Date: Wed, 3 Feb 2010 21:29:50 +0000 (UTC) From: Robert Watson <rwatson@FreeBSD.org> To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r203447 - in projects/capabilities8/tools/cap: . sandbox_world Message-ID: <201002032129.o13LToXf013274@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rwatson Date: Wed Feb 3 21:29:50 2010 New Revision: 203447 URL: http://svn.freebsd.org/changeset/base/203447 Log: Merge cap/sandbox_world test tool from the p4 TrustedBSD Capabilities to capabilities8. Sponsored by: Google, Inc. Added: projects/capabilities8/tools/cap/ projects/capabilities8/tools/cap/sandbox_world/ projects/capabilities8/tools/cap/sandbox_world/Makefile projects/capabilities8/tools/cap/sandbox_world/sandbox_world.c Added: projects/capabilities8/tools/cap/sandbox_world/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ projects/capabilities8/tools/cap/sandbox_world/Makefile Wed Feb 3 21:29:50 2010 (r203447) @@ -0,0 +1,8 @@ +PROG=sandbox_world +NO_MAN= +CFLAGS=-Wall -g -rdynamic + +DPADD= ${LIBCAPABILITY} ${LIBSBUF} +LDADD= -lcapsicum -lsbuf + +.include <bsd.prog.mk> Added: projects/capabilities8/tools/cap/sandbox_world/sandbox_world.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ projects/capabilities8/tools/cap/sandbox_world/sandbox_world.c Wed Feb 3 21:29:50 2010 (r203447) @@ -0,0 +1,145 @@ +/*- + * Copyright (c) 2009-2010 Robert N. M. Watson + * All rights reserved. + * + * WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED + * ON IN PRODUCTION SYSTEMS. IT WILL BREAK YOUR SOFTWARE IN NEW AND + * UNEXPECTED WAYS. + * + * This software was developed at the University of Cambridge Computer + * Laboratory with support from a grant from Google, Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include <sys/cdefs.h> +__FBSDID("$FreeBSD$"); + +#include <sys/types.h> +#include <sys/uio.h> + +#include <err.h> +#include <errno.h> +#include <libcapsicum.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +/* + * Almost your standard "hello world" application, only we run the printf in + * a sandbox, and we use a 1-byte synchronous RPC to make sure that the host + * doesn't exit until the sandbox is done. + */ + +#define MYNAME "sandbox_world" /* Binary to run in sandbox. */ + +/* + * Unsandboxed host process with full user rights. + */ +int +main(int argc, char *argv[]) +{ + struct lc_sandbox *lcsp; + char *sandbox_argv[3] = { argv[1], "nested", NULL }; + struct iovec iov; + size_t len; + char ch; + + if (argc != 1) + errx(-1, "usage: sandbox_world"); + + /* + * Create a sandbox, do permit access to stdout and stderr. + */ + if (lch_start(MYNAME, sandbox_argv, LCH_PERMIT_STDERR | + LCH_PERMIT_STDOUT, NULL, &lcsp) < 0) + err(-1, "lch_start %s", argv[1]); + + /* + * Send a one-byte message to the sandbox and wait for a one-byte + * reply. + */ + ch = 'X'; + iov.iov_base = &ch; + iov.iov_len = sizeof(ch); + if (lch_rpc(lcsp, 0, &iov, 1, &iov, 1, &len) < 0) + err(-1, "lch_rpc"); + if (len != sizeof(ch)) + errx(-1, "lch_rpc returned size %zd not %zd", len, sizeof(ch)); + if (ch != 'X') + errx(-1, "lch_recv: expected %d and got %d", 'X', ch); + + /* + * Terminate the sandbox when done. + */ + lch_stop(lcsp); +} + +/* + * Sandboxed process implementing a 'printf hello world' RPC. + */ +int +cap_main(int argc, char *argv[]) +{ + struct lc_host *lchp; + u_int32_t opno, seqno; + struct iovec iov; + u_char *buffer; + size_t len; + + if (lcs_get(&lchp) < 0) + err(-1, "lcs_get"); + + /* + * Serve RPCs from the host until the sandbox is killed. + */ + while (1) { + /* + * Receive a one-byte RPC from the host. + */ + if (lcs_recvrpc(lchp, &opno, &seqno, &buffer, &len) < 0) { + if (errno != EPIPE) + err(-6, "lcs_recvrpc"); + else + exit(-6); + } + if (len != 1) + errx(-7, "lcs_recvrpc len"); + printf("Hello world!\n"); + fflush(stdout); + + /* + * Reply with the same message. Remember to free the message + * when done. + */ + iov.iov_base = buffer; + iov.iov_len = 1; + if (lcs_sendrpc(lchp, opno, seqno, &iov, 1) < 0) { + if (errno != EPIPE) + err(-8, "lcs_sendrpc"); + else + exit(-8); + } + free(buffer); + } +}
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201002032129.o13LToXf013274>