From owner-p4-projects@FreeBSD.ORG Sat Jun 13 09:59:31 2009 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id A237C106567A; Sat, 13 Jun 2009 09:59:31 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5DB511065679 for ; Sat, 13 Jun 2009 09:59:31 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id 48FBA8FC1D for ; Sat, 13 Jun 2009 09:59:31 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id n5D9xVU0090158 for ; Sat, 13 Jun 2009 09:59:31 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.14.3/8.14.3/Submit) id n5D9xVw9090156 for perforce@freebsd.org; Sat, 13 Jun 2009 09:59:31 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Sat, 13 Jun 2009 09:59:31 GMT Message-Id: <200906130959.n5D9xVw9090156@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Cc: Subject: PERFORCE change 164252 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Jun 2009 09:59:33 -0000 http://perforce.freebsd.org/chv.cgi?CH=164252 Change 164252 by rwatson@rwatson_freebsd_capabilities on 2009/06/13 09:58:36 Make lch_startfd() and lch_startfd_flags() accept a binary name as a string so that we can use that as the binary's name in the process's library descriptor cache. Pass libcapabilitym rather than libcapability into sandboxes so that sandbox-specific functions are available. Include rtld-elf-cap library information in LD_CAPLIBINDEX so that it is inserted into the process's library descriptor cache. Nested sandbox launching now appears to work properly. Affected files ... .. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.h#13 edit .. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host.c#10 edit Differences ... ==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.h#13 (text+ko) ==== @@ -30,7 +30,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.h#12 $ + * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.h#13 $ */ #ifndef _LIBCAPABILITY_H_ @@ -51,10 +51,10 @@ struct lc_sandbox **lcspp); int lch_start_flags(const char *sandbox, char *const argv[], u_int flags, struct lc_sandbox **lcspp); -int lch_startfd(int fd_sandbox, char *const argv[], +int lch_startfd(int fd_sandbox, const char *binname, char *const argv[], struct lc_sandbox **lcspp); -int lch_startfd_flags(int fd_sandbox, char *const argv[], u_int flags, - struct lc_sandbox **lcspp); +int lch_startfd_flags(int fd_sandbox, const char *binname, + char *const argv[], u_int flags, struct lc_sandbox **lcspp); void lch_stop(struct lc_sandbox *lcsp); /* ==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host.c#10 (text+ko) ==== @@ -30,10 +30,10 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host.c#9 $ + * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host.c#10 $ */ -#include +#include #include #include #include @@ -41,6 +41,7 @@ #include #include +#include #include #include #include @@ -59,20 +60,21 @@ #define LIBCAPABILITY_CAPMASK_SANDBOX LIBCAPABILITY_CAPMASK_BIN #define LIBCAPABILITY_CAPMASK_LDSO LIBCAPABILITY_CAPMASK_BIN #define LIBCAPABILITY_CAPMASK_LIBC LIBCAPABILITY_CAPMASK_BIN -#define LIBCAPABILITY_CAPMASK_LIBCAPABILITY LIBCAPABILITY_CAPMASK_BIN +#define LIBCAPABILITY_CAPMASK_LIBCAPABILITYM LIBCAPABILITY_CAPMASK_BIN #define LIBCAPABILITY_CAPMASK_LIBZ LIBCAPABILITY_CAPMASK_BIN #define _PATH_LIB "/lib" #define _PATH_USR_LIB "/usr/lib" #define LIBC_SO "libc.so.7" #define LIBZ_SO "libz.so.4" -#define LIBCAPABILITY_SO "libcapability.so.1" +#define LIBCAPABILITYM_SO "libcapabilitym.so.1" extern char **environ; -#define LD_ELF_CAP_SO "/libexec/ld-elf-cap.so.1" +#define LD_ELF_CAP_SO "ld-elf-cap.so.1" +#define PATH_LD_ELF_CAP_SO "/libexec" char *ldso_argv[] = { - __DECONST(char *, LD_ELF_CAP_SO), + __DECONST(char *, PATH_LD_ELF_CAP_SO "/" LD_ELF_CAP_SO), NULL, }; @@ -144,8 +146,8 @@ static void lch_sandbox(int fd_sock, int fd_sandbox, int fd_ldso, int fd_libc, - int fd_libz, int fd_libcapability, int fd_devnull, u_int flags, - char *const argv[]) + int fd_libz, int fd_libcapabilitym, int fd_devnull, u_int flags, + const char *binname, char *const argv[]) { char *env_caplibindex, *env_libcapability_sandbox_api; int fd_array[10]; @@ -162,8 +164,8 @@ return; if (lc_limitfd(fd_libz, LIBCAPABILITY_CAPMASK_LIBZ) < 0) return; - if (lc_limitfd(fd_libcapability, LIBCAPABILITY_CAPMASK_LIBCAPABILITY) - < 0) + if (lc_limitfd(fd_libcapabilitym, + LIBCAPABILITY_CAPMASK_LIBCAPABILITYM) < 0) return; fd_array[0] = fd_devnull; @@ -179,7 +181,7 @@ fd_array[5] = fd_ldso; fd_array[6] = fd_libc; fd_array[7] = fd_libz; - fd_array[8] = fd_libcapability; + fd_array[8] = fd_libcapabilitym; fd_array[9] = fd_devnull; if (lch_installfds(10, fd_array) < 0) @@ -188,8 +190,9 @@ /* * Pass library list into rtld-elf-cap. */ - if (asprintf(&env_caplibindex, "%d:%s,%d:%s,%d:%s,%d:%s", 6, LIBC_SO, - 7, LIBZ_SO, 8, LIBCAPABILITY_SO, 9, _PATH_DEVNULL) == -1) + if (asprintf(&env_caplibindex, "%d:%s,%d:%s,%d:%s,%d:%s,%d:%s,%d:%s", + 3, binname, 5, LD_ELF_CAP_SO, 6, LIBC_SO, 7, LIBZ_SO, 8, + LIBCAPABILITYM_SO, 9, _PATH_DEVNULL) == -1) return; if (setenv("LD_CAPLIBINDEX", env_caplibindex, 1) == -1) return; @@ -214,16 +217,16 @@ } int -lch_startfd_flags(int fd_sandbox, char *const argv[], u_int flags, - struct lc_sandbox **lcapp) +lch_startfd_flags(int fd_sandbox, const char *binname, char *const argv[], + u_int flags, struct lc_sandbox **lcapp) { struct lc_sandbox *lcap; - int fd_devnull, fd_ldso, fd_libc, fd_libcapability, fd_libz; + int fd_devnull, fd_ldso, fd_libc, fd_libcapabilitym, fd_libz; int fd_procdesc, fd_sockpair[2]; int error, val; pid_t pid; - fd_devnull = fd_ldso = fd_libc = fd_libz = fd_libcapability = + fd_devnull = fd_ldso = fd_libc = fd_libz = fd_libcapabilitym = fd_procdesc = fd_sockpair[0] = fd_sockpair[1] = -1; lcap = malloc(sizeof(*lcap)); @@ -238,12 +241,12 @@ goto out_error; if (ld_caplibindex_lookup(LIBZ_SO, &fd_libz) < 0) goto out_error; - if (ld_caplibindex_lookup(LIBCAPABILITY_SO, &fd_libcapability) < 0) + if (ld_caplibindex_lookup(LIBCAPABILITYM_SO, &fd_libcapabilitym) < 0) goto out_error; - if (ld_caplibindex_lookup(_PATH_DEVNULL, &fd_libcapability) < 0) + if (ld_caplibindex_lookup(_PATH_DEVNULL, &fd_devnull) < 0) goto out_error; #else - fd_ldso = open(LD_ELF_CAP_SO, O_RDONLY); + fd_ldso = open(PATH_LD_ELF_CAP_SO "/" LD_ELF_CAP_SO, O_RDONLY); if (fd_ldso < 0) goto out_error; @@ -255,9 +258,9 @@ if (fd_libz < 0) goto out_error; - fd_libcapability = open(_PATH_USR_LIB "/" LIBCAPABILITY_SO, + fd_libcapabilitym = open(_PATH_USR_LIB "/" LIBCAPABILITYM_SO, O_RDONLY); - if (fd_libcapability < 0) + if (fd_libcapabilitym < 0) goto out_error; fd_devnull = open(_PATH_DEVNULL, O_RDWR); @@ -282,12 +285,13 @@ } if (pid == 0) { lch_sandbox(fd_sockpair[1], fd_sandbox, fd_ldso, fd_libc, - fd_libz, fd_libcapability, fd_devnull, flags, argv); + fd_libz, fd_libcapabilitym, fd_devnull, flags, binname, + argv); exit(-1); } #ifndef IN_CAP_MODE close(fd_devnull); - close(fd_libcapability); + close(fd_libcapabilitym); close(fd_libz); close(fd_libc); close(fd_ldso); @@ -310,8 +314,8 @@ #ifndef IN_CAP_MODE if (fd_devnull != -1) close(fd_devnull); - if (fd_libcapability != -1) - close(fd_libcapability); + if (fd_libcapabilitym != -1) + close(fd_libcapabilitym); if (fd_libz != -1) close(fd_libz); if (fd_libc != -1) @@ -326,10 +330,11 @@ } int -lch_startfd(int fd_sandbox, char *const argv[], struct lc_sandbox **lcapp) +lch_startfd(int fd_sandbox, const char *binname, char *const argv[], + struct lc_sandbox **lcapp) { - return (lch_startfd_flags(fd_sandbox, argv, 0, lcapp)); + return (lch_startfd_flags(fd_sandbox, binname, argv, 0, lcapp)); } #ifndef IN_CAP_MODE @@ -337,13 +342,17 @@ lch_start_flags(const char *sandbox, char *const argv[], u_int flags, struct lc_sandbox **lcapp) { + char binname[MAXPATHLEN]; int error, fd_sandbox, ret; + if (basename_r(sandbox, binname) == NULL) + return (-1); + fd_sandbox = open(sandbox, O_RDONLY); if (fd_sandbox < 0) return (-1); - ret = lch_startfd_flags(fd_sandbox, argv, flags, lcapp); + ret = lch_startfd_flags(fd_sandbox, binname, argv, flags, lcapp); error = errno; close(fd_sandbox); errno = error;