void-packages/srcpkgs/proot/patches/1001-prevent-tracees-from-becoming-undumpable.patch
Đoàn Trần Công Danh 49cb564d14 srcpkgs/p*: convert patches to -Np1
* par is kept at -Np0

```sh
git grep -l '^patch_args=-Np0' "srcpkgs/$1*/template" |
while read template; do
	for p in ${template%/template}/patches/*; do
		sed -i '
			\,^[+-][+-][+-] /dev/null,b
			/^[*-]\+ [0-9]\+\(,[0-9]\+\)\? [*-]\+$/b
			s,^[*][*][*] ,&a/,
			/^--- /{
				s,\(^--- \)\(./\)*,\1a/,
				s,[.-][Oo][Rr][Ii][Gg]\([	/]\),\1,
				s/[.-][Oo][Rr][Ii][Gg]$//
				s/[.]patched[.]\([^.]\)/.\1/
				h
			}
			/^+++ -/{
				g
				s/^--- a/+++ b/
				b
			}
			s,\(^+++ \)\(./\)*,\1b/,
		' "$p"
	done
	sed -i '/^patch_args=/d' $template
done
```
2021-06-20 13:17:29 +07:00

48 lines
1.3 KiB
Diff

# upstream: yes
# https://github.com/proot-me/proot/pull/203
# adapted to fit proot's old release
From 2e796c5a0ed3c04d0816405422c8d6a25eccf5c2 Mon Sep 17 00:00:00 2001
From: Michal Bednarski <bednarski.michal2@gmail.com>
Date: Thu, 5 Sep 2019 15:19:08 +0200
Subject: [PATCH] Prevent tracees from becoming undumpable
--- a/src/syscall/enter.c
+++ b/src/syscall/enter.c
@@ -26,7 +26,8 @@
#include <linux/net.h> /* SYS_*, */
#include <fcntl.h> /* AT_FDCWD, */
#include <limits.h> /* PATH_MAX, */
-
+#include <string.h> /* strcpy */
+#include <sys/prctl.h> /* PR_SET_DUMPABLE */
#include "syscall/syscall.h"
#include "syscall/sysnum.h"
#include "syscall/socket.h"
@@ -563,6 +564,15 @@
status = translate_path2(tracee, newdirfd, newpath, SYSARG_3, SYMLINK);
break;
+
+ case PR_prctl:
+ /* Prevent tracees from setting dumpable flag.
+ * (Otherwise it could break tracee memory access) */
+ if (peek_reg(tracee, CURRENT, SYSARG_1) == PR_SET_DUMPABLE) {
+ set_sysnum(tracee, PR_void);
+ status = 0;
+ }
+ break;
}
end:
--- a/src/syscall/seccomp.c
+++ b/src/syscall/seccomp.c
@@ -377,6 +377,7 @@
{ PR_open, 0 },
{ PR_openat, 0 },
{ PR_pivot_root, 0 },
+ { PR_prctl, 0 },
{ PR_ptrace, FILTER_SYSEXIT },
{ PR_readlink, FILTER_SYSEXIT },
{ PR_readlinkat, FILTER_SYSEXIT },