diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libc/regex/regcomp.c | 1 | ||||
| -rw-r--r-- | lib/libcasper/services/cap_fileargs/cap_fileargs.3 | 174 | ||||
| -rw-r--r-- | lib/libregex/tests/gnuext.in | 6 | ||||
| -rw-r--r-- | lib/libsys/Makefile.sys | 1 | ||||
| -rw-r--r-- | lib/libsys/_libsys.h | 4 | ||||
| -rw-r--r-- | lib/libsys/amd64/amd64_get_fsbase.c | 7 | ||||
| -rw-r--r-- | lib/libsys/amd64/amd64_get_gsbase.c | 7 | ||||
| -rw-r--r-- | lib/libsys/amd64/amd64_set_fsbase.c | 7 | ||||
| -rw-r--r-- | lib/libsys/amd64/amd64_set_gsbase.c | 7 | ||||
| -rw-r--r-- | lib/libsys/syscalls.map | 2 | ||||
| -rw-r--r-- | lib/libutil++/Makefile | 2 |
11 files changed, 98 insertions, 120 deletions
diff --git a/lib/libc/regex/regcomp.c b/lib/libc/regex/regcomp.c index f34dc322d0bb..aebea2b02435 100644 --- a/lib/libc/regex/regcomp.c +++ b/lib/libc/regex/regcomp.c @@ -1183,6 +1183,7 @@ p_b_pseudoclass(struct parse *p, char c) { /* PASSTHROUGH */ case 'w': p_b_cclass_named(p, cs, "alnum"); + CHadd(p, cs, '_'); break; case 'S': cs->invert = 1; diff --git a/lib/libcasper/services/cap_fileargs/cap_fileargs.3 b/lib/libcasper/services/cap_fileargs/cap_fileargs.3 index c7ce45c518d1..6a69fe7e1f4a 100644 --- a/lib/libcasper/services/cap_fileargs/cap_fileargs.3 +++ b/lib/libcasper/services/cap_fileargs/cap_fileargs.3 @@ -22,10 +22,11 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd December 6, 2023 +.Dd August 8, 2025 .Dt CAP_FILEARGS 3 .Os .Sh NAME +.Nm cap_fileargs , .Nm fileargs_cinit , .Nm fileargs_cinitnv , .Nm fileargs_init , @@ -35,9 +36,8 @@ .Nm fileargs_open , .Nm fileargs_fopen .Nd "library for handling files in capability mode" -.Sh LIBRARY -.Lb libcap_fileargs .Sh SYNOPSIS +.Lb libcap_fileargs .In sys/nv.h .In libcasper.h .In casper/cap_fileargs.h @@ -60,52 +60,57 @@ .Ft "char *" .Fn fileargs_realpath "fileargs_t *fa" "const char *pathname" "char *reserved_path" .Sh DESCRIPTION -The library is used to simplify Capsicumizing a tools that are using file system. -Idea behind the library is that we are passing a remaining -.Fa argc -and +The +.Nm +library is used to simplify Capsicumizing tools that are using file system. +The idea behind the library is that we pass the remaining arguments from .Fa argv -which contains a list of files that should be open for this program. -The library will create a service that will serve those files. +(with count specified by +.Fa argc ) +which contains the list of files that should be opened by the program. +The library creates a service that will serve those files. .Pp The function .Fn fileargs_init -create a service to the +creates a service to the .Nm system.fileargs . The .Fa argv contains a list of files that should be opened. The argument can be set to .Dv NULL -which will not create a service and all files will be prohibited to be opened. +to create no service and prohibit all files from being opened. The .Fa argc -argument contains a number of passed files. +argument contains the number of files passed to the program. The .Fa flags -argument limits opened files for either execution or reading and/or writing. +argument specifies whether files can be opened for execution, for reading, +and/or for writing. The .Fa mode -argument tells which what mode file should be created if the -.Dv O_CREATE -flag is present . -For more details of the +argument specifies the permissions to use when creating new files if the +.Dv O_CREAT +flag is set. +For more information about the .Fa flags and .Fa mode -arguments see +arguments, see .Xr open 2 . The .Fa rightsp -argument contains a list of the capability rights which file should be limited to. -For more details of the capability rights see +argument specifies the capability rights that