Date: Tue, 2 Feb 2010 19:58:06 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 174184 for review Message-ID: <201002021958.o12Jw6Ro006673@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://p4web.freebsd.org/chv.cgi?CH=174184 Change 174184 by rwatson@rwatson_vimage_client on 2010/02/02 19:57:54 Update a number of regression tests, some to the point of workingness, for the new world order. Affected files ... .. //depot/projects/trustedbsd/capabilities/src/tools/cap/fdlist/fdlist.c#9 edit .. //depot/projects/trustedbsd/capabilities/src/tools/cap/fdrpc/fdrpc.c#8 edit .. //depot/projects/trustedbsd/capabilities/src/tools/cap/fdsendrecv/fdsendrecv.c#5 edit .. //depot/projects/trustedbsd/capabilities/src/tools/cap/sandbox_echo/sandbox_echo.c#12 edit .. //depot/projects/trustedbsd/capabilities/src/tools/cap/sandbox_world/sandbox_world.c#7 edit Differences ... ==== //depot/projects/trustedbsd/capabilities/src/tools/cap/fdlist/fdlist.c#9 (text+ko) ==== @@ -56,69 +56,44 @@ int main(int argc, char *argv[]) { + struct lc_fdlist *lfp; + int testfd; + printf("fdlist: PID %d\n", getpid()); - /* create a shared memory segment for FDs */ - int shmfd = shm_open(SHM_ANON, O_RDWR, 0600); - if (shmfd < 0) - err(-1, "Error opening shared memory"); - - /* create an FD list and add some junk to it */ - struct lc_fdlist *lfp = lc_fdlist_new(); - if (lfp == NULL) err(-1, "Error in lc_fdlist_new()"); + lfp = lc_fdlist_new(); + if (lfp == NULL) + err(-1, "lc_fdlist_new()"); - lc_fdlist_addcap(lfp, "org.freebsd.Capsicum.fdlist", "stdin", "", + lc_fdlist_addcap(lfp, "org.freebsd.test.fdlist", "stdin", "", 0, CAP_READ); - lc_fdlist_addcap(lfp, "org.freebsd.Capsicum.fdlist", "stdout", "", + lc_fdlist_addcap(lfp, "org.freebsd.test.fdlist", "stdout", "", 1, CAP_WRITE | CAP_SEEK); - lc_fdlist_addcap(lfp, "org.freebsd.Capsicum.fdlist", "stderr", "", + lc_fdlist_addcap(lfp, "org.freebsd.test.fdlist", "stderr", "", 2, CAP_WRITE | CAP_SEEK); - lc_fdlist_add(lfp, "org.freebsd.Capsicum.fdlist", "testfile", + lc_fdlist_add(lfp, "org.freebsd.test.fdlist", "testfile", "/etc/passwd", open("/etc/passwd", O_RDONLY)); - lc_fdlist_addcap(lfp, "org.freebsd.Capsicum.fdlist", "testfile", + lc_fdlist_addcap(lfp, "org.freebsd.test.fdlist", "testfile", "/etc/group", open("/etc/group", O_RDONLY), CAP_READ); - lc_fdlist_add(lfp, "org.freebsd.Capsicum.fdlist", "fdlist", - "<anonymous POSIX SHM>", shmfd); - - print_fdlist(lfp); - - printf("Reordering FDs...\n"); - if (lc_fdlist_reorder(lfp)) - err(-1, "lc_fdlist_reorder(lfp) failed"); print_fdlist(lfp); - char *name; - if (lc_fdlist_lookup(lfp, "org.freebsd.Capsicum.fdlist", "fdlist", - &name, &shmfd, NULL) < 0) { - err(-1, "Error in lc_fdlist_lookup()"); + if (lc_fdlist_lookup(lfp, "org.freebsd.test.fdlist", "stdin", + &name, &testfd, NULL) < 0) { + err(-1, "lc_fdlist_lookup: can't find stdin"); } - int size = lc_fdlist_size(lfp); - if (ftruncate(shmfd, size) < 0) - err(-1, "Error truncating shmfd"); - - void *shm = mmap(NULL, size, PROT_READ | PROT_WRITE, - MAP_NOSYNC | MAP_SHARED, shmfd, 0); - - if (shm == MAP_FAILED) - err(-1, "Error mmap'ing shared memory"); - - - memcpy(shm, lfp, lc_fdlist_size(lfp)); - - printf("Starting sandbox...