PERFORCE change 219761 for review
Robert Watson
rwatson at FreeBSD.org
Mon Nov 12 16:08:01 UTC 2012
http://p4web.freebsd.org/@@219761?ac=10
Change 219761 by rwatson at rwatson_zenith_cl_cam_ac_uk on 2012/11/12 16:07:26
Do a bit more legwork so that we can try and convince ourselves that
libraries linked into sandboxed code work; do this by linking in libmd.
Provide a number of system call stubs depended on by the library, which
mostly return ECAPMODE. Also provide an errno implementation. We will
want to expand this example shortly to illustrate how capability-unaware
code can copy in arguments and out return values via capabilities using
utility routines, as will be required for libpng.
Affected files ...
.. //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/Makefile#5 edit
.. //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/cheritest-helper.c#3 edit
.. //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/malloc.c#1 add
.. //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/stub.c#1 add
Differences ...
==== //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/Makefile#5 (text+ko) ====
@@ -2,12 +2,26 @@
# $FreeBSD$
#
PROG= cheritest-helper
-SRCS= cheritest-helper.c chsbrt.S
+SRCS= cheritest-helper.c \
+ malloc.c \
+ stub.c \
+ chsbrt.S \
+ memcpy.S \
+ memset.S
+
LDFLAGS+= -Wl,--script=${.CURDIR}/sandbox.ld -nostdlib
NO_MAN=
#STRIP=
+DPADD= ${LIBMD}
+LDADD= -lmd
+
NO_SHARED= yes
+#
+# For libc files!
+#
+NO_WERROR= yes
+
FILESOWN= ${LIBOWN}
FILESGRP= ${LIBGRP}
FILESMODE= ${LIBMODE}
@@ -24,6 +38,7 @@
cheritest-helper.dump: cheritest-helper
objdump -xsSD ${.ALLSRC} > ${.TARGET}
-.PATH: ${.CURDIR}/${MACHINE_ARCH}
+.PATH: ${.CURDIR}/${MACHINE_ARCH} \
+ ${.CURDIR}/../../lib/libc/string/${MACHINE_TARGET}
.include <bsd.prog.mk>
==== //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/cheritest-helper.c#3 (text+ko) ====
@@ -30,12 +30,27 @@
#include <sys/types.h>
+#include <machine/cheri.h>
+
+#include <md5.h>
+
int invoke(register_t a0, register_t a1, register_t a2, register_t a3);
+/*
+ * Sample sandboxed code. Calculate an MD5 checksum of the data arriving via
+ * c1, and place the checksum in c2.
+ *
+ * XXXRW: More to follow here.
+ */
int
invoke(register_t a0 __unused, register_t a1 __unused, register_t a2 __unused,
register_t a3 __unused)
{
+ MD5_CTX md5context;
+ char buf[33];
+
+ MD5Init(&md5context);
+ MD5End(&md5context, buf);
return (123456);
}
More information about the p4-projects
mailing list