From owner-soc-status@freebsd.org Sat Jun 2 00:18:37 2018 Return-Path: Delivered-To: soc-status@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 41F35F722FA for ; Sat, 2 Jun 2018 00:18:37 +0000 (UTC) (envelope-from shubhgupta2104@gmail.com) Received: from mail-oi0-x231.google.com (mail-oi0-x231.google.com [IPv6:2607:f8b0:4003:c06::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id CDF307EACA for ; Sat, 2 Jun 2018 00:18:36 +0000 (UTC) (envelope-from shubhgupta2104@gmail.com) Received: by mail-oi0-x231.google.com with SMTP id 14-v6so15914279oie.3 for ; Fri, 01 Jun 2018 17:18:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=wpsHY+T2880NRvVZY/rGo40Z+dKuJ65qHbOvHn/ToJc=; b=IwoxBq0xzTvfyjRsOd+4Yv4bV91a3HvxDbJEvpmttfcEXf5kTGh6BgOg0sljBDKbPf zvkrYrUkdE6Ss0LCL8otXscEHjdJJJKXFDbBkgB4/barmD9dAvVtM75DaGcPwkFdpy3E GqLD3U3fP+htplIGs1IygZSQf/tSd0p1J45bZUJR4nvzWJyh+Wp8InUoubUr0QJksMC1 J9EODvZpqgKKe4y3xG2fHfCgOtxigiCyL5MC/nkNOlVIgqYa5597JHPpgbXBjqDC8Bgu v/oHWOsVkUzh8mtiyLjM9MjOKzsDb4kIG3Lq7wRirS1/5MbZX7HSDkJE63bKP8FpNbt7 IEKQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=wpsHY+T2880NRvVZY/rGo40Z+dKuJ65qHbOvHn/ToJc=; b=Wq+b9y/K8pn7yl7H9YBfFv0IXXgvZlC05mqtyQVRNVpZk++QGS5Gg1Q+BWZk1WMW1H LXmox4ZK89C6C3pQD93f//jlTti9zLGKtQ8+0XSfzLnsKjvk2ffgwt/JzxS84muVyKK3 NtjcEnLif/wYMnIH8AudrIkpS0DQiN/5alRen5M1Cewfbbf4kKlR2Q9RsjryJznddEj+ 0lgGfITKIfxfV3zc+AiYG2HEfZ0N4ABq67MHpHYl3GGVSv+xi8qzMiEiD+QygtJvpB9u hfCUXcrXcY2GRtTeTbtJ/R7MYzZPmMppfvdftYX+U5Z6pnhrkRRGQVq0q3JiTo1hPun7 Fnag== X-Gm-Message-State: APt69E05vP4BCaObydT/tZcLwUkm1Ipd2fVRCB8o0jAmopDvfDxuiYqa hGUtEaCey/HYBaJyXMRQdv3oTlhKEhKeDSKIKpw= X-Google-Smtp-Source: ADUXVKIakgf5daOuApViYA4aznyGdyYKzWQA7DXUnRIvXlSd6abd6w68s537I/uFCo4rdiyq2Uc/0MnepEmv4FtwCAo= X-Received: by 2002:aca:674b:: with SMTP id b11-v6mr7718362oiy.249.1527898716016; Fri, 01 Jun 2018 17:18:36 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:ac9:424b:0:0:0:0:0 with HTTP; Fri, 1 Jun 2018 17:18:35 -0700 (PDT) From: Shubh Gupta Date: Sat, 2 Jun 2018 00:18:35 +0000 Message-ID: Subject: Weekly Report To: soc-status@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.26 X-BeenThere: soc-status@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: Summer of Code Status Reports and Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 Jun 2018 00:18:37 -0000 I have been working on integrating libpreopen and capsh, and providing capsh the functionality to preopen all the files given in the argument(tries to preopen the argument even though it may not be a file) such that those files can be traversed and read after we have entered into the capability mode. All this time, I was trying to figure out how could capsh leverage libpreopen. 1. I included libpreopen.h in capsh/src/platform/FreeBSD.hh 2. I made the po_map in FreeBSD.cc when arguments were being parsed and preopened all the arguments into file descriptors and made a po_map_entry corresponding to each of the files. 3. Initially, I was trying to open the directory in which the argument file was present so that the openat wrapper call for open could be used. But, i observed directories like ".." could not be preopened because of the capability mode. hence i had to make some changes in the open wrapper function and hence the preopening of the file was made possible. 4. The shared memory map which was packing the po_map into the shared memory was not able to unwrap from the shared memory, where I figured out that the close-on-exec flag had to be passed for this to be made possible. The result is, that I am able to leverage the functionality of cat, in the oblivious sandbox, wherein it gets just the resources it requires, which was the goal of my first evaluation. The results can be seen in the latest commits on my repositories which are mentioned in my wiki. I have deleted the lame commits that I had made earlier and made the latest commit as the final working one, encompassing all the good work in just one commit. Now, I am beginning to work on the stretch goal for my first evaluation, i.e making it possible for telnet to run. The plan that I will follow for telnet will be: 1. Just like files, make it possible for the sockets to be pre-opened as descriptors. 2. Figure out what extra resources telnet might need to leverage the functionality of an Oblivious Sandbox, which would be provided before entering into the capability mode. 3. Implement the third entry in po_map_entry which specifies that the preopened descriptor is a file or a socket.