forked from code-golf/code-golf
-
Notifications
You must be signed in to change notification settings - Fork 0
/
run-lang.asm
175 lines (141 loc) · 4.1 KB
/
run-lang.asm
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
; nasm -f bin -o run-lang run-lang.asm && chmod +x run-lang
GID_nobody equ 99
MNT_DETACH equ 2
MS_BIND equ 1 << 12
MS_REC equ 1 << 14
MS_PRIVATE equ 1 << 18
SYS_write equ 1
SYS_execve equ 59
SYS_exit equ 60
SYS_chdir equ 80
SYS_setuid equ 105
SYS_setgid equ 106
SYS_pivot_root equ 155
SYS_mount equ 165
SYS_umount2 equ 166
SYS_sethostname equ 170
BITS 64
org 0x400000
ehdr: ; Elf64_Ehdr
db 0x7f, "ELF", 2 ; e_ident
times 2 db 1 ; e_ident cont.
times 9 db 0 ; e_ident cont.
dw 2 ; e_type
dw 0x3e ; e_machine
dd 1 ; e_version
dq start ; e_entry
dq phdr - $$ ; e_phoff
dq 0 ; e_shoff
dd 0 ; e_flags
dw ehdrsize ; e_ehsize
dw phdrsize ; e_phentsize
dw 1 ; e_phnum
times 3 dw 0 ; e_shentsize, e_shnum, e_shstrndx
ehdrsize equ $ - ehdr
phdr: ; Elf64_Phdr
dd 1 ; p_type
dd 5 ; p_flags
dq 0 ; p_offset
dq $$ ; p_vaddr
dq $$ ; p_paddr
times 2 dq filesize ; p_filesz, p_memsz
dq 0x1000 ; p_align
phdrsize equ $ - phdr
host db "code-golf"
hostsize equ $ - host
fullroot db "rootfs/old-root", 0
oldroot db "old-root", 0
rootfs db "rootfs", 0
slash db "/", 0
proc db "proc", 0
tmp db "tmp", 0
tmpfs db "tmpfs", 0
start:
; mount / as private
mov rax, SYS_mount
; rdi starts as 0
mov rsi, slash
mov r10, MS_PRIVATE|MS_REC
; r8 starts as 0
syscall
test eax, eax
jnz exit
; bind mount rootfs
mov rax, SYS_mount
mov rdi, rootfs
mov rsi, rdi
; edx starts as 0
mov r10, MS_BIND|MS_REC
syscall
test eax, eax
jnz exit
; pivot to rootfs
mov rax, SYS_pivot_root
; rdi is still rootfs
mov rsi, fullroot
syscall
test eax, eax
jnz exit
; change directory to /
mov rax, SYS_chdir
mov rdi, slash
syscall
test eax, eax
jnz exit
; unmount the old root
mov rax, SYS_umount2
mov rdi, oldroot
mov rsi, MNT_DETACH
syscall
test eax, eax
jnz exit
; mount /proc as proc
mov rax, SYS_mount
mov rdi, proc
mov rsi, rdi
mov rdx, rdi
xor r10, r10
; r8 is still 0
syscall
test eax, eax
jnz exit
; mount /tmp as tmpfs
mov rax, SYS_mount
mov rdi, tmp
mov rsi, rdi
mov edx, tmpfs
; r10 is still 0
; r8 is still 0
syscall
test eax, eax
jnz exit
; set the hostname
mov rax, SYS_sethostname
mov rdi, host
mov rsi, hostsize
syscall
test eax, eax
jnz exit
; set the group
mov rax, SYS_setgid
mov rdi, GID_nobody
syscall
test eax, eax
jnz exit
; set the user
mov rax, SYS_setuid
; rdi is still GID_nobody which is identical to UID_nobody
syscall
test eax, eax
jnz exit
; syscall(SYS_execve, argv[0], argv, 0);
mov rax, SYS_execve
lea rsi, [rsp + 8] ; argv
mov rdi, [rsi] ; argv[0]
xor edx, edx
syscall
exit:
mov rax, SYS_exit
mov rdi, 1
syscall
filesize equ $ - $$