[PATCH] libc: add issetugid()

Bernhard Reutner-Fischer rep.dot.nop at gmail.com
Thu Jul 24 20:41:39 UTC 2014


On Wed, Jul 23, 2014 at 07:28:26AM -0400, Anthony G. Basile wrote:
> I should add that this updated patch addresses Rich's points: 1) I've tested
> this for both dynamic and static linking and I tested that libressl builds
> and works correctly.  2) I added a link to the musl commit for the reasoning
> behind this approach.
> 
> On 07/22/14 13:27, basile at opensource.dyc.edu wrote:
> >From: "Anthony G. Basile" <blueness at gentoo.org>
> >
> >issetugid() returns 1 if the process environment or memory address space
> >is considered tainted, and returns 0 otherwise.  This happens, for example,
> >when a process's privileges are elevated by the setuid or setgid flags on
> >an executable belonging to root.  This function first appeard in OpenBSD 2.0
> >and is needed for the LibreSSL.
> >
> >This patch follows the same logic as the equivalent musl commit.  For more
> >information see the commit message at
> >
> >http://git.musl-libc.org/cgit/musl/commit/?id=ddddec106fd17c3aca3287005d21e92f742aa9d4
> >---
> >  include/unistd.h                    |  8 ++++++++
> >  libc/misc/file/issetugid.c          | 12 ++++++++++++
> >  libc/misc/internals/__uClibc_main.c | 12 ++++++++++++
> >  3 files changed, 32 insertions(+)
> >  create mode 100644 libc/misc/file/issetugid.c
> >
> >diff --git a/include/unistd.h b/include/unistd.h
> >index 540062a..6c2c8c2 100644
> >--- a/include/unistd.h
> >+++ b/include/unistd.h
> >@@ -1168,6 +1168,14 @@ extern long int syscall (long int __sysno, ...) __THROW;
> >
> >  #endif	/* Use misc.  */
> >
> >+#ifdef __USE_MISC

is MISC (or MISC alone) an appropriate guard?

> >+/* issetugid() returns 1 if the process environment or memory address space
> >+   is considered tainted, and returns 0 otherwise.  This happens, for example,
> >+   when a process's privileges are elevated by the setuid or setgid flags on
> >+   an executable belonging to root.
> >+*/
> >+extern int issetugid(void);
> >+#endif
> >
> >  #if (defined __USE_MISC || defined __USE_XOPEN_EXTENDED) && !defined F_LOCK
> >  /* NOTE: These declarations also appear in <fcntl.h>; be sure to keep both
> >diff --git a/libc/misc/file/issetugid.c b/libc/misc/file/issetugid.c
> >new file mode 100644
> >index 0000000..29a4167
> >--- /dev/null
> >+++ b/libc/misc/file/issetugid.c
> >@@ -0,0 +1,12 @@
> >+/* Copyright (C) 2013 Gentoo Foundation
> >+ * Licensed under LGPL v2.1 or later, see the file COPYING.LIB in this tarball.
> >+ */
> >+
> >+#include <unistd.h>
> >+
> >+extern int _pe_secure;
> >+
> >+int issetugid(void)
> >+{
> >+	return _pe_secure;
> >+}
> >diff --git a/libc/misc/internals/__uClibc_main.c b/libc/misc/internals/__uClibc_main.c
> >index a37751f..b062e62 100644
> >--- a/libc/misc/internals/__uClibc_main.c
> >+++ b/libc/misc/internals/__uClibc_main.c
> >@@ -40,6 +40,13 @@
> >  #include <locale.h>
> >  #endif
> >
> >+/* Are we in a secure process environment or are we dealing
> >+ * with setuid stuff?  If we are dynamically linked, then we
> >+ * already have _dl_secure, otherwise we need to re-examine
> >+ * auxvt[].
> >+ */
> >+int _pe_secure = 1;

I'd default that to 0
and i'd make that libc_hidden_data_def(_pe_secure)

> >+
> >  #ifndef SHARED
> >  void *__libc_stack_end = NULL;
> >
> >@@ -387,6 +394,11 @@ void __uClibc_main(int (*main)(int, char **, char **), int argc,
> >  #else
> >      if (_dl_secure)
> >  #endif
> >+	_pe_secure = 1 ;
> >+    else
> >+	_pe_secure = 0 ;
> >+
> >+    if (_pe_secure)
> >      {
> >  	__check_one_fd (STDIN_FILENO, O_RDONLY | O_NOFOLLOW);
> >  	__check_one_fd (STDOUT_FILENO, O_RDWR | O_NOFOLLOW);
> >

Please reformat the hunk above like:
@@ -388,10 +388,12 @@ void __uClibc_main(int (*main)(int, char **, char **), int argc,
     if (_dl_secure)
 #endif
     {
+	_pe_secure = 1;
 	__check_one_fd (STDIN_FILENO, O_RDONLY | O_NOFOLLOW);
 	__check_one_fd (STDOUT_FILENO, O_RDWR | O_NOFOLLOW);
 	__check_one_fd (STDERR_FILENO, O_RDWR | O_NOFOLLOW);
-    }
+    } else
+	_pe_secure = 0;
 #endif
 
     __uclibc_progname = *argv;

TIA,


More information about the uClibc mailing list