ladybird/Kernel
Liav A e598f22768 Kernel: Disallow executing SUID binaries if process is jailed
Check if the process we are currently running is in a jail, and if that
is the case, fail early with the EPERM error code.

Also, as Brian noted, we should also disallow attaching to a jail in
case of already running within a setid executable, as this leaves the
user with false thinking of being secure (because you can't exec new
setid binaries), but the current program is still marked setid, which
means that at the very least we gained permissions while we didn't
expect it, so let's block it.
2022-12-30 15:49:37 -05:00
..
API Kernel: Remove i686 support 2022-12-28 11:53:41 +01:00
Arch Kernel/aarch64: Implement wait_cycles as a pause loop 2022-12-30 08:32:46 -07:00
Bus Kernel: Reorganize Arch/x86 directory to Arch/x86_64 after i686 removal 2022-12-28 11:53:41 +01:00
Devices Kernel: Reorganize Arch/x86 directory to Arch/x86_64 after i686 removal 2022-12-28 11:53:41 +01:00
FileSystem Kernel: Reorganize Arch/x86 directory to Arch/x86_64 after i686 removal 2022-12-28 11:53:41 +01:00
Firmware Kernel: Reorganize Arch/x86 directory to Arch/x86_64 after i686 removal 2022-12-28 11:53:41 +01:00
Graphics Kernel: Reorganize Arch/x86 directory to Arch/x86_64 after i686 removal 2022-12-28 11:53:41 +01:00
Heap Kernel: Remove i686 support 2022-12-28 11:53:41 +01:00
Interrupts Kernel: Reorganize Arch/x86 directory to Arch/x86_64 after i686 removal 2022-12-28 11:53:41 +01:00
Library Kernel: Move ScopedCritical.cpp to Kernel base directory 2022-12-29 19:32:20 -07:00
Locking Everywhere: Run clang-format 2022-12-03 23:52:23 +00:00
Memory Kernel: Put x86_64 specific VERIFY in PageDirectory.cpp behind ifdef 2022-12-29 19:32:20 -07:00
Net Kernel: Propagate errors in E1000NetworkAdapter 2022-12-17 18:34:57 +01:00
Prekernel Kernel: Reorganize Arch/x86 directory to Arch/x86_64 after i686 removal 2022-12-28 11:53:41 +01:00
Storage Kernel/aarch64: Move ifdef in StorageManagement.cpp 2022-12-29 19:32:20 -07:00
Syscalls Kernel: Disallow executing SUID binaries if process is jailed 2022-12-30 15:49:37 -05:00
Tasks Kernel: Make self-contained locking smart pointers their own classes 2022-08-20 17:20:43 +02:00
Time Kernel: Reorganize Arch/x86 directory to Arch/x86_64 after i686 removal 2022-12-28 11:53:41 +01:00
TTY Kernel: Reorganize Arch/x86 directory to Arch/x86_64 after i686 removal 2022-12-28 11:53:41 +01:00
AddressSanitizer.cpp Everywhere: Run clang-format 2022-04-01 21:24:45 +01:00
AddressSanitizer.h Everywhere: Use bgianf@serenityos.org for my copyright attribution 2021-04-22 21:15:54 +02:00
Assertions.h Kernel: Replace VERIFY_NOT_REACHED with TODO_AARCH64 2022-10-16 17:35:37 +02:00
AtomicEdgeAction.h Kernel: Add per platform Processor.h headers 2021-10-14 01:23:08 +01:00
BootInfo.h Everywhere: Run clang-format 2022-04-01 21:24:45 +01:00
CMakeLists.txt Kernel: Move ScopedCritical.cpp to Kernel base directory 2022-12-29 19:32:20 -07:00
CommandLine.cpp Kernel: Remove i686 support 2022-12-28 11:53:41 +01:00
CommandLine.h Kernel: Remove i686 support 2022-12-28 11:53:41 +01:00
Coredump.cpp Kernel: Remove i686 support 2022-12-28 11:53:41 +01:00
Coredump.h Kernel+SystemServer: Don't hardcode coredump directory path 2022-12-03 05:56:59 -07:00
Credentials.cpp Kernel: Make VirtualFileSystem functions take credentials as input 2022-08-21 16:02:24 +02:00
