vasilito/RedBear-OS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d1fb5744cbb2787ace63db3b779f29a506483c89
RedBear-OS/local/patches/relibc/absorbed/P3-exec-root-bypass.patch
T
vasilito 5851974b20 feat: build system transition to release fork + archive hardening 
Release fork infrastructure:
- REDBEAR_RELEASE=0.1.1 with offline enforcement (fetch/distclean/unfetch blocked)
- 195 BLAKE3-verified source archives in standard format
- Atomic provisioning via provision-release.sh (staging + .complete sentry)
- 5-phase improvement plan: restore format auto-detection, source tree
  validation (validate-source-trees.py), archive-map.json, REPO_BINARY fallback

Archive normalization:
- Removed 87 duplicate/unversioned archives from shared pool
- Regenerated all archives in consistent format with source/ + recipe.toml
- BLAKE3SUMS and manifest.json generated from stable tarball set

Patch management:
- verify-patches.sh: pre-sync dry-run report (OK/REVERSED/CONFLICT)
- 121 upstream-absorbed patches moved to absorbed/ directories
- 43 active patches verified clean against rebased sources
- Stress test: base updated to upstream HEAD, relibc reset and patched

Compilation fixes:
- relibc: Vec imports in redox-rt (proc.rs, lib.rs, sys.rs)
- relibc: unsafe from_raw_parts in mod.rs (2024 edition)
- fetch.rs: rev comparison handles short/full hash prefixes
- kibi recipe: corrected rev mismatch

New scripts: restore-sources.sh, provision-release.sh, verify-sources-archived.sh,
check-upstream-releases.sh, validate-source-trees.py, verify-patches.sh,
repair-archive-format.sh, generate-manifest.py

Documentation: AGENTS.md, README.md, local/AGENTS.md updated for release fork model
2026-05-02 01:41:17 +01:00

39 lines
1.3 KiB
Diff
Raw Blame History

diff --git a/src/platform/redox/exec.rs b/src/platform/redox/exec.rs
index 3590413c..1b4b96bb 100644
--- a/src/platform/redox/exec.rs
+++ b/src/platform/redox/exec.rs
@@ -127,18 +127,22 @@ pub fn execve(
// TODO: At some point we might have capabilities limiting the ability to allocate
// executable memory.
- let Resugid { ruid, rgid, .. } = redox_rt::sys::posix_getresugid();
-
- let mode = if ruid == stat.st_uid {
- (stat.st_mode >> 3 * 2) & 0o7
- } else if rgid == stat.st_gid {
- (stat.st_mode >> 3 * 1) & 0o7
- } else {
- stat.st_mode & 0o7
- };
+ let Resugid { ruid, euid, rgid, .. } = redox_rt::sys::posix_getresugid();
+
+ // Root (uid 0) bypasses execute permission checks, matching Linux behavior.
+ // Check both ruid and euid since Linux checks the effective UID.
+ if ruid != 0 && euid != 0 {
+ let mode = if ruid == stat.st_uid {
+ (stat.st_mode >> 3 * 2) & 0o7
+ } else if rgid == stat.st_gid {
+ (stat.st_mode >> 3 * 1) & 0o7
+ } else {
+ stat.st_mode & 0o7
+ };
- if mode & 0o1 == 0o0 {
- return Err(Error::new(EPERM));
+ if mode & 0o1 == 0o0 {
+ return Err(Error::new(EACCES));
+ }
}
let cwd: Box<[u8]> = super::path::clone_cwd().unwrap_or_default().into();
Reference in New Issue View Git Blame Copy Permalink