\n"); - /* run sandbox */ int me = open(argv[0], O_RDONLY); - if (me < 0) err(-1, "Error opening my own binary, '%s'", argv[0]); + if (me < 0) + err(-1, "Error opening my own binary, '%s'", argv[0]); char *sargv[] = { "fdlist-sandbox", NULL }; struct lc_sandbox *sandbox; @@ -134,7 +109,8 @@ -int cap_main(__unused int argc, __unused char *argv[]) +int +cap_main(__unused int argc, __unused char *argv[]) { printf("cap_main() alive\n"); fflush(stdout); @@ -157,9 +133,8 @@ return 0; } - - -void print_fdlist(struct lc_fdlist* lfp) +void +print_fdlist(struct lc_fdlist* lfp) { int pos = 0; char *subsystem; @@ -173,4 +148,3 @@ pos, subsystem, class, name, fd); } } - ==== //depot/projects/trustedbsd/capabilities/src/tools/cap/fdrpc/fdrpc.c#8 (text+ko) ==== @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2009 Robert N. M. Watson + * Copyright (c) 2009-2010 Robert N. M. Watson * All rights reserved. * * WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED @@ -71,7 +71,8 @@ /* * Create a sandbox, do permit access to stderr. */ - if (lch_start(FDRPC_SANDBOX, fdrpc_argv, LCH_PERMIT_STDERR, &lcsp) < 0) + if (lch_start(FDRPC_SANDBOX, fdrpc_argv, LCH_PERMIT_STDERR, NULL, + &lcsp) < 0) err(-1, "lch_start %s", FDRPC_SANDBOX); /* ==== //depot/projects/trustedbsd/capabilities/src/tools/cap/fdsendrecv/fdsendrecv.c#5 (text+ko) ==== @@ -60,7 +60,7 @@ errx(-1, "usage: fdsendrecv_host"); if (lch_start(FDSENDRECV_SANDBOX, fdsendrecv_argv, LCH_PERMIT_STDERR, - &lcsp) < 0) + NULL, &lcsp) < 0) err(-1, "lch_start %s", FDSENDRECV_SANDBOX); /* @@ -79,7 +79,8 @@ if (fdcount == 1) printf("lch_recv_rights: OK\n"); else - printf("lch_recv_rights: fdcount %d\n", fdcount); + printf("lch_recv_rights: fdcount %d: %d %d\n", fdcount, + fdarray[0], fdarray[1]); lch_stop(lcsp); } @@ -97,14 +98,17 @@ while (1) { fdcount = 2; + fdarray[0] = fdarray[1] = -1; len = lcs_recv_rights(lchp, &ch, sizeof(ch), MSG_WAITALL, fdarray, &fdcount); if (len < 0) err(-1, "lcs_recv_rights"); if (len != sizeof(ch)) errx(-1, "lcs_recv_rights: len %d", len); + fflush(stdout); if (fdcount != 1) - errx(-1, "lcs_recv_rights: fdcount %d", fdcount); + errx(-1, "lcs_recv_rights: fdcount %d: %d %d", + fdcount, fdarray[0], fdarray[1]); len = lcs_send_rights(lchp, &ch, sizeof(ch), 0, fdarray, fdcount); if (len < 0) ==== //depot/projects/trustedbsd/capabilities/src/tools/cap/sandbox_echo/sandbox_echo.c#12 (text+ko) ==== @@ -61,7 +61,7 @@ errx(-1, "usage: sandbox_echo"); if (lch_start(MYNAME, sandbox_argv, - LCH_PERMIT_STDOUT | LCH_PERMIT_STDERR, &lcsp) < 0) + LCH_PERMIT_STDOUT | LCH_PERMIT_STDERR, NULL, &lcsp) < 0) err(-1, "lch_start %s", argv[1]); for (i = 0; i < 10; i++) { @@ -107,7 +107,7 @@ err(-10, "ld_libcache_lookup(%s)", MYNAME); if (lch_startfd(fd, MYNAME, sandbox_argv, LCH_PERMIT_STDERR, - &lcsp) < 0) + NULL, &lcsp) < 0) err(-1, "lch_startfd %s", argv[1]); while (1) { if (lcs_recvrpc(lchp, &opno, &seqno, &buffer, &len) ==== //depot/projects/trustedbsd/capabilities/src/tools/cap/sandbox_world/sandbox_world.c#7 (text+ko) ==== @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2009 Robert N. M. Watson + * Copyright (c) 2009-2010 Robert N. M. Watson * All rights reserved. * * WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED @@ -72,7 +72,7 @@ * Create a sandbox, do permit access to stdout and stderr. */ if (lch_start(MYNAME, sandbox_argv, LCH_PERMIT_STDERR | - LCH_PERMIT_STDOUT, &lcsp) < 0) + LCH_PERMIT_STDOUT, NULL, &lcsp) < 0) err(-1, "lch_start %s", argv[1]); /*
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201002021958.o12Jw6Ro006673>