From nobody Wed Feb 26 13:45:32 2025
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Z2wk44KNRz5q7Wc
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Wed, 26 Feb 2025 13:46:36 +0000 (UTC)
	(envelope-from vini.ipsmaker@gmail.com)
Received: from mail-lf1-x135.google.com (mail-lf1-x135.google.com [IPv6:2a00:1450:4864:20::135])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "WR4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Z2wk40mc5z3jW5;
	Wed, 26 Feb 2025 13:46:36 +0000 (UTC)
	(envelope-from vini.ipsmaker@gmail.com)
Authentication-Results: mx1.freebsd.org;
	none
Received: by mail-lf1-x135.google.com with SMTP id 2adb3069b0e04-54605bfcc72so1113179e87.0;
        Wed, 26 Feb 2025 05:46:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1740577594; x=1741182394; darn=freebsd.org;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=Fx2ebvnfo3Q9wFE6/c7QTb/IKHWWef1ps7Dk/lbmpTo=;
        b=PY/LOoM7SZkSdh7J1BYt9BbUqaKKWbN+YTTEyxWdlWaU/+iohfiRcD14opM3W4mmPs
         biPskiwV4HshXTxhqjcrUEz7SmWEJMpljmqaHV33oG4kPWCkgeXd/iqjVkXaIVoehrKi
         IgveSp2YN4oUPfo7R7/WdIdXr7OoFwliv1sZqK06eHvAXolqNJRQi3CpDBn8gQHohSW9
         rmK94xZ3EhsMpzR7a3f//5TGhSvLIzzza6bX8wG1Vmc6wvIt2Oc5ZTOnuqEU/lGVcmnK
         LfIIhOg8MocEiLGI/4SGPgUhNxp96UG0qRjRPtcia4v3i5sXg9pC8j6YZuOCJMXXO9pZ
         4kkQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1740577594; x=1741182394;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=Fx2ebvnfo3Q9wFE6/c7QTb/IKHWWef1ps7Dk/lbmpTo=;
        b=Ni70rVLikFV9Xyq7F7akFATAd8OXOWIyZKVcY1UWC4tFcc+EMYGqw/d4vFIrzrOhTM
         mmn+hFKF/UQyIK6eyJn11Fxl8x6feyxmShkQXEzqZpj4hzBP2NtlE9dbxNQ1Xn1djHZ8
         lQYgn5uXGn9gIYGOfiouX3F0bo2NKgZL+Nxm7jgxcW0d8MJAm1L/pzHPkJFsYKn66EDR
         /6/0bT+Jz2tXJHYhQzsmYq3Q/B9BfrQ6wuIPclyu2kdNXiEZagF73WI3gSUmZudRknnb
         P9OLQai9VDNcdDf/1QlcgEaw/xASDVeVm7mGu3dCp+yfT0CsnTOaVHz7xBNpC6Bd0R4h
         MCdQ==
X-Gm-Message-State: AOJu0YyZMVSUH69U3ZGeSRju/qbRZvKelZxUX9nbk+p+Ox5pB7LU9mxY
	fYDSeTamBFJNmN0DJksnBU12DW1FKACiuWCfWSyIDqcgSu0bzems68ma32nnutN1g2Nwic8LwfZ
	/bv79s3PJorU2JzS9i0xkmTN0qfvnAaRr
X-Gm-Gg: ASbGncu5UM1mgC+FZIP1rZq0l8XJYyUmD3/xpp9nUIdFuMoZcdjrPXSzG/xKvkbvYpB
	R5wly5j0foJ9lmf0BESZ6d6Oiq8zfIW57aycExhGp7YZhxWRQyZ00L2RZbBXP9FTzt8Ri91Mo+c
	FBWYorigzPF6r7k2/6ymyV9+u0j8Ozu1jKXQtdtz/xEw==
X-Google-Smtp-Source: AGHT+IGmtcwuQSnI6HjL+am+lPl3Y2XCVqKBgGG6v/x9eQbVBGqRVaqpn4MVGJi2DCNm5al/RnwIo94fnASbDel1rbU=
X-Received: by 2002:a05:6512:b11:b0:546:1ea9:6230 with SMTP id
 2adb3069b0e04-546e3c9e0ecmr10214547e87.1.1740577593547; Wed, 26 Feb 2025
 05:46:33 -0800 (PST)
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@FreeBSD.org
MIME-Version: 1.0
References: <CAK9Rve+ftgxgbgHmVe=dDF_9kASDsqP=0Lxnj+EsOquZXtFcaw@mail.gmail.com>
 <Z6V5D6mn6XbBt1n7@kib.kiev.ua> <CAK9RveLiLZZgEBUkWnAkOQBXDpbQhmF+OKPsB37rH8y4pFWtxw@mail.gmail.com>
 <Z7e_pTUHL9BBxP3H@kib.kiev.ua> <CAK9RveLQ8ZuT_5c-BdnhbbNcOAzR=37HzNNRVav4fRoRut++gQ@mail.gmail.com>
 <Z75iD7ilI2cvnOPQ@kib.kiev.ua>
In-Reply-To: <Z75iD7ilI2cvnOPQ@kib.kiev.ua>
From: =?UTF-8?Q?Vin=C3=ADcius_dos_Santos_Oliveira?= <vini.ipsmaker@gmail.com>
Date: Wed, 26 Feb 2025 10:45:32 -0300
X-Gm-Features: AQ5f1Jrtq1qaY66rF9Z05k9No1W3NVdTBu0wqQXw5XKAHACH-jNpTHclnFh82sg
Message-ID: <CAK9Rve+E2s=z8qnuWu5iqKrR5nLhpoKZaj0VuGHOrxHfAuihOA@mail.gmail.com>
Subject: Re: Capsicum and weak libc symbols
To: Konstantin Belousov <kib@freebsd.org>
Cc: freebsd-hackers@freebsd.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	TAGGED_FROM(0.00)[];
	ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]
X-Rspamd-Queue-Id: 4Z2wk40mc5z3jW5
X-Spamd-Bar: ----

