mirror of
				https://github.com/jart/cosmopolitan.git
				synced 2025-10-25 02:30:57 +00:00 
			
		
		
		
	Improve pledge() and unveil() further
- Fix getpriority()
- Add AT_MINSIGSTKSZ
- Fix bugs in BPF code
- Show more stuff in printargs.com
- Write manual test for pledge.com
- pledge() now generates tinier BPF code
- Have pledge("exec") only enable execve()
- Fix pledge.com chroot setuid functionality
- Improve pledge.com unveiling of ape loader
			
			
This commit is contained in:
		
							parent
							
								
									31ac58a57b
								
							
						
					
					
						commit
						f968e2a726
					
				
					 17 changed files with 722 additions and 412 deletions
				
			
		|  | @ -24,6 +24,10 @@ | ||||||
| /**
 | /**
 | ||||||
|  * Returns nice value of thing. |  * Returns nice value of thing. | ||||||
|  * |  * | ||||||
|  |  * Since -1 might be a valid return value for this API, it's necessary | ||||||
|  |  * to clear `errno` beforehand and see if it changed, in order to truly | ||||||
|  |  * determine if an error happened. | ||||||
|  |  * | ||||||
|  * @param which can be PRIO_PROCESS, PRIO_PGRP, PRIO_USER |  * @param which can be PRIO_PROCESS, PRIO_PGRP, PRIO_USER | ||||||
|  * @param who is the pid, pgid, or uid (0 means current) |  * @param who is the pid, pgid, or uid (0 means current) | ||||||
|  * @return value ∈ [-NZERO,NZERO) or -1 w/ errno |  * @return value ∈ [-NZERO,NZERO) or -1 w/ errno | ||||||
|  | @ -32,7 +36,9 @@ | ||||||
| int getpriority(int which, unsigned who) { | int getpriority(int which, unsigned who) { | ||||||
|   int rc; |   int rc; | ||||||
|   if (!IsWindows()) { |   if (!IsWindows()) { | ||||||
|     rc = sys_getpriority(which, who) - 20; |     if ((rc = sys_getpriority(which, who)) != -1) { | ||||||
|  |       rc = 20 - rc; | ||||||
|  |     } | ||||||
|   } else { |   } else { | ||||||
|     rc = sys_getsetpriority_nt(which, who, 0, sys_getpriority_nt); |     rc = sys_getsetpriority_nt(which, who, 0, sys_getpriority_nt); | ||||||
|   } |   } | ||||||
|  |  | ||||||
|  | @ -21,6 +21,8 @@ | ||||||
| 
 | 
 | ||||||
| /**
 | /**
 | ||||||
|  * Gets scheduler policy parameter. |  * Gets scheduler policy parameter. | ||||||
|  |  * | ||||||
|  |  * @return 0 on success, or -1 w/ errno | ||||||
|  * @raise ENOSYS on XNU, Windows |  * @raise ENOSYS on XNU, Windows | ||||||
|  */ |  */ | ||||||
| int sched_getparam(int pid, struct sched_param *param) { | int sched_getparam(int pid, struct sched_param *param) { | ||||||
|  |  | ||||||
|  | @ -20,12 +20,22 @@ | ||||||
| #include "libc/calls/strace.internal.h" | #include "libc/calls/strace.internal.h" | ||||||
| #include "libc/calls/struct/sched_param.h" | #include "libc/calls/struct/sched_param.h" | ||||||
| #include "libc/dce.h" | #include "libc/dce.h" | ||||||
|  | #include "libc/intrin/describeflags.internal.h" | ||||||
| 
 | 
 | ||||||
| /**
 | /**
 | ||||||
|  * Gets scheduler policy for `pid`. |  * Gets scheduler policy for `pid`. | ||||||
|  * |  * | ||||||
|  * @param pid is id of process (where 0 is same as getpid()) |  * @param pid is the id of the process whose scheduling policy should be | ||||||
|  |  *     queried. Setting `pid` to zero means the same thing as getpid(). | ||||||
|  |  *     This applies to all threads associated with the process. Linux is | ||||||
|  |  *     special; the kernel treats this as a thread id (noting that | ||||||
|  |  *     `getpid() == gettid()` is always the case on Linux for the main | ||||||
|  |  *     thread) and will only take effect for the specified tid. | ||||||
|  |  *     Therefore this function is POSIX-compliant iif `!__threaded`. | ||||||
|  * @return scheduler policy, or -1 w/ errno |  * @return scheduler policy, or -1 w/ errno | ||||||
|  |  * @error ESRCH if `pid` not found | ||||||
|  |  * @error EPERM if not permitted | ||||||
|  |  * @error EINVAL if `pid` is negative on Linux | ||||||
|  */ |  */ | ||||||
| int sched_getscheduler(int pid) { | int sched_getscheduler(int pid) { | ||||||
|   int rc; |   int rc; | ||||||
|  | @ -34,6 +44,6 @@ int sched_getscheduler(int pid) { | ||||||
|   } else { |   } else { | ||||||
|     rc = sys_sched_getscheduler(pid); |     rc = sys_sched_getscheduler(pid); | ||||||
|   } |   } | ||||||
|   STRACE("sched_getscheduler(%d) → %d% m", pid, rc); |   STRACE("sched_getscheduler(%d) → %s% m", pid, DescribeSchedPolicy(rc)); | ||||||
|   return rc; |   return rc; | ||||||
| } | } | ||||||
|  |  | ||||||
|  | @ -35,12 +35,12 @@ | ||||||
|  * before processes with numerically lower priority values. |  * before processes with numerically lower priority values. | ||||||
|  * |  * | ||||||
|  * @param pid is the id of the process whose scheduling policy should be |  * @param pid is the id of the process whose scheduling policy should be | ||||||
|  *     changed. This applies to all threads associated with the process. |  *     changed. Setting `pid` to zero means the same thing as getpid(). | ||||||
|  *     Linux is special; the kernel treats this as a thread id (noting |  *     This applies to all threads associated with the process. Linux is | ||||||
|  *     that `getpid() == gettid()` is always the case on Linux for the |  *     special; the kernel treats this as a thread id (noting that | ||||||
|  *     main thread) and will only take effect for the specified tid. |  *     `getpid() == gettid()` is always the case on Linux for the main | ||||||
|  |  *     thread) and will only take effect for the specified tid. | ||||||
|  *     Therefore this function is POSIX-compliant iif `!__threaded`. |  *     Therefore this function is POSIX-compliant iif `!__threaded`. | ||||||
|  *     Setting `pid` to zero means the same thing as getpid(). |  | ||||||
|  * |  * | ||||||
|  * @param policy specifies the kernel's timesharing strategy. |  * @param policy specifies the kernel's timesharing strategy. | ||||||
|  * |  * | ||||||
|  |  | ||||||
|  | @ -27,12 +27,14 @@ | ||||||
|  * @param which can be PRIO_PROCESS, PRIO_PGRP, PRIO_USER |  * @param which can be PRIO_PROCESS, PRIO_PGRP, PRIO_USER | ||||||
|  * @param who is the pid, pgid, or uid, 0 meaning current |  * @param who is the pid, pgid, or uid, 0 meaning current | ||||||
|  * @param value ∈ [-NZERO,NZERO) which is clamped automatically |  * @param value ∈ [-NZERO,NZERO) which is clamped automatically | ||||||
|  * @return nonzero on success or -1 w/ errno |  * @return 0 on success or -1 w/ errno | ||||||
|  |  * @error EACCES if lower that RLIMIT_NICE | ||||||
|  |  * @error EACCES on Linux without CAP_SYS_NICE | ||||||
|  * @see getpriority(), nice() |  * @see getpriority(), nice() | ||||||
|  */ |  */ | ||||||
| int setpriority(int which, unsigned who, int value) { | int setpriority(int which, unsigned who, int value) { | ||||||
|   if (!IsWindows()) { |   if (!IsWindows()) { | ||||||
|     return sys_setpriority(which, who, value); /* TODO(jart): -20 */ |     return sys_setpriority(which, who, value); | ||||||
|   } else { |   } else { | ||||||
|     return sys_getsetpriority_nt(which, who, value, sys_setpriority_nt); |     return sys_getsetpriority_nt(which, who, value, sys_setpriority_nt); | ||||||
|   } |   } | ||||||
|  |  | ||||||
|  | @ -27,14 +27,29 @@ | ||||||
|  * Describes clock_gettime() clock argument. |  * Describes clock_gettime() clock argument. | ||||||
|  */ |  */ | ||||||
| const char *(DescribeSchedPolicy)(char buf[48], int x) { | const char *(DescribeSchedPolicy)(char buf[48], int x) { | ||||||
|   struct DescribeFlags flags[] = { |   char *p = buf; | ||||||
|       {SCHED_RESET_ON_FORK, "RESET_ON_FORK"},  //
 |   if (x == -1) { | ||||||
|       {SCHED_OTHER, "OTHER"},                  //
 |     goto DoNumber; | ||||||
|       {SCHED_FIFO, "FIFO"},                    //
 |   } | ||||||
|       {SCHED_RR, "RR"},                        //
 |   if (x & SCHED_RESET_ON_FORK) { | ||||||
|       {SCHED_BATCH, "BATCH"},                  //
 |     x &= ~SCHED_RESET_ON_FORK; | ||||||
|       {SCHED_IDLE, "IDLE"},                    //
 |     p = stpcpy(p, "SCHED_RESET_ON_FORK"); | ||||||
|       {SCHED_DEADLINE, "DEADLINE"},            //
 |   } | ||||||
|   }; |   if (x == SCHED_OTHER) { | ||||||
|   return DescribeFlags(buf, 48, flags, ARRAYLEN(flags), "SCHED_", x); |     stpcpy(p, "SCHED_OTHER"); | ||||||
|  |   } else if (x == SCHED_FIFO) { | ||||||
|  |     stpcpy(p, "SCHED_FIFO"); | ||||||
|  |   } else if (x == SCHED_RR) { | ||||||
|  |     stpcpy(p, "SCHED_RR"); | ||||||
|  |   } else if (x == SCHED_BATCH) { | ||||||
|  |     stpcpy(p, "SCHED_BATCH"); | ||||||
|  |   } else if (x == SCHED_IDLE) { | ||||||
|  |     stpcpy(p, "SCHED_IDLE"); | ||||||
|  |   } else if (x == SCHED_DEADLINE) { | ||||||
|  |     stpcpy(p, "SCHED_DEADLINE"); | ||||||
|  |   } else { | ||||||
|  |   DoNumber: | ||||||
|  |     FormatInt32(p, x); | ||||||
|  |   } | ||||||
|  |   return buf; | ||||||
| } | } | ||||||
|  |  | ||||||
										
