svn commit: r203402 - in projects/capabilities8/lib: libc/gen
libcapsicum
Robert Watson
rwatson at FreeBSD.org
Tue Feb 2 20:49:49 UTC 2010
Author: rwatson
Date: Tue Feb 2 20:49:48 2010
New Revision: 203402
URL: http://svn.freebsd.org/changeset/base/203402
Log:
Merge c174156, c174157, c174160, c174162, c174163, c174164 from the p4
TrustedBSD Capabilities branch to capabilities8:
Style tweaks.
Revert to using an anonymous POSIX shared memory segment to pass
fdlist information from the sandbox host into the sandbox.
Garbage collect historic library management for sandboxes: we now
pass in directory descriptors for library path directories and the
sandboxed rtld can just search the path itself.
libc no longer requires stub libcache functions.
No longer need special handling of /dev/null during sandbox
creation, we simply now pass in the original stdin/stdout/stderr,
but without any capability rights.
When creating a sandbox from within a sandbox, look in the global
fdlist inherited from the parent sandbox to find the runtime linker.
Sponsored by: Google, Inc.
Deleted:
projects/capabilities8/lib/libc/gen/ld_libcache.c
Modified:
projects/capabilities8/lib/libc/gen/Makefile.inc
projects/capabilities8/lib/libc/gen/Symbol.map
projects/capabilities8/lib/libcapsicum/libcapsicum.c
projects/capabilities8/lib/libcapsicum/libcapsicum.h
projects/capabilities8/lib/libcapsicum/libcapsicum_fdlist.c
projects/capabilities8/lib/libcapsicum/libcapsicum_host.c
projects/capabilities8/lib/libcapsicum/libcapsicum_host_io.c
projects/capabilities8/lib/libcapsicum/libcapsicum_internal.h
projects/capabilities8/lib/libcapsicum/libcapsicum_sandbox.c
projects/capabilities8/lib/libcapsicum/libcapsicum_sandbox_api.h
projects/capabilities8/lib/libcapsicum/libcapsicum_sandbox_io.c
Modified: projects/capabilities8/lib/libc/gen/Makefile.inc
==============================================================================
--- projects/capabilities8/lib/libc/gen/Makefile.inc Tue Feb 2 20:38:30 2010 (r203401)
+++ projects/capabilities8/lib/libc/gen/Makefile.inc Tue Feb 2 20:49:48 2010 (r203402)
@@ -20,7 +20,7 @@ SRCS+= __getosreldate.c __xuname.c \
getpeereid.c getprogname.c getpwent.c getttyent.c \
getusershell.c getvfsbyname.c glob.c \
initgroups.c isatty.c isinf.c isnan.c jrand48.c lcong48.c \
- ld_libcache.c ld_libdirs.c ld_sandbox.c \
+ ld_libdirs.c ld_sandbox.c \
lockf.c lrand48.c mrand48.c nftw.c nice.c \
nlist.c nrand48.c opendir.c \
pause.c pmadvise.c popen.c posix_spawn.c \
Modified: projects/capabilities8/lib/libc/gen/Symbol.map
==============================================================================
--- projects/capabilities8/lib/libc/gen/Symbol.map Tue Feb 2 20:38:30 2010 (r203401)
+++ projects/capabilities8/lib/libc/gen/Symbol.map Tue Feb 2 20:49:48 2010 (r203402)
@@ -340,8 +340,6 @@ FBSD_1.1 {
fts_read;
fts_set;
fts_set_clientptr;
- ld_libcache_add;
- ld_libcache_lookup;
ld_insandbox;
ld_libdirs;
posix_spawn;
Modified: projects/capabilities8/lib/libcapsicum/libcapsicum.c
==============================================================================
--- projects/capabilities8/lib/libcapsicum/libcapsicum.c Tue Feb 2 20:38:30 2010 (r203401)
+++ projects/capabilities8/lib/libcapsicum/libcapsicum.c Tue Feb 2 20:49:48 2010 (r203402)
@@ -5,9 +5,9 @@
* WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED
* ON IN PRODUCTION SYSTEMS. IT WILL BREAK YOUR SOFTWARE IN NEW AND
* UNEXPECTED WAYS.