Credentials.h Kernel: Make VirtualFileSystem functions take credentials as input 2022-08-21 16:02:24 +02:00
Debug.h.in Kernel: Add support for the FAT32 filesystem 2022-10-14 18:36:40 -06:00
DoubleBuffer.cpp Kernel: Move InterruptDisabler out of Arch directory 2022-10-17 20:11:31 +02:00
DoubleBuffer.h Everywhere: Add sv suffix to strings relying on StringView(char const*) 2022-07-12 23:11:35 +02:00
embedmap.sh Kernel: Make new kernel build process work on macOS 2021-07-15 11:04:30 +02:00
Forward.h Kernel: Split the FATFileSystem.{cpp,h} files into smaller components 2022-11-08 02:54:48 -07:00
FutexQueue.cpp Kernel: Propagate OOM conditions out of sys$futex 2022-07-21 16:39:22 +02:00
FutexQueue.h AK+Kernel: Add AK::AtomicRefCounted and use everywhere in the kernel 2022-08-20 17:15:52 +02:00
generate-version-file.sh Kernel: Bake version information into the Kernel 2022-10-14 13:45:33 +02:00
InterruptDisabler.h Kernel: Move InterruptDisabler out of Arch directory 2022-10-17 20:11:31 +02:00
IOWindow.cpp Kernel: Remove i686 support 2022-12-28 11:53:41 +01:00
IOWindow.h Kernel: Reorganize Arch/x86 directory to Arch/x86_64 after i686 removal 2022-12-28 11:53:41 +01:00
Jail.cpp Kernel: Add support for jails 2022-11-05 18:00:58 -06:00
Jail.h Kernel: Fix includes when building aarch64 2022-11-18 16:25:33 -08:00
JailManagement.cpp Kernel: Add support for jails 2022-11-05 18:00:58 -06:00
JailManagement.h Kernel: Add support for jails 2022-11-05 18:00:58 -06:00
KBuffer.h Kernel: Annotate all KBuffer and DoubleBuffer with a custom name 2022-07-12 00:55:31 +01:00
KBufferBuilder.cpp Everywhere: Add sv suffix to strings relying on StringView(char const*) 2022-07-12 23:11:35 +02:00
KBufferBuilder.h Kernel: Expose .length() of KBufferBuilder 2022-05-06 02:12:51 +04:30
KLexicalPath.cpp Everywhere: Add sv suffix to strings relying on StringView(char const*) 2022-07-12 23:11:35 +02:00
KLexicalPath.h Everywhere: Pass AK::StringView by value 2021-11-11 01:27:46 +01:00
kprintf.cpp Kernel: Reorganize Arch/x86 directory to Arch/x86_64 after i686 removal 2022-12-28 11:53:41 +01:00
kstdio.h Kernel: Don't blindly compile Bochs debug output code in ConsoleDevice 2022-09-20 18:43:05 +01:00
KString.cpp Kernel: Add an error propagating KString::format(..) API :^) 2021-11-30 11:16:35 +01:00
KString.h Everywhere: Run clang-format 2022-04-01 21:24:45 +01:00
KSyms.cpp Kernel: Add ability to dump backtrace from provided frame pointer 2022-10-01 14:09:01 +02:00
KSyms.h Kernel: Add ability to dump backtrace from provided frame pointer 2022-10-01 14:09:01 +02:00
MiniStdLib.cpp Kernel: Remove i686 support 2022-12-28 11:53:41 +01:00
mkmap.sh Kernel: Use the toolchain's nm in mkmap.sh 2021-12-30 18:10:51 +01:00
Multiboot.h Kernel: Add basic aarch64 support to MemoryManager 2022-09-12 00:56:44 +01:00
Panic.cpp Kernel: Reorganize Arch/x86 directory to Arch/x86_64 after i686 removal 2022-12-28 11:53:41 +01:00
Panic.h Kernel: Implement __panic() for the aarch64 Kernel 2022-05-03 21:53:36 +02:00
PerformanceEventBuffer.cpp Kernel: Don't wrap AddressSpace's RegionTree in SpinlockProtected 2022-08-24 14:57:51 +02:00
PerformanceEventBuffer.h Everywhere: Run clang-format 2022-04-01 21:24:45 +01:00
PerformanceManager.h Everywhere: Fix a variety of typos 2022-09-14 04:46:49 +00:00
PhysicalAddress.h Everywhere: Add sv suffix to strings relying on StringView(char const*) 2022-07-12 23:11:35 +02:00
