Date: Sun, 7 Jun 2009 20:11:40 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 163732 for review Message-ID: <200906072011.n57KBe55079221@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=163732 Change 163732 by rwatson@rwatson_freebsd_capabilities on 2009/06/07 20:11:31 Pass libc.so.7 into programs launched by capexec when running with rtld-elf-cap.so. Affected files ... .. //depot/projects/trustedbsd/capabilities/src/tools/cap/cap_exec/cap_exec.c#2 edit Differences ... ==== //depot/projects/trustedbsd/capabilities/src/tools/cap/cap_exec/cap_exec.c#2 (text+ko) ==== @@ -5,6 +5,7 @@ #include <err.h> #include <fcntl.h> +#include <stdio.h> #include <stdlib.h> #include <unistd.h> @@ -16,17 +17,24 @@ LD_ELF_CAP_SO, NULL, }; + +#define LIBC_SO "libc.so.7" +#define LIBPATH "/lib/" #endif #define BASE_CAPS (CAP_IOCTL | CAP_EVENT | CAP_SEEK | CAP_FSTAT) #define STDIN_CAPS (BASE_CAPS | CAP_READ) #define STDOUT_CAPS (BASE_CAPS | CAP_WRITE) #define STDERR_CAPS (BASE_CAPS | CAP_WRITE) +#define BIN_CAPS (CAP_SEEK | CAP_FSTAT | CAP_FSTATFS | CAP_READ | \ + CAP_FEXECVE | CAP_MMAP | CAP_MAPEXEC) int main(int argc, char *argv[]) { - int fd_exec, fd_stdin, fd_stdout, fd_stderr, fd_procdesc; + int fd_exec, fd_libc, fd_new; + int fd_stdin, fd_stdout, fd_stderr, fd_procdesc; + char *env_caplibindex; struct pollfd pollfd; #ifdef LDSO_MODE int fd_ldso; @@ -53,8 +61,24 @@ fd_ldso = open(LD_ELF_CAP_SO, O_RDONLY); if (fd_ldso < 0) err(-1, "open: %s", LD_ELF_CAP_SO); + fd_new = cap_new(fd_ldso, BIN_CAPS); + if (fd_new < 0) + err(-1, "cap_new"); + if (dup2(fd_new, fd_ldso) < 0) + err(-1, "dup2"); + close(fd_new); if (fcntl(fd_ldso, F_SETFD, FD_CLOEXEC) < 0) err(-1, "fcntl FD_CLOEXEC"); + + fd_libc = open(LIBPATH LIBC_SO, O_RDONLY); + if (fd_libc < 0) + err(-1, "open: %s", LIBPATH LIBC_SO); + fd_new = cap_new(fd_libc, BIN_CAPS); + if (fd_new < 0) + err(-1, "cap_new"); + if (dup2(fd_new, fd_libc) < 0) + err(-1, "dup2"); + close(fd_new); #else if (fcntl(fd_exec, F_SETFD, FD_CLOEXEC) < 0) err(-1, "fcntl FD_CLOEXEC"); @@ -95,9 +119,16 @@ close(fd_stderr); /* - * Similarly constrain file descriptors for execution. + * Set up environmental variable so that the runtime linker + * can access libc in a sandbox. */ - +#ifdef LDSO_MODE + if (asprintf(&env_caplibindex, "%d:%s", fd_libc, LIBC_SO) == + -1) + err(-1, "asprintf"); + printf("caplibindex: %s\n", env_caplibindex); + setenv("LD_CAPLIBINDEX", env_caplibindex, 1); +#endif /* * Perhaps a closeall() or something to clear any remaining
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200906072011.n57KBe55079221>