mirrors/ladybird
1
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2025-01-24 02:03:06 -05:00
Code Issues Projects Releases Packages Wiki Activity
ladybird/Kernel/Syscalls/setuid.cpp

178 lines
5.1 KiB
C++
Raw Normal View History

Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
/*
* Copyright (c) 2018-2020, Andreas Kling <kling@serenityos.org>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include <Kernel/Process.h>
namespace Kernel {
Kernel: Move select Process members into protected memory Process member variable like m_euid are very valuable targets for kernel exploits and until now they have been writable at all times. This patch moves m_euid along with a whole bunch of other members into a new Process::ProtectedData struct. This struct is remapped as read-only memory whenever we don't need to write to it. This means that a kernel write primitive is no longer enough to overwrite a process's effective UID, you must first unprotect the protected data where the UID is stored. :^)
2021-03-10 19:59:46 +01:00
KResultOr<int> Process::sys$seteuid(uid_t new_euid)
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
{
REQUIRE_PROMISE(id);
Kernel: Move select Process members into protected memory Process member variable like m_euid are very valuable targets for kernel exploits and until now they have been writable at all times. This patch moves m_euid along with a whole bunch of other members into a new Process::ProtectedData struct. This struct is remapped as read-only memory whenever we don't need to write to it. This means that a kernel write primitive is no longer enough to overwrite a process's effective UID, you must first unprotect the protected data where the UID is stored. :^)
2021-03-10 19:59:46 +01:00
if (new_euid != uid() && new_euid != suid() && !is_superuser())
Kernel: Make all syscall functions return KResultOr<T> This makes it a lot easier to return errors since we no longer have to worry about negating EFOO errors and can just return them flat.
2021-03-01 13:49:16 +01:00
return EPERM;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
Kernel: Move select Process members into protected memory Process member variable like m_euid are very valuable targets for kernel exploits and until now they have been writable at all times. This patch moves m_euid along with a whole bunch of other members into a new Process::ProtectedData struct. This struct is remapped as read-only memory whenever we don't need to write to it. This means that a kernel write primitive is no longer enough to overwrite a process's effective UID, you must first unprotect the protected data where the UID is stored. :^)
2021-03-10 19:59:46 +01:00
if (euid() != new_euid)
Kernel+LibC: Introduce a "dumpable" flag for processes This new flag controls two things: - Whether the kernel will generate core dumps for the process - Whether the EUID:EGID should own the process's files in /proc Processes are automatically made non-dumpable when their EUID or EGID is changed, either via syscalls that specifically modify those ID's, or via sys$execve(), when a set-uid or set-gid program is executed. A process can change its own dumpable flag at any time by calling the new sys$prctl(PR_SET_DUMPABLE) syscall. Fixes #4504.
2020-12-25 18:27:42 +01:00
set_dumpable(false);
Kernel: Move select Process members into protected memory Process member variable like m_euid are very valuable targets for kernel exploits and until now they have been writable at all times. This patch moves m_euid along with a whole bunch of other members into a new Process::ProtectedData struct. This struct is remapped as read-only memory whenever we don't need to write to it. This means that a kernel write primitive is no longer enough to overwrite a process's effective UID, you must first unprotect the protected data where the UID is stored. :^)
2021-03-10 19:59:46 +01:00
MutableProtectedData(*this)->euid = new_euid;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
return 0;
}
Kernel: Move select Process members into protected memory Process member variable like m_euid are very valuable targets for kernel exploits and until now they have been writable at all times. This patch moves m_euid along with a whole bunch of other members into a new Process::ProtectedData struct. This struct is remapped as read-only memory whenever we don't need to write to it. This means that a kernel write primitive is no longer enough to overwrite a process's effective UID, you must first unprotect the protected data where the UID is stored. :^)
2021-03-10 19:59:46 +01:00
KResultOr<int> Process::sys$setegid(gid_t new_egid)
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
{
REQUIRE_PROMISE(id);
Kernel: Move select Process members into protected memory Process member variable like m_euid are very valuable targets for kernel exploits and until now they have been writable at all times. This patch moves m_euid along with a whole bunch of other members into a new Process::ProtectedData struct. This struct is remapped as read-only memory whenever we don't need to write to it. This means that a kernel write primitive is no longer enough to overwrite a process's effective UID, you must first unprotect the protected data where the UID is stored. :^)
2021-03-10 19:59:46 +01:00
if (new_egid != gid() && new_egid != sgid() && !is_superuser())
Kernel: Make all syscall functions return KResultOr<T> This makes it a lot easier to return errors since we no longer have to worry about negating EFOO errors and can just return them flat.
