1 files changed, 82 insertions, 0 deletions
diff --git a/src/security_util.cpp b/src/security_util.cpp
new file mode 100644
index 0000000..33728fc
--- /dev/null
+++ b/src/security_util.cpp
@@ -0,0 +1,82 @@
+//SPDX-License-Identifier: GPL-3.0
+#include <libqalculate/Function.h>
+#include <libqalculate/Variable.h>
+#include <security_util.h>
+#ifdef UID
+#include <grp.h>
+#include <cap-ng.h>
+#else
+#warning "Not doing setuid/setgid, do not use in production!"
+#endif
+#ifdef SECCOMP
+#include <seccomp.h>
+#else
+#warning "Not doing seccomp, do not use in production!"
+#endif
+void do_setuid() {
+#ifdef UID
+if (setgroups(0, {})) {
+        perror("couldn't remove groups");
+        abort();
+}
+if (setresgid(UID, UID, UID)) {
+        perror("couldn't set gid");
+        abort();
+}
+if (setresuid(UID, UID, UID)) {
+        perror("couldn't set uid");
+        abort();
+}
+capng_clear(CAPNG_SELECT_BOTH);
+if (capng_update(CAPNG_DROP, (capng_type_t)(CAPNG_EFFECTIVE | CAPNG_PERMITTED), CAP_SETGID)) {
+        printf("couldn't drop caps: can't select\n");
+        abort();
+}
+int err = capng_apply(CAPNG_SELECT_BOTH);
+if (err) {
+        printf("couldn't drop caps: %d\n", err);
+        abort();
+}
+#endif
+}
+void do_defang_calculator(Calculator *calc) {
+        calc->getActiveFunction("command")->destroy(); // rce
+#ifdef HAS_PLOT
+        calc->getActiveFunction("plot")->destroy(); // wouldn't work
+#endif
+        calc->getActiveVariable("uptime")->destroy(); // information leakage
+}
+void do_seccomp() {
+#ifdef SECCOMP
+scmp_filter_ctx ctx;
+ctx = seccomp_init(SCMP_ACT_KILL);
+/*   0 */ seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 0);
+/*   1 */ seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(write), 0);
+/*   9 */ seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(mmap), 0);
+/*  10 */ seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(mprotect), 0);
+/*  11 */ seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(munmap), 0);
+/*  13 */ seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(rt_sigaction), 0);
+/*  14 */ seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(rt_sigprocmask), 0);
+/*  24 */ seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(sched_yield), 0);
+/* 230 */ seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(clock_nanosleep), 0);
+/* 231 */ seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(exit_group), 0);
+/* 262 */ seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(newfstatat), 0);
+/* 273 */ seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(set_robust_list), 0);
+/* 334 */ seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(rseq), 0);
+/* 435 */ seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(clone3), 0);
+int err = seccomp_load(ctx);
+if (err) {
+        printf("couldn't seccomp: %d\n", err);
+        abort();
+}
+#endif
+}

diff --git a/src/security_util.cpp b/src/security_util.cpp new file mode 100644 index 0000000..33728fc --- /dev/null +++ b/src/security_util.cpp
@@ -0,0 +1,82 @@
	1	//SPDX-License-Identifier: GPL-3.0
	2
	3	#include <libqalculate/Function.h>
	4	#include <libqalculate/Variable.h>
	5	#include <security_util.h>
	6
	7	#ifdef UID
	8	#include <grp.h>
	9	#include <cap-ng.h>
	10	#else
	11	#warning "Not doing setuid/setgid, do not use in production!"
	12	#endif
	13
	14	#ifdef SECCOMP
	15	#include <seccomp.h>
	16	#else
	17	#warning "Not doing seccomp, do not use in production!"
	18	#endif
	19
	20	void do_setuid() {
	21	#ifdef UID
	22	if (setgroups(0, {})) {
	23	perror("couldn't remove groups");
	24	abort();
	25	}
	26
	27	if (setresgid(UID, UID, UID)) {
	28	perror("couldn't set gid");
	29	abort();
	30	}
	31
	32	if (setresuid(UID, UID, UID)) {
	33	perror("couldn't set uid");
	34	abort();
	35	}
	36
	37	capng_clear(CAPNG_SELECT_BOTH);
	38	if (capng_update(CAPNG_DROP, (capng_type_t)(CAPNG_EFFECTIVE \| CAPNG_PERMITTED), CAP_SETGID)) {
	39	printf("couldn't drop caps: can't select\n");
	40	abort();
	41	}
	42	int err = capng_apply(CAPNG_SELECT_BOTH);
	43	if (err) {
	44	printf("couldn't drop caps: %d\n", err);
	45	abort();
	46	}
	47	#endif
	48	}
	49
	50	void do_defang_calculator(Calculator *calc) {
	51	calc->getActiveFunction("command")->destroy(); // rce
	52	#ifdef HAS_PLOT
	53	calc->getActiveFunction("plot")->destroy(); // wouldn't work
	54	#endif
	55	calc->getActiveVariable("uptime")->destroy(); // information leakage
	56	}
	57
	58	void do_seccomp() {
	59	#ifdef SECCOMP
	60	scmp_filter_ctx ctx;
	61	ctx = seccomp_init(SCMP_ACT_KILL);
	62	/* 0 */ seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 0);
	63	/* 1 */ seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(write), 0);
	64	/* 9 */ seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(mmap), 0);
	65	/* 10 */ seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(mprotect), 0);
	66	/* 11 */ seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(munmap), 0);
	67	/* 13 */ seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(rt_sigaction), 0);
	68	/* 14 */ seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(rt_sigprocmask), 0);
	69	/* 24 */ seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(sched_yield), 0);
	70	/* 230 */ seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(clock_nanosleep), 0);
	71	/* 231 */ seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(exit_group), 0);
	72	/* 262 */ seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(newfstatat), 0);
	73	/* 273 */ seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(set_robust_list), 0);
	74	/* 334 */ seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(rseq), 0);
	75	/* 435 */ seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(clone3), 0);
	76	int err = seccomp_load(ctx);
	77	if (err) {
	78	printf("couldn't seccomp: %d\n", err);
	79	abort();
	80	}
	81	#endif
	82	}