PERFORCE change 169401 for review

Robert Watson rwatson at FreeBSD.org
Sun Oct 11 16:09:00 UTC 2009 

http://perforce.freebsd.org/chv.cgi?CH=169401

Change 169401 by rwatson at rwatson_freebsd_capabilities on 2009/10/11 16:08:15

	Update further reference to LD_CAPLIBINDEX -> LD_LIBCACHE.
	
	Add public interface for inserting libraries into the library cache:
	ld_libcache_add(3), which is implemented by rtld when in a sandbox,
	and returns EOPNOTSUPP if not.
	
	Comment on two known limitations of the libcache code.

Affected files ...

.. //depot/projects/trustedbsd/capabilities/src/lib/libc/gen/Symbol.map#15 edit
.. //depot/projects/trustedbsd/capabilities/src/lib/libc/gen/ld_libcache.c#3 edit
.. //depot/projects/trustedbsd/capabilities/src/libexec/rtld-elf-cap/Symbol.map#6 edit
.. //depot/projects/trustedbsd/capabilities/src/libexec/rtld-elf-cap/rtld_libcache.c#3 edit
.. //depot/projects/trustedbsd/capabilities/src/libexec/rtld-elf/rtld.c#27 edit

Differences ...

==== //depot/projects/trustedbsd/capabilities/src/lib/libc/gen/Symbol.map#15 (text) ====

@@ -369,6 +369,7 @@
 FBSD_1.2 {
 	basename_r;
 	getpagesizes;
+	ld_libcache_add;
 	ld_libcache_lookup;
 	ld_insandbox;
 };

==== //depot/projects/trustedbsd/capabilities/src/lib/libc/gen/ld_libcache.c#3 (text+ko) ====

@@ -33,6 +33,15 @@
 
 #include <errno.h>
 
+#pragma weak ld_libcache_add
+int
+ld_libcache_add(const char *libname, int fd)
+{
+
+	errno = EOPNOTSUPP;
+	return (-1);
+}
+
 #pragma weak ld_libcache_lookup
 int
 ld_libcache_lookup(const char *libname, int *fdp)

==== //depot/projects/trustedbsd/capabilities/src/libexec/rtld-elf-cap/Symbol.map#6 (text+ko) ====

@@ -3,6 +3,7 @@
  */
 
 FBSD_1.1 {
+    ld_libcache_add;
     ld_libcache_lookup;
     ld_insandbox;
 };

==== //depot/projects/trustedbsd/capabilities/src/libexec/rtld-elf-cap/rtld_libcache.c#3 (text+ko) ====

@@ -35,15 +35,20 @@
 __FBSDID("$FreeBSD$");
 
 /*
- * When running in a capability sandbox, rtld-elf-cap will be passed a set of
- * open file descriptors to potentially useful libraries, along with an index
- * to these in the LD_CAPLIBINDEX environmental variable.  These routines
- * parse that index, and allow lookups by library name.  A typical string
- * might be:
+ * rtld maintains a cache of library file descriptors, which is passed from
+ * host to sandbox at exec()-time in order to avoid the need for direct file
+ * system access from within sandboxes.  When rtld starts, it inspects
+ * LD_LIBCACHE to find library descriptors passed from the host.  This
+ * variable maps file descriptor numbers to library names:
  *
  * 6:libc.so.7,7:libm.so.5
  *
  * In the event of ambiguity, the earliest entry will be matched.
+ *
+ * XXXRW: There should be locking around the libcache list.
+ *
+ * XXXRW: ld_libcache_lookup() should dup the fd before returning it so that
+ * the caller is responsible for managing the returned fd reference.
  */
 
 #include <sys/types.h>
@@ -66,10 +71,27 @@
 static TAILQ_HEAD(, libcache_entry)	ld_libcache_list =
     TAILQ_HEAD_INITIALIZER(ld_libcache_list);
 
+/*
+ * Add a library to the library cache.
+ */
+void
+ld_libcache_add(const char *name, int fd)
+{
+	struct libcache_entry *liep;
+
+	liep = xmalloc(sizeof(*liep));
+	liep->lie_name = xstrdup(name);
+	liep->lie_fd = fd;
+	TAILQ_INSERT_TAIL(&ld_libcache_list, liep, lie_list);
+}
+
+/*
+ * Add a library to the library cache, with file descriptor passed as a
+ * string.  Used internally when parsing LD_LIBCACHE.
+ */
 static void
-ld_libcache_add(const char *name, const char *fdnumber)
+ld_libcache_add_string(const char *name, const char *fdnumber)
 {
-	struct libcache_entry *liep;
 	long long l;
 	char *endp;
 
@@ -80,12 +102,14 @@
 	if (l < 0 || l > INT_MAX || *endp != '\0')
 		return;
 
-	liep = xmalloc(sizeof(*liep));
-	liep->lie_name = xstrdup(name);
-	liep->lie_fd = l;
-	TAILQ_INSERT_TAIL(&ld_libcache_list, liep, lie_list);
+	ld_libcache_add(name, l);
 }
 
+/*
+ * Given a library name, return its file descriptor (if defined).  Arguably,
+ * we should dup the cache-owned fd rather than returning it directly to the
+ * caller.
+ */
 int
 ld_libcache_lookup(const char *libname, int *fdp)
 {
@@ -100,6 +124,9 @@
 	return (-1);
 }
 
+/*
+ * Initialize the library cache given the LD_LIBCACHE environmental variable.
+ */
 void
 ld_libcache_init(const char *libcache)
 {
@@ -111,7 +138,7 @@
 		fdnumber = strsep(&entry, ":");
 		if (fdnumber == NULL)
 			continue;
-		ld_libcache_add(entry, fdnumber);
+		ld_libcache_add_string(entry, fdnumber);
 	}
 	free(libcache_tofree);
 }

==== //depot/projects/trustedbsd/capabilities/src/libexec/rtld-elf/rtld.c#27 (text+ko) ====

@@ -245,6 +245,7 @@
     (func_ptr_type) &_rtld_atfork_pre,
     (func_ptr_type) &_rtld_atfork_post,
 #ifdef IN_RTLD_CAP
+    (func_ptr_type) &ld_libcache_add,
     (func_ptr_type) &ld_libcache_lookup,
     (func_ptr_type) &ld_insandbox,
 #endif

More information about the p4-projects mailing list