2021-03-01 13:49:16 +01:00
return EPERM;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
Kernel: Move select Process members into protected memory Process member variable like m_euid are very valuable targets for kernel exploits and until now they have been writable at all times. This patch moves m_euid along with a whole bunch of other members into a new Process::ProtectedData struct. This struct is remapped as read-only memory whenever we don't need to write to it. This means that a kernel write primitive is no longer enough to overwrite a process's effective UID, you must first unprotect the protected data where the UID is stored. :^)
2021-03-10 19:59:46 +01:00
if (egid() != new_egid)
Kernel+LibC: Introduce a "dumpable" flag for processes This new flag controls two things: - Whether the kernel will generate core dumps for the process - Whether the EUID:EGID should own the process's files in /proc Processes are automatically made non-dumpable when their EUID or EGID is changed, either via syscalls that specifically modify those ID's, or via sys$execve(), when a set-uid or set-gid program is executed. A process can change its own dumpable flag at any time by calling the new sys$prctl(PR_SET_DUMPABLE) syscall. Fixes #4504.
2020-12-25 18:27:42 +01:00
set_dumpable(false);
Kernel: Move select Process members into protected memory Process member variable like m_euid are very valuable targets for kernel exploits and until now they have been writable at all times. This patch moves m_euid along with a whole bunch of other members into a new Process::ProtectedData struct. This struct is remapped as read-only memory whenever we don't need to write to it. This means that a kernel write primitive is no longer enough to overwrite a process's effective UID, you must first unprotect the protected data where the UID is stored. :^)
2021-03-10 19:59:46 +01:00
MutableProtectedData(*this)->egid = new_egid;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
return 0;
}
Kernel: Move select Process members into protected memory Process member variable like m_euid are very valuable targets for kernel exploits and until now they have been writable at all times. This patch moves m_euid along with a whole bunch of other members into a new Process::ProtectedData struct. This struct is remapped as read-only memory whenever we don't need to write to it. This means that a kernel write primitive is no longer enough to overwrite a process's effective UID, you must first unprotect the protected data where the UID is stored. :^)
2021-03-10 19:59:46 +01:00
KResultOr<int> Process::sys$setuid(uid_t new_uid)
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
{
REQUIRE_PROMISE(id);
Kernel: Move select Process members into protected memory Process member variable like m_euid are very valuable targets for kernel exploits and until now they have been writable at all times. This patch moves m_euid along with a whole bunch of other members into a new Process::ProtectedData struct. This struct is remapped as read-only memory whenever we don't need to write to it. This means that a kernel write primitive is no longer enough to overwrite a process's effective UID, you must first unprotect the protected data where the UID is stored. :^)
2021-03-10 19:59:46 +01:00
if (new_uid != uid() && new_uid != euid() && !is_superuser())
Kernel: Make all syscall functions return KResultOr<T> This makes it a lot easier to return errors since we no longer have to worry about negating EFOO errors and can just return them flat.
