LadybirdBrowser/ladybird
1
1
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2024-10-12 05:07:15 +03:00
Code Issues Packages Projects Releases Wiki Activity
dbcccde062
ladybird/Kernel/Syscalls/setuid.cpp
Brian Gianforcaro 54b9a4ec1e Kernel: Handle promise violations in the syscall handler 
Previously we would crash the process immediately when a promise
violation was found during a syscall. This is error prone, as we
don't unwind the stack. This means that in certain cases we can
leak resources, like an OwnPtr / RefPtr tracked on the stack. Or
even leak a lock acquired in a ScopeLockLocker.

To remedy this situation we move the promise violation handling to
the syscall handler, right before we return to user space. This
allows the code to follow the normal unwind path, and grantees
there is no longer any cleanup that needs to occur.

The Process::require_promise() and Process::require_no_promises()
functions were modified to return ErrorOr<void> so we enforce that
the errors are always propagated by the caller.
2021-12-29 18:08:15 +01:00

205 lines
5.3 KiB
C++
Raw Blame History

/*
* Copyright (c) 2018-2020, Andreas Kling <kling@serenityos.org>
*
* SPDX-License-Identifier: BSD-2-Clause
*/
#include <Kernel/Process.h>
namespace Kernel {
ErrorOr<FlatPtr> Process::sys$seteuid(UserID new_euid)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
TRY(require_promise(Pledge::id));
if (new_euid == (uid_t)-1)
return EINVAL;
if (new_euid != uid() && new_euid != suid() && !is_superuser())
return EPERM;
if (euid() != new_euid)
set_dumpable(false);
ProtectedDataMutationScope scope { *this };
m_protected_values.euid = new_euid;
return 0;
}
ErrorOr<FlatPtr> Process::sys$setegid(GroupID new_egid)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
TRY(require_promise(Pledge::id));
if (new_egid == (uid_t)-1)
return EINVAL;
if (new_egid != gid() && new_egid != sgid() && !is_superuser())
return EPERM;
if (egid() != new_egid)
set_dumpable(false);
ProtectedDataMutationScope scope { *this };
m_protected_values.egid = new_egid;
return 0;
}
ErrorOr<FlatPtr> Process::sys$setuid(UserID new_uid)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
TRY(require_promise(Pledge::id));
if (new_uid == (uid_t)-1)
return EINVAL;
if (new_uid != uid() && new_uid != euid() && !is_superuser())
return EPERM;
if (euid() != new_uid)
set_dumpable(false);
ProtectedDataMutationScope scope { *this };
m_protected_values.uid = new_uid;
m_protected_values.euid = new_uid;
m_protected_values.suid = new_uid;
return 0;
}
ErrorOr<FlatPtr> Process::sys$setgid(GroupID new_gid)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
TRY(require_promise(Pledge::id));
if (new_gid == (uid_t)-1)
return EINVAL;
if (new_gid != gid() && new_gid != egid() && !is_superuser())
return EPERM;
if (egid() != new_gid)
set_dumpable(false);
ProtectedDataMutationScope scope { *this };
m_protected_values.gid = new_gid;
m_protected_values.egid = new_gid;
m_protected_values.sgid = new_gid;
return 0;
}
ErrorOr<FlatPtr> Process::sys$setreuid(UserID new_ruid, UserID new_euid)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
TRY(require_promise(Pledge::id));
if (new_ruid == (uid_t)-1)
new_ruid = uid();
if (new_euid == (uid_t)-1)
new_euid = euid();
auto ok = [this](UserID id) { return id == uid() || id == euid() || id == suid(); };
if (!ok(new_ruid) || !ok(new_euid))
return EPERM;
if (new_ruid < (uid_t)-1 || new_euid < (uid_t)-1)
return EINVAL;
if (euid() != new_euid)
set_dumpable(false);
ProtectedDataMutationScope scope { *this };
m_protected_values.uid = new_ruid;
m_protected_values.euid = new_euid;
return 0;
}
ErrorOr<FlatPtr> Process::sys$setresuid(UserID new_ruid, UserID new_euid, UserID new_suid)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
TRY(require_promise(Pledge::id));
if (new_ruid == (uid_t)-1)
new_ruid = uid();
if (new_euid == (uid_t)-1)
new_euid = euid();
if (new_suid == (uid_t)-1)
new_suid = suid();
auto ok = [this](UserID id) { return id == uid() || id == euid() || id == suid(); };
if ((!ok(new_ruid) || !ok(new_euid) || !ok(new_suid)) && !is_superuser())
return EPERM;
if (euid() != new_euid)
set_dumpable(false);
ProtectedDataMutationScope scope { *this };
m_protected_values.uid = new_ruid;
m_protected_values.euid = new_euid;
m_protected_values.suid = new_suid;
return 0;
}
ErrorOr<FlatPtr> Process::sys$setresgid(GroupID new_rgid, GroupID new_egid, GroupID new_sgid)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
TRY(require_promise(Pledge::id));
if (new_rgid == (gid_t)-1)
new_rgid = gid();
if (new_egid == (gid_t)-1)
new_egid = egid();
if (new_sgid == (gid_t)-1)
new_sgid = sgid();
auto ok = [this](GroupID id) { return id == gid() || id == egid() || id == sgid(); };
if ((!ok(new_rgid) || !ok(new_egid) || !ok(new_sgid)) && !is_superuser())
return EPERM;
if (egid() != new_egid)
set_dumpable(false);
ProtectedDataMutationScope scope { *this };
m_protected_values.gid = new_rgid;
m_protected_values.egid = new_egid;
m_protected_values.sgid = new_sgid;
return 0;
}
ErrorOr<FlatPtr> Process::sys$setgroups(size_t count, Userspace<const gid_t*> user_gids)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
TRY(require_promise(Pledge::id));
if (!is_superuser())
return EPERM;
if (!count) {
ProtectedDataMutationScope scope { *this };
m_protected_values.extra_gids.clear();
return 0;
}
Vector<gid_t> new_extra_gids;
TRY(new_extra_gids.try_resize(count));
TRY(copy_n_from_user(new_extra_gids.data(), user_gids, count));
HashTable<gid_t> unique_extra_gids;
for (auto& extra_gid : new_extra_gids) {
if (extra_gid != gid())
unique_extra_gids.set(extra_gid);
}
ProtectedDataMutationScope scope { *this };
TRY(m_protected_values.extra_gids.try_resize(unique_extra_gids.size()));
size_t i = 0;
for (auto& extra_gid : unique_extra_gids) {
if (extra_gid == gid())
continue;
m_protected_values.extra_gids[i++] = extra_gid;
}
return 0;
}
}
Reference in New Issue View Git Blame Copy Permalink