providers/darwin - kern.procargs2 guard against runtime panic #172
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
andrewkroh
force-pushed
the
bugfix/darwin-procargs-panic
branch
from
4cb446c
to
8ca8557
Compare
💚 Build Succeeded
Expand to view the summary
Build stats
Test stats 🧪
|
andrewkroh
force-pushed
the
bugfix/darwin-procargs-panic
branch
from
8ca8557
to
08b8b28
Compare
andrewkroh
force-pushed
the
bugfix/darwin-procargs-panic
branch
from
08b8b28
to
b814412
Compare
Prior to this change kern_procargs iterated over the data based on the argc value without checking if the underlying slice held enough args. To prevent a runtime error this adds a check to verify there is more data before trying to index another argument. Add a fuzz test to check for panics in the parsing code for kern.procargs2.
andrewkroh
force-pushed
the
bugfix/darwin-procargs-panic
branch
from
93207e8
to
fa26e88
Compare
|
/test |
efd6
reviewed
May 17, 2023
One change in external behavior is that instead of returning io.EOF it now returns errInvalidProcargs2Data.
|
Failure looks to be unrelated (the second TLS timeout I've seen today). |
|
/test |
efd6
reviewed
May 18, 2023
|
/test |
efd6
approved these changes
May 18, 2023
jaysoffian
pushed a commit
to jaysoffian/pam-ysshca
that referenced
this pull request
Aug 31, 2023
Use raw syscalls to retrieve the command line under Darwin, since macOS does not provide a `/proc` filesystem. The code to do this is from https://github.com/elastic/go-sysinfo which can be sanity checked against: https://github.com/apple-oss-distributions/adv_cmds/blob/adv_cmds-205/ps/print.c#L115 I've verified with these changes that `pam_sshca.so` works as expected under macOS 13 (Ventura) on an arm64 host. Issues: 1. The Linux `pam.d/sudo` configuration line: "auth [success=done default=die] pam_sshca.so" Does not work on Darwin. Instead use one of the following: "auth requisite /path/to/pam_sshca.so" Or: "auth required /path/to/pam_sshca.so" Neither is identical to "[success=done default=die]" whose semantics are impossible under Darwin. See the `pam.conf` man pages on Linux and macOS for details. 2. The "log/syslog" module does not work under macOS >= 12 (Monterey). Log messages are silently dropped: golang/go#59229 3. The `kern.procargs2` syscall returns incorrect data under macOS 10.15 (Catalina) due to a bug in that OS version. The code won't panic under that OS version but it won't return a command line: - elastic/go-sysinfo#172 - elastic/go-sysinfo#173
jaysoffian
pushed a commit
to jaysoffian/pam-ysshca
that referenced
this pull request
Aug 31, 2023
Use raw syscalls to retrieve the command line under Darwin, since macOS does not provide a `/proc` filesystem. The code to do this is from https://github.com/elastic/go-sysinfo which can be sanity checked against: https://github.com/apple-oss-distributions/adv_cmds/blob/adv_cmds-205/ps/print.c#L115 I've verified with these changes that `pam_sshca.so` works as expected under macOS 13 (Ventura) on an arm64 host. Issues: 1. The Linux `pam.d/sudo` configuration line: "auth [success=done default=die] pam_sshca.so" Does not work on Darwin. Instead use one of the following: "auth requisite /path/to/pam_sshca.so" Or: "auth required /path/to/pam_sshca.so" Neither is identical to `[success=done default=die]` whose semantics are impossible under Darwin. See the `pam.conf` man pages on Linux and macOS for details. 2. The `log/syslog` module does not work under macOS >= 12 (Monterey). Log messages are silently dropped: golang/go#59229 3. The `kern.procargs2` syscall returns incorrect data under macOS 10.15 (Catalina) due to a bug in that OS version. The code won't panic under that OS version but it won't return a command line: elastic/go-sysinfo#172
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Prior to this change kern_procargs iterated over the data based
on the argc value without checking if the underlying slice held
enough args.
To prevent a runtime error this adds a check to verify there is more
data before trying to index another argument.
Add a fuzz test to check for panics in the parsing code for kern.procargs2.
Relates #173