diff --git a/Src/Hyperion-bash/bin/sudo b/Src/Hyperion-bash/bin/sudo index b0ad7fb..a843cba 100644 --- a/Src/Hyperion-bash/bin/sudo +++ b/Src/Hyperion-bash/bin/sudo @@ -31,7 +31,7 @@ for j = i + 1, #cmdArgs do restArgs[#restArgs + 1] = cmdArgs[j] end local currentUid = syscall.getuid() local currentUser = syscall.getUsername(currentUid) or tostring(currentUid) -local targetUid = syscall.getuid(targetUser) +local targetUid = syscall.getuidbyname(targetUser) if not targetUid then print("sudo: user '" .. targetUser .. "' does not exist") syscall.exit(1) @@ -39,7 +39,7 @@ if not targetUid then end if currentUid ~= 0 then - printInline("[sudo] password for " .. currentUser .. ": ") + printInline("[sudo] password for root: ") local pw = "" while true do local ch = syscall.read(0) @@ -55,7 +55,7 @@ if currentUid ~= 0 then end end - local ok, err = syscall.elevate(currentUser, pw) + local ok, err = syscall.elevate("root", pw) if not ok then sleep(1) print("sudo: Authentication failure") @@ -63,7 +63,7 @@ if currentUid ~= 0 then return end - if targetUid ~= 0 then + if targetUid ~= currentUid then syscall.setuid(targetUid) end else diff --git a/Src/Hyperion-firmware-cct/lib/modules/CC-Tweaked/25_tty.kmod b/Src/Hyperion-firmware-cct/lib/modules/CC-Tweaked/25_tty.kmod index 560612a..9c5e168 100644 --- a/Src/Hyperion-firmware-cct/lib/modules/CC-Tweaked/25_tty.kmod +++ b/Src/Hyperion-firmware-cct/lib/modules/CC-Tweaked/25_tty.kmod @@ -37,7 +37,7 @@ function peripheral.isPresent(name) end function peripheral.getType(peripheral) - if type(peripheral) == "string" then -- Peripheral name passed + if type(peripheral) == "string" then if native.isPresent(peripheral) then return native.getType(peripheral) end @@ -58,7 +58,7 @@ function peripheral.getType(peripheral) end function peripheral.hasType(peripheral, peripheral_type) - if type(peripheral) == "string" then -- Peripheral name passed + if type(peripheral) == "string" then if native.isPresent(peripheral) then return native.hasType(peripheral, peripheral_type) end diff --git a/Src/Hyperion-kernel/lib/modules/Hyperion/10_vfs.kmod b/Src/Hyperion-kernel/lib/modules/Hyperion/10_vfs.kmod index d984820..980f53f 100644 --- a/Src/Hyperion-kernel/lib/modules/Hyperion/10_vfs.kmod +++ b/Src/Hyperion-kernel/lib/modules/Hyperion/10_vfs.kmod @@ -5,14 +5,14 @@ kernel.vfs = vfs vfs.mounts = {["$"] = "/"} vfs.disks = kernel.disks --- Metafile format (version 1) --- File header: 1 byte = version (0x01) +-- Metafile format (version 2) +-- File header: 1 byte = version (0x02) -- Per-entry: -- 1 byte = name length -- N bytes = name -- 1 byte = entry type (0x00 = regular, 0x01 = symlink) --- 1 byte = owner uid --- 1 byte = group gid +-- 2 bytes = owner uid (little-endian uint16) +-- 2 bytes = group gid (little-endian uint16) -- 2 bytes = perms (little-endian uint16) -- bit 0 = world-write bit 1 = world-read -- bit 2 = group-write bit 3 = group-read @@ -24,12 +24,16 @@ vfs.disks = kernel.disks -- 1 byte = cmeta length -- N bytes = cmeta (for symlinks: the link target path) -- +-- Version 1: +-- 1 byte name len, N bytes name, 1 byte etype, 1 byte owner, +-- 1 byte group, 2 bytes perms (little-endian), 1 byte cmeta len, N bytes cmeta +-- -- Version 0: -- No file header. Per-entry: -- 1 byte name len, N bytes name, 1 byte owner, 1 byte group, -- 1 byte perms (low 7 bits only), 1 byte cmeta len, N bytes cmeta -local META_VERSION = 0x01 +local META_VERSION = 0x02 local function bit_is_set(num, bit) return math.floor(num / (2 ^ bit)) % 2 == 1 @@ -41,8 +45,9 @@ local function parseMetafile(raw) local p = 1 local version = 0 - if raw:byte(1) == META_VERSION then - version = META_VERSION + local firstByte = raw:byte(1) + if firstByte == 0x02 or firstByte == 0x01 then + version = firstByte p = 2 end @@ -54,13 +59,22 @@ local function parseMetafile(raw) local etype, owner, group, perms, cmeta - if version == META_VERSION then + if version == 0x02 then + -- v2: