mirror of
https://github.com/jart/cosmopolitan.git
synced 2024-05-17 02:52:40 +00:00
f94c11d978
The ape loader now passes the program executable name directly as a register. `x2` is used on aarch64, `%rdx` on x86_64. This is passed as the third argument to `cosmo()` (M1) or `Launch` (non-M1) and is assigned to the global `__program_executable_name`. `GetProgramExecutableName` now returns this global's value, setting it if it is initially null. `InitProgramExecutableName` first tries exotic, secure methods: `KERN_PROC_PATHNAME` on FreeBSD/NetBSD, and `/proc` on Linux. If those produce a reasonable response (i.e., not `"/usr/bin/ape"`, which happens with the loader before this change), that is used. Otherwise, if `issetugid()`, the empty string is used. Otherwise, the old argv/envp parsing code is run. The value returned from the loader is always the full absolute path of the binary to be executed, having passed through `realpath`. For the non-M1 loader, this necessitated writing `RealPath`, which uses `readlinkat` of `"/proc/self/fd/[progfd]"` on Linux, `F_GETPATH` on Xnu, and the `__realpath` syscall on OpenBSD. On FreeBSD/NetBSD, it punts to `GetProgramExecutableName`, which is secure on those OSes. With the loader, all platforms now have a secure program executable name. With no loader or an old loader, everything still works as it did, but setuid/setgid is not supported if the insecure pathfinding code would have been needed. Fixes #991. |
||
|---|---|---|
| .. | ||
| package | ||
| pyapp | ||
| pylife | ||
| BUILD.mk | ||
| clear.c | ||
| crashreport.c | ||
| ctrlc.c | ||
| date.c | ||
| dlopen.c | ||
| env.c | ||
| greenbean.c | ||
| gui.c | ||
| hangman.c | ||
| hello.c | ||
| hello2.c | ||
| hellolua.c | ||
| hellolua.lua | ||
| hiredis.c | ||
| kilo.c | ||
| life.c | ||
| linenoise.c | ||
| ls.c | ||
| nc.c | ||
| nesemu1.cc | ||
| parsefloat.c | ||
| pause.c | ||
| picol.c | ||
| portscan.c | ||
| print-struct.c | ||
| printargs.c | ||
| rusage.c | ||
| script.c | ||
| script.txt | ||
| seq.c | ||
| setcontext.c | ||
| setitimer.c | ||
| spawn_bench.c | ||
| stackexplorer.c | ||
| stat.c | ||
| statfs.c | ||
| stringbuffer.c | ||
| sysconf.c | ||
| sysinfo.c | ||
| system.c | ||
| ttyinfo.c | ||
| ucontext-sigfpe-recovery.c | ||
| uname.c | ||
| unbourne.c | ||
| vga.c | ||
| vga2.c | ||
| walk.c | ||
| wall.c | ||
| whois.c | ||