posix_spawn(3): add POSIX_SPAWN_DISABLE_ASLR_NP

similar to Apple _POSIX_SPAWN_DISABLE_ASLR Reviewed by: emaste, kevans Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D44195
2024-07-01 07:55:03 +00:00 · 2024-03-03 15:30:04 +02:00 · 2024-03-03 15:30:04 +02:00 · 822042fdfc
commit 822042fdfc
parent 80ac36c3a2
2 changed files with 12 additions and 2 deletions
--- a/include/spawn.h
+++ b/include/spawn.h
@ -59,6 +59,7 @@ typedef struct __posix_spawn_file_actions	*posix_spawn_file_actions_t;
 #define POSIX_SPAWN_SETSCHEDULER	0x08
 #define POSIX_SPAWN_SETSIGDEF		0x10
 #define POSIX_SPAWN_SETSIGMASK		0x20
+#define	POSIX_SPAWN_DISABLE_ASLR_NP	0x40

 __BEGIN_DECLS
 /*
--- a/lib/libc/gen/posix_spawn.c
+++ b/lib/libc/gen/posix_spawn.c
@ -28,6 +28,7 @@

 #include "namespace.h"
 #include <sys/param.h>
+#include <sys/procctl.h>
 #include <sys/queue.h>
 #include <sys/wait.h>

@ -91,7 +92,7 @@ static int
 process_spawnattr(const posix_spawnattr_t sa)
 {
 	struct sigaction sigact = { .sa_flags = 0, .sa_handler = SIG_DFL };
-	int i;
+	int aslr, i;

 	/*
 	 * POSIX doesn't really describe in which order everything
@ -139,6 +140,13 @@ process_spawnattr(const posix_spawnattr_t sa)
 		}
 	}

+	/* Disable ASLR. */
+	if ((sa->sa_flags & POSIX_SPAWN_DISABLE_ASLR_NP) != 0) {
+		aslr = PROC_ASLR_FORCE_DISABLE;
+		if (procctl(P_PID, 0, PROC_ASLR_CTL, &aslr) != 0)
+			return (errno);
+	}
+
 	return (0);
 }

@ -631,7 +639,8 @@ posix_spawnattr_setflags(posix_spawnattr_t *sa, short flags)
 {
 	if ((flags & ~(POSIX_SPAWN_RESETIDS | POSIX_SPAWN_SETPGROUP |
 	    POSIX_SPAWN_SETSCHEDPARAM | POSIX_SPAWN_SETSCHEDULER |
-	    POSIX_SPAWN_SETSIGDEF | POSIX_SPAWN_SETSIGMASK)) != 0)
+	    POSIX_SPAWN_SETSIGDEF | POSIX_SPAWN_SETSIGMASK |
+	    POSIX_SPAWN_DISABLE_ASLR_NP)) != 0)
 		return (EINVAL);
 	(*sa)->sa_flags = flags;
 	return (0);