Re: [PATCH 0/2] enable procd security features by default

[Etienne Champetier]

Hi Petr, Daniel,

Le jeu. 26 nov. 2020 à 11:45, Petr Štetiar  a écrit :
>
> Daniel Golle  [2020-11-07 14:17:12]:
>
> Hi,
>
> > Please report back
>
> testing now the latest master on rtl8382 booted from initramfs and seeing 
> following:
>
>  Thu Nov 26 14:45:35 2020 user.notice dnsmasq: DNS rebinding protection is 
> active, will discard upstream RFC1918 responses!
>  Thu Nov 26 14:45:36 2020 user.notice dnsmasq: Allowing 127.0.0.0/8 responses
>  Thu Nov 26 14:45:42 2020 user.err : jail: pivot_root(/tmp/ujail-CgOmPF, 
> /tmp/ujail-CgOmPF/old) failed: Invalid argument
>  Thu Nov 26 14:45:42 2020 daemon.info procd: Instance dnsmasq::cfg01411c s in 
> a crash loop 14 crashes, 0 seconds since last crash
>  Thu Nov 26 14:45:45 2020 user.notice dnsmasq: DNS rebinding protection is 
> active, will discard upstream RFC1918 responses!
>  Thu Nov 26 14:45:45 2020 user.notice dnsmasq: Allowing 127.0.0.0/8 responses
>  Thu Nov 26 14:45:46 2020 user.err : jail: pivot_root(/tmp/ujail-kfIjBM, 
> /tmp/ujail-kfIjBM/old) failed: Invalid argument
>  Thu Nov 26 14:45:46 2020 daemon.info procd: Instance dnsmasq::cfg01411c s in 
> a crash loop 15 crashes, 0 seconds since last crash

https://man7.org/linux/man-pages/man2/pivot_root.2.html
> The rootfs (initial ramfs) cannot be pivot_root()ed.

A possible solution
https://patchwork.ozlabs.org/project/openwrt/patch/9231d502b07c5e4a8b32d5115c9f19991f9a9...@irsmsx108.ger.corp.intel.com/

>
> -- ynezz

___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [RFC] raise gcc/make versions for 20.x

[Etienne Champetier]

Le mer. 16 déc. 2020 à 07:33, Yousong Zhou  a écrit :
>
> On Wed, 16 Dec 2020 at 13:11, Petr Štetiar  wrote:
> >
> > Paul Spooren  [2020-12-15 16:26:14]:
> >
> > Hi,
> >
> > > I've seen two patches for version raises of build requirements and would
> > > like to know if we should merge them before or after 20.x.
> > >
> > > make: 3.81.x -> 4.1.x
> > > gcc: 4.8 -> 6.x
> > >
> > > I'm in favor to merge both *before* the branch.
> >
> > it would probably help to know the reason as well. "I'm in favor" might not 
> > be
> > enough in this almost pre-release stage.
> >
> > AFAIK that Make version bump fixes an issue with possibly few stray ANSI 
> > color
> > escapes (workaround is to use NO_COLOR=1 in this case) and \r characters in 
> > the
> > log file. Is it really that big issue to do this last minute version bump?
> >
> > FYI that gcc6+ one was NACKed[1] by Yousong and I'm fine with that for 20.12
> > release. I plan to rebase/resend that patch once 20.12 is branched.
> >
> > 1. 
> > https://patchwork.ozlabs.org/project/openwrt/patch/20191112081625.27695-1-yn...@true.cz/#2301662
> >
>
> I still hold the belief that a system such as CentOS could deserve a
> work-out-of-the-box experience ;)  But now that CentOS like the old
> day is not an option anymore in the future, I say we move on in the
> next release.

