Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Backtracing] Bail out earlier for privileged binaries on macOS. #77181

Open
wants to merge 1 commit into
base: release/6.0
Choose a base branch
from
Open

[Backtracing] Bail out earlier for privileged binaries on macOS. #77181

wants to merge 1 commit into from
+53 −24

Conversation

al45tair
Copy link
Contributor

Also remove the code that deals with file descriptors; we will now only start the backtracer for processes that have the get-task-allow entitlement, which means that they've been specifically signed for debugging, and that means that it is no longer critical to ensure that unexpectedly inherited fds are closed.

rdar://137551812

@al45tair al45tair added 🍒 release cherry pick Flag: Release branch cherry picks swift 6.0 labels Oct 23, 2024
@al45tair al45tair requested a review from a team as a code owner October 23, 2024 08:22
@al45tair
Copy link
Contributor Author

@swift-ci Please test

@al45tair
Copy link
Contributor Author

al45tair commented Oct 23, 2024
edited
Loading

Explanation: This is a belt & braces improvement for the backtracer's security; instead of relying on the swift-backtrace process to check for some of the privileged types of program, we check up front in the runtime. We weren't doing this originally because I was concerned about calling csops from a potentially arbitrary sandbox, but I've been assured that that should be OK, and by checking up front for get-task-allow, we can also be more relaxed about closing file descriptors (since the process is already marked as suitable for debugging, so it's easy to get hold of its fds anyway).
Risk: Low. This just improves the checks that we do to make things even more secure.
Original PR: #77162 + #77188 + #77200
Reviewed by: @mikeash
Resolves: rdar://137551812
Tests: The backtracer's tests exercise this code.

@al45tair
Copy link
Contributor Author

@swift-ci Please test

@al45tair
[Backtracing] Bail out earlier for privileged binaries on macOS.
8a6d723 
Also remove the code that deals with file descriptors; we will now
only start the backtracer for processes that have the get-task-allow
entitlement, which means that they've been specifically signed for
debugging, and *that* means that it is no longer critical to ensure
that unexpectedly inherited fds are closed.

rdar://137551812
@al45tair
Copy link
Contributor Author

@swift-ci Please test

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
🍒 release cherry pick Flag: Release branch cherry picks swift 6.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@al45tair