Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PR_SET_MDWE and PR_GET_MDWE #4

Closed
rusty-snake opened this issue Jul 28, 2023 · 1 comment
Closed

PR_SET_MDWE and PR_GET_MDWE #4

rusty-snake opened this issue Jul 28, 2023 · 1 comment

Comments

@rusty-snake
Copy link

Requesting support for PR_SET_MDWE and PR_GET_MDWE (Linux 6.3) as seen in the following PoC.

#![forbid(unsafe_op_in_unsafe_fn)]
#![allow(non_camel_case_types)]

use core::ffi::*;
use core::ptr;

type c_size_t = usize;
type c_off_t = i64;

const PR_SET_MDWE: i32 = 65;
//const PR_GET_MDWE: i32 = 66;

// Bitflags
const PR_MDWE_REFUSE_EXEC_GAIN: u64 = 1;

//const PROT_NONE: c_int = 0;
const PROT_READ: c_int = 1;
const PROT_WRITE: c_int = 2;
const PROT_EXEC: c_int = 4;

const MAP_PRIVATE: c_int = 0x0002;
const MAP_ANONYMOUS: c_int = 0x0020;

const MAP_FAILED: *mut c_void = -1 as _;

const EACCES: c_int = 13;

extern "C" {
    fn prctl(option: c_int, arg2: c_ulong, arg3: c_ulong, arg4: c_ulong, arg5: c_ulong) -> c_int;
    fn mmap(
        addr: *mut c_void,
        length: c_size_t,
        prot: c_int,
        flags: c_int,
        fd: c_int,
        offset: c_off_t,
    ) -> *mut c_void;
    fn mprotect(addr: *mut c_void, len: c_size_t, prot: c_int) -> c_int;
    fn __errno_location() -> *mut c_int;
}

fn prctl_set_mdwe(bits: u64) {
    let rv = unsafe { prctl(PR_SET_MDWE, bits, 0, 0, 0) };
    assert!(rv == 0);
}

fn main() {
    prctl_set_mdwe(PR_MDWE_REFUSE_EXEC_GAIN);

    let ptr1 = unsafe {
        mmap(
            ptr::null_mut(),
            4,
            PROT_WRITE | PROT_EXEC,
            MAP_PRIVATE | MAP_ANONYMOUS,
            -1,
            0,
        )
    };
    assert!(unsafe { *__errno_location() } == EACCES);
    assert!(ptr1 == MAP_FAILED);

    let ptr2 = unsafe {
        mmap(
            ptr::null_mut(),
            4,
            PROT_READ | PROT_WRITE,
            MAP_PRIVATE | MAP_ANONYMOUS,
            -1,
            0,
        )
    };
    let rv2 = unsafe { mprotect(ptr2, 4, PROT_EXEC) };
    assert!(unsafe { *__errno_location() } == EACCES);
    assert!(rv2 == -1);

    let ptr3 = unsafe {
        mmap(
            ptr::null_mut(),
            4,
            PROT_READ | PROT_EXEC,
            MAP_PRIVATE | MAP_ANONYMOUS,
            -1,
            0,
        )
    };
    let rv3 = unsafe { mprotect(ptr3, 4, PROT_EXEC) };
    assert!(rv3 == 0);
}
cptpcrd added a commit that referenced this issue Jul 30, 2023
@cptpcrd
feat(prctl): add PR_SET_MDWE/PR_GET_MDWE support
0fde16b 
Closes #4.
cptpcrd added a commit that referenced this issue Jul 30, 2023
@cptpcrd
feat(prctl): add PR_SET_MDWE/PR_GET_MDWE support
b53ba98 
Closes #4.
cptpcrd added a commit that referenced this issue Jul 30, 2023
@cptpcrd
feat(prctl): add PR_SET_MDWE/PR_GET_MDWE support
7136fb9 
Closes #4.
cptpcrd added a commit that referenced this issue Jul 30, 2023
@cptpcrd
release: v0.2.3
4b9ec47 
CHANGELOG:
- style(prctl): cargo fmt
- feat(prctl): add PR_SET_MDWE/PR_GET_MDWE support (#4)
@rusty-snake
Copy link
Author

btw, thanks. Choosing this crate was a good decision.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rusty-snake