Why not just install devtoolset, up to date gcc supported by RedHat people ?
Or use a build container ?
There are a lot of options to not be stuck with a 7 years old version of GCC ;)

Etienne

>
> Regards,
> yousong

___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: Job board support on openwrt.org?

[Etienne Champetier]

Hi All,

Le sam. 23 janv. 2021 à 18:09, Sam Kuper  a écrit :
>
> On Sat, Jan 23, 2021 at 02:55:05PM +, Ted Hess wrote:
> > [T]here must be some sort of criteria (contributions, legitimate
> > business site or references) to get your name/outfit listed. And, as
> > Daniel said, we don't want to be in the business of certifying
> > contractors.
>
> Those two sentences seem to be slightly contradictory ;)
>
>
>
> Anyway, an alternative approach to the whole question of how to connect
> potential clients and contractors would be a mailing list, e.g.:
> openwrt-j...@openwrt.org .
>
> This would be a place for potential *clients/employers* to post
> jobs/tenders (to which potential contractors/employees could then reply
> on- or off-list).
>
> It would therefore place responsibility for establishing the credentials
> of the would-be employee or contractor entirely onto the potential
> employer or client, rather than onto the OpenWRT project.
>
> I.e. it is an inversion of the wiki page idea.
>
> I suggest that if a vote is held, it should be a three-way vote between
> the following outcomes (which should probably be mutually exclusive):
>
> - OpenWRT Jobs wiki page;
>
> - openwrt-jobs mailing list;

- OpenWrt Jobs forum section, with a "non endorsement" disclaimer at the top

My 2 cents
Etienne

>
> - Do nothing.
>
> Sam
>
> P.S.  I don't have an opinion on whether such a vote should be under
> FPTP or AV or Condorcet or some other voting method.  For reference, I
> think Debian uses "Condorcet/Clone Proof SSD":
> https://www.debian.org/vote/2003/vote_0002 .

___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Requiring 2FA on OpenWrt GitHub organization

[Etienne Champetier]

Hi All,

There are currently 65 members in OpenWrt org, 58 of them with 2FA enabled.
Requiring 2FA would kick out the 7 users without 2FA, 6 of them have
no OpenWrt related activity for more than 2 or 3 years, I've emailed
the 7th one privately.

Anyone see any problem enforcing 2FA ?

Best
Etienne

___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: Requiring 2FA on OpenWrt GitHub organization

[Etienne Champetier]

Hi Paul,

Le dim. 11 avr. 2021 à 21:07, Paul Spooren  a écrit :
>
> I did so a week ago and asked everyone with direct emails to turn on 2FA.
> Everyone who didn't respond after 3 weeks and multiple mails lost their
> commit access.
>
> If there's someone with commit access and no 2FA, it was added
> afterwards.

I saw that,
I just convinced one more to enable 2FA and only one "almost active"
is still a member (but without access)
Once this person answers (or not) I just want to make sure we don't "regress"

Best
Etienne


> --
>
>
>
> Apr 11, 2021 4:52:22 AM Etienne Champetier
> :
>
> > Hi All,
> >
> > There are currently 65 members in OpenWrt org, 58 of them with 2FA
> > enabled.
> > Requiring 2FA would kick out the 7 users without 2FA, 6 of them have
> > no OpenWrt related activity for more than 2 or 3 years, I've emailed
> > the 7th one privately.
> >
> > Anyone see any problem enforcing 2FA ?
> >
> > Best
> > Etienne
> >
> > ___
> > openwrt-devel mailing list
> > openwrt-devel@lists.openwrt.org
> > https://lists.openwrt.org/mailman/listinfo/openwrt-devel

___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH] Add sch_fq and sch_pie to the kmod-sched package.

[Etienne Champetier]

2015-06-03 18:08 GMT+02:00 Etienne Champetier 
:

> Hi Toke,
>
> 2015-06-03 14:15 GMT+02:00 Toke Høiland-Jørgensen :
>
>>
>> These are two new packet schedulers introduced in Linux 3.12 and 3.14
>> respectively. sch_fq is a perfect fairness queueing scheduler that also
>> adds pacing on host TCP flows, and sch_pie is an AQM.
>>
>> Having them available in kmod-sched makes it easier for people to test
>> these new queueing schemes.
>>
>> Signed-off-by: Toke Høiland-Jørgensen 
>> ---
>>
>> what is the size of the image/.ipk with/without this option ?
>
> reply all is better :)
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] How to keep disabled services disabled after sysupgrade

[Etienne Champetier]

