diff options
Diffstat (limited to 'vendor/rustix/src/backend/linux_raw/param/auxv.rs')
-rw-r--r-- | vendor/rustix/src/backend/linux_raw/param/auxv.rs | 61 |
1 files changed, 57 insertions, 4 deletions
diff --git a/vendor/rustix/src/backend/linux_raw/param/auxv.rs b/vendor/rustix/src/backend/linux_raw/param/auxv.rs index 8b0423ae4..fbbcdea29 100644 --- a/vendor/rustix/src/backend/linux_raw/param/auxv.rs +++ b/vendor/rustix/src/backend/linux_raw/param/auxv.rs @@ -15,6 +15,8 @@ use crate::utils::{as_ptr, check_raw_pointer}; use alloc::vec::Vec; use core::mem::size_of; use core::ptr::{null_mut, read_unaligned, NonNull}; +#[cfg(feature = "runtime")] +use core::sync::atomic::AtomicU8; use core::sync::atomic::Ordering::Relaxed; use core::sync::atomic::{AtomicPtr, AtomicUsize}; use linux_raw_sys::elf::*; @@ -22,7 +24,9 @@ use linux_raw_sys::general::{ AT_BASE, AT_CLKTCK, AT_EXECFN, AT_HWCAP, AT_HWCAP2, AT_NULL, AT_PAGESZ, AT_SYSINFO_EHDR, }; #[cfg(feature = "runtime")] -use linux_raw_sys::general::{AT_ENTRY, AT_PHDR, AT_PHENT, AT_PHNUM}; +use linux_raw_sys::general::{ + AT_EGID, AT_ENTRY, AT_EUID, AT_GID, AT_PHDR, AT_PHENT, AT_PHNUM, AT_SECURE, AT_UID, +}; #[cfg(feature = "param")] #[inline] @@ -82,6 +86,23 @@ pub(crate) fn linux_execfn() -> &'static CStr { #[cfg(feature = "runtime")] #[inline] +pub(crate) fn linux_secure() -> bool { + let mut secure = SECURE.load(Relaxed); + + // 0 means not initialized yet. + if secure == 0 { + init_auxv(); + secure = SECURE.load(Relaxed); + } + + // 0 means not present. Libc `getauxval(AT_SECURE)` would return 0. + // 1 means not in secure mode. + // 2 means in secure mode. + secure > 1 +} + +#[cfg(feature = "runtime")] +#[inline] pub(crate) fn exe_phdrs() -> (*const c::c_void, usize, usize) { let mut phdr = PHDR.load(Relaxed); let mut phent = PHENT.load(Relaxed); @@ -131,6 +152,8 @@ static HWCAP2: AtomicUsize = AtomicUsize::new(0); static EXECFN: AtomicPtr<c::c_char> = AtomicPtr::new(null_mut()); static SYSINFO_EHDR: AtomicPtr<Elf_Ehdr> = AtomicPtr::new(null_mut()); #[cfg(feature = "runtime")] +static SECURE: AtomicU8 = AtomicU8::new(0); +#[cfg(feature = "runtime")] static PHDR: AtomicPtr<Elf_Phdr> = AtomicPtr::new(null_mut()); #[cfg(feature = "runtime")] static PHENT: AtomicUsize = AtomicUsize::new(0); @@ -142,7 +165,7 @@ static ENTRY: AtomicUsize = AtomicUsize::new(0); #[cfg(feature = "alloc")] fn pr_get_auxv() -> crate::io::Result<Vec<u8>> { use super::super::conv::{c_int, pass_usize, ret_usize}; - const PR_GET_AUXV: c::c_int = 0x41555856; + const PR_GET_AUXV: c::c_int = 0x4155_5856; let mut buffer = alloc::vec![0u8; 512]; let len = unsafe { ret_usize(syscall_always_asm!( @@ -256,6 +279,8 @@ unsafe fn init_from_aux_iter(aux_iter: impl Iterator<Item = Elf_auxv_t>) -> Opti let mut execfn = null_mut(); let mut sysinfo_ehdr = null_mut(); #[cfg(feature = "runtime")] + let mut secure = 0; + #[cfg(feature = "runtime")] let mut phdr = null_mut(); #[cfg(feature = "runtime")] let mut phnum = 0; @@ -263,6 +288,14 @@ unsafe fn init_from_aux_iter(aux_iter: impl Iterator<Item = Elf_auxv_t>) -> Opti let mut phent = 0; #[cfg(feature = "runtime")] let mut entry = 0; + #[cfg(feature = "runtime")] + let mut uid = None; + #[cfg(feature = "runtime")] + let mut euid = None; + #[cfg(feature = "runtime")] + let mut gid = None; + #[cfg(feature = "runtime")] + let mut egid = None; for Elf_auxv_t { a_type, a_val } in aux_iter { match a_type as _ { @@ -278,6 +311,16 @@ unsafe fn init_from_aux_iter(aux_iter: impl Iterator<Item = Elf_auxv_t>) -> Opti } #[cfg(feature = "runtime")] + AT_SECURE => secure = (a_val as usize != 0) as u8 + 1, + #[cfg(feature = "runtime")] + AT_UID => uid = Some(a_val), + #[cfg(feature = "runtime")] + AT_EUID => euid = Some(a_val), + #[cfg(feature = "runtime")] + AT_GID => gid = Some(a_val), + #[cfg(feature = "runtime")] + AT_EGID => egid = Some(a_val), + #[cfg(feature = "runtime")] AT_PHDR => phdr = check_raw_pointer::<Elf_Phdr>(a_val as *mut _)?.as_ptr(), #[cfg(feature = "runtime")] AT_PHNUM => phnum = a_val as usize, @@ -294,8 +337,16 @@ unsafe fn init_from_aux_iter(aux_iter: impl Iterator<Item = Elf_auxv_t>) -> Opti #[cfg(feature = "runtime")] assert_eq!(phent, size_of::<Elf_Phdr>()); - // The base and sysinfo_ehdr (if present) matches our platform. Accept - // the aux values. + // If we're running set-uid or set-gid, enable “secure execution” mode, + // which doesn't do much, but users may be depending on the things that + // it does do. + #[cfg(feature = "runtime")] + if uid != euid || gid != egid { + secure = 2; + } + + // The base and sysinfo_ehdr (if present) matches our platform. Accept the + // aux values. PAGE_SIZE.store(pagesz, Relaxed); CLOCK_TICKS_PER_SECOND.store(clktck, Relaxed); HWCAP.store(hwcap, Relaxed); @@ -303,6 +354,8 @@ unsafe fn init_from_aux_iter(aux_iter: impl Iterator<Item = Elf_auxv_t>) -> Opti EXECFN.store(execfn, Relaxed); SYSINFO_EHDR.store(sysinfo_ehdr, Relaxed); #[cfg(feature = "runtime")] + SECURE.store(secure, Relaxed); + #[cfg(feature = "runtime")] PHDR.store(phdr, Relaxed); #[cfg(feature = "runtime")] PHNUM.store(phnum, Relaxed); |