Skip to content

Commit 44be8cf

Browse files
al45tairal45tair
committed
[Backtracing][Runtime] Disable backtraces for setuid binaries.
We really, really shouldn't be running the external backtracer for setuid binaries. It's just too dangerous. So don't do that. And if someone tries to force us, emit a warning. rdar://105391747
1 parent 2f0e379 commit 44be8cf

File tree

1 file changed

+29
-4
lines changed

1 file changed

+29
-4
lines changed

stdlib/public/runtime/Backtrace.cpp

Lines changed: 29 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -217,15 +217,20 @@ const char *presetToString(Preset preset) {
217217
BacktraceInitializer::BacktraceInitializer() {
218218
const char *backtracing = swift::runtime::environment::SWIFT_BACKTRACE();
219219

220+
#if !_WIN32
221+
// Force off for setuid processes.
222+
if (issetugid()) {
223+
_swift_backtraceSettings.enabled = OnOffTty::Off;
224+
}
225+
#endif
226+
220227
if (backtracing)
221228
_swift_parseBacktracingSettings(backtracing);
222229

223230
#if TARGET_OS_OSX
224-
// Make sure that we don't pass on setuid privileges, and that all fds
225-
// are closed except for stdin/stdout/stderr.
231+
// Make sure that all fds are closed except for stdin/stdout/stderr.
226232
posix_spawnattr_init(&backtraceSpawnAttrs);
227-
posix_spawnattr_setflags(&backtraceSpawnAttrs,
228-
POSIX_SPAWN_RESETIDS | POSIX_SPAWN_CLOEXEC_DEFAULT);
233+
posix_spawnattr_setflags(&backtraceSpawnAttrs, POSIX_SPAWN_CLOEXEC_DEFAULT);
229234

230235
posix_spawn_file_actions_init(&backtraceFileActions);
231236
posix_spawn_file_actions_addinherit_np(&backtraceFileActions, STDIN_FILENO);
@@ -241,6 +246,26 @@ BacktraceInitializer::BacktraceInitializer() {
241246
_swift_backtraceSettings.enabled = OnOffTty::Off;
242247
}
243248
#else
249+
#if !_WIN32
250+
if (issetugid()) {
251+
if (_swift_backtraceSettings.enabled != OnOffTty::Off) {
252+
// You'll only see this warning if you do e.g.
253+
//
254+
// SWIFT_BACKTRACE=enable=on /path/to/some/setuid/binary
255+
//
256+
// as opposed to
257+
//
258+
// /path/to/some/setuid/binary
259+
//
260+
// i.e. when you're trying to force matters.
261+
swift::warning(0,
262+
"swift runtime: backtrace-on-crash is not supported for "
263+
"setuid executables.\n");
264+
_swift_backtraceSettings.enabled = OnOffTty::Off;
265+
}
266+
}
267+
#endif // !_WIN32
268+
244269
if (_swift_backtraceSettings.enabled == OnOffTty::TTY)
245270
_swift_backtraceSettings.enabled =
246271
isStdoutATty() ? OnOffTty::On : OnOffTty::Off;

0 commit comments

Comments
 (0)