Hi guys,

Le 18 juin 2015 17:18, "Stefan Tomanek" <
stefan.tomanek+open...@wertarbyte.de> a écrit :
>
> Dies schrieb Bastian Bittorf (bitt...@bluebottle.com):
>
> > > Can anyone supply any different ideas or provide some feedback?
> >
> > maybe: disabled services are stored during sysupgrade in
> > e.g. /lib/upgrade/keep.d/services_disabled
> >
> > and this file will be read line by line during firstboot/uci-defaults
> > (and services diabled again) and the file is then deleted.
>
> Yes, I was thinking in that direction as well - however,
/lib/upgrade/keep.d/
> seems to contain file locations that should be kept during an upgrade; is
there
> a safe place where temporary data can be stashed during a sysupgrade? I'd
like
> to save the list of installed packages as well, since remembering what
packages
> were installed is often a kind of PITA.
> At the moment, I am using these commands, but I'd like to see something
like that
> integrated into sysupgrade as well:
>
>   opkg list_installed > /etc/installed_packages
>   sysupgrade -c ..
>
>   opkg update
>   opkg install $(awk '{print $1}' /etc/installed_packages}

While you're at it, please also handle backup (not only sysupgrade)

Thanks in advance
Etienne
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH procd] service: start apps with LD_PRELOAD & lib disabling buffering

[Etienne Champetier]

Hi,

2015-06-20 21:35 GMT+02:00 John Crispin :

>
>
> On 20/06/2015 20:53, Rafał Miłecki wrote:
> > On 20 June 2015 at 13:56, Jo-Philipp Wich  wrote:
> >>> i dont like this idea at all. calling ld-preload on every started app
> >>> just seems wrong
> >>
> >> I was the one suggesting the idea since we needed a solution which does
> >> not require modification of downstream programs. We could restrict the
> >> preloading to programs which requested stdio relaying support from procd
> >> and not preload for the rest.
> >
> > AFAIK there are 3 solutions to this:
> > 1) Modifying every app we want to support with procd + logging
> > 2) Using PTY which I tried in https://patchwork.ozlabs.org/patch/486670/
> > 3) Using LD_PRELOAD
> >
> > The PTY was pointed as not the best choice, so that's why I continued
> > with LD_PRELOAD. As Jo-Philipp pointed, it's the same solution
> > "stdbuf" uses. I'm afraid there isn't any better alternative :(
> >
>
> oh well, i still dont like it but that is not really relevant i guess ...
> :)
>
Aren't you using LD_PRELOAD for procd jailing stuff ?
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] Revert 46119 (hardening: make override variables more intuitive)

[Etienne Champetier]

Hi all,

Please reread r46119

Relro full != relro partial
Fortify source 1 != fortify source 2
Ssp != ssp strong

Regards
Etienne
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] Revert 46119 (hardening: make override variables more intuitive)

[Etienne Champetier]

Hi,

Le 24 juin 2015 16:19, "Steven Barth"  a écrit :
>
> Hi Etienne,
>
> I don't get your issue. 46119 only unifies the override variables,
> meaning if a package maintainer wants to override e.g. RELRO he now
> only needs to add PKG_RELRO:=0 instead of adding two for both RELRO
> modes.
>
Sorry i looked at it on my phone and really too quickly, and missed the
ifdef before each changes

Just ignore me and continue the good work!

>
> Cheers,
>
> Steven
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] Dualradio 2.4/5GHz ath9k-Hardware which is deliverable?

[Etienne Champetier]

hi bastian,

2015-07-01 21:55 GMT+02:00 Bastian Bittorf :

> * Emmanuel Deloget  [01.07.2015 21:50]:
> > You should try Aliexpress - it seems they still have some 4900 (be aware
> > that prices might be a bit weird).
>
> my question is not about "tricks" to get these devices.
> it's about what can be found everywhere.
>
> is 2.4+5ghz ath9k really outdated? bye, bastian
>

maybe you can explain why only ath9k (mesh? binary blob?)

