Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 30 Jan 2010 18:14:01 +0000 (UTC)
From:      Robert Watson <rwatson@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-projects@freebsd.org
Subject:   svn commit: r203205 - in projects/capabilities8: lib/libc/gen libexec/rtld-elf libexec/rtld-elf-cap
Message-ID:  <201001301814.o0UIE1pL068533@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: rwatson
Date: Sat Jan 30 18:14:01 2010
New Revision: 203205
URL: http://svn.freebsd.org/changeset/base/203205

Log:
  Merge c169401 from the p4 TrustedBSD Capabilities branch to capabilities8:
  
    Update further reference to LD_CAPLIBINDEX -> LD_LIBCACHE.
  
    Add public interface for inserting libraries into the library cache:
    ld_libcache_add(3), which is implemented by rtld when in a sandbox,
    and returns EOPNOTSUPP if not.
  
    Comment on two known limitations of the libcache code.
  
  Sponsored by:	Google, Inc.

Modified:
  projects/capabilities8/lib/libc/gen/Symbol.map
  projects/capabilities8/lib/libc/gen/ld_libcache.c
  projects/capabilities8/libexec/rtld-elf-cap/Symbol.map
  projects/capabilities8/libexec/rtld-elf-cap/rtld_libcache.c
  projects/capabilities8/libexec/rtld-elf/rtld.c

Modified: projects/capabilities8/lib/libc/gen/Symbol.map
==============================================================================
--- projects/capabilities8/lib/libc/gen/Symbol.map	Sat Jan 30 18:11:41 2010	(r203204)
+++ projects/capabilities8/lib/libc/gen/Symbol.map	Sat Jan 30 18:14:01 2010	(r203205)
@@ -340,6 +340,7 @@ FBSD_1.1 {
 	fts_read;
 	fts_set;
 	fts_set_clientptr;
+	ld_libcache_add;
 	ld_libcache_lookup;
 	ld_insandbox;
 	posix_spawn;

Modified: projects/capabilities8/lib/libc/gen/ld_libcache.c
==============================================================================
--- projects/capabilities8/lib/libc/gen/ld_libcache.c	Sat Jan 30 18:11:41 2010	(r203204)
+++ projects/capabilities8/lib/libc/gen/ld_libcache.c	Sat Jan 30 18:14:01 2010	(r203205)
@@ -33,6 +33,15 @@
 
 #include <errno.h>
 
+#pragma weak ld_libcache_add
+int
+ld_libcache_add(const char *libname, int fd)
+{
+
+	errno = EOPNOTSUPP;
+	return (-1);
+}
+
 #pragma weak ld_libcache_lookup
 int
 ld_libcache_lookup(const char *libname, int *fdp)

Modified: projects/capabilities8/libexec/rtld-elf-cap/Symbol.map
==============================================================================
--- projects/capabilities8/libexec/rtld-elf-cap/Symbol.map	Sat Jan 30 18:11:41 2010	(r203204)
+++ projects/capabilities8/libexec/rtld-elf-cap/Symbol.map	Sat Jan 30 18:14:01 2010	(r203205)
@@ -3,6 +3,7 @@
  */
 
 FBSD_1.1 {
+    ld_libcache_add;
     ld_libcache_lookup;
     ld_insandbox;
 };

Modified: projects/capabilities8/libexec/rtld-elf-cap/rtld_libcache.c
==============================================================================
--- projects/capabilities8/libexec/rtld-elf-cap/rtld_libcache.c	Sat Jan 30 18:11:41 2010	(r203204)
+++ projects/capabilities8/libexec/rtld-elf-cap/rtld_libcache.c	Sat Jan 30 18:14:01 2010	(r203205)
@@ -35,15 +35,20 @@
 __FBSDID("$FreeBSD$");
 