											
												File diff suppressed because it is too large
												Load diff
											
										
									
								
							|  | @ -19,6 +19,7 @@ | ||||||
| #include "libc/calls/calls.h" | #include "libc/calls/calls.h" | ||||||
| #include "libc/calls/strace.internal.h" | #include "libc/calls/strace.internal.h" | ||||||
| #include "libc/calls/struct/rlimit.h" | #include "libc/calls/struct/rlimit.h" | ||||||
|  | #include "libc/calls/struct/sched_param.h" | ||||||
| #include "libc/calls/struct/sigset.h" | #include "libc/calls/struct/sigset.h" | ||||||
| #include "libc/calls/struct/termios.h" | #include "libc/calls/struct/termios.h" | ||||||
| #include "libc/calls/struct/utsname.h" | #include "libc/calls/struct/utsname.h" | ||||||
|  | @ -29,6 +30,7 @@ | ||||||
| #include "libc/errno.h" | #include "libc/errno.h" | ||||||
| #include "libc/intrin/describeflags.internal.h" | #include "libc/intrin/describeflags.internal.h" | ||||||
| #include "libc/intrin/kprintf.h" | #include "libc/intrin/kprintf.h" | ||||||
|  | #include "libc/intrin/promises.internal.h" | ||||||
| #include "libc/macros.internal.h" | #include "libc/macros.internal.h" | ||||||
| #include "libc/nexgen32e/cpuid4.internal.h" | #include "libc/nexgen32e/cpuid4.internal.h" | ||||||
| #include "libc/nexgen32e/kcpuids.h" | #include "libc/nexgen32e/kcpuids.h" | ||||||
|  | @ -52,6 +54,7 @@ | ||||||
| #include "libc/sysv/consts/f.h" | #include "libc/sysv/consts/f.h" | ||||||
| #include "libc/sysv/consts/poll.h" | #include "libc/sysv/consts/poll.h" | ||||||
| #include "libc/sysv/consts/pr.h" | #include "libc/sysv/consts/pr.h" | ||||||
|  | #include "libc/sysv/consts/prio.h" | ||||||
| #include "libc/sysv/consts/rlim.h" | #include "libc/sysv/consts/rlim.h" | ||||||
| #include "libc/sysv/consts/sig.h" | #include "libc/sysv/consts/sig.h" | ||||||
| #include "libc/sysv/consts/termios.h" | #include "libc/sysv/consts/termios.h" | ||||||
|  | @ -107,6 +110,7 @@ static const struct AuxiliaryValue { | ||||||
|     {"%-14p", &AT_TIMEKEEP, "AT_TIMEKEEP"}, |     {"%-14p", &AT_TIMEKEEP, "AT_TIMEKEEP"}, | ||||||
|     {"%-14p", &AT_STACKPROT, "AT_STACKPROT"}, |     {"%-14p", &AT_STACKPROT, "AT_STACKPROT"}, | ||||||
|     {"%-14p", &AT_EHDRFLAGS, "AT_EHDRFLAGS"}, |     {"%-14p", &AT_EHDRFLAGS, "AT_EHDRFLAGS"}, | ||||||
|  |     {"%-14d", &AT_MINSIGSTKSZ, "AT_MINSIGSTKSZ"}, | ||||||
| }; | }; | ||||||
| 
 | 
 | ||||||
| static const char *FindNameById(const struct IdName *names, unsigned long id) { | static const char *FindNameById(const struct IdName *names, unsigned long id) { | ||||||
|  | @ -161,6 +165,7 @@ textstartup void __printargs(const char *prologue) { | ||||||
|   uintptr_t *auxp; |   uintptr_t *auxp; | ||||||
|   struct rlimit rlim; |   struct rlimit rlim; | ||||||
|   struct utsname uts; |   struct utsname uts; | ||||||
|  |   struct sched_param sp; | ||||||
|   struct termios termios; |   struct termios termios; | ||||||
|   struct AuxiliaryValue *auxinfo; |   struct AuxiliaryValue *auxinfo; | ||||||
|   union { |   union { | ||||||
|  | @ -168,6 +173,8 @@ textstartup void __printargs(const char *prologue) { | ||||||
|     struct pollfd pfds[128]; |     struct pollfd pfds[128]; | ||||||
|   } u; |   } u; | ||||||
| 
 | 
 | ||||||
|  |   if (!PLEDGED(STDIO)) return; | ||||||
|  | 
 | ||||||
|   --__ftrace; |   --__ftrace; | ||||||
|   --__strace; |   --__strace; | ||||||
|   e = errno; |   e = errno; | ||||||
|  | @ -296,6 +303,24 @@ textstartup void __printargs(const char *prologue) { | ||||||
|     PRINT("  error: sigprocmask() failed %m"); |     PRINT("  error: sigprocmask() failed %m"); | ||||||
|   } |   } | ||||||
| 
 | 
 | ||||||
|  |   if (PLEDGED(PROC)) { | ||||||
|  |     PRINT(""); | ||||||
|  |     PRINT("SCHEDULER"); | ||||||
|  |     errno = 0; | ||||||
|  |     PRINT(" ☼ getpriority(PRIO_PROCESS) → %d% m", getpriority(PRIO_PROCESS, 0)); | ||||||
|  |     errno = 0; | ||||||
|  |     PRINT(" ☼ getpriority(PRIO_PGRP)    → %d% m", getpriority(PRIO_PGRP, 0)); | ||||||
|  |     errno = 0; | ||||||
|  |     PRINT(" ☼ getpriority(PRIO_USER)    → %d% m", getpriority(PRIO_USER, 0)); | ||||||
|  |     errno = 0; | ||||||
|  |     PRINT(" ☼ sched_getscheduler()      → %s% m", | ||||||
|  |           DescribeSchedPolicy(sched_getscheduler(0))); | ||||||
|  |     errno = 0; | ||||||
|  |     if (sched_getparam(0, &sp) != -1) { | ||||||
|  |       PRINT(" ☼ sched_getparam()          → %d% m", sp.sched_priority); | ||||||
|  |     } | ||||||
|  |   } | ||||||
|  | 
 | ||||||
|   if (IsLinux()) { |   if (IsLinux()) { | ||||||
|     PRINT(""); |     PRINT(""); | ||||||
|     PRINT("CAPABILITIES"); |     PRINT("CAPABILITIES"); | ||||||
|  |  | ||||||
|  | @ -464,6 +464,7 @@ syscon	auxv	AT_EXECFN				31			31			15			999			2014			31			# address of string co | ||||||
| syscon	auxv	AT_SYSINFO_EHDR				33			0			0			0			0			0 | syscon	auxv	AT_SYSINFO_EHDR				33			0			0			0			0			0 | ||||||
| syscon	auxv	AT_STACKBASE				0			0			0			0			13			0 | syscon	auxv	AT_STACKBASE				0			0			0			0			13			0 | ||||||
| syscon	auxv	AT_EXECPATH				31			31			15			999			2014			31			# FreeBSD name for AT_EXECFN | syscon	auxv	AT_EXECPATH				31			31			15			999			2014			31			# FreeBSD name for AT_EXECFN | ||||||
|  | syscon	auxv	AT_MINSIGSTKSZ				51			0			0			0			0			0			# FreeBSD name for AT_EXECFN | ||||||
| syscon	auxv	AT_CANARY				0			0			16			0			0			0 | syscon	auxv	AT_CANARY				0			0			16			0			0			0 | ||||||
| syscon	auxv	AT_CANARYLEN				0			0			17			0			0			0 | syscon	auxv	AT_CANARYLEN				0			0			17			0			0			0 | ||||||
| syscon	auxv	AT_NCPUS				0			0			19			0			0			0 | syscon	auxv	AT_NCPUS				0			0			19			0			0			0 | ||||||
|  |  | ||||||
							
