From owner-p4-projects@FreeBSD.ORG Sun Oct 11 16:08:59 2009 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id ADCEF106568B; Sun, 11 Oct 2009 16:08:59 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 724EE106566B for ; Sun, 11 Oct 2009 16:08:59 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id 5F82D8FC13 for ; Sun, 11 Oct 2009 16:08:59 +0000 (UTC) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id n9BG8xpO043842 for ; Sun, 11 Oct 2009 16:08:59 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.14.3/8.14.3/Submit) id n9BG8xSv043840 for perforce@freebsd.org; Sun, 11 Oct 2009 16:08:59 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Sun, 11 Oct 2009 16:08:59 GMT Message-Id: <200910111608.n9BG8xSv043840@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Cc: Subject: PERFORCE change 169401 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Oct 2009 16:09:00 -0000 http://perforce.freebsd.org/chv.cgi?CH=169401 Change 169401 by rwatson@rwatson_freebsd_capabilities on 2009/10/11 16:08:15 Update further reference to LD_CAPLIBINDEX -> LD_LIBCACHE. Add public interface for inserting libraries into the library cache: ld_libcache_add(3), which is implemented by rtld when in a sandbox, and returns EOPNOTSUPP if not. Comment on two known limitations of the libcache code. Affected files ... .. //depot/projects/trustedbsd/capabilities/src/lib/libc/gen/Symbol.map#15 edit .. //depot/projects/trustedbsd/capabilities/src/lib/libc/gen/ld_libcache.c#3 edit .. //depot/projects/trustedbsd/capabilities/src/libexec/rtld-elf-cap/Symbol.map#6 edit .. //depot/projects/trustedbsd/capabilities/src/libexec/rtld-elf-cap/rtld_libcache.c#3 edit .. //depot/projects/trustedbsd/capabilities/src/libexec/rtld-elf/rtld.c#27 edit Differences ... ==== //depot/projects/trustedbsd/capabilities/src/lib/libc/gen/Symbol.map#15 (text) ==== @@ -369,6 +369,7 @@ FBSD_1.2 { basename_r; getpagesizes; + ld_libcache_add; ld_libcache_lookup; ld_insandbox; }; ==== //depot/projects/trustedbsd/capabilities/src/lib/libc/gen/ld_libcache.c#3 (text+ko) ==== @@ -33,6 +33,15 @@ #include +#pragma weak ld_libcache_add +int +ld_libcache_add(const char *libname, int fd) +{ + + errno = EOPNOTSUPP; + return (-1); +} + #pragma weak ld_libcache_lookup int ld_libcache_lookup(const char *libname, int *fdp) ==== //depot/projects/trustedbsd/capabilities/src/libexec/rtld-elf-cap/Symbol.map#6 (text+ko) ==== @@ -3,6 +3,7 @@ */ FBSD_1.1 { + ld_libcache_add; ld_libcache_lookup; ld_insandbox; }; ==== //depot/projects/trustedbsd/capabilities/src/libexec/rtld-elf-cap/rtld_libcache.c#3 (text+ko) ==== @@ -35,15 +35,20 @@ __FBSDID("$FreeBSD$"); /* - * When running in a capability sandbox, rtld-elf-cap will be passed a set of - * open file descriptors to potentially useful libraries, along with an index - * to these in the LD_CAPLIBINDEX environmental variable. These routines - * parse that index, and allow lookups by library name. A typical string - * might be: + * rtld maintains a cache of library file descriptors, which is passed from + * host to sandbox at exec()-time in order to avoid the need for direct file + * system access from within sandboxes. When rtld starts, it inspects + * LD_LIBCACHE to find library descriptors passed from the host. This + * variable maps file descriptor numbers to library names: * * 6:libc.so.7,7:libm.so.5 * * In the event of ambiguity, the earliest entry will be matched. + * + * XXXRW: There should be locking around the libcache list. + * + * XXXRW: ld_libcache_lookup() should dup the fd before returning it so that + * the caller is responsible for managing the returned fd reference. */ #include @@ -66,10 +71,27 @@ static TAILQ_HEAD(, libcache_entry) ld_libcache_list = TAILQ_HEAD_INITIALIZER(ld_libcache_list); +/* + * Add a library to the library cache. + */ +void +ld_libcache_add(const char *name, int fd) +{ + struct libcache_entry *liep; + + liep = xmalloc(sizeof(*liep)); + liep->lie_name = xstrdup(name); + liep->lie_fd = fd; + TAILQ_INSERT_TAIL(&ld_libcache_list, liep, lie_list); +} + +/* + * Add a library to the library cache, with file descriptor passed as a + * string. Used internally when parsing LD_LIBCACHE. + */ static void -ld_libcache_add(const char *name, const char *fdnumber) +ld_libcache_add_string(const char *name, const char *fdnumber) { - struct libcache_entry *liep; long long l; char *endp; @@ -80,12 +102,14 @@ if (l < 0 || l > INT_MAX || *endp != '\0') return; - liep = xmalloc(sizeof(*liep)); - liep->lie_name = xstrdup(name); - liep->lie_fd = l; - TAILQ_INSERT_TAIL(&ld_libcache_list, liep, lie_list); + ld_libcache_add(name, l); } +/* + * Given a library name, return its file descriptor (if defined). Arguably, + * we should dup the cache-owned fd rather than returning it directly to the + * caller. + */ int ld_libcache_lookup(const char *libname, int *fdp) { @@ -100,6 +124,9 @@ return (-1); } +/* + * Initialize the library cache given the LD_LIBCACHE environmental variable. + */ void ld_libcache_init(const char *libcache) { @@ -111,7 +138,7 @@ fdnumber = strsep(&entry, ":"); if (fdnumber == NULL) continue; - ld_libcache_add(entry, fdnumber); + ld_libcache_add_string(entry, fdnumber); } free(libcache_tofree); } ==== //depot/projects/trustedbsd/capabilities/src/libexec/rtld-elf/rtld.c#27 (text+ko) ==== @@ -245,6 +245,7 @@ (func_ptr_type) &_rtld_atfork_pre, (func_ptr_type) &_rtld_atfork_post, #ifdef IN_RTLD_CAP + (func_ptr_type) &ld_libcache_add, (func_ptr_type) &ld_libcache_lookup, (func_ptr_type) &ld_insandbox, #endif