From 61c1106d9ff3963d50ac7e38c176804f7b4d521b Mon Sep 17 00:00:00 2001
From: Sergey Bugaev <bugaevc@gmail.com>
Date: Sat, 11 Jan 2020 18:45:38 +0300
Subject: [PATCH] Kernel+LibC: Implement a few mount flags

We now support these mount flags:
* MS_NODEV: disallow opening any devices from this file system
* MS_NOEXEC: disallow executing any executables from this file system
* MS_NOSUID: ignore set-user-id bits on executables from this file system

The fourth flag, MS_BIND, is defined, but currently ignored.
---
 Kernel/FileSystem/VirtualFileSystem.cpp |  4 +++-
 Kernel/FileSystem/VirtualFileSystem.h   |  5 +++++
 Kernel/Process.cpp                      | 10 ++++++----
 Libraries/LibC/unistd.h                 |  5 +++++
 4 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/Kernel/FileSystem/VirtualFileSystem.cpp b/Kernel/FileSystem/VirtualFileSystem.cpp
index a0103bc304..ccdf193182 100644
--- a/Kernel/FileSystem/VirtualFileSystem.cpp
+++ b/Kernel/FileSystem/VirtualFileSystem.cpp
@@ -216,11 +216,13 @@ KResultOr<NonnullRefPtr<FileDescription>> VFS::open(StringView path, int options
         should_truncate_file = options & O_TRUNC;
     }
     if (options & O_EXEC) {
-        if (!metadata.may_execute(current->process()))
+        if (!metadata.may_execute(current->process()) || (custody.mount_flags() & MS_NOEXEC))
             return KResult(-EACCES);
     }
 
     if (metadata.is_device()) {
+        if (custody.mount_flags() & MS_NODEV)
+            return KResult(-EACCES);
         auto device = Device::get_device(metadata.major_device, metadata.minor_device);
         if (device == nullptr) {
             return KResult(-ENODEV);
diff --git a/Kernel/FileSystem/VirtualFileSystem.h b/Kernel/FileSystem/VirtualFileSystem.h
index 13f7b7803f..1a7f580997 100644
--- a/Kernel/FileSystem/VirtualFileSystem.h
+++ b/Kernel/FileSystem/VirtualFileSystem.h
@@ -28,6 +28,11 @@
 #define O_DIRECT 04000000
 #define O_NOFOLLOW_NOERROR 0x4000000
 
+#define MS_NODEV 1
+#define MS_NOEXEC 2
+#define MS_NOSUID 4
+#define MS_BIND 8
+
 class Custody;
 class Device;
 class FileDescription;
diff --git a/Kernel/Process.cpp b/Kernel/Process.cpp
index 74dc581138..81e382e86e 100644
--- a/Kernel/Process.cpp
+++ b/Kernel/Process.cpp
@@ -750,10 +750,12 @@ int Process::do_exec(String path, Vector<String> arguments, Vector<String> envir
     // Copy of the master TLS region that we will clone for new threads
     m_master_tls_region = master_tls_region;
 
-    if (metadata.is_setuid())
-        m_euid = metadata.uid;
-    if (metadata.is_setgid())
-        m_egid = metadata.gid;
+    if (!(description->custody()->mount_flags() & MS_NOSUID)) {
+        if (metadata.is_setuid())
+            m_euid = metadata.uid;
+        if (metadata.is_setgid())
+            m_egid = metadata.gid;
+    }
 
     current->set_default_signal_dispositions();
     current->m_signal_mask = 0;
diff --git a/Libraries/LibC/unistd.h b/Libraries/LibC/unistd.h
index bfecbbfbdf..1fd5b870b5 100644
--- a/Libraries/LibC/unistd.h
+++ b/Libraries/LibC/unistd.h
@@ -128,6 +128,11 @@ enum {
 #define X_OK 1
 #define F_OK 0
 
+#define MS_NODEV 1
+#define MS_NOEXEC 2
+#define MS_NOSUID 4
+#define MS_BIND 8
+
 /*
  * We aren't fully compliant (don't support policies, and don't have a wide
  * range of values), but we do have process priorities.