Page MenuHomeFreeBSD
Differential D8001

Capsicumify last(1)
ClosedPublic
Actions

Authored by cem on Sep 22 2016, 5:34 AM.
Tags
None
Referenced Files
F133364218: D8001.id21561.diff
Sat, Oct 25, 5:23 AM
F133345714: D8001.id20603.diff
Sat, Oct 25, 2:16 AM
Unknown Object (File)
Fri, Oct 24, 3:44 PM
Unknown Object (File)
Sun, Oct 19, 9:57 PM
Unknown Object (File)
Sat, Oct 18, 7:12 PM
Unknown Object (File)
Sat, Oct 18, 12:07 AM
Unknown Object (File)
Wed, Oct 15, 4:05 PM
Unknown Object (File)
Wed, Oct 15, 4:05 PM
View All Files
Subscribers
imp

Details

Reviewers
emaste
allanjude
ed
oshogbo
Commits
rS310139: Capsicumify last(1)
Summary

Pretty straightforward as long as access to utx database is precached.

Test Plan
  • truss last
  • Depends on D7998

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

cem updated this revision to Diff 20603.Sep 22 2016, 5:34 AM
cem retitled this revision from to Capsicumify last(1).
cem updated this object.
cem edited the test plan for this revision. (Show Details)
cem added reviewers: ed, emaste, allanjude, oshogbo.
cem added a parent revision: D7998: getutxent: Cache directories for use with Capsicum.
Herald added a subscriber: imp. · View Herald TranscriptSep 22 2016, 5:34 AM
ed added inline comments.Sep 23 2016, 7:11 AM
usr.bin/last/last.c
145 ↗(On Diff #20603)

There's no problem with just calling setutxent() here, right? That looks a bit less suspicious than opening/closing the utx database. Also be sure to put the comment above on a single line. :-)

150 ↗(On Diff #20603)

I think that this some in too early. What about last -f? It can open an arbitrary file.

cem updated this revision to Diff 20647.Sep 23 2016, 4:41 PM

Open arbitray -f database before entering cap mode.

cem marked 2 inline comments as done.Sep 23 2016, 4:41 PM
emaste mentioned this in D7999: write(1): Capsicumify.Sep 23 2016, 8:06 PM
ed added inline comments.Sep 23 2016, 10:30 PM
usr.bin/last/last.c
132 ↗(On Diff #20647)

... that way you can remove this setutxent() call! :-)

All we need is at least one call to setutxent() or setutxdb(). It's completely safe to call setutxdb() with a NULL path, as that will make it open the default path.

158 ↗(On Diff #20647)

What you can do: just move this right before the cap_enter() call, outside of this switch statement, because...

cem updated this revision to Diff 20664.Sep 23 2016, 10:39 PM
cem marked 2 inline comments as done.

Use single setutxdb() invocation.

emaste edited edge metadata.Oct 6 2016, 1:28 AM

Can now make use of capsicum helpers added in rS306657

cem updated this revision to Diff 21096.Oct 6 2016, 1:59 AM
cem edited edge metadata.
  • Use capsicum_helpers

There are some concerning capability access violations in truss logs still:

// Probably tzset():
access("/etc/localtime",R_OK)                    = 0 (0x0)
open("/etc/localtime",O_RDONLY,037777777600)     = 3 (0x3)
fstat(3,{ mode=-r--r--r-- ,inode=11316113,size=2819,blksize=32768 }) = 0 (0x0)
read(3,"TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0"...,41448) = 2819 (0xb03)
close(3)                                         = 0 (0x0)
issetugid()                                      = 0 (0x0)
open("/usr/share/zoneinfo/posixrules",O_RDONLY,00) = 3 (0x3)
fstat(3,{ mode=-r--r--r-- ,inode=327579,size=3519,blksize=32768 }) = 0 (0x0)
read(3,"TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0"...,41448) = 3519 (0xdbf)
close(3)                                         = 0 (0x0)
...
cap_enter()                                      = 0 (0x0)
...
// Why wasn't this stuff cached by tzset()?
open("/usr/share/zoneinfo/UTC",O_RDONLY,00)      ERR#94 'Not permitted in capability mode'
issetugid()                                      = 0 (0x0)
open("/usr/share/zoneinfo/posixrules",O_RDONLY,00) ERR#94 'Not permitted in capability mode'

Needs a little more investigation before being ready to commit.

emaste added a comment.Oct 6 2016, 2:18 AM
In D8001#169271, @cem wrote:

Needs a little more investigation before being ready to commit.

you should be able to use proccontrol -m trapcap -s enable <cmd> now to find out where the useis coming from

cem added a comment.Oct 6 2016, 4:13 AM
In D8001#169274, @emaste wrote:

you should be able to use proccontrol -m trapcap -s enable <cmd> now to find out where the useis coming from

I don't have a new enough kernel or userspace for that :-).

emaste added a comment.Oct 20 2016, 6:36 PM

I will try to test this change locally soon

usr.bin/last/last.c
62 ↗(On Diff #21096)

Should sort with the rest of the headers, no?

cem added inline comments.Oct 20 2016, 6:56 PM
usr.bin/last/last.c
62 ↗(On Diff #21096)

Sure.

cem updated this revision to Diff 21561.Oct 20 2016, 9:38 PM

Sort capsicum_helpers with other headers.

emaste added a comment.Oct 20 2016, 9:40 PM

Thanks. I will apply this to my local tree soon and give it a test with procctl.

cem added a comment.Dec 9 2016, 4:27 PM
In D8001#172877, @emaste wrote:

Thanks. I will apply this to my local tree soon and give it a test with procctl.

Did you ever get a chance to test this? Thanks!

Closed by commit rS310139: Capsicumify last(1) (authored by cem). · Explain WhyDec 16 2016, 1:47 AM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
head/
usr.bin/
last/
19 lines

Diff 22977

View Options

head/usr.bin/last/last.c

Loading...