Page MenuHomeFreeBSD
Differential D7773

Capsicum-ize brandelf
AbandonedPublic
Actions

Authored by allanjude on Sep 3 2016, 8:25 PM.
Tags
None
Referenced Files
Unknown Object (File)
Dec 22 2023, 11:16 PM
Unknown Object (File)
Nov 1 2023, 12:41 AM
Unknown Object (File)
Sep 30 2023, 2:38 AM
Unknown Object (File)
Mar 23 2023, 6:45 AM
Unknown Object (File)
Mar 6 2023, 4:15 AM
Unknown Object (File)
Mar 21 2017, 8:24 AM
Unknown Object (File)
Dec 13 2016, 9:25 AM
Unknown Object (File)
Nov 27 2016, 8:28 AM
View All 13 Files
Subscribers
bcr
cem
imp

Details

Reviewers
emaste
jonathan
oshogbo
Group Reviewers
capsicum
Summary

If only a single file is to be branded, open the fd, enter the sandbox, process the file

If more files are provided, fork for each fd (max 3 concurrent), and kqueue until they are all finished.
Close the fd on the parent once the fork has started, and the fork will close the fd as soon as it is finished.
This should prevent the FD limit from being encountered even with a large number of files.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 5034
Build 5111: arc lint + arc unit

Event Timeline

allanjude updated this revision to Diff 20027.Sep 3 2016, 8:25 PM
allanjude retitled this revision from to Capsicum-ize brandelf.
allanjude updated this object.
allanjude edited the test plan for this revision. (Show Details)
allanjude added reviewers: capsicum, emaste, oshogbo, jonathan.
Herald added a subscriber: imp. · View Herald TranscriptSep 3 2016, 8:25 PM
allanjude added inline comments.Sep 3 2016, 8:26 PM
usr.bin/brandelf/brandelf.c
261

the warn/warnx etc were replaced with fprintf(stderr, ...) to avoid output being interleaved.

bcr added a subscriber: bcr.Sep 3 2016, 9:35 PM

typo fixes

usr.bin/brandelf/brandelf.c
127

s/kqeueu/kqueue/

271

s/Brand/brand/

cem added a subscriber: cem.Sep 18 2016, 8:11 AM

I'm not a fan of introducing additional forks into otherwise straightforward programs. I think we might introduce more bugs that way than we mitigate with capsicum. I'd rather just allocate a list or array and preopen all inputs.

jonathan edited edge metadata.Sep 19 2016, 9:28 PM
In D7773#164148, @cem wrote:

I'm not a fan of introducing additional forks into otherwise straightforward programs. I think we might introduce more bugs that way than we mitigate with capsicum. I'd rather just allocate a list or array and preopen all inputs.

I think I could see this going in one of two ways. As @cem says, pre-opening all of the files to be branded would be a less invasive change in terms of the event model (and, for that matter, the need for warnx->fprintf). On the other hand, if we want strong isolation between the files being branded, I'd be tempted to move some of the pdfork logic into brand_fd. However, that might be overkill. Either way, I'm a bit leery of introducing logic that creates sandboxes differently depending on the number of input files.

usr.bin/brandelf/brandelf.c
204

Should these types of stylistic changes be done separately from the Capsicumization?

234

Is there a wiki page listing targets for library-ification?

emaste added inline comments.Oct 11 2016, 2:30 AM
usr.bin/brandelf/brandelf.c
204

Yes. @allanjude just go ahead and commit the style changes directly first if you like.

Note that I'm pondering a future migration to the slightly updated brandelf now in ELF Tool Chain. I'll upstream any style changes there independently, and then merge the Capsicum changes over.

https://sourceforge.net/p/elftoolchain/code/HEAD/tree/trunk/brandelf/brandelf.c

oshogbo added a comment.Nov 18 2018, 11:20 AM

I think we can close this revision because of the: https://reviews.freebsd.org/D17967

allanjude abandoned this revision.Nov 18 2018, 4:22 PM

Agreed

Revision Contents
Changeset List

PathSize
usr.bin/
brandelf/
198 lines

Diff 20027

View Options

usr.bin/brandelf/brandelf.c

Loading...