								
								
									
										2
									
								
								libc/sysv/consts/AT_MINSIGSTKSZ.S
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										2
									
								
								libc/sysv/consts/AT_MINSIGSTKSZ.S
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,2 @@ | ||||||
|  | #include "libc/sysv/consts/syscon.internal.h" | ||||||
|  | .syscon auxv,AT_MINSIGSTKSZ,51,0,0,0,0,0 | ||||||
|  | @ -6,21 +6,29 @@ COSMOPOLITAN_C_START_ | ||||||
| 
 | 
 | ||||||
| extern const long AT_BASE; | extern const long AT_BASE; | ||||||
| extern const long AT_BASE_PLATFORM; | extern const long AT_BASE_PLATFORM; | ||||||
|  | extern const long AT_CANARY; | ||||||
|  | extern const long AT_CANARYLEN; | ||||||
| extern const long AT_CLKTCK; | extern const long AT_CLKTCK; | ||||||
| extern const long AT_DCACHEBSIZE; | extern const long AT_DCACHEBSIZE; | ||||||
| extern const long AT_EGID; | extern const long AT_EGID; | ||||||
|  | extern const long AT_EHDRFLAGS; | ||||||
| extern const long AT_ENTRY; | extern const long AT_ENTRY; | ||||||
| extern const long AT_EUID; | extern const long AT_EUID; | ||||||
| extern const long AT_EXECFD; | extern const long AT_EXECFD; | ||||||
| extern const long AT_EXECFN; | extern const long AT_EXECFN; | ||||||
|  | extern const long AT_EXECPATH; | ||||||
| extern const long AT_FLAGS; | extern const long AT_FLAGS; | ||||||
| extern const long AT_GID; | extern const long AT_GID; | ||||||
| extern const long AT_HWCAP2; | extern const long AT_HWCAP2; | ||||||
| extern const long AT_HWCAP; | extern const long AT_HWCAP; | ||||||
| extern const long AT_ICACHEBSIZE; | extern const long AT_ICACHEBSIZE; | ||||||
|  | extern const long AT_MINSIGSTKSZ; | ||||||
|  | extern const long AT_NCPUS; | ||||||
| extern const long AT_NOTELF; | extern const long AT_NOTELF; | ||||||
| extern const long AT_NO_AUTOMOUNT; | extern const long AT_NO_AUTOMOUNT; | ||||||
| extern const long AT_OSRELDATE; | extern const long AT_OSRELDATE; | ||||||
|  | extern const long AT_PAGESIZES; | ||||||
|  | extern const long AT_PAGESIZESLEN; | ||||||
| extern const long AT_PAGESZ; | extern const long AT_PAGESZ; | ||||||
| extern const long AT_PHDR; | extern const long AT_PHDR; | ||||||
| extern const long AT_PHENT; | extern const long AT_PHENT; | ||||||
|  | @ -28,40 +36,41 @@ extern const long AT_PHNUM; | ||||||
| extern const long AT_PLATFORM; | extern const long AT_PLATFORM; | ||||||
| extern const long AT_RANDOM; | extern const long AT_RANDOM; | ||||||
| extern const long AT_SECURE; | extern const long AT_SECURE; | ||||||
|  | extern const long AT_STACKBASE; | ||||||
|  | extern const long AT_STACKPROT; | ||||||
| extern const long AT_SYSINFO_EHDR; | extern const long AT_SYSINFO_EHDR; | ||||||
|  | extern const long AT_TIMEKEEP; | ||||||
| extern const long AT_UCACHEBSIZE; | extern const long AT_UCACHEBSIZE; | ||||||
| extern const long AT_UID; | extern const long AT_UID; | ||||||
| extern const long AT_STACKBASE; |  | ||||||
| extern const long AT_EXECPATH; |  | ||||||
| extern const long AT_CANARY; |  | ||||||
| extern const long AT_CANARYLEN; |  | ||||||
| extern const long AT_NCPUS; |  | ||||||
| extern const long AT_PAGESIZES; |  | ||||||
| extern const long AT_PAGESIZESLEN; |  | ||||||
| extern const long AT_TIMEKEEP; |  | ||||||
| extern const long AT_STACKPROT; |  | ||||||
| extern const long AT_EHDRFLAGS; |  | ||||||
| 
 | 
 | ||||||
| COSMOPOLITAN_C_END_ | COSMOPOLITAN_C_END_ | ||||||
| #endif /* !(__ASSEMBLER__ + __LINKER__ + 0) */ | #endif /* !(__ASSEMBLER__ + __LINKER__ + 0) */ | ||||||
| 
 | 
 | ||||||
| #define AT_BASE          SYMBOLIC(AT_BASE) | #define AT_BASE          SYMBOLIC(AT_BASE) | ||||||
| #define AT_BASE_PLATFORM SYMBOLIC(AT_BASE_PLATFORM) | #define AT_BASE_PLATFORM SYMBOLIC(AT_BASE_PLATFORM) | ||||||
|  | #define AT_CANARY        SYMBOLIC(AT_CANARY) | ||||||
|  | #define AT_CANARYLEN     SYMBOLIC(AT_CANARYLEN) | ||||||
| #define AT_CLKTCK        SYMBOLIC(AT_CLKTCK) | #define AT_CLKTCK        SYMBOLIC(AT_CLKTCK) | ||||||
| #define AT_DCACHEBSIZE   SYMBOLIC(AT_DCACHEBSIZE) | #define AT_DCACHEBSIZE   SYMBOLIC(AT_DCACHEBSIZE) | ||||||
| #define AT_EGID          SYMBOLIC(AT_EGID) | #define AT_EGID          SYMBOLIC(AT_EGID) | ||||||
|  | #define AT_EHDRFLAGS     SYMBOLIC(AT_EHDRFLAGS) | ||||||
| #define AT_ENTRY         SYMBOLIC(AT_ENTRY) | #define AT_ENTRY         SYMBOLIC(AT_ENTRY) | ||||||
| #define AT_EUID          SYMBOLIC(AT_EUID) | #define AT_EUID          SYMBOLIC(AT_EUID) | ||||||
| #define AT_EXECFD        SYMBOLIC(AT_EXECFD) | #define AT_EXECFD        SYMBOLIC(AT_EXECFD) | ||||||
| #define AT_EXECFN        SYMBOLIC(AT_EXECFN) | #define AT_EXECFN        SYMBOLIC(AT_EXECFN) | ||||||
|  | #define AT_EXECPATH      SYMBOLIC(AT_EXECPATH) | ||||||
| #define AT_FLAGS         SYMBOLIC(AT_FLAGS) | #define AT_FLAGS         SYMBOLIC(AT_FLAGS) | ||||||
| #define AT_GID           SYMBOLIC(AT_GID) | #define AT_GID           SYMBOLIC(AT_GID) | ||||||
| #define AT_HWCAP         SYMBOLIC(AT_HWCAP) | #define AT_HWCAP         SYMBOLIC(AT_HWCAP) | ||||||
| #define AT_HWCAP2        SYMBOLIC(AT_HWCAP2) | #define AT_HWCAP2        SYMBOLIC(AT_HWCAP2) | ||||||
| #define AT_ICACHEBSIZE   SYMBOLIC(AT_ICACHEBSIZE) | #define AT_ICACHEBSIZE   SYMBOLIC(AT_ICACHEBSIZE) | ||||||
|  | #define AT_MINSIGSTKSZ   SYMBOLIC(AT_MINSIGSTKSZ) | ||||||
|  | #define AT_NCPUS         SYMBOLIC(AT_NCPUS) | ||||||
| #define AT_NOTELF        SYMBOLIC(AT_NOTELF) | #define AT_NOTELF        SYMBOLIC(AT_NOTELF) | ||||||
