overby.me / darling-nix
this repo has no description
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Fix a few problems with darling.c

* Check for the kernel module being already loaded before trying to load it
* Correctly set UID/GID so that the shell doesn't drop them
* Remove module unloading functionality
* Fix droppping GID in prelaunchd
* Change prelaunchd name in "ps a" output to be "darling-init"

Sergey Bugaev eab74f2b 65477c6c

+35 -39
+34 -36
src/dyld/darling.c
··· 42 42 const char* DARLING_INIT_COMM = "darling-init"; 43 43 char *prefix; 44 44 uid_t g_originalUid, g_originalGid; 45 + char **g_argv, **g_envp; 45 46 46 - int main(int argc, char const ** argv) 47 + int main(int argc, char ** argv, char ** envp) 47 48 { 48 49 pid_t pidInit, pidChild; 49 50 int wstatus; ··· 54 55 return 1; 55 56 } 56 57 58 + g_argv = argv; 59 + g_envp = envp; 60 + 57 61 if (geteuid() != 0) 58 62 { 59 63 missingSetuidRoot(); 60 64 return 1; 61 65 } 62 - 63 - if (loadKernelModule()) 64 - return 1; 65 66 66 67 g_originalUid = getuid(); 67 68 g_originalGid = getgid(); 68 69 70 + setuid(0); 71 + setgid(0); 72 + 73 + if (!isModuleLoaded()) 74 + loadKernelModule(); 75 + 69 76 prefix = getenv("DPREFIX"); 70 77 if (!prefix) 71 78 prefix = defaultPrefixPath(); ··· 88 95 }; 89 96 int option_index = 0; 90 97 91 - c = getopt_long(argc, (char *const *)argv, "", long_options, &option_index); 98 + c = getopt_long(argc, argv, "", long_options, &option_index); 92 99 93 100 if (c == -1) 94 101 { ··· 199 206 200 207 waitpid(pidChild, &wstatus, 0); 201 208 202 - // Should we unloadKernelModule() here? Others may be still using it 203 209 if (WIFEXITED(wstatus)) 204 210 return WEXITSTATUS(wstatus); 205 211 if (WIFSIGNALED(wstatus)) ··· 274 280 exit(1); 275 281 } 276 282 */ 277 - 278 - setresuid(g_originalUid, g_originalUid, g_originalUid); 283 + 284 + // Drop the privileges. It's important to drop GID first, because 285 + // non-root users can't change their GID. 279 286 setresgid(g_originalGid, g_originalGid, g_originalGid); 287 + setresuid(g_originalUid, g_originalUid, g_originalUid); 280 288 281 289 /* 282 290 if (setns(fdNS, CLONE_NEWUSER) != 0) ··· 406 414 407 415 char *opts; 408 416 char putOld[4096]; 417 + char *p; 409 418 410 419 close(pipefd[0]); 411 420 ··· 452 461 exit(1); 453 462 } 454 463 455 - // Drop the privileges 456 - setresuid(g_originalUid, g_originalUid, g_originalUid); 464 + // Drop the privileges. It's important to drop GID first, because 465 + // non-root users can't change their GID. 457 466 setresgid(g_originalGid, g_originalGid, g_originalGid); 467 + setresuid(g_originalUid, g_originalUid, g_originalUid); 458 468 prctl(PR_SET_DUMPABLE, 1, 0, 0, 0); 459 469 470 + // Set name to darling-init 460 471 prctl(PR_SET_NAME, DARLING_INIT_COMM, 0, 0); 472 + p = stpcpy(g_argv[0], DARLING_INIT_COMM); 473 + memset(p, 0, g_envp[0] - p); 461 474 462 475 /* 463 476 if (unshare(CLONE_NEWUSER) != 0) ··· 843 856 return 0; 844 857 } 845 858 846 - int loadKernelModule() 859 + void loadKernelModule() 847 860 { 848 - FILE* fp; 849 - char output[1024]; 861 + int status; 862 + FILE *fp = popen("/sbin/modprobe darling-mach", "w"); 850 863 851 - if ((fp = popen("/sbin/modprobe darling-mach", "r")) == NULL) 864 + if (fp == NULL) 852 865 { 853 - fprintf(stderr, "Failed to run modprobe\n"); 854 - return 1; 866 + fprintf(stderr, "Failed to run modprobe: %s\n", strerror(errno)); 867 + exit(1); 855 868 } 856 869 857 - while (fgets(output, sizeof(output), fp) != NULL) 870 + status = pclose(fp); 871 + if (WIFEXITED(status) && WEXITSTATUS(status) == 0) 858 872 { 859 - printf("%s", output); 860 - } 861 - 862 - if (WEXITSTATUS(pclose(fp)) == 0) 863 - { 864 - fprintf(stderr, "Loaded kernel module successfully\n"); 865 - return 0; 873 + fprintf(stderr, "Loaded the kernel module\n"); 874 + return; 866 875 } 867 876 else 868 877 { 869 878 fprintf(stderr, "Failed to load the kernel module\n"); 870 - return 1; 879 + exit(1); 871 880 } 872 881 } 873 - 874 - int unloadKernelModule() 875 - { 876 - if(syscall(SYS_delete_module, "darling_mach", 0)) 877 - { 878 - fprintf(stderr, "Cannot unload kernel module: %s\n", strerror(errno)); 879 - return 1; 880 - } 881 - 882 - return 0; 883 - }
+1 -3
src/dyld/darling.h
··· 64 64 65 65 int isModuleLoaded(void); 66 66 67 - int loadKernelModule(void); 68 - 69 - int unloadKernelModule(void); 67 + void loadKernelModule(void); 70 68 71 69 #endif