0ct0pu5/ladybird
1
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2024-12-03 04:50:29 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10
ladybird/Kernel/Syscalls
History
Liav A e598f22768 Kernel: Disallow executing SUID binaries if process is jailed 
Check if the process we are currently running is in a jail, and if that
is the case, fail early with the EPERM error code.

Also, as Brian noted, we should also disallow attaching to a jail in
case of already running within a setid executable, as this leaves the
user with false thinking of being secure (because you can't exec new
setid binaries), but the current program is still marked setid, which
means that at the very least we gained permissions while we didn't
expect it, so let's block it.
2022-12-30 15:49:37 -05:00
..
alarm.cpp Kernel: Make self-contained locking smart pointers their own classes 2022-08-20 17:20:43 +02:00
anon_create.cpp Kernel/Syscall: Make anon_create to not use Process::allocate_fd method 2022-08-21 10:56:48 +01:00
beep.cpp Kernel: Reorganize Arch/x86 directory to Arch/x86_64 after i686 removal 2022-12-28 11:53:41 +01:00
chdir.cpp Kernel: Make VirtualFileSystem functions take credentials as input 2022-08-21 16:02:24 +02:00
chmod.cpp Kernel: Make File::{chown,chmod} take credentials as input 2022-08-21 16:15:29 +02:00
chown.cpp Kernel/FileSystem: Add a few missing includes 2022-10-22 16:57:52 -04:00
clock.cpp Kernel: Wrap process address spaces in SpinlockProtected 2022-08-24 14:57:51 +02:00
debug.cpp Everywhere: Run clang-format 2022-04-01 21:24:45 +01:00
disown.cpp Kernel: Add support for jails 2022-11-05 18:00:58 -06:00
dup2.cpp Kernel: Mark sys$dup2() as not needing the big lock 2022-03-09 16:43:00 +01:00
emuctl.cpp Kernel: Mark sys$emuctl() as not needing the big lock 2022-03-09 16:43:00 +01:00
execve.cpp Kernel: Disallow executing SUID binaries if process is jailed 2022-12-30 15:49:37 -05:00
exit.cpp Kernel: Guard Process "protected data" with a spinlock 2022-08-21 12:25:14 +02:00
faccessat.cpp Kernel+LibC+LibCore+UserspaceEmulator: Implement faccessat(2) 2022-12-11 19:55:37 -07:00
fallocate.cpp Kernel: Add some spec links and comments to sys$posix_fallocate() 2022-11-29 11:09:19 +01:00
fcntl.cpp Kernel: Support F_SETLKW in fcntl 2022-07-21 16:39:22 +02:00
fork.cpp Kernel: Remove i686 support 2022-12-28 11:53:41 +01:00
fsync.cpp Kernel: Mark sys$fsync() as not needing the big lock 2022-03-08 00:19:49 +01:00
ftruncate.cpp Kernel: Mark sys$ftruncate() as not needing the big lock 2022-03-09 16:43:00 +01:00
futex.cpp Kernel: Wrap process address spaces in SpinlockProtected 2022-08-24 14:57:51 +02:00
get_dir_entries.cpp Kernel: Convert process file descriptor table to a SpinlockProtected 2022-01-29 02:17:06 +01:00
get_stack_bounds.cpp Kernel: Wrap process address spaces in SpinlockProtected 2022-08-24 14:57:51 +02:00
getrandom.cpp Kernel: Handle promise violations in the syscall handler 2021-12-29 18:08:15 +01:00
getuid.cpp Kernel: Use Process::credentials() and remove user ID/group ID helpers 2022-08-22 12:46:32 +02:00
hostname.cpp Kernel: Use Process::credentials() and remove user ID/group ID helpers 2022-08-22 12:46:32 +02:00
inode_watcher.cpp Kernel/FileSystem: Add a few missing includes 2022-10-22 16:57:52 -04:00
ioctl.cpp Kernel: Require semicolon after VERIFY_{NO_,}PROCESS_BIG_LOCK_ACQUIRED 2022-08-17 22:56:51 +02:00
jail.cpp Kernel: Disallow executing SUID binaries if process is jailed 2022-12-30 15:49:37 -05:00
keymap.cpp Kernel: Use Process::credentials() and remove user ID/group ID helpers 2022-08-22 12:46:32 +02:00
kill.cpp Kernel: Add support for jails 2022-11-05 18:00:58 -06:00
link.cpp Kernel+LibC+LibCore: Implement symlinkat(2) 2022-12-11 19:55:37 -07:00
lseek.cpp Kernel: Mark sys$lseek() as not needing the big lock 2022-03-09 16:43:00 +01:00