| #define AT_NO_AUTOMOUNT  SYMBOLIC(AT_NO_AUTOMOUNT) | #define AT_NO_AUTOMOUNT  SYMBOLIC(AT_NO_AUTOMOUNT) | ||||||
| #define AT_OSRELDATE     SYMBOLIC(AT_OSRELDATE) | #define AT_OSRELDATE     SYMBOLIC(AT_OSRELDATE) | ||||||
|  | #define AT_PAGESIZES     SYMBOLIC(AT_PAGESIZES) | ||||||
|  | #define AT_PAGESIZESLEN  SYMBOLIC(AT_PAGESIZESLEN) | ||||||
| #define AT_PAGESZ        SYMBOLIC(AT_PAGESZ) | #define AT_PAGESZ        SYMBOLIC(AT_PAGESZ) | ||||||
| #define AT_PHDR          SYMBOLIC(AT_PHDR) | #define AT_PHDR          SYMBOLIC(AT_PHDR) | ||||||
| #define AT_PHENT         SYMBOLIC(AT_PHENT) | #define AT_PHENT         SYMBOLIC(AT_PHENT) | ||||||
|  | @ -69,18 +78,11 @@ COSMOPOLITAN_C_END_ | ||||||
| #define AT_PLATFORM      SYMBOLIC(AT_PLATFORM) | #define AT_PLATFORM      SYMBOLIC(AT_PLATFORM) | ||||||
| #define AT_RANDOM        SYMBOLIC(AT_RANDOM) | #define AT_RANDOM        SYMBOLIC(AT_RANDOM) | ||||||
| #define AT_SECURE        SYMBOLIC(AT_SECURE) | #define AT_SECURE        SYMBOLIC(AT_SECURE) | ||||||
|  | #define AT_STACKBASE     SYMBOLIC(AT_STACKBASE) | ||||||
|  | #define AT_STACKPROT     SYMBOLIC(AT_STACKPROT) | ||||||
| #define AT_SYSINFO_EHDR  SYMBOLIC(AT_SYSINFO_EHDR) | #define AT_SYSINFO_EHDR  SYMBOLIC(AT_SYSINFO_EHDR) | ||||||
|  | #define AT_TIMEKEEP      SYMBOLIC(AT_TIMEKEEP) | ||||||
| #define AT_UCACHEBSIZE   SYMBOLIC(AT_UCACHEBSIZE) | #define AT_UCACHEBSIZE   SYMBOLIC(AT_UCACHEBSIZE) | ||||||
| #define AT_UID           SYMBOLIC(AT_UID) | #define AT_UID           SYMBOLIC(AT_UID) | ||||||
| #define AT_STACKBASE     SYMBOLIC(AT_STACKBASE) |  | ||||||
| #define AT_EXECPATH      SYMBOLIC(AT_EXECPATH) |  | ||||||
| #define AT_CANARY        SYMBOLIC(AT_CANARY) |  | ||||||
| #define AT_CANARYLEN     SYMBOLIC(AT_CANARYLEN) |  | ||||||
| #define AT_NCPUS         SYMBOLIC(AT_NCPUS) |  | ||||||
| #define AT_PAGESIZES     SYMBOLIC(AT_PAGESIZES) |  | ||||||
| #define AT_PAGESIZESLEN  SYMBOLIC(AT_PAGESIZESLEN) |  | ||||||
| #define AT_TIMEKEEP      SYMBOLIC(AT_TIMEKEEP) |  | ||||||
| #define AT_STACKPROT     SYMBOLIC(AT_STACKPROT) |  | ||||||
| #define AT_EHDRFLAGS     SYMBOLIC(AT_EHDRFLAGS) |  | ||||||
| 
 | 
 | ||||||
| #endif /* COSMOPOLITAN_LIBC_CALLS_AUXV_H_ */ | #endif /* COSMOPOLITAN_LIBC_CALLS_AUXV_H_ */ | ||||||
|  |  | ||||||
|  | @ -23,7 +23,7 @@ | ||||||
| #include "libc/x/x.h" | #include "libc/x/x.h" | ||||||
| 
 | 
 | ||||||
| __attribute__((__constructor__)) static void init(void) { | __attribute__((__constructor__)) static void init(void) { | ||||||
|   pledge("stdio rpath tty", 0); |   pledge("stdio rpath tty proc", 0); | ||||||
|   errno = 0; |   errno = 0; | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -22,6 +22,7 @@ | ||||||
| #include "libc/dce.h" | #include "libc/dce.h" | ||||||
| #include "libc/errno.h" | #include "libc/errno.h" | ||||||
| #include "libc/intrin/kprintf.h" | #include "libc/intrin/kprintf.h" | ||||||
|  | #include "libc/limits.h" | ||||||
| #include "libc/runtime/runtime.h" | #include "libc/runtime/runtime.h" | ||||||
| #include "libc/sysv/consts/sched.h" | #include "libc/sysv/consts/sched.h" | ||||||
| #include "libc/testlib/testlib.h" | #include "libc/testlib/testlib.h" | ||||||
|  | @ -53,6 +54,10 @@ bool CanTuneRealtimeSchedulers(void) { | ||||||
|   } |   } | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
|  | TEST(sched_getscheduler, einval) { | ||||||
|  |   ASSERT_SYS(IsLinux() ? EINVAL : ESRCH, -1, sched_getscheduler(INT_MIN)); | ||||||
|  | } | ||||||
|  | 
 | ||||||
| TEST(sched_setscheduler, test) { | TEST(sched_setscheduler, test) { | ||||||
|   struct sched_param p = {sched_get_priority_min(SCHED_OTHER)}; |   struct sched_param p = {sched_get_priority_min(SCHED_OTHER)}; | ||||||
|   EXPECT_SYS(0, DEFAULT_POLICY, sched_setscheduler(0, SCHED_OTHER, &p)); |   EXPECT_SYS(0, DEFAULT_POLICY, sched_setscheduler(0, SCHED_OTHER, &p)); | ||||||
|  |  | ||||||
|  | @ -372,7 +372,6 @@ TEST(pledge, chmod_ignoresDangerBits) { | ||||||
| TEST(pledge, open_rpath) { | TEST(pledge, open_rpath) { | ||||||
|   if (IsOpenbsd()) return;  // b/c testing linux bpf
 |   if (IsOpenbsd()) return;  // b/c testing linux bpf
 | ||||||
|   int ws, pid; |   int ws, pid; | ||||||
|   struct stat st; |  | ||||||
|   ASSERT_SYS(0, 0, touch("foo", 0644)); |   ASSERT_SYS(0, 0, touch("foo", 0644)); | ||||||
|   ASSERT_NE(-1, (pid = fork())); |   ASSERT_NE(-1, (pid = fork())); | ||||||
|   if (!pid) { |   if (!pid) { | ||||||
|  | @ -389,7 +388,6 @@ TEST(pledge, open_rpath) { | ||||||
| TEST(pledge, open_wpath) { | TEST(pledge, open_wpath) { | ||||||
|   if (IsOpenbsd()) return;  // b/c testing linux bpf
 |   if (IsOpenbsd()) return;  // b/c testing linux bpf
 | ||||||
|   int ws, pid; |   int ws, pid; | ||||||
|   struct stat st; |  | ||||||
|   ASSERT_SYS(0, 0, touch("foo", 0644)); |   ASSERT_SYS(0, 0, touch("foo", 0644)); | ||||||
|   ASSERT_NE(-1, (pid = fork())); |   ASSERT_NE(-1, (pid = fork())); | ||||||
|   if (!pid) { |   if (!pid) { | ||||||
|  | @ -426,7 +424,6 @@ TEST(pledge, open_cpath) { | ||||||
| TEST(pledge, sigaction_isFineButForbidsSigsys) { | TEST(pledge, sigaction_isFineButForbidsSigsys) { | ||||||
|   if (IsOpenbsd()) return;  // b/c testing linux bpf
 |   if (IsOpenbsd()) return;  // b/c testing linux bpf
 | ||||||
|   int ws, pid; |   int ws, pid; | ||||||
|   struct stat st; |  | ||||||
|   ASSERT_NE(-1, (pid = fork())); |   ASSERT_NE(-1, (pid = fork())); | ||||||
