Commit graph

246 commits

Author SHA1 Message Date
Andreas Kling
f2a087126c LibC: Add posix_openpt(), grantpt() and unlockpt()
This makes getting a pseudoterminal pair a little bit more portable.
Note that grantpt() and unlockpt() are currently no-ops, since we've
already granted the pseudoterminal slave to the calling user.

We also accept O_CLOEXEC to posix_openpt(), unlike some systems. :^)
2020-02-05 21:17:41 +01:00
joshua stein
868b1a24bb LibC: Move struct stat to sys/stat.h 2020-02-05 18:39:45 +01:00
Sergey Bugaev
b3a24d732d Kernel+LibC: Add sys$waitid(), and make sys$waitpid() wrap it
sys$waitid() takes an explicit description of whether it's waiting for a single
process with the given PID, all of the children, a group, etc., and returns its
info as a siginfo_t.

It also doesn't automatically imply WEXITED, which clears up the confusion in
the kernel.
2020-02-05 18:14:37 +01:00
Sergey Bugaev
a6cb7f759e Kernel+LibC: Add some Unix signal types & definitions 2020-02-05 18:14:37 +01:00
Sergey Bugaev
aafa5a9d09 LibC: Fix misplaced brace
It doesn't really make a difference since waitpid() is declared to have
extern "C" linkage in the header anyway, but still.
2020-02-05 18:14:37 +01:00
Kenzi Jeanis
6c9d66ed4b LibC: Add byteswap.h, forwarding bswap_N to GCC builtins 2020-02-03 19:53:54 +01:00
Kenzi Jeanis
e2110b633e LibC: Copy the net directory into /usr/include during build 2020-02-03 19:51:12 +01:00
Sergey Bugaev
589bd0a7de LibC: Implement getsid()
We've had a declaration, but not a definition.
2020-02-03 19:50:45 +01:00
Sergey Bugaev
a6e7797a31 LibC: Move waitpid() to sys/wait.h
That's where POSIX says it should be.
2020-02-03 19:50:45 +01:00
Sergey Bugaev
4e79a60b78 LibC: Implement isblank() 2020-02-03 19:50:45 +01:00
Andreas Kling
fa97ff1c83 LibC: Allow opting into malloc() and free() performance event logging
If a program is started with LIBC_PROFILE_MALLOC in the environment,
it will now generate PERF_EVENT_MALLOC and PERF_EVENT_FREE.
2020-02-02 20:29:50 +01:00
Jesse Buhagiar
5f78e2ff3a LibC: Implement putpwent()
It was previously impossible to (correctly) put an entry into the
password file via libc. This patch implements the functionality
to do so.
2020-02-02 10:58:45 +01:00
Jesse Buhagiar
dfaa5ecf81 LibC: Implement append modes for fopen()
Previously, `fopen()` didn't contain an implementation for the
append modes, even though the Kernel supports it via `O_APPEND`.

This patch rectifies that by implementing them so an assert is
no longer thrown.
2020-02-02 10:58:45 +01:00
Jesse Buhagiar
cdbdd397db LibC: Move FILE definition to bits/FILE.h
There are some headers in libc that require us to have definitions,
such as `FILE` available to us (such as in `pwd.h`). It is bad
practice to include the entirety of `stdio.h`, so it makes more
sense to put `FILE` into it's own header.
2020-02-02 10:58:45 +01:00
Andrew Kaster
117820f610 Meta: Claim copyright on files added by me
Demos/DynamicLink, LibC/cxxabi.cpp, and LibELF/ELFDynamic*.[cpp/h]
2020-02-02 02:05:38 +01:00
Andreas Kling
998765a7a6 LibC: The exec() family of functions should not search "." by default
We should only execute the filename verbatim if it contains a slash (/)
character somewhere. Otherwise, we need to look through the entries in
the PATH environment variable.

This fixes an issue where you could easily "override" system programs
by placing them in a directory you control, and then waiting for
someone to come there and run e.g "ls" :^)

Test: LibC/exec-should-not-search-current-directory.cpp
2020-02-01 16:14:09 +01:00
Andreas Kling
65961d3ffc LibC: Add WSTOPSIG macro
This macro can be used on the "status" output from sys$waitpid() to
find out which signal caused the waitee process to stop.

Fixes #794.
2020-01-27 20:47:56 +01:00
Andreas Kling
23ffd6c319 Kernel+LibC+Userland: Switch to 64-bit time_t
Let's not have that 2038 problem people are talking about. :^)
2020-01-27 10:59:29 +01:00
Andreas Kling
f24173b0f1 LibC: Only accept the first response from LookupServer in netdb code
If a DNS server responds with multiple answers for a question, we will
get a newline-separated sequence of answers from LookupServer.

