From d6ce3e63e240f73b0fd1208902becf2eea065c12 Mon Sep 17 00:00:00 2001 From: Ali Mohammad Pur Date: Tue, 29 Mar 2022 09:26:49 +0430 Subject: [PATCH] Kernel: Disallow elevating pledge promises with no_error set 8233da33985bf834685bc215a8a9ed261e674f5f introduced a not-so-subtle bug where an application with an existing pledge set containing `no_error` could elevate its pledge set by pledging _anything_, this commit makes sure that no new promise is accepted. --- Kernel/Syscalls/pledge.cpp | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/Kernel/Syscalls/pledge.cpp b/Kernel/Syscalls/pledge.cpp index 20c39c81cd..9db4490264 100644 --- a/Kernel/Syscalls/pledge.cpp +++ b/Kernel/Syscalls/pledge.cpp @@ -47,9 +47,10 @@ ErrorOr Process::sys$pledge(Userspace if (!parse_pledge(promises->view(), new_promises)) return EINVAL; - if (!(m_protected_values.promises & (1u << (u32)Pledge::no_error))) { - if (m_protected_values.has_promises && (new_promises & ~m_protected_values.promises)) + if (m_protected_values.has_promises && (new_promises & ~m_protected_values.promises)) { + if (!(m_protected_values.promises & (1u << (u32)Pledge::no_error))) return EPERM; + new_promises &= m_protected_values.promises; } } @@ -57,9 +58,10 @@ ErrorOr Process::sys$pledge(Userspace if (execpromises) { if (!parse_pledge(execpromises->view(), new_execpromises)) return EINVAL; - if (!(m_protected_values.promises & (1u << (u32)Pledge::no_error))) { - if (m_protected_values.has_execpromises && (new_execpromises & ~m_protected_values.execpromises)) + if (m_protected_values.has_execpromises && (new_execpromises & ~m_protected_values.execpromises)) { + if (!(m_protected_values.promises & (1u << (u32)Pledge::no_error))) return EPERM; + new_execpromises &= m_protected_values.execpromises; } }