Skip to content

Emulate PR_SET_DUMPABLE and misc improvements#2370

Merged
sporksmith merged 6 commits intoshadow:mainfrom
sporksmith:handle-harden
Aug 23, 2022
Merged

Emulate PR_SET_DUMPABLE and misc improvements#2370
sporksmith merged 6 commits intoshadow:mainfrom
sporksmith:handle-harden

Conversation

@sporksmith
Copy link
Copy Markdown
Contributor

@sporksmith sporksmith commented Aug 22, 2022

This is primarily to fix #2368

  • Emulate PR_SET_DUMPABLE instead of allowing it to execute natively, which interferes with Shadow's ability to access managed process memory.

Some other minor improvements:

  • Return an error for some other prctl operations that would interfere with Shadow
  • Add explicit cases for all known prctl operations, and return errors for any others.
  • Enable the getgroups syscall to just execute natively.
  • Add explicit cases for the unimplemented sched_getaffinity and sched_setaffinity syscalls, so that the logged warnings give the syscall names instead of just the numbers.
  • Fix clock_gettime and futex syscalls to handle the cases where a bad user pointer is provided.

@github-actions github-actions bot added the Component: Main Composing the core Shadow executable label Aug 22, 2022
@sporksmith
futex: handle unreadable user pointers
a7aa21d 
Just use `process_readPtr` here; it lets us handle errors more
gracefully, and the extra copy of a uint32 has negligible cost.
@sporksmith
clock_gettime: handle unreadable user pointers
6306c30 
Just use `process_readPtr` here; it lets us handle errors more
gracefully, and the extra copy of a uint32 has negligible cost.
@sporksmith
syscallhandler: add cases for sched_getaffinity and sched_setaffinity
852c224 
Having explicit cases instead of falling through to the default gives
more useful log messages, with the name of the syscall, instead of just
the number.
@sporksmith
Allow getgroups syscall
52685d6
@sporksmith
prctl: add support for PR_SET_DUMPABLE and PR_GET_DUMPABLE
491de3f 
Fixes shadow#2368
@sporksmith
prctl: handle all operations explicitly
5fb6542 
* Pass most operations through natively, as before.
* Return ENOSYS for some that would interfere with Shadow.
* Return EINVAL for any that aren't explicitly handled.
@sporksmith sporksmith marked this pull request as ready for review August 22, 2022 21:53
stevenengler
stevenengler approved these changes Aug 23, 2022
View reviewed changes
@sporksmith sporksmith merged commit c383eb4 into shadow:main Aug 23, 2022
@sporksmith sporksmith deleted the handle-harden branch August 23, 2022 14:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@stevenengler stevenengler stevenengler approved these changes

Assignees

@sporksmith sporksmith

Labels

Component: Main Composing the core Shadow executable

Projects

None yet

Milestone

Fix known interposition bugs

Development

Successfully merging this pull request may close these issues.

process hardening causes obscure errors

2 participants

@sporksmith @stevenengler