will be applied to restrict +access to the files. +For more information about capability rights, see .Xr cap_rights_init 3 . The .Fa operations -argument limits the operations that are available using +argument specifies which operations are permitted when using .Nm system.fileargs . +The following flags can be combined to form the .Fa operations -is a combination of: +value: .Bl -ohang -offset indent .It FA_OPEN Allow @@ -122,121 +127,117 @@ Allow .Pp The function .Fn fileargs_cinit -is equivalent to -.Fn fileargs_init -except that the connection to the Casper needs to be provided. +behaves identically to +.Fn fileargs_init , +but requires an existing Casper connection to be passed as an argument. .Pp The functions .Fn fileargs_initnv and .Fn fileargs_cinitnv -are respectively equivalent to +are equivalent to .Fn fileargs_init and .Fn fileargs_cinit -expect that all arguments all provided as -.Xr nvlist 9 . -For details see -.Sx LIMITS . +respectively, but take their arguments in the form of an +.Xr nvlist 9 +structure. +See the +.Sx LIMITS +section for details on the expected argument types and values. .Pp The -.Fa fileargs_free -close connection to the +.Fn fileargs_free +function closes the connection to the .Nm system.fileargs -service and free are structures. -The function handle +service and frees all associated data structures. +The function safely handles .Dv NULL -argument. +arguments. .Pp The function .Fn fileargs_lstat -is equivalent to +provides the same functionality as .Xr lstat 2 . .Pp The functions .Fn fileargs_open and .Fn fileargs_fopen -are respectively equivalent to +behave identically to .Xr open 2 and .Xr fopen 3 -expect that all arguments are fetched from the +respectively, but retrieve their arguments from the .Va fileargs_t structure. .Pp The function .Fn fileargs_realpath -is equivalent to -.Xr realpath 3 . +provides the same functionality as the standard C library function +.Xr realpath 3 , +resolving all symbolic links and references in a pathname. .Pp +The following functions are reentrant but require synchronization for +thread safety: .Fn fileargs_open , .Fn fileargs_lstat , .Fn fileargs_realpath , .Fn fileargs_cinitnv , .Fn fileargs_initnv , and -.Fn fileargs_fopen -are reentrant but not thread-safe. -That is, they may be called from separate threads only with different +.Fn fileargs_fopen . +Multiple threads can call these functions safely only if they use different .Vt cap_channel_t -arguments or with synchronization. +arguments or proper synchronization mechanisms. .Sh LIMITS -This section describe which values and types should be used to pass arguments to the +This section describes the required and optional arguments that must be +passed to .Fa system.fileargs -through the +via the .Fn fileargs_initnv and .Fn fileargs_cinitnv -functions. -The +functions using an .Xr nvlist 9 -for that functions must contain the following values and types: +structure. +.Pp +The following arguments are required: .Bl -ohang -offset indent -.It flags ( NV_TYPE_NUMBER ) -The -.Va flags -limits opened files for either execution or reading and/or writing. -.It mode (NV_TYPE_NUMBER) -If in the -.Va flags -argument the +.It flags Pq Dv NV_TYPE_NUMBER +Specifies access permissions for opened files. +.It mode Pq Dv NV_TYPE_NUMBER +Required when the .Dv O_CREATE -flag was defined the -.Xr nvlist 9 -must contain the -.Va mode . -The -.Va mode -argument tells which what mode file should be created. -.It operations (NV_TYPE_NUMBER) -The -.Va operations -limits the usable operations for +flag is set in +.Va flags . +Specifies the permissions to use when creating new files. +.It operations Pq Dv NV_TYPE_NUMBER +Specifies which operations are allowed for .Fa