|   if (!pid) { |   if (!pid) { | ||||||
|     ASSERT_SYS(0, 0, pledge("stdio", 0)); |     ASSERT_SYS(0, 0, pledge("stdio", 0)); | ||||||
|  | @ -442,7 +439,6 @@ TEST(pledge, sigaction_isFineButForbidsSigsys) { | ||||||
| TEST(pledge, execpromises_ok) { | TEST(pledge, execpromises_ok) { | ||||||
|   if (IsOpenbsd()) return;  // b/c testing linux bpf
 |   if (IsOpenbsd()) return;  // b/c testing linux bpf
 | ||||||
|   int ws, pid; |   int ws, pid; | ||||||
|   struct stat st; |  | ||||||
|   ASSERT_NE(-1, (pid = fork())); |   ASSERT_NE(-1, (pid = fork())); | ||||||
|   if (!pid) { |   if (!pid) { | ||||||
|     ASSERT_SYS(0, 0, pledge("stdio exec", "stdio")); |     ASSERT_SYS(0, 0, pledge("stdio exec", "stdio")); | ||||||
|  | @ -457,7 +453,6 @@ TEST(pledge, execpromises_ok) { | ||||||
| TEST(pledge, execpromises_notok) { | TEST(pledge, execpromises_notok) { | ||||||
|   if (IsOpenbsd()) return;  // b/c testing linux bpf
 |   if (IsOpenbsd()) return;  // b/c testing linux bpf
 | ||||||
|   int ws, pid; |   int ws, pid; | ||||||
|   struct stat st; |  | ||||||
|   ASSERT_NE(-1, (pid = fork())); |   ASSERT_NE(-1, (pid = fork())); | ||||||
|   if (!pid) { |   if (!pid) { | ||||||
|     ASSERT_SYS(0, 0, pledge("stdio exec", "stdio")); |     ASSERT_SYS(0, 0, pledge("stdio exec", "stdio")); | ||||||
|  | @ -472,7 +467,6 @@ TEST(pledge, execpromises_notok) { | ||||||
| TEST(pledge, execpromises_reducesAtExecOnLinux) { | TEST(pledge, execpromises_reducesAtExecOnLinux) { | ||||||
|   if (IsOpenbsd()) return;  // b/c testing linux bpf
 |   if (IsOpenbsd()) return;  // b/c testing linux bpf
 | ||||||
|   int ws, pid; |   int ws, pid; | ||||||
|   struct stat st; |  | ||||||
|   ASSERT_NE(-1, (pid = fork())); |   ASSERT_NE(-1, (pid = fork())); | ||||||
|   if (!pid) { |   if (!pid) { | ||||||
|     ASSERT_SYS(0, 0, pledge("stdio inet tty exec", "stdio tty")); |     ASSERT_SYS(0, 0, pledge("stdio inet tty exec", "stdio tty")); | ||||||
|  | @ -487,7 +481,6 @@ TEST(pledge, execpromises_reducesAtExecOnLinux) { | ||||||
| TEST(pledge_openbsd, execpromisesIsNull_letsItDoAnything) { | TEST(pledge_openbsd, execpromisesIsNull_letsItDoAnything) { | ||||||
|   if (!IsOpenbsd()) return; |   if (!IsOpenbsd()) return; | ||||||
|   int ws, pid; |   int ws, pid; | ||||||
|   struct stat st; |  | ||||||
|   ASSERT_NE(-1, (pid = fork())); |   ASSERT_NE(-1, (pid = fork())); | ||||||
|   if (!pid) { |   if (!pid) { | ||||||
|     ASSERT_SYS(0, 0, pledge("stdio exec", 0)); |     ASSERT_SYS(0, 0, pledge("stdio exec", 0)); | ||||||
|  | @ -502,7 +495,6 @@ TEST(pledge_openbsd, execpromisesIsNull_letsItDoAnything) { | ||||||
| TEST(pledge_openbsd, execpromisesIsSuperset_letsItDoAnything) { | TEST(pledge_openbsd, execpromisesIsSuperset_letsItDoAnything) { | ||||||
|   if (!IsOpenbsd()) return; |   if (!IsOpenbsd()) return; | ||||||
|   int ws, pid; |   int ws, pid; | ||||||
|   struct stat st; |  | ||||||
|   ASSERT_NE(-1, (pid = fork())); |   ASSERT_NE(-1, (pid = fork())); | ||||||
|   if (!pid) { |   if (!pid) { | ||||||
|     ASSERT_SYS(0, 0, pledge("stdio rpath exec", "stdio rpath tty inet")); |     ASSERT_SYS(0, 0, pledge("stdio rpath exec", "stdio rpath tty inet")); | ||||||
|  | @ -522,7 +514,6 @@ TEST(pledge_linux, execpromisesIsSuperset_notPossible) { | ||||||
| TEST(pledge_openbsd, execpromises_notok) { | TEST(pledge_openbsd, execpromises_notok) { | ||||||
|   if (!IsOpenbsd()) return; |   if (!IsOpenbsd()) return; | ||||||
|   int ws, pid; |   int ws, pid; | ||||||
|   struct stat st; |  | ||||||
|   ASSERT_NE(-1, (pid = fork())); |   ASSERT_NE(-1, (pid = fork())); | ||||||
|   if (!pid) { |   if (!pid) { | ||||||
|     ASSERT_SYS(0, 0, pledge("stdio exec", "stdio")); |     ASSERT_SYS(0, 0, pledge("stdio exec", "stdio")); | ||||||
|  | @ -537,7 +528,6 @@ TEST(pledge_openbsd, execpromises_notok) { | ||||||
| TEST(pledge_openbsd, bigSyscalls) { | TEST(pledge_openbsd, bigSyscalls) { | ||||||
|   if (IsOpenbsd()) return;  // testing lunix
 |   if (IsOpenbsd()) return;  // testing lunix
 | ||||||
|   int ws, pid; |   int ws, pid; | ||||||
|   struct stat st; |  | ||||||
|   ASSERT_NE(-1, (pid = fork())); |   ASSERT_NE(-1, (pid = fork())); | ||||||
|   if (!pid) { |   if (!pid) { | ||||||
|     ASSERT_SYS(0, 0, pledge("stdio", 0)); |     ASSERT_SYS(0, 0, pledge("stdio", 0)); | ||||||
|  | @ -572,6 +562,25 @@ TEST(pledge, threadWithLocks_canCodeMorph) { | ||||||
|   EXPECT_EQ(0, WEXITSTATUS(ws)); |   EXPECT_EQ(0, WEXITSTATUS(ws)); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
|  | TEST(pledge, execWithoutRpath) { | ||||||
|  |   int ws, pid; | ||||||
|  |   ASSERT_SYS(0, 0, touch("foo", 0644)); | ||||||
|  |   ASSERT_NE(-1, (pid = fork())); | ||||||
|  |   if (!pid) { | ||||||
|  |     ASSERT_SYS(0, 0, pledge("stdio prot_exec exec", "stdio prot_exec exec")); | ||||||
|  |     ASSERT_SYS(EPERM, -1, open("foo", O_RDONLY)); | ||||||
|  |     _Exit(0); | ||||||
|  |   } | ||||||
|  |   EXPECT_NE(-1, wait(&ws)); | ||||||
|  |   if (IsOpenbsd()) { | ||||||
|  |     EXPECT_TRUE(WIFSIGNALED(ws)); | ||||||
|  |     EXPECT_EQ(SIGABRT, WTERMSIG(ws)); | ||||||
|  |   } else { | ||||||
|  |     EXPECT_TRUE(WIFEXITED(ws)); | ||||||
|  |     EXPECT_EQ(0, WEXITSTATUS(ws)); | ||||||
|  |   } | ||||||
|  | } | ||||||
|  | 
 | ||||||
| BENCH(pledge, bench) { | BENCH(pledge, bench) { | ||||||
|   int pid; |   int pid; | ||||||
|   if (!fork()) { |   if (!fork()) { | ||||||
|  |  | ||||||
							
