beenull/ladybird
1
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2024-11-22 23:50:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

Kernel: Disallow elevating pledge promises with no_error set

Browse source 
8233da3398 introduced a not-so-subtle bug
where an application with an existing pledge set containing `no_error`
could elevate its pledge set by pledging _anything_, this commit makes
sure that no new promise is accepted.
This commit is contained in:
Ali Mohammad Pur 2022-03-29 09:26:49 +04:30 committed by Andreas Kling
parent 4707b3a8a1
commit d6ce3e63e2
Notes: sideshowbarker 2024-07-17 16:34:53 +09:00 
Author: https://github.com/alimpfard
Commit: https://github.com/SerenityOS/serenity/commit/d6ce3e63e2
Pull-request: https://github.com/SerenityOS/serenity/pull/13327
1 changed files with 6 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
Kernel/Syscalls/pledge.cpp
View file

@ -47,9 +47,10 @@ ErrorOr<FlatPtr> Process::sys$pledge(Userspace<const Syscall::SC_pledge_params*>
if (!parse_pledge(promises->view(), new_promises))
return EINVAL;
if (!(m_protected_values.promises & (1u << (u32)Pledge::no_error))) {
if (m_protected_values.has_promises && (new_promises & ~m_protected_values.promises))
if (m_protected_values.has_promises && (new_promises & ~m_protected_values.promises)) {
if (!(m_protected_values.promises & (1u << (u32)Pledge::no_error)))
return EPERM;
new_promises &= m_protected_values.promises;
}
}
@ -57,9 +58,10 @@ ErrorOr<FlatPtr> Process::sys$pledge(Userspace<const Syscall::SC_pledge_params*>
if (execpromises) {
if (!parse_pledge(execpromises->view(), new_execpromises))
return EINVAL;
if (!(m_protected_values.promises & (1u << (u32)Pledge::no_error))) {
if (m_protected_values.has_execpromises && (new_execpromises & ~m_protected_values.execpromises))
if (m_protected_values.has_execpromises && (new_execpromises & ~m_protected_values.execpromises)) {
if (!(m_protected_values.promises & (1u << (u32)Pledge::no_error)))
return EPERM;
new_execpromises &= m_protected_values.execpromises;
}
}