Regards
Etienne
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH procd] jail: fix jail root folder permissions

[Etienne CHAMPETIER]

We need a+x rights on the path to the root of the jails
so we can use users other than root (like nobody)

This partly fixes jailed dnsmasq

Signed-off-by: Etienne CHAMPETIER 
---
 jail/jail.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/jail/jail.c b/jail/jail.c
index a6de133..2bba292 100644
--- a/jail/jail.c
+++ b/jail/jail.c
@@ -143,7 +143,7 @@ static int build_jail(const char *path)
 
mkdir(path, 0755);
 
-   if (mount("tmpfs", path, "tmpfs", MS_NOATIME, "mode=0744")) {
+   if (mount("tmpfs", path, "tmpfs", MS_NOATIME, "mode=0755")) {
ERROR("tmpfs mount failed %s\n", strerror(errno));
return -1;
}
-- 
2.4.3
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH 1/2] base-files: fix /tmp/.jail permissions

[Etienne CHAMPETIER]

We need a+x rights on the path to the root of the jails
so we can use users other than root (like nobody)

This partly fixes jailed dnsmasq

Signed-off-by: Etienne CHAMPETIER 
---
 package/base-files/files/etc/init.d/boot | 1 -
 1 file changed, 1 deletion(-)

diff --git a/package/base-files/files/etc/init.d/boot 
b/package/base-files/files/etc/init.d/boot
index 6950130..a53be74 100755
--- a/package/base-files/files/etc/init.d/boot
+++ b/package/base-files/files/etc/init.d/boot
@@ -29,7 +29,6 @@ boot() {
mkdir -p /tmp/.uci
chmod 0700 /tmp/.uci
mkdir -p /tmp/.jail
-   chmod 0700 /tmp/.jail
touch /var/log/wtmp
touch /var/log/lastlog
touch /tmp/resolv.conf.auto
-- 
2.4.3
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH 2/2] dnsmasq: add some missing files to the jail

[Etienne CHAMPETIER]

found with strace, not sure we got all of them though

Signed-off-by: Etienne CHAMPETIER 
---
 package/network/services/dnsmasq/files/dnsmasq.init | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package/network/services/dnsmasq/files/dnsmasq.init 
b/package/network/services/dnsmasq/files/dnsmasq.init
index b0a5fbc..676c4b7 100644
--- a/package/network/services/dnsmasq/files/dnsmasq.init
+++ b/package/network/services/dnsmasq/files/dnsmasq.init
@@ -556,7 +556,7 @@ start_service() {
procd_set_param respawn
 
procd_add_jail dnsmasq ubus log
-   procd_add_jail_mount $CONFIGFILE $TRUSTANCHORSFILE $HOSTFILE 
/etc/passwd /dev/urandom /etc/dnsmasq.conf /tmp/dnsmasq.d /tmp/resolv.conf.auto 
/etc/hosts /etc/ethers
+   procd_add_jail_mount $CONFIGFILE $TRUSTANCHORSFILE $HOSTFILE 
/etc/passwd /etc/group /etc/TZ /dev/null /dev/urandom /etc/dnsmasq.conf 
/tmp/dnsmasq.d /tmp/resolv.conf.auto /etc/hosts /etc/ethers
procd_add_jail_mount_rw /var/run/dnsmasq/ /tmp/dhcp.leases 
$TIMESTAMPFILE

procd_close_instance
-- 
2.4.3
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] jail patches -> CC & trunk

[Etienne Champetier]

Hi guys

Just forgot to says that my 3 patches fixing jails are also for CC
https://patchwork.ozlabs.org/patch/497899/
https://patchwork.ozlabs.org/patch/497900/
https://patchwork.ozlabs.org/patch/497901/

Regards
Etienne
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] jail patches -> CC & trunk

[Etienne Champetier]

Hi all,

This as been merged in trunk (thanks John) and in CC (thanks jow)

Just a quick note, LXC on both centos 6 and fedora 22 can have a dir chmod
770 and chown root:root
in the path to the rootfs and it still work with non root user,
so maybe my patches are just workarounds (or maybe not, i've no idea yet)

2015-07-22 12:50 GMT+02:00 Etienne Champetier 
:

> Hi guys
>
> Just forgot to says that my 3 patches fixing jails are also for CC
> https://patchwork.ozlabs.org/patch/497899/
> https://patchwork.ozlabs.org/patch/497900/
> https://patchwork.ozlabs.org/patch/497901/
>
> Regards
> Etienne
>
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH] procd: add helper binaries to jail

[Etienne Champetier]

