isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

For preload DSO make copies of cmnd, argv, envp and map them read-only.

Browse Source
This commit is contained in:
Todd C. Miller
2022-07-25 19:56:54 -06:00
parent 226a6cd754
commit 5516cdcd5b
4 changed files with 114 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
lib/util/mmap_alloc.c
View File

@@ -121,6 +121,24 @@ sudo_mmap_strdup_v1(const char *str)
return newstr;
}
/*
* Set the page permissions for the allocation represented by "ptr" to
* read-only. Returns 0 on success, -1 on failure.
*/
int
sudo_mmap_protect_v1(void *ptr)
{
if (ptr != NULL) {
unsigned long *ulp = ptr;
const unsigned long size = ulp[-1];
return mprotect((void *)&ulp[-1], size, PROT_READ);
}
/* Can't protect NULL. */
errno = EINVAL;
return -1;
}
/*
* Free "ptr" allocated by sudo_mmap_alloc().
* The allocated size is stored (as unsigned long) in ptr[-1].
@@ -131,7 +149,9 @@ sudo_mmap_free_v1(void *ptr)
if (ptr != NULL) {
unsigned long *ulp = ptr;
const unsigned long size = ulp[-1];
int saved_errno = errno;
munmap((void *)&ulp[-1], size);
(void)munmap((void *)&ulp[-1], size);
errno = saved_errno;
}
}