Em ter., 25 de fev. de 2025 =C3=A0s 21:37, Konstantin Belousov
<kib@freebsd.org> escreveu:
> So what is the _actual_ problem for you with getaddrinfo()?
> Please show logs.

I can't show logs because I can't even write code for getaddrinfo w/o
the alias. I need to call the real getaddrinfo from my interposer. On
builds against /lib/libc.so.7, I use RTLD_NEXT to get the real
getaddrinfo, and that works. I need an alias for builds against
/usr/lib/libc.a (if I interpose getaddrinfo I can't access the
original getaddrinfo).

From my interposer, I translate the fake-resolved addresses back to
string versions and call the real getaddrinfo with
AI_NUMERICHOST|AI_NUMERICSERV:
<https://gitlab.com/emilua/emilua/-/blob/v0.11.0/src/proc_set_libc_service.=
cpp#L3757>.
This code is used for FreeBSD and Linux (hence why it's static
forward_getaddrinfo and not getaddrinfo). The interposition happens
here: <https://gitlab.com/emilua/emilua/-/blob/v0.11.0/src/freebsd/libc_ser=
vice.cpp#L283>
(I'll remove the wrong usage of __attribute__((weak)) there once I
have the alias).

Calling the real getaddrinfo makes sure that freeaddrinfo will be
called later with data allocated by getaddrinfo.

Here's some Lua code making use of these features:
https://gitlab.com/emilua/emilua/-/blob/v0.11.0/test/libc_service_getaddrin=
fo.lua

Lua's spawn_vm() creates a new subprocess when 'subprocess' is given.
If 'libc_service' is also given, the interpositions will be used
(otherwise the new subprocess will just call the original functions as
usual). Line 5 is the code executed from the new subprocess, and it
calls getaddrinfo() to resolve "anonymous.invalid". The interposers
are called and forward the request to the process holding the other
end of 'libc_service' (it's just a pair of connected UNIX sockets
under the hood). The parent replies with IP=3D127.0.1.1 PORT=3D1. The
child translates the reply back to strings and calls the original
getaddrinfo().

The plan is to build several sandboxed apps using these features, and
I want them to run on FreeBSD as well. The first app will be a
Telegram client (already started by a colleague) using tdlib
(Telegram's official client library). Tdlib makes several calls to
ambient authority (e.g. starting IP connections, storing SQLite dbs to
disk, managing cache files, ...). Tdlib is deemed impossible to audit
(over 14k commits as of now, and it won't ever stabilize to a slow
pace so we can't ever catch up to current code as we try to audit), so
we'll just run it within a sandbox and save trouble.

The core of the sandbox is already pretty stable, and useful. For
instance, to open PNG/JPG/... files from the sandbox and show them on
the GUI, there's one function to parse the file into a
Format_ARGB32-encoded memfd-backed buffer. So the Lua programmer just
calls this function from a sandbox and sends the result to the GUI.
The GUI process just calls a different function to safely convert the
result back to what the Qt GUI can handle.

Here's the full story if you want the big picture, but the text is
kinda long, and not necessary for the purposes of asking for an alias
of getaddrinfo:
<https://blog.emilua.org/2025/01/12/software-sandboxing-basics/>.

Please let me know if there's any further info I can offer.

--=20
Vin=C3=ADcius dos Santos Oliveira