[compiler-rt] [sanitizer] Disable writes to log files for binaries in a secure context. (PR #92593)

Fri May 17 16:13:10 PDT 2024

https://github.com/bigb4ng updated https://github.com/llvm/llvm-project/pull/92593

>From 8384a68f313ef5e206dc6881e22ac90a27375590 Mon Sep 17 00:00:00 2001
From: bigb4ng <130478744+bigb4ng at users.noreply.github.com>
Date: Fri, 17 May 2024 07:26:39 +0300
Subject: [PATCH] [sanitizer] Disable using log_path with AT_SECURE.

Fix for https://github.com/google/sanitizers/issues/1130.

An original issue described by Szabolcs Nagy at https://seclists.org/oss-sec/2016/q1/363.
---
 .../lib/sanitizer_common/sanitizer_file.cpp   | 30 ++++++++++++++-----
 1 file changed, 22 insertions(+), 8 deletions(-)

diff --git a/compiler-rt/lib/sanitizer_common/sanitizer_file.cpp b/compiler-rt/lib/sanitizer_common/sanitizer_file.cpp
index 7ef499ce07b13..7c7b4187f0a2b 100644
--- a/compiler-rt/lib/sanitizer_common/sanitizer_file.cpp
+++ b/compiler-rt/lib/sanitizer_common/sanitizer_file.cpp
@@ -17,8 +17,9 @@
 
 #if !SANITIZER_FUCHSIA
 
-#include "sanitizer_common.h"
-#include "sanitizer_file.h"
+#  include "sanitizer_common.h"
+#  include "sanitizer_file.h"
+#  include "sanitizer_getauxval.h"
 #  include "sanitizer_interface_internal.h"
 
 namespace __sanitizer {
@@ -36,7 +37,8 @@ void RawWrite(const char *buffer) {
 
 void ReportFile::ReopenIfNecessary() {
   mu->CheckLocked();
-  if (fd == kStdoutFd || fd == kStderrFd) return;
+  if (fd == kStdoutFd || fd == kStderrFd)
+    return;
 
   uptr pid = internal_getpid();
   // If in tracer, use the parent's file.
@@ -104,6 +106,17 @@ void ReportFile::SetReportPath(const char *path) {
     }
   }
 
+  // This is so we can use the weak definition from sanitizer_getauxval.h
+  if (&getauxval && getauxval(/* AT_SECURE */ 23) != 0 && path &&
+      internal_strcmp(path, "stderr") != 0 &&
+      internal_strcmp(path, "stdout") != 0) {
+    Report(
+        "ERROR: log_path must be 'stderr' or 'stdout' for AT_SECURE "
+        "(e.g. setuid binaries), is '%s'\n",
+        path);
+    Die();
+  }
+
   SpinMutexLock l(mu);
   if (fd != kStdoutFd && fd != kStderrFd && fd != kInvalidFd)
     CloseFile(fd);
@@ -137,7 +150,7 @@ bool ReadFileToBuffer(const char *file_name, char **buff, uptr *buff_size,
   // The files we usually open are not seekable, so try different buffer sizes.
   for (uptr size = kMinFileLen;; size = Min(size * 2, max_len)) {
     UnmapOrDie(*buff, *buff_size);
-    *buff = (char*)MmapOrDie(size, __func__);
+    *buff = (char *)MmapOrDie(size, __func__);
     *buff_size = size;
     fd_t fd = OpenFile(file_name, RdOnly, errno_p);
     if (fd == kInvalidFd) {
@@ -223,13 +236,14 @@ char *FindPathToBinary(const char *name) {
       if (FileExists(buffer.data()))
         return internal_strdup(buffer.data());
     }
-    if (*end == '\0') break;
+    if (*end == '\0')
+      break;
     beg = end + 1;
   }
   return nullptr;
 }
 
-} // namespace __sanitizer
+}  // namespace __sanitizer
 
 using namespace __sanitizer;
 
@@ -239,13 +253,13 @@ void __sanitizer_set_report_path(const char *path) {
 }
 
 void __sanitizer_set_report_fd(void *fd) {
-  report_file.fd = (fd_t)reinterpret_cast<uptr>(fd);
+  report_file.fd = (fd_t) reinterpret_cast<uptr>(fd);
   report_file.fd_pid = internal_getpid();
 }
 
 const char *__sanitizer_get_report_path() {
   return report_file.GetReportPath();
 }
-} // extern "C"
+}  // extern "C"
 
 #endif  // !SANITIZER_FUCHSIA