- *
+ *
* This software was developed at the University of Cambridge Computer
- * Laboratory with support from a grant from Google, Inc.
+ * Laboratory with support from a grant from Google, Inc.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -30,7 +30,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum.c#3 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum.c#4 $
*/
#include <sys/types.h>
Modified: projects/capabilities8/lib/libcapsicum/libcapsicum.h
==============================================================================
--- projects/capabilities8/lib/libcapsicum/libcapsicum.h Tue Feb 2 20:38:30 2010 (r203401)
+++ projects/capabilities8/lib/libcapsicum/libcapsicum.h Tue Feb 2 20:49:48 2010 (r203402)
@@ -5,9 +5,9 @@
* WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED
* ON IN PRODUCTION SYSTEMS. IT WILL BREAK YOUR SOFTWARE IN NEW AND
* UNEXPECTED WAYS.
- *
+ *
* This software was developed at the University of Cambridge Computer
- * Laboratory with support from a grant from Google, Inc.
+ * Laboratory with support from a grant from Google, Inc.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -30,7 +30,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum.h#11 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum.h#12 $
*/
#ifndef _LIBCAPSICUM_H_
@@ -45,15 +45,6 @@ struct lc_sandbox;
struct lc_host;
/*
- * Description of a library passed to lch_start_libs().
- */
-struct lc_library {
- const char *lcl_libpath;
- const char *lcl_libname;
- int lcl_fd;
-};
-
-/*
* A list of file descriptors, which can be passed around in shared memory.
*/
struct lc_fdlist;
Modified: projects/capabilities8/lib/libcapsicum/libcapsicum_fdlist.c
==============================================================================
--- projects/capabilities8/lib/libcapsicum/libcapsicum_fdlist.c Tue Feb 2 20:38:30 2010 (r203401)
+++ projects/capabilities8/lib/libcapsicum/libcapsicum_fdlist.c Tue Feb 2 20:49:48 2010 (r203402)
@@ -6,9 +6,9 @@
* WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED
* ON IN PRODUCTION SYSTEMS. IT WILL BREAK YOUR SOFTWARE IN NEW AND
* UNEXPECTED WAYS.
- *
+ *
* This software was developed at the University of Cambridge Computer
- * Laboratory with support from a grant from Google, Inc.
+ * Laboratory with support from a grant from Google, Inc.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_fdlist.c#9 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_fdlist.c#10 $
*/
#include <sys/mman.h>
@@ -99,7 +99,6 @@ lc_fdlist_global(void)
UNLOCK(&global_fdlist);
return (&global_fdlist);
}
-
env = getenv(LIBCAPSICUM_SANDBOX_FDLIST);
if ((env != NULL) && (strnlen(env, 8) < 7)) {
struct lc_fdlist_storage *lfsp;
@@ -430,8 +429,8 @@ lc_fdlist_getentry(struct lc_fdlist *lfp
LOCK(lfp);
lfsp = lfp->lf_storage;
- if ((subsystem == NULL) || (classname == NULL) || (name == NULL)
- || (fdp == NULL) || ((pos != NULL) && (*pos >= (int) lfsp->count))) {
+ if ((subsystem == NULL) || (classname == NULL) || (name == NULL) ||
+ (fdp == NULL) || ((pos != NULL) && (*pos >= (int) lfsp->count))) {
errno = EINVAL;
return (-1);
}
@@ -441,23 +440,22 @@ lc_fdlist_getentry(struct lc_fdlist *lfp
int size = entry->syslen + entry->classnamelen + entry->namelen;
char *head = malloc(size);
- strncpy(head, names + entry->sysoff, entry->syslen + 1);
