Add POSIX_SPAWN_DISABLE_ASLR_NP
ClosedPublic
Actions

Authored by kib on Mar 3 2024, 1:40 PM.

Details

Reviewers

emaste
kevans

Commits

rG822042fdfca7: posix_spawn(3): add POSIX_SPAWN_DISABLE_ASLR_NP
rG80ac36c3a2a8: posix_spawnattr_setflags(3): validate argument

Summary

posix_spawnattr_setflags(3): validate argument

posix_spawn(3): add POSIX_SPAWN_DISABLE_ASLR_NP
    
similar to Apple _POSIX_SPAWN_DISABLE_ASLR

This is less trivial then it seems.
First, flags argument for spawnattrs is only short, as mandated by POSIX. I considered adding posix_spawnattr_setflags_np() for implementation-specific namespace, but decided to be more similar to Apple there.
Second, the setting is inherited by children of the spawn process. Is it fine? For me yes.

Another NP flag that might be useful is to do ptrace(PT_TRACEME), but I did not found a precedent. While the ASLR flag is provided by Apple as _POSIX_SPAWN_DISABLE_ASLR.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

kib created this revision.Mar 3 2024, 1:40 PM

Herald added a subscriber: imp. · View Herald TranscriptMar 3 2024, 1:40 PM

kib requested review of this revision.Mar 3 2024, 1:40 PM

Second, the setting is inherited by children of the spawn process. Is it fine? For me yes.

IMO that's probably ideal, even- from one perspective, if this new process needs ALSR disables then I think there's a very non-trivial chance that it will need to spawn other processes that might need ALSR disabled (e.g., other binaries part of the same project)

This revision is now accepted and ready to land.Mar 3 2024, 2:45 PM

I'm not 100% certain about the name (_NP suffix vs Apple's _ prefix) but that can always be dealt with later.
I see qnx offers a posix_spawnattr_setaslr(), as well as (bizarrely) POSIX_SPAWN_ASLR_INVERT which toggles the state for the child.