								
								
									
										175
									
								
								test/tool/build/pledge_test.sh
									
										
									
									
									
										Executable file
									
								
							
							
						
						
									
										175
									
								
								test/tool/build/pledge_test.sh
									
										
									
									
									
										Executable file
									
								
							|  | @ -0,0 +1,175 @@ | ||||||
|  | #!/bin/sh | ||||||
|  | m=tinylinux | ||||||
|  | t=/tmp/pledge-test | ||||||
|  | 
 | ||||||
|  | if [ $# = 0 ]; then | ||||||
|  |   if ! [ $(id -u) = 0 ]; then | ||||||
|  |     make -j16 MODE= \ | ||||||
|  |          o//examples/ls.com \ | ||||||
|  |          o//examples/curl.com \ | ||||||
|  |          o//examples/life.com \ | ||||||
|  |          o//examples/hello.com \ | ||||||
|  |          o//examples/printargs.com \ | ||||||
|  |          o//tool/build/pledge.com || exit | ||||||
|  |     make -j16 MODE=$m \ | ||||||
|  |          o/$m/examples/ls.com \ | ||||||
|  |          o/$m/examples/curl.com \ | ||||||
|  |          o/$m/examples/life.com \ | ||||||
|  |          o/$m/examples/hello.com \ | ||||||
|  |          o/$m/examples/printargs.com \ | ||||||
|  |          o/$m/tool/build/pledge.com || exit | ||||||
|  |     test/tool/build/pledge_test.sh ape_binfmt_test_suite || exit | ||||||
|  |     test/tool/build/pledge_test.sh ape_loader_test_suite || exit | ||||||
|  |     test/tool/build/pledge_test.sh ape_assimilated_test_suite || exit | ||||||
|  |     test/tool/build/pledge_test.sh ape_native_test_suite || exit | ||||||
|  |     sudo test/tool/build/pledge_test.sh setuid_setup || exit | ||||||
|  |     test/tool/build/pledge_test.sh setuid_test_suite || exit | ||||||
|  |   else | ||||||
|  |     echo need to run as an unprivileged user with sudo access >&2 | ||||||
|  |     exit 1 | ||||||
|  |   fi | ||||||
|  | fi | ||||||
|  | 
 | ||||||
|  | check() { | ||||||
|  |   if [ $? = 0 ]; then | ||||||
|  |     printf '\e[32mok\e[0m\n' | ||||||
|  |   else | ||||||
|  |     echo failed >&2 | ||||||
|  |     exit 1 | ||||||
|  |   fi | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | startit() { | ||||||
|  |   printf 'testing %-30s ' "$*" >&2 | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | checkem() { | ||||||
|  |   if [ $? = 0 ]; then | ||||||
|  |     printf '\e[1;32mOK\e[0m\n' | ||||||
|  |   else | ||||||
|  |     printf '\e[1;31mFAILED\e[0m\n' | ||||||
|  |     exit 1 | ||||||
|  |   fi | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | if [ "$1" = setuid_setup ]; then | ||||||
|  | 
 | ||||||
|  |   rm -rf $t || exit | ||||||
|  |   mkdir -p $t || exit | ||||||
|  |   chmod 01777 $t || exit | ||||||
|  |   cp o/$m/tool/build/pledge.com $t || exit | ||||||
|  |   chmod 06755 $t/pledge.com || exit | ||||||
|  | 
 | ||||||
|  | elif [ "$1" = ape_binfmt_test_suite ]; then | ||||||
|  | 
 | ||||||
|  |   ape/apeinstall.sh >/dev/null 2>&1 | ||||||
|  | 
 | ||||||
|  |   startit ape binfmt life.com | ||||||
|  |   o//tool/build/pledge.com -p 'stdio rpath prot_exec' o//examples/life.com | ||||||
|  |   [ $? = 42 ] | ||||||
|  |   checkem | ||||||
|  | 
 | ||||||
|  |   startit ape binfmt hello.com | ||||||
|  |   [ "$(o//tool/build/pledge.com -p 'stdio rpath prot_exec' o//examples/hello.com)" = "hello world" ] | ||||||
|  |   checkem | ||||||
|  | 
 | ||||||
|  |   startit ape binfmt curl.com | ||||||
|  |   [ "$(o//tool/build/pledge.com -p 'stdio inet dns rpath prot_exec' o//examples/curl.com https://justine.lol/hello.txt)" = "hello world" ] | ||||||
|  |   checkem | ||||||
|  | 
 | ||||||
|  | elif [ "$1" = ape_loader_test_suite ]; then | ||||||
|  | 
 | ||||||
|  |   ape/apeuninstall.sh >/dev/null 2>&1 | ||||||
|  | 
 | ||||||
|  |   startit ape loader life.com | ||||||
|  |   o//tool/build/pledge.com -p 'stdio rpath prot_exec' o//examples/life.com | ||||||
|  |   [ $? = 42 ] | ||||||
|  |   checkem | ||||||
|  | 
 | ||||||
|  |   startit ape loader hello.com | ||||||
|  |   [ "$(o//tool/build/pledge.com -p 'stdio rpath prot_exec' o//examples/hello.com)" = "hello world" ] | ||||||
|  |   checkem | ||||||
|  | 
 | ||||||
|  |   startit ape loader curl.com | ||||||
|  |   [ "$(o//tool/build/pledge.com -p 'stdio inet dns rpath prot_exec' o//examples/curl.com https://justine.lol/hello.txt)" = "hello world" ] | ||||||
|  |   checkem | ||||||
|  | 
 | ||||||
|  |   ape/apeinstall.sh >/dev/null 2>&1 | ||||||
|  | 
 | ||||||
|  | elif [ "$1" = ape_assimilated_test_suite ]; then | ||||||
|  | 
 | ||||||
|  |   mkdir -p $t/assimilated | ||||||
|  | 
 | ||||||
|  |   startit ape assimilated life.com | ||||||
|  |   cp o//examples/life.com $t/assimilated | ||||||
|  |   o//tool/build/assimilate.com $t/assimilated/life.com | ||||||
|  |   o/$m/tool/build/pledge.com -p 'stdio' $t/assimilated/life.com | ||||||
|  |   [ $? = 42 ] | ||||||
|  |   checkem | ||||||
|  | 
 | ||||||
|  |   startit ape assimilated hello.com | ||||||
|  |   cp o//examples/hello.com $t/assimilated | ||||||
