Date: Sun, 11 Oct 2009 16:08:59 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 169401 for review Message-ID: <200910111608.n9BG8xSv043840@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=169401 Change 169401 by rwatson@rwatson_freebsd_capabilities on 2009/10/11 16:08:15 Update further reference to LD_CAPLIBINDEX -> LD_LIBCACHE. Add public interface for inserting libraries into the library cache: ld_libcache_add(3), which is implemented by rtld when in a sandbox, and returns EOPNOTSUPP if not. Comment on two known limitations of the libcache code. Affected files ... .. //depot/projects/trustedbsd/capabilities/src/lib/libc/gen/Symbol.map#15 edit .. //depot/projects/trustedbsd/capabilities/src/lib/libc/gen/ld_libcache.c#3 edit .. //depot/projects/trustedbsd/capabilities/src/libexec/rtld-elf-cap/Symbol.map#6 edit .. //depot/projects/trustedbsd/capabilities/src/libexec/rtld-elf-cap/rtld_libcache.c#3 edit .. //depot/projects/trustedbsd/capabilities/src/libexec/rtld-elf/rtld.c#27 edit Differences ... ==== //depot/projects/trustedbsd/capabilities/src/lib/libc/gen/Symbol.map#15 (text) ==== @@ -369,6 +369,7 @@ FBSD_1.2 { basename_r; getpagesizes; + ld_libcache_add; ld_libcache_lookup; ld_insandbox; }; ==== //depot/projects/trustedbsd/capabilities/src/lib/libc/gen/ld_libcache.c#3 (text+ko) ==== @@ -33,6 +33,15 @@ #include <errno.h> +#pragma weak ld_libcache_add +int +ld_libcache_add(const char *libname, int fd) +{ + + errno = EOPNOTSUPP; + return (-1); +} + #pragma weak ld_libcache_lookup int ld_libcache_lookup(const char *libname, int *fdp) ==== //depot/projects/trustedbsd/capabilities/src/libexec/rtld-elf-cap/Symbol.map#6 (text+ko) ==== @@ -3,6 +3,7 @@ */ FBSD_1.1 { + ld_libcache_add; ld_libcache_lookup; ld_insandbox; }; ==== //depot/projects/trustedbsd/capabilities/src/libexec/rtld-elf-cap/rtld_libcache.c#3 (text+ko) ==== @@ -35,15 +35,20 @@ __FBSDID("$FreeBSD$"); /* - * When running in a capability sandbox, rtld-elf-cap will be passed a set of - * open file descriptors to potentially useful libraries, along with an index - * to these in the LD_CAPLIBINDEX environmental variable. These routines - * parse that index, and allow lookups by library name. A typical string - * might be: + * rtld maintains a cache of library file descriptors, which is passed from + * host to sandbox at exec()-time in order to avoid the need for direct file + * system access from within sandboxes. When rtld starts, it inspects + * LD_LIBCACHE to find library descriptors passed from the host. This + * variable maps file descriptor numbers to library names: * * 6:libc.so.7,7:libm.so.5 * * In the event of ambiguity, the earliest entry will be matched. + * + * XXXRW: There should be locking around the libcache list. + * + * XXXRW: ld_libcache_lookup() should dup the fd before returning it so that + * the caller is responsible for managing the returned fd reference. */ #include <sys/types.h> @@ -66,10 +71,27 @@ static TAILQ_HEAD(, libcache_entry) ld_libcache_list = TAILQ_HEAD_INITIALIZER(ld_libcache_list); +/* + * Add a library to the library cache. + */ +void +ld_libcache_add(const char *name, int fd) +{ + struct libcache_entry *liep; + + liep = xmalloc(sizeof(*liep)); + liep->lie_name = xstrdup(name); + liep->lie_fd = fd; + TAILQ_INSERT_TAIL(&ld_libcache_list, liep, lie_list); +} + +/* + * Add a library to the library cache, with file descriptor passed as a + * string. Used internally when parsing LD_LIBCACHE. + */ static void -ld_libcache_add(const char *name, const char *fdnumber) +ld_libcache_add_string(const char *name, const char *fdnumber) { - struct libcache_entry *liep; long long l; char *endp; @@ -80,12 +102,14 @@ if (l < 0 || l > INT_MAX || *endp != '\0') return; - liep = xmalloc(sizeof(*liep)); - liep->lie_name = xstrdup(name); - liep->lie_fd = l; - TAILQ_INSERT_TAIL(&ld_libcache_list, liep, lie_list); + ld_libcache_add(name, l); } +/* + * Given a library name, return its file descriptor (if defined). Arguably, + * we should dup the cache-owned fd rather than returning it directly to the + * caller. + */ int ld_libcache_lookup(const char *libname, int *fdp) { @@ -100,6 +124,9 @@ return (-1); } +/* + * Initialize the library cache given the LD_LIBCACHE environmental variable. + */ void ld_libcache_init(const char *libcache) { @@ -111,7 +138,7 @@ fdnumber = strsep(&entry, ":"); if (fdnumber == NULL) continue; - ld_libcache_add(entry, fdnumber); + ld_libcache_add_string(entry, fdnumber); } free(libcache_tofree); } ==== //depot/projects/trustedbsd/capabilities/src/libexec/rtld-elf/rtld.c#27 (text+ko) ==== @@ -245,6 +245,7 @@ (func_ptr_type) &_rtld_atfork_pre, (func_ptr_type) &_rtld_atfork_post, #ifdef IN_RTLD_CAP + (func_ptr_type) &ld_libcache_add, (func_ptr_type) &ld_libcache_lookup, (func_ptr_type) &ld_insandbox, #endif
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200910111608.n9BG8xSv043840>