PERFORCE change 164706 for review

[Robert Watson]

http://perforce.freebsd.org/chv.cgi?CH=164706

Change 164706 by rwatson at rwatson_freebsd_capabilities on 2009/06/19 12:43:48

	After a very confusing debugging session, only run 'cap_main' for
	sandbox-mode binaries, don't fall back to 'main' as frequently that
	will be code unintended to run in sandbox mode.

Affected files ...

.. //depot/projects/trustedbsd/capabilities/src/libexec/rtld-elf-cap/rtld-elf-cap.1#7 edit
.. //depot/projects/trustedbsd/capabilities/src/libexec/rtld-elf/rtld.c#20 edit

Differences ...

==== //depot/projects/trustedbsd/capabilities/src/libexec/rtld-elf-cap/rtld-elf-cap.1#7 (text+ko) ====

@@ -60,8 +60,8 @@
 .It
 Recognizes the addition symbol
 .Dv cap_main ,
-which will be used in preference to the normal ELF entry point for a binary
-when in sandbox mode.
+which will be used instead of the normal ELF entry point for a binary when in
+sandbox mode.
 This makes it easy a single binary to select different behavior when run in
 the different environments.
 .It

==== //depot/projects/trustedbsd/capabilities/src/libexec/rtld-elf/rtld.c#20 (text+ko) ====

@@ -657,10 +657,14 @@
      * ELF default.
      */
     cap_main_ptr = find_cap_main(obj_main);
-    if (cap_main_ptr != NULL)
-	return (func_ptr_type) cap_main_ptr;
+    if (cap_main_ptr == NULL) {
+	_rtld_error("cap_main not found");
+	die();
+    }
+    return (func_ptr_type) cap_main_ptr;
+#else
+    return (func_ptr_type) obj_main->entry;
 #endif
-    return (func_ptr_type) obj_main->entry;
 }
 
 Elf_Addr