|  |   o//tool/build/assimilate.com $t/assimilated/hello.com | ||||||
|  |   [ "$(o/$m/tool/build/pledge.com -p 'stdio' $t/assimilated/hello.com)" = "hello world" ] | ||||||
|  |   checkem | ||||||
|  | 
 | ||||||
|  |   startit ape assimilated curl.com | ||||||
|  |   cp o//examples/curl.com $t/assimilated | ||||||
|  |   o//tool/build/assimilate.com $t/assimilated/curl.com | ||||||
|  |   [ "$(o/$m/tool/build/pledge.com -p 'stdio inet dns' $t/assimilated/curl.com https://justine.lol/hello.txt)" = "hello world" ] | ||||||
|  |   checkem | ||||||
|  | 
 | ||||||
|  | elif [ "$1" = ape_native_test_suite ]; then | ||||||
|  | 
 | ||||||
|  |   startit ape native life.com | ||||||
|  |   o/$m/tool/build/pledge.com -p 'stdio' o/$m/examples/life.com | ||||||
|  |   [ $? = 42 ] | ||||||
|  |   checkem | ||||||
|  | 
 | ||||||
|  |   startit ape native hello.com | ||||||
|  |   [ "$(o/$m/tool/build/pledge.com -p 'stdio' o/$m/examples/hello.com)" = "hello world" ] | ||||||
|  |   checkem | ||||||
|  | 
 | ||||||
|  |   startit ape native curl.com | ||||||
|  |   [ "$(o/$m/tool/build/pledge.com -p 'stdio inet dns' o/$m/examples/curl.com https://justine.lol/hello.txt)" = "hello world" ] | ||||||
|  |   checkem | ||||||
|  | 
 | ||||||
|  | elif [ "$1" = setuid_test_suite ]; then | ||||||
|  | 
 | ||||||
|  |   startit setuid life.com | ||||||
|  |   $t/pledge.com -p 'stdio' o/$m/examples/life.com | ||||||
|  |   [ $? = 42 ] | ||||||
|  |   checkem | ||||||
|  | 
 | ||||||
|  |   startit setuid hello.com | ||||||
|  |   [ "$($t/pledge.com -p 'stdio' o/$m/examples/hello.com)" = "hello world" ] | ||||||
|  |   checkem | ||||||
|  | 
 | ||||||
|  |   startit setuid curl.com | ||||||
|  |   [ "$($t/pledge.com -p 'stdio inet dns' o/$m/examples/curl.com https://justine.lol/hello.txt)" = "hello world" ] | ||||||
|  |   checkem | ||||||
|  | 
 | ||||||
|  |   startit setuid getuid | ||||||
|  |   [ "$($t/pledge.com -pstdio o/$m/examples/printargs.com 2>&1 | grep getuid | grep -o [[:digit:]]*)" = "$(id -u)" ] | ||||||
|  |   checkem | ||||||
|  | 
 | ||||||
|  |   startit setuid geteuid | ||||||
|  |   [ "$($t/pledge.com -pstdio o/$m/examples/printargs.com 2>&1 | grep geteuid | grep -o [[:digit:]]*)" = "$(id -u)" ] | ||||||
|  |   checkem | ||||||
|  | 
 | ||||||
|  |   startit setuid no capabilities | ||||||
|  |   [ "$($t/pledge.com -pstdio o/$m/examples/printargs.com 2>&1 | grep CAP_ | wc -l)" = 0 ] | ||||||
|  |   checkem | ||||||
|  | 
 | ||||||
|  |   startit setuid maximum nice | ||||||
|  |   $t/pledge.com -np 'stdio proc' o/$m/examples/printargs.com 2>&1 | grep SCHED_IDLE >/dev/null | ||||||
|  |   checkem | ||||||
|  | 
 | ||||||
|  |   startit setuid chroot | ||||||
|  |   mkdir $t/jail && | ||||||
|  |   touch $t/jail/hi && | ||||||
|  |   cp o/$m/examples/ls.com $t/jail && | ||||||
|  |   $t/pledge.com -v / -c $t/jail -p 'stdio rpath' /ls.com / | grep 'DT_REG     /hi' >/dev/null | ||||||
|  |   checkem | ||||||
|  | 
 | ||||||
|  | fi | ||||||
|  | @ -17,6 +17,7 @@ | ||||||
| │ PERFORMANCE OF THIS SOFTWARE.                                                │ | │ PERFORMANCE OF THIS SOFTWARE.                                                │ | ||||||
| ╚─────────────────────────────────────────────────────────────────────────────*/ | ╚─────────────────────────────────────────────────────────────────────────────*/ | ||||||
| #include "libc/bits/bits.h" | #include "libc/bits/bits.h" | ||||||
|  | #include "libc/bits/safemacros.internal.h" | ||||||
| #include "libc/calls/calls.h" | #include "libc/calls/calls.h" | ||||||
| #include "libc/calls/landlock.h" | #include "libc/calls/landlock.h" | ||||||
| #include "libc/calls/struct/rlimit.h" | #include "libc/calls/struct/rlimit.h" | ||||||
|  | @ -56,6 +57,11 @@ | ||||||
| #include "libc/x/x.h" | #include "libc/x/x.h" | ||||||
| #include "third_party/getopt/getopt.h" | #include "third_party/getopt/getopt.h" | ||||||
| 
 | 
 | ||||||
|  | // MANUALLY TESTED BY RUNNING
 | ||||||
|  | //
 | ||||||
|  | //     test/tool/build/pledge_test.sh
 | ||||||
|  | //
 | ||||||
|  | 
 | ||||||
| STATIC_YOINK("strerror_wr"); | STATIC_YOINK("strerror_wr"); | ||||||
| 
 | 
 | ||||||
| #define USAGE \ | #define USAGE \ | ||||||
|  | @ -94,7 +100,7 @@ usage: pledge.com [-hnN] PROG ARGS...\n\ | ||||||
|      - vminfo: allows /proc/stat, /proc/self/maps, etc.\n\ |      - vminfo: allows /proc/stat, /proc/self/maps, etc.\n\ | ||||||
|      - tmppath: allows /tmp, $TMPPATH, lstat, unlink\n\ |      - tmppath: allows /tmp, $TMPPATH, lstat, unlink\n\ | ||||||
| \n\ | \n\ | ||||||
| pledge.com v1.1\n\ | pledge.com v1.2\n\ | ||||||
| copyright 2022 justine alexandra roberts tunney\n\ | copyright 2022 justine alexandra roberts tunney\n\ | ||||||
| https://twitter.com/justinetunney\n\ | https://twitter.com/justinetunney\n\ | ||||||
| https://linkedin.com/in/jtunney\n\ | https://linkedin.com/in/jtunney\n\ | ||||||
|  | @ -352,19 +358,20 @@ void Unveil(const char *path, const char *perm) { | ||||||
|   } |   } | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| void UnveilIfExists(const char *path, const char *perm) { | int UnveilIfExists(const char *path, const char *perm) { | ||||||
