This new flag controls two things:
- Whether the kernel will generate core dumps for the process
- Whether the EUID:EGID should own the process's files in /proc
Processes are automatically made non-dumpable when their EUID or EGID is
changed, either via syscalls that specifically modify those ID's, or via
sys$execve(), when a set-uid or set-gid program is executed.
A process can change its own dumpable flag at any time by calling the
new sys$prctl(PR_SET_DUMPABLE) syscall.
Fixes#4504.
This is instead of the UID:GID, since that was allowing some very bad
information leaks like spawning "su" as an unprivileged user and having
full /proc access to it.
Work towards #4504.
If the allocation fails (e.g ENOMEM) we want to simply return an error
from sys$execve() and continue executing the current executable.
This patch also moves make_userspace_stack_for_main_thread() out of the
Thread class since it had nothing in particular to do with Thread.
We were using ring 0 selectors everywhere (the bottom 3 bits of a
selector determines the ring.) This doesn't really make any practical
difference since UE doesn't run code in other rings anyway, but let's
have correct-looking segment selectors. :^)
Process had a couple of members whose only purpose was holding on to
some temporary data while building the auxiliary vector. Remove those
members and move the vector building to a free function in execve.cpp
Make it possible to bail out of ELF::Image::for_each_program_header()
and then do exactly that if something goes wrong during executable
loading in the kernel.
Also make the errors we return slightly more nuanced than just ENOEXEC.
POSIX says we can set errno EINVAL and return -1 if the action is not
supported. This is better than crashing, and fixes bash crashing
whenever you press ^C.
Get rid of the lambda functions and put the logic inline in the program
header traversal loop instead. This makes the code quite a bit shorter
and hopefully makes it easier to see what's going on.
This commit gets rid of ELF::Loader entirely since its very ambiguous
purpose was actually to load executables for the kernel, and that is
now handled by the kernel itself.
This patch includes some drive-by cleanup in LibDebug and CrashDaemon
enabled by the fact that we no longer need to keep the ref-counted
ELF::Loader around.
It was really weird that ELF loading was performed by the ELF::Loader
class instead of just being done by the kernel itself. This patch moves
all the layout logic from ELF::Loader over to sys$execve().
The kernel no longer cares about ELF::Loader and instead only uses an
ELF::Image as an interpreting wrapper around executables.
Now that the CrashDaemon symbolicates crashes in userspace, let's take
this one step further and stop trying to symbolicate userspace programs
in the kernel at all.
Let's just say no to shenanigans by capping images at 16384 pixels both
wide and tall. If a day comes in the future where we need to handle
images larger than this, we can deal with it then.
We now configure the gcc spec files to use a different crt files for
static & PIE binaries.
This relieves us from the need to explicitly specify the desired crt0
file in cmake scripts.
CMake tests usually takes ~40 seconds. However, sometimes it deadlocks
and is only timed out after the 6 hour time limit.
Let's set a 2 minute timeout to make it fail sooner. 2 minutes instead
of 1 for good measure.
Problem:
- The first lint check that fails results in all subsequent checks not
being run.
Solution:
- Run all the lint checks aggregating the number of failures.
- Return a non-0 exit code if any have failed.
Problem:
- It is possible for a new test file to be added to the `AK/Tests`
directory without being added to the corresponding
`CMakeLists.txt`. This results in the tests not being run.
Solution:
- As part of CI linting, verify that all the `AK/Tests/Test*.cpp`
files are mentioned in the `CMakeLists.txt`.
With everything now using GUI::FileIconProvider and therefore loading
icons embedded in the executable files, this information is now longer
being used.
We might have to think about this again if we want to allow .af files
with custom commands (e.g. shell scripts). Maybe those could get away
with just an "Icon" entry under "[App]", but currently there's only
"Executable" anyway.
Problem:
- These utility functions are only used in `AK`, but are being defined
in the top-level. This clutters the top-level.
Solution:
- Move the utility functions to `Meta/CMake/utils.cmake` and include
where needed.
- Also, move `all_the_debug_macros.cmake` into `Meta/CMake` directory
to consolidate the location of `*.cmake` script files.
ProcFS /proc/<pid>/vm map info no longer contains two `purgeable` keys.
The second `purgeable` key has been removed and replaced with keys for
`kernel` and `cacheable`.
Browser supports very few protocols (http, https, gemini, file) at the
moment, so there's no point in using it as a catch-all and default
protocol handler. I added an explicit association for gemini to
/bin/Browser instead.
This stops Desktop::Launcher::open() from reporting success for any URL,
which really isn't the case (Browser shows an error page...).
open(1) was able to handle most URLs as well as paths, but not file://
URLs (which occur when dragging something from the output of ls, for
example). We have to create an URL from the user-supplied argument using
create_with_url_or_path(), check whether it's a file:// URL or not and
*then* use real_path_for() on the URL's path().
