]> Projects (at) Tadryanom (dot) Me - AdrOS.git/commit
projects / AdrOS.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: bc8a27b) | patch
security: Round 1-2 fixes (A02, A03, A04, A14, A16, partial A07)
authorTulio A M Mendes <[email protected]>
Mon, 25 May 2026 18:02:55 +0000 (15:02 -0300)
committerTulio A M Mendes <[email protected]>
Mon, 25 May 2026 18:02:55 +0000 (15:02 -0300)
commit6a14844209aba15617a9e61dd253b483b060c4e4
tree61d3caba54a11ae20b16d47def63b83ddc86eba5tree | snapshot
parentbc8a27b08b1f85cf87891833b90c2378a3788963commit | diff
security: Round 1-2 fixes (A02, A03, A04, A14, A16, partial A07)

- A16: pmm_decref underflow guard in src/mm/pmm.c
- A02: sysenter.S stack pointer validation with 8-byte kernel margin
- A03: pread/pwrite mode validation (rejects O_WRONLY for pread, O_RDONLY for pwrite, checks MS_RDONLY)
- A04: Reject O_RDONLY|O_TRUNC in open syscall
- A14: truncate/ftruncate storage update via vfs_truncate_node helper with fallback
- A07: vfs_check_parent_permission helper added to fs.c, applied to unlink/rmdir/rename/mkdir/link/create (allows all for now - single-user root system)

Note: A01 (W^X/NX default) removed temporarily due to kernel panic - needs NX bit investigation
Note: K02 (mprotect per VMA) deferred - requires per-page VMA architecture

Tests: 119/119 PASS (smoke test, SMP=4)
docs/SECURITY_FIX_PLAN_2026-05-25.md [new file with mode: 0644] blob
include/fs.h diff | blob | blame | history
src/arch/x86/sysenter.S diff | blob | blame | history
src/kernel/fs.c diff | blob | blame | history
src/kernel/syscall.c diff | blob | blame | history
src/mm/pmm.c diff | blob | blame | history
AdrOS - A Unix-like Operating System for hobby/academic study.