Changeset 59409 in vbox for trunk/src/VBox/Frontends/VBoxHeadless

Timestamp:

Jan 19, 2016 1:37:10 PM (9 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

105119

Message:

VBoxHeadless: hack

File:

• trunk/src/VBox/Frontends/VBoxHeadless/VBoxHeadless.cpp (modified) (3 diffs)

trunk/src/VBox/Frontends/VBoxHeadless/VBoxHeadless.cpp

@@ -44 +44 @@
 
 #ifdef VBOX_WITH_VPX
-#include <cstdlib>
-#include <cerrno>
-#include <iprt/process.h>
+# include <cstdlib>
+# include <cerrno>
+# include <iprt/process.h>
+#endif
+
+#ifdef RT_OS_DARWIN
+# include <dlfcn.h>
+# include <sys/mman.h>
 #endif
 
@@ -586 +591 @@
 static CComModule _Module;
 #endif
+
+#ifdef RT_OS_DARWIN
+/**
+ * Mac OS X: Really ugly hack to bypass a set-uid check in AppKit.
+ *
+ * This will modify the issetugid() function to always return zero.  This must
+ * be done _before_ AppKit is initialized, otherwise it will refuse to play ball
+ * with us as it distrusts set-uid processes since Snow Leopard.  We, however,
+ * have carefully dropped all root privileges at this point and there should be
+ * no reason for any security concern here.
+ */
+static void hideSetUidRootFromAppKit()
+{
+    /* Find issetguid() and make it always return 0 by modifying the code: */
+    void *pvAddr = dlsym(RTLD_DEFAULT, "issetugid");
+    int rc = mprotect((void *)((uintptr_t)pvAddr & ~(uintptr_t)0xfff), 0x2000, PROT_WRITE | PROT_READ | PROT_EXEC);
+    if (!rc)
+        ASMAtomicWriteU32((volatile uint32_t *)pvAddr, 0xccc3c031); /* xor eax, eax; ret; int3 */
+}
+#endif /* RT_OS_DARWIN */
 
 /**
@@ -685 +710 @@
     const char *pcszNameOrUUID = NULL;
 
+#ifdef RT_OS_DARWIN
+    hideSetUidRootFromAppKit();
+#endif
+
     // parse the command line
     int ch;