From nobody Wed Feb 26 13:51:12 2025 X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Z2wql1GwQz5q7ty for ; Wed, 26 Feb 2025 13:51:31 +0000 (UTC) (envelope-from theraven@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Z2wqk1kDgz3ndh; Wed, 26 Feb 2025 13:51:30 +0000 (UTC) (envelope-from theraven@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740577890; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=BgoQ1dQ8iWX5H4fGXnAHt1fD+RNURTCkrqYkX8JExiM=; b=bBu6PO9NKyYSG7h6Nr4ltwz8zCNsiqUMzfkOyYza52recN1QgQahIUZUfkjECo8vlFImoB aEH211sFoMqyVrLQhMI47JTHzPCLP0w6O7XUvLAkDf7QW7FWVZODMSu7aPZQTEzS9rgAa/ 1nDtF2twgmK1fztHfTEqMbfsa9ZiyNYtkhBBNeU5Rlt7FiDWeIpjYVaODcJDdQ2CIn+YT0 oacp6/DdNMDArKl+rDzE7OB2V3tIBxL7Q2uZlSCXDmKqwu5Bb2dbTIR8Abk9CBjGJz0/B4 njn4RbRF3H/Z7L8xjz2PBkDiw76H04IJt9RkbxFGNdWAqs0vSKiO0sYdHypoFg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740577890; a=rsa-sha256; cv=none; b=py7jBqKxTnW7l6RBf1+Y4bt6qrUy5rgvKg2ZL7/2KoMdoTHIEiffWuRkvSZYo7wGR8Cr1G PNr0oa2g+igBluOn2sVlJ9JNyqdVoU7lxrqOlfwbwQlPHqmbd9FJFWFSKEUE3i59qmQFOV c5Rtem3awwbMfIcinB2oAu2n6qYMR6/v7DeRKMNSVhDmQUeRIz+e0/53GLtdp+EqQpSN+q sBz0lhBrqJvgXg+4MnZ9Dy/GNvKttuDqre3UAhig165zJwKckG78V0XbuDA1e7AfUnaJie l8iMlyY4Mp0MoV8eb4uQP2ztVFBqUiijZ5GkBoK3og5oyC5w494aBuosq4nx5A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740577890; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=BgoQ1dQ8iWX5H4fGXnAHt1fD+RNURTCkrqYkX8JExiM=; b=aq9/lpfsoDGMujMkaoIfdAsj3xr0UnNAx6tk+wwQxgqW0ScCw5bh/yxTWOe9RfvkvbzYFA moTVr+u4Oolq6DBukVTHzDHFO2sMB1VuoiQLqR6pliHF2OLMc8kZrQlNJboUfcpVt5qGvT 7ZRjDHpWYKOA7uRH4FcgxmMDtexQkzo4kprYCpnrFX4LZnqG8P7ckHljHt3KEBt3dmivXi P5S7UExWofYMe5ycqeXtKDzNtXoOBtoNCETwkhqNnRylJxBwyDi2NrKCZmu7PClrA8sQgw e32TlBOmA7LWWJWQanc8B6/WyQrFtlOABN/jQbUV5XCeWjW9XsBcbb5fCPQl8g== Received: from smtp.theravensnest.org (smtp.theravensnest.org [45.77.103.195]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: theraven) by smtp.freebsd.org (Postfix) with ESMTPSA id 4Z2wqk10jlztGB; Wed, 26 Feb 2025 13:51:30 +0000 (UTC) (envelope-from theraven@FreeBSD.org) Received: from smtpclient.apple (unknown [194.168.166.4]) by smtp.theravensnest.org (Postfix) with ESMTPSA id 1D3EB171; Wed, 26 Feb 2025 13:51:28 +0000 (GMT) Content-Type: text/plain; charset=utf-8 List-Id: Technical discussions relating to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-hackers List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-hackers@FreeBSD.org Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3776.700.51.11.1\)) Subject: Re: Capsicum and weak libc symbols From: David Chisnall In-Reply-To: Date: Wed, 26 Feb 2025 13:51:12 +0000 Cc: Konstantin Belousov , FreeBSD Hackers Content-Transfer-Encoding: quoted-printable Message-Id: References: To: =?utf-8?Q?Vin=C3=ADcius_dos_Santos_Oliveira?= X-Mailer: Apple Mail (2.3776.700.51.11.1) Did you look at the repository I shared earlier? It intercepts = getaddrinfo for libraries and exposes hooks in the parent for exposing = policies. It works on FreeBSD and Linux. David > On 26 Feb 2025, at 13:45, Vin=C3=ADcius dos Santos Oliveira = wrote: >=20 > Em ter., 25 de fev. de 2025 =C3=A0s 21:37, Konstantin Belousov > escreveu: >> So what is the _actual_ problem for you with getaddrinfo()? >> Please show logs. >=20 > I can't show logs because I can't even write code for getaddrinfo w/o > the alias. I need to call the real getaddrinfo from my interposer. On > builds against /lib/libc.so.7, I use RTLD_NEXT to get the real > getaddrinfo, and that works. I need an alias for builds against > /usr/lib/libc.a (if I interpose getaddrinfo I can't access the > original getaddrinfo). >=20 > =46rom my interposer, I translate the fake-resolved addresses back to > string versions and call the real getaddrinfo with > AI_NUMERICHOST|AI_NUMERICSERV: > = . > This code is used for FreeBSD and Linux (hence why it's static > forward_getaddrinfo and not getaddrinfo). The interposition happens > here: = > (I'll remove the wrong usage of __attribute__((weak)) there once I > have the alias). >=20 > Calling the real getaddrinfo makes sure that freeaddrinfo will be > called later with data allocated by getaddrinfo. >=20 > Here's some Lua code making use of these features: > = https://gitlab.com/emilua/emilua/-/blob/v0.11.0/test/libc_service_getaddri= nfo.lua >=20 > Lua's spawn_vm() creates a new subprocess when 'subprocess' is given. > If 'libc_service' is also given, the interpositions will be used > (otherwise the new subprocess will just call the original functions as > usual). Line 5 is the code executed from the new subprocess, and it > calls getaddrinfo() to resolve "anonymous.invalid". The interposers > are called and forward the request to the process holding the other > end of 'libc_service' (it's just a pair of connected UNIX sockets > under the hood). The parent replies with IP=3D127.0.1.1 PORT=3D1. The > child translates the reply back to strings and calls the original > getaddrinfo(). >=20 > The plan is to build several sandboxed apps using these features, and > I want them to run on FreeBSD as well. The first app will be a > Telegram client (already started by a colleague) using tdlib > (Telegram's official client library). Tdlib makes several calls to > ambient authority (e.g. starting IP connections, storing SQLite dbs to > disk, managing cache files, ...). Tdlib is deemed impossible to audit > (over 14k commits as of now, and it won't ever stabilize to a slow > pace so we can't ever catch up to current code as we try to audit), so > we'll just run it within a sandbox and save trouble. >=20 > The core of the sandbox is already pretty stable, and useful. For > instance, to open PNG/JPG/... files from the sandbox and show them on > the GUI, there's one function to parse the file into a > Format_ARGB32-encoded memfd-backed buffer. So the Lua programmer just > calls this function from a sandbox and sends the result to the GUI. > The GUI process just calls a different function to safely convert the > result back to what the Qt GUI can handle. >=20 > Here's the full story if you want the big picture, but the text is > kinda long, and not necessary for the purposes of asking for an alias > of getaddrinfo: > . >=20 > Please let me know if there's any further info I can offer. >=20 > --=20 > Vin=C3=ADcius dos Santos Oliveira >=20 >=20