From owner-p4-projects@FreeBSD.ORG Fri Jan 29 13:10:06 2010 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 9CAAB106568D; Fri, 29 Jan 2010 13:10:06 +0000 (UTC) Delivered-To: perforce@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 62E3E106566C for ; Fri, 29 Jan 2010 13:10:06 +0000 (UTC) (envelope-from jona@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id 47FD78FC14 for ; Fri, 29 Jan 2010 13:10:06 +0000 (UTC) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id o0TDA6qH047306 for ; Fri, 29 Jan 2010 13:10:06 GMT (envelope-from jona@FreeBSD.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.14.3/8.14.3/Submit) id o0TDA64B047304 for perforce@freebsd.org; Fri, 29 Jan 2010 13:10:06 GMT (envelope-from jona@FreeBSD.org) Date: Fri, 29 Jan 2010 13:10:06 GMT Message-Id: <201001291310.o0TDA64B047304@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to jona@FreeBSD.org using -f From: Jonathan Anderson To: Perforce Change Reviews Precedence: bulk Cc: Subject: PERFORCE change 173905 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Jan 2010 13:10:06 -0000 http://p4web.freebsd.org/chv.cgi?CH=173905 Change 173905 by jona@jona-belle-freebsd8 on 2010/01/29 13:09:11 fdlist changes to libcapsicum - WARNING: due to some kernel bug, this library code might cause a panic Affected files ... .. //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum.c#2 edit .. //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum.h#4 edit .. //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_fdlist.c#3 edit .. //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_host.c#3 edit .. //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_host_io.c#2 edit .. //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_internal.h#2 edit .. //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_sandbox.c#2 edit .. //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_sandbox_api.h#2 edit .. //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_sandbox_io.c#2 edit .. //depot/projects/trustedbsd/capabilities/src/tools/cap/fdlist/fdlist.c#5 edit Differences ... ==== //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum.c#2 (text+ko) ==== @@ -30,7 +30,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum.c#1 $ + * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum.c#2 $ */ #include ==== //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum.h#4 (text+ko) ==== @@ -30,7 +30,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum.h#3 $ + * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum.h#4 $ */ #ifndef _LIBCAPABILITY_H_ @@ -117,15 +117,15 @@ * Interfaces to start and stop capability mode sandboxs. */ int lch_start(const char *sandbox, char *const argv[], u_int flags, - struct lc_sandbox **lcspp); + struct lc_fdlist *fds, struct lc_sandbox **lcspp); int lch_start_libs(const char *sandbox, char *const argv[], u_int flags, - struct lc_library *lclp, u_int lcl_count, + struct lc_library *lclp, u_int lcl_count, struct lc_fdlist *fds, struct lc_sandbox **lcspp); int lch_startfd(int fd_sandbox, const char *binname, char *const argv[], u_int flags, struct lc_fdlist *fds, struct lc_sandbox **lcspp); int lch_startfd_libs(int fd_sandbox, const char *binname, char *const argv[], u_int flags, struct lc_library *lclp, - u_int lcl_count, struct lc_sandbox **lcspp); + u_int lcl_count, struct lc_fdlist *fds, struct lc_sandbox **lcspp); void lch_stop(struct lc_sandbox *lcsp); /* ==== //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_fdlist.c#3 (text+ko) ==== @@ -30,15 +30,21 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_fdlist.c#2 $ + * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_fdlist.c#3 $ */ +#include +#include + #include #include #include +#include #include #include +#include "libcapsicum_sandbox_api.h" + struct lc_fdlist_entry { @@ -87,6 +93,41 @@ struct lc_fdlist* lc_fdlist_global(void) { + if (global_fdlist == NULL) { + + char *env = getenv(LIBCAPABILITY_SANDBOX_FDLIST); + printf("%s: %s\n", LIBCAPABILITY_SANDBOX_FDLIST, env); + + if ((env != NULL) && (strnlen(env, 8) < 7)) { + + for (int i = 0; (i < 7) && env[i]; i++) + if ((env[i] < '0') || (env[i] > '9')) + return NULL; + + int fd = -1; + if (sscanf(env, "%d", &fd) != 1) + return NULL; + + if (fd < 0) + return NULL; + + printf("testing FD %i...", fd); fflush(stdout); + struct stat stats; + if (fstat(fd, &stats) < 0) + return NULL; + + printf(" done. Size: %lu\n", stats.st_size); + + printf("mapping FD %i... ", fd); fflush(stdout); + /* + global_fdlist = mmap(NULL, stats.st_size, + PROT_READ | PROT_WRITE, + MAP_NOSYNC | MAP_PRIVATE, fd, 0); + */ + printf(" done.