Merge pull request #77162 from al45tair/eng/PR-137551812

al45tair · web-flow · commit 6d2d4eb19f69 · 2024-10-23T09:18:07.000+01:00
[Backtracing] Bail out earlier for privileged binaries on macOS.
diff --git a/stdlib/public/Backtracing/modules/OS/Darwin.h b/stdlib/public/Backtracing/modules/OS/Darwin.h
@@ -135,6 +135,8 @@ extern void _dyld_process_info_for_each_segment(dyld_process_info info, uint64_t
 // .. Code Signing SPI .........................................................
 
 #define CS_OPS_STATUS 0
+#define CS_GET_TASK_ALLOW  0x00000004
+#define CS_RUNTIME         0x00010000
 #define CS_PLATFORM_BINARY 0x04000000
 #define CS_PLATFORM_PATH   0x08000000
 extern int csops(int, unsigned int, void *, size_t);
diff --git a/stdlib/public/libexec/swift-backtrace/TargetMacOS.swift b/stdlib/public/libexec/swift-backtrace/TargetMacOS.swift
@@ -129,21 +129,28 @@ class Target {
     }
   }
 
-  static func isPlatformBinary(pid: pid_t) -> Bool {
+  static func isPrivileged(pid: pid_t) -> Bool {
     var flags = UInt32(0)
 
-    return csops(pid,
-                 UInt32(CS_OPS_STATUS),
-                 &flags,
-                 MemoryLayout<UInt32>.size) != 0 ||
-      (flags & UInt32(CS_PLATFORM_BINARY | CS_PLATFORM_PATH)) != 0
+    guard csops(pid,
+                UInt32(CS_OPS_STATUS),
+                &flags,
+                MemoryLayout<UInt32>.size) == 0 else {
+      return true
+    }
+
+    if (flags & UInt32(CS_PLATFORM_BINARY | CS_PLATFORM_PATH | CS_RUNTIME)) != 0 {
+      return true
+    }
+
+    return (flags & UInt32(CS_GET_TASK_ALLOW)) == 0
   }
 
   init(crashInfoAddr: UInt64, limit: Int?, top: Int, cache: Bool,
        symbolicate: SwiftBacktrace.Symbolication) {
     pid = getppid()
 
-    if Self.isPlatformBinary(pid: pid) {
+    if Self.isPrivileged(pid: pid) {
       /* Exit silently in this case; either
 
          1. We can't call csops(), because we're sandboxed, or
diff --git a/stdlib/public/libexec/swift-backtrace/main.swift b/stdlib/public/libexec/swift-backtrace/main.swift
@@ -456,7 +456,15 @@ Generate a backtrace for the parent process.
     }
   }
 
+  static func unblockSignals() {
+    var mask = sigset_t()
+
+    sigfillset(&mask)
+    sigprocmask(SIG_UNBLOCK, &mask, nil)
+  }
+
   static func main() {
+    unblockSignals()
     parseArguments()
 
     guard let crashInfoAddr = args.crashInfo else {
diff --git a/stdlib/public/runtime/Backtrace.cpp b/stdlib/public/runtime/Backtrace.cpp
@@ -43,6 +43,17 @@
 #endif
 
 #if TARGET_OS_OSX || TARGET_OS_MACCATALYST
+#if __has_include(<sys/codesign.h>)
+#include <sys/codesign.h>
+#else
+// SPI
+#define CS_OPS_STATUS 0
+#define CS_GET_TASK_ALLOW  0x00000004
+#define CS_RUNTIME         0x00010000
+#define CS_PLATFORM_BINARY 0x04000000
+#define CS_PLATFORM_PATH   0x08000000
+extern "C" int csops(int, unsigned int, void *, size_t);
+#endif
 #include <spawn.h>
 #endif
 #include <unistd.h>
@@ -145,11 +156,6 @@ BacktraceInitializer backtraceInitializer;
 
 SWIFT_ALLOWED_RUNTIME_GLOBAL_CTOR_END
 
-#if TARGET_OS_OSX || TARGET_OS_MACCATALYST
-posix_spawnattr_t backtraceSpawnAttrs;
-posix_spawn_file_actions_t backtraceFileActions;
-#endif
-
 #if SWIFT_BACKTRACE_ON_CRASH_SUPPORTED
 
 // We need swiftBacktracePath to be aligned on a page boundary, and it also
@@ -254,7 +260,24 @@ const char *presetToString(Preset preset) {
 bool isPrivileged() {
   return getauxval(AT_SECURE);
 }
-#elif defined(__APPLE__) || defined(__FreeBSD__) || defined(__OpenBSD__)
+#elif defined(__APPLE__)
+bool isPrivileged() {
+  if (issetugid())
+    return true;
+
+  uint32_t flags = 0;
+  if (csops(getpid(),
+            CS_OPS_STATUS,
+            &flags,
+            sizeof(flags)) != 0)
+    return true;
+
+  if (flags & (CS_PLATFORM_BINARY | CS_PLATFORM_PATH | CS_RUNTIME))
+    return true;
+
+  return !(flags & CS_GET_TASK_ALLOW);
+}
+#elif defined(__FreeBSD__) || defined(__OpenBSD__)
 bool isPrivileged() {
   return issetugid();
 }
@@ -451,17 +474,6 @@ BacktraceInitializer::BacktraceInitializer() {
   }
 
   if (_swift_backtraceSettings.enabled == OnOffTty::On) {
-#if TARGET_OS_OSX || TARGET_OS_MACCATALYST
-    // Make sure that all fds are closed except for stdin/stdout/stderr.
-    posix_spawnattr_init(&backtraceSpawnAttrs);
-    posix_spawnattr_setflags(&backtraceSpawnAttrs, POSIX_SPAWN_CLOEXEC_DEFAULT);
-
-    posix_spawn_file_actions_init(&backtraceFileActions);
-    posix_spawn_file_actions_addinherit_np(&backtraceFileActions, STDIN_FILENO);
-    posix_spawn_file_actions_addinherit_np(&backtraceFileActions, STDOUT_FILENO);
-    posix_spawn_file_actions_addinherit_np(&backtraceFileActions, STDERR_FILENO);
-#endif
-
     ErrorCode err = _swift_installCrashHandler();
     if (err != 0) {
       swift::warning(0,
@@ -993,7 +1005,7 @@ _swift_spawnBacktracer(const ArgChar * const *argv)
                        const_cast<char * const *>(env));
 #else
   int ret = posix_spawn(&child, swiftBacktracePath,
-                        &backtraceFileActions, &backtraceSpawnAttrs,
+                        nullptr, nullptr,
                         const_cast<char * const *>(argv),
                         const_cast<char * const *>(env));
 #endif

Original file line number	Diff line number	Diff line change
`@@ -456,7 +456,15 @@ Generate a backtrace for the parent process.`
`456`	`456`	`}`
`457`	`457`	`}`
`458`	`458`
	`459`	`+ static func unblockSignals() {`
	`460`	`+ var mask = sigset_t()`
	`461`	`+`
	`462`	`+ sigfillset(&mask)`
	`463`	`+ sigprocmask(SIG_UNBLOCK, &mask, nil)`
	`464`	`+ }`
	`465`	`+`
`459`	`466`	`static func main() {`
	`467`	`+ unblockSignals()`
`460`	`468`	`parseArguments()`
`461`	`469`
`462`	`470`	`guard let crashInfoAddr = args.crashInfo else {`