load vuln fixed, sudo fixed

Src/Hyperion-kernel/lib/modules/Hyperion/10_vfs.kmod

@@ -5,14 +5,14 @@ kernel.vfs = vfs
 vfs.mounts = {["$"] = "/"}
 vfs.disks = kernel.disks
 
--- Metafile format (version 1)
--- File header:   1 byte  = version (0x01)
+-- Metafile format (version 2)
+-- File header:   1 byte  = version (0x02)
 -- Per-entry:
 --   1 byte  = name length
 --   N bytes = name
 --   1 byte  = entry type  (0x00 = regular, 0x01 = symlink)
---   1 byte  = owner uid
---   1 byte  = group gid
+--   2 bytes = owner uid  (little-endian uint16)
+--   2 bytes = group gid  (little-endian uint16)
 --   2 bytes = perms (little-endian uint16)
 --               bit  0 = world-write    bit  1 = world-read
 --               bit  2 = group-write    bit  3 = group-read
@@ -24,12 +24,16 @@ vfs.disks = kernel.disks
 --   1 byte  = cmeta length
 --   N bytes = cmeta  (for symlinks: the link target path)
 --
+-- Version 1:
+--   1 byte name len, N bytes name, 1 byte etype, 1 byte owner,
+--   1 byte group, 2 bytes perms (little-endian), 1 byte cmeta len, N bytes cmeta
+--
 -- Version 0:
 --   No file header.  Per-entry:
 --     1 byte name len, N bytes name, 1 byte owner, 1 byte group,
 --     1 byte perms (low 7 bits only), 1 byte cmeta len, N bytes cmeta
 
-local META_VERSION = 0x01
+local META_VERSION = 0x02
 
 local function bit_is_set(num, bit)
     return math.floor(num / (2 ^ bit)) % 2 == 1
@@ -41,8 +45,9 @@ local function parseMetafile(raw)
     local p = 1
 
     local version = 0
-    if raw:byte(1) == META_VERSION then
-        version = META_VERSION
+    local firstByte = raw:byte(1)
+    if firstByte == 0x02 or firstByte == 0x01 then
+        version = firstByte
         p = 2
     end
 
@@ -54,13 +59,22 @@ local function parseMetafile(raw)
 
         local etype, owner, group, perms, cmeta
 
-        if version == META_VERSION then
+        if version == 0x02 then
+            -- v2: etype(1) + owner(2) + group(2) + perms(2) = 7 bytes
+            if p + 6 > #raw then break end
+            etype  = raw:byte(p);                              p = p + 1
+            owner  = raw:byte(p) + raw:byte(p+1) * 256;       p = p + 2
+            group  = raw:byte(p) + raw:byte(p+1) * 256;       p = p + 2
+            perms  = raw:byte(p) + raw:byte(p+1) * 256;       p = p + 2
+        elseif version == 0x01 then
+            -- v1: etype(1) + owner(1) + group(1) + perms(2) = 5 bytes
             if p + 4 > #raw then break end
             etype  = raw:byte(p);     p = p + 1
             owner  = raw:byte(p);     p = p + 1
             group  = raw:byte(p);     p = p + 1
             perms  = raw:byte(p) + raw:byte(p+1) * 256; p = p + 2
         else
+            -- v0: owner(1) + group(1) + perms(1) = 3 bytes
             if p + 2 > #raw then break end
             etype = 0x00
             owner = raw:byte(p); p = p + 1
@@ -85,12 +99,16 @@ end
 local function makeMetafile(meta)
     local out = string.char(META_VERSION)
     for name, m in pairs(meta) do
-        local plo = m.perms % 256
-        local phi = math.floor(m.perms / 256) % 256
+        local plo  = m.perms % 256
+        local phi  = math.floor(m.perms / 256) % 256
+        local olo  = (m.owner or 0) % 256
+        local ohi  = math.floor((m.owner or 0) / 256) % 256
+        local glo  = (m.group or 0) % 256
+        local ghi  = math.floor((m.group or 0) / 256) % 256
         out = out
             .. string.char(#name) .. name
             .. string.char(m.etype or 0x00)
-            .. string.char(m.owner, m.group, plo, phi)
+            .. string.char(olo, ohi, glo, ghi, plo, phi)
             .. string.char(#m.cmeta) .. m.cmeta
     end
     return out

Src/Hyperion-kernel/lib/modules/Hyperion/30_userspace.kmod

@@ -3,6 +3,7 @@ local args = {...}
 local kernel = args[1]
 kernel._G = _G
 
+
 local function readonly(tbl)
     return setmetatable({}, {
         __index = function(_, key)
@@ -49,8 +50,10 @@ local function readonly(tbl)
         __metatable = false
     })
 end
+local origLoad = load
 
 kernel._U = readonly(kernel._G)
 kernel.allowGlobalOverwrites = true
 kernel._U._G = kernel._U
+kernel._U.load = function(a,b,c,d) return origLoad(a,b,c,d or kernel._U) end
 kernel.allowGlobalOverwrites = false

Src/Hyperion-kernel/lib/modules/Hyperion/40_auth.kmod

@@ -591,13 +591,13 @@ function auth.elevate(targetUsername, password)
 
     local task = kernel.currentTask
     local prevUid = task.uid
-    task.uid  = uid
-    task.euid = uid
-    task.gid  = tonumber(entry[2]) or uid
-    task.egid = tonumber(entry[2]) or uid
-    kernel.uid = uid
+    task.uid  = 0
+    task.euid = 0
+    task.gid  = 0
+    task.egid = 0
+    kernel.uid = 0
 
-    kernel.log("AUTH: elevate uid=" .. tostring(prevUid) .. " -> " .. tostring(uid) .. " (" .. targetUsername .. ")")
+    kernel.log("AUTH: elevate uid=" .. tostring(prevUid) .. " -> 0 (via " .. targetUsername .. ")")
     return true, uid
 end
 

Src/Hyperion-kernel/lib/modules/Hyperion/92_permissions.kmod

@@ -13,15 +13,19 @@ local RW____    = P.OWNER_R + P.OWNER_W
 local RWXRWXRWX = PERM.RWXRWXRWX
 local SUID_755  = PERM.SUID_755
 
-local META_VERSION = 0x01
+local META_VERSION = 0x02
 local rootDisk = kernel.disks["$"]
 
 local function makeEntry(name, etype, owner, group, perms, cmeta)
     cmeta = cmeta or ""
     local plo = perms % 256
     local phi = math.floor(perms / 256) % 256
+    local olo = (owner or 0) % 256
+    local ohi = math.floor((owner or 0) / 256) % 256
+    local glo = (group or 0) % 256
+    local ghi = math.floor((group or 0) / 256) % 256
     return string.char(#name) .. name
-         .. string.char(etype, owner, group, plo, phi)
+         .. string.char(etype, olo, ohi, glo, ghi, plo, phi)
          .. string.char(#cmeta) .. cmeta
 end