Userland: Unveil /usr/lib/Loader.so when using 'x' permissions on unveil

We should not rely on the Kernel to unveil this for us, so if a program needs to execute another program it should unveil the dynamic loader too to prevent crashing. To do this, we check if the user program tried to unveil a binary with at least using the 'x' permission, so we will try to also unveil the dynamic loader too.
author: Liav A <liavalb@gmail.com> 2022-10-24 17:59:56 +0300
committer: Andrew Kaster <andrewdkaster@gmail.com> 2022-10-24 19:41:32 -0600
commit: d102ea5f8183bad5ab0f09f2402b4b8a6739d88c (patch)
tree: 8a1c05ab79212185eab9413e0d9cec23bd9da26c /Userland/Libraries/LibCore
parent: 30dc3044294f58a6cd10f19f9c3e2d566449ddee (diff)
download: serenity-d102ea5f8183bad5ab0f09f2402b4b8a6739d88c.zip
1 files changed, 24 insertions, 0 deletions
diff --git a/Userland/Libraries/LibCore/System.cpp b/Userland/Libraries/LibCore/System.cpp
index fc49a9bc22..170a0c7336 100644
--- a/Userland/Libraries/LibCore/System.cpp
+++ b/Userland/Libraries/LibCore/System.cpp
@@ -81,10 +81,34 @@ ErrorOr<void> pledge(StringView promises, StringView execpromises)
     HANDLE_SYSCALL_RETURN_VALUE("pledge", rc, {});
 }
 
+static ErrorOr<void> unveil_dynamic_loader()
+{
+    static bool dynamic_loader_unveiled { false };
+    if (dynamic_loader_unveiled)
+        return {};
+    // FIXME: Try to find a way to not hardcode the dynamic loader path.
+    constexpr auto dynamic_loader_path = "/usr/lib/Loader.so"sv;
+    constexpr auto dynamic_loader_permissions = "x"sv;
+
+    Syscall::SC_unveil_params params {
+        { dynamic_loader_path.characters_without_null_termination(), dynamic_loader_path.length() },
+        { dynamic_loader_permissions.characters_without_null_termination(), dynamic_loader_permissions.length() },
+    };
+    int rc = syscall(SC_unveil, &params);
+    if (rc < 0) {
+        return Error::from_syscall("unveil (DynamicLoader @ /usr/lib/Loader.so)"sv, rc);
+    }
+    dynamic_loader_unveiled = true;
+    return {};
+}
+
 ErrorOr<void> unveil(StringView path, StringView permissions)
 {
     auto const parsed_path = TRY(Core::SessionManagement::parse_path_with_sid(path));
 
+    if (permissions.contains('x'))
+        TRY(unveil_dynamic_loader());
+
     Syscall::SC_unveil_params params {
         { parsed_path.characters(), parsed_path.length() },
         { permissions.characters_without_null_termination(), permissions.length() },
author	Liav A <liavalb@gmail.com>	2022-10-24 17:59:56 +0300
committer	Andrew Kaster <andrewdkaster@gmail.com>	2022-10-24 19:41:32 -0600
commit	d102ea5f8183bad5ab0f09f2402b4b8a6739d88c (patch)
tree	8a1c05ab79212185eab9413e0d9cec23bd9da26c /Userland/Libraries/LibCore
parent	30dc3044294f58a6cd10f19f9c3e2d566449ddee (diff)
download	serenity-d102ea5f8183bad5ab0f09f2402b4b8a6739d88c.zip