2021-03-01 13:49:16 +01:00
return EPERM;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
Kernel: Move select Process members into protected memory Process member variable like m_euid are very valuable targets for kernel exploits and until now they have been writable at all times. This patch moves m_euid along with a whole bunch of other members into a new Process::ProtectedData struct. This struct is remapped as read-only memory whenever we don't need to write to it. This means that a kernel write primitive is no longer enough to overwrite a process's effective UID, you must first unprotect the protected data where the UID is stored. :^)
2021-03-10 19:59:46 +01:00
if (euid() != new_uid)
Kernel+LibC: Introduce a "dumpable" flag for processes This new flag controls two things: - Whether the kernel will generate core dumps for the process - Whether the EUID:EGID should own the process's files in /proc Processes are automatically made non-dumpable when their EUID or EGID is changed, either via syscalls that specifically modify those ID's, or via sys$execve(), when a set-uid or set-gid program is executed. A process can change its own dumpable flag at any time by calling the new sys$prctl(PR_SET_DUMPABLE) syscall. Fixes #4504.
2020-12-25 18:27:42 +01:00
set_dumpable(false);
Kernel: Move select Process members into protected memory Process member variable like m_euid are very valuable targets for kernel exploits and until now they have been writable at all times. This patch moves m_euid along with a whole bunch of other members into a new Process::ProtectedData struct. This struct is remapped as read-only memory whenever we don't need to write to it. This means that a kernel write primitive is no longer enough to overwrite a process's effective UID, you must first unprotect the protected data where the UID is stored. :^)
2021-03-10 19:59:46 +01:00
MutableProtectedData protected_data { *this };
protected_data->uid = new_uid;
protected_data->euid = new_uid;
protected_data->suid = new_uid;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
return 0;
}
Kernel: Move select Process members into protected memory Process member variable like m_euid are very valuable targets for kernel exploits and until now they have been writable at all times. This patch moves m_euid along with a whole bunch of other members into a new Process::ProtectedData struct. This struct is remapped as read-only memory whenever we don't need to write to it. This means that a kernel write primitive is no longer enough to overwrite a process's effective UID, you must first unprotect the protected data where the UID is stored. :^)
2021-03-10 19:59:46 +01:00
KResultOr<int> Process::sys$setgid(gid_t new_gid)
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
{
REQUIRE_PROMISE(id);
Kernel: Move select Process members into protected memory Process member variable like m_euid are very valuable targets for kernel exploits and until now they have been writable at all times. This patch moves m_euid along with a whole bunch of other members into a new Process::ProtectedData struct. This struct is remapped as read-only memory whenever we don't need to write to it. This means that a kernel write primitive is no longer enough to overwrite a process's effective UID, you must first unprotect the protected data where the UID is stored. :^)
2021-03-10 19:59:46 +01:00
if (new_gid != gid() && new_gid != egid() && !is_superuser())
Kernel: Make all syscall functions return KResultOr<T> This makes it a lot easier to return errors since we no longer have to worry about negating EFOO errors and can just return them flat.
2021-03-01 13:49:16 +01:00
return EPERM;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
Kernel: Move select Process members into protected memory Process member variable like m_euid are very valuable targets for kernel exploits and until now they have been writable at all times. This patch moves m_euid along with a whole bunch of other members into a new Process::ProtectedData struct. This struct is remapped as read-only memory whenever we don't need to write to it. This means that a kernel write primitive is no longer enough to overwrite a process's effective UID, you must first unprotect the protected data where the UID is stored. :^)
2021-03-10 19:59:46 +01:00
if (egid() != new_gid)
Kernel+LibC: Introduce a "dumpable" flag for processes This new flag controls two things: - Whether the kernel will generate core dumps for the process - Whether the EUID:EGID should own the process's files in /proc Processes are automatically made non-dumpable when their EUID or EGID is changed, either via syscalls that specifically modify those ID's, or via sys$execve(), when a set-uid or set-gid program is executed. A process can change its own dumpable flag at any time by calling the new sys$prctl(PR_SET_DUMPABLE) syscall. Fixes #4504.
