From nobody Fri Feb 07 01:40:52 2025 X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YpxXd4hzfz5mR4S for ; Fri, 07 Feb 2025 01:41:53 +0000 (UTC) (envelope-from vini.ipsmaker@gmail.com) Received: from mail-lf1-x129.google.com (mail-lf1-x129.google.com [IPv6:2a00:1450:4864:20::129]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YpxXc6RD0z440K for ; Fri, 07 Feb 2025 01:41:52 +0000 (UTC) (envelope-from vini.ipsmaker@gmail.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20230601 header.b=FqU3z9fc; spf=pass (mx1.freebsd.org: domain of vini.ipsmaker@gmail.com designates 2a00:1450:4864:20::129 as permitted sender) smtp.mailfrom=vini.ipsmaker@gmail.com; dmarc=pass (policy=none) header.from=gmail.com Received: by mail-lf1-x129.google.com with SMTP id 2adb3069b0e04-5440d1f506aso1686784e87.2 for ; Thu, 06 Feb 2025 17:41:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1738892509; x=1739497309; darn=freebsd.org; h=content-transfer-encoding:to:subject:message-id:date:from :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=D1XYxnPy/cSNzFLijsBcpioyKiV/PbclBs73rvxalpU=; b=FqU3z9fck/hFTk2imoPYKvnNFnhvmKhXxV0oCKGfxvOqe7pn+pOeqNPnGib78wWhMG 4+xBc6WsO32CqVchOaem/DFlJ8dYG9hN918XW/kwCwtD99W/7vPHj+vIbxxgQR2C2mQZ 3KwEBmnFwkDMRu8dwTSrC6jxB6AqoNKX2nmwN/4kadlnn4uubzmYxd9iwjCd5cMmYO2x NchOycK+xl6n9EIJIU7E6mymJwG6pk8nP6uieknU6BZL+5gX7A3XsHzbaiOmsiYWQJLI O9WqGoHAnMNGByVSSibMrmqu6dZ97At7xHR83sC5xxozHm4JByD9fZ0EsoLNAUsOdGhZ TNUw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738892509; x=1739497309; h=content-transfer-encoding:to:subject:message-id:date:from :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=D1XYxnPy/cSNzFLijsBcpioyKiV/PbclBs73rvxalpU=; b=g85nFzULxGE2TP8hdR/UepGjqlQpzuETo+XfxgYtFWAhbT7alpIXWKmB7QAFkX7Bxp sVl6M+vr/JVjR1jSj60xhxDq2kMhZpSjYAsy2J97EuK52daIbYlhiFjSi3O9c6cvWWRn H7EHcW6nUL2BQAwovtHI0rUrZm9WrIZjhfVjA3ygcaRERmvsVrG58GGmhyjWoyeMsXmL xrJpiBJWRngs0Zburlwp3IOjDVLoY6S1FCjr456Sx3y+RIkwOKbePWIhLUahqeMQ9rsS ALyEBK/6v9U3gar+I9fw51q/Zhu93Eey9w4thtyGULirOzoH8gl88Jui75rNLo1LUNuk E9DQ== X-Gm-Message-State: AOJu0Ywhp9eaW/e5kmbm0kv/KYFpF9vMQj27ddn6Ee4B3bpN8vhmTtRD VB/bTXgctscZImN9ft/d4ZIPtGfTHzMz1XXUnYxP3LQYnmblRPQyHj+aG4wnYKix7YtDgY//o3R Awk9Lt3A+EMstUHK2zj2puTzvnhde0Yj4 X-Gm-Gg: ASbGncvLEnbMLwTTqS1YrgwC7NAcqPovORPygR/RpmnjKQ9+CZy+3HajjimaC6ItcAz k+wxHzQIYIgyBLoxTRg9uvOLTq3iN6JH0IG4kd9LYX5c7RricKIe1EKnBqNrYPQvzSYkSlhtD1k mQzcj1Okkvwtja0Lg6JEnqATXHU+QMLtQ= X-Google-Smtp-Source: AGHT+IF7jCjkU3x51p3ZYwDsgU2TYh5qiGS3k40XZikRkTDyG60XZLZeYkcG1Ue7GXcR/j/A5cOe7jIoOFs8ytUZTOI= X-Received: by 2002:a05:6512:b1d:b0:544:12fc:4d29 with SMTP id 2adb3069b0e04-54414a96412mr231176e87.2.1738892509012; Thu, 06 Feb 2025 17:41:49 -0800 (PST) List-Id: Technical discussions relating to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-hackers List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-hackers@FreeBSD.org MIME-Version: 1.0 From: =?UTF-8?Q?Vin=C3=ADcius_dos_Santos_Oliveira?= Date: Thu, 6 Feb 2025 22:40:52 -0300 X-Gm-Features: AWEUYZm83NNR2LNdGsZUn_a4tzhTYQa01ByrYQouLPYPj1qhQd7eiPBd7IlwLmQ Message-ID: Subject: Capsicum and weak libc symbols To: freebsd-hackers@freebsd.