Add arm-specific code to set the system call number.
Fixes rejection of commands due to policy on arm when in intercept mode.
This commit is contained in:
Todd C. Miller
@@ -84,12 +84,12 @@ get_syscallno(struct sudo_ptrace_regs *regs)
|
||||
}
|
||||
|
||||
static inline void
|
||||
set_syscallno(struct sudo_ptrace_regs *regs, int syscallno)
|
||||
set_syscallno(pid_t pid, struct sudo_ptrace_regs *regs, int syscallno)
|
||||
{
|
||||
if (regs->compat) {
|
||||
compat_reg_syscall(regs->u.compat) = syscallno;
|
||||
compat_reg_set_syscall(regs->u.compat, syscallno);
|
||||
} else {
|
||||
reg_syscall(regs->u.native) = syscallno;
|
||||
reg_set_syscall(regs->u.native, syscallno);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -194,9 +194,9 @@ get_syscallno(struct sudo_ptrace_regs *regs)
|
||||
}
|
||||
|
||||
static inline void
|
||||
set_syscallno(struct sudo_ptrace_regs *regs, int syscallno)
|
||||
set_syscallno(pid_t pid, struct sudo_ptrace_regs *regs, int syscallno)
|
||||
{
|
||||
reg_syscall(regs->u.native) = syscallno;
|
||||
reg_set_syscall(regs->u.native, syscallno);
|
||||
}
|
||||
|
||||
static inline unsigned long
|
||||
@@ -687,7 +687,7 @@ ptrace_fail_syscall(pid_t pid, struct sudo_ptrace_regs *regs, int ecode)
|
||||
debug_decl(ptrace_fail_syscall, SUDO_DEBUG_EXEC);
|
||||
|
||||
/* Cause the syscall to fail by changing its number to -1. */
|
||||
set_syscallno(regs, -1);
|
||||
set_syscallno(pid, regs, -1);
|
||||
if (!ptrace_setregs(pid, regs)) {
|
||||
sudo_warn(U_("unable to set registers for process %d"), (int)pid);
|
||||
debug_return_bool(false);
|
||||
|
||||
@@ -74,6 +74,13 @@
|
||||
# define reg_arg2(x) (x).regs[1] /* x1 */
|
||||
# define reg_arg3(x) (x).regs[2] /* x2 */
|
||||
# define reg_arg4(x) (x).regs[3] /* x3 */
|
||||
# define reg_set_syscall(_r, _nr) do { \
|
||||
struct iovec _iov; \
|
||||
long syscallno = (_nr); \
|
||||
_iov.iov_base = &syscallno; \
|
||||
_iov.iov_len = sizeof(syscallno); \
|
||||
ptrace(PTRACE_SETREGSET, pid, NT_ARM_SYSTEM_CALL, &_iov); \
|
||||
} while (0)
|
||||
#elif defined(__arm__)
|
||||
/* Note: assumes arm EABI, not OABI */
|
||||
/* Untested */
|
||||
@@ -86,6 +93,9 @@
|
||||
# define reg_arg2(x) (x).ARM_r1
|
||||
# define reg_arg3(x) (x).ARM_r2
|
||||
# define reg_arg4(x) (x).ARM_r3
|
||||
# define reg_set_syscall(_r, _nr) do { \
|
||||
ptrace(PTRACE_SET_SYSCALL, pid, NULL, _nr); \
|
||||
} while (0)
|
||||
#elif defined (__hppa__)
|
||||
/* Untested (should also support hppa64) */
|
||||
# define SECCOMP_AUDIT_ARCH AUDIT_ARCH_PARISC
|
||||
@@ -228,6 +238,9 @@ struct arm_pt_regs {
|
||||
# define compat_reg_arg2(x) (x).uregs[1] /* r1 */
|
||||
# define compat_reg_arg3(x) (x).uregs[2] /* r2 */
|
||||
# define compat_reg_arg4(x) (x).uregs[3] /* r3 */
|
||||
# define compat_reg_set_syscall(_r, _nr) do { \
|
||||
ptrace(PTRACE_SET_SYSCALL, pid, NULL, _nr); \
|
||||
} while (0)
|
||||
#elif defined(__powerpc64__)
|
||||
struct ppc_pt_regs {
|
||||
unsigned int gpr[32];
|
||||
@@ -263,6 +276,18 @@ struct ppc_pt_regs {
|
||||
# define compat_reg_set_retval(_r, _v) reg_set_retval(_r, _v)
|
||||
#endif
|
||||
|
||||
/* Set the syscall number the "normal" way by default. */
|
||||
#ifndef reg_set_syscall
|
||||
# define reg_set_syscall(_r, _nr) do { \
|
||||
reg_syscall(_r) = (_nr); \
|
||||
} while (0)
|
||||
#endif
|
||||
#ifndef compat_reg_set_syscall
|
||||
# define compat_reg_set_syscall(_r, _nr) do { \
|
||||
compat_reg_syscall(_r) = (_nr); \
|
||||
} while (0)
|
||||
#endif
|
||||
|
||||
/* Set the syscall return value the "normal" way by default. */
|
||||
#ifndef reg_set_retval
|
||||
# define reg_set_retval(_r, _v) do { \
|
||||
|
||||
Reference in New Issue
Block a user