Date: Thu, 18 Jun 2009 13:27:58 GMT From: Jonathan Anderson <jona@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 164665 for review Message-ID: <200906181327.n5IDRweZ024427@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=164665 Change 164665 by jona@jona-trustedbsd-kentvm on 2009/06/18 13:27:43 A nice little (non-Qt) demo: demonstrate that the sandbox works, ask the user_angel to open files, pop up a powerbox and show that, even though the file was opened with O_RDWR, the capabilities system prevents write() operations Affected files ... .. //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/protocol.c#12 edit .. //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/server.c#8 edit .. //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/test_client.c#9 edit Differences ... ==== //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/protocol.c#12 (text+ko) ==== @@ -457,7 +457,8 @@ int bytes_sent = sendmsg(sock, &header, 0); if(bytes_sent < 0) { - perror("Error sending data and file descriptor(s)"); + sprintf(errmsg, "Error sending data and file descriptors: %i (%s)", + errno, strerror(errno)); free(anc_hdr); return -1; } @@ -488,7 +489,8 @@ } else if(bytes < 0) { - perror("Error peeking at socket"); + sprintf(errmsg, "Error peeking at socket: %i (%s)", + errno, strerror(errno)); return NULL; } ==== //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/server.c#8 (text+ko) ==== @@ -243,7 +243,7 @@ if(!d) { - if((errno == ENOENT) || (errno == ECONNRESET)) + if((errno == ENOENT) || (errno == ECONNRESET) || (errno == EAGAIN)) close_client(client, errno, "Client socket closed"); else perror("Error receiving from client"); @@ -360,7 +360,8 @@ if(cap_send_fd(client, d, &cap, 1) < 0) { - perror("Error sending FD"); + sprintf(current_error, "Error sending FD: %i (%s)", + errno, strerror(errno)); return -1; } close(cap); @@ -433,8 +434,14 @@ void close_client(int client, int errnum, const char *reason) { - printf("Client %4i: Closing (errno: %i/'%s', reason: '%s')\n", - client, errnum, strerror(errnum), reason); + printf("Client %4i: Closing", client); + + if((errnum == ECONNRESET) || (errnum == EAGAIN)) + printf(" (client connection closed)"); + else + printf(" (errno: %i/'%s', reason: '%s')", + errnum, strerror(errnum), reason); + printf("\n"); cap_send(client, cap_marshall_error(errnum, reason, strlen(reason))); ==== //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/test_client.c#9 (text+ko) ==== @@ -63,7 +63,7 @@ open_file(fd_angel, "/etc/group", O_RDONLY, CAP_FSTAT | CAP_READ | CAP_SEEK); open_file(fd_angel, "/etc/passwd", O_RDONLY, CAP_FSTAT | CAP_READ | CAP_WRITE | CAP_SEEK); - open_powerbox(fd_angel, "~/Desktop/", "*.gz", 0x2a00003); + open_powerbox(fd_angel, "~/Desktop/", "*.txt", 0x2a00003); return 0; } @@ -121,7 +121,8 @@ int fdcount; if(cap_unmarshall_int(fdcountd, &fdcount) < 0) { - fprintf(stderr, "Error unmarshalling FD count: %s\n", cap_protocol_error()); + fprintf(stderr, "Error unmarshalling FD count: %s\n", + cap_protocol_error()); return; } @@ -144,6 +145,7 @@ } test_fd(fd, name); + close(fd); } } @@ -161,7 +163,7 @@ options.filter = filter; options.filterlen = strlen(filter); options.flags = O_RDWR; - options.rights = CAP_FSTAT | CAP_READ | CAP_WRITE | CAP_SEEK; + options.rights = CAP_FSTAT | CAP_READ | CAP_SEEK; struct cap_wire_datum *data[2]; @@ -183,7 +185,11 @@ int fdcount; if(cap_unmarshall_int(fdcountd, &fdcount) < 0) - err(EX_SOFTWARE, "Error unmarshalling FD count"); + { + fprintf(stderr, "Error unmarshalling FD count: %s\n", + cap_protocol_error()); + return; + } for(int i = 0; i < fdcount; i++) { @@ -204,6 +210,11 @@ } test_fd(fd, name); + + if(write(fd, "OVERWRITING", 12) < 0) + perror("Error overwriting file"); + + close(fd); } } @@ -214,17 +225,10 @@ FILE *rf = fdopen(fd, "r"); if(!rf) err(EX_IOERR, "Error opening %s", name); - printf("Opened %s for reading\n", name); - fclose(rf); + else printf("Opened %s for reading\n", name); - FILE *wf = fdopen(fd, "w"); - if(wf) - { - printf("Opened %s for writing\n", name); - fclose(wf); - } + FILE *wf = fdopen(fd, "a"); + if(wf) printf("Opened %s for writing\n", name); else printf("Couldn't open %s for writing\n", name); - - close(fd); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200906181327.n5IDRweZ024427>