Apr 28 2023
Apr 26 2023
Mar 30 2023
Use AT_STDIN instead of STDIN_FILENO to force read from stdin in readpassphraseat().
Mar 27 2023
Mar 21 2023
The diff looks good.
Mar 19 2023
- cdfd is no longer a global variable. Instead, it is passed locally per function call.
- Open _PATH_TTY, limit its rights, and use readpassphraseat() instead of readpassphrase().
- Limit stdio instead of just stdin.
Mar 13 2023
This looks good! Three comments:
- I don't like that cdfd is a global variable. I'd rather see it plumbed everywhere that we pass a path, even though that's kind of onerous.
- I think readpassphrase() does not quite work in capability mode. See the implementation in lib/libc/gen/readpassphrase.c - it opens /dev/tty. It does have a fallback path, but I'm not sure how well that works. Could you please try writing a little standalone program that enters capability mode and tries to use readpassphrase()? Depending on how that goes, we may want to add a new variant of that function which takes fds from the caller.
- Have you tried testing with kern.trap_enotcap set to 1? That'll help catch any system calls that might be silently failing because we're in capability mode.
Mar 11 2023
Open current directory, enter capability mode, then use *at() syscalls to extract archive files.
Mar 10 2023
Mar 9 2023
Alter function names and comments for clarity
Mar 8 2023
Looks like this patch needs to be rebased.
Mar 3 2023
Moved casper dependency to lib9p.
Added revert commit 966026246e62769f3bcd8247a47fe0f4f0433aba
Mar 2 2023
Feb 4 2023
Jun 5 2021
Apr 6 2021
Do you have commit bit or should I commit this?
Mar 26 2021
@oshogbo okay to commit?
Feb 2 2021
Feb 1 2021
Thanks, I'll see if I can chase this down later. My commit bit lapsed, please can you land it?
Ok, go ahead with the proposed patch, I do not think it is worth the time to try to make it more advanced now.
Yes it should be strdup'ed somewhere but I am surprised that it works. Look at the start of load_object(): if name != NULL, it searches for existing loaded object with the specified name.
Yes it should be strdup'ed somewhere but I am surprised that it works. Look at the start of load_object(): if name != NULL, it searches for existing loaded object with the specified name. I believe that the right patch would set path somewhere in load_object() in the 'then' case for fd >= 0 (see below).
Thanks. I can confirm that this change also fixes this problem:
I suspect that PATH_FDS is simply not tested enough if such issue popped up. For instance some combination of rpath in the loaded library and unsuccessful load from pathfds could make rtld to try to use refobj path.
Jan 21 2021
Jan 11 2021
Jan 10 2021
Remove unused alias, sort symbols in map file.