system.fileargs . -The possible values are explained as +See the description of the .Va operations -argument with -.Fn fileargs_init . +argument in +.Fn fileargs_init +for possible values. .El .Pp -The +The following arguments are optional in the .Xr nvlist 9 -for that functions may contain the following values and types: +structure: .Bl -ohang -offset indent -.It cap_rights ( NV_TYPE_BINARY ) +.It cap_rights Pq Dv NV_TYPE_BINARY The .Va cap_rights -argument contains a list of the capability rights which file should be limited to. -.It ( NV_TYPE_NULL ) -Any number of +argument specifies the capability rights that will be applied to restrict +access to opened files. +.It filenames Pq Dv NV_TYPE_NULL +Multiple .Dv NV_TYPE_NULL -where the name of the element is name of the file which can be opened. +elements can be provided, where each element's name represents a file +path that is allowed to be opened. .El .Sh EXAMPLES -The following example first parse some options and then create the -.Nm system.fileargs -service with remaining arguments. .Bd -literal int ch, fd, i; cap_rights_t rights; @@ -287,16 +288,13 @@ fileargs_free(fa); .Xr nv 9 .Sh HISTORY The -.Nm cap_fileargs +.Nm service first appeared in .Fx 10.3 . .Sh AUTHORS .An Mariusz Zaborski Aq Mt oshogbo@FreeBSD.org .Sh BUGS The -.Lb cap_fileargs -included in -.Fx -is considered experimental, and should not be deployed in production -environments without careful consideration of the risks associated with -the use of experimental operating system features. +.Nm +service is considered experimental and should be thoroughly evaluated +for risks before deploying in production environments. diff --git a/lib/libregex/tests/gnuext.in b/lib/libregex/tests/gnuext.in index 8f49854235a9..3ce0f4af1b34 100644 --- a/lib/libregex/tests/gnuext.in +++ b/lib/libregex/tests/gnuext.in @@ -10,9 +10,9 @@ a\|b\|c b abc a (ab)\1 - abab abab \1(ab) C ESUBREG (a)(b)(c)(d)(e)(f)(g)(h)(i)\9 - abcdefghii abcdefghii -# \w, \W, \s, \S (alnum, ^alnum, space, ^space) -\w+ - -%@a0X- a0X -\w\+ b -%@a0X- a0X +# \w, \W, \s, \S (_alnum, ^_alnum, space, ^space) +\w+ - -%@a_0X- a_0X +\w\+ b -%@a_0X- a_0X \s+ - aSNTb SNT \s\+ b aSNTb SNT # Word boundaries (\b, \B, \<, \>, \`, \') diff --git a/lib/libsys/Makefile.sys b/lib/libsys/Makefile.sys index 7871731dcdcd..bd65b58083c2 100644 --- a/lib/libsys/Makefile.sys +++ b/lib/libsys/Makefile.sys @@ -52,7 +52,6 @@ STATICOBJS+= interposing_table.o PSEUDO= \ __realpathat \ clock_gettime \ - exit \ getlogin \ gettimeofday \ sched_getcpu diff --git a/lib/libsys/_libsys.h b/lib/libsys/_libsys.h index 7a1685cca2d1..2f89e8fea92b 100644 --- a/lib/libsys/_libsys.h +++ b/lib/libsys/_libsys.h @@ -65,7 +65,7 @@ struct uuid; union semun; __BEGIN_DECLS -typedef void (__sys_exit_t)(int); +typedef void (__sys__exit_t)(int); typedef int (__sys_fork_t)(void); typedef ssize_t (__sys_read_t)(int, void *, size_t); typedef ssize_t (__sys_write_t)(int, const void *, size_t); @@ -469,7 +469,7 @@ typedef int (__sys_exterrctl_t)(u_int, u_int, void *); typedef int (__sys_inotify_add_watch_at_t)(int, int, const char *, uint32_t); typedef int (__sys_inotify_rm_watch_t)(int, int); -void __sys_exit(int rval); +_Noreturn void __sys__exit(int rval); int __sys_fork(void); ssize_t __sys_read(int fd, void * buf, size_t nbyte); ssize_t __sys_write(int fd, const void * buf, size_t nbyte); diff --git a/lib/libsys/amd64/amd64_get_fsbase.c b/lib/libsys/amd64/amd64_get_fsbase.c index 00f16a5e404f..b5e87f8a3ce5 100644 --- a/lib/libsys/amd64/amd64_get_fsbase.c +++ b/lib/libsys/amd64/amd64_get_fsbase.c @@ -30,7 +30,6 @@ * SUCH DAMAGE. */ -#define _WANT_P_OSREL #include <sys/param.h> #include <machine/cpufunc.h> #include <machine/specialreg.h> @@ -41,7 +40,6 @@ static int amd64_get_fsbase_cpu(void **addr) { - *addr = (void *)rdfsbase(); return (0); } @@ -49,15 +47,12 @@ amd64_get_fsbase_cpu(void **addr) static int amd64_get_fsbase_syscall(void **addr) { - return (sysarch(AMD64_GET_FSBASE, addr)); } DEFINE_UIFUNC(, int, amd64_get_fsbase, (void **)) { - - if (__getosreldate() >= P_OSREL_WRFSBASE && - (cpu_stdext_feature & CPUID_STDEXT_FSGSBASE) != 0) + if ((cpu_stdext_feature & CPUID_STDEXT_FSGSBASE) != 0) return (amd64_get_fsbase_cpu); return (amd64_get_fsbase_syscall); } diff --git a/lib/libsys/amd64/amd64_get_gsbase.c b/lib/libsys/amd64/amd64_get_gsbase.c index ef135b1eed7f..51be412ddd7a 100644 --- a/lib/libsys/amd64/amd64_get_gsbase.c +++ b/lib/libsys/amd64/amd64_get_gsbase.c @@ -30,7 +30,6 @@ * SUCH DAMAGE. */ -#define _WANT_P_OSREL #include <sys/param.h> #include <machine/cpufunc.h> #include <machine/specialreg.h> @@ -41,7 +40,6 @@ static int amd64_get_gsbase_cpu(void **addr) { - *addr = (void *)rdgsbase(); return (0); } @@ -49,15 +47,12 @@ amd64_get_gsbase_cpu(void **addr) static int amd64_get_gsbase_syscall(void **addr) { - return (sysarch(AMD64_GET_GSBASE, addr)); } DEFINE_UIFUNC(, int, amd64_get_gsbase, (void **)) { - - if (__getosreldate() >= P_OSREL_WRFSBASE && - (cpu_stdext_feature & CPUID_STDEXT_FSGSBASE) != 0) + if ((cpu_stdext_feature & CPUID_STDEXT_FSGSBASE) != 0) return (amd64_get_gsbase_cpu); return (amd64_get_gsbase_syscall); } diff --git a/lib/libsys/amd64/amd64_set_fsbase.c b/lib/libsys/amd64/amd64_set_fsbase.c index f1690fde6e17..5265bd712f17 100644 --- a/lib/libsys/amd64/amd64_set_fsbase.c +++ b/lib/libsys/amd64/amd64_set_fsbase.c @@ -30,7 +30,6 @@ * SUCH DAMAGE. */ -#define _WANT_P_OSREL #include <sys/param.h> #include <machine/cpufunc.h> #include <machine/specialreg.h> @@ -41,7 +40,6 @@ static int amd64_set_fsbase_cpu(void *addr) { - wrfsbase((uintptr_t)addr); return (0); } @@ -49,15 +47,12 @@ amd64_set_fsbase_cpu(void *addr) static int amd64_set_fsbase_syscall(void *addr) { - return (sysarch(AMD64_SET_FSBASE, &addr)); } DEFINE_UIFUNC(, int, amd64_set_fsbase, (void *)) { - - if (__getosreldate() >= P_OSREL_WRFSBASE && - (cpu_stdext_feature & CPUID_STDEXT_FSGSBASE) != 0) + if ((cpu_stdext_feature & CPUID_STDEXT_FSGSBASE) != 0) return (amd64_set_fsbase_cpu); return (amd64_set_fsbase_syscall); } diff --git a/lib/libsys/amd64/amd64_set_gsbase.c b/lib/libsys/amd64/amd64_set_gsbase.c index 756bbae18844..94f5736ed1ab 100644 --- a/lib/libsys/amd64/amd64_set_gsbase.c +++ b/lib/libsys/amd64/amd64_set_gsbase.c @@ -30,7 +30,6 @@ * SUCH DAMAGE. */ -#define _WANT_P_OSREL #include <sys/param.h> #include <machine/cpufunc.h> #include <machine/specialreg.h> @@ -41,7 +40,6 @@ static int amd64_set_gsbase_cpu(void *addr) { - wrgsbase((uintptr_t)addr); return (0); } @@ -49,15 +47,12 @@ amd64_set_gsbase_cpu(void *addr) static int amd64_set_gsbase_syscall(void *addr) { - return (sysarch(AMD64_SET_GSBASE, &addr)); } DEFINE_UIFUNC(, int, amd64_set_gsbase, (void *)) { - - if (__getosreldate() >= P_OSREL_WRFSBASE && - (cpu_stdext_feature & CPUID_STDEXT_FSGSBASE) != 0) + if ((cpu_stdext_feature & CPUID_STDEXT_FSGSBASE) != 0) return (amd64_set_gsbase_cpu); return (amd64_set_gsbase_syscall); } diff --git a/lib/libsys/syscalls.map b/lib/libsys/syscalls.map index 69fce2ea7c63..dbb011343c8f 100644 --- a/lib/libsys/syscalls.map +++ b/lib/libsys/syscalls.map @@ -7,7 +7,7 @@ FBSDprivate_1.0 { _syscall; __sys_syscall; - __sys_exit; + __sys__exit; _fork; __sys_fork; _read; diff --git a/lib/libutil++/Makefile b/lib/libutil++/Makefile index df3074c2278e..729a336ddb3a 100644 --- a/lib/libutil++/Makefile +++ b/lib/libutil++/Makefile @@ -1,4 +1,4 @@ -PACKAGE= lib${LIB} +PACKAGE= clibs LIB_CXX= util++ INTERNALLIB= true SHLIB_MAJOR= 1 |