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spamd-Result: default: False [-3.62 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-0.90)[-0.898]; NEURAL_HAM_SHORT(-0.73)[-0.726]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20230601]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; ARC_NA(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; TAGGED_FROM(0.00)[]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_TRACE(0.00)[0:+]; FROM_HAS_DN(0.00)[]; MISSING_XM_UA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org]; TO_DN_NONE(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; MID_RHS_MATCH_FROMTLD(0.00)[]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; MLMMJ_DEST(0.00)[freebsd-hackers@freebsd.org]; RCVD_COUNT_ONE(0.00)[1]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::129:from] X-Spamd-Bar: --- X-Rspamd-Queue-Id: 4YpxXc6RD0z440K Static builds for libc have many symbols declared as weak so other projects can override them not only in dynamic builds by just defining the same name. In a project of mine, I need more functions from libc to be declared this way. For context, Capsicum disables access to ambient authority and forces users to come up with capability-aware versions of old functions. Libcasper is a library found in FreeBSD that offers capability-aware versions of the most used functions in Capsicum sandboxes (e.g. cap_getaddrinfo). However libcasper doesn't override functions from libc and one has to rewrite old code just to inject an extra parameter (cap_channel_t) that in the end could just act as a global variable anyway. Some projects such as Val Packett's Capsicumizer[1][2] interpose functions from libc so old code can keep working in Capsicum sandboxes. It's not really very useful to use Capsicum + libc interposition to virtualize access to OS resources. If the intention is just to run something akin to containers, one is better off using jails. However it's still useful to interpose certain functions from libc to make strategic use of existing libraries. I developed an easy-to-use Lua library that allows one to implement policies for libc functions that are interposed by my project[3][4]. I intend to use this library to implement IM clients (e.g. Telegram[6], nostr) that run media parsers and user-downloaded extensions within sandboxes. Eventually I want to run even torrent clients making use of Capsicum sandboxes, but I'm still far from this milestone. While I was exploring this approach, I missed weak attributes for the following functions from libc that I'd like to interpose: * remove() * stat() * lstat() * opendir() * getaddrinfo() I'll also need symbol aliases (e.g. __sys_getaddrinfo) that point to the original definition of these functions so I can refer to them from my interposers. What is the process within FreeBSD to decide which libc functions are targets for interposition (hence will have an alias + weak attribute on static builds)? I'd like to request a change in libc so the above functions are defined as weak in static builds + aliases become available. I've been interposing these functions in Linux already with little to no problem[7][8]. I'm also trying to unify sandbox creation for Linux/FreeBSD so Linux developers can create sandboxing-employing apps that work on FreeBSD with no changes. [1] https://github.com/valpackett/capsicumizer [2] https://val.packett.cool/blog/use-openat/ [3] https://gitlab.com/emilua/emilua/-/blob/dc2b50e1f68d1c1e1696a5d150f23a7= b88cc8efd/test/libc_service_getaddrinfo.lua [4] https://gitlab.com/emilua/emilua/-/blob/dc2b50e1f68d1c1e1696a5d150f23a7= b88cc8efd/test/libc_service_cat.lua [5] https://gitlab.com/emilua/emilua/-/blob/v0.11.0/src/freebsd/libc_servic= e.cpp [6] https://github.com/tdlib/td [7] https://gitlab.com/emilua/emilua/-/blob/v0.11.0/src/linux/glibc/libc_se= rvice.cpp [8] https://gitlab.com/emilua/emilua/-/blob/emilua-0.11.x/test/libc_service= _lstat1.lua --=20 Vin=C3=ADcius dos Santos Oliveira