From 39dc8e7bd8b07d1549185cc178fd3723797d3c74 Mon Sep 17 00:00:00 2001
From: Ophestra <cat@gensokyo.uk>
Date: Tue, 25 Feb 2025 18:12:41 +0900
Subject: [PATCH] dbus: set process group id

This stops signals sent by the TTY driver from propagating to the xdg-dbus-proxy process.

Signed-off-by: Ophestra <cat@gensokyo.uk>
---
 dbus/run.go               |  2 +-
 helper/bwrap.go           | 15 ++++++++++++---
 helper/bwrap_test.go      | 15 ++++++++++-----
 internal/app/shim/main.go |  2 +-
 ldd/exec.go               |  2 +-
 5 files changed, 25 insertions(+), 11 deletions(-)

diff --git a/dbus/run.go b/dbus/run.go
index 087990d..074fb92 100644
--- a/dbus/run.go
+++ b/dbus/run.go
@@ -110,7 +110,7 @@ func (p *Proxy) Start(ctx context.Context, output io.Writer, sandbox bool) error
 			bc.Bind(k, k)
 		}
 
-		h = helper.MustNewBwrap(bc, toolPath, p.seal, argF, nil, nil)
+		h = helper.MustNewBwrap(bc, toolPath, true, p.seal, argF, nil, nil)
 		p.bwrap = bc
 	}
 
diff --git a/helper/bwrap.go b/helper/bwrap.go
index 598f526..8ce224b 100644
--- a/helper/bwrap.go
+++ b/helper/bwrap.go
@@ -8,6 +8,7 @@ import (
 	"slices"
 	"strconv"
 	"sync"
+	"syscall"
 
 	"git.gensokyo.uk/security/fortify/helper/bwrap"
 	"git.gensokyo.uk/security/fortify/helper/proc"
@@ -23,6 +24,9 @@ type bubblewrap struct {
 	// name of the command to run in bwrap
 	name string
 
+	// whether to set process group id
+	setpgid bool
+
 	lock sync.RWMutex
 	*helperCmd
 }
@@ -38,6 +42,10 @@ func (b *bubblewrap) Start(ctx context.Context, stat bool) error {
 	}
 
 	args := b.finalise(ctx, stat)
+	if b.setpgid {
+		b.Cmd.SysProcAttr = &syscall.SysProcAttr{Setpgid: true}
+	}
+
 	b.Cmd.Args = slices.Grow(b.Cmd.Args, 4+len(args))
 	b.Cmd.Args = append(b.Cmd.Args, "--args", strconv.Itoa(int(b.argsFd)), "--", b.name)
 	b.Cmd.Args = append(b.Cmd.Args, args...)
@@ -48,12 +56,12 @@ func (b *bubblewrap) Start(ctx context.Context, stat bool) error {
 // If wt is nil, the child process spawned by bwrap will not get an argument pipe.
 // Function argF returns an array of arguments passed directly to the child process.
 func MustNewBwrap(
-	conf *bwrap.Config, name string,
+	conf *bwrap.Config, name string, setpgid bool,
 	wt io.WriterTo, argF func(argsFD, statFD int) []string,
 	extraFiles []*os.File,
 	syncFd *os.File,
 ) Helper {
-	b, err := NewBwrap(conf, name, wt, argF, extraFiles, syncFd)
+	b, err := NewBwrap(conf, name, setpgid, wt, argF, extraFiles, syncFd)
 	if err != nil {
 		panic(err.Error())
 	} else {
@@ -65,7 +73,7 @@ func MustNewBwrap(
 // If wt is nil, the child process spawned by bwrap will not get an argument pipe.
 // Function argF returns an array of arguments passed directly to the child process.
 func NewBwrap(
-	conf *bwrap.Config, name string,
+	conf *bwrap.Config, name string, setpgid bool,
 	wt io.WriterTo, argF func(argsFd, statFd int) []string,
 	extraFiles []*os.File,
 	syncFd *os.File,
@@ -73,6 +81,7 @@ func NewBwrap(
 	b := new(bubblewrap)
 
 	b.name = name
+	b.setpgid = setpgid
 	b.helperCmd = newHelperCmd(b, BubblewrapName, wt, argF, extraFiles)
 
 	if v, err := NewCheckedArgs(conf.Args(syncFd, b.extraFiles, &b.files)); err != nil {
diff --git a/helper/bwrap_test.go b/helper/bwrap_test.go
index 1569a82..6426434 100644
--- a/helper/bwrap_test.go
+++ b/helper/bwrap_test.go
@@ -31,7 +31,7 @@ func TestBwrap(t *testing.T) {
 		})
 
 		h := helper.MustNewBwrap(
-			sc, "fortify",
+			sc, "fortify", false,
 			argsWt, argF,
 			nil, nil,
 		)
@@ -44,7 +44,7 @@ func TestBwrap(t *testing.T) {
 
 	t.Run("valid new helper nil check", func(t *testing.T) {
 		if got := helper.MustNewBwrap(
-			sc, "fortify",
+			sc, "fortify", false,
 			argsWt, argF,
 			nil, nil,
 		); got == nil {
@@ -64,7 +64,7 @@ func TestBwrap(t *testing.T) {
 		}()
 
 		helper.MustNewBwrap(
-			&bwrap.Config{Hostname: "\x00"}, "fortify",
+			&bwrap.Config{Hostname: "\x00"}, "fortify", false,
 			nil, argF,
 			nil, nil,
 		)
@@ -74,7 +74,7 @@ func TestBwrap(t *testing.T) {
 		helper.InternalReplaceExecCommand(t)
 
 		h := helper.MustNewBwrap(
-			sc, "crash-test-dummy",
+			sc, "crash-test-dummy", false,
 			nil, argFChecked,
 			nil, nil,
 		)
@@ -98,6 +98,11 @@ func TestBwrap(t *testing.T) {
 	})
 
 	t.Run("implementation compliance", func(t *testing.T) {
-		testHelper(t, func() helper.Helper { return helper.MustNewBwrap(sc, "crash-test-dummy", argsWt, argF, nil, nil) })
+		testHelper(t, func() helper.Helper {
+			return helper.MustNewBwrap(
+				sc, "crash-test-dummy", false,
+				argsWt, argF, nil, nil,
+			)
+		})
 	})
 }
diff --git a/internal/app/shim/main.go b/internal/app/shim/main.go
index 7616945..5e32a9f 100644
--- a/internal/app/shim/main.go
+++ b/internal/app/shim/main.go
@@ -125,7 +125,7 @@ func Main() {
 		seccomp.CPrintln = log.Println
 	}
 	if b, err := helper.NewBwrap(
-		conf, path.Join(fst.Tmp, "sbin/init"),
+		conf, path.Join(fst.Tmp, "sbin/init"), false,
 		nil, func(int, int) []string { return make([]string, 0) },
 		extraFiles,
 		syncFd,
diff --git a/ldd/exec.go b/ldd/exec.go
index 4e5de47..3eb9493 100644
--- a/ldd/exec.go
+++ b/ldd/exec.go
@@ -29,7 +29,7 @@ func Exec(ctx context.Context, p string) ([]*Entry, error) {
 			Syscall:       &bwrap.SyscallPolicy{DenyDevel: true, Multiarch: true},
 			NewSession:    true,
 			DieWithParent: true,
-		}).Bind("/", "/").DevTmpfs("/dev"), toolPath,
+		}).Bind("/", "/").DevTmpfs("/dev"), toolPath, false,
 		nil, func(_, _ int) []string { return []string{p} },
 		nil, nil,
 	); err != nil {