vasilito/RedBear-OS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Code review fixes: branding consistency, exec euid check, netdb retry robustness

Browse Source 
- Fix login prompt: 'RedBear login:' → 'Red Bear login:' (consistent branding)
- exec-root-bypass: check both ruid and euid for root bypass (Linux checks effective UID)
- netdb-retry: remove dead variables, check send() return on retry, clarify timeout comment
This commit is contained in:
Vasilito
2026-04-25 20:27:19 +01:00
parent e62acb2ebb
commit 7edce33927
3 changed files with 80 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files
local/patches/relibc/P3-exec-root-bypass.patch
+10 -5
View File
@@ -1,11 +1,13 @@
diff --git a/src/platform/redox/exec.rs b/src/platform/redox/exec.rs diff --git a/src/platform/redox/exec.rs b/src/platform/redox/exec.rs
index 3590413c..1dc131dd 100644 index 3590413c..1b4b96bb 100644
--- a/src/platform/redox/exec.rs --- a/src/platform/redox/exec.rs
+++ b/src/platform/redox/exec.rs +++ b/src/platform/redox/exec.rs
@@ -129,16 +129,19 @@ pub fn execve( @@ -127,18 +127,22 @@ pub fn execve(
// TODO: At some point we might have capabilities limiting the ability to allocate
let Resugid { ruid, rgid, .. } = redox_rt::sys::posix_getresugid(); // executable memory.
- let Resugid { ruid, rgid, .. } = redox_rt::sys::posix_getresugid();
-
- let mode = if ruid == stat.st_uid { - let mode = if ruid == stat.st_uid {
- (stat.st_mode >> 3 * 2) & 0o7 - (stat.st_mode >> 3 * 2) & 0o7
- } else if rgid == stat.st_gid { - } else if rgid == stat.st_gid {
@@ -13,8 +15,11 @@ index 3590413c..1dc131dd 100644
- } else { - } else {
- stat.st_mode & 0o7 - stat.st_mode & 0o7
- }; - };
+ let Resugid { ruid, euid, rgid, .. } = redox_rt::sys::posix_getresugid();
+
+ // Root (uid 0) bypasses execute permission checks, matching Linux behavior. + // Root (uid 0) bypasses execute permission checks, matching Linux behavior.
+ if ruid != 0 { + // Check both ruid and euid since Linux checks the effective UID.
+ if ruid != 0 && euid != 0 {
+ let mode = if ruid == stat.st_uid { + let mode = if ruid == stat.st_uid {
+ (stat.st_mode >> 3 * 2) & 0o7 + (stat.st_mode >> 3 * 2) & 0o7
+ } else if rgid == stat.st_gid { + } else if rgid == stat.st_gid {
local/patches/relibc/P3-netdb-lookup-retry-fix.patch
+56 -57
View File
@@ -1,12 +1,9 @@
diff --git a/src/header/netdb/lookup.rs b/src/header/netdb/lookup.rs diff --git a/src/header/netdb/lookup.rs b/src/header/netdb/lookup.rs
index 0734eec6..1789bc2e 100644 index 0734eec6..ccb00b65 100644
--- a/src/header/netdb/lookup.rs --- a/src/header/netdb/lookup.rs
+++ b/src/header/netdb/lookup.rs +++ b/src/header/netdb/lookup.rs
@@ -15,9 +15,10 @@ use crate::header::{ @@ -17,10 +17,11 @@ use crate::header::{
bits_timespec::timespec,
errno::*,
netinet_in::{IPPROTO_UDP, in_addr, sockaddr_in}, netinet_in::{IPPROTO_UDP, in_addr, sockaddr_in},
+ sys_select::timeval,
sys_socket::{ sys_socket::{
self, self,
- constants::{AF_INET, SOCK_DGRAM}, - constants::{AF_INET, SOCK_DGRAM},
@@ -14,79 +11,81 @@ index 0734eec6..1789bc2e 100644
sockaddr, sockaddr,
}, },
time, time,
@@ -89,11 +90,37 @@ pub fn lookup_host(host: &str) -> Result<LookupHost, c_int> { + sys_select::timeval,
};
use super::{
@@ -89,11 +90,34 @@ pub fn lookup_host(host: &str) -> Result<LookupHost, c_int> {
drop(Box::from_raw(packet_data_ptr)); drop(Box::from_raw(packet_data_ptr));
} }
- let i = 0 as socklen_t; - let i = 0 as socklen_t;
+ // Prevent indefinite blocking when DNS server is unreachable (5s timeout).
+ unsafe {
+ let tv = timeval {
+ tv_sec: 5,
+ tv_usec: 0,
+ };
+ let _ = sys_socket::setsockopt(
+ sock,
+ SOL_SOCKET,
+ SO_RCVTIMEO,
+ ptr::from_ref(&tv) as *const c_void,
+ mem::size_of::<timeval>() as socklen_t,
+ );
+ }
+
let mut buf = vec![0u8; 65536]; let mut buf = vec![0u8; 65536];
let buf_ptr = buf.as_mut_ptr().cast::<c_void>(); let buf_ptr = buf.as_mut_ptr().cast::<c_void>();
- let count = unsafe { sys_socket::recv(sock, buf_ptr, 65536, 0) }; - let count = unsafe { sys_socket::recv(sock, buf_ptr, 65536, 0) };
+ let mut count: isize = -1; + // Set 5s recv timeout (best-effort; if this fails, recv may block longer).
