mirrors/emacs
1
Fork 0
mirror of git://git.sv.gnu.org/emacs.git synced 2025-12-28 08:11:05 -08:00
Code Issues Projects Releases Wiki Activity
160105 commits 243 branches 194 tags 7.8 GiB
Commit graph

17 commits

Author SHA1 Message Date
Paul Eggert
ec35e2621a Do not include <attribute.h> from <config.h> 
This is because mod-test.c shouldn’t use source code from lib,
but it does need to include <config.h>.
* lib-src/ebrowse.c, lib-src/emacsclient.c, lib-src/etags.c:
* lib-src/make-docfile.c, lib-src/movemail.c:
* lib-src/seccomp-filter.c, src/dynlib.h, src/lisp.h:
* src/syssignal.h, src/sysstdio.h, src/systhread.h, src/tparam.h:
Include <attribute.h>.
* src/conf_post.h: Do not include <attribute.h>.
All uses of attribute.h macros replaced with their _GL_ equivalents.
 2022-03-08 18:51:17 -08:00
Andreas Schwab
0090318c61 * lib-src/seccomp-filter.c (main): Use faccessat2 only if defined. 2022-03-05 14:41:22 +01:00
Philipp Stephani
6d3608be88 Seccomp: improve support for newer versions of glibc (Bug#51073) 
* lib-src/seccomp-filter.c (main): Allow 'pread64' and 'faccessat2'
system calls.  Newer versions of glibc use these system call (starting
with commits 95c1056962a3f2297c94ce47f0eaf0c5b6563231 and
3d3ab573a5f3071992cbc4f57d50d1d29d55bde2, respectively).
 2022-01-22 17:18:50 +01:00
Eli Zaretskii
19dcb237b5 ; Add 2022 to copyright years. 2022-01-01 02:45:51 -05:00
Philipp Stephani
b497add971 Fix Seccomp filter for newer GNU/Linux systems (Bug#51073). 
On some systems, process startup calls prctl(PR_CAPBSET_READ) via
'cap_get_bound'.  We can just return EINVAL.

* lib-src/seccomp-filter.c (main): Add a rule for
prctl(PR_CAPBSET_READ, ...).
 2021-10-09 19:39:31 +02:00
Philipp Stephani
8fa624b39b Improve compatibility with musl-libc (Bug#48789) 
* lib-src/seccomp-filter.c (export_filter): Remove use of
nonstandard macro TEMP_FAILURE_RETRY.
 2021-08-29 20:51:39 +02:00
Philipp Stephani
aaf6b6bf80 Ensure that argument to 'verify' is a constant expression. 
Casting NULL is not a constant expression (Bug#47951).

* lib-src/seccomp-filter.c (main): Turn check for null pointer
representation into a runtime assertion.
 2021-04-22 16:11:10 +02:00
Philipp Stephani
27af0a3dc8 Seccomp filter: deal with arch_prctl(ARCH_CET_STATUS, ...). 
The dynamic loader of GNU libc 2.28 uses this system call to
initialize CPU information, see
https://sourceware.org/git/?p=glibc.git;a=blob;f=sysdeps/unix/sysv/linux/x86/cpu-features.c;hb=glibc-2.28#l28.
Simulating an older kernel by returning EINVAL should be the most
harmless rule here.

The ARCH_CET_STATUS symbol isn't yet exposed by the kernel headers;
see the FIXME at the top of
https://sourceware.org/git/?p=glibc.git;a=blob;f=sysdeps/unix/sysv/linux/x86/include/asm/prctl.h;hb=glibc-2.28.

* lib-src/seccomp-filter.c (ARCH_CET_STATUS): Define if not
already present.  Inline the value because there doesn't seem to
be a header file exporting this constant yet.
(main): Make ARCH_CET_STATUS subfunction of arch_prctl return EINVAL.
 2021-04-19 21:11:21 +02:00
Philipp Stephani
2822246b5d Fix Seccomp filter on CentOS 8.3 (Bug#47828). 
* lib-src/seccomp-filter.c (main): mmap: Also allow MAP_SHARED.
 2021-04-18 10:34:48 +02:00
Philipp Stephani
104c5e3d57 * lib-src/seccomp-filter.c: Add missing headers. 2021-04-12 09:20:51 +02:00
Philipp Stephani
c8d542fd59 Add a variant of the Seccomp filter file that allows 'execve'. 
This is useful when starting Emacs with a Seccomp filter enabled,
e.g. using 'bwrap'.

* lib-src/seccomp-filter.c (main): Generate new Seccomp files.

* lib-src/Makefile.in (all)
(seccomp-filter.bpf seccomp-filter.pfc seccomp-filter-exec.bpf
seccomp-filter-exec.pfc): Generate new Seccomp files.

* .gitignore: Ignore new Seccomp files.

* test/src/emacs-tests.el (emacs-tests/bwrap/allows-stdout): New unit
test.
 2021-04-11 21:19:09 +02:00
Philipp Stephani
cf0701eff0 * lib-src/seccomp-filter.c (main): Also allow O_NOFOLLOW. 2021-04-11 21:14:41 +02:00
Philipp Stephani
ea5ea09244 Seccomp filter: allow reading the current time (Bug#47708). 
* lib-src/seccomp-filter.c (main): Allow reading the current time.
 2021-04-11 19:50:45 +02:00
Philipp Stephani
d06c54db1b Remove SCMP_FLTATR_CTL_LOG attribute from Seccomp filter. 
Whether or not we log failing syscalls isn't security-critical, and we
shouldn't care.

* lib-src/seccomp-filter.c (main): Remove log attribute.
 2021-04-11 16:41:44 +02:00
Philipp Stephani
5537836288 * lib-src/seccomp-filter.c: Print trailing newline. 2021-04-11 16:03:08 +02:00
Glenn Morris
81ffc43383 ; Fix copyright years 2021-04-10 12:24:09 -07:00
Philipp Stephani
1060289f51 Add a helper binary to create a basic Secure Computing filter. 
The binary uses the 'seccomp' helper library.  The library isn't
needed to load the generated Secure Computing filter.

* configure.ac: Check for 'seccomp' header and library.

* lib-src/seccomp-filter.c: New helper binary to generate a generic
Secure Computing filter for GNU/Linux.

* lib-src/Makefile.in (DONT_INSTALL): Add 'seccomp-filter' helper
binary if possible.
(all): Add Secure Computing filter file if possible.
(seccomp-filter$(EXEEXT)): Compile helper binary.
(seccomp-filter.bpf seccomp-filter.pfc): Generate filter files.

* test/src/emacs-tests.el (emacs-tests/seccomp/allows-stdout)
(emacs-tests/seccomp/forbids-subprocess): New unit tests.

* test/Makefile.in (src/emacs-tests.log): Add dependency on the helper
binary.
 2021-04-10 21:10:16 +02:00