PERFORCE change 164669 for review

Thu Jun 18 15:37:11 UTC 2009

http://perforce.freebsd.org/chv.cgi?CH=164669

Change 164669 by rwatson at rwatson_freebsd_capabilities on 2009/06/18 15:36:56

	Pass in specific libraries required for gzsandbox rather than
	relying on libcapability passing in the right ones for us.  In
	the future the sandbox runtime linker will take care of this.

Affected files ...

.. //depot/projects/trustedbsd/capabilities/src/usr.bin/gzip/Makefile#4 edit
.. //depot/projects/trustedbsd/capabilities/src/usr.bin/gzip/gzsandbox.c#5 edit

Differences ...

==== //depot/projects/trustedbsd/capabilities/src/usr.bin/gzip/Makefile#4 (text+ko) ====

@@ -7,8 +7,8 @@
 MAN=		gzip.1 gzexe.1 zdiff.1 zforce.1 zmore.1 znew.1
 SRCS=		gzip.c gzsandbox.c
 
-DPADD=		${LIBZ} ${LIBCAPABILITY}
-LDADD=		-lz -lcapability
+DPADD=		${LIBZ} ${LIBCAPABILITY} ${LIBSBUF}
+LDADD=		-lz -lcapability -lsbuf
 WARNS?=		6
 CFLAGS+=	-rdynamic			# For sandbox cap_main
 

==== //depot/projects/trustedbsd/capabilities/src/usr.bin/gzip/gzsandbox.c#5 (text+ko) ====

@@ -40,6 +40,7 @@
 
 #include <err.h>
 #include <errno.h>
+#include <fcntl.h>
 #include <libcapability.h>
 #include <limits.h>
 #include <stdlib.h>
@@ -48,7 +49,21 @@
 
 #include "gzip.h"
 
+#define	LC_LIB_LIBZ_SO	"/lib/libz.so.4"
+#define	LC_LIBZ_SO	"libz.so.4"
+
+#define	LC_USR_LIB_LIBBZ2_SO	"/usr/lib/libbz2.so.3"
+#define	LC_LIBBZ2_SO		"libbz2.so.3"
+
 #define	LC_USR_BIN_GZIP_SANDBOX	"/usr/bin/gzip"
+
+struct lc_library gzsandbox_libs[] = {
+	{ LC_LIB_LIBZ_SO,		LC_LIBZ_SO,	-1 },
+	{ LC_USR_LIB_LIBBZ2_SO,		LC_LIBBZ2_SO,	-1 },
+};
+static const u_int gzsandbox_libs_count = sizeof(gzsandbox_libs) /
+	    sizeof(gzsandbox_libs[0]);
+
 static char *lc_sandbox_argv[] = { __DECONST(char *, LC_USR_BIN_GZIP_SANDBOX),
 				    NULL };
 
@@ -63,9 +78,29 @@
 static void
 gzsandbox_initialize(void)
 {
+	u_int i;
 
+	if (gzsandbox_initialized)
+		return;
+	gzsandbox_enabled = lch_autosandbox_isenabled("gzip");
 	gzsandbox_initialized = 1;
-	gzsandbox_enabled = lch_autosandbox_isenabled("gzip");
+	if (!gzsandbox_enabled)
+		return;
+
+	/*
+	 * If sandboxes are in use, open libraries that we'll require in the
+	 * sandbox and kick it off.
+	 */
+	for (i = 0; i < gzsandbox_libs_count; i++) {
+		gzsandbox_libs[i].lcl_fd =
+		    open(gzsandbox_libs[i].lcl_libpath, O_RDONLY);
+		if (gzsandbox_libs[i].lcl_fd < 0)
+			err(-1, "open: %s", gzsandbox_libs[i].lcl_libname);
+	}
+	if (lch_start_libs(LC_USR_BIN_GZIP_SANDBOX, lc_sandbox_argv,
+	    LCH_PERMIT_STDERR, gzsandbox_libs, gzsandbox_libs_count, &lcsp)
+	    < 0)
+		err(-1, "lch_start %s", LC_USR_BIN_GZIP_SANDBOX);
 }
 
 struct host_gz_compress_req {
@@ -88,12 +123,6 @@
 	int fdarray[2];
 	size_t len;
 
-	if (lcsp == NULL) {
-		if (lch_start(LC_USR_BIN_GZIP_SANDBOX, lc_sandbox_argv,
-		    LCH_PERMIT_STDERR, &lcsp) < 0)
-			err(-1, "lch_start %s", LC_USR_BIN_GZIP_SANDBOX);
-	}
-
 	bzero(&req, sizeof(req));
 	strlcpy(req.hgc_req_origname, origname,
 	    sizeof(req.hgc_req_origname));
@@ -144,8 +173,7 @@
     uint32_t mtime)
 {
 
-	if (!gzsandbox_initialized)
-		gzsandbox_initialize();
+	gzsandbox_initialize();
 	if (gzsandbox_enabled)
 		return (gz_compress_insandbox(in, out, gsizep, origname,
 		    mtime));
@@ -174,12 +202,6 @@
 	int fdarray[2];
 	size_t len;
 
-	if (lcsp == NULL) {
-		if (lch_start(LC_USR_BIN_GZIP_SANDBOX, lc_sandbox_argv,
-		    LCH_PERMIT_STDERR, &lcsp) < 0)
-			err(-1, "lch_start %s", LC_USR_BIN_GZIP_SANDBOX);
-	}
-
 	bzero(&req, sizeof(req));
 	req.hgu_req_prelen = prelen;
 	strlcpy(req.hgu_req_filename, filename,
@@ -234,8 +256,7 @@
     off_t *gsizep, const char *filename)
 {
 
-	if (!gzsandbox_initialized)
-		gzsandbox_initialize();
+	gzsandbox_initialize();
 	if (gzsandbox_enabled)
 		return (gz_uncompress_insandbox(in, out,  pre, prelen,
 		    gsizep, filename));
@@ -263,12 +284,6 @@
 	int fdarray[2];
 	size_t len;
 
-	if (lcsp == NULL) {
-		if (lch_start(LC_USR_BIN_GZIP_SANDBOX, lc_sandbox_argv,
-		    LCH_PERMIT_STDERR, &lcsp) < 0)
-			err(-1, "lch_start %s", LC_USR_BIN_GZIP_SANDBOX);
-	}
-
 	bzero(&req, sizeof(req));
 	req.hub_req_prelen = prelen;
 	iov_req[0].iov_base = &req;
@@ -319,8 +334,7 @@
 unbzip2_wrapper(int in, int out, char *pre, size_t prelen, off_t *bytes_in)
 {
 
-	if (!gzsandbox_initialized)
-		gzsandbox_initialize();
+	gzsandbox_initialize();
 	if (gzsandbox_enabled)
 		return (unbzip2_insandbox(in, out, pre, prelen, bytes_in));
 	else
