This is an archive of the discontinued LLVM Phabricator instance.

Differential D96292

[llvm-objcopy] Drop S_ISUID and S_ISGID bits
AbandonedPublic

Authored by MaskRay on Feb 8 2021, 2:10 PM.

Details

Reviewers
dxf
llozano
manojgupta
rupprecht
alexander-shaposhnikov
jhenderson
Summary

This addresses a vulnerability introduced in D62718.

chmod u+s,g+s,o+x a
sudo llvm-strip a
// a should not have set-user-ID or set-group-ID bits

No test because it is not testable on all file systems.

Diff Detail

Unit TestsFailed

TimeTest
50 msx64 debian > Polly.ScopInfo::user_provided_assumptions.ll

Event Timeline

MaskRay created this revision.Feb 8 2021, 2:10 PM
Herald added a reviewer: alexander-shaposhnikov. · View Herald TranscriptFeb 8 2021, 2:10 PM
Herald added a reviewer: jhenderson. · View Herald Transcript
Herald added a subscriber: abrachet. · View Herald Transcript
MaskRay requested review of this revision.Feb 8 2021, 2:10 PM
Herald added a project: Restricted Project. · View Herald TranscriptFeb 8 2021, 2:10 PM
Herald added a subscriber: llvm-commits. · View Herald Transcript
manojgupta requested changes to this revision.Feb 8 2021, 2:18 PM

This change make further deviation from GNU tools. Lets wait for resolution of D93881. This will not be needed if D93881 is merged.

This revision now requires changes to proceed.Feb 8 2021, 2:18 PM
Harbormaster completed remote builds in B88355: Diff 322215.Feb 8 2021, 2:45 PM
MaskRay added a comment.EditedFeb 8 2021, 3:46 PM

This address llvm-strip exe and llvm-strip exe -o out.

https://sourceware.org/pipermail/binutils/2021-February/115282.html binutils is move to conditional in-place overwrite. I can sign up the work for llvm-objcopy.

jcai19 added a subscriber: jcai19.Feb 9 2021, 10:46 AM
MaskRay added a comment.Feb 15 2021, 11:22 AM
In D96292#2549683, @manojgupta wrote:

This change make further deviation from GNU tools. Lets wait for resolution of D93881. This will not be needed if D93881 is merged.

This change actually makes our behavior consistent with current GNU strip/objcopy. GNU strip/objcopy does not copy S_ISUID and S_ISGID bits.

chmod u+s,g+s,o+x a
sudo llvm-strip a -o b

Currently b has S_ISUID and S_ISGID bits.

manojgupta added a comment.Feb 16 2021, 8:34 AM
In D96292#2563966, @MaskRay wrote:
In D96292#2549683, @manojgupta wrote:

This change make further deviation from GNU tools. Lets wait for resolution of D93881. This will not be needed if D93881 is merged.

This change actually makes our behavior consistent with current GNU strip/objcopy. GNU strip/objcopy does not copy S_ISUID and S_ISGID bits.

chmod u+s,g+s,o+x a
sudo llvm-strip a -o b

Currently b has S_ISUID and S_ISGID bits.

Thanks @MaskRay for the example.
I agree that for the case of Output != Input, S_ISUID and S_ISGID bits should not be copied. The bits should be kept only when Output == Input .

MaskRay abandoned this revision.Feb 22 2021, 9:36 PM

I investigated the old and new binutils behaviors a bit. I think we need to do D97253: If input=output, preserve umask bits, otherwise drop S_ISUID/S_ISGID bits

chmod u+s,g+s,o+x a
sudo llvm-strip a -o b

is still a case that we want to change to match cp

Revision Contents

PathSize
llvm/
tools/
llvm-objcopy/
3 lines

Diff 322215

llvm/tools/llvm-objcopy/llvm-objcopy.cpp

Show First 20 LinesShow All 250 Lines▼ Show 20 Linesstatic Error restoreStatOnFile(StringRef Filename,
if (std::error_code EC = sys::fs::status(FD, OStat)) if (std::error_code EC = sys::fs::status(FD, OStat))
return createFileError(Filename, EC); return createFileError(Filename, EC);
if (OStat.type() == sys::fs::file_type::regular_file) if (OStat.type() == sys::fs::file_type::regular_file)
#ifdef _WIN32 #ifdef _WIN32
if (auto EC = sys::fs::setPermissions( if (auto EC = sys::fs::setPermissions(
Filename, static_cast<sys::fs::perms>(Stat.permissions() & Filename, static_cast<sys::fs::perms>(Stat.permissions() &
~sys::fs::getUmask()))) ~sys::fs::getUmask())))
#else #else
// Drop umask, S_ISUID and S_ISGID bits.
if (auto EC = sys::fs::setPermissions( if (auto EC = sys::fs::setPermissions(
FD, static_cast<sys::fs::perms>(Stat.permissions() & FD, static_cast<sys::fs::perms>(Stat.permissions() &
~sys::fs::getUmask()))) ~(sys::fs::getUmask() | 06000))))
#endif #endif
return createFileError(Filename, EC); return createFileError(Filename, EC);
if (auto EC = sys::Process::SafelyCloseFileDescriptor(FD)) if (auto EC = sys::Process::SafelyCloseFileDescriptor(FD))
return createFileError(Filename, EC); return createFileError(Filename, EC);
return Error::success(); return Error::success();
} }
▲ Show 20 LinesShow All 102 LinesShow Last 20 Lines