+ strncpy(head, names + entry->sysoff, entry->syslen + 1);
*subsystem = head;
head += size;
- strncpy(head, names + entry->classoff, entry->classnamelen + 1);
+ strncpy(head, names + entry->classoff, entry->classnamelen + 1);
*classname = head;
head += size;
- strncpy(head, names + entry->nameoff, entry->namelen + 1);
+ strncpy(head, names + entry->nameoff, entry->namelen + 1);
*name = head;
head += size;
*fdp = entry->fd;
UNLOCK(lfp);
-
- if (pos) (*pos)++;
-
+ if (pos)
+ (*pos)++;
return (0);
}
@@ -547,7 +545,8 @@ lc_fdlist_storage_names(struct lc_fdlist
}
void*
-_lc_fdlist_getstorage(struct lc_fdlist* lfp) {
- return lfp->lf_storage;
-}
+_lc_fdlist_getstorage(struct lc_fdlist* lfp)
+{
+ return (lfp->lf_storage);
+}
Modified: projects/capabilities8/lib/libcapsicum/libcapsicum_host.c
==============================================================================
--- projects/capabilities8/lib/libcapsicum/libcapsicum_host.c Tue Feb 2 20:38:30 2010 (r203401)
+++ projects/capabilities8/lib/libcapsicum/libcapsicum_host.c Tue Feb 2 20:49:48 2010 (r203402)
@@ -5,9 +5,9 @@
* WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED
* ON IN PRODUCTION SYSTEMS. IT WILL BREAK YOUR SOFTWARE IN NEW AND
* UNEXPECTED WAYS.
- *
+ *
* This software was developed at the University of Cambridge Computer
- * Laboratory with support from a grant from Google, Inc.
+ * Laboratory with support from a grant from Google, Inc.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -30,7 +30,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_host.c#10 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_host.c#15 $
*/
#include <sys/param.h>
@@ -55,7 +55,6 @@
#include "libcapsicum_internal.h"
#include "libcapsicum_sandbox_api.h"
-#define LIBCAPSICUM_CAPMASK_DEVNULL (CAP_EVENT | CAP_READ | CAP_WRITE)
#define LIBCAPSICUM_CAPMASK_SOCK (CAP_EVENT | CAP_READ | CAP_WRITE)
#define LIBCAPSICUM_CAPMASK_BIN (CAP_READ | CAP_EVENT | CAP_FSTAT | \
CAP_FSTATFS | \
@@ -63,18 +62,11 @@
CAP_MAPEXEC)
#define LIBCAPSICUM_CAPMASK_SANDBOX LIBCAPSICUM_CAPMASK_BIN
#define LIBCAPSICUM_CAPMASK_LDSO LIBCAPSICUM_CAPMASK_BIN
-#define LIBCAPSICUM_CAPMASK_LIB LIBCAPSICUM_CAPMASK_BIN
-#define LIBCAPSICUM_CAPMASK_LIBDIR LIBCAPSICUM_CAPMASK_LIB \
+#define LIBCAPSICUM_CAPMASK_LIBDIR LIBCAPSICUM_CAPMASK_BIN \
| CAP_LOOKUP | CAP_ATBASE
#define LIBCAPSICUM_CAPMASK_FDLIST CAP_READ | CAP_WRITE | CAP_FTRUNCATE \
| CAP_FSTAT | CAP_MMAP
-#define _PATH_LIB "/lib"
-#define _PATH_USR_LIB "/usr/lib"
-#define LIBC_SO "libc.so.7"
-#define LIBCAPSICUM_SO "libcapsicum.so.1"
-#define LIBSBUF_SO "libsbuf.so.5"
-
extern char **environ;
#define LD_ELF_CAP_SO "ld-elf-cap.so.1"
@@ -89,10 +81,15 @@ lch_autosandbox_isenabled(__unused const
return (1);
}
-
+/*
+ * Once in the child process, create the new sandbox.
+ *
+ * XXX: A number of things happen here that are not safe after fork(),
+ * especially calls to err().
+ */
static void
-lch_sandbox(int fd_sock, int fd_binary, int fd_rtld, int fd_devnull, u_int flags,
- const char *binname, char *const argv[], __unused struct lc_fdlist *userfds)
+lch_sandbox(int fd_sock, int fd_binary, int fd_rtld, u_int flags,
+ const char *binname, char *const argv[], struct lc_fdlist *userfds)
{
struct sbuf *sbufp;
int shmfd = -1;
@@ -109,7 +106,7 @@ lch_sandbox(int fd_sock, int fd_binary,
/*
* Create an anonymous shared memory segment for the FD list.
