Date: Fri, 19 Jun 2009 12:44:29 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 164706 for review Message-ID: <200906191244.n5JCiTPb024968@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=164706 Change 164706 by rwatson@rwatson_freebsd_capabilities on 2009/06/19 12:43:48 After a very confusing debugging session, only run 'cap_main' for sandbox-mode binaries, don't fall back to 'main' as frequently that will be code unintended to run in sandbox mode. Affected files ... .. //depot/projects/trustedbsd/capabilities/src/libexec/rtld-elf-cap/rtld-elf-cap.1#7 edit .. //depot/projects/trustedbsd/capabilities/src/libexec/rtld-elf/rtld.c#20 edit Differences ... ==== //depot/projects/trustedbsd/capabilities/src/libexec/rtld-elf-cap/rtld-elf-cap.1#7 (text+ko) ==== @@ -60,8 +60,8 @@ .It Recognizes the addition symbol .Dv cap_main , -which will be used in preference to the normal ELF entry point for a binary -when in sandbox mode. +which will be used instead of the normal ELF entry point for a binary when in +sandbox mode. This makes it easy a single binary to select different behavior when run in the different environments. .It ==== //depot/projects/trustedbsd/capabilities/src/libexec/rtld-elf/rtld.c#20 (text+ko) ==== @@ -657,10 +657,14 @@ * ELF default. */ cap_main_ptr = find_cap_main(obj_main); - if (cap_main_ptr != NULL) - return (func_ptr_type) cap_main_ptr; + if (cap_main_ptr == NULL) { + _rtld_error("cap_main not found"); + die(); + } + return (func_ptr_type) cap_main_ptr; +#else + return (func_ptr_type) obj_main->entry; #endif - return (func_ptr_type) obj_main->entry; } Elf_Addr
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200906191244.n5JCiTPb024968>