1 files changed, 57 insertions, 4 deletions

diff --git a/vendor/rustix/src/backend/linux_raw/param/auxv.rs b/vendor/rustix/src/backend/linux_raw/param/auxv.rs
index 8b0423ae4..fbbcdea29 100644
--- a/vendor/rustix/src/backend/linux_raw/param/auxv.rs
+++ b/vendor/rustix/src/backend/linux_raw/param/auxv.rs
@@ -15,6 +15,8 @@ use crate::utils::{as_ptr, check_raw_pointer};
 use alloc::vec::Vec;
 use core::mem::size_of;
 use core::ptr::{null_mut, read_unaligned, NonNull};
+#[cfg(feature = "runtime")]
+use core::sync::atomic::AtomicU8;
 use core::sync::atomic::Ordering::Relaxed;
 use core::sync::atomic::{AtomicPtr, AtomicUsize};
 use linux_raw_sys::elf::*;
@@ -22,7 +24,9 @@ use linux_raw_sys::general::{
     AT_BASE, AT_CLKTCK, AT_EXECFN, AT_HWCAP, AT_HWCAP2, AT_NULL, AT_PAGESZ, AT_SYSINFO_EHDR,
 };
 #[cfg(feature = "runtime")]
-use linux_raw_sys::general::{AT_ENTRY, AT_PHDR, AT_PHENT, AT_PHNUM};
+use linux_raw_sys::general::{
+    AT_EGID, AT_ENTRY, AT_EUID, AT_GID, AT_PHDR, AT_PHENT, AT_PHNUM, AT_SECURE, AT_UID,
+};
 
 #[cfg(feature = "param")]
 #[inline]
@@ -82,6 +86,23 @@ pub(crate) fn linux_execfn() -> &'static CStr {
 
 #[cfg(feature = "runtime")]
 #[inline]
+pub(crate) fn linux_secure() -> bool {
+    let mut secure = SECURE.load(Relaxed);
+
+    // 0 means not initialized yet.
+    if secure == 0 {
+        init_auxv();
+        secure = SECURE.load(Relaxed);
+    }
+
+    // 0 means not present. Libc `getauxval(AT_SECURE)` would return 0.
+    // 1 means not in secure mode.
+    // 2 means in secure mode.
+    secure > 1
+}
+
+#[cfg(feature = "runtime")]
+#[inline]
 pub(crate) fn exe_phdrs() -> (*const c::c_void, usize, usize) {
     let mut phdr = PHDR.load(Relaxed);
     let mut phent = PHENT.load(Relaxed);
@@ -131,6 +152,8 @@ static HWCAP2: AtomicUsize = AtomicUsize::new(0);
 static EXECFN: AtomicPtr<c::c_char> = AtomicPtr::new(null_mut());
 static SYSINFO_EHDR: AtomicPtr<Elf_Ehdr> = AtomicPtr::new(null_mut());
 #[cfg(feature = "runtime")]
+static SECURE: AtomicU8 = AtomicU8::new(0);
+#[cfg(feature = "runtime")]
 static PHDR: AtomicPtr<Elf_Phdr> = AtomicPtr::new(null_mut());
 #[cfg(feature = "runtime")]
 static PHENT: AtomicUsize = AtomicUsize::new(0);
@@ -142,7 +165,7 @@ static ENTRY: AtomicUsize = AtomicUsize::new(0);
 #[cfg(feature = "alloc")]
 fn pr_get_auxv() -> crate::io::Result<Vec<u8>> {
     use super::super::conv::{c_int, pass_usize, ret_usize};
-    const PR_GET_AUXV: c::c_int = 0x41555856;
+    const PR_GET_AUXV: c::c_int = 0x4155_5856;
     let mut buffer = alloc::vec![0u8; 512];
     let len = unsafe {
         ret_usize(syscall_always_asm!(
@@ -256,6 +279,8 @@ unsafe fn init_from_aux_iter(aux_iter: impl Iterator<Item = Elf_auxv_t>) -> Opti
     let mut execfn = null_mut();
     let mut sysinfo_ehdr = null_mut();
     #[cfg(feature = "runtime")]
+    let mut secure = 0;
+    #[cfg(feature = "runtime")]
     let mut phdr = null_mut();
     #[cfg(feature = "runtime")]
     let mut phnum = 0;
@@ -263,6 +288,14 @@ unsafe fn init_from_aux_iter(aux_iter: impl Iterator<Item = Elf_auxv_t>) -> Opti
     let mut phent = 0;
     #[cfg(feature = "runtime")]
     let mut entry = 0;
+    #[cfg(feature = "runtime")]
+    let mut uid = None;
+    #[cfg(feature = "runtime")]
+    let mut euid = None;
+    #[cfg(feature = "runtime")]
+    let mut gid = None;
+    #[cfg(feature = "runtime")]
+    let mut egid = None;
 
     for Elf_auxv_t { a_type, a_val } in aux_iter {
         match a_type as _ {
@@ -278,6 +311,16 @@ unsafe fn init_from_aux_iter(aux_iter: impl Iterator<Item = Elf_auxv_t>) -> Opti
             }
 
             #[cfg(feature = "runtime")]
+            AT_SECURE => secure = (a_val as usize != 0) as u8 + 1,
+            #[cfg(feature = "runtime")]
+            AT_UID => uid = Some(a_val),
+            #[cfg(feature = "runtime")]
+            AT_EUID => euid = Some(a_val),
+            #[cfg(feature = "runtime")]
+            AT_GID => gid = Some(a_val),
+            #[cfg(feature = "runtime")]
+            AT_EGID => egid = Some(a_val),
+            #[cfg(feature = "runtime")]
             AT_PHDR => phdr = check_raw_pointer::<Elf_Phdr>(a_val as *mut _)?.as_ptr(),
             #[cfg(feature = "runtime")]
             AT_PHNUM => phnum = a_val as usize,
@@ -294,8 +337,16 @@ unsafe fn init_from_aux_iter(aux_iter: impl Iterator<Item = Elf_auxv_t>) -> Opti
     #[cfg(feature = "runtime")]
     assert_eq!(phent, size_of::<Elf_Phdr>());
 
-    // The base and sysinfo_ehdr (if present) matches our platform. Accept
-    // the aux values.
+    // If we're running set-uid or set-gid, enable “secure execution” mode,
+    // which doesn't do much, but users may be depending on the things that
+    // it does do.
+    #[cfg(feature = "runtime")]
+    if uid != euid || gid != egid {
+        secure = 2;
+    }
+
+    // The base and sysinfo_ehdr (if present) matches our platform. Accept the
+    // aux values.
     PAGE_SIZE.store(pagesz, Relaxed);
     CLOCK_TICKS_PER_SECOND.store(clktck, Relaxed);
     HWCAP.store(hwcap, Relaxed);
@@ -303,6 +354,8 @@ unsafe fn init_from_aux_iter(aux_iter: impl Iterator<Item = Elf_auxv_t>) -> Opti
     EXECFN.store(execfn, Relaxed);
     SYSINFO_EHDR.store(sysinfo_ehdr, Relaxed);
     #[cfg(feature = "runtime")]
+    SECURE.store(secure, Relaxed);
+    #[cfg(feature = "runtime")]
     PHDR.store(phdr, Relaxed);
     #[cfg(feature = "runtime")]
     PHNUM.store(phnum, Relaxed);