*/
- shmfd = open("/tmp/jon-foo"/*SHM_ANON*/, O_RDWR | O_CREAT | O_TRUNC, 0600);
+ shmfd = shm_open(SHM_ANON, O_RDWR | O_CREAT | O_TRUNC, 0600);
if (shmfd < 0)
err(-1, "Error creating shared memory segment");
@@ -138,10 +135,6 @@ lch_sandbox(int fd_sock, int fd_binary,
fd_sock, LIBCAPSICUM_CAPMASK_SOCK) < 0)
err(-1, "Error in lc_fdlist_addcap(fd_sock)");
- if (lc_fdlist_addcap(fds, LIBCAPSICUM_FQNAME, "/dev/null", "",
- fd_devnull, LIBCAPSICUM_CAPMASK_DEVNULL) < 0)
- err(-1, "Error in lc_fdlist_addcap(fd_devnull)");
-
if (lc_fdlist_addcap(fds, LIBCAPSICUM_FQNAME, "fdlist", "",
shmfd, LIBCAPSICUM_CAPMASK_FDLIST) < 0)
err(-1, "Error in lc_fdlist_addcap(shmfd)");
@@ -160,41 +153,38 @@ lch_sandbox(int fd_sock, int fd_binary,
/*
* Ask RTLD for library path descriptors.
*
- * NOTE: This is FreeBSD-specific; porting to other operating systems will
- * require dynamic linkers capable of answering similar queries.
+ * NOTE: This is FreeBSD-specific; porting to other operating systems
+ * will require dynamic linkers capable of answering similar queries.
*/
int size = 16;
int *libdirs;
while (1) {
libdirs = malloc(size * sizeof(int));
-
if (ld_libdirs(libdirs, &size) < 0) {
free(libdirs);
-
- if (size > 0) continue;
- else err(-1, "Error in ld_libdirs()");
- }
- else break;
+ if (size > 0)
+ continue;
+ err(-1, "Error in ld_libdirs()");
+ } else
+ break;
}
-
for (int j = 0; j < size; j++)
if (lc_fdlist_addcap(fds, RTLD_CAP_FQNAME, "libdir", "",
- libdirs[j], LIBCAPSICUM_CAPMASK_LIBDIR) < 0)
+ libdirs[j], LIBCAPSICUM_CAPMASK_LIBDIR) < 0)
err(-1, "Error in lc_fdlist_addcap(libdirs[%d]: %d)",
j, libdirs[j]);
if (lc_fdlist_reorder(fds) < 0)
err(-1, "Error in lc_fdlist_reorder()");
-
/*
* Find the fdlist shared memory segment.
*/
int pos = 0;
- if (lc_fdlist_lookup(fds, LIBCAPSICUM_FQNAME, "fdlist", NULL,
- &shmfd, &pos) < 0)
+ if (lc_fdlist_lookup(fds, LIBCAPSICUM_FQNAME, "fdlist", NULL, &shmfd,
+ &pos) < 0)
err(-1, "Error in lc_fdlist_lookup(fdlist)");
char tmp[8];
@@ -229,8 +219,8 @@ lch_sandbox(int fd_sock, int fd_binary,
/*
* Find the binary for RTLD.
*/
- if (lc_fdlist_lookup(fds, RTLD_CAP_FQNAME, "binary", NULL, &fd_binary,
- NULL) < 0)
+ if (lc_fdlist_lookup(fds, RTLD_CAP_FQNAME, "binary", NULL,
+ &fd_binary, NULL) < 0)
err(-1, "Error in lc_fdlist_lookup(RTLD binary)");
sprintf(tmp, "%d", fd_binary);
@@ -240,8 +230,9 @@ lch_sandbox(int fd_sock, int fd_binary,
/*
* Build LD_LIBRARY_DIRS for RTLD.
