[PATCH] D96292: [llvm-objcopy] Drop S_ISUID and S_ISGID bits
Fangrui Song via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Mon Feb 8 14:10:44 PST 2021
MaskRay created this revision.
MaskRay added reviewers: dxf, llozano, manojgupta, rupprecht.
Herald added a reviewer: alexshap.
Herald added a reviewer: jhenderson.
Herald added a subscriber: abrachet.
MaskRay requested review of this revision.
Herald added a project: LLVM.
Herald added a subscriber: llvm-commits.
This addresses a vulnerability introduced in D62718 <https://reviews.llvm.org/D62718>.
chmod u+s,g+s,o+x a
sudo llvm-strip a
// a should not have set-user-ID or set-group-ID bits
No test because it is not testable on all file systems.
Repository:
rG LLVM Github Monorepo
https://reviews.llvm.org/D96292
Files:
llvm/tools/llvm-objcopy/llvm-objcopy.cpp
Index: llvm/tools/llvm-objcopy/llvm-objcopy.cpp
===================================================================
--- llvm/tools/llvm-objcopy/llvm-objcopy.cpp
+++ llvm/tools/llvm-objcopy/llvm-objcopy.cpp
@@ -256,9 +256,10 @@
Filename, static_cast<sys::fs::perms>(Stat.permissions() &
~sys::fs::getUmask())))
#else
+ // Drop umask, S_ISUID and S_ISGID bits.
if (auto EC = sys::fs::setPermissions(
FD, static_cast<sys::fs::perms>(Stat.permissions() &
- ~sys::fs::getUmask())))
+ ~(sys::fs::getUmask() | 06000))))
#endif
return createFileError(Filename, EC);
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D96292.322215.patch
Type: text/x-patch
Size: 740 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20210208/ee531d3f/attachment.bin>
More information about the llvm-commits
mailing list