\n"); + } + } + return global_fdlist; } ==== //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_host.c#3 (text+ko) ==== @@ -30,11 +30,12 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_host.c#2 $ + * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_host.c#3 $ */ #include #include +#include #include #include #include @@ -147,12 +148,41 @@ lch_sandbox(int fd_sock, int fd_sandbox, int fd_ldso, int fd_libc, int fd_libcapsicum, int fd_libsbuf, int fd_devnull, u_int flags, struct lc_library *lclp, u_int lcl_count, const char *binname, - char *const argv[]) + char *const argv[], struct lc_fdlist *fds) { int *fd_array, fdcount; struct sbuf *sbufp; + int shmfd, fdlistsize; + /*void *shm;*/ + char fdliststr[8]; u_int i; + + /* create an anonymous shared memory segment for the FD list */ + shmfd = shm_open(SHM_ANON, O_RDWR, 0600); + if (shmfd < 0) return; + + fdlistsize = lc_fdlist_size(fds); + if (ftruncate(shmfd, fdlistsize) < 0) return; + + + printf("%dB of memory to mmap\n", fdlistsize); + + + /* map it and copy the list */ + /* + shm = mmap(NULL, fdlistsize, PROT_READ | PROT_WRITE, + MAP_NOSYNC | MAP_SHARED, shmfd, 0); + + if (shm == MAP_FAILED) return; + memcpy(shm, fds, fdlistsize); + + if (munmap(shm, fdlistsize)) return; + */ + + + + if (lc_limitfd(fd_devnull, LIBCAPABILITY_CAPMASK_DEVNULL) < 0) return; if (lc_limitfd(fd_sandbox, LIBCAPABILITY_CAPMASK_SANDBOX) < 0) @@ -168,7 +198,7 @@ if (lc_limitfd(fd_libsbuf, LIBCAPABILITY_CAPMASK_LIB) < 0) return; - fdcount = 10 + lcl_count; + fdcount = 11 + lcl_count; fd_array = malloc(fdcount * sizeof(int)); if (fd_array == NULL) return; @@ -193,10 +223,11 @@ fd_array[7] = fd_libcapsicum; fd_array[8] = fd_libsbuf; fd_array[9] = fd_devnull; + fd_array[10] = shmfd; for (i = 0; i < lcl_count; i++) { if (lc_limitfd(lclp->lcl_fd, LIBCAPABILITY_CAPMASK_LIB) < 0) return; - fd_array[i + 10] = lclp[i].lcl_fd; + fd_array[i + 11] = lclp[i].lcl_fd; } if (lch_installfds(fdcount, fd_array) < 0) @@ -209,7 +240,7 @@ 3, binname, 5, LD_ELF_CAP_SO, 6, LIBC_SO, 7, LIBCAPABILITY_SO, 8, LIBSBUF_SO, 9, _PATH_DEVNULL); for (i = 0; i < lcl_count; i++) - (void)sbuf_printf(sbufp, ",%d:%s", i + 10, + (void)sbuf_printf(sbufp, ",%d:%s", i + 11, lclp[i].lcl_libname); sbuf_finish(sbufp); if (sbuf_overflowed(sbufp)) @@ -229,6 +260,10 @@ return; sbuf_delete(sbufp); + sprintf(fdliststr, "%d", 10); + if (setenv(LIBCAPABILITY_SANDBOX_FDLIST, fdliststr, 1) == -1) + return; + if (cap_enter() < 0) return; @@ -238,7 +273,7 @@ int lch_startfd_libs(int fd_sandbox, const char *binname, char *const argv[], u_int flags, struct lc_library *lclp, u_int lcl_count, - struct lc_sandbox **lcspp) + struct lc_fdlist *fds, struct lc_sandbox **lcspp) { struct lc_sandbox *lcsp; int fd_devnull, fd_ldso, fd_libc, fd_libcapsicum, fd_libsbuf; @@ -304,7 +339,7 @@ if (pid == 0) { lch_sandbox(fd_sockpair[1], fd_sandbox, fd_ldso, fd_libc, fd_libcapsicum, fd_libsbuf, fd_devnull, flags, lclp, - lcl_count, binname, argv); + lcl_count, binname, argv, fds); exit(-1); } #ifndef IN_CAP_MODE @@ -353,12 +388,13 @@ { return (lch_startfd_libs(fd_sandbox, binname, argv, flags, NULL, 0, - lcspp)); + fds, lcspp)); } int lch_start_libs(const char *sandbox, char *const argv[], u_int flags, - struct lc_library *lclp, u_int lcl_count, struct lc_sandbox **lcspp) + struct lc_library *lclp, u_int lcl_count, struct lc_fdlist *fds, + struct lc_sandbox **lcspp) { char binname[MAXPATHLEN]; int error, fd_sandbox, ret; @@ -371,7 +407,7 @@ return (-1); ret = lch_startfd_libs(fd_sandbox, binname, argv, flags, lclp, - lcl_count, lcspp); + lcl_count, fds, lcspp); error = errno; close(fd_sandbox); errno = error; @@ -380,10 +416,10 @@ int lch_start(const char *sandbox, char *const argv[], u_int flags, - struct lc_sandbox **lcspp) + struct lc_fdlist *fds, struct lc_sandbox **lcspp) { - return (lch_start_libs(sandbox, argv, flags, NULL, 0, lcspp)); + return (lch_start_libs(sandbox, argv, flags, NULL, 0, fds, lcspp)); } void ==== //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_host_io.c#2 (text+ko) ==== @@ -30,7 +30,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_host_io.c#1 $ + * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_host_io.c#2 $ */ #include ==== //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_internal.h#2 (text+ko) ==== @@ -30,7 +30,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_internal.h#1 $ + * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_internal.h#2 $ */ #ifndef _LIBCAPABILITY_INTERNAL_H_ ==== //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_sandbox.c#2 (text+ko) ==== ==== //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_sandbox_api.h#2 (text+ko) ==== @@ -30,7 +30,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_sandbox_api.h#1 $ + * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_sandbox_api.h#2 $ */ #ifndef _LIBCAPABILITY_SANDBOX_API_H_ @@ -41,6 +41,7 @@ * make about the runtime environment set up by libcapsicum hosts. */ #define LIBCAPABILITY_SANDBOX_API_ENV "LIBCAPABILITY_SANDBOX" +#define LIBCAPABILITY_SANDBOX_FDLIST "LIBCAPABILITY_FDLIST" #define LIBCAPABILITY_SANDBOX_API_SOCK "sock" /* ==== //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_sandbox_io.c#2 (text+ko) ==== ==== //depot/projects/trustedbsd/capabilities/src/tools/cap/fdlist/fdlist.c#5 (text+ko) ====