*
- * NOTE: This is FreeBSD-specific; porting to other operating systems will
- * require dynamic linkers capable of operating on file descriptors.
+ * NOTE: This is FreeBSD-specific; porting to other operating systems
+ * will require dynamic linkers capable of operating on file
+ * descriptors.
*/
sbufp = sbuf_new_auto();
if (sbufp == NULL)
@@ -249,8 +240,8 @@ lch_sandbox(int fd_sock, int fd_binary,
{
int fd;
- while (lc_fdlist_lookup(fds, RTLD_CAP_FQNAME, "libdir",
- NULL, &fd, &pos) >= 0)
+ while (lc_fdlist_lookup(fds, RTLD_CAP_FQNAME, "libdir", NULL,
+ &fd, &pos) >= 0)
sbuf_printf(sbufp, "%d:", fd);
}
@@ -261,7 +252,6 @@ lch_sandbox(int fd_sock, int fd_binary,
err(-1, "Error in setenv(LD_LIBRARY_DIRS)");
sbuf_delete(sbufp);
-
if (cap_enter() < 0)
err(-1, "cap_enter() failed");
@@ -269,17 +259,16 @@ lch_sandbox(int fd_sock, int fd_binary,
}
int
-lch_startfd_libs(int fd_binary, const char *binname, char *const argv[],
+lch_startfd(int fd_binary, const char *binname, char *const argv[],
u_int flags, struct lc_fdlist *fds, struct lc_sandbox **lcspp)
{
struct lc_sandbox *lcsp;
- int fd_devnull, fd_rtld, fd_libc, fd_libcapsicum, fd_libsbuf;
+ int fd_rtld;
int fd_procdesc, fd_sockpair[2];
int error, val;
pid_t pid;
- fd_devnull = fd_rtld = fd_libc = fd_libcapsicum = fd_libsbuf =
- fd_procdesc = fd_sockpair[0] = fd_sockpair[1] = -1;
+ fd_rtld = fd_procdesc = fd_sockpair[0] = fd_sockpair[1] = -1;
lcsp = malloc(sizeof(*lcsp));
if (lcsp == NULL)
@@ -287,35 +276,20 @@ lch_startfd_libs(int fd_binary, const ch
bzero(lcsp, sizeof(*lcsp));
if (ld_insandbox()) {
- if (ld_libcache_lookup(LD_ELF_CAP_SO, &fd_rtld) < 0)
- goto out_error;
- if (ld_libcache_lookup(LIBC_SO, &fd_libc) < 0)
- goto out_error;
- if (ld_libcache_lookup(LIBCAPSICUM_SO,
- &fd_libcapsicum) < 0)
- goto out_error;
- if (ld_libcache_lookup(LIBSBUF_SO, &fd_libsbuf) < 0)
+ struct lc_fdlist *globals;
+ int pos = 0;
+
+ globals = lc_fdlist_global();
+ if (globals == NULL)
goto out_error;
- if (ld_libcache_lookup(_PATH_DEVNULL, &fd_devnull) < 0)
+ if (lc_fdlist_lookup(globals, RTLD_CAP_FQNAME, "rtld", NULL,
+ &fd_rtld, &pos) < 0)
goto out_error;
} else {
fd_rtld = open(PATH_LD_ELF_CAP_SO "/" LD_ELF_CAP_SO,
O_RDONLY);
if (fd_rtld < 0)
goto out_error;
- fd_libc = open(_PATH_LIB "/" LIBC_SO, O_RDONLY);
- if (fd_libc < 0)
- goto out_error;
- fd_libsbuf = open(_PATH_LIB "/" LIBSBUF_SO, O_RDONLY);
- if (fd_libsbuf < 0)
- goto out_error;
- fd_libcapsicum = open(_PATH_USR_LIB "/" LIBCAPSICUM_SO,
- O_RDONLY);
- if (fd_libcapsicum < 0)
- goto out_error;
- fd_devnull = open(_PATH_DEVNULL, O_RDWR);
- if (fd_devnull < 0)
- goto out_error;
}
if (socketpair(PF_LOCAL, SOCK_STREAM, 0, fd_sockpair) < 0)
@@ -334,15 +308,11 @@ lch_startfd_libs(int fd_binary, const ch
goto out_error;
}
if (pid == 0) {
- lch_sandbox(fd_sockpair[1], fd_binary, fd_rtld, fd_devnull, flags,
+ lch_sandbox(fd_sockpair[1], fd_binary, fd_rtld, flags,
binname, argv, fds);
exit(-1);
