From 5c63b463b87d3c06102a4a7f05f395929d9ea79b Mon Sep 17 00:00:00 2001

From: DJ Delorie <dj@delorie.com>

Date: Wed, 2 Dec 2020 16:14:27 -0500

Subject: Use memfd_create() (#604)

memfd_create creates a file in a memory-only filesystem that may

bypass strict security protocols in filesystem-based temporary

files.

diff -rup a/configure.ac b/configure.ac

--- a/configure.ac	2014-05-11 09:57:49.000000000 -0400

+++ b/configure.ac	2021-11-03 17:41:31.935391831 -0400

@@ -63,6 +63,9 @@ EOF

 AM_MAINTAINER_MODE

+AC_CHECK_HEADERS(sys/memfd.h)

+AC_CHECK_FUNCS([memfd_create])

+

 AC_CHECK_HEADERS(sys/mman.h)

 AC_CHECK_FUNCS(mmap)

 AC_FUNC_MMAP_BLACKLIST

diff -rup a/configure b/configure

--- a/configure	2014-05-19 09:44:03.000000000 -0400

+++ b/configure	2021-11-18 17:29:45.484951520 -0500

@@ -16976,6 +16976,30 @@ fi

+for ac_header in sys/memfd.h

+do :

+  ac_fn_c_check_header_mongrel "$LINENO" "sys/memfd.h" "ac_cv_header_sys_memfd_h" "$ac_includes_default"

+if test "x$ac_cv_header_sys_memfd_h" = xyes; then :

+  cat >>confdefs.h <<_ACEOF

+#define HAVE_SYS_MEMFD_H 1

+_ACEOF

+

+fi

+

+done

+

+for ac_func in memfd_create

+do :

+  ac_fn_c_check_func "$LINENO" "memfd_create" "ac_cv_func_memfd_create"

+if test "x$ac_cv_func_memfd_create" = xyes; then :

+  cat >>confdefs.h <<_ACEOF

+#define HAVE_MEMFD_CREATE 1

+_ACEOF

+

+fi

+done

+

+

 for ac_header in sys/mman.h

 do :

   ac_fn_c_check_header_mongrel "$LINENO" "sys/mman.h" "ac_cv_header_sys_mman_h" "$ac_includes_default"

diff -rup a/fficonfig.h.in b/fficonfig.h.in

--- a/fficonfig.h.in	2014-05-19 09:44:04.000000000 -0400

+++ b/fficonfig.h.in	2021-11-18 17:45:39.000000000 -0500

@@ -79,6 +79,9 @@

 /* Define to 1 if you have the `memcpy' function. */

 #undef HAVE_MEMCPY

+/* Define to 1 if you have the `memfd_create' function. */

+#undef HAVE_MEMFD_CREATE

+

 /* Define to 1 if you have the <memory.h> header file. */

 #undef HAVE_MEMORY_H

@@ -109,6 +112,9 @@

 /* Define to 1 if you have the <string.h> header file. */

 #undef HAVE_STRING_H

+/* Define to 1 if you have the <sys/memfd.h> header file. */

+#undef HAVE_SYS_MEMFD_H

+

 /* Define to 1 if you have the <sys/mman.h> header file. */

 #undef HAVE_SYS_MMAN_H

diff -rup a/src/closures.c b/src/closures.c

--- a/src/closures.c	2021-11-03 17:37:37.841416436 -0400

+++ b/src/closures.c	2021-11-03 17:43:19.027498783 -0400

@@ -117,6 +117,9 @@

 #endif /* HAVE_MNTENT */

 #include <sys/param.h>

 #include <pthread.h>

+#ifdef  HAVE_SYS_MEMFD_H

+#include <sys/memfd.h>

+#endif

 /* We don't want sys/mman.h to be included after we redefine mmap and

    dlmunmap.  */

@@ -263,6 +266,17 @@ static int execfd = -1;

 /* The amount of space already allocated from the temporary file.  */

 static size_t execsize = 0;

+#ifdef HAVE_MEMFD_CREATE

+/* Open a temporary file name, and immediately unlink it.  */

+static int

+open_temp_exec_file_memfd (const char *name)

+{

+  int fd;

+  fd = memfd_create (name, MFD_CLOEXEC);

+  return fd;

+}

+#endif

+

 /* Open a temporary file name, and immediately unlink it.  */

 static int

 open_temp_exec_file_name (char *name, int flags)

@@ -382,6 +396,9 @@ static struct

   const char *arg;

   int repeat;

 } open_temp_exec_file_opts[] = {

+#ifdef HAVE_MEMFD_CREATE

+  { open_temp_exec_file_memfd, "libffi", 0 },

+#endif

   { open_temp_exec_file_env, "LIBFFI_TMPDIR", 0 },

   { open_temp_exec_file_env, "TMPDIR", 0 },

   { open_temp_exec_file_dir, "/tmp", 0 },