From ada3c44cd19020225649eaf218f47cccf8007d45 Mon Sep 17 00:00:00 2001
From: Anton Lindqvist <anton@basename.se>
Date: Tue, 14 May 2019 03:14:26 +0200
Subject: sys/openbsd: prevent changing mutability flags on files (#1174)

This is especially problematic for file descriptors referring to tty/pty
devices since it can cause the SSH connection to the VM to die.

The ambition here is reduce the number of "lost connection/no output" failures
at the cost of limiting the coverage of chflags(2).
---
 sys/openbsd/init.go | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

(limited to 'sys/openbsd/init.go')

diff --git a/sys/openbsd/init.go b/sys/openbsd/init.go
index a5dcab448..bce74fbac 100644
--- a/sys/openbsd/init.go
+++ b/sys/openbsd/init.go
@@ -59,6 +59,24 @@ func isKcovFd(dev uint64) bool {
 func (arch *arch) SanitizeCall(c *prog.Call) {
 	argStart := 1
 	switch c.Meta.CallName {
+	case "chflagsat":
+		argStart = 2
+		fallthrough
+	case "chflags", "fchflags":
+		// Prevent changing mutability flags on files. This is
+		// especially problematic for file descriptors referring to
+		// tty/pty devices since it can cause the SSH connection to the
+		// VM to die.
+		flags := c.Args[argStart].(*prog.ConstArg)
+		badflags := [...]uint64{
+			0x00000002, // UF_IMMUTABLE
+			0x00000004, // UF_APPEND
+			0x00020000, // SF_IMMUTABLE
+			0x00040000, // SF_APPEND
+		}
+		for _, f := range badflags {
+			flags.Val &= ^f
+		}
 	case "mknodat":
 		argStart = 2
 		fallthrough
-- 
cgit mrf-deployment