proot: fix undumpable tracees

* backport the patch from upstream. * fix crosscompilation (how did it ever work?) Closes #17764
2025-07-29 08:52:56 +02:00 · 2020-01-09 14:38:31 +01:00 · 2020-01-09 14:38:31 +01:00 · 7cd573d8db
commit 7cd573d8db
parent a5896cb370
3 changed files with 54 additions and 3 deletions
--- a/srcpkgs/proot/patches/1001-prevent-tracees-from-becoming-undumpable.patch
+++ b/srcpkgs/proot/patches/1001-prevent-tracees-from-becoming-undumpable.patch
@ -0,0 +1,48 @@
 # upstream: yes
 # https://github.com/proot-me/proot/pull/203
 # adapted to fit proot's old release
 From 2e796c5a0ed3c04d0816405422c8d6a25eccf5c2 Mon Sep 17 00:00:00 2001
 From: Michal Bednarski <bednarski.michal2@gmail.com>
 Date: Thu, 5 Sep 2019 15:19:08 +0200
 Subject: [PATCH] Prevent tracees from becoming undumpable
 --- src/syscall/enter.c
 +++ src/syscall/enter.c
@@ -26,7 +26,8 @@
 #include <linux/net.h>   /* SYS_*, */
 #include <fcntl.h>       /* AT_FDCWD, */
 #include <limits.h>      /* PATH_MAX, */
 -
 +#include <string.h>      /* strcpy */
 +#include <sys/prctl.h>   /* PR_SET_DUMPABLE */
 #include "syscall/syscall.h"
 #include "syscall/sysnum.h"
 #include "syscall/socket.h"
@@ -563,6 +564,15 @@
 		status = translate_path2(tracee, newdirfd, newpath, SYSARG_3, SYMLINK);
 		break;
 +
 +	case PR_prctl:
 +		/* Prevent tracees from setting dumpable flag.
 +		* (Otherwise it could break tracee memory access)  */
 +		if (peek_reg(tracee, CURRENT, SYSARG_1) == PR_SET_DUMPABLE) {
 +			set_sysnum(tracee, PR_void);
 +			status = 0;
 +		}
 +		break;
 	}
 end:
 --- src/syscall/seccomp.c
 +++ src/syscall/seccomp.c
@@ -377,6 +377,7 @@
 	{ PR_open,		0 },
 	{ PR_openat,		0 },
 	{ PR_pivot_root,	0 },
 +	{ PR_prctl,         0 },
 	{ PR_ptrace,		FILTER_SYSEXIT },
 	{ PR_readlink,		FILTER_SYSEXIT },
 	{ PR_readlinkat,	FILTER_SYSEXIT },
--- a/srcpkgs/proot/patches/makefile-fix-vars.patch
+++ b/srcpkgs/proot/patches/makefile-fix-vars.patch
@ -1,8 +1,11 @@
 --- src/GNUmakefile
 +++ src/GNUmakefile
-@@ -10,9 +10,9 @@
+@@ -8,11 +8,11 @@
 GIT      = git
 RM       = rm
 INSTALL  = install
- CC       = $(CROSS_COMPILE)gcc
+-CC       = $(CROSS_COMPILE)gcc
 +CC       ?= $(CROSS_COMPILE)gcc
 LD       = $(CC)
 -STRIP    = $(CROSS_COMPILE)strip
 -OBJCOPY  = $(CROSS_COMPILE)objcopy
--- a/srcpkgs/proot/template
+++ b/srcpkgs/proot/template
@ -1,7 +1,7 @@
 # Template file for 'proot'
 pkgname=proot
 version=5.1.0
-revision=6
+revision=7
 archs="x86_64* i686* aarch64* arm*"
 build_wrksrc=src
 build_style=gnu-makefile