From owner-svn-src-projects@FreeBSD.ORG Sat Jan 30 18:00:16 2010 Return-Path: Delivered-To: svn-src-projects@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B88AE106566C; Sat, 30 Jan 2010 18:00:16 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id A73C98FC14; Sat, 30 Jan 2010 18:00:16 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o0UI0Gnw065403; Sat, 30 Jan 2010 18:00:16 GMT (envelope-from rwatson@svn.freebsd.org) Received: (from rwatson@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id o0UI0GwA065399; Sat, 30 Jan 2010 18:00:16 GMT (envelope-from rwatson@svn.freebsd.org) Message-Id: <201001301800.o0UI0GwA065399@svn.freebsd.org> From: Robert Watson Date: Sat, 30 Jan 2010 18:00:16 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r203201 - projects/capabilities8/libexec/rtld-elf-cap X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Jan 2010 18:00:16 -0000 Author: rwatson Date: Sat Jan 30 18:00:16 2010 New Revision: 203201 URL: http://svn.freebsd.org/changeset/base/203201 Log: Merge c169395 from the p4 TrustedBSD capabilities branch into capabilities8: Rename rtld_caplibindex to rtld_libcache to better reflect what is going on. Sponsored by: Google, Inc. Added: projects/capabilities8/libexec/rtld-elf-cap/rtld_libcache.c - copied unchanged from r203185, projects/capabilities8/libexec/rtld-elf-cap/rtld_caplibindex.c projects/capabilities8/libexec/rtld-elf-cap/rtld_libcache.h - copied unchanged from r203185, projects/capabilities8/libexec/rtld-elf-cap/rtld_caplibindex.h Deleted: projects/capabilities8/libexec/rtld-elf-cap/rtld_caplibindex.c projects/capabilities8/libexec/rtld-elf-cap/rtld_caplibindex.h Modified: projects/capabilities8/libexec/rtld-elf-cap/Makefile Modified: projects/capabilities8/libexec/rtld-elf-cap/Makefile ============================================================================== --- projects/capabilities8/libexec/rtld-elf-cap/Makefile Sat Jan 30 16:34:52 2010 (r203200) +++ projects/capabilities8/libexec/rtld-elf-cap/Makefile Sat Jan 30 18:00:16 2010 (r203201) @@ -1,5 +1,5 @@ # $FreeBSD$ -# $P4: //depot/projects/trustedbsd/capabilities/src/libexec/rtld-elf-cap/Makefile#17 $ +# $P4: //depot/projects/trustedbsd/capabilities/src/libexec/rtld-elf-cap/Makefile#18 $ WITHOUT_SSP= @@ -9,7 +9,7 @@ PROG?= ld-elf-cap.so.1 SRCS= rtld_start.S \ reloc.c rtld.c rtld_lock.c map_object.c \ malloc.c xmalloc.c debug.c \ - crtbrand.c rtld_caplibindex.c rtld_sandbox.c + crtbrand.c rtld_libcache.c rtld_sandbox.c MAN= rtld-elf-cap.1 CSTD?= gnu99 CFLAGS+= -Wall -DFREEBSD_ELF -DIN_RTLD -DIN_RTLD_CAP -g Copied: projects/capabilities8/libexec/rtld-elf-cap/rtld_libcache.c (from r203185, projects/capabilities8/libexec/rtld-elf-cap/rtld_caplibindex.c) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ projects/capabilities8/libexec/rtld-elf-cap/rtld_libcache.c Sat Jan 30 18:00:16 2010 (r203201, copy of r203185, projects/capabilities8/libexec/rtld-elf-cap/rtld_caplibindex.c) @@ -0,0 +1,117 @@ +/*- + * Copyright (c) 2009 Robert N. M. Watson + * All rights reserved. + * + * WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED + * ON IN PRODUCTION SYSTEMS. IT WILL BREAK YOUR SOFTWARE IN NEW AND + * UNEXPECTED WAYS. + * + * This software was developed at the University of Cambridge Computer + * Laboratory with support from a grant from Google, Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +__FBSDID("$FreeBSD$"); + +/* + * When running in a capability sandbox, rtld-elf-cap will be passed a set of + * open file descriptors to potentially useful libraries, along with an index + * to these in the LD_CAPLIBINDEX environmental variable. These routines + * parse that index, and allow lookups by library name. A typical string + * might be: + * + * 6:libc.so.7,7:libm.so.5 + * + * In the event of ambiguity, the earliest entry will be matched. + */ + +#include +#include +#include + +#include +#include +#include + +#include "rtld.h" +#include "rtld_caplibindex.h" + +struct libindex_entry { + char *lie_name; + int lie_fd; + TAILQ_ENTRY(libindex_entry) lie_list; +}; + +static TAILQ_HEAD(, libindex_entry) ld_caplibindex_list = + TAILQ_HEAD_INITIALIZER(ld_caplibindex_list); + +static void +ld_caplibindex_add(const char *name, const char *fdnumber) +{ + struct libindex_entry *liep; + long long l; + char *endp; + + if (strlen(name) == 0 || strlen(fdnumber) == 0) + return; + + l = strtoll(fdnumber, &endp, 10); + if (l < 0 || l > INT_MAX || *endp != '\0') + return; + + liep = xmalloc(sizeof(*liep)); + liep->lie_name = xstrdup(name); + liep->lie_fd = l; + TAILQ_INSERT_TAIL(&ld_caplibindex_list, liep, lie_list); +} + +int +ld_caplibindex_lookup(const char *libname, int *fdp) +{ + struct libindex_entry *liep; + + TAILQ_FOREACH(liep, &ld_caplibindex_list, lie_list) { + if (strcmp(liep->lie_name, libname) == 0) { + *fdp = liep->lie_fd; + return (0); + } + } + return (-1); +} + +void +ld_caplibindex_init(const char *caplibindex) +{ + char *caplibindex_copy, *caplibindex_tofree; + char *entry, *fdnumber; + + caplibindex_copy = caplibindex_tofree = xstrdup(caplibindex); + while ((entry = strsep(&caplibindex_copy, ",")) != NULL) { + fdnumber = strsep(&entry, ":"); + if (fdnumber == NULL) + continue; + ld_caplibindex_add(entry, fdnumber); + } + free(caplibindex_tofree); +} Copied: projects/capabilities8/libexec/rtld-elf-cap/rtld_libcache.h (from r203185, projects/capabilities8/libexec/rtld-elf-cap/rtld_caplibindex.h) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ projects/capabilities8/libexec/rtld-elf-cap/rtld_libcache.h Sat Jan 30 18:00:16 2010 (r203201, copy of r203185, projects/capabilities8/libexec/rtld-elf-cap/rtld_caplibindex.h) @@ -0,0 +1,40 @@ +/*- + * Copyright (c) 2009 Robert N. M. Watson + * All rights reserved. + * + * WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED + * ON IN PRODUCTION SYSTEMS. IT WILL BREAK YOUR SOFTWARE IN NEW AND + * UNEXPECTED WAYS. + * + * This software was developed at the University of Cambridge Computer + * Laboratory with support from a grant from Google, Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef RTLD_CAPLIBINDEX_H +#define RTLD_CAPLIBINDEX_H + +int ld_caplibindex_lookup(const char *libname, int *fdp); +void ld_caplibindex_init(const char *caplibindex); + +#endif /* !RTLD_CAPLIBINDEX_H */