[PATCH] libc: add issetugid()
Bernhard Reutner-Fischer
rep.dot.nop at gmail.com
Thu Jul 24 20:41:39 UTC 2014
On Wed, Jul 23, 2014 at 07:28:26AM -0400, Anthony G. Basile wrote:
> I should add that this updated patch addresses Rich's points: 1) I've tested
> this for both dynamic and static linking and I tested that libressl builds
> and works correctly. 2) I added a link to the musl commit for the reasoning
> behind this approach.
>
> On 07/22/14 13:27, basile at opensource.dyc.edu wrote:
> >From: "Anthony G. Basile" <blueness at gentoo.org>
> >
> >issetugid() returns 1 if the process environment or memory address space
> >is considered tainted, and returns 0 otherwise. This happens, for example,
> >when a process's privileges are elevated by the setuid or setgid flags on
> >an executable belonging to root. This function first appeard in OpenBSD 2.0
> >and is needed for the LibreSSL.
> >
> >This patch follows the same logic as the equivalent musl commit. For more
> >information see the commit message at
> >
> >http://git.musl-libc.org/cgit/musl/commit/?id=ddddec106fd17c3aca3287005d21e92f742aa9d4
> >---
> > include/unistd.h | 8 ++++++++
> > libc/misc/file/issetugid.c | 12 ++++++++++++
> > libc/misc/internals/__uClibc_main.c | 12 ++++++++++++
> > 3 files changed, 32 insertions(+)
> > create mode 100644 libc/misc/file/issetugid.c
> >
> >diff --git a/include/unistd.h b/include/unistd.h
> >index 540062a..6c2c8c2 100644
> >--- a/include/unistd.h
> >+++ b/include/unistd.h
> >@@ -1168,6 +1168,14 @@ extern long int syscall (long int __sysno, ...) __THROW;
> >
> > #endif /* Use misc. */
> >
> >+#ifdef __USE_MISC
is MISC (or MISC alone) an appropriate guard?
> >+/* issetugid() returns 1 if the process environment or memory address space
> >+ is considered tainted, and returns 0 otherwise. This happens, for example,
> >+ when a process's privileges are elevated by the setuid or setgid flags on
> >+ an executable belonging to root.
> >+*/
> >+extern int issetugid(void);
> >+#endif
> >
> > #if (defined __USE_MISC || defined __USE_XOPEN_EXTENDED) && !defined F_LOCK
> > /* NOTE: These declarations also appear in <fcntl.h>; be sure to keep both
> >diff --git a/libc/misc/file/issetugid.c b/libc/misc/file/issetugid.c
> >new file mode 100644
> >index 0000000..29a4167
> >--- /dev/null
> >+++ b/libc/misc/file/issetugid.c
> >@@ -0,0 +1,12 @@
> >+/* Copyright (C) 2013 Gentoo Foundation
> >+ * Licensed under LGPL v2.1 or later, see the file COPYING.LIB in this tarball.
> >+ */
> >+
> >+#include <unistd.h>
> >+
> >+extern int _pe_secure;
> >+
> >+int issetugid(void)
> >+{
> >+ return _pe_secure;
> >+}
> >diff --git a/libc/misc/internals/__uClibc_main.c b/libc/misc/internals/__uClibc_main.c
> >index a37751f..b062e62 100644
> >--- a/libc/misc/internals/__uClibc_main.c
> >+++ b/libc/misc/internals/__uClibc_main.c
> >@@ -40,6 +40,13 @@
> > #include <locale.h>
> > #endif
> >
> >+/* Are we in a secure process environment or are we dealing
> >+ * with setuid stuff? If we are dynamically linked, then we
> >+ * already have _dl_secure, otherwise we need to re-examine
> >+ * auxvt[].
> >+ */
> >+int _pe_secure = 1;
I'd default that to 0
and i'd make that libc_hidden_data_def(_pe_secure)
> >+
> > #ifndef SHARED
> > void *__libc_stack_end = NULL;
> >
> >@@ -387,6 +394,11 @@ void __uClibc_main(int (*main)(int, char **, char **), int argc,
> > #else
> > if (_dl_secure)
> > #endif
> >+ _pe_secure = 1 ;
> >+ else
> >+ _pe_secure = 0 ;
> >+
> >+ if (_pe_secure)
> > {
> > __check_one_fd (STDIN_FILENO, O_RDONLY | O_NOFOLLOW);
> > __check_one_fd (STDOUT_FILENO, O_RDWR | O_NOFOLLOW);
> >
Please reformat the hunk above like:
@@ -388,10 +388,12 @@ void __uClibc_main(int (*main)(int, char **, char **), int argc,
if (_dl_secure)
#endif
{
+ _pe_secure = 1;
__check_one_fd (STDIN_FILENO, O_RDONLY | O_NOFOLLOW);
__check_one_fd (STDOUT_FILENO, O_RDWR | O_NOFOLLOW);
__check_one_fd (STDERR_FILENO, O_RDWR | O_NOFOLLOW);
- }
+ } else
+ _pe_secure = 0;
#endif
__uclibc_progname = *argv;
TIA,
More information about the uClibc
mailing list