Hi Maxim,
Le 12 août 2015 13:25, "Maxim Storchak"  a écrit :
>
> This allows to build jails with more than a single binary.
> May be used to run main program with a wrapper, f.e. ionice,
> or to add helper binaries for the main one (like gzip for tar with no
> build-in compression support).
>
> Usage:
> directly:
> ujail ... -b /usr/bin/main ... -- /bin/wrapper ... /usr/bin/main
> ujail ... -b /usr/bin/helper1 -b /bin/helper2 ... -- /usr/bin/main
> in init scripts:
> procd_add_jail_mount_bin /usr/bin/something /bin/helper
>
> Signed-off-by: Maxim Storchak 
> ---
>  package/system/procd/files/procd.sh| 18 +++
>  .../procd/patches/100-ujail-helper-binary.patch| 58
++
>  .../procd/patches/101-service-helper-binary.patch  | 15 ++

Procd is an OpenWrt project, you should send a patch against procd git on
this ML

I haven't tested your patch, but i really like the idea/feature

Regards,
Etienne
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH 1/2] [procd] add UTRACE_SUPPORT option

[Etienne CHAMPETIER]

we now can build seccomp, ujail, utrace separatly

Signed-off-by: Etienne CHAMPETIER 
---
 CMakeLists.txt | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 6af17a3..805e2ed 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -84,7 +84,9 @@ TARGET_LINK_LIBRARIES(ujail ubox)
 INSTALL(TARGETS ujail
RUNTIME DESTINATION sbin
 )
+endif()
 
+IF(UTRACE_SUPPORT)
 ADD_EXECUTABLE(utrace trace/trace.c)
 TARGET_LINK_LIBRARIES(utrace ubox ${json} blobmsg_json)
 INSTALL(TARGETS utrace
-- 
1.9.1
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH 2/2] [procd, RFC] ujail: reworks & cleanups

[Etienne CHAMPETIER]

This is an RFC patch for ujail

-use EXIT_SUCCESS/EXIT_FAILURE (not -1)
-parse every options in main, put them in opts struct
-add CLONE_NEWIPC to the clone() call (it's already compiled in openwrt kernel)
-return the exit status of the jailed process, or the num of the signal that 
killed it
-add missing options to usage()
-add a warning in usage() about ujail security
-debug option can now take an int as parameter (~debug level),
  with -d2 you now activate "LD_DEBUG=all" for exemple
-do not depend on libpreload-seccomp.so if -S is not present
-there is now only one ujail process instead of two

jail creation is now as follow:
1) create jail root dir (mkdir)
2) create new namespace (clone)
(in the parent wait for the child with uloop)
3) build the jail root fs (mount bind all the libs/bins ...),
pivot_root and mount special fs (procfs, sysfs) (build_jail_fs())
4) build envp (LD_PRELOAD the seccomp helper or ...)
5) coming soon: drop capabilities()
6) execve the jailed bin
7) remove jail root dir (once child is dead)

there is no need to umount anything because we are already in the namespace

Todo:
-add capabilities() support
-allow signals from the parent to the child

Feature request:
-when we add a file or dir, detect if it's an exec and add it's dependencies

Signed-off-by: Etienne CHAMPETIER 
---
 jail/jail.c | 390 
 1 file changed, 155 insertions(+), 235 deletions(-)

diff --git a/jail/jail.c b/jail/jail.c
index 2bba292..dd46c86 100644
--- a/jail/jail.c
+++ b/jail/jail.c
@@ -43,7 +43,17 @@
 #include 
 
 #define STACK_SIZE (1024 * 1024)
-#define OPT_ARGS   "P:S:n:r:w:psuldo"
+#define OPT_ARGS   "P:S:n:r:w:d:psulo"
+
+static struct {
+   char *path;
+   char *name;
+   char **jail_argv;
+   char *seccomp;
+   int procfs;
+   int ronly;
+   int sysfs;
+} opts;
 
 struct extra {
struct list_head list;
@@ -125,7 +135,7 @@ static int mount_bind(const char *root, const char *path, 
const char *name, int
return -1;
}
 
-   if (readonly && mount(old, new, NULL, MS_BIND | MS_REMOUNT | MS_RDONLY, 
NULL)) {
+   if (readonly && mount(NULL, new, NULL, MS_BIND | MS_REMOUNT | 
MS_RDONLY, NULL)) {
ERROR("failed to remount ro %s: %s\n", new, strerror(errno));
return -1;
}
@@ -135,80 +145,75 @@ static int mount_bind(const char *root, const char *path, 
const char *name, int
return 0;
 }
 
