From 3015341d45d80663db6b38f238c435418dd98343 Mon Sep 17 00:00:00 2001 From: Eugene Zemtsov Date: Mon, 25 Sep 2017 17:41:16 +0000 Subject: [PATCH] Use socketpair on all Unix platforms Using TCP sockets is insecure against local attackers, and possibly against remote attackers too (some vulnerabilities may allow tricking a browser to make a request to localhost). Use socketpair (which is immune to such attacks) on all Unix platforms. Patch by Demi Marie Obenour < demiobenour@gmail.com > Differential Revision: https://reviews.llvm.org/D33213 llvm-svn: 314127 --- .../Process/gdb-remote/ProcessGDBRemote.cpp | 6 +- lldb/tools/lldb-server/lldb-gdbserver.cpp | 56 ++++++++++++++----- 2 files changed, 46 insertions(+), 16 deletions(-) diff --git a/lldb/source/Plugins/Process/gdb-remote/ProcessGDBRemote.cpp b/lldb/source/Plugins/Process/gdb-remote/ProcessGDBRemote.cpp index 383cffbaac7a..5b4c1c5747e6 100644 --- a/lldb/source/Plugins/Process/gdb-remote/ProcessGDBRemote.cpp +++ b/lldb/source/Plugins/Process/gdb-remote/ProcessGDBRemote.cpp @@ -3289,7 +3289,7 @@ ProcessGDBRemote::EstablishConnectionIfNeeded(const ProcessInfo &process_info) { } return error; } -#if defined(__APPLE__) +#if !defined(_WIN32) #define USE_SOCKETPAIR_FOR_LOCAL_CONNECTION 1 #endif @@ -3333,8 +3333,8 @@ Status ProcessGDBRemote::LaunchAndConnectToDebugserver( lldb_utility::CleanUp our_socket(-1, -1, close); lldb_utility::CleanUp gdb_socket(-1, -1, close); - // Use a socketpair on Apple for now until other platforms can verify it - // works and is fast enough + // Use a socketpair on non-Windows systems for security and performance + // reasons. { int sockets[2]; /* the pair of socket descriptors */ if (socketpair(AF_UNIX, SOCK_STREAM, 0, sockets) == -1) { diff --git a/lldb/tools/lldb-server/lldb-gdbserver.cpp b/lldb/tools/lldb-server/lldb-gdbserver.cpp index f1a9b113c8ee..3d7791b00467 100644 --- a/lldb/tools/lldb-server/lldb-gdbserver.cpp +++ b/lldb/tools/lldb-server/lldb-gdbserver.cpp @@ -106,6 +106,7 @@ static struct option g_long_options[] = { // than llgs listening for a connection from address on port. {"setsid", no_argument, NULL, 'S'}, // Call setsid() to make llgs run in its own session. + {"fd", required_argument, NULL, 'F'}, {NULL, 0, NULL, 0}}; //---------------------------------------------------------------------- @@ -132,13 +133,13 @@ static void display_usage(const char *progname, const char *subcommand) { "[--log-file log-file-name] " "[--log-channels log-channel-list] " "[--setsid] " + "[--fd file-descriptor]" "[--named-pipe named-pipe-path] " "[--native-regs] " "[--attach pid] " "[[HOST]:PORT] " "[-- PROGRAM ARG1 ARG2 ...]\n", progname, subcommand); - exit(0); } void handle_attach_to_pid(GDBRemoteCommunicationServerLLGS &gdb_server, @@ -232,10 +233,34 @@ void ConnectToRemote(MainLoop &mainloop, GDBRemoteCommunicationServerLLGS &gdb_server, bool reverse_connect, const char *const host_and_port, const char *const progname, const char *const subcommand, - const char *const named_pipe_path, int unnamed_pipe_fd) { + const char *const named_pipe_path, int unnamed_pipe_fd, + int connection_fd) { Status error; - if (host_and_port && host_and_port[0]) { + std::unique_ptr connection_up; + if (connection_fd != -1) { + // Build the connection string. + char connection_url[512]; + snprintf(connection_url, sizeof(connection_url), "fd://%d", connection_fd); + + // Create the connection. +#if !defined LLDB_DISABLE_POSIX && !defined _WIN32 + ::fcntl(connection_fd, F_SETFD, FD_CLOEXEC); +#endif + connection_up.reset(new ConnectionFileDescriptor); + auto connection_result = connection_up->Connect(connection_url, &error); + if (connection_result != eConnectionStatusSuccess) { + fprintf(stderr, "error: failed to connect to client at '%s' " + "(connection status: %d)", + connection_url, static_cast(connection_result)); + exit(-1); + } + if (error.Fail()) { + fprintf(stderr, "error: failed to connect to client at '%s': %s", + connection_url, error.AsCString()); + exit(-1); + } + } else if (host_and_port && host_and_port[0]) { // Parse out host and port. std::string final_host_and_port; std::string connection_host; @@ -255,7 +280,6 @@ void ConnectToRemote(MainLoop &mainloop, connection_portno = StringConvert::ToUInt32(connection_port.c_str(), 0); } - std::unique_ptr connection_up; if (reverse_connect) { // llgs will connect to the gdb-remote client. @@ -328,14 +352,14 @@ void ConnectToRemote(MainLoop &mainloop, } connection_up.reset(conn); } - error = gdb_server.InitializeConnection(std::move(connection_up)); - if (error.Fail()) { - fprintf(stderr, "Failed to initialize connection: %s\n", - error.AsCString()); - exit(-1); - } - printf("Connection established.\n"); } + error = gdb_server.InitializeConnection(std::move(connection_up)); + if (error.Fail()) { + fprintf(stderr, "Failed to initialize connection: %s\n", + error.AsCString()); + exit(-1); + } + printf("Connection established.\n"); } //---------------------------------------------------------------------- @@ -364,6 +388,7 @@ int main_gdbserver(int argc, char *argv[]) { log_channels; // e.g. "lldb process threads:gdb-remote default:linux all" int unnamed_pipe_fd = -1; bool reverse_connect = false; + int connection_fd = -1; // ProcessLaunchInfo launch_info; ProcessAttachInfo attach_info; @@ -413,6 +438,10 @@ int main_gdbserver(int argc, char *argv[]) { reverse_connect = true; break; + case 'F': + connection_fd = StringConvert::ToUInt32(optarg, -1); + break; + #ifndef _WIN32 case 'S': // Put llgs into a new session. Terminals group processes @@ -472,7 +501,8 @@ int main_gdbserver(int argc, char *argv[]) { argc -= optind; argv += optind; - if (argc == 0) { + if (argc == 0 && connection_fd == -1) { + fputs("No arguments\n", stderr); display_usage(progname, subcommand); exit(255); } @@ -501,7 +531,7 @@ int main_gdbserver(int argc, char *argv[]) { ConnectToRemote(mainloop, gdb_server, reverse_connect, host_and_port, progname, subcommand, named_pipe_path.c_str(), - unnamed_pipe_fd); + unnamed_pipe_fd, connection_fd); if (!gdb_server.IsConnected()) { fprintf(stderr, "no connection information provided, unable to run\n");