libnoaslr support for netbsd (#1366)
This commit is contained in:
David CARLIER
GitHub
parent
11fc57a5d7
commit
eb362c5c77
@ -15,5 +15,5 @@ anyhow = { version = "1.0.71", default-features = false }
|
|||||||
ctor = { version = "0.2.2", default-features = false }
|
ctor = { version = "0.2.2", default-features = false }
|
||||||
nix = { version = "0.26.2", default-features = false, features = ["process", "personality"] }
|
nix = { version = "0.26.2", default-features = false, features = ["process", "personality"] }
|
||||||
|
|
||||||
[target.'cfg(target_os = "freebsd")'.dependencies]
|
[target.'cfg(any(target_os = "freebsd", target_os = "netbsd"))'.dependencies]
|
||||||
libc = "0.2"
|
libc = "0.2"
|
||||||
|
|||||||
@ -1,8 +1,3 @@
|
|||||||
#[cfg(not(any(target_os = "linux", target_os = "android")))]
|
|
||||||
use {
|
|
||||||
anyhow::{anyhow, Result},
|
|
||||||
ctor::ctor,
|
|
||||||
};
|
|
||||||
#[cfg(any(target_os = "linux", target_os = "android"))]
|
#[cfg(any(target_os = "linux", target_os = "android"))]
|
||||||
use {
|
use {
|
||||||
anyhow::{anyhow, Result},
|
anyhow::{anyhow, Result},
|
||||||
@ -13,6 +8,12 @@ use {
|
|||||||
},
|
},
|
||||||
std::{ffi::CString, fs::File, io::Read},
|
std::{ffi::CString, fs::File, io::Read},
|
||||||
};
|
};
|
||||||
|
#[cfg(not(any(target_os = "linux", target_os = "android")))]
|
||||||
|
use {
|
||||||
|
anyhow::{anyhow, Result},
|
||||||
|
ctor::ctor,
|
||||||
|
std::ffi::CString,
|
||||||
|
};
|
||||||
|
|
||||||
#[cfg(any(target_os = "linux", target_os = "android"))]
|
#[cfg(any(target_os = "linux", target_os = "android"))]
|
||||||
fn read_null_lines(path: &str) -> Result<Vec<CString>> {
|
fn read_null_lines(path: &str) -> Result<Vec<CString>> {
|
||||||
@ -102,7 +103,99 @@ fn libnoaslr() -> Result<()> {
|
|||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
||||||
#[cfg(any(target_os = "linux", target_os = "android", target_os = "freebsd"))]
|
#[cfg(target_os = "netbsd")]
|
||||||
|
fn libnoaslr() -> Result<()> {
|
||||||
|
unsafe {
|
||||||
|
let mut aslr: i32 = 0;
|
||||||
|
let mut s = std::mem::size_of::<i32>();
|
||||||
|
let nm = CString::new("security.pax.aslr.enabled")
|
||||||
|
.map_err(|e| anyhow!("Failed to create sysctl oid: {e:}"))
|
||||||
|
.unwrap();
|
||||||
|
if libc::sysctlbyname(
|
||||||
|
nm.as_ptr(),
|
||||||
|
&mut aslr as *mut i32 as _,
|
||||||
|
&mut s,
|
||||||
|
std::ptr::null(),
|
||||||
|
0,
|
||||||
|
) < 0
|
||||||
|
{
|
||||||
|
return Err(anyhow!("Failed to get aslr status"));
|
||||||
|
}
|
||||||
|
|
||||||
|
if aslr > 0 {
|
||||||
|
return Err(anyhow!(
|
||||||
|
"Please disable aslr with sysctl -w security.pax.aslr.enabled=0 as privileged user"
|
||||||
|
));
|
||||||
|
}
|
||||||
|
let mib = &mut [