-static int build_jail(const char *path)
+static int build_jail_fs()
 {
struct library *l;
struct extra *m;
-   int ret = 0;
 
-   mkdir(path, 0755);
-
-   if (mount("tmpfs", path, "tmpfs", MS_NOATIME, "mode=0755")) {
+   if (mount("tmpfs", opts.path, "tmpfs", MS_NOATIME, "mode=0755")) {
ERROR("tmpfs mount failed %s\n", strerror(errno));
return -1;
}
 
-   avl_for_each_element(&libraries, l, avl)
-   if (mount_bind(path, l->path, l->name, 1, -1))
-   return -1;
-
-   list_for_each_entry(m, &extras, list)
-   if (mount_bind(path, m->path, m->name, m->readonly, 0))
-   return -1;
-
-   return ret;
-}
+   if (chdir(opts.path)) {
+   ERROR("failed to chdir() in the jail root\n");
+   return -1;
+   }
 
-static void _umount(const char *root, const char *path)
-{
-   char *buf = NULL;
+   avl_init(&libraries, avl_strcmp, false, NULL);
+   alloc_library_path("/lib64");
+   alloc_library_path("/lib");
+   alloc_library_path("/usr/lib");
+   load_ldso_conf("/etc/ld.so.conf");
 
-   if (asprintf(&buf, "%s%s", root, path) < 0) {
-   ERROR("failed to alloc umount buffer: %s\n", strerror(errno));
-   } else {
-   DEBUG("umount %s\n", buf);
-   umount(buf);
-   free(buf);
+   if (elf_load_deps(*opts.jail_argv)) {
+   ERROR("failed to load dependencies\n");
+   return -1;
}
-}
 
-static int stop_jail(const char *root)
-{
-   struct library *l;
-   struct extra *m;
+   if (opts.seccomp && elf_load_deps("libpreload-seccomp.so")) {
+   ERROR("failed to load libpreload-seccomp.so\n");
+   return -1;
+   }
 
-   avl_for_each_element(&libraries, l, avl) {
-   char path[256];
-   char *p = l->path;
+   avl_for_each_element(&libraries, l, avl)
+   if (mount_bind(opts.path, l->path, l->name, 1, -1))
+   return -1;
 
-   if (strstr(p, "local&

Re: [OpenWrt-Devel] [PATCH 2/2] [procd, RFC] ujail: reworks & cleanups

[Etienne Champetier]

2015-08-21 0:39 GMT+02:00 Etienne CHAMPETIER :

> This is an RFC patch for ujail
>
> -use EXIT_SUCCESS/EXIT_FAILURE (not -1)
> -parse every options in main, put them in opts struct
> -add CLONE_NEWIPC to the clone() call (it's already compiled in openwrt
> kernel)
> -return the exit status of the jailed process, or the num of the signal
> that killed it
> -add missing options to usage()
> -add a warning in usage() about ujail security
> -debug option can now take an int as parameter (~debug level),
>   with -d2 you now activate "LD_DEBUG=all" for exemple
> -do not depend on libpreload-seccomp.so if -S is not present
> -there is now only one ujail process instead of two
>
> jail creation is now as follow:
> 1) create jail root dir (mkdir)
> 2) create new namespace (clone)
> (in the parent wait for the child with uloop)
> 3) build the jail root fs (mount bind all the libs/bins ...),
> pivot_root and mount special fs (procfs, sysfs) (build_jail_fs())
> 4) build envp (LD_PRELOAD the seccomp helper or ...)
> 5) coming soon: drop capabilities()
> 6) execve the jailed bin
> 7) remove jail root dir (once child is dead)
>
> there is no need to umount anything because we are already in the namespace
>
> Todo:
> -add capabilities() support
> -allow signals from the parent to the child
>
> Feature request:
> -when we add a file or dir, detect if it's an exec and add it's
> dependencies
>