2020-12-25 18:27:42 +01:00
set_dumpable(false);
Kernel: Move select Process members into protected memory Process member variable like m_euid are very valuable targets for kernel exploits and until now they have been writable at all times. This patch moves m_euid along with a whole bunch of other members into a new Process::ProtectedData struct. This struct is remapped as read-only memory whenever we don't need to write to it. This means that a kernel write primitive is no longer enough to overwrite a process's effective UID, you must first unprotect the protected data where the UID is stored. :^)
2021-03-10 19:59:46 +01:00
MutableProtectedData protected_data { *this };
protected_data->gid = new_gid;
protected_data->egid = new_gid;
protected_data->sgid = new_gid;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
return 0;
}
Kernel: Move select Process members into protected memory Process member variable like m_euid are very valuable targets for kernel exploits and until now they have been writable at all times. This patch moves m_euid along with a whole bunch of other members into a new Process::ProtectedData struct. This struct is remapped as read-only memory whenever we don't need to write to it. This means that a kernel write primitive is no longer enough to overwrite a process's effective UID, you must first unprotect the protected data where the UID is stored. :^)
2021-03-10 19:59:46 +01:00
KResultOr<int> Process::sys$setresuid(uid_t new_ruid, uid_t new_euid, uid_t new_suid)
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
{
REQUIRE_PROMISE(id);
Kernel: Move select Process members into protected memory Process member variable like m_euid are very valuable targets for kernel exploits and until now they have been writable at all times. This patch moves m_euid along with a whole bunch of other members into a new Process::ProtectedData struct. This struct is remapped as read-only memory whenever we don't need to write to it. This means that a kernel write primitive is no longer enough to overwrite a process's effective UID, you must first unprotect the protected data where the UID is stored. :^)
2021-03-10 19:59:46 +01:00
if (new_ruid == (uid_t)-1)
new_ruid = uid();
if (new_euid == (uid_t)-1)
new_euid = euid();
if (new_suid == (uid_t)-1)
new_suid = suid();
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
Kernel: Move select Process members into protected memory Process member variable like m_euid are very valuable targets for kernel exploits and until now they have been writable at all times. This patch moves m_euid along with a whole bunch of other members into a new Process::ProtectedData struct. This struct is remapped as read-only memory whenever we don't need to write to it. This means that a kernel write primitive is no longer enough to overwrite a process's effective UID, you must first unprotect the protected data where the UID is stored. :^)
2021-03-10 19:59:46 +01:00
auto ok = [this](uid_t id) { return id == uid() || id == euid() || id == suid(); };
if ((!ok(new_ruid) || !ok(new_euid) || !ok(new_suid)) && !is_superuser())
Kernel: Make all syscall functions return KResultOr<T> This makes it a lot easier to return errors since we no longer have to worry about negating EFOO errors and can just return them flat.
2021-03-01 13:49:16 +01:00
return EPERM;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
Kernel: Move select Process members into protected memory Process member variable like m_euid are very valuable targets for kernel exploits and until now they have been writable at all times. This patch moves m_euid along with a whole bunch of other members into a new Process::ProtectedData struct. This struct is remapped as read-only memory whenever we don't need to write to it. This means that a kernel write primitive is no longer enough to overwrite a process's effective UID, you must first unprotect the protected data where the UID is stored. :^)
2021-03-10 19:59:46 +01:00
if (euid() != new_euid)
Kernel+LibC: Introduce a "dumpable" flag for processes This new flag controls two things: - Whether the kernel will generate core dumps for the process - Whether the EUID:EGID should own the process's files in /proc Processes are automatically made non-dumpable when their EUID or EGID is changed, either via syscalls that specifically modify those ID's, or via sys$execve(), when a set-uid or set-gid program is executed. A process can change its own dumpable flag at any time by calling the new sys$prctl(PR_SET_DUMPABLE) syscall. Fixes #4504.