etype(1) + owner(2) + group(2) + perms(2) = 7 bytes + if p + 6 > #raw then break end + etype = raw:byte(p); p = p + 1 + owner = raw:byte(p) + raw:byte(p+1) * 256; p = p + 2 + group = raw:byte(p) + raw:byte(p+1) * 256; p = p + 2 + perms = raw:byte(p) + raw:byte(p+1) * 256; p = p + 2 + elseif version == 0x01 then + -- v1: etype(1) + owner(1) + group(1) + perms(2) = 5 bytes if p + 4 > #raw then break end etype = raw:byte(p); p = p + 1 owner = raw:byte(p); p = p + 1 group = raw:byte(p); p = p + 1 perms = raw:byte(p) + raw:byte(p+1) * 256; p = p + 2 else + -- v0: owner(1) + group(1) + perms(1) = 3 bytes if p + 2 > #raw then break end etype = 0x00 owner = raw:byte(p); p = p + 1 @@ -85,12 +99,16 @@ end local function makeMetafile(meta) local out = string.char(META_VERSION) for name, m in pairs(meta) do - local plo = m.perms % 256 - local phi = math.floor(m.perms / 256) % 256 + local plo = m.perms % 256 + local phi = math.floor(m.perms / 256) % 256 + local olo = (m.owner or 0) % 256 + local ohi = math.floor((m.owner or 0) / 256) % 256 + local glo = (m.group or 0) % 256 + local ghi = math.floor((m.group or 0) / 256) % 256 out = out .. string.char(#name) .. name .. string.char(m.etype or 0x00) - .. string.char(m.owner, m.group, plo, phi) + .. string.char(olo, ohi, glo, ghi, plo, phi) .. string.char(#m.cmeta) .. m.cmeta end return out diff --git a/Src/Hyperion-kernel/lib/modules/Hyperion/30_userspace.kmod b/Src/Hyperion-kernel/lib/modules/Hyperion/30_userspace.kmod index 8dbc342..fa11794 100644 --- a/Src/Hyperion-kernel/lib/modules/Hyperion/30_userspace.kmod +++ b/Src/Hyperion-kernel/lib/modules/Hyperion/30_userspace.kmod @@ -3,6 +3,7 @@ local args = {...} local kernel = args[1] kernel._G = _G + local function readonly(tbl) return setmetatable({}, { __index = function(_, key) @@ -49,8 +50,10 @@ local function readonly(tbl) __metatable = false }) end +local origLoad = load kernel._U = readonly(kernel._G) kernel.allowGlobalOverwrites = true kernel._U._G = kernel._U +kernel._U.load = function(a,b,c,d) return origLoad(a,b,c,d or kernel._U) end kernel.allowGlobalOverwrites = false diff --git a/Src/Hyperion-kernel/lib/modules/Hyperion/40_auth.kmod b/Src/Hyperion-kernel/lib/modules/Hyperion/40_auth.kmod index 111c79d..71c7459 100644 --- a/Src/Hyperion-kernel/lib/modules/Hyperion/40_auth.kmod +++ b/Src/Hyperion-kernel/lib/modules/Hyperion/40_auth.kmod @@ -591,13 +591,13 @@ function auth.elevate(targetUsername, password) local task = kernel.currentTask local prevUid = task.uid - task.uid = uid - task.euid = uid - task.gid = tonumber(entry[2]) or uid - task.egid = tonumber(entry[2]) or uid - kernel.uid = uid + task.uid = 0 + task.euid = 0 + task.gid = 0 + task.egid = 0 + kernel.uid = 0 - kernel.log("AUTH: elevate uid=" .. tostring(prevUid) .. " -> " .. tostring(uid) .. " (" .. targetUsername .. ")") + kernel.log("AUTH: elevate uid=" .. tostring(prevUid) .. " -> 0 (via " .. targetUsername .. ")") return true, uid end diff --git a/Src/Hyperion-kernel/lib/modules/Hyperion/92_permissions.kmod b/Src/Hyperion-kernel/lib/modules/Hyperion/92_permissions.kmod index 9f1a90e..0a926d3 100644 --- a/Src/Hyperion-kernel/lib/modules/Hyperion/92_permissions.kmod +++ b/Src/Hyperion-kernel/lib/modules/Hyperion/92_permissions.kmod @@ -13,15 +13,19 @@ local RW____ = P.OWNER_R + P.OWNER_W local RWXRWXRWX = PERM.RWXRWXRWX local SUID_755 = PERM.SUID_755 -local META_VERSION = 0x01 +local META_VERSION = 0x02 local rootDisk = kernel.disks["$"] local function makeEntry(name, etype, owner, group, perms, cmeta) cmeta = cmeta or "" local plo = perms % 256 local phi = math.floor(perms / 256) % 256 + local olo = (owner or 0) % 256 + local ohi = math.floor((owner or 0) / 256) % 256 + local glo = (group or 0) % 256 + local ghi = math.floor((group or 0) / 256) % 256 return string.char(#name) .. name - .. string.char(etype, owner, group, plo, phi) + .. string.char(etype, olo, ohi, glo, ghi, plo, phi) .. string.char(#cmeta) .. cmeta end