fix: P27 caps init + P6 type errors and overlap with P5
P27: add caps: 0 to Context::new() default initialization.
P6: fix syscall::Error vs libredox::Error type mismatch (use ?),
fix usize->u32 casts for Resugid fields, remove P5 overlap
(issue/motd/consecutive_failures already in P5), add namespace
isolation to password-verified auth path.
All 39 kernel patches validate. Full image builds.
This commit is contained in:
@@ -1,5 +1,5 @@
|
||||
diff --git a/src/context/context.rs b/src/context/context.rs
|
||||
index 6d723f4..a0825ac 100644
|
||||
index 6d723f4..836ce25 100644
|
||||
--- a/src/context/context.rs
|
||||
+++ b/src/context/context.rs
|
||||
@@ -153,0 +154,3 @@ pub struct Context {
|
||||
@@ -13,7 +13,10 @@ index 6d723f4..a0825ac 100644
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
@@ -485,0 +495 @@ impl Context {
|
||||
@@ -210,0 +220,2 @@ impl Context {
|
||||
+ caps: 0,
|
||||
+
|
||||
@@ -485,0 +497 @@ impl Context {
|
||||
+ caps: self.caps,
|
||||
diff --git a/src/scheme/acpi.rs b/src/scheme/acpi.rs
|
||||
index 5d73469..7e1558a 100644
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
diff --git a/src/bin/login.rs b/src/bin/login.rs
|
||||
index 022fb47..a2807b2 100644
|
||||
index 022fb47..6e1fda6 100644
|
||||
--- a/src/bin/login.rs
|
||||
+++ b/src/bin/login.rs
|
||||
@@ -13,0 +14,3 @@ use userutils::spawn_shell;
|
||||
@@ -8,0 +9,3 @@ use std::str;
|
||||
+#[cfg(target_os = "redox")]
|
||||
+use redox_rt::sys::{posix_setresugid, Resugid};
|
||||
+
|
||||
@@ -38 +41 @@ const MOTD_FILE: &'static str = "/etc/motd";
|
||||
-const DEFAULT_SCHEMES: [&'static str; 26] = [
|
||||
+const DEFAULT_SCHEMES: [&'static str; 29] = [
|
||||
+const DEFAULT_SCHEMES: [&'static str; 28] = [
|
||||
@@ -65 +68,2 @@ const DEFAULT_SCHEMES: [&'static str; 26] = [
|
||||
- // Display schemes
|
||||
+ // Display schemes (DRM/KMS path for GPU drivers)
|
||||
@@ -19,14 +19,14 @@ index 022fb47..a2807b2 100644
|
||||
@@ -92,0 +99,17 @@ pub fn apply_login_schemes(
|
||||
+#[cfg(target_os = "redox")]
|
||||
+fn drop_privileges(user: &User<redox_users::auth::Full>) -> Result<()> {
|
||||
+ posix_setresugid(&Resugid {
|
||||
+ ruid: Some(user.uid),
|
||||
+ euid: Some(user.uid),
|
||||
+ suid: Some(user.uid),
|
||||
+ rgid: Some(user.gid),
|
||||
+ egid: Some(user.gid),
|
||||
+ sgid: Some(user.gid),
|
||||
+ })
|
||||
+ Ok(posix_setresugid(&Resugid {
|
||||
+ ruid: Some(user.uid as u32),
|
||||
+ euid: Some(user.uid as u32),
|
||||
+ suid: Some(user.uid as u32),
|
||||
+ rgid: Some(user.gid as u32),
|
||||
+ egid: Some(user.gid as u32),
|
||||
+ sgid: Some(user.gid as u32),
|
||||
+ })?)
|
||||
+}
|
||||
+
|
||||
+#[cfg(not(target_os = "redox"))]
|
||||
@@ -34,10 +34,9 @@ index 022fb47..a2807b2 100644
|
||||
+ Ok(())
|
||||
+}
|
||||
+
|
||||
@@ -177,0 +201,2 @@ pub fn main() {
|
||||
+
|
||||
@@ -177,0 +201 @@ pub fn main() {
|
||||
+ drop_privileges(user).unwrap_or_exit(1);
|
||||
@@ -200,0 +226,10 @@ pub fn main() {
|
||||
@@ -200,0 +225,9 @@ pub fn main() {
|
||||
+ let before_ns_fd =
|
||||
+ apply_login_schemes(user, &DEFAULT_SCHEMES).unwrap_or_exit(1);
|
||||
+
|
||||
@@ -46,11 +45,9 @@ index 022fb47..a2807b2 100644
|
||||
+ syscall::F_SETFD,
|
||||
+ syscall::O_CLOEXEC,
|
||||
+ );
|
||||
+
|
||||
+ drop_privileges(user).unwrap_or_exit(1);
|
||||
@@ -201,0 +237,5 @@ pub fn main() {
|
||||
@@ -201,0 +235,4 @@ pub fn main() {
|
||||
+ let _ = syscall::fcntl(before_ns_fd.raw(), syscall::F_SETFD, 0);
|
||||
+ let _ = libredox::call::close(
|
||||
+ libredox::call::setns(before_ns_fd.into_raw())
|
||||
+ .unwrap_or_exit(1),
|
||||
+ libredox::call::setns(before_ns_fd.into_raw()).unwrap_or_exit(1),
|
||||
+ );
|
||||
|
||||
Reference in New Issue
Block a user