|
||||||
|
libc::CTL_KERN,
|
||||||
|
libc::KERN_PROC_ARGS,
|
||||||
|
libc::getpid(),
|
||||||
|
libc::KERN_PROC_ARGV,
|
||||||
|
];
|
||||||
|
let miblen = mib.len() as u32;
|
||||||
|
s = 0;
|
||||||
|
if libc::sysctl(
|
||||||
|
mib.as_mut_ptr(),
|
||||||
|
miblen,
|
||||||
|
std::ptr::null_mut(),
|
||||||
|
&mut s,
|
||||||
|
std::ptr::null_mut(),
|
||||||
|
0,
|
||||||
|
) < 0
|
||||||
|
{
|
||||||
|
return Err(anyhow!("Failed to get argv buffer"));
|
||||||
|
}
|
||||||
|
let mut pargs: Vec<i8> = Vec::with_capacity(s);
|
||||||
|
if libc::sysctl(
|
||||||
|
mib.as_mut_ptr(),
|
||||||
|
miblen,
|
||||||
|
pargs.as_mut_ptr() as _,
|
||||||
|
&mut s,
|
||||||
|
std::ptr::null_mut(),
|
||||||
|
0,
|
||||||
|
) < 0
|
||||||
|
{
|
||||||
|
return Err(anyhow!("Failed to get argv"));
|
||||||
|
}
|
||||||
|
mib[3] = libc::KERN_PROC_ENV;
|
||||||
|
s = 0;
|
||||||
|
if libc::sysctl(
|
||||||
|
mib.as_mut_ptr(),
|
||||||
|
miblen,
|
||||||
|
std::ptr::null_mut(),
|
||||||
|
&mut s,
|
||||||
|
std::ptr::null_mut(),
|
||||||
|
0,
|
||||||
|
) < 0
|
||||||
|
{
|
||||||
|
return Err(anyhow!("Failed to get env buffer"));
|
||||||
|
}
|
||||||
|
let mut penv: Vec<i8> = Vec::with_capacity(s);
|
||||||
|
if libc::sysctl(
|
||||||
|
mib.as_mut_ptr(),
|
||||||
|
miblen,
|
||||||
|
penv.as_mut_ptr() as _,
|
||||||
|
&mut s,
|
||||||
|
std::ptr::null_mut(),
|
||||||
|
0,
|
||||||
|
) < 0
|
||||||
|
{
|
||||||
|
return Err(anyhow!("Failed to get argv"));
|
||||||
|
}
|
||||||
|
let args = pargs.as_mut_ptr();
|
||||||
|
let env = penv.as_mut_ptr() as _;
|
||||||
|
libc::execvpe(args.add(0) as _, args as _, env);
|
||||||
|
}
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
|
#[cfg(any(
|
||||||
|
target_os = "linux",
|
||||||
|
target_os = "android",
|
||||||
|
target_os = "freebsd",
|
||||||
|
target_os = "netbsd"
|
||||||
|
))]
|
||||||
#[ctor]
|
#[ctor]
|
||||||
fn init() {
|
fn init() {
|
||||||
libnoaslr().unwrap();
|
libnoaslr().unwrap();
|
||||||
|
|||||||
@ -8,7 +8,6 @@ use {
|
|||||||
nix::unistd::execvp,
|
nix::unistd::execvp,
|
||||||
std::ffi::CString,
|
std::ffi::CString,
|
||||||
};
|
};
|
||||||
|
|
||||||
#[cfg(any(target_os = "linux", target_os = "android"))]
|
#[cfg(any(target_os = "linux", target_os = "android"))]
|
||||||
use {
|
use {
|
||||||
crate::args::Args,
|
crate::args::Args,
|
||||||
@ -60,7 +59,8 @@ fn disable_aslr() -> Result<()> {
|
|||||||
std::ptr::null_mut(),
|
std::ptr::null_mut(),
|
||||||
&disable as *const i32 as _,
|
&disable as *const i32 as _,
|
||||||
s,
|
s,
|
||||||
) < 0 {
|
) < 0
|
||||||
|
{
|
||||||
return Err(anyhow!("Failed to disable aslr"));
|
return Err(anyhow!("Failed to disable aslr"));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user