We use cookies to ensure you get the best experience on our website
Ana Sayfa Keşfet Yardım
Üye Ol Giriş Yap
0ct0pu5
/
ladybird
1
0
Çatalla 0
Dosyalar Sorunlar 0 Değişiklik İstekleri 0 Wiki
Kaynağa Gözat

Kernel+LibC: Implement a few mount flags

We now support these mount flags:
* MS_NODEV: disallow opening any devices from this file system
* MS_NOEXEC: disallow executing any executables from this file system
* MS_NOSUID: ignore set-user-id bits on executables from this file system

The fourth flag, MS_BIND, is defined, but currently ignored.
Sergey Bugaev 5 yıl önce
ebeveyn
2fcbb846fb
işleme
61c1106d9f
4 değiştirilmiş dosya ile 19 ekleme ve 5 silme
Görünümü Böl Farklılık Durumunu Göster
  1. 3 1
      Kernel/FileSystem/VirtualFileSystem.cpp
  2. 5 0
      Kernel/FileSystem/VirtualFileSystem.h
  3. 6 4
      Kernel/Process.cpp
  4. 5 0
      Libraries/LibC/unistd.h

+ 3 - 1
Kernel/FileSystem/VirtualFileSystem.cpp
Dosyayı Görüntüle 

@@ -216,11 +216,13 @@ KResultOr<NonnullRefPtr<FileDescription>> VFS::open(StringView path, int options
 
         should_truncate_file = options & O_TRUNC;
 
     }
 
     if (options & O_EXEC) {
 
-        if (!metadata.may_execute(current->process()))
 
+        if (!metadata.may_execute(current->process()) || (custody.mount_flags() & MS_NOEXEC))
 
             return KResult(-EACCES);
 
     }
 
 
     if (metadata.is_device()) {
 
+        if (custody.mount_flags() & MS_NODEV)
 
+            return KResult(-EACCES);
 
         auto device = Device::get_device(metadata.major_device, metadata.minor_device);
 
         if (device == nullptr) {
 
             return KResult(-ENODEV);

+ 5 - 0
Kernel/FileSystem/VirtualFileSystem.h
Dosyayı Görüntüle 

@@ -28,6 +28,11 @@
 
 #define O_DIRECT 04000000
 
 #define O_NOFOLLOW_NOERROR 0x4000000
 
 
+#define MS_NODEV 1
 
+#define MS_NOEXEC 2
 
+#define MS_NOSUID 4
 
+#define MS_BIND 8
 
+
 
 class Custody;
 
 class Device;
 
 class FileDescription;

+ 6 - 4
Kernel/Process.cpp
Dosyayı Görüntüle 

@@ -750,10 +750,12 @@ int Process::do_exec(String path, Vector<String> arguments, Vector<String> envir
 
     // Copy of the master TLS region that we will clone for new threads
 
     m_master_tls_region = master_tls_region;
 
 
-    if (metadata.is_setuid())
 
-        m_euid = metadata.uid;
 
-    if (metadata.is_setgid())
 
-        m_egid = metadata.gid;
 
+    if (!(description->custody()->mount_flags() & MS_NOSUID)) {
 
+        if (metadata.is_setuid())
 
+            m_euid = metadata.uid;
 
+        if (metadata.is_setgid())
 
+            m_egid = metadata.gid;
 
+    }
 
 
     current->set_default_signal_dispositions();
 
     current->m_signal_mask = 0;

+ 5 - 0
Libraries/LibC/unistd.h
Dosyayı Görüntüle 

@@ -128,6 +128,11 @@ enum {
 
 #define X_OK 1
 
 #define F_OK 0
 
 
+#define MS_NODEV 1
 
+#define MS_NOEXEC 2
 
+#define MS_NOSUID 4
 
+#define MS_BIND 8
 
+
 
 /*
 
  * We aren't fully compliant (don't support policies, and don't have a wide
 
  * range of values), but we do have process priorities.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5