ textstartup void __printargs(const char *prologue) {
    PRINT("  error: sigprocmask() failed %m");
  }

+  if (PLEDGED(PROC)) {
+    PRINT("");
+    PRINT("SCHEDULER");
+    errno = 0;
+    PRINT(" ☼ getpriority(PRIO_PROCESS) → %d% m", getpriority(PRIO_PROCESS, 0));
+    errno = 0;
+    PRINT(" ☼ getpriority(PRIO_PGRP)    → %d% m", getpriority(PRIO_PGRP, 0));
+    errno = 0;
+    PRINT(" ☼ getpriority(PRIO_USER)    → %d% m", getpriority(PRIO_USER, 0));
+    errno = 0;
+    PRINT(" ☼ sched_getscheduler()      → %s% m",
+          DescribeSchedPolicy(sched_getscheduler(0)));
+    errno = 0;
+    if (sched_getparam(0, &sp) != -1) {
+      PRINT(" ☼ sched_getparam()          → %d% m", sp.sched_priority);
+    }
+  }
+
  if (IsLinux()) {
    PRINT("");
    PRINT("CAPABILITIES");
--- a/libc/sysv/consts.sh
+++ b/libc/sysv/consts.sh
@ -464,6 +464,7 @@ syscon	auxv	AT_EXECFN				31			31			15			999			2014			31			# address of string co
 syscon	auxv	AT_SYSINFO_EHDR				33			0			0			0			0			0
 syscon	auxv	AT_STACKBASE				0			0			0			0			13			0
 syscon	auxv	AT_EXECPATH				31			31			15			999			2014			31			# FreeBSD name for AT_EXECFN
+syscon	auxv	AT_MINSIGSTKSZ				51			0			0			0			0			0			# FreeBSD name for AT_EXECFN
 syscon	auxv	AT_CANARY				0			0			16			0			0			0
 syscon	auxv	AT_CANARYLEN				0			0			17			0			0			0
 syscon	auxv	AT_NCPUS				0			0			19			0			0			0
--- a/libc/sysv/consts/AT_MINSIGSTKSZ.S
+++ b/libc/sysv/consts/AT_MINSIGSTKSZ.S
@ -0,0 +1,2 @@
+#include "libc/sysv/consts/syscon.internal.h"
+.syscon auxv,AT_MINSIGSTKSZ,51,0,0,0,0,0
--- a/libc/sysv/consts/auxv.h
+++ b/libc/sysv/consts/auxv.h
@ -6,21 +6,29 @@ COSMOPOLITAN_C_START_

 extern const long AT_BASE;
 extern const long AT_BASE_PLATFORM;
+extern const long AT_CANARY;
+extern const long AT_CANARYLEN;
 extern const long AT_CLKTCK;
 extern const long AT_DCACHEBSIZE;
 extern const long AT_EGID;
+extern const long AT_EHDRFLAGS;
 extern const long AT_ENTRY;
 extern const long AT_EUID;
 extern const long AT_EXECFD;
 extern const long AT_EXECFN;
+extern const long AT_EXECPATH;
 extern const long AT_FLAGS;
 extern const long AT_GID;
 extern const long AT_HWCAP2;
 extern const long AT_HWCAP;
 extern const long AT_ICACHEBSIZE;
+extern const long AT_MINSIGSTKSZ;
+extern const long AT_NCPUS;
 extern const long AT_NOTELF;
 extern const long AT_NO_AUTOMOUNT;
 extern const long AT_OSRELDATE;
+extern const long AT_PAGESIZES;
+extern const long AT_PAGESIZESLEN;
 extern const long AT_PAGESZ;
 extern const long AT_PHDR;
 extern const long AT_PHENT;
@ -28,40 +36,41 @@ extern const long AT_PHNUM;
 extern const long AT_PLATFORM;
 extern const long AT_RANDOM;
 extern const long AT_SECURE;
+extern const long AT_STACKBASE;
+extern const long AT_STACKPROT;
 extern const long AT_SYSINFO_EHDR;
+extern const long AT_TIMEKEEP;
 extern const long AT_UCACHEBSIZE;
 extern const long AT_UID;
-extern const long AT_STACKBASE;
-extern const long AT_EXECPATH;
-extern const long AT_CANARY;
-extern const long AT_CANARYLEN;
-extern const long AT_NCPUS;
-extern const long AT_PAGESIZES;
-extern const long AT_PAGESIZESLEN;
-extern const long AT_TIMEKEEP;
-extern const long AT_STACKPROT;
-extern const long AT_EHDRFLAGS;