}
#ifndef IN_CAP_MODE
- close(fd_devnull);
- close(fd_libsbuf);
- close(fd_libcapsicum);
- close(fd_libc);
close(fd_rtld);
#endif
close(fd_sockpair[1]);
@@ -361,14 +331,6 @@ out_error:
if (fd_sockpair[1] != -1)
close(fd_sockpair[1]);
#ifndef IN_CAP_MODE
- if (fd_devnull != -1)
- close(fd_devnull);
- if (fd_libsbuf != -1)
- close(fd_libsbuf);
- if (fd_libcapsicum != -1)
- close(fd_libcapsicum);
- if (fd_libc != -1)
- close(fd_libc);
if (fd_rtld != -1)
close(fd_rtld);
#endif
@@ -379,16 +341,7 @@ out_error:
}
int
-lch_startfd(int fd_binary, const char *binname, char *const argv[],
- u_int flags, __unused struct lc_fdlist *fds, struct lc_sandbox **lcspp)
-{
-
- return (lch_startfd_libs(fd_binary, binname, argv, flags,
- fds, lcspp));
-}
-
-int
-lch_start_libs(const char *sandbox, char *const argv[], u_int flags,
+lch_start(const char *sandbox, char *const argv[], u_int flags,
struct lc_fdlist *fds, struct lc_sandbox **lcspp)
{
char binname[MAXPATHLEN];
@@ -401,21 +354,13 @@ lch_start_libs(const char *sandbox, char
if (fd_binary < 0)
return (-1);
- ret = lch_startfd_libs(fd_binary, binname, argv, flags, fds, lcspp);
+ ret = lch_startfd(fd_binary, binname, argv, flags, fds, lcspp);
error = errno;
close(fd_binary);
errno = error;
return (ret);
}
-int
-lch_start(const char *sandbox, char *const argv[], u_int flags,
- struct lc_fdlist *fds, struct lc_sandbox **lcspp)
-{
-
- return (lch_start_libs(sandbox, argv, flags, fds, lcspp));
-}
-
void
lch_stop(struct lc_sandbox *lcsp)
{
Modified: projects/capabilities8/lib/libcapsicum/libcapsicum_host_io.c
==============================================================================
--- projects/capabilities8/lib/libcapsicum/libcapsicum_host_io.c Tue Feb 2 20:38:30 2010 (r203401)
+++ projects/capabilities8/lib/libcapsicum/libcapsicum_host_io.c Tue Feb 2 20:49:48 2010 (r203402)
@@ -5,9 +5,9 @@
* WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED
* ON IN PRODUCTION SYSTEMS. IT WILL BREAK YOUR SOFTWARE IN NEW AND
* UNEXPECTED WAYS.
- *
+ *
* This software was developed at the University of Cambridge Computer
- * Laboratory with support from a grant from Google, Inc.
+ * Laboratory with support from a grant from Google, Inc.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -30,7 +30,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_host_io.c#2 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_host_io.c#3 $
*/
#include <sys/param.h>
Modified: projects/capabilities8/lib/libcapsicum/libcapsicum_internal.h
==============================================================================
--- projects/capabilities8/lib/libcapsicum/libcapsicum_internal.h Tue Feb 2 20:38:30 2010 (r203401)
+++ projects/capabilities8/lib/libcapsicum/libcapsicum_internal.h Tue Feb 2 20:49:48 2010 (r203402)
@@ -5,9 +5,9 @@
* WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED
* ON IN PRODUCTION SYSTEMS. IT WILL BREAK YOUR SOFTWARE IN NEW AND
* UNEXPECTED WAYS.