|   int err; |   int err; | ||||||
|   if (path) { |   if (path) { | ||||||
|     err = errno; |     err = errno; | ||||||
|     if (unveil(path, perm) == -1) { |     if (unveil(path, perm) != -1) { | ||||||
|       if (errno == ENOENT) { |       return 0; | ||||||
|         errno = err; |     } else if (errno == ENOENT) { | ||||||
|       } else { |       errno = err; | ||||||
|         kprintf("error: unveil(%#s, %#s) failed: %m\n", path, perm); |     } else { | ||||||
|         _Exit(20); |       kprintf("error: unveil(%#s, %#s) failed: %m\n", path, perm); | ||||||
|       } |       _Exit(20); | ||||||
|     } |     } | ||||||
|   } |   } | ||||||
|  |   return -1; | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| void MakeProcessNice(void) { | void MakeProcessNice(void) { | ||||||
|  | @ -386,6 +393,7 @@ void MakeProcessNice(void) { | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| void ApplyFilesystemPolicy(unsigned long ipromises) { | void ApplyFilesystemPolicy(unsigned long ipromises) { | ||||||
|  |   const char *p; | ||||||
| 
 | 
 | ||||||
|   if (!SupportsLandlock()) { |   if (!SupportsLandlock()) { | ||||||
|     if (unveils.n) { |     if (unveils.n) { | ||||||
|  | @ -460,7 +468,12 @@ void ApplyFilesystemPolicy(unsigned long ipromises) { | ||||||
|   } |   } | ||||||
| 
 | 
 | ||||||
|   if (~ipromises & (1ul << PROMISE_PROT_EXEC)) { |   if (~ipromises & (1ul << PROMISE_PROT_EXEC)) { | ||||||
|     UnveilIfExists("/usr/bin/ape", "rx"); |     if (UnveilIfExists("/usr/bin/ape", "rx") == -1) { | ||||||
|  |       UnveilIfExists(xjoinpaths(firstnonnull(getenv("TMPDIR"), | ||||||
|  |                                              firstnonnull(getenv("HOME"), ".")), | ||||||
|  |                                 ".ape"), | ||||||
|  |                      "rx"); | ||||||
|  |     } | ||||||
|   } |   } | ||||||
| 
 | 
 | ||||||
|   if (~ipromises & (1ul << PROMISE_VMINFO)) { |   if (~ipromises & (1ul << PROMISE_VMINFO)) { | ||||||
|  | @ -552,15 +565,6 @@ int main(int argc, char *argv[]) { | ||||||
|   owneruid = geteuid(); |   owneruid = geteuid(); | ||||||
|   hasfunbits = usergid != ownergid || useruid != owneruid; |   hasfunbits = usergid != ownergid || useruid != owneruid; | ||||||
| 
 | 
 | ||||||
|   if (g_dontdrop) { |  | ||||||
|     if (hasfunbits) { |  | ||||||
|       kprintf("error: -D flag forbidden on setuid binaries\n"); |  | ||||||
|       _Exit(6); |  | ||||||
|     } |  | ||||||
|   } else { |  | ||||||
|     DropCapabilities(); |  | ||||||
|   } |  | ||||||
| 
 |  | ||||||
|   if (hasfunbits) { |   if (hasfunbits) { | ||||||
|     setuid(owneruid); |     setuid(owneruid); | ||||||
|     setgid(ownergid); |     setgid(ownergid); | ||||||
|  | @ -575,7 +579,7 @@ int main(int argc, char *argv[]) { | ||||||
|   } |   } | ||||||
| 
 | 
 | ||||||
|   // check if user has permission to chroot directory
 |   // check if user has permission to chroot directory
 | ||||||
|   if (hasfunbits) { |   if (hasfunbits && g_chroot) { | ||||||
|     oldfsuid = setfsuid(useruid); |     oldfsuid = setfsuid(useruid); | ||||||
|     oldfsgid = setfsgid(usergid); |     oldfsgid = setfsgid(usergid); | ||||||
|     if (access(g_chroot, R_OK) == -1) { |     if (access(g_chroot, R_OK) == -1) { | ||||||
|  | @ -612,6 +616,15 @@ int main(int argc, char *argv[]) { | ||||||
|     setfsgid(oldfsgid); |     setfsgid(oldfsgid); | ||||||
|   } |   } | ||||||
| 
 | 
 | ||||||
|  |   if (g_dontdrop) { | ||||||
|  |     if (hasfunbits) { | ||||||
|  |       kprintf("error: -D flag forbidden on setuid binaries\n"); | ||||||
|  |       _Exit(6); | ||||||
|  |     } | ||||||
|  |   } else { | ||||||
|  |     DropCapabilities(); | ||||||
|  |   } | ||||||
|  | 
 | ||||||
|   // set group id
 |   // set group id
 | ||||||
|   if (usergid != ownergid) { |   if (usergid != ownergid) { | ||||||
|     // setgid binaries must use the gid of the user that ran it
 |     // setgid binaries must use the gid of the user that ran it
 | ||||||
|  |  | ||||||
|  | @ -3930,12 +3930,13 @@ UNIX MODULE | ||||||
| 
 | 
 | ||||||
|     exec |     exec | ||||||
| 
 | 
 | ||||||
|       Allows execve, access, faccessat, openat(O_RDONLY). |       Allows execve. | ||||||
| 
 | 
 | ||||||
|       If the executable in question needs a loader, then you may need |       If the executable in question needs a loader, then you will need | ||||||
|       "prot_exec" too. With APE, security will be stronger if you |       "rpath prot_exec" too. With APE, security is strongest when you | ||||||
|       assimilate your binaries beforehand, using the --assimilate flag, |       assimilate your binaries beforehand, using the --assimilate flag, | ||||||
|       or the o//tool/build/assimilate.com program. |       or the o//tool/build/assimilate.com program. On OpenBSD this is | ||||||
|  |       mandatory. | ||||||
| 
 | 
 | ||||||
|     prot_exec |     prot_exec | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue