From owner-svn-src-projects@FreeBSD.ORG Sat Jan 30 18:30:12 2010 Return-Path: Delivered-To: svn-src-projects@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AE8F71065670; Sat, 30 Jan 2010 18:30:12 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 9D9138FC12; Sat, 30 Jan 2010 18:30:12 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o0UIUCtN072294; Sat, 30 Jan 2010 18:30:12 GMT (envelope-from rwatson@svn.freebsd.org) Received: (from rwatson@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id o0UIUCTT072289; Sat, 30 Jan 2010 18:30:12 GMT (envelope-from rwatson@svn.freebsd.org) Message-Id: <201001301830.o0UIUCTT072289@svn.freebsd.org> From: Robert Watson Date: Sat, 30 Jan 2010 18:30:12 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r203210 - in projects/capabilities8: lib/csu/amd64 lib/csu/common lib/csu/i386-elf libexec/rtld-elf X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Jan 2010 18:30:12 -0000 Author: rwatson Date: Sat Jan 30 18:30:12 2010 New Revision: 203210 URL: http://svn.freebsd.org/changeset/base/203210 Log: Merge c169737 from the p4 TrustedBSD Capabilities branch to capabilities8: Add a _capstart() to crt.o which calls the [weak symbol] cap_main(); this fixes the problem where rtld on amd64 gets the stack wrong when entering cap_main() Submitted by: Jonathan Anderson Modified: projects/capabilities8/lib/csu/amd64/crt1.c projects/capabilities8/lib/csu/common/crtbrand.c projects/capabilities8/lib/csu/i386-elf/crt1_c.c projects/capabilities8/libexec/rtld-elf/rtld.c Modified: projects/capabilities8/lib/csu/amd64/crt1.c ============================================================================== --- projects/capabilities8/lib/csu/amd64/crt1.c Sat Jan 30 18:18:38 2010 (r203209) +++ projects/capabilities8/lib/csu/amd64/crt1.c Sat Jan 30 18:30:12 2010 (r203210) @@ -43,7 +43,9 @@ typedef void (*fptr)(void); extern void _fini(void); extern void _init(void); extern int main(int, char **, char **); +extern int cap_main(int, char **, char **) __attribute__((weak)); extern void _start(char **, void (*)(void)); +extern void _capstart(char **, void (*)(void)); #ifdef GCRT extern void _mcleanup(void); @@ -92,4 +94,42 @@ __asm__("eprol:"); exit( main(argc, argv, env) ); } + +/* The Capsicum entry function. */ +void +_capstart(char **ap, void (*cleanup)(void)) +{ + int argc; + char **argv; + char **env; + const char *s; + + argc = *(long *)(void *)ap; + argv = ap + 1; + env = ap + 2 + argc; + environ = env; + if (argc > 0 && argv[0] != NULL) { + __progname = argv[0]; + for (s = __progname; *s != '\0'; s++) + if (*s == '/') + __progname = s + 1; + } + + if (&_DYNAMIC != NULL) + atexit(cleanup); + else + _init_tls(); + +#ifdef GCRT + atexit(_mcleanup); +#endif + atexit(_fini); +#ifdef GCRT +/* monstartup(&eprol, &etext); +__asm__("eprol:");*/ /* XXX: does this interfere with profiling? */ +#endif + _init(); + exit( cap_main(argc, argv, env) ); +} + __asm__(".ident\t\"$FreeBSD$\""); Modified: projects/capabilities8/lib/csu/common/crtbrand.c ============================================================================== --- projects/capabilities8/lib/csu/common/crtbrand.c Sat Jan 30 18:18:38 2010 (r203209) +++ projects/capabilities8/lib/csu/common/crtbrand.c Sat Jan 30 18:30:12 2010 (r203210) @@ -27,6 +27,7 @@ __FBSDID("$FreeBSD$"); #include +#include #define ABI_VENDOR "FreeBSD" #define ABI_SECTION ".note.ABI-tag" @@ -50,3 +51,12 @@ static const struct { ABI_VENDOR, __FreeBSD_version }; + +int cap_main(int argc, char **argv, char **env) +{ + const char warning[] = + "ERROR: attempting to run a regular binary in capability mode.