PERFORCE change 163732 for review

Sun Jun 7 20:11:41 UTC 2009

http://perforce.freebsd.org/chv.cgi?CH=163732

Change 163732 by rwatson at rwatson_freebsd_capabilities on 2009/06/07 20:11:31

	Pass libc.so.7 into programs launched by capexec when running with
	rtld-elf-cap.so.

Affected files ...

.. //depot/projects/trustedbsd/capabilities/src/tools/cap/cap_exec/cap_exec.c#2 edit

Differences ...

==== //depot/projects/trustedbsd/capabilities/src/tools/cap/cap_exec/cap_exec.c#2 (text+ko) ====

@@ -5,6 +5,7 @@
 
 #include <err.h>
 #include <fcntl.h>
+#include <stdio.h>
 #include <stdlib.h>
 #include <unistd.h>
 
@@ -16,17 +17,24 @@
 	LD_ELF_CAP_SO,
 	NULL,
 };
+
+#define	LIBC_SO	"libc.so.7"
+#define	LIBPATH	"/lib/"
 #endif
 
 #define	BASE_CAPS	(CAP_IOCTL | CAP_EVENT | CAP_SEEK | CAP_FSTAT)
 #define	STDIN_CAPS	(BASE_CAPS | CAP_READ)
 #define	STDOUT_CAPS	(BASE_CAPS | CAP_WRITE)
 #define	STDERR_CAPS	(BASE_CAPS | CAP_WRITE)
+#define	BIN_CAPS	(CAP_SEEK | CAP_FSTAT | CAP_FSTATFS | CAP_READ | \
+			    CAP_FEXECVE | CAP_MMAP | CAP_MAPEXEC)
 
 int
 main(int argc, char *argv[])
 {
-	int fd_exec, fd_stdin, fd_stdout, fd_stderr, fd_procdesc;
+	int fd_exec, fd_libc, fd_new;
+	int fd_stdin, fd_stdout, fd_stderr, fd_procdesc;
+	char *env_caplibindex;
 	struct pollfd pollfd;
 #ifdef LDSO_MODE
 	int fd_ldso;
@@ -53,8 +61,24 @@
 		fd_ldso = open(LD_ELF_CAP_SO, O_RDONLY);
 		if (fd_ldso < 0)
 			err(-1, "open: %s", LD_ELF_CAP_SO);
+		fd_new = cap_new(fd_ldso, BIN_CAPS);
+		if (fd_new < 0)
+			err(-1, "cap_new");
+		if (dup2(fd_new, fd_ldso) < 0)
+			err(-1, "dup2");
+		close(fd_new);
 		if (fcntl(fd_ldso, F_SETFD, FD_CLOEXEC) < 0)
 			err(-1, "fcntl FD_CLOEXEC");
+
+		fd_libc = open(LIBPATH LIBC_SO, O_RDONLY);
+		if (fd_libc < 0)
+			err(-1, "open: %s", LIBPATH LIBC_SO);
+		fd_new = cap_new(fd_libc, BIN_CAPS);
+		if (fd_new < 0)
+			err(-1, "cap_new");
+		if (dup2(fd_new, fd_libc) < 0)
+			err(-1, "dup2");
+		close(fd_new);
 #else
 		if (fcntl(fd_exec, F_SETFD, FD_CLOEXEC) < 0)
 			err(-1, "fcntl FD_CLOEXEC");
@@ -95,9 +119,16 @@
 		close(fd_stderr);
 
 		/*
-		 * Similarly constrain file descriptors for execution.
+		 * Set up environmental variable so that the runtime linker
+		 * can access libc in a sandbox.
 		 */
-		
+#ifdef LDSO_MODE
+		if (asprintf(&env_caplibindex, "%d:%s", fd_libc, LIBC_SO) ==
+		    -1)
+			err(-1, "asprintf");
+		printf("caplibindex: %s\n", env_caplibindex);
+		setenv("LD_CAPLIBINDEX", env_caplibindex, 1);
+#endif
 
 		/*
 		 * Perhaps a closeall() or something to clear any remaining
