"GOT", but the "O" is a cute, smiling pufferfish. Index | Thread | Search

From:
Thomas Adam <thomas@xteddy.org>
Subject:
Re: [WIP] landlock for got-portable
To:
Omar Polo <op@omarpolo.com>
Cc:
Thomas Adam <thomas@xteddy.org>, gameoftrees@openbsd.org
Date:
Fri, 24 Sep 2021 23:51:44 +0100

Download raw body.

Thread 
On Fri, Sep 24, 2021 at 11:16:36PM +0200, Omar Polo wrote:

Hey Omar.  Thanks for your work on this, it looks really interesting.

> I haven't find out how to obtain the rpath programmatically.  It would
> surely fix the issue thought.  (I'm manually adding /lib64 *just for
> testing* and it works.)

Does the following help?  It took me a few moments to find the relevant
comments in source files to cobble this together:

	#include <stdio.h>
	#include <link.h>
	#include <elf.h>

	int main(void)
	{
		const char 	*stab = NULL;
		const ElfW(Dyn) *dyn = _DYNAMIC, *rpath = NULL;

		for (; dyn->d_tag != DT_NULL; dyn++) {
			if (dyn->d_tag == DT_RPATH) {
				rpath = dyn;
			} else if (dyn->d_tag == DT_STRTAB)
				stab = (const char *)dyn->d_un.d_val;
		}

		if (stab != NULL && rpath != NULL)
			printf("Found rpath: %s\n", stab + rpath->d_un.d_val);

		return (0);
	}

Gives:

$ gcc -o rpathtest rpathtest.c -Wl,-rpath,/tmp/foo
$ ./rpathtest
Found rpath: /tmp/foo

> I've improved this in the attached patch.  There's a (disabled)
> landlock_unveil and landlock_no_fs.
>
> landlock_unveil is temporarly disabled.  The idea is to enable it (by
> decommenting the #define in got_compat.h) for got.c once I understand
> how to make send/fetch works under landlock.  I'm going to try adding a
> new libexec helper `got-dial' as per stsp@ suggestion on IRC and see how
> it goes.
> 
> landlock_no_fs prevents the process from doing ANYTHING to the
> filesystem.  Since all the libexec helpers run under pledge("stdio
> recvfd"), it's possible to use landlock_no_fs there without other
> modifications.

Makes sense to me.

> I think I've addressed this too.  I've added compat/landlock.c that's
> conditionally linked in the build if HAVE_LINUX_LANDLOCK.

I was wanting to see this tied to the PLATFORM as this is Linux-specific.  But
no problem, I can adjust that.  What you have is fine though.

In terms of the patch itself, it looks fine, although my system here is not
landlock-aware, so I will need to go updating the kernel, etc., to get it to
be.  That'll be fun!

Please keep sending the patches over.  I'll be publishing a "landlock" branch
in got-portable in just a moment for you to reference as go along...

Kindly,
Thomas