We use cookies to ensure you get the best experience on our website
Inicio Explorar Ayuda
Registro Iniciar sesión
0ct0pu5
/
ladybird
1
0
Fork 0
Archivos Incidencias 0 Pull Requests 0 Wiki
Explorar el Código

Kernel: Add dedicated "ptrace" pledge promise

The vast majority of programs don't ever need to use sys$ptrace(),
and it seems like a high-value system call to prevent a compromised
process from using.

This patch moves sys$ptrace() from the "proc" promise to its own,
new "ptrace" promise and updates the affected apps.
Andreas Kling hace 4 años
padre
127ce32d9e
commit
f03800cee3
Se han modificado 6 ficheros con 7 adiciones y 5 borrados
Dividir vista Mostrar estadísticas de diff
  1. 1 1
      Applications/Debugger/main.cpp
  2. 1 0
      Base/usr/share/man/man2/pledge.md
  3. 2 2
      DevTools/HackStudio/main.cpp
  4. 1 0
      Kernel/Process.h
  5. 1 1
      Kernel/Syscalls/ptrace.cpp
  6. 1 1
      Userland/functrace.cpp

+ 1 - 1
Applications/Debugger/main.cpp
Ver fichero 

@@ -194,7 +194,7 @@ int main(int argc, char** argv)
 
 {
 
     editor = Line::Editor::construct();
 
 
-    if (pledge("stdio proc exec rpath tty sigaction cpath unix fattr", nullptr) < 0) {
 
+    if (pledge("stdio proc ptrace exec rpath tty sigaction cpath unix fattr", nullptr) < 0) {
 
         perror("pledge");
 
         return 1;
 
     }

+ 1 - 0
Base/usr/share/man/man2/pledge.md
Ver fichero 

@@ -53,6 +53,7 @@ If the process later attempts to use any system functionality it has previously
 
 * `sigaction`: Change signal handlers and dispositions (\*)
 
 * `sendfd`: Send file descriptors over a local socket
 
 * `recvfd`: Receive file descriptors over a local socket
 
+* `ptrace`: The [`ptrace(2)`](ptrace.md) syscall (\*)
 
 
 Promises marked with an asterisk (\*) are SerenityOS specific extensions not supported by the original OpenBSD `pledge()`.

+ 2 - 2
DevTools/HackStudio/main.cpp
Ver fichero 

@@ -57,14 +57,14 @@ static void update_path_environment_variable();
 
 
 int main(int argc, char** argv)
 
 {
 
-    if (pledge("stdio tty accept rpath cpath wpath shared_buffer proc exec unix fattr thread unix sendfd", nullptr) < 0) {
 
+    if (pledge("stdio tty accept rpath cpath wpath shared_buffer proc exec unix fattr thread unix sendfd ptrace", nullptr) < 0) {
 
         perror("pledge");
 
         return 1;
 
     }
 
 
     auto app = GUI::Application::construct(argc, argv);
 
 
-    if (pledge("stdio tty accept rpath cpath wpath shared_buffer proc exec fattr thread unix sendfd", nullptr) < 0) {
 
+    if (pledge("stdio tty accept rpath cpath wpath shared_buffer proc exec fattr thread unix sendfd ptrace", nullptr) < 0) {
 
         perror("pledge");
 
         return 1;
 
     }

+ 1 - 0
Kernel/Process.h
Ver fichero 

@@ -66,6 +66,7 @@ extern VirtualAddress g_return_to_ring3_from_signal_trampoline;
 
     __ENUMERATE_PLEDGE_PROMISE(inet)      \
 
     __ENUMERATE_PLEDGE_PROMISE(id)        \
 
     __ENUMERATE_PLEDGE_PROMISE(proc)      \
 
+    __ENUMERATE_PLEDGE_PROMISE(ptrace)    \
 
     __ENUMERATE_PLEDGE_PROMISE(exec)      \
 
     __ENUMERATE_PLEDGE_PROMISE(unix)      \
 
     __ENUMERATE_PLEDGE_PROMISE(recvfd)    \

+ 1 - 1
Kernel/Syscalls/ptrace.cpp
Ver fichero 

@@ -37,7 +37,7 @@ namespace Kernel {
 
 
 int Process::sys$ptrace(Userspace<const Syscall::SC_ptrace_params*> user_params)
 
 {
 
-    REQUIRE_PROMISE(proc);
 
+    REQUIRE_PROMISE(ptrace);
 
     Syscall::SC_ptrace_params params;
 
     if (!copy_from_user(&params, user_params))
 
         return -EFAULT;

+ 1 - 1
Userland/functrace.cpp
Ver fichero 

@@ -112,7 +112,7 @@ static NonnullOwnPtr<HashMap<void*, X86::Instruction>> instrument_code()
 
 
 int main(int argc, char** argv)
 
 {
 
-    if (pledge("stdio proc exec rpath sigaction", nullptr) < 0) {
 
+    if (pledge("stdio proc exec rpath sigaction ptrace", nullptr) < 0) {
 
         perror("pledge");
 
         return 1;
 
     }

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5