PERFORCE change 164252 for review
Robert Watson
rwatson at FreeBSD.org
Sat Jun 13 09:59:33 UTC 2009
http://perforce.freebsd.org/chv.cgi?CH=164252
Change 164252 by rwatson at rwatson_freebsd_capabilities on 2009/06/13 09:58:36
Make lch_startfd() and lch_startfd_flags() accept a binary name as
a string so that we can use that as the binary's name in the
process's library descriptor cache.
Pass libcapabilitym rather than libcapability into sandboxes so that
sandbox-specific functions are available.
Include rtld-elf-cap library information in LD_CAPLIBINDEX so that
it is inserted into the process's library descriptor cache.
Nested sandbox launching now appears to work properly.
Affected files ...
.. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.h#13 edit
.. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host.c#10 edit
Differences ...
==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.h#13 (text+ko) ====
@@ -30,7 +30,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.h#12 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.h#13 $
*/
#ifndef _LIBCAPABILITY_H_
@@ -51,10 +51,10 @@
struct lc_sandbox **lcspp);
int lch_start_flags(const char *sandbox, char *const argv[], u_int flags,
struct lc_sandbox **lcspp);
-int lch_startfd(int fd_sandbox, char *const argv[],
+int lch_startfd(int fd_sandbox, const char *binname, char *const argv[],
struct lc_sandbox **lcspp);
-int lch_startfd_flags(int fd_sandbox, char *const argv[], u_int flags,
- struct lc_sandbox **lcspp);
+int lch_startfd_flags(int fd_sandbox, const char *binname,
+ char *const argv[], u_int flags, struct lc_sandbox **lcspp);
void lch_stop(struct lc_sandbox *lcsp);
/*
==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host.c#10 (text+ko) ====
@@ -30,10 +30,10 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host.c#9 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host.c#10 $
*/
-#include <sys/types.h>
+#include <sys/param.h>
#include <sys/capability.h>
#include <sys/procdesc.h>
#include <sys/socket.h>
@@ -41,6 +41,7 @@
#include <errno.h>
#include <fcntl.h>
+#include <libgen.h>
#include <paths.h>
#include <stdio.h>
#include <stdlib.h>
@@ -59,20 +60,21 @@
#define LIBCAPABILITY_CAPMASK_SANDBOX LIBCAPABILITY_CAPMASK_BIN
#define LIBCAPABILITY_CAPMASK_LDSO LIBCAPABILITY_CAPMASK_BIN
#define LIBCAPABILITY_CAPMASK_LIBC LIBCAPABILITY_CAPMASK_BIN
-#define LIBCAPABILITY_CAPMASK_LIBCAPABILITY LIBCAPABILITY_CAPMASK_BIN
+#define LIBCAPABILITY_CAPMASK_LIBCAPABILITYM LIBCAPABILITY_CAPMASK_BIN
#define LIBCAPABILITY_CAPMASK_LIBZ LIBCAPABILITY_CAPMASK_BIN
#define _PATH_LIB "/lib"
#define _PATH_USR_LIB "/usr/lib"
#define LIBC_SO "libc.so.7"
#define LIBZ_SO "libz.so.4"
-#define LIBCAPABILITY_SO "libcapability.so.1"
+#define LIBCAPABILITYM_SO "libcapabilitym.so.1"
extern char **environ;
-#define LD_ELF_CAP_SO "/libexec/ld-elf-cap.so.1"
+#define LD_ELF_CAP_SO "ld-elf-cap.so.1"
+#define PATH_LD_ELF_CAP_SO "/libexec"
char *ldso_argv[] = {
- __DECONST(char *, LD_ELF_CAP_SO),
+ __DECONST(char *, PATH_LD_ELF_CAP_SO "/" LD_ELF_CAP_SO),
NULL,
};
@@ -144,8 +146,8 @@
static void
lch_sandbox(int fd_sock, int fd_sandbox, int fd_ldso, int fd_libc,
- int fd_libz, int fd_libcapability, int fd_devnull, u_int flags,
- char *const argv[])
+ int fd_libz, int fd_libcapabilitym, int fd_devnull, u_int flags,
+ const char *binname, char *const argv[])
{
char *env_caplibindex, *env_libcapability_sandbox_api;
int fd_array[10];
@@ -162,8 +164,8 @@
return;
if (lc_limitfd(fd_libz, LIBCAPABILITY_CAPMASK_LIBZ) < 0)
return;
- if (lc_limitfd(fd_libcapability, LIBCAPABILITY_CAPMASK_LIBCAPABILITY)
- < 0)
+ if (lc_limitfd(fd_libcapabilitym,
+ LIBCAPABILITY_CAPMASK_LIBCAPABILITYM) < 0)
return;
fd_array[0] = fd_devnull;
@@ -179,7 +181,7 @@
fd_array[5] = fd_ldso;
fd_array[6] = fd_libc;
fd_array[7] = fd_libz;
- fd_array[8] = fd_libcapability;
+ fd_array[8] = fd_libcapabilitym;
fd_array[9] = fd_devnull;
if (lch_installfds(10, fd_array) < 0)
@@ -188,8 +190,9 @@
/*
* Pass library list into rtld-elf-cap.
*/
- if (asprintf(&env_caplibindex, "%d:%s,%d:%s,%d:%s,%d:%s", 6, LIBC_SO,
- 7, LIBZ_SO, 8, LIBCAPABILITY_SO, 9, _PATH_DEVNULL) == -1)
+ if (asprintf(&env_caplibindex, "%d:%s,%d:%s,%d:%s,%d:%s,%d:%s,%d:%s",
+ 3, binname, 5, LD_ELF_CAP_SO, 6, LIBC_SO, 7, LIBZ_SO, 8,
+ LIBCAPABILITYM_SO, 9, _PATH_DEVNULL) == -1)
return;
if (setenv("LD_CAPLIBINDEX", env_caplibindex, 1) == -1)
return;
@@ -214,16 +217,16 @@
}
int
-lch_startfd_flags(int fd_sandbox, char *const argv[], u_int flags,
- struct lc_sandbox **lcapp)
+lch_startfd_flags(int fd_sandbox, const char *binname, char *const argv[],
+ u_int flags, struct lc_sandbox **lcapp)
{
struct lc_sandbox *lcap;
- int fd_devnull, fd_ldso, fd_libc, fd_libcapability, fd_libz;
+ int fd_devnull, fd_ldso, fd_libc, fd_libcapabilitym, fd_libz;
int fd_procdesc, fd_sockpair[2];
int error, val;
pid_t pid;
- fd_devnull = fd_ldso = fd_libc = fd_libz = fd_libcapability =
+ fd_devnull = fd_ldso = fd_libc = fd_libz = fd_libcapabilitym =
fd_procdesc = fd_sockpair[0] = fd_sockpair[1] = -1;
lcap = malloc(sizeof(*lcap));
@@ -238,12 +241,12 @@
goto out_error;
if (ld_caplibindex_lookup(LIBZ_SO, &fd_libz) < 0)
goto out_error;
- if (ld_caplibindex_lookup(LIBCAPABILITY_SO, &fd_libcapability) < 0)
+ if (ld_caplibindex_lookup(LIBCAPABILITYM_SO, &fd_libcapabilitym) < 0)
goto out_error;
- if (ld_caplibindex_lookup(_PATH_DEVNULL, &fd_libcapability) < 0)
+ if (ld_caplibindex_lookup(_PATH_DEVNULL, &fd_devnull) < 0)
goto out_error;
#else
- fd_ldso = open(LD_ELF_CAP_SO, O_RDONLY);
+ fd_ldso = open(PATH_LD_ELF_CAP_SO "/" LD_ELF_CAP_SO, O_RDONLY);
if (fd_ldso < 0)
goto out_error;
@@ -255,9 +258,9 @@
if (fd_libz < 0)
goto out_error;
- fd_libcapability = open(_PATH_USR_LIB "/" LIBCAPABILITY_SO,
+ fd_libcapabilitym = open(_PATH_USR_LIB "/" LIBCAPABILITYM_SO,
O_RDONLY);
- if (fd_libcapability < 0)
+ if (fd_libcapabilitym < 0)
goto out_error;
fd_devnull = open(_PATH_DEVNULL, O_RDWR);
@@ -282,12 +285,13 @@
}
if (pid == 0) {
lch_sandbox(fd_sockpair[1], fd_sandbox, fd_ldso, fd_libc,
- fd_libz, fd_libcapability, fd_devnull, flags, argv);
+ fd_libz, fd_libcapabilitym, fd_devnull, flags, binname,
+ argv);
exit(-1);
}
#ifndef IN_CAP_MODE
close(fd_devnull);
- close(fd_libcapability);
+ close(fd_libcapabilitym);
close(fd_libz);
close(fd_libc);
close(fd_ldso);
@@ -310,8 +314,8 @@
#ifndef IN_CAP_MODE
if (fd_devnull != -1)
close(fd_devnull);
- if (fd_libcapability != -1)
- close(fd_libcapability);
+ if (fd_libcapabilitym != -1)
+ close(fd_libcapabilitym);
if (fd_libz != -1)
close(fd_libz);
if (fd_libc != -1)
@@ -326,10 +330,11 @@
}
int
-lch_startfd(int fd_sandbox, char *const argv[], struct lc_sandbox **lcapp)
+lch_startfd(int fd_sandbox, const char *binname, char *const argv[],
+ struct lc_sandbox **lcapp)
{
- return (lch_startfd_flags(fd_sandbox, argv, 0, lcapp));
+ return (lch_startfd_flags(fd_sandbox, binname, argv, 0, lcapp));
}
#ifndef IN_CAP_MODE
@@ -337,13 +342,17 @@
lch_start_flags(const char *sandbox, char *const argv[], u_int flags,
struct lc_sandbox **lcapp)
{
+ char binname[MAXPATHLEN];
int error, fd_sandbox, ret;
+ if (basename_r(sandbox, binname) == NULL)
+ return (-1);
+
fd_sandbox = open(sandbox, O_RDONLY);
if (fd_sandbox < 0)
return (-1);
- ret = lch_startfd_flags(fd_sandbox, argv, flags, lcapp);
+ ret = lch_startfd_flags(fd_sandbox, binname, argv, flags, lcapp);
error = errno;
close(fd_sandbox);
errno = error;
More information about the p4-projects
mailing list