security: fix leaked kernel process context

Author: obfuscatedgenerated

src/kernel/index.ts

@@ -325,16 +325,17 @@ export class Kernel {
         // provide either privileged or userspace kernel access
         if (start_privileged) {
             data.kernel = this;
+            data.process = process;
         } else {
             data.kernel = this.create_userspace_proxy(process);
+            data.process = process.create_userspace_proxy();
         }
 
         data.term = this.#term;
         data.args = args;
         data.shell = shell;
         data.unsubbed_args = parsed_line.unsubbed_args;
         data.raw_parts = parsed_line.raw_parts;
-        data.process = process;
 
         Object.freeze(data);
 

src/kernel/processes.ts

@@ -309,8 +309,11 @@ export interface UserspaceOtherProcessContext {
 export interface UserspaceProcessContext extends UserspaceOtherProcessContext {
     detach(silently?: boolean): void;
     kill(exit_code?: number): void;
+    add_exit_listener(listener: (exit_code: number) => Promise<void> | void): void;
     create_timeout(callback: () => void, delay: number): number;
     cancel_timeout(id: number): void;
+    wait_for_timeout(id: number): Promise<boolean>;
+    has_timeout(id: number): boolean;
     create_interval(callback: () => void, interval: number): number;
     clear_interval(id: number): void;
     create_window(): AbstractWindow | null;
@@ -434,7 +437,11 @@ export class ProcessContext {
         this.#manager.mark_terminated(this.#pid);
 
         for (const listener of this.#exit_listeners) {
-            listener(exit_code);
+            try {
+                listener(exit_code);
+            } catch (err) {
+                console.error("Process exit listener error:", err);
+            }
         }
     }
 
@@ -615,11 +622,13 @@ export class ProcessContext {
             is_foreground: { get: () => self.is_foreground, enumerable: true },
             attachment: { get: () => self.attachment, enumerable: true },
             source_command: { get: () => self.source_command, enumerable: true },
-
             detach: { value: (silently = false) => { self.detach(silently); }, enumerable: true },
             kill: { value: (exit_code = 0) => { self.kill(exit_code); }, enumerable: true },
+            add_exit_listener: { value: (listener: (exit_code: number) => Promise<void> | void) => { self.add_exit_listener(listener); }, enumerable: true },
             create_timeout: { value: (callback: () => void, delay: number) => self.create_timeout(callback, delay), enumerable: true },
             cancel_timeout: { value: (id: number) => { self.cancel_timeout(id); }, enumerable: true },
+            wait_for_timeout: { value: (id: number) => self.wait_for_timeout(id), enumerable: true },
+            has_timeout: { value: (id: number) => self.has_timeout(id), enumerable: true },
             create_interval: { value: (callback: () => void, interval: number) => self.create_interval(callback, interval), enumerable: true },
             clear_interval: { value: (id: number) => { self.clear_interval(id); }, enumerable: true },
             create_window: { value: () => self.create_window(),  enumerable: true },

src/types.ts

@@ -1,6 +1,6 @@
 import type {Kernel, UserspaceKernel} from "./kernel";
 import type {WrappedTerminal} from "./kernel/term_ctl";
-import type {ProcessContext} from "./kernel/processes";
+import type {ProcessContext, UserspaceProcessContext} from "./kernel/processes";
 import type {AbstractShell} from "./abstract_shell";
 
 export interface ProgramMainData<K = UserspaceKernel> {
@@ -19,7 +19,7 @@ export interface ProgramMainData<K = UserspaceKernel> {
     shell?: AbstractShell;
 
     // process info for the currently running program
-    process: ProcessContext,
+    process: K extends Kernel ? ProcessContext : UserspaceProcessContext;
 
     // args after variable substitution
     args: string[],