forgot to say: run tested on openwrt CC ar71xx


>
> Signed-off-by: Etienne CHAMPETIER 
> ---
>  jail/jail.c | 390
> 
>  1 file changed, 155 insertions(+), 235 deletions(-)
>
> diff --git a/jail/jail.c b/jail/jail.c
> index 2bba292..dd46c86 100644
> --- a/jail/jail.c
> +++ b/jail/jail.c
> @@ -43,7 +43,17 @@
>  #include 
>
>  #define STACK_SIZE (1024 * 1024)
> -#define OPT_ARGS   "P:S:n:r:w:psuldo"
> +#define OPT_ARGS   "P:S:n:r:w:d:psulo"
> +
> +static struct {
> +   char *path;
> +   char *name;
> +   char **jail_argv;
> +   char *seccomp;
> +   int procfs;
> +   int ronly;
> +   int sysfs;
> +} opts;
>
>  struct extra {
> struct list_head list;
> @@ -125,7 +135,7 @@ static int mount_bind(const char *root, const char
> *path, const char *name, int
> return -1;
> }
>
> -   if (readonly && mount(old, new, NULL, MS_BIND | MS_REMOUNT |
> MS_RDONLY, NULL)) {
> +   if (readonly && mount(NULL, new, NULL, MS_BIND | MS_REMOUNT |
> MS_RDONLY, NULL)) {
> ERROR("failed to remount ro %s: %s\n", new,
> strerror(errno));
> return -1;
> }
> @@ -135,80 +145,75 @@ static int mount_bind(const char *root, const char
> *path, const char *name, int
> return 0;
>  }
>
> -static int build_jail(const char *path)
> +static int build_jail_fs()
>  {
> struct library *l;
> struct extra *m;
> -   int ret = 0;
>
> -   mkdir(path, 0755);
> -
> -   if (mount("tmpfs", path, "tmpfs", MS_NOATIME, "mode=0755")) {
> +   if (mount("tmpfs", opts.path, "tmpfs", MS_NOATIME, "mode=0755")) {
> ERROR("tmpfs mount failed %s\n", strerror(errno));
> return -1;
> }
>
> -   avl_for_each_element(&libraries, l, avl)
> -   if (mount_bind(path, l->path, l->name, 1, -1))
> -   return -1;
> -
> -   list_for_each_entry(m, &extras, list)
> -   if (mount_bind(path, m->path, m->name, m->readonly, 0))
> -   return -1;
> -
> -   return ret;
> -}
> +   if (chdir(opts.path)) {
> +   ERROR("failed to chdir() in the jail root\n");
> +   return -1;
> +   }
>
> -static void _umount(const char *root, const char *path)
> -{
> -   char *buf = NULL;
> +   avl_init(&libraries, avl_strcmp, false, NULL);
> +   alloc_library_path("/lib64");
> +   alloc_library_path("/lib");
> +   alloc_library_path("/usr/lib");
> +   load_ldso_conf("/etc/ld.so.conf");
>
> -   if (asprintf(&buf, "%s%s", root, path) < 0) {
> -   ERROR("failed to alloc umount buffer: %s\n",
> strerror(errno));
> -   } else {
> -   DEBUG("umount %s\n", buf);
> -   umount(buf);
> -   free(buf);
> +   if (elf_load_deps(*opts.jail_argv)) {
> +   ER

[OpenWrt-Devel] [PATCH] procd: rework makefile, split ujail/seccomp

[Etienne CHAMPETIER]

this need to be applied after my work on ujail (procd git)
ujail doesn't depend on seccomp and some archs dont support seccomp

Signed-off-by: Etienne CHAMPETIER 
---
 package/system/procd/Makefile | 50 +--
 1 file changed, 25 insertions(+), 25 deletions(-)

diff --git a/package/system/procd/Makefile b/package/system/procd/Makefile
index 2c7ea3b..727a231 100644
--- a/package/system/procd/Makefile
+++ b/package/system/procd/Makefile
@@ -24,7 +24,8 @@ PKG_LICENSE_FILES:=
 
 PKG_MAINTAINER:=John Crispin 
 
-PKG_CONFIG_DEPENDS:= CONFIG_KERNEL_SECCOMP CONFIG_NAND_SUPPORT 
CONFIG_PROCD_SHOW_BOOT CONFIG_PROCD_ZRAM_TMPFS CONFIG_PROCD_JAIL_SUPPORT
+PKG_CONFIG_DEPENDS:= CONFIG_KERNEL_SECCOMP CONFIG_NAND_SUPPORT 
CONFIG_PROCD_SHOW_BOOT CONFIG_PROCD_ZRAM_TMPFS \
+   CONFIG_KERNEL_NAMESPACES CONFIG_PACKAGE_procd-ujail 
CONFIG_PACKAGE_procd-seccomp
 
 include $(INCLUDE_DIR)/package.mk
 include $(INCLUDE_DIR)/cmake.mk
@@ -38,12 +39,18 @@ define Package/procd
   TITLE:=OpenWrt system process manager
 endef
 
