From ada3c44cd19020225649eaf218f47cccf8007d45 Mon Sep 17 00:00:00 2001
From: Anton Lindqvist <anton@basename.se>
Date: Tue, 14 May 2019 03:14:26 +0200
Subject: sys/openbsd: prevent changing mutability flags on files (#1174)

This is especially problematic for file descriptors referring to tty/pty
devices since it can cause the SSH connection to the VM to die.

The ambition here is reduce the number of "lost connection/no output" failures
at the cost of limiting the coverage of chflags(2).
---
 sys/openbsd/init.go      | 18 ++++++++++++++++++
 sys/openbsd/init_test.go |  8 ++++++++
 2 files changed, 26 insertions(+)

(limited to 'sys')

diff --git a/sys/openbsd/init.go b/sys/openbsd/init.go
index a5dcab448..bce74fbac 100644
--- a/sys/openbsd/init.go
+++ b/sys/openbsd/init.go
@@ -59,6 +59,24 @@ func isKcovFd(dev uint64) bool {
 func (arch *arch) SanitizeCall(c *prog.Call) {
 	argStart := 1
 	switch c.Meta.CallName {
+	case "chflagsat":
+		argStart = 2
+		fallthrough
+	case "chflags", "fchflags":
+		// Prevent changing mutability flags on files. This is
+		// especially problematic for file descriptors referring to
+		// tty/pty devices since it can cause the SSH connection to the
+		// VM to die.
+		flags := c.Args[argStart].(*prog.ConstArg)
+		badflags := [...]uint64{
+			0x00000002, // UF_IMMUTABLE
+			0x00000004, // UF_APPEND
+			0x00020000, // SF_IMMUTABLE
+			0x00040000, // SF_APPEND
+		}
+		for _, f := range badflags {
+			flags.Val &= ^f
+		}
 	case "mknodat":
 		argStart = 2
 		fallthrough
diff --git a/sys/openbsd/init_test.go b/sys/openbsd/init_test.go
index f17bf2d95..bbd93d6a7 100644
--- a/sys/openbsd/init_test.go
+++ b/sys/openbsd/init_test.go
@@ -18,6 +18,14 @@ func TestSanitizeMknodCall(t *testing.T) {
 		input  string
 		output string
 	}{
+		{
+			`chflagsat(0x0, 0x0, 0x60004, 0x0)`,
+			`chflagsat(0x0, 0x0, 0x0, 0x0)`,
+		},
+		{
+			`fchflags(0x0, 0x60004)`,
+			`fchflags(0x0, 0x0)`,
+		},
 		{
 			// major=22, minor=232
 			`mknodat(0x0, 0x0, 0x0, 0x16e8)`,
-- 
cgit mrf-deployment