diff options
| author | Liav A <liavalb@gmail.com> | 2022-11-04 19:20:11 +0200 |
|---|---|---|
| committer | Andrew Kaster <andrewdkaster@gmail.com> | 2022-11-26 12:42:15 -0700 |
| commit | 718ae6862181b09dd13c8bb34917fe26048ff90a (patch) | |
| tree | ed811919d704264535edec43544b8a214b664613 /Kernel/Process.h | |
| parent | 35efdb17f9c3856d1c241d9f63619a4d1174a509 (diff) | |
| download | serenity-718ae6862181b09dd13c8bb34917fe26048ff90a.zip | |
Kernel+LibCore+LibC: Implement support for forcing unveil on exec
To accomplish this, we add another VeilState which is called
LockedInherited. The idea is to apply exec unveil data, similar to
execpromises of the pledge syscall, on the current exec'ed program
during the execve sequence. When applying the forced unveil data, the
veil state is set to be locked but the special state of LockedInherited
ensures that if the new program tries to unveil paths, the request will
silently be ignored, so the program will continue running without
receiving an error, but is still can only use the paths that were
unveiled before the exec syscall. This in turn, allows us to use the
unveil syscall with a special utility to sandbox other userland programs
in terms of what is visible to them on the filesystem, and is usable on
both programs that use or don't use the unveil syscall in their code.
Diffstat (limited to 'Kernel/Process.h')
| -rw-r--r-- | Kernel/Process.h | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/Kernel/Process.h b/Kernel/Process.h index a5bfa6ae90..bf0c1616c2 100644 --- a/Kernel/Process.h +++ b/Kernel/Process.h @@ -84,6 +84,7 @@ enum class VeilState { None, Dropped, Locked, + LockedInherited, }; static constexpr FlatPtr futex_key_private_flag = 0b1; @@ -523,6 +524,9 @@ public: auto& unveil_data() { return m_unveil_data; } auto const& unveil_data() const { return m_unveil_data; } + auto& exec_unveil_data() { return m_exec_unveil_data; } + auto const& exec_unveil_data() const { return m_exec_unveil_data; } + bool wait_for_tracer_at_next_execve() const { return m_wait_for_tracer_at_next_execve; @@ -584,7 +588,7 @@ private: bool add_thread(Thread&); bool remove_thread(Thread&); - Process(NonnullOwnPtr<KString> name, NonnullRefPtr<Credentials>, ProcessID ppid, bool is_kernel_process, RefPtr<Custody> current_directory, RefPtr<Custody> executable, TTY* tty, UnveilNode unveil_tree); + Process(NonnullOwnPtr<KString> name, NonnullRefPtr<Credentials>, ProcessID ppid, bool is_kernel_process, RefPtr<Custody> current_directory, RefPtr<Custody> executable, TTY* tty, UnveilNode unveil_tree, UnveilNode exec_unveil_tree); static ErrorOr<NonnullLockRefPtr<Process>> try_create(LockRefPtr<Thread>& first_thread, NonnullOwnPtr<KString> name, UserID, GroupID, ProcessID ppid, bool is_kernel_process, RefPtr<Custody> current_directory = nullptr, RefPtr<Custody> executable = nullptr, TTY* = nullptr, Process* fork_parent = nullptr); ErrorOr<void> attach_resources(NonnullOwnPtr<Memory::AddressSpace>&&, LockRefPtr<Thread>& first_thread, Process* fork_parent); static ProcessID allocate_pid(); @@ -878,6 +882,7 @@ private: LockRefPtr<Timer> m_alarm_timer; SpinlockProtected<UnveilData> m_unveil_data; + SpinlockProtected<UnveilData> m_exec_unveil_data; OwnPtr<PerformanceEventBuffer> m_perf_event_buffer; |