LadybirdBrowser/ladybird
1
1
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2025-01-04 09:14:21 +03:00
Code Issues Packages Projects Releases Wiki Activity

Kernel+LibC: Implement a few mount flags

Browse Source 
We now support these mount flags:
* MS_NODEV: disallow opening any devices from this file system
* MS_NOEXEC: disallow executing any executables from this file system
* MS_NOSUID: ignore set-user-id bits on executables from this file system

The fourth flag, MS_BIND, is defined, but currently ignored.
This commit is contained in:
Sergey Bugaev 2020-01-11 18:45:38 +03:00 committed by Andreas Kling
parent 2fcbb846fb
commit 61c1106d9f
Notes: sideshowbarker 2024-07-19 10:11:43 +09:00 
Author: https://github.com/bugaevc
Commit: https://github.com/SerenityOS/serenity/commit/61c1106d9ff
Pull-request: https://github.com/SerenityOS/serenity/pull/1053
4 changed files with 19 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Kernel/FileSystem/VirtualFileSystem.cpp
View File

@ -216,11 +216,13 @@ KResultOr<NonnullRefPtr<FileDescription>> VFS::open(StringView path, int options
should_truncate_file = options & O_TRUNC; should_truncate_file = options & O_TRUNC;
} }
if (options & O_EXEC) { if (options & O_EXEC) {
if (!metadata.may_execute(current->process())) if (!metadata.may_execute(current->process()) || (custody.mount_flags() & MS_NOEXEC))
return KResult(-EACCES); return KResult(-EACCES);
} }
if (metadata.is_device()) { if (metadata.is_device()) {
if (custody.mount_flags() & MS_NODEV)
return KResult(-EACCES);
auto device = Device::get_device(metadata.major_device, metadata.minor_device); auto device = Device::get_device(metadata.major_device, metadata.minor_device);
if (device == nullptr) { if (device == nullptr) {
return KResult(-ENODEV); return KResult(-ENODEV);

5
Kernel/FileSystem/VirtualFileSystem.h
View File

@ -28,6 +28,11 @@
#define O_DIRECT 04000000 #define O_DIRECT 04000000
#define O_NOFOLLOW_NOERROR 0x4000000 #define O_NOFOLLOW_NOERROR 0x4000000
#define MS_NODEV 1
#define MS_NOEXEC 2
#define MS_NOSUID 4
#define MS_BIND 8
class Custody; class Custody;
class Device; class Device;
class FileDescription; class FileDescription;

10
Kernel/Process.cpp
View File

@ -750,10 +750,12 @@ int Process::do_exec(String path, Vector<String> arguments, Vector<String> envir
// Copy of the master TLS region that we will clone for new threads // Copy of the master TLS region that we will clone for new threads
m_master_tls_region = master_tls_region; m_master_tls_region = master_tls_region;
if (metadata.is_setuid()) if (!(description->custody()->mount_flags() & MS_NOSUID)) {
m_euid = metadata.uid; if (metadata.is_setuid())
if (metadata.is_setgid()) m_euid = metadata.uid;
m_egid = metadata.gid; if (metadata.is_setgid())
m_egid = metadata.gid;
}
current->set_default_signal_dispositions(); current->set_default_signal_dispositions();
current->m_signal_mask = 0; current->m_signal_mask = 0;

5
Libraries/LibC/unistd.h
View File

@ -128,6 +128,11 @@ enum {
#define X_OK 1 #define X_OK 1
#define F_OK 0 #define F_OK 0
#define MS_NODEV 1
#define MS_NOEXEC 2
#define MS_NOSUID 4
#define MS_BIND 8
/* /*
* We aren't fully compliant (don't support policies, and don't have a wide * We aren't fully compliant (don't support policies, and don't have a wide
* range of values), but we do have process priorities. * range of values), but we do have process priorities.