diff options
| author | Will Drewry <wad@chromium.org> | 2011-09-16 14:50:50 -0500 |
|---|---|---|
| committer | Will Drewry <wad@chromium.org> | 2011-09-23 12:46:16 -0700 |
| commit | fe4a372685f30fe7d0f30da2a46cc096f418c359 (patch) | |
| tree | 6ce853bf73aa17e1aef5ac3398c136ac2458b26b /libminijailpreload.c | |
| parent | 2ddaad07d7c54e370353abfa05efe2661898b428 (diff) | |
| download | minijail-fe4a372685f30fe7d0f30da2a46cc096f418c359.tar.gz | |
libminijail: move over to using marshalled binary for preload
Move libminijail and libminijailpreload over to using the marshalling
helper functions and add to/from_fd. The format itself is not terribly
robust, but we can change it underneath the functions in the future
(or move struct minijail to a protobuf :).
These changes lay the groundwork for sending seccomp_filter policy. A
subsequent change will implement that and disable use in the parent.
BUG=chromium-os:19459
TEST=tested as per previous commits:
minijail0 -[pvrcuGg] -- /bin/cat /proc/self/status
.. /bin/ps aux
.. /bin/bash -c 'env'
Change-Id: I565816611b31ce49f85fee2241c55a3328d7b770
Reviewed-on: http://gerrit.chromium.org/gerrit/7892
Reviewed-by: Elly Jones <ellyjones@chromium.org>
Tested-by: Will Drewry <wad@chromium.org>
Diffstat (limited to 'libminijailpreload.c')
| -rw-r--r-- | libminijailpreload.c | 43 |
1 files changed, 6 insertions, 37 deletions
diff --git a/libminijailpreload.c b/libminijailpreload.c index a4970bc..fb74e93 100644 --- a/libminijailpreload.c +++ b/libminijailpreload.c @@ -34,11 +34,6 @@ static void unset_in_env(char **envp, const char *name) { envp[i][0] = '\0'; } -static void splitarg(char *str, char **key, char **val) { - *key = strsep(&str, "="); - *val = strsep(&str, ""); -} - /** @brief Fake main(), spliced in before the real call to main() by * __libc_start_main (see below). * We get serialized commands from our invoking process over an fd specified @@ -48,10 +43,7 @@ static void splitarg(char *str, char **key, char **val) { */ static int fake_main(int argc, char **argv, char **envp) { char *fd_name = getenv(kFdEnvVar); - char *arg = NULL; - size_t arg_len; int fd = -1; - FILE *args; struct minijail *j; if (geteuid() != getuid() || getegid() != getgid()) /* If we didn't do this check, an attacker could set kFdEnvVar for @@ -64,43 +56,20 @@ static int fake_main(int argc, char **argv, char **envp) { fd = atoi(fd_name); if (fd < 0) return MINIJAIL_ERR_PRELOAD; - args = fdopen(fd, "r"); - if (!args) - return MINIJAIL_ERR_PRELOAD; j = minijail_new(); if (!j) die("preload: out of memory"); - while (getline(&arg, &arg_len, args) > 0) { - char *key, *val; - unsigned long v; - splitarg(arg, &key, &val); - if (!strcmp(arg, "eom\n")) { - break; - } else if (!strcmp(key, "caps")) { - v = strtoul(val, NULL, 16); - minijail_use_caps(j, v); - } else if (!strcmp(key, "ptrace")) { - minijail_disable_ptrace(j); - } else if (!strcmp(key, "uid")) { - v = atoi(val); - minijail_change_uid(j, v); - } else if (!strcmp(key, "gid")) { - v = atoi(val); - minijail_change_gid(j, v); - } else if (!strcmp(key, "seccomp")) { - minijail_use_seccomp(j); - } - free(arg); - arg = NULL; - } - if (!feof(args) && ferror(args)) - die("preload: unexpected failure during unmarshalling"); - fclose(args); + if (minijail_from_fd(fd, j)) + die("preload: failed to parse minijail from parent"); + close(fd); + /* TODO(ellyjones): this trashes existing preloads, so one can't do: * LD_PRELOAD="/tmp/test.so libminijailpreload.so" prog; the descendants of * prog will have no LD_PRELOAD set at all. */ unset_in_env(envp, kLdPreloadEnvVar); + /* Strip out flags meant for the parent. */ + minijail_preenter(j); minijail_enter(j); minijail_destroy(j); dlclose(libc_handle); |