- *
+ *
* This software was developed at the University of Cambridge Computer
- * Laboratory with support from a grant from Google, Inc.
+ * Laboratory with support from a grant from Google, Inc.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -30,14 +30,14 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_internal.h#5 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_internal.h#6 $
*/
#ifndef _LIBCAPSICUM_INTERNAL_H_
#define _LIBCAPSICUM_INTERNAL_H_
-#define LIBCAPSICUM_FQNAME "org.freebsd.libcapsicum"
-#define RTLD_CAP_FQNAME "org.freebsd.rtld-elf-cap"
+#define LIBCAPSICUM_FQNAME "org.freebsd.libcapsicum"
+#define RTLD_CAP_FQNAME "org.freebsd.rtld-elf-cap"
struct lc_host {
int lch_fd_sock;
Modified: projects/capabilities8/lib/libcapsicum/libcapsicum_sandbox.c
==============================================================================
--- projects/capabilities8/lib/libcapsicum/libcapsicum_sandbox.c Tue Feb 2 20:38:30 2010 (r203401)
+++ projects/capabilities8/lib/libcapsicum/libcapsicum_sandbox.c Tue Feb 2 20:49:48 2010 (r203402)
@@ -5,9 +5,9 @@
* WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED
* ON IN PRODUCTION SYSTEMS. IT WILL BREAK YOUR SOFTWARE IN NEW AND
* UNEXPECTED WAYS.
- *
+ *
* This software was developed at the University of Cambridge Computer
- * Laboratory with support from a grant from Google, Inc.
+ * Laboratory with support from a grant from Google, Inc.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
Modified: projects/capabilities8/lib/libcapsicum/libcapsicum_sandbox_api.h
==============================================================================
--- projects/capabilities8/lib/libcapsicum/libcapsicum_sandbox_api.h Tue Feb 2 20:38:30 2010 (r203401)
+++ projects/capabilities8/lib/libcapsicum/libcapsicum_sandbox_api.h Tue Feb 2 20:49:48 2010 (r203402)
@@ -5,9 +5,9 @@
* WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED
* ON IN PRODUCTION SYSTEMS. IT WILL BREAK YOUR SOFTWARE IN NEW AND
* UNEXPECTED WAYS.
- *
+ *
* This software was developed at the University of Cambridge Computer
- * Laboratory with support from a grant from Google, Inc.
+ * Laboratory with support from a grant from Google, Inc.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -30,7 +30,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_sandbox_api.h#3 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_sandbox_api.h#4 $
*/
#ifndef _LIBCAPSICUM_SANDBOX_API_H_
@@ -41,7 +41,7 @@
* make about the runtime environment set up by libcapsicum hosts.
*/
#define LIBCAPSICUM_SANDBOX_API_ENV "LIBCAPSICUM_SANDBOX"
-#define LIBCAPSICUM_SANDBOX_FDLIST "LIBCAPSICUM_FDLIST"
+#define LIBCAPSICUM_SANDBOX_FDLIST "LIBCAPSICUM_FDLIST"
#define LIBCAPSICUM_SANDBOX_API_SOCK "sock"
/*
Modified: projects/capabilities8/lib/libcapsicum/libcapsicum_sandbox_io.c
==============================================================================
--- projects/capabilities8/lib/libcapsicum/libcapsicum_sandbox_io.c Tue Feb 2 20:38:30 2010 (r203401)
+++ projects/capabilities8/lib/libcapsicum/libcapsicum_sandbox_io.c Tue Feb 2 20:49:48 2010 (r203402)
@@ -5,9 +5,9 @@
* WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED
* ON IN PRODUCTION SYSTEMS. IT WILL BREAK YOUR SOFTWARE IN NEW AND
* UNEXPECTED WAYS.
- *
+ *
* This software was developed at the University of Cambridge Computer
- * Laboratory with support from a grant from Google, Inc.
+ * Laboratory with support from a grant from Google, Inc.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
More information about the svn-src-projects
mailing list