However, we don't handle this properly yet in LibC, so just split the
response by line and only care about the first answer for now.
2020-01-26 12:23:37 +01:00
Sergey Bugaev
c0b32f7b76 Meta: Claim copyright for files created by me
This changes copyright holder to myself for the source code files that I've
created or have (almost) completely rewritten. Not included are the files
that were significantly changed by others even though it was me who originally
created them (think HtmlView), or the many other files I've contributed code to.
2020-01-24 15:15:16 +01:00
Andreas Kling
4aa1b5b40e LibC: The pwd and grp related functions need to preserve empty fieldso
Now that String::split() defaults to keep_empty=false, we need to make
sure the pwd and grp functions in LibC keep the empty ones.

This fixes "id" moaning about invalid lines in /etc/group.
2020-01-23 14:33:58 +01:00
Andreas Kling
07075cd001 Kernel+LibC: Clean up open() flag (O_*) definitions
These were using a mix of decimal, octal and hexadecimal for no reason.
2020-01-21 13:34:39 +01:00
Andreas Kling
6081c76515 Kernel: Make O_RDONLY non-zero
Sergey suggested that having a non-zero O_RDONLY would make some things
less confusing, and it seems like he's right about that.

We can now easily check read/write permissions separately instead of
dancing around with the bits.

This patch also fixes unveil() validation for O_RDWR which previously
forgot to check for "r" permission.
2020-01-21 13:27:08 +01:00
Andreas Kling
0569123ad7 Kernel: Add a basic implementation of unveil()
This syscall is a complement to pledge() and adds the same sort of
incremental relinquishing of capabilities for filesystem access.

The first call to unveil() will "drop a veil" on the process, and from
now on, only unveiled parts of the filesystem are visible to it.

Each call to unveil() specifies a path to either a directory or a file
along with permissions for that path. The permissions are a combination
of the following:

- r: Read access (like the "rpath" promise)
- w: Write access (like the "wpath" promise)
- x: Execute access
- c: Create/remove access (like the "cpath" promise)

Attempts to open a path that has not been unveiled with fail with
ENOENT. If the unveiled path lacks sufficient permissions, it will fail
with EACCES.

Like pledge(), subsequent calls to unveil() with the same path can only
remove permissions, not add them.

Once you call unveil(nullptr, nullptr), the veil is locked, and it's no
longer possible to unveil any more paths for the process, ever.

This concept comes from OpenBSD, and their implementation does various
things differently, I'm sure. This is just a first implementation for
SerenityOS, and we'll keep improving on it as we go. :^)
2020-01-20 22:12:04 +01:00
Andreas Kling
e07b34b9b8 Kernel+AK: Add/fix uintptr_t and intptr_t definitions
We should move towards using uintptr_t instead of u32 for pointers
everywhere, to prepare for an eventual 64-bit port.
2020-01-20 13:13:03 +01:00
Andreas Kling
545e2ba065 LibC: Use the templated type consistently in strtol_impl<T> 2020-01-18 11:41:04 +01:00
Andreas Kling
94ca55cefd Meta: Add license header to source files
As suggested by Joshua, this commit adds the 2-clause BSD license as a
comment block to the top of every source file.

For the first pass, I've just added myself for simplicity. I encourage
everyone to add themselves as copyright holders of any file they've
added or modified in some significant way. If I've added myself in
error somewhere, feel free to replace it with the appropriate copyright
holder instead.

Going forward, all new source files should include a license header.
2020-01-18 09:45:54 +01:00
Sergey Bugaev
e0013a6b4c Kernel+LibC: Unify sys$open() and sys$openat()
The syscall is now called sys$open(), but it behaves like the old sys$openat().
In userspace, open_with_path_length() is made a wrapper over openat_with_path_length().
2020-01-17 21:49:58 +01:00
Andreas Kling
60143c8d4e LibC: Add strnlen() 2020-01-16 22:11:31 +01:00
Andreas Kling
09fd59a1b5 LibC: Add INADDR_LOOPBACK 2020-01-15 22:11:44 +01:00
Andrew Kaster
4cb7c8ea85 LibC: Move even more methods and globals out of crt0.o 2020-01-13 13:03:30 +01:00
Sergey Bugaev
dd54d13d8d Kernel+LibC: Allow passing mount flags to chroot()
Since a chroot is in many ways similar to a separate root mount, we can also
apply mount flags to it as if it was an actual mount. These flags will apply
whenever the chrooted process accesses its root directory, but not when other
processes access this same directory for the outside. Since it's common to
chdir("/") immediately after chrooting (so that files accessed through the
current directory inherit the same mount flags), this effectively allows one to
apply additional limitations to a process confined inside a chroot.

To this effect, sys$chroot() gains a mount_flags argument (exposed as
chroot_with_mount_flags() in userspace) which can be set to all the same values
as the flags argument for sys$mount(), and additionally to -1 to keep the flags
set for that file system. Note that passing 0 as mount_flags will unset any
flags that may have been set for the file system, not keep them.
2020-01-12 20:02:11 +01:00
Andreas Kling
41c504a33b Kernel: Add pledge() syscall :^)
This patch implements basic support for OpenBSD-style pledge().
pledge() allows programs to incrementally reduce their set of allowed
syscalls, which are divided into categories that each make up a subset
of POSIX functionality.

