From: voidlinux-github@inbox.vuxu.org
To: ml@inbox.vuxu.org
Subject: Re: [PR PATCH] [Updated] proot: fix undumpable tracees
Date: Mon, 30 Dec 2019 21:03:20 +0100 [thread overview]
Message-ID: <20191230200320.c-VbAii6Sfq7D9rSCx_RpUeNSdRgZE9OYECyJHSvmOg@z> (raw)
In-Reply-To: <gh-mailinglist-notifications-41a7ca26-5023-4802-975b-f1789d68868e-void-packages-17764@inbox.vuxu.org>
[-- Attachment #1: Type: text/plain, Size: 446 bytes --]
There is an updated pull request by emilio1625 against master on the void-packages repository
https://github.com/emilio1625/void-packages proot
https://github.com/void-linux/void-packages/pull/17764
proot: fix undumpable tracees
Hi, this patch fixes issues like https://github.com/proot-me/proot/issues/173 and https://github.com/termux/proot/issues/70
A patch file from https://github.com/void-linux/void-packages/pull/17764.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-proot-17764.patch --]
[-- Type: text/x-diff, Size: 2263 bytes --]
From c58a2b2c01d63b4cee24a15af80a367061881abc Mon Sep 17 00:00:00 2001
From: Emilio Cabrera <emilio1625@gmail.com>
Date: Tue, 24 Dec 2019 16:32:42 -0600
Subject: [PATCH] proot: fix undumpable tracees
---
...ent-tracees-from-becoming-undumpable.patch | 37 +++++++++++++++++++
srcpkgs/proot/template | 2 +-
2 files changed, 38 insertions(+), 1 deletion(-)
create mode 100644 srcpkgs/proot/patches/prevent-tracees-from-becoming-undumpable.patch
diff --git a/srcpkgs/proot/patches/prevent-tracees-from-becoming-undumpable.patch b/srcpkgs/proot/patches/prevent-tracees-from-becoming-undumpable.patch
new file mode 100644
index 00000000000..2b8fcce9234
--- /dev/null
+++ b/srcpkgs/proot/patches/prevent-tracees-from-becoming-undumpable.patch
@@ -0,0 +1,37 @@
+diff --git src/syscall/enter.c src/syscall/enter.c
+--- src/syscall/enter.c
++++ src/syscall/enter.c
+@@ -26,6 +26,7 @@
+ #include <linux/net.h> /* SYS_*, */
+ #include <fcntl.h> /* AT_FDCWD, */
+ #include <limits.h> /* PATH_MAX, */
++#include <sys/prctl.h> /* PR_SET_DUMPABLE */
+
+ #include "syscall/syscall.h"
+ #include "syscall/sysnum.h"
+@@ -563,6 +564,14 @@ int translate_syscall_enter(Tracee *tracee)
+
+ status = translate_path2(tracee, newdirfd, newpath, SYSARG_3, SYMLINK);
+ break;
++ case PR_prctl:
++ /* Prevent tracees from setting dumpable flag.
++ * (Otherwise it could break tracee memory access) */
++ if (peek_reg(tracee, CURRENT, SYSARG_1) == PR_SET_DUMPABLE) {
++ set_sysnum(tracee, PR_void);
++ status = 0;
++ }
++ break;
+ }
+
+ end:
+diff --git src/syscall/seccomp.c src/syscall/seccomp.c
+--- src/syscall/seccomp.c
++++ src/syscall/seccomp.c
+@@ -377,6 +377,7 @@ static FilteredSysnum proot_sysnums[] = {
+ { PR_open, 0 },
+ { PR_openat, 0 },
+ { PR_pivot_root, 0 },
++ { PR_prctl, 0 },
+ { PR_ptrace, FILTER_SYSEXIT },
+ { PR_readlink, FILTER_SYSEXIT },
+ { PR_readlinkat, FILTER_SYSEXIT },
diff --git a/srcpkgs/proot/template b/srcpkgs/proot/template
index 5ee9809c01e..f2d7baf8839 100644
--- a/srcpkgs/proot/template
+++ b/srcpkgs/proot/template
@@ -1,7 +1,7 @@
# Template file for 'proot'
pkgname=proot
version=5.1.0
-revision=6
+revision=7
build_wrksrc=src
build_style=gnu-makefile
make_use_env=yes
next prev parent reply other threads:[~2019-12-30 20:03 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-24 23:00 [PR PATCH] " voidlinux-github
2019-12-30 20:03 ` voidlinux-github [this message]
2020-01-01 1:27 ` voidlinux-github
2020-01-01 1:28 ` voidlinux-github
2020-01-01 1:28 ` voidlinux-github
2020-01-09 18:34 ` [PR PATCH] [Closed]: " voidlinux-github
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191230200320.c-VbAii6Sfq7D9rSCx_RpUeNSdRgZE9OYECyJHSvmOg@z \
--to=voidlinux-github@inbox.vuxu.org \
--cc=ml@inbox.vuxu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).