2020-12-25 18:27:42 +01:00
set_dumpable(false);
Kernel: Move select Process members into protected memory Process member variable like m_euid are very valuable targets for kernel exploits and until now they have been writable at all times. This patch moves m_euid along with a whole bunch of other members into a new Process::ProtectedData struct. This struct is remapped as read-only memory whenever we don't need to write to it. This means that a kernel write primitive is no longer enough to overwrite a process's effective UID, you must first unprotect the protected data where the UID is stored. :^)
2021-03-10 19:59:46 +01:00
MutableProtectedData protected_data { *this };
protected_data->uid = new_ruid;
protected_data->euid = new_euid;
protected_data->suid = new_suid;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
return 0;
}
Kernel: Move select Process members into protected memory Process member variable like m_euid are very valuable targets for kernel exploits and until now they have been writable at all times. This patch moves m_euid along with a whole bunch of other members into a new Process::ProtectedData struct. This struct is remapped as read-only memory whenever we don't need to write to it. This means that a kernel write primitive is no longer enough to overwrite a process's effective UID, you must first unprotect the protected data where the UID is stored. :^)
2021-03-10 19:59:46 +01:00
KResultOr<int> Process::sys$setresgid(gid_t new_rgid, gid_t new_egid, gid_t new_sgid)
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
{
REQUIRE_PROMISE(id);
Kernel: Move select Process members into protected memory Process member variable like m_euid are very valuable targets for kernel exploits and until now they have been writable at all times. This patch moves m_euid along with a whole bunch of other members into a new Process::ProtectedData struct. This struct is remapped as read-only memory whenever we don't need to write to it. This means that a kernel write primitive is no longer enough to overwrite a process's effective UID, you must first unprotect the protected data where the UID is stored. :^)
2021-03-10 19:59:46 +01:00
if (new_rgid == (gid_t)-1)
new_rgid = gid();
if (new_egid == (gid_t)-1)
new_egid = egid();
if (new_sgid == (gid_t)-1)
new_sgid = sgid();
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
Kernel: Move select Process members into protected memory Process member variable like m_euid are very valuable targets for kernel exploits and until now they have been writable at all times. This patch moves m_euid along with a whole bunch of other members into a new Process::ProtectedData struct. This struct is remapped as read-only memory whenever we don't need to write to it. This means that a kernel write primitive is no longer enough to overwrite a process's effective UID, you must first unprotect the protected data where the UID is stored. :^)
2021-03-10 19:59:46 +01:00
auto ok = [this](gid_t id) { return id == gid() || id == egid() || id == sgid(); };
if ((!ok(new_rgid) || !ok(new_egid) || !ok(new_sgid)) && !is_superuser())
Kernel: Make all syscall functions return KResultOr<T> This makes it a lot easier to return errors since we no longer have to worry about negating EFOO errors and can just return them flat.
2021-03-01 13:49:16 +01:00
return EPERM;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
Kernel: Move select Process members into protected memory Process member variable like m_euid are very valuable targets for kernel exploits and until now they have been writable at all times. This patch moves m_euid along with a whole bunch of other members into a new Process::ProtectedData struct. This struct is remapped as read-only memory whenever we don't need to write to it. This means that a kernel write primitive is no longer enough to overwrite a process's effective UID, you must first unprotect the protected data where the UID is stored. :^)
2021-03-10 19:59:46 +01:00
if (egid() != new_egid)
Kernel+LibC: Introduce a "dumpable" flag for processes This new flag controls two things: - Whether the kernel will generate core dumps for the process - Whether the EUID:EGID should own the process's files in /proc Processes are automatically made non-dumpable when their EUID or EGID is changed, either via syscalls that specifically modify those ID's, or via sys$execve(), when a set-uid or set-gid program is executed. A process can change its own dumpable flag at any time by calling the new sys$prctl(PR_SET_DUMPABLE) syscall. Fixes #4504.
