From owner-p4-projects@FreeBSD.ORG  Mon Apr 26 14:48:35 2010
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 02E9E106567D; Mon, 26 Apr 2010 14:48:35 +0000 (UTC)
Delivered-To: perforce@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 8A26E106566C
	for <perforce@FreeBSD.org>; Mon, 26 Apr 2010 14:48:34 +0000 (UTC)
	(envelope-from jona@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id 77D528FC08
	for <perforce@FreeBSD.org>; Mon, 26 Apr 2010 14:48:34 +0000 (UTC)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id o3QEmYbO033233
	for <perforce@FreeBSD.org>; Mon, 26 Apr 2010 14:48:34 GMT
	(envelope-from jona@FreeBSD.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.14.3/8.14.3/Submit) id o3QEmYSW033231
	for perforce@freebsd.org; Mon, 26 Apr 2010 14:48:34 GMT
	(envelope-from jona@FreeBSD.org)
Date: Mon, 26 Apr 2010 14:48:34 GMT
Message-Id: <201004261448.o3QEmYSW033231@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	jona@FreeBSD.org using -f
From: Jonathan Anderson <jona@FreeBSD.org>
To: Perforce Change Reviews <perforce@FreeBSD.org>
Precedence: bulk
Cc: 
Subject: PERFORCE change 177356 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.5
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Apr 2010 14:48:35 -0000

http://p4web.freebsd.org/@@177356?ac=10

Change 177356 by jona@jona-belle-freebsd8 on 2010/04/26 14:47:37

	Create LD_PRELOAD for sanbdox

Affected files ...

.. //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_host.c#19 edit

Differences ...

==== //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_host.c#19 (text+ko) ====

@@ -30,7 +30,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_host.c#18 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_host.c#19 $
  */
 
 #include <sys/param.h>
@@ -41,6 +41,7 @@
 #include <sys/socket.h>
 #include <sys/uio.h>
 
+#define _WITH_DPRINTF
 #include <err.h>
 #include <errno.h>
 #include <fcntl.h>
@@ -67,6 +68,8 @@
 #define LIBCAPSICUM_CAPMASK_FDLIST	CAP_READ | CAP_WRITE | CAP_FTRUNCATE \
 					 | CAP_FSTAT | CAP_MMAP
 
+#define LIBCAPSICUM_CAPMASK_STDOUT	CAP_WRITE | CAP_SEEK | CAP_FSTAT
+
 extern char **environ;
 
 #define LD_ELF_CAP_SO		"ld-elf-cap.so.1"
@@ -123,12 +126,12 @@
 
 	if (lc_fdlist_addcap(fds, LIBCAPSICUM_FQNAME, "stdout", "",
 		STDOUT_FILENO,
-		(flags & LCH_PERMIT_STDOUT) ? CAP_WRITE | CAP_SEEK : 0) < 0)
+		(flags & LCH_PERMIT_STDOUT) ? LIBCAPSICUM_CAPMASK_STDOUT : 0) < 0)
 		err(-1, "Error in lc_fdlist_addcap(stdout)");
 
 	if (lc_fdlist_addcap(fds, LIBCAPSICUM_FQNAME, "stderr", "",
 		STDERR_FILENO,
-		(flags & LCH_PERMIT_STDERR) ? CAP_WRITE | CAP_SEEK : 0) < 0)
+		(flags & LCH_PERMIT_STDERR) ? LIBCAPSICUM_CAPMASK_STDOUT : 0) < 0)
 		err(-1, "Error in lc_fdlist_addcap(stderr)");
 
 	if (lc_fdlist_addcap(fds, LIBCAPSICUM_FQNAME, "socket", "",
@@ -147,9 +150,6 @@
 	                     fd_binary, LIBCAPSICUM_CAPMASK_SANDBOX) < 0)
 		err(-1, "Error in lc_fdlist_addcap(fd_binary)");
 
-	if (lc_fdlist_append(fds, userfds) < 0)
-		err(-1, "Error in lc_fdlist_append()");
-
 	/*
 	 * Ask RTLD for library path descriptors.
 	 *
@@ -170,15 +170,23 @@
 			break;
 	}
 
-	for (int j = 0; j < size; j++)
-		if (lc_fdlist_addcap(fds, RTLD_CAP_FQNAME, "libdir", "",
+	for (int j = 0; j < size; j++) {
+		if (lc_fdlist_addcap(fds, RTLD_CAP_FQNAME, "LibraryDirectory", "",
 		    libdirs[j], LIBCAPSICUM_CAPMASK_LIBDIR) < 0)
 			err(-1, "Error in lc_fdlist_addcap(libdirs[%d]: %d)",
 			    j, libdirs[j]);
+	}
 
+	/* Append user FD list and reorder the descriptors */
+	if (lc_fdlist_append(fds, userfds) < 0)
+		err(-1, "Error in lc_fdlist_append()");
+
 	if (lc_fdlist_reorder(fds) < 0)
 		err(-1, "Error in lc_fdlist_reorder()");
 
+
+
+
 	/*
 	 * Find the fdlist shared memory segment.
 	 */
@@ -228,7 +236,7 @@
 		err(-1, "Error in setenv(LD_BINARY)");
 
 	/*
-	 * Build LD_LIBRARY_DIRS for RTLD.
+	 * Build LD_LIBRARY_DIRS and LD_PRELOAD for RTLD.
 	 *
 	 * NOTE: This is FreeBSD-specific; porting to other operating systems
 	 * will require dynamic linkers capable of operating on file
@@ -240,8 +248,9 @@
 
 	{
 		int fd;
-		while (lc_fdlist_lookup(fds, RTLD_CAP_FQNAME, "libdir", NULL,
-		    &fd, &pos) >= 0)
+		pos = 0;
+		while (lc_fdlist_lookup(fds, RTLD_CAP_FQNAME, "LibraryDirectory",
+		       NULL, &fd, &pos) >= 0)
 			sbuf_printf(sbufp, "%d:", fd);
 	}
 
@@ -252,10 +261,30 @@
 		err(-1, "Error in setenv(LD_LIBRARY_DIRS)");
 	sbuf_delete(sbufp);
 
+	sbufp = sbuf_new_auto();
+	if (sbufp == NULL)
+		err(-1, "Error in sbuf_new_auto()");
+
+	{
+		int fd;
+		pos = 0;
+		while (lc_fdlist_lookup(fds, RTLD_CAP_FQNAME, "PreloadLibrary",
+		       NULL, &fd, &pos) >= 0)
+			sbuf_printf(sbufp, "%d:", fd);
+	}
+
+	sbuf_finish(sbufp);
+	if (sbuf_overflowed(sbufp))
+		err(-1, "sbuf_overflowed()");
+	if (setenv("LD_PRELOAD", sbuf_data(sbufp), 1) == -1)
+		err(-1, "Error in setenv(LD_PRELOAD)");
+	sbuf_delete(sbufp);
+
 	if (cap_enter() < 0)
 		err(-1, "cap_enter() failed");
 
 	(void)fexecve(fd_rtld, argv, environ);
+	dprintf(2, "ERROR: fexecve() failed; errno = %d\n", errno);
 }
 
 int