From 5c63b463b87d3c06102a4a7f05f395929d9ea79b Mon Sep 17 00:00:00 2001 From: DJ Delorie Date: Wed, 2 Dec 2020 16:14:27 -0500 Subject: Use memfd_create() (#604) memfd_create creates a file in a memory-only filesystem that may bypass strict security protocols in filesystem-based temporary files. diff -rup a/configure.ac b/configure.ac --- a/configure.ac 2014-05-11 09:57:49.000000000 -0400 +++ b/configure.ac 2021-11-03 17:41:31.935391831 -0400 @@ -63,6 +63,9 @@ EOF AM_MAINTAINER_MODE +AC_CHECK_HEADERS(sys/memfd.h) +AC_CHECK_FUNCS([memfd_create]) + AC_CHECK_HEADERS(sys/mman.h) AC_CHECK_FUNCS(mmap) AC_FUNC_MMAP_BLACKLIST diff -rup a/configure b/configure --- a/configure 2014-05-19 09:44:03.000000000 -0400 +++ b/configure 2021-11-18 17:29:45.484951520 -0500 @@ -16976,6 +16976,30 @@ fi +for ac_header in sys/memfd.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "sys/memfd.h" "ac_cv_header_sys_memfd_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_memfd_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_SYS_MEMFD_H 1 +_ACEOF + +fi + +done + +for ac_func in memfd_create +do : + ac_fn_c_check_func "$LINENO" "memfd_create" "ac_cv_func_memfd_create" +if test "x$ac_cv_func_memfd_create" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_MEMFD_CREATE 1 +_ACEOF + +fi +done + + for ac_header in sys/mman.h do : ac_fn_c_check_header_mongrel "$LINENO" "sys/mman.h" "ac_cv_header_sys_mman_h" "$ac_includes_default" diff -rup a/fficonfig.h.in b/fficonfig.h.in --- a/fficonfig.h.in 2014-05-19 09:44:04.000000000 -0400 +++ b/fficonfig.h.in 2021-11-18 17:45:39.000000000 -0500 @@ -79,6 +79,9 @@ /* Define to 1 if you have the `memcpy' function. */ #undef HAVE_MEMCPY +/* Define to 1 if you have the `memfd_create' function. */ +#undef HAVE_MEMFD_CREATE + /* Define to 1 if you have the header file. */ #undef HAVE_MEMORY_H @@ -109,6 +112,9 @@ /* Define to 1 if you have the header file. */ #undef HAVE_STRING_H +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_MEMFD_H + /* Define to 1 if you have the header file. */ #undef HAVE_SYS_MMAN_H diff -rup a/src/closures.c b/src/closures.c --- a/src/closures.c 2021-11-03 17:37:37.841416436 -0400 +++ b/src/closures.c 2021-11-03 17:43:19.027498783 -0400 @@ -117,6 +117,9 @@ #endif /* HAVE_MNTENT */ #include #include +#ifdef HAVE_SYS_MEMFD_H +#include +#endif /* We don't want sys/mman.h to be included after we redefine mmap and dlmunmap. */ @@ -263,6 +266,17 @@ static int execfd = -1; /* The amount of space already allocated from the temporary file. */ static size_t execsize = 0; +#ifdef HAVE_MEMFD_CREATE +/* Open a temporary file name, and immediately unlink it. */ +static int +open_temp_exec_file_memfd (const char *name) +{ + int fd; + fd = memfd_create (name, MFD_CLOEXEC); + return fd; +} +#endif + /* Open a temporary file name, and immediately unlink it. */ static int open_temp_exec_file_name (char *name, int flags) @@ -382,6 +396,9 @@ static struct const char *arg; int repeat; } open_temp_exec_file_opts[] = { +#ifdef HAVE_MEMFD_CREATE + { open_temp_exec_file_memfd, "libffi", 0 }, +#endif { open_temp_exec_file_env, "LIBFFI_TMPDIR", 0 }, { open_temp_exec_file_env, "TMPDIR", 0 }, { open_temp_exec_file_dir, "/tmp", 0 },