[PATCH] libc: add issetugid()
Anthony G. Basile
basile at opensource.dyc.edu
Sat Jul 26 12:12:53 UTC 2014
On 07/24/14 16:41, Bernhard Reutner-Fischer wrote:
> On Wed, Jul 23, 2014 at 07:28:26AM -0400, Anthony G. Basile wrote:
>> I should add that this updated patch addresses Rich's points: 1) I've tested
>> this for both dynamic and static linking and I tested that libressl builds
>> and works correctly. 2) I added a link to the musl commit for the reasoning
>> behind this approach.
>>
>> On 07/22/14 13:27, basile at opensource.dyc.edu wrote:
>>> From: "Anthony G. Basile" <blueness at gentoo.org>
>>>
>>> issetugid() returns 1 if the process environment or memory address space
>>> is considered tainted, and returns 0 otherwise. This happens, for example,
>>> when a process's privileges are elevated by the setuid or setgid flags on
>>> an executable belonging to root. This function first appeard in OpenBSD 2.0
>>> and is needed for the LibreSSL.
>>>
>>> This patch follows the same logic as the equivalent musl commit. For more
>>> information see the commit message at
>>>
>>> http://git.musl-libc.org/cgit/musl/commit/?id=ddddec106fd17c3aca3287005d21e92f742aa9d4
>>> ---
>>> include/unistd.h | 8 ++++++++
>>> libc/misc/file/issetugid.c | 12 ++++++++++++
>>> libc/misc/internals/__uClibc_main.c | 12 ++++++++++++
>>> 3 files changed, 32 insertions(+)
>>> create mode 100644 libc/misc/file/issetugid.c
>>>
>>> diff --git a/include/unistd.h b/include/unistd.h
>>> index 540062a..6c2c8c2 100644
>>> --- a/include/unistd.h
>>> +++ b/include/unistd.h
>>> @@ -1168,6 +1168,14 @@ extern long int syscall (long int __sysno, ...) __THROW;
>>>
>>> #endif /* Use misc. */
>>>
>>> +#ifdef __USE_MISC
>
> is MISC (or MISC alone) an appropriate guard?
I had a hard time (and still have a hard time) deciding this even after
carefully reading include/features.h. The function started in openbsd
and migrated to free and netbsd, but its not in 4.3BSD. _USE_MISC is
looser but does include SYS V. I'm thinking now to just remove the
guard. I did speak to Rich about what musl's doing but it doesn't seem
appropriate here.
If there are no strong opinions, I'll just remove the guard and resubmit
in a few days.
Your other comments below are good.
>
>>> +/* issetugid() returns 1 if the process environment or memory address space
>>> + is considered tainted, and returns 0 otherwise. This happens, for example,
>>> + when a process's privileges are elevated by the setuid or setgid flags on
>>> + an executable belonging to root.
>>> +*/
>>> +extern int issetugid(void);
>>> +#endif
>>>
>>> #if (defined __USE_MISC || defined __USE_XOPEN_EXTENDED) && !defined F_LOCK
>>> /* NOTE: These declarations also appear in <fcntl.h>; be sure to keep both
>>> diff --git a/libc/misc/file/issetugid.c b/libc/misc/file/issetugid.c
>>> new file mode 100644
>>> index 0000000..29a4167
>>> --- /dev/null
>>> +++ b/libc/misc/file/issetugid.c
>>> @@ -0,0 +1,12 @@
>>> +/* Copyright (C) 2013 Gentoo Foundation
>>> + * Licensed under LGPL v2.1 or later, see the file COPYING.LIB in this tarball.
>>> + */
>>> +
>>> +#include <unistd.h>
>>> +
>>> +extern int _pe_secure;
>>> +
>>> +int issetugid(void)
>>> +{
>>> + return _pe_secure;
>>> +}
>>> diff --git a/libc/misc/internals/__uClibc_main.c b/libc/misc/internals/__uClibc_main.c
>>> index a37751f..b062e62 100644
>>> --- a/libc/misc/internals/__uClibc_main.c
>>> +++ b/libc/misc/internals/__uClibc_main.c
>>> @@ -40,6 +40,13 @@
>>> #include <locale.h>
>>> #endif
>>>
>>> +/* Are we in a secure process environment or are we dealing
>>> + * with setuid stuff? If we are dynamically linked, then we
>>> + * already have _dl_secure, otherwise we need to re-examine
>>> + * auxvt[].
>>> + */
>>> +int _pe_secure = 1;
>
> I'd default that to 0
> and i'd make that libc_hidden_data_def(_pe_secure)
>
>>> +
>>> #ifndef SHARED
>>> void *__libc_stack_end = NULL;
>>>
>>> @@ -387,6 +394,11 @@ void __uClibc_main(int (*main)(int, char **, char **), int argc,
>>> #else
>>> if (_dl_secure)
>>> #endif
>>> + _pe_secure = 1 ;
>>> + else
>>> + _pe_secure = 0 ;
>>> +
>>> + if (_pe_secure)
>>> {
>>> __check_one_fd (STDIN_FILENO, O_RDONLY | O_NOFOLLOW);
>>> __check_one_fd (STDOUT_FILENO, O_RDWR | O_NOFOLLOW);
>>>
>
> Please reformat the hunk above like:
> @@ -388,10 +388,12 @@ void __uClibc_main(int (*main)(int, char **, char **), int argc,
> if (_dl_secure)
> #endif
> {
> + _pe_secure = 1;
> __check_one_fd (STDIN_FILENO, O_RDONLY | O_NOFOLLOW);
> __check_one_fd (STDOUT_FILENO, O_RDWR | O_NOFOLLOW);
> __check_one_fd (STDERR_FILENO, O_RDWR | O_NOFOLLOW);
> - }
> + } else
> + _pe_secure = 0;
> #endif
>
> __uclibc_progname = *argv;
>
> TIA,
>
--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197
More information about the uClibc
mailing list