mkdir.cpp Kernel+LibC+LibCore: Implement mkdirat(2) 2022-12-11 19:55:37 -07:00
mknod.cpp Kernel: Make sys$mknod() not take the big lock 2022-08-22 17:56:03 +02:00
mmap.cpp Kernel: Reorganize Arch/x86 directory to Arch/x86_64 after i686 removal 2022-12-28 11:53:41 +01:00
mount.cpp Kernel: Split the Ext2FileSystem.{cpp,h} files into smaller components 2022-11-08 02:54:48 -07:00
open.cpp Kernel: Make VirtualFileSystem functions take credentials as input 2022-08-21 16:02:24 +02:00
perf_event.cpp Kernel: Require semicolon after VERIFY_{NO_,}PROCESS_BIG_LOCK_ACQUIRED 2022-08-17 22:56:51 +02:00
pipe.cpp Kernel: Use Process::credentials() and remove user ID/group ID helpers 2022-08-22 12:46:32 +02:00
pledge.cpp AK+Everywhere: Turn bool keep_empty to an enum in split* functions 2022-10-24 23:29:18 +01:00
poll.cpp Kernel: Make self-contained locking smart pointers their own classes 2022-08-20 17:20:43 +02:00
prctl.cpp Kernel: Require semicolon after VERIFY_{NO_,}PROCESS_BIG_LOCK_ACQUIRED 2022-08-17 22:56:51 +02:00
process.cpp Kernel: Make sys$getppid() not take the big lock 2022-08-21 13:29:36 +02:00
profiling.cpp Kernel: Add support for jails 2022-11-05 18:00:58 -06:00
ptrace.cpp Kernel: Wrap process address spaces in SpinlockProtected 2022-08-24 14:57:51 +02:00
purge.cpp Kernel: Use Process::credentials() and remove user ID/group ID helpers 2022-08-22 12:46:32 +02:00
read.cpp Kernel: Make self-contained locking smart pointers their own classes 2022-08-20 17:20:43 +02:00
readlink.cpp Kernel+LibC: Implement readlinkat(2) 2022-12-11 19:55:37 -07:00
realpath.cpp Kernel: Make VirtualFileSystem functions take credentials as input 2022-08-21 16:02:24 +02:00
rename.cpp Kernel+LibC+LibCore: Implement renameat(2) 2022-12-11 19:55:37 -07:00
resource.cpp Kernel: Require semicolon after VERIFY_{NO_,}PROCESS_BIG_LOCK_ACQUIRED 2022-08-17 22:56:51 +02:00
rmdir.cpp Kernel: Make VirtualFileSystem functions take credentials as input 2022-08-21 16:02:24 +02:00
sched.cpp Kernel: Add support for jails 2022-11-05 18:00:58 -06:00
sendfd.cpp Kernel: Require semicolon after VERIFY_{NO_,}PROCESS_BIG_LOCK_ACQUIRED 2022-08-17 22:56:51 +02:00
setpgid.cpp Kernel: Add support for jails 2022-11-05 18:00:58 -06:00
setuid.cpp Kernel+LibC: Implement setregid(2) 2022-12-11 19:55:37 -07:00
sigaction.cpp Kernel: Remove i686 support 2022-12-28 11:53:41 +01:00
socket.cpp Kernel: Add support for MSG_NOSIGNAL and properly send SIGPIPE 2022-10-24 15:49:39 +02:00
stat.cpp Kernel: Make VirtualFileSystem functions take credentials as input 2022-08-21 16:02:24 +02:00
statvfs.cpp Kernel: Make VirtualFileSystem functions take credentials as input 2022-08-21 16:02:24 +02:00
sync.cpp Kernel: Require semicolon after VERIFY_{NO_,}PROCESS_BIG_LOCK_ACQUIRED 2022-08-17 22:56:51 +02:00
sysconf.cpp Kernel: Require semicolon after VERIFY_{NO_,}PROCESS_BIG_LOCK_ACQUIRED 2022-08-17 22:56:51 +02:00
thread.cpp Kernel: Move ThreadRegisters into arch-specific directory 2022-12-29 19:32:20 -07:00
times.cpp Kernel: Require semicolon after VERIFY_{NO_,}PROCESS_BIG_LOCK_ACQUIRED 2022-08-17 22:56:51 +02:00
umask.cpp Kernel: Guard Process "protected data" with a spinlock 2022-08-21 12:25:14 +02:00
uname.cpp Kernel: Remove i686 support 2022-12-28 11:53:41 +01:00
unlink.cpp Kernel: Make VirtualFileSystem functions take credentials as input 2022-08-21 16:02:24 +02:00
unveil.cpp Kernel+LibCore+LibC: Implement support for forcing unveil on exec 2022-11-26 12:42:15 -07:00
utime.cpp Kernel: Make sys$utime() and sys$utimensat() not take the big lock 2022-08-22 17:56:03 +02:00
utimensat.cpp Kernel: Update tv_nsec field when using utimensat() with UTIME_NOW 2022-11-24 16:56:27 +01:00
waitid.cpp Kernel: Add support for jails 2022-11-05 18:00:58 -06:00
write.cpp Kernel+LibC+Tests: Implement pwritev(2) 2022-12-11 19:55:37 -07:00