If a process violates one of its pledged promises by attempting to call
a syscall that it previously said it wouldn't call, the process is
immediately terminated with an uncatchable SIGABRT.

This is by no means complete, and we'll need to add more checks in
various places to ensure that promises are being kept.

But it is pretty cool! :^)
2020-01-11 20:45:51 +01:00
Sergey Bugaev
61c1106d9f Kernel+LibC: Implement a few mount flags
We now support these mount flags:
* MS_NODEV: disallow opening any devices from this file system
* MS_NOEXEC: disallow executing any executables from this file system
* MS_NOSUID: ignore set-user-id bits on executables from this file system

The fourth flag, MS_BIND, is defined, but currently ignored.
2020-01-11 18:57:53 +01:00
Sergey Bugaev
2fcbb846fb Kernel+LibC: Add O_EXEC, move exec permission checking to VFS::open()
O_EXEC is mentioned by POSIX, so let's have it. Currently, it is only used
inside the kernel to ensure the process has the right permissions when opening
an executable.
2020-01-11 18:57:53 +01:00
Sergey Bugaev
4566c2d811 Kernel+LibC: Add support for mount flags
At the moment, the actual flags are ignored, but we correctly propagate them all
the way from the original mount() syscall to each custody that resides on the
mounted FS.
2020-01-11 18:57:53 +01:00
Andreas Kling
24c736b0e7 Kernel: Use the Syscall string and buffer types more
While I was updating syscalls to stop passing null-terminated strings,
I added some helpful struct types:

    - StringArgument { const char*; size_t; }
    - ImmutableBuffer<Data, Size> { const Data*; Size; }
    - MutableBuffer<Data, Size> { Data*; Size; }

The Process class has some convenience functions for validating and
optionally extracting the contents from these structs:

    - get_syscall_path_argument(StringArgument)
    - validate_and_copy_string_from_user(StringArgument)
    - validate(ImmutableBuffer)
    - validate(MutableBuffer)

There's still so much code around this and I'm wondering if we should
generate most of it instead. Possible nice little project.
2020-01-11 12:47:47 +01:00
Andreas Kling
f5092b1c7e Kernel: Pass a parameter struct to mount()
This was the last remaining syscall that took a null-terminated string
and figured out how long it was by walking it in kernelspace *shudder*.
2020-01-11 10:56:02 +01:00
Andreas Kling
e380142853 Kernel: Pass a parameter struct to rename() 2020-01-11 10:36:54 +01:00
Andreas Kling
46830a0c32 Kernel: Pass a parameter struct to symlink() 2020-01-11 10:31:33 +01:00
Andreas Kling
c97bfbd609 Kernel: Pass a parameter struct to mknod() 2020-01-11 10:27:37 +01:00
Andreas Kling
6536a80aa9 Kernel: Pass a parameter struct to chown() 2020-01-11 10:17:44 +01:00
Andreas Kling
ddd0b19281 Kernel: Add a basic chroot() syscall :^)
The chroot() syscall now allows the superuser to isolate a process into
a specific subtree of the filesystem. This is not strictly permanent,
as it is also possible for a superuser to break *out* of a chroot, but
it is a useful mechanism for isolating unprivileged processes.

The VFS now uses the current process's root_directory() as the root for
path resolution purposes. The root directory is stored as an uncached
Custody in the Process object.
2020-01-10 23:14:04 +01:00
Andreas Kling
485443bfca Kernel: Pass characters+length to link() 2020-01-10 21:26:47 +01:00
Andreas Kling
416c7ac2b5 Kernel: Rename Syscall::SyscallString => Syscall::StringArgument 2020-01-10 20:16:18 +01:00
Andreas Kling
0695ff8282 Kernel: Pass characters+length to readlink()
Note that I'm developing some helper types in the Syscall namespace as
I go here. Once I settle on some nice types, I will convert all the
other syscalls to use them as well.
2020-01-10 20:13:23 +01:00
Andreas Kling
8f20b173fd LibC: Remove useless retry loop in connect_to_lookup_server() 2020-01-10 13:52:20 +01:00
Andreas Kling
952bb95baa Kernel: Enable SMAP protection during the execve() syscall
The userspace execve() wrapper now measures all the strings and puts
them in a neat and tidy structure on the stack.

This way we know exactly how much to copy in the kernel, and we don't
have to use the SMAP-violating validate_read_str(). :^)
2020-01-10 12:20:36 +01:00
Andreas Kling
f3dad64a3b LibC: Fail name lookups immediately if we can't connect to LookupServer 2020-01-09 21:33:03 +01:00
Andreas Kling
4b4d369c5d Kernel: Take path+length in the unlink() and umount() syscalls 2020-01-09 16:23:41 +01:00