This fix is rejected because it only makes the setfsuid test in ostest
pass and doesn't fix the other issues including the one in which file
I/O could be done with the old fsuid because an mcexec thread with an
arbitrary tid could handle the system-call offload request.
Explanation of the rejected fix:
setfsuid() proceeds as follows:
1. McKernel asks mcexec for __NR_setfsuid (set)
2. mcexec calls setfsuid, reports the id to McKernel
3. McKernel asks mcexec for __NR_setfsuid (get)
4. mcexec calls mcexec_getcred(), reports the id to Mckernel
5. McKernel sets proc->fsuid to the obtained value
tid of mcexec on the 2nd and 4th step could be different. So this
fix lets mcexec report its tid on the 2nd step and McKernel specify
it in the 3rd step.
Change-Id: Id5cfeed18c64430d576a56e961bbca1ecb2e39ad
Fujitsu: POSTK_DEBUG_TEMP_FIX_45
Fix that process will remain even if signal is received between PPD
registration and release_handler registration.
Refs: #1201
Fujitsu: POSTK_DEBUG_TEMP_FIX_64
Change-Id: I571781963578df8cedb327f19298f595cfb137a3
mcoverlayfs has a high maintenance burden and does not work on rhel8's 4.18
kernel (while it works on vanilla 4.18...); instead of debugging this further
time is better spent making it independent from overlayfs.
Change-Id: I7454ae95b0fbb3373c256aa2fd83cdfec466c009
Separate copyright bumps in a different commit.
A lot of files only had the copyright change at this point; these
were probably changes I added separatly in other patches but just
split these in a different commit instead to simplify git stats
Change-Id: I93cf3fc1c0fa04ee743a79c3fe9768933e6bd0d2
Check we mapped the correct region with a magic header in the struct
Original commit: d246b93a3bced92d0ac2a4a337118091b010658a
Fujitsu: POSTK_DEBUG_TEMP_FIX_76
Change-Id: If848be64af5d76844ba65b48493021637c8114f4
While we are here:
- fix uname -r (single quote?!)
- add compat for rhel8 (el kernel and version is 4.18)
- also remove linux version check in mcreboot.sh, trust configure check
Change-Id: I14726d4374b0dfd941640096044ea1d5d88bfcb8
envs are stuck after args which are now possibly unaligned, and used
from a non-aligned pointer in prepare_process_ranges_args_envs (env)
The memory immediately after args/envs is copied anyway with memcpy_long,
so make sure the bits are initialized and realign env correctly
Fixes: 70e52faf36 ("flatten_strings: do not return unused trailing bits")
Change-Id: Ic747e947d151c0eea65dec36bc9c888cf6e0c394
the libc takes care of trying execve as many times as needed for
execvp, it's not a kernel call.
Also, sneak a double-free fix (desc was not reset properly in case
load_elf_desc_shebang failed)
Fixes: b1681f4a3affff ("mcexec/execve: fix shebangs handling")
Change-Id: If8e3d7ae53acdeffc0331ae8621e0832fcfa406f
Running "mcexec dfsafds" did not print any message in normal use.
Rather than looking for which message shows in debug and turn in into
eprintf, add a single coherent message (more shell-like) at the end and
turn other messages off.
There is a small loss of information but this is equivalent to what
shells give (a single errno value with no details), and it is now easy
to add --debug to mcexec to see more information if required
Change-Id: Id2c3a47880b7d1d7467883351e6e7af561f91bbf
strncat must not look at the appendee's length, but at how much
is left where we're appending.
This API is stupid anyway, where is strlcat when we need it...
Change-Id: Icdf418083146420a06f8ba5ffdf882982610d39b
Trailing bits were displayed in proc->saved_cmdline, displaying
uninitialized data to the user in /proc/<pid>/cmdline
Change-Id: I74831c8c68dd2f2197b35e9b49aaaae29c4c1dd5
This would incorrectly make "mcexec sh -c './script.sh'" run with
/bin/bash instead of /bin/sh (which is important, because bash behaviour
changes depending on how it is invoked)
Change-Id: I80610cf442c6c3ecacfa23e8ed15652bc8d4e3f7
There were mainly two problems with shebangs:
- Suffix arguments handling e.g. '#!/bin/sh -x'
- Recursive handling e.g. script1 fetchs '#!/path/to/script2'
and script2 itself has a shebang
- (did I say two?) running shebang would replace argv[optind] instead
of appending e.g. script with '#!/bin/sh' and running './script -c'
would run '/bin/sh -c' instead of '/bin/sh ./script -c'
There also are two places where this needs parsing:
- starting a fresh program from mcexec
- starting a new program from execve in mcexec
The first was easy to fix as we already had argv around, but the later
required a new way to transfer the 'new argv elements from the script'
to mckernel to append before its argv -- it used to be 'desc->shell_path'
but that was no longer used at some point and just one keyword is not
enough to handle this properly.
This commit does:
- Refactors the lookup_path + load_elf_desc that was only done at most
twice in its own function that loops indefinitely and use that in both
situations described above
- Transmits the argv addition in the transfer to mckernel after the
desc; mckernel allocates 4 pages (hardcoded) for the descs and we will
hopefully have room for the script arguments on top of that... (there is
no guard!!!)
- Change flatten_strings to allow prepending a flattened string instead
of a single string.
Note that the flatten_string change also brought in a difference in the
format, to have the full length embedded within the string, the latest
slot that used to be zeroes now contains the position of the end of the
buffer (where the last+1 string would be if there had been one)
This required a trivial change in mckernel prepare args function that
used this property for no real reason.
Hopefully things work™, this probably warrants adding a couple of new
ostests...
- create a couple of scripts with recursive invocation/arguments and
check their own argv.
- execute "mcexec script args" and "mcexec sh -c 'script args'"
Change-Id: I2cf9cde5c07c9293f730de89c9731bd93dbfa789
Refs: #1115
This includes the following fix:
send_syscall, do_syscall: remove argument pid
Fujitsu: POSTK_TEMP_FIX_26
Refs: #1165
Change-Id: I702362c07a28f507a5e43dd751949aefa24bc8c0
Defining C structures for the following objects:
(1) Remote and local context
(2) Stack of system call arguments / return values
Change-Id: Iafbb6c795bd765e3c78c54a255d8a1e4d4536288
(1) Add --enable-uti option. The binary-patch library is
preloaded with this option.
(2) Binary-patching is done by syscall_intercept developed by Intel
This commit includes the following fixes:
(1) Fix do_exit() and terminate() handling
(2) Fix timing of killing mcexec threads when McKernel thread calls terminate()
Change-Id: Iad885e1e5540ed79f0808debd372463e3b8fecea