 COSMOPOLITAN_C_END_
 #endif /* !(__ASSEMBLER__ + __LINKER__ + 0) */

 #define AT_BASE          SYMBOLIC(AT_BASE)
 #define AT_BASE_PLATFORM SYMBOLIC(AT_BASE_PLATFORM)
+#define AT_CANARY        SYMBOLIC(AT_CANARY)
+#define AT_CANARYLEN     SYMBOLIC(AT_CANARYLEN)
 #define AT_CLKTCK        SYMBOLIC(AT_CLKTCK)
 #define AT_DCACHEBSIZE   SYMBOLIC(AT_DCACHEBSIZE)
 #define AT_EGID          SYMBOLIC(AT_EGID)
+#define AT_EHDRFLAGS     SYMBOLIC(AT_EHDRFLAGS)
 #define AT_ENTRY         SYMBOLIC(AT_ENTRY)
 #define AT_EUID          SYMBOLIC(AT_EUID)
 #define AT_EXECFD        SYMBOLIC(AT_EXECFD)
 #define AT_EXECFN        SYMBOLIC(AT_EXECFN)
+#define AT_EXECPATH      SYMBOLIC(AT_EXECPATH)
 #define AT_FLAGS         SYMBOLIC(AT_FLAGS)
 #define AT_GID           SYMBOLIC(AT_GID)
 #define AT_HWCAP         SYMBOLIC(AT_HWCAP)
 #define AT_HWCAP2        SYMBOLIC(AT_HWCAP2)
 #define AT_ICACHEBSIZE   SYMBOLIC(AT_ICACHEBSIZE)
+#define AT_MINSIGSTKSZ   SYMBOLIC(AT_MINSIGSTKSZ)
+#define AT_NCPUS         SYMBOLIC(AT_NCPUS)
 #define AT_NOTELF        SYMBOLIC(AT_NOTELF)
 #define AT_NO_AUTOMOUNT  SYMBOLIC(AT_NO_AUTOMOUNT)
 #define AT_OSRELDATE     SYMBOLIC(AT_OSRELDATE)
+#define AT_PAGESIZES     SYMBOLIC(AT_PAGESIZES)
+#define AT_PAGESIZESLEN  SYMBOLIC(AT_PAGESIZESLEN)
 #define AT_PAGESZ        SYMBOLIC(AT_PAGESZ)
 #define AT_PHDR          SYMBOLIC(AT_PHDR)
 #define AT_PHENT         SYMBOLIC(AT_PHENT)
@ -69,18 +78,11 @@ COSMOPOLITAN_C_END_
 #define AT_PLATFORM      SYMBOLIC(AT_PLATFORM)
 #define AT_RANDOM        SYMBOLIC(AT_RANDOM)
 #define AT_SECURE        SYMBOLIC(AT_SECURE)
+#define AT_STACKBASE     SYMBOLIC(AT_STACKBASE)
+#define AT_STACKPROT     SYMBOLIC(AT_STACKPROT)
 #define AT_SYSINFO_EHDR  SYMBOLIC(AT_SYSINFO_EHDR)
+#define AT_TIMEKEEP      SYMBOLIC(AT_TIMEKEEP)
 #define AT_UCACHEBSIZE   SYMBOLIC(AT_UCACHEBSIZE)
 #define AT_UID           SYMBOLIC(AT_UID)
-#define AT_STACKBASE     SYMBOLIC(AT_STACKBASE)
-#define AT_EXECPATH      SYMBOLIC(AT_EXECPATH)
-#define AT_CANARY        SYMBOLIC(AT_CANARY)
-#define AT_CANARYLEN     SYMBOLIC(AT_CANARYLEN)
-#define AT_NCPUS         SYMBOLIC(AT_NCPUS)
-#define AT_PAGESIZES     SYMBOLIC(AT_PAGESIZES)
-#define AT_PAGESIZESLEN  SYMBOLIC(AT_PAGESIZESLEN)
-#define AT_TIMEKEEP      SYMBOLIC(AT_TIMEKEEP)
-#define AT_STACKPROT     SYMBOLIC(AT_STACKPROT)
-#define AT_EHDRFLAGS     SYMBOLIC(AT_EHDRFLAGS)

 #endif /* COSMOPOLITAN_LIBC_CALLS_AUXV_H_ */