[compiler-rt] [sanitizer] Disable writes to log files for binaries in a secure context. (PR #92593)

via llvm-commits llvm-commits at lists.llvm.org
Fri May 17 12:57:00 PDT 2024 

https://github.com/bigb4ng created https://github.com/llvm/llvm-project/pull/92593

Fix for https://github.com/google/sanitizers/issues/1130.

An original issue described by Szabolcs Nagy at https://seclists.org/oss-sec/2016/q1/363.

Implemented by disabling setting `log_path` in ASAN_OPTIONS to values other then "stderr" and "stdout".

The fix provided for Linux and Android API 18+ based on `AT_SECURE`  auxv variable (`man 3 getauxval` is your friend)..



>From 1f063317e2d67df3448f850bf143d0b7958135f9 Mon Sep 17 00:00:00 2001
From: bigb4ng <130478744+bigb4ng at users.noreply.github.com>
Date: Fri, 17 May 2024 07:26:39 +0300
Subject: [PATCH] [sanitizer] Disable writes to log files for binaries in a
 secure context.

Fix for https://github.com/google/sanitizers/issues/1130.

An original issue described by Szabolcs Nagy at https://seclists.org/oss-sec/2016/q1/363.
---
 .../lib/sanitizer_common/sanitizer_file.cpp     | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/compiler-rt/lib/sanitizer_common/sanitizer_file.cpp b/compiler-rt/lib/sanitizer_common/sanitizer_file.cpp
index 7ef499ce07b13..d9682145a62e4 100644
--- a/compiler-rt/lib/sanitizer_common/sanitizer_file.cpp
+++ b/compiler-rt/lib/sanitizer_common/sanitizer_file.cpp
@@ -19,6 +19,13 @@
 
 #include "sanitizer_common.h"
 #include "sanitizer_file.h"
+
+#if SANITIZER_LINUX || (SANITIZER_ANDROID && __ANDROID_API__ >= 18)
+// Android API as per https://developer.android.com/ndk/guides/cpu-features#features_using_libcs_getauxval3
+#  include <sys/auxv.h>
+#  define HAS_GETAUXVAL
+#endif
+
 #  include "sanitizer_interface_internal.h"
 
 namespace __sanitizer {
@@ -104,6 +111,16 @@ void ReportFile::SetReportPath(const char *path) {
     }
   }
 
+#ifdef HAS_GETAUXVAL
+  if (getauxval(AT_SECURE) != 0 && path &&
+      internal_strcmp(path, "stderr") != 0 &&
+      internal_strcmp(path, "stdout") != 0) {
+    Report(
+        "ERROR: Permission denied setting log_path for a binary in a secure context. You must run on a same priviledge level\n");
+    Die();
+  }
+#endif
+
   SpinMutexLock l(mu);
   if (fd != kStdoutFd && fd != kStderrFd && fd != kInvalidFd)
     CloseFile(fd);

More information about the llvm-commits mailing list