2020-12-25 18:27:42 +01:00
set_dumpable(false);
Kernel: Move select Process members into protected memory Process member variable like m_euid are very valuable targets for kernel exploits and until now they have been writable at all times. This patch moves m_euid along with a whole bunch of other members into a new Process::ProtectedData struct. This struct is remapped as read-only memory whenever we don't need to write to it. This means that a kernel write primitive is no longer enough to overwrite a process's effective UID, you must first unprotect the protected data where the UID is stored. :^)
2021-03-10 19:59:46 +01:00
MutableProtectedData protected_data { *this };
protected_data->gid = new_rgid;
protected_data->egid = new_egid;
protected_data->sgid = new_sgid;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
return 0;
}
Kernel: Make all syscall functions return KResultOr<T> This makes it a lot easier to return errors since we no longer have to worry about negating EFOO errors and can just return them flat.
2021-03-01 13:49:16 +01:00
KResultOr<int> Process::sys$setgroups(ssize_t count, Userspace<const gid_t*> user_gids)
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
{
REQUIRE_PROMISE(id);
if (count < 0)
Kernel: Make all syscall functions return KResultOr<T> This makes it a lot easier to return errors since we no longer have to worry about negating EFOO errors and can just return them flat.
2021-03-01 13:49:16 +01:00
return EINVAL;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
if (!is_superuser())
Kernel: Make all syscall functions return KResultOr<T> This makes it a lot easier to return errors since we no longer have to worry about negating EFOO errors and can just return them flat.
2021-03-01 13:49:16 +01:00
return EPERM;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
if (!count) {
Kernel: Move process extra_gids into protected data :^)
2021-03-10 20:07:08 +01:00
MutableProtectedData(*this)->extra_gids.clear();
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
return 0;
}
Kernel: Move select Process members into protected memory Process member variable like m_euid are very valuable targets for kernel exploits and until now they have been writable at all times. This patch moves m_euid along with a whole bunch of other members into a new Process::ProtectedData struct. This struct is remapped as read-only memory whenever we don't need to write to it. This means that a kernel write primitive is no longer enough to overwrite a process's effective UID, you must first unprotect the protected data where the UID is stored. :^)
2021-03-10 19:59:46 +01:00
Vector<gid_t> new_extra_gids;
new_extra_gids.resize(count);
if (!copy_n_from_user(new_extra_gids.data(), user_gids, count))
Kernel: Make all syscall functions return KResultOr<T> This makes it a lot easier to return errors since we no longer have to worry about negating EFOO errors and can just return them flat.
2021-03-01 13:49:16 +01:00
return EFAULT;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
HashTable<gid_t> unique_extra_gids;
Kernel: Move select Process members into protected memory Process member variable like m_euid are very valuable targets for kernel exploits and until now they have been writable at all times. This patch moves m_euid along with a whole bunch of other members into a new Process::ProtectedData struct. This struct is remapped as read-only memory whenever we don't need to write to it. This means that a kernel write primitive is no longer enough to overwrite a process's effective UID, you must first unprotect the protected data where the UID is stored. :^)
2021-03-10 19:59:46 +01:00
for (auto& extra_gid : new_extra_gids) {
if (extra_gid != gid())
unique_extra_gids.set(extra_gid);
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
}
Kernel: Move process extra_gids into protected data :^)
2021-03-10 20:07:08 +01:00
MutableProtectedData protected_data { *this };
protected_data->extra_gids.resize(unique_extra_gids.size());
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
size_t i = 0;
Kernel: Move select Process members into protected memory Process member variable like m_euid are very valuable targets for kernel exploits and until now they have been writable at all times. This patch moves m_euid along with a whole bunch of other members into a new Process::ProtectedData struct. This struct is remapped as read-only memory whenever we don't need to write to it. This means that a kernel write primitive is no longer enough to overwrite a process's effective UID, you must first unprotect the protected data where the UID is stored. :^)
2021-03-10 19:59:46 +01:00
for (auto& extra_gid : unique_extra_gids) {
if (extra_gid == gid())
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
continue;
Kernel: Move process extra_gids into protected data :^)
2021-03-10 20:07:08 +01:00
protected_data->extra_gids[i++] = extra_gid;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
}
return 0;
}
}
Reference in a new issue Copy permalink