sys/openbsd: prevent changing mutability flags on files (#1174)

This is especially problematic for file descriptors referring to tty/pty
devices since it can cause the SSH connection to the VM to die.

The ambition here is reduce the number of "lost connection/no output" failures
at the cost of limiting the coverage of chflags(2).

2 files changed, 26 insertions, 0 deletions

diff --git a/sys/openbsd/init.go b/sys/openbsd/init.go
index a5dcab448..bce74fbac 100644
--- a/sys/openbsd/init.go
+++ b/sys/openbsd/init.go
@@ -59,6 +59,24 @@ func isKcovFd(dev uint64) bool {
 func (arch *arch) SanitizeCall(c *prog.Call) {
 	argStart := 1
 	switch c.Meta.CallName {
+	case "chflagsat":
+		argStart = 2
+		fallthrough
+	case "chflags", "fchflags":
+		// Prevent changing mutability flags on files. This is
+		// especially problematic for file descriptors referring to
+		// tty/pty devices since it can cause the SSH connection to the
+		// VM to die.
+		flags := c.Args[argStart].(*prog.ConstArg)
+		badflags := [...]uint64{
+			0x00000002, // UF_IMMUTABLE
+			0x00000004, // UF_APPEND
+			0x00020000, // SF_IMMUTABLE
+			0x00040000, // SF_APPEND
+		}
+		for _, f := range badflags {
+			flags.Val &= ^f
+		}
 	case "mknodat":
 		argStart = 2
 		fallthrough
diff --git a/sys/openbsd/init_test.go b/sys/openbsd/init_test.go
index f17bf2d95..bbd93d6a7 100644
--- a/sys/openbsd/init_test.go
+++ b/sys/openbsd/init_test.go
@@ -19,6 +19,14 @@ func TestSanitizeMknodCall(t *testing.T) {
 		output string
 	}{
 		{
+			`chflagsat(0x0, 0x0, 0x60004, 0x0)`,
+			`chflagsat(0x0, 0x0, 0x0, 0x0)`,
+		},
+		{
+			`fchflags(0x0, 0x60004)`,
+			`fchflags(0x0, 0x0)`,
+		},
+		{
 			// major=22, minor=232
 			`mknodat(0x0, 0x0, 0x0, 0x16e8)`,
 			`mknodat(0x0, 0x0, 0x0, 0x202)`,