+ for attempt in 0..2 { + let tv = timeval {
+ if attempt > 0 { + tv_sec: 5,
+ if unsafe { sys_socket::send(sock, packet_data_ptr as *const c_void, packet_data_len, 0) } < 0 { + tv_usec: 0,
+ break; + };
+ }
+ }
+ count = unsafe { sys_socket::recv(sock, buf_ptr, 65536, 0) };
+ if count >= 0 {
+ break;
+ }
+ }
+ let _ = crate::header::unistd::close(sock);
if count < 0 {
return Err(EIO);
}
@@ -197,7 +224,34 @@ pub fn lookup_addr(addr: in_addr) -> Result<Vec<Vec<u8>>, c_int> {
let mut buf = [0u8; 65536];
let buf_ptr = buf.as_mut_ptr().cast::<c_void>();
- let count = unsafe { sys_socket::recv(sock, buf_ptr, 65536, 0) };
+ // Prevent indefinite blocking when DNS server is unreachable (5s timeout).
+ unsafe { + unsafe {
+ let tv = timeval { + sys_socket::setsockopt(
+ tv_sec: 5,
+ tv_usec: 0,
+ };
+ let _ = sys_socket::setsockopt(
+ sock, + sock,
+ SOL_SOCKET, + SOL_SOCKET,
+ SO_RCVTIMEO, + SO_RCVTIMEO,
+ ptr::from_ref(&tv) as *const c_void, + &tv as *const timeval as *const c_void,
+ mem::size_of::<timeval>() as socklen_t, + core::mem::size_of::<timeval>() as socklen_t,
+ ); + );
+ } + }
+ +
+ let mut count: isize = -1; + let mut count: isize = -1;
+ for attempt in 0..2 { + for _attempt in 0..2 {
+ if attempt > 0 {
+ if unsafe { sys_socket::send(sock, packet_data_ptr as *const c_void, packet_data_len, 0) } < 0 {
+ break;
+ }
+ }
+ count = unsafe { sys_socket::recv(sock, buf_ptr, 65536, 0) }; + count = unsafe { sys_socket::recv(sock, buf_ptr, 65536, 0) };
+ if count >= 0 { + if count >= 0 {
+ break; + break;
+ } + }
+ if unsafe { sys_socket::send(sock, packet_data_ptr, packet_data_len, 0) } < 0 {
+ break;
+ }
+ }
if count < 0 {
return Err(EIO);
}
@@ -193,11 +217,34 @@ pub fn lookup_addr(addr: in_addr) -> Result<Vec<Vec<u8>>, c_int> {
drop(Box::from_raw(packet_data_ptr));
}
- let i = mem::size_of::<sockaddr_in>() as socklen_t;
let mut buf = [0u8; 65536];
let buf_ptr = buf.as_mut_ptr().cast::<c_void>();
- let count = unsafe { sys_socket::recv(sock, buf_ptr, 65536, 0) };
+ // Set 5s recv timeout (best-effort; if this fails, recv may block longer).
+ let tv = timeval {
+ tv_sec: 5,
+ tv_usec: 0,
+ };
+ unsafe {
+ sys_socket::setsockopt(
+ sock,
+ SOL_SOCKET,
+ SO_RCVTIMEO,
+ &tv as *const timeval as *const c_void,
+ core::mem::size_of::<timeval>() as socklen_t,
+ );
+ }
+
+ let mut count: isize = -1;
+ for _attempt in 0..2 {
+ count = unsafe { sys_socket::recv(sock, buf_ptr, 65536, 0) };
+ if count >= 0 {
+ break;
+ }
+ if unsafe { sys_socket::send(sock, packet_data_ptr, packet_data_len, 0) } < 0 {
+ break;
+ }
+ } + }
+ let _ = crate::header::unistd::close(sock);
if count < 0 { if count < 0 {
return Err(EIO); return Err(EIO);
} }
local/patches/userutils/redox.patch
+14 -1
View File
@@ -13,7 +13,7 @@ index 6a963d8..59ffbd4 100644
+# `user` # +# `user` #
+# `root`:`password` # +# `root`:`password` #
+################################ +################################
diff --git a/res/motd b/res/motd diff --git a/res/motd b/res/motd
index 5cd097a..dc28b04 100644 index 5cd097a..dc28b04 100644
--- a/res/motd --- a/res/motd
@@ -22,3 +22,16 @@ index 5cd097a..dc28b04 100644
-Welcome to Redox OS! -Welcome to Redox OS!
+Welcome to Red Bear OS! +Welcome to Red Bear OS!
diff --git a/src/bin/login.rs b/src/bin/login.rs
index 08e178c..f7f337a 100644
--- a/src/bin/login.rs
+++ b/src/bin/login.rs
@@ -135,7 +135,7 @@ pub fn main() {
loop {
let user = liner::Context::new()
.read_line(
- liner::Prompt::from("\x1B[1mredox login:\x1B[0m "),
+ liner::Prompt::from("\x1B[1mRed Bear login:\x1B[0m "),
None,
&mut liner::BasicCompleter::new(Vec::<String>::new()),
)