[*] POSIX hardening: dont COW this futex

2024-01-21 18:41:53 +00:00 · 2024-01-21 18:41:53 +00:00 · 98e76f0832
commit 98e76f0832
parent 75f39b9858
3 changed files with 17 additions and 0 deletions
--- a/Source/Process/AuProcessEnvironment.Unix.cpp
+++ b/Source/Process/AuProcessEnvironment.Unix.cpp
@ -14,6 +14,11 @@ namespace Aurora::Process
 {
    static AuThreadPrimitives::Mutex gEnvMutex;

+    void PosixForkResetLocks()
+    {
+        AuResetMember(gEnvMutex);
+    }
+
    AUKN_SYM AuList<AuPair<AuString, AuString>> EnvironmentGetAll()
    {
        AU_LOCK_GUARD(gEnvMutex);
--- a/Source/Processes/AuOpen.Unix.cpp
+++ b/Source/Processes/AuOpen.Unix.cpp
@ -12,6 +12,11 @@
 #include <unistd.h>
 #include <Source/IO/FS/FS.hpp>

+namespace Aurora::Process
+{
+    void PosixForkResetLocks();
+}
+
 namespace Aurora::Processes
 {
    static void UnixOpenAsyncThread(AuString uri, bool bType)
@ -60,6 +65,7 @@ namespace Aurora::Processes
            {
                setsid();

+                AuProcess::PosixForkResetLocks();
                auto optStringA = AuProcess::EnvironmentGetOne("container");
                auto optStringB = AuProcess::EnvironmentGetOne("AURORA_RUNTIME_USE_GDBUS_BIN_TO_PORTAL");
                bool bIsFireJail = optStringA && optStringA.Value() == "firejail";
--- a/Source/Processes/AuProcess.Unix.cpp
+++ b/Source/Processes/AuProcess.Unix.cpp
@ -47,6 +47,10 @@
    #include <sched.h>
 #endif

+namespace Aurora::Process
+{
+    void PosixForkResetLocks();
+}

 namespace Aurora::Processes
 {
@ -563,6 +567,8 @@ namespace Aurora::Processes

    void ProcessImpl::ForkMain()
    {
+        AuProcess::PosixForkResetLocks();
+
        {
            ::dup2(this->pipeStdIn_[0], STDIN_FILENO);
            ::close(this->pipeStdIn_[0]);