Lux GPU Core
0.2.0
Lightweight plugin-based GPU acceleration for blockchain and ML
Loading...
Searching...
No Matches
privilege.h
Go to the documentation of this file.
1
// Copyright (c) 2024-2026 Lux Industries Inc.
2
// SPDX-License-Identifier: BSD-3-Clause-Eco
3
//
4
// Privilege gate for env-var honoring. Public-but-internal: the gpu core, the
5
// plugin loader, and each backend plugin all need the SAME predicate so that
6
// every env-controlled lookup (LUX_GPU_BACKEND_PATH, LUX_METAL_KERNEL_PATH,
7
// LUX_CUDA_KERNEL_PATH, LUX_WGSL_KERNEL_PATH) refuses uniformly under
8
// elevated privileges.
9
//
10
// Refusal policy:
11
// * Windows — no setuid concept; treat env as trusted.
12
// * macOS / *BSD — issetugid() is authoritative.
13
// * Linux — emulate issetugid() via real != effective uid
14
// or gid (gained privilege at exec()).
15
//
16
// A second opt-out: LUX_GPU_TRUST_ENV=0 forces refusal regardless of process
17
// privilege. Operators set this to harden long-lived services that should
18
// never honor caller-supplied paths.
19
20
#ifndef LUX_GPU_INTERNAL_PRIVILEGE_H
21
#define LUX_GPU_INTERNAL_PRIVILEGE_H
22
23
#include <cstdlib>
24
#include <cstring>
25
26
#ifdef _WIN32
27
#else
28
# include <unistd.h>
29
# include <sys/types.h>
30
#endif
31
32
namespace
lux::gpu::internal
{
33
34
inline
bool
process_is_privileged
() {
35
#ifdef _WIN32
36
return
false
;
37
#elif defined(__APPLE__) || defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__NetBSD__)
38
return
issetugid() != 0;
39
#else
40
return
getuid() != geteuid() || getgid() != getegid();
41
#endif
42
}
43
44
// Returns true if env-var consumption is forbidden. A backend plugin / loader
45
// MUST early-return on this predicate BEFORE calling std::getenv on any user-
46
// controlled path key. The single kill switch (LUX_GPU_TRUST_ENV=0) plus the
47
// privilege check covers both "operator opted out" and "setuid binary".
48
inline
bool
env_is_untrusted
() {
49
if
(
const
char
* trust = std::getenv(
"LUX_GPU_TRUST_ENV"
);
50
trust && std::strcmp(trust,
"0"
) == 0) {
51
return
true
;
52
}
53
return
process_is_privileged
();
54
}
55
56
}
// namespace lux::gpu::internal
57
58
#endif
// LUX_GPU_INTERNAL_PRIVILEGE_H
lux::gpu::internal
Definition
privilege.h:32
lux::gpu::internal::process_is_privileged
bool process_is_privileged()
Definition
privilege.h:34
lux::gpu::internal::env_is_untrusted
bool env_is_untrusted()
Definition
privilege.h:48
lux
gpu
internal
privilege.h
Generated by
1.9.8
1.9.8 1.9.8