 /*
- * When running in a capability sandbox, rtld-elf-cap will be passed a set of
- * open file descriptors to potentially useful libraries, along with an index
- * to these in the LD_CAPLIBINDEX environmental variable.  These routines
- * parse that index, and allow lookups by library name.  A typical string
- * might be:
+ * rtld maintains a cache of library file descriptors, which is passed from
+ * host to sandbox at exec()-time in order to avoid the need for direct file
+ * system access from within sandboxes.  When rtld starts, it inspects
+ * LD_LIBCACHE to find library descriptors passed from the host.  This
+ * variable maps file descriptor numbers to library names:
  *
  * 6:libc.so.7,7:libm.so.5
  *
  * In the event of ambiguity, the earliest entry will be matched.
+ *
+ * XXXRW: There should be locking around the libcache list.
+ *
+ * XXXRW: ld_libcache_lookup() should dup the fd before returning it so that
+ * the caller is responsible for managing the returned fd reference.
  */
 
 #include <sys/types.h>
@@ -66,10 +71,27 @@ struct libcache_entry {
 static TAILQ_HEAD(, libcache_entry)	ld_libcache_list =
     TAILQ_HEAD_INITIALIZER(ld_libcache_list);
 
-static void
-ld_libcache_add(const char *name, const char *fdnumber)
+/*
+ * Add a library to the library cache.
+ */
+void
+ld_libcache_add(const char *name, int fd)
 {
 	struct libcache_entry *liep;
+
+	liep = xmalloc(sizeof(*liep));
+	liep->lie_name = xstrdup(name);
+	liep->lie_fd = fd;
+	TAILQ_INSERT_TAIL(&ld_libcache_list, liep, lie_list);
+}
+
+/*
+ * Add a library to the library cache, with file descriptor passed as a
+ * string.  Used internally when parsing LD_LIBCACHE.
+ */
+static void
+ld_libcache_add_string(const char *name, const char *fdnumber)
+{
 	long long l;
 	char *endp;
 
@@ -80,12 +102,14 @@ ld_libcache_add(const char *name, const 
 	if (l < 0 || l > INT_MAX || *endp != '\0')
 		return;
 
-	liep = xmalloc(sizeof(*liep));
-	liep->lie_name = xstrdup(name);
-	liep->lie_fd = l;
-	TAILQ_INSERT_TAIL(&ld_libcache_list, liep, lie_list);
+	ld_libcache_add(name, l);
 }
 
+/*
+ * Given a library name, return its file descriptor (if defined).  Arguably,
+ * we should dup the cache-owned fd rather than returning it directly to the
+ * caller.
+ */
 int
 ld_libcache_lookup(const char *libname, int *fdp)
 {
@@ -100,6 +124,9 @@ ld_libcache_lookup(const char *libname, 
 	return (-1);
 }
 
+/*
+ * Initialize the library cache given the LD_LIBCACHE environmental variable.
+ */
 void
 ld_libcache_init(const char *libcache)
 {
@@ -111,7 +138,7 @@ ld_libcache_init(const char *libcache)
 		fdnumber = strsep(&entry, ":");
 		if (fdnumber == NULL)
 			continue;
-		ld_libcache_add(entry, fdnumber);
+		ld_libcache_add_string(entry, fdnumber);
 	}
 	free(libcache_tofree);
 }

Modified: projects/capabilities8/libexec/rtld-elf/rtld.c
==============================================================================
--- projects/capabilities8/libexec/rtld-elf/rtld.c	Sat Jan 30 18:11:41 2010	(r203204)
+++ projects/capabilities8/libexec/rtld-elf/rtld.c	Sat Jan 30 18:14:01 2010	(r203205)
@@ -245,6 +245,7 @@ static func_ptr_type exports[] = {
     (func_ptr_type) &_rtld_atfork_pre,
     (func_ptr_type) &_rtld_atfork_post,
 #ifdef IN_RTLD_CAP
+    (func_ptr_type) &ld_libcache_add,
     (func_ptr_type) &ld_libcache_lookup,
     (func_ptr_type) &ld_insandbox,
 #endif



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201001301814.o0UIE1pL068533>