git: 822042fdfca7 - main - posix_spawn(3): add POSIX_SPAWN_DISABLE_ASLR_NP

From: Konstantin Belousov <kib_at_FreeBSD.org>
Date: Mon, 04 Mar 2024 01:00:46 UTC
The branch main has been updated by kib:

URL: https://cgit.FreeBSD.org/src/commit/?id=822042fdfca79faada89e67110b01dd9ecc05996

commit 822042fdfca79faada89e67110b01dd9ecc05996
Author:     Konstantin Belousov <kib@FreeBSD.org>
AuthorDate: 2024-03-03 13:30:04 +0000
Commit:     Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2024-03-04 01:00:38 +0000

    posix_spawn(3): add POSIX_SPAWN_DISABLE_ASLR_NP
    
    similar to Apple _POSIX_SPAWN_DISABLE_ASLR
    
    Reviewed by:    emaste, kevans
    Sponsored by:   The FreeBSD Foundation
    MFC after:      1 week
    Differential revision:  https://reviews.freebsd.org/D44195
---
 include/spawn.h            |  1 +
 lib/libc/gen/posix_spawn.c | 13 +++++++++++--
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/include/spawn.h b/include/spawn.h
index 9643fcda5c13..a93315930954 100644
--- a/include/spawn.h
+++ b/include/spawn.h
@@ -59,6 +59,7 @@ typedef struct __posix_spawn_file_actions	*posix_spawn_file_actions_t;
 #define POSIX_SPAWN_SETSCHEDULER	0x08
 #define POSIX_SPAWN_SETSIGDEF		0x10
 #define POSIX_SPAWN_SETSIGMASK		0x20
+#define	POSIX_SPAWN_DISABLE_ASLR_NP	0x40
 
 __BEGIN_DECLS
 /*
diff --git a/lib/libc/gen/posix_spawn.c b/lib/libc/gen/posix_spawn.c
index 41e059cf437b..4726416f1d02 100644
--- a/lib/libc/gen/posix_spawn.c
+++ b/lib/libc/gen/posix_spawn.c
@@ -28,6 +28,7 @@
 
 #include "namespace.h"
 #include <sys/param.h>
+#include <sys/procctl.h>
 #include <sys/queue.h>
 #include <sys/wait.h>
 
@@ -91,7 +92,7 @@ static int
 process_spawnattr(const posix_spawnattr_t sa)
 {
 	struct sigaction sigact = { .sa_flags = 0, .sa_handler = SIG_DFL };
-	int i;
+	int aslr, i;
 
 	/*
 	 * POSIX doesn't really describe in which order everything
@@ -139,6 +140,13 @@ process_spawnattr(const posix_spawnattr_t sa)
 		}
 	}
 
+	/* Disable ASLR. */
+	if ((sa->sa_flags & POSIX_SPAWN_DISABLE_ASLR_NP) != 0) {
+		aslr = PROC_ASLR_FORCE_DISABLE;
+		if (procctl(P_PID, 0, PROC_ASLR_CTL, &aslr) != 0)
+			return (errno);
+	}
+
 	return (0);
 }
 
@@ -631,7 +639,8 @@ posix_spawnattr_setflags(posix_spawnattr_t *sa, short flags)
 {
 	if ((flags & ~(POSIX_SPAWN_RESETIDS | POSIX_SPAWN_SETPGROUP |
 	    POSIX_SPAWN_SETSCHEDPARAM | POSIX_SPAWN_SETSCHEDULER |
-	    POSIX_SPAWN_SETSIGDEF | POSIX_SPAWN_SETSIGMASK)) != 0)
+	    POSIX_SPAWN_SETSIGDEF | POSIX_SPAWN_SETSIGMASK |
+	    POSIX_SPAWN_DISABLE_ASLR_NP)) != 0)
 		return (EINVAL);
 	(*sa)->sa_flags = flags;
 	return (0);