From owner-p4-projects@FreeBSD.ORG Thu Jun 18 13:28:00 2009 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id EF3521065745; Thu, 18 Jun 2009 13:27:59 +0000 (UTC) Delivered-To: perforce@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E4AAB10656D3 for ; Thu, 18 Jun 2009 13:27:58 +0000 (UTC) (envelope-from jona@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id 21C5F8FC1B for ; Thu, 18 Jun 2009 13:27:58 +0000 (UTC) (envelope-from jona@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id n5IDRw7M024429 for ; Thu, 18 Jun 2009 13:27:58 GMT (envelope-from jona@FreeBSD.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.14.3/8.14.3/Submit) id n5IDRweZ024427 for perforce@freebsd.org; Thu, 18 Jun 2009 13:27:58 GMT (envelope-from jona@FreeBSD.org) Date: Thu, 18 Jun 2009 13:27:58 GMT Message-Id: <200906181327.n5IDRweZ024427@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to jona@FreeBSD.org using -f From: Jonathan Anderson To: Perforce Change Reviews Cc: Subject: PERFORCE change 164665 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Jun 2009 13:28:01 -0000 http://perforce.freebsd.org/chv.cgi?CH=164665 Change 164665 by jona@jona-trustedbsd-kentvm on 2009/06/18 13:27:43 A nice little (non-Qt) demo: demonstrate that the sandbox works, ask the user_angel to open files, pop up a powerbox and show that, even though the file was opened with O_RDWR, the capabilities system prevents write() operations Affected files ... .. //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/protocol.c#12 edit .. //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/server.c#8 edit .. //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/test_client.c#9 edit Differences ... ==== //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/protocol.c#12 (text+ko) ==== @@ -457,7 +457,8 @@ int bytes_sent = sendmsg(sock, &header, 0); if(bytes_sent < 0) { - perror("Error sending data and file descriptor(s)"); + sprintf(errmsg, "Error sending data and file descriptors: %i (%s)", + errno, strerror(errno)); free(anc_hdr); return -1; } @@ -488,7 +489,8 @@ } else if(bytes < 0) { - perror("Error peeking at socket"); + sprintf(errmsg, "Error peeking at socket: %i (%s)", + errno, strerror(errno)); return NULL; } ==== //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/server.c#8 (text+ko) ==== @@ -243,7 +243,7 @@ if(!d) { - if((errno == ENOENT) || (errno == ECONNRESET)) + if((errno == ENOENT) || (errno == ECONNRESET) || (errno == EAGAIN)) close_client(client, errno, "Client socket closed"); else perror("Error receiving from client"); @@ -360,7 +360,8 @@ if(cap_send_fd(client, d, &cap, 1) < 0) { - perror("Error sending FD"); + sprintf(current_error, "Error sending FD: %i (%s)", + errno, strerror(errno)); return -1; } close(cap); @@ -433,8 +434,14 @@ void close_client(int client, int errnum, const char *reason) { - printf("Client %4i: Closing (errno: %i/'%s', reason: '%s')\n", - client, errnum, strerror(errnum), reason); + printf("Client %4i: Closing", client); + + if((errnum == ECONNRESET) || (errnum == EAGAIN)) + printf(" (client connection closed)"); + else + printf(" (errno: %i/'%s', reason: '%s')", + errnum, strerror(errnum), reason); + printf("\n"); cap_send(client, cap_marshall_error(errnum, reason, strlen(reason))); ==== //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/test_client.c#9 (text+ko) ==== @@ -63,7 +63,7 @@ open_file(fd_angel, "/etc/group", O_RDONLY, CAP_FSTAT | CAP_READ | CAP_SEEK); open_file(fd_angel, "/etc/passwd", O_RDONLY, CAP_FSTAT | CAP_READ | CAP_WRITE | CAP_SEEK); - open_powerbox(fd_angel, "~/Desktop/", "*.gz", 0x2a00003); + open_powerbox(fd_angel, "~/Desktop/", "*.txt", 0x2a00003); return 0; } @@ -121,7 +121,8 @@ int fdcount; if(cap_unmarshall_int(fdcountd, &fdcount) < 0) { - fprintf(stderr, "Error unmarshalling FD count: %s\n", cap_protocol_error()); + fprintf(stderr, "Error unmarshalling FD count: %s\n", + cap_protocol_error()); return; } @@ -144,6 +145,7 @@ } test_fd(fd, name); + close(fd); } } @@ -161,7 +163,7 @@ options.filter = filter; options.filterlen = strlen(filter); options.flags = O_RDWR; - options.rights = CAP_FSTAT | CAP_READ | CAP_WRITE | CAP_SEEK; + options.rights = CAP_FSTAT | CAP_READ | CAP_SEEK; struct cap_wire_datum *data[2]; @@ -183,7 +185,11 @@ int fdcount; if(cap_unmarshall_int(fdcountd, &fdcount) < 0) - err(EX_SOFTWARE, "Error unmarshalling FD count"); + { + fprintf(stderr, "Error unmarshalling FD count: %s\n", + cap_protocol_error()); + return; + } for(int i = 0; i < fdcount; i++) { @@ -204,6 +210,11 @@ } test_fd(fd, name); + + if(write(fd, "OVERWRITING", 12) < 0) + perror("Error overwriting file"); + + close(fd); } } @@ -214,17 +225,10 @@ FILE *rf = fdopen(fd, "r"); if(!rf) err(EX_IOERR, "Error opening %s", name); - printf("Opened %s for reading\n", name); - fclose(rf); + else printf("Opened %s for reading\n", name); - FILE *wf = fdopen(fd, "w"); - if(wf) - { - printf("Opened %s for writing\n", name); - fclose(wf); - } + FILE *wf = fdopen(fd, "a"); + if(wf) printf("Opened %s for writing\n", name); else printf("Couldn't open %s for writing\n", name); - - close(fd); }