mirrors/serenity
1
0
Fork 0
mirror of https://github.com/SerenityOS/serenity.git synced 2025-01-23 18:02:05 -05:00
Code Issues Projects Releases Packages Wiki Activity
serenity/Kernel/Syscalls
History
Liav A e598f22768 Kernel: Disallow executing SUID binaries if process is jailed 
Check if the process we are currently running is in a jail, and if that
is the case, fail early with the EPERM error code.

Also, as Brian noted, we should also disallow attaching to a jail in
case of already running within a setid executable, as this leaves the
user with false thinking of being secure (because you can't exec new
setid binaries), but the current program is still marked setid, which
means that at the very least we gained permissions while we didn't
expect it, so let's block it.
2022-12-30 15:49:37 -05:00
..
alarm.cpp
anon_create.cpp
beep.cpp Kernel: Reorganize Arch/x86 directory to Arch/x86_64 after i686 removal 2022-12-28 11:53:41 +01:00
chdir.cpp
chmod.cpp
chown.cpp Kernel/FileSystem: Add a few missing includes 2022-10-22 16:57:52 -04:00
clock.cpp
debug.cpp
disown.cpp Kernel: Add support for jails 2022-11-05 18:00:58 -06:00
dup2.cpp
emuctl.cpp
execve.cpp Kernel: Disallow executing SUID binaries if process is jailed 2022-12-30 15:49:37 -05:00
exit.cpp
faccessat.cpp Kernel+LibC+LibCore+UserspaceEmulator: Implement faccessat(2) 2022-12-11 19:55:37 -07:00
fallocate.cpp Kernel: Add some spec links and comments to sys$posix_fallocate() 2022-11-29 11:09:19 +01:00
fcntl.cpp
fork.cpp Kernel: Remove i686 support 2022-12-28 11:53:41 +01:00
fsync.cpp
ftruncate.cpp
futex.cpp
get_dir_entries.cpp
get_stack_bounds.cpp
getrandom.cpp
getuid.cpp
hostname.cpp
inode_watcher.cpp Kernel/FileSystem: Add a few missing includes 2022-10-22 16:57:52 -04:00
ioctl.cpp
jail.cpp Kernel: Disallow executing SUID binaries if process is jailed 2022-12-30 15:49:37 -05:00
keymap.cpp
kill.cpp Kernel: Add support for jails 2022-11-05 18:00:58 -06:00
link.cpp Kernel+LibC+LibCore: Implement symlinkat(2) 2022-12-11 19:55:37 -07:00
lseek.cpp
mkdir.cpp Kernel+LibC+LibCore: Implement mkdirat(2) 2022-12-11 19:55:37 -07:00
mknod.cpp
mmap.cpp Kernel: Reorganize Arch/x86 directory to Arch/x86_64 after i686 removal 2022-12-28 11:53:41 +01:00
mount.cpp Kernel: Split the Ext2FileSystem.{cpp,h} files into smaller components 2022-11-08 02:54:48 -07:00
open.cpp
perf_event.cpp
pipe.cpp
pledge.cpp AK+Everywhere: Turn bool keep_empty to an enum in split* functions 2022-10-24 23:29:18 +01:00
poll.cpp
prctl.cpp
process.cpp
profiling.cpp Kernel: Add support for jails 2022-11-05 18:00:58 -06:00
ptrace.cpp
purge.cpp
read.cpp
readlink.cpp Kernel+LibC: Implement readlinkat(2) 2022-12-11 19:55:37 -07:00
realpath.cpp
rename.cpp Kernel+LibC+LibCore: Implement renameat(2) 2022-12-11 19:55:37 -07:00
resource.cpp
rmdir.cpp
sched.cpp Kernel: Add support for jails 2022-11-05 18:00:58 -06:00
sendfd.cpp
setpgid.cpp Kernel: Add support for jails 2022-11-05 18:00:58 -06:00
setuid.cpp Kernel+LibC: Implement setregid(2) 2022-12-11 19:55:37 -07:00
sigaction.cpp Kernel: Remove i686 support 2022-12-28 11:53:41 +01:00
socket.cpp Kernel: Add support for MSG_NOSIGNAL and properly send SIGPIPE 2022-10-24 15:49:39 +02:00
stat.cpp
statvfs.cpp
sync.cpp
sysconf.cpp
thread.cpp Kernel: Move ThreadRegisters into arch-specific directory 2022-12-29 19:32:20 -07:00
times.cpp
umask.cpp
uname.cpp Kernel: Remove i686 support 2022-12-28 11:53:41 +01:00
unlink.cpp
unveil.cpp Kernel+LibCore+LibC: Implement support for forcing unveil on exec 2022-11-26 12:42:15 -07:00
utime.cpp
utimensat.cpp Kernel: Update tv_nsec field when using utimensat() with UTIME_NOW 2022-11-24 16:56:27 +01:00
waitid.cpp Kernel: Add support for jails 2022-11-05 18:00:58 -06:00
write.cpp Kernel+LibC+Tests: Implement pwritev(2) 2022-12-11 19:55:37 -07:00