Process.cpp Kernel: Factor out setting Thread entry function 2022-12-29 19:32:20 -07:00
Process.h Kernel: Disallow executing SUID binaries if process is jailed 2022-12-30 15:49:37 -05:00
ProcessExposed.cpp Kernel: Split the ProcFS core file into smaller components 2022-11-08 02:54:48 -07:00
ProcessExposed.h Kernel: Use AK::Time for InodeMetadata timestamps instead of time_t 2022-11-24 16:56:27 +01:00
ProcessGroup.cpp Kernel: Make self-contained locking smart pointers their own classes 2022-08-20 17:20:43 +02:00
ProcessGroup.h Kernel: Include missing headers for various files 2022-10-26 20:01:45 +02:00
ProcessProcFSTraits.cpp Kernel: Split the ProcFS core file into smaller components 2022-11-08 02:54:48 -07:00
ProcessSpecificExposed.cpp Kernel: Split the ProcFS core file into smaller components 2022-11-08 02:54:48 -07:00
Random.cpp Kernel: Reorganize Arch/x86 directory to Arch/x86_64 after i686 removal 2022-12-28 11:53:41 +01:00
Random.h Everywhere: Run clang-format 2022-12-03 23:52:23 +00:00
SanCov.cpp Kernel: Add some implied auto qualifiers 2021-12-30 14:32:17 +01:00
Scheduler.cpp Kernel: Add Processor::wait_for_interrupt and use it in Scheduler 2022-12-29 19:32:20 -07:00
Scheduler.h Kernel: Move Scheduler current time method to the TimeManagement code 2022-10-14 14:13:51 +02:00
ScopedCritical.cpp Kernel: Move ScopedCritical.cpp to Kernel base directory 2022-12-29 19:32:20 -07:00
ScopedCritical.h Kernel: Move ScopedCritical.cpp to Kernel base directory 2022-12-29 19:32:20 -07:00
Sections.h Kernel: Make the page table quickmaps per-CPU 2022-08-22 17:56:03 +02:00
StdLib.cpp Everywhere: Run clang-format 2022-12-03 23:52:23 +00:00
StdLib.h Everywhere: Run clang-format 2022-12-03 23:52:23 +00:00
Syscall.cpp Kernel: Reorganize Arch/x86 directory to Arch/x86_64 after i686 removal 2022-12-28 11:53:41 +01:00
Thread.cpp Kernel: Move ThreadRegisters into arch-specific directory 2022-12-29 19:32:20 -07:00
Thread.h Kernel: Move ThreadRegisters into arch-specific directory 2022-12-29 19:32:20 -07:00
ThreadBlockers.cpp Kernel: Use InterruptsState in Spinlock code 2022-08-26 12:51:57 +02:00
ThreadTracer.cpp Everywhere: Run clang-format 2022-04-01 21:24:45 +01:00
ThreadTracer.h Kernel+Userland: Remove dependency on i386-specific registers 2022-12-28 11:53:41 +01:00
TimerQueue.cpp Kernel: Make self-contained locking smart pointers their own classes 2022-08-20 17:20:43 +02:00
TimerQueue.h Kernel: Make self-contained locking smart pointers their own classes 2022-08-20 17:20:43 +02:00
UBSanitizer.cpp Everywhere: Add sv suffix to strings relying on StringView(char const*) 2022-07-12 23:11:35 +02:00
UnixTypes.h Kernel: Add support for SA_SIGINFO 2022-03-04 20:07:05 +01:00
UserOrKernelBuffer.cpp Kernel: Replace KResult and KResultOr<T> with Error and ErrorOr<T> 2021-11-08 01:10:53 +01:00
UserOrKernelBuffer.h Everywhere: Run clang-format 2022-04-01 21:24:45 +01:00
VirtualAddress.h Everywhere: Add sv suffix to strings relying on StringView(char const*) 2022-07-12 23:11:35 +02:00
WaitQueue.cpp Kernel: Don't register thread as custom data for WaitQueueBlocker 2021-08-24 01:57:11 +02:00
WaitQueue.h Everywhere: Run clang-format 2022-04-01 21:24:45 +01:00
WorkQueue.cpp Kernel: Make self-contained locking smart pointers their own classes 2022-08-20 17:20:43 +02:00
WorkQueue.h Kernel: Make self-contained locking smart pointers their own classes 2022-08-20 17:20:43 +02:00