aboutsummaryrefslogtreecommitdiffstats
path: root/pkg/csource/generated.go
diff options
context:
space:
mode:
Diffstat (limited to 'pkg/csource/generated.go')
-rw-r--r--pkg/csource/generated.go70
1 files changed, 70 insertions, 0 deletions
diff --git a/pkg/csource/generated.go b/pkg/csource/generated.go
index 0c3ecb4e8..73b050355 100644
--- a/pkg/csource/generated.go
+++ b/pkg/csource/generated.go
@@ -636,10 +636,38 @@ static long syz_extract_tcp_res(long a0, long a1, long a2)
#endif
#endif
+#if SYZ_EXECUTOR || SYZ_SANDBOX_SETUID || SYZ_SANDBOX_NONE
+
+#include <sys/resource.h>
+#include <unistd.h>
+
+static void sandbox_common()
+{
+ if (setsid() == -1)
+ fail("setsid failed");
+ struct rlimit rlim;
+#ifndef GOOS_openbsd
+ rlim.rlim_cur = rlim.rlim_max = 128 << 20;
+ setrlimit(RLIMIT_AS, &rlim);
+#endif
+ rlim.rlim_cur = rlim.rlim_max = 8 << 20;
+ setrlimit(RLIMIT_MEMLOCK, &rlim);
+ rlim.rlim_cur = rlim.rlim_max = 1 << 20;
+ setrlimit(RLIMIT_FSIZE, &rlim);
+ rlim.rlim_cur = rlim.rlim_max = 1 << 20;
+ setrlimit(RLIMIT_STACK, &rlim);
+ rlim.rlim_cur = rlim.rlim_max = 0;
+ setrlimit(RLIMIT_CORE, &rlim);
+ rlim.rlim_cur = rlim.rlim_max = 256;
+ setrlimit(RLIMIT_NOFILE, &rlim);
+}
+#endif
+
#if SYZ_EXECUTOR || SYZ_SANDBOX_NONE
static void loop();
static int do_sandbox_none(void)
{
+ sandbox_common();
#if (GOOS_freebsd || GOOS_openbsd) && (SYZ_EXECUTOR || SYZ_TUN_ENABLE)
initialize_tun(procid);
#endif
@@ -648,6 +676,48 @@ static int do_sandbox_none(void)
}
#endif
+#if SYZ_EXECUTOR || SYZ_SANDBOX_SETUID
+
+#include <sys/resource.h>
+#include <sys/wait.h>
+#include <unistd.h>
+
+static int wait_for_loop(int pid)
+{
+ if (pid < 0)
+ fail("sandbox fork failed");
+ debug("spawned loop pid %d\n", pid);
+ int status = 0;
+ while (waitpid(-1, &status, WUNTRACED) != pid) {
+ }
+ return WEXITSTATUS(status);
+}
+
+#define SYZ_HAVE_SANDBOX_SETUID 1
+static int do_sandbox_setuid(void)
+{
+ int pid = fork();
+ if (pid != 0)
+ return wait_for_loop(pid);
+
+ sandbox_common();
+#if (GOOS_freebsd || GOOS_openbsd) && (SYZ_EXECUTOR || SYZ_TUN_ENABLE)
+ initialize_tun(procid);
+#endif
+
+ const int nobody = 65534;
+ if (setgroups(0, NULL))
+ fail("failed to setgroups");
+ if (setresgid(nobody, nobody, nobody))
+ fail("failed to setresgid");
+ if (setresuid(nobody, nobody, nobody))
+ fail("failed to setresuid");
+
+ loop();
+ doexit(1);
+}
+#endif
+
#elif GOOS_fuchsia
#include <fcntl.h>
generated by ggit (джигит) mrf-deployment (git 2.46.0) at 2026-03-12 01:08:18 +0000