\n\nIf you wish to run a binary in a sandbox, you must provide a cap_main() function which takes the same arguments as main().\n"; + + write(2, warning, sizeof(warning)); +} + Modified: projects/capabilities8/lib/csu/i386-elf/crt1_c.c ============================================================================== --- projects/capabilities8/lib/csu/i386-elf/crt1_c.c Sat Jan 30 18:18:38 2010 (r203209) +++ projects/capabilities8/lib/csu/i386-elf/crt1_c.c Sat Jan 30 18:30:12 2010 (r203210) @@ -45,7 +45,9 @@ typedef void (*fptr)(void); extern void _fini(void); extern void _init(void); extern int main(int, char **, char **); +extern int cap_main(int, char **, char **) __attribute__((weak)); extern void _start(char *, ...); +extern void _capstart(char *, ...); #ifdef GCRT extern void _mcleanup(void); @@ -92,4 +94,47 @@ __asm__("eprol:"); exit( main(argc, argv, env) ); } + +/* The Capsicum entry function. */ +void +_capstart(char *ap, ...) +{ + fptr cleanup; + int argc; + char **argv; + char **env; + const char *s; + +#ifdef __GNUC__ + __asm__("and $0xfffffff0,%esp"); +#endif + cleanup = get_rtld_cleanup(); + argv = ≈ + argc = *(long *)(void *)(argv - 1); + env = argv + argc + 1; + environ = env; + if (argc > 0 && argv[0] != NULL) { + __progname = argv[0]; + for (s = __progname; *s != '\0'; s++) + if (*s == '/') + __progname = s + 1; + } + + if (&_DYNAMIC != NULL) + atexit(cleanup); + else + _init_tls(); + +#ifdef GCRT + atexit(_mcleanup); +#endif + atexit(_fini); +#ifdef GCRT +/* monstartup(&eprol, &etext); +__asm__("eprol:");*/ /* XXX: does this interfere with profiling? */ +#endif + _init(); + exit( cap_main(argc, argv, env) ); +} + __asm(".hidden _start1"); Modified: projects/capabilities8/libexec/rtld-elf/rtld.c ============================================================================== --- projects/capabilities8/libexec/rtld-elf/rtld.c Sat Jan 30 18:18:38 2010 (r203209) +++ projects/capabilities8/libexec/rtld-elf/rtld.c Sat Jan 30 18:30:12 2010 (r203210) @@ -106,7 +106,7 @@ static bool donelist_check(DoneList *, c static void errmsg_restore(char *); static char *errmsg_save(void); #ifdef IN_RTLD_CAP -static void *find_cap_main(const Obj_Entry *); +static void *find_capstart(const Obj_Entry *); #else static void *fill_search_info(const char *, size_t, void *); static char *find_library(const char *, const Obj_Entry *); @@ -348,7 +348,7 @@ _rtld(Elf_Addr *sp, func_ptr_type *exit_ #ifdef IN_RTLD_CAP struct stat sb; Elf_Auxinfo aux_execfd; - void *cap_main_ptr; + void *capstart_ptr; #endif Elf_Auxinfo *aux_info[AT_COUNT]; int i; @@ -647,12 +647,12 @@ _rtld(Elf_Addr *sp, func_ptr_type *exit_ * point, prefer that to the ELF default entry point. Otherwise, use the * ELF default. */ - cap_main_ptr = find_cap_main(obj_main); - if (cap_main_ptr == NULL) { - _rtld_error("cap_main not found"); + capstart_ptr = find_capstart(obj_main); + if (capstart_ptr == NULL) { + _rtld_error("_capstart not found; has the binary been compiled with -rdynamic?"); die(); } - return (func_ptr_type) cap_main_ptr; + return (func_ptr_type) capstart_ptr; #else return (func_ptr_type) obj_main->entry; #endif @@ -824,15 +824,15 @@ origin_subst(const char *real, const cha #ifdef IN_RTLD_CAP static void * -find_cap_main(const Obj_Entry *obj) +find_capstart(const Obj_Entry *obj) { - const char *cap_main_str = "cap_main"; + const char *capstart_str = "_capstart"; const Elf_Sym *def; const Obj_Entry *defobj; unsigned long hash; - hash = elf_hash(cap_main_str); - def = symlook_default(cap_main_str, hash, obj, &defobj, NULL, + hash = elf_hash(capstart_str); + def = symlook_default(capstart_str, hash, obj, &defobj, NULL, SYMLOOK_IN_PLT); if (def == NULL) return (NULL);