-define Package/procd-jail
+define Package/procd-ujail
   SECTION:=base
   CATEGORY:=Base system
-  DEPENDS:=procd +@KERNEL_NAMESPACES +@KERNEL_UTS_NS +@KERNEL_IPC_NS 
+@KERNEL_PID_NS @PROCD_JAIL_SUPPORT
-  TITLE:=OpenWrt process jail
-  DEFAULT:=n
+  DEPENDS:=@KERNEL_NAMESPACES +@KERNEL_UTS_NS +@KERNEL_IPC_NS +@KERNEL_PID_NS 
+libubox
+  TITLE:=OpenWrt process jail helper
+endef
+
+define Package/procd-seccomp
+  SECTION:=base
+  CATEGORY:=Base system
+  DEPENDS:=@arm||@armeb||@mips||@mipsel||@i386||@x86_64 @!TARGET_uml 
@KERNEL_SECCOMP +libubox +libblobmsg-json
+  TITLE:=OpenWrt process seccomp helper + utrace
 endef
 
 define Package/procd-nand
@@ -73,16 +80,6 @@ config PROCD_ZRAM_TMPFS
bool
default n
prompt "Mount /tmp using zram."
-
-config PROCD_JAIL_SUPPORT
-   bool
-   default y
-   depends on (arm || armeb || mips || mipsel || i386 || x86_64) && 
PROCD_SECCOMP_SUPPORT
-
-config PROCD_SECCOMP_SUPPORT
-   bool
-   default y
-   depends on (arm || armeb || mips || mipsel || i386 || x86_64) && 
!TARGET_uml && @KERNEL_SECCOMP
 endmenu
 endef
 
@@ -99,12 +96,12 @@ ifeq ($(CONFIG_PROCD_ZRAM_TMPFS),y)
   CMAKE_OPTIONS += -DZRAM_TMPFS=1
 endif
 
-ifeq ($(CONFIG_PROCD_JAIL_SUPPORT),y)
+ifdef CONFIG_PACKAGE_procd-ujail
   CMAKE_OPTIONS += -DJAIL_SUPPORT=1
 endif
 
-ifeq ($(CONFIG_PROCD_SECCOMP_SUPPORT),y)
-  CMAKE_OPTIONS += -DSECCOMP_SUPPORT=1
+ifdef CONFIG_PACKAGE_procd-seccomp
+  CMAKE_OPTIONS += -DSECCOMP_SUPPORT=1 -DUTRACE_SUPPORT=1
 endif
 
 define Package/procd/install
@@ -115,15 +112,17 @@ define Package/procd/install
$(INSTALL_BIN) ./files/reload_config $(1)/sbin/
$(INSTALL_DATA) ./files/hotplug*.json $(1)/etc/
$(INSTALL_DATA) ./files/procd.sh $(1)/lib/functions/
-ifeq ($(CONFIG_PROCD_SECCOMP_SUPPORT),y)
-   $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libpreload-seccomp.so 
$(1)/lib
-endif
 endef
 
-define Package/procd-jail/install
-   $(INSTALL_DIR) $(1)/sbin $(1)/lib
+define Package/procd-ujail/install
+   $(INSTALL_DIR) $(1)/sbin
+   $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ujail $(1)/sbin/
+endef
 
-   $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/{utrace,ujail} $(1)/sbin/
+define Package/procd-seccomp/install
+   $(INSTALL_DIR) $(1)/sbin $(1)/lib
+   $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libpreload-seccomp.so 
$(1)/lib
+   $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/utrace $(1)/sbin/
$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libpreload-trace.so $(1)/lib
 endef
 
@@ -141,6 +140,7 @@ define Package/procd-nand-firstboot/install
 endef
 
 $(eval $(call BuildPackage,procd))
-$(eval $(call BuildPackage,procd-jail))
+$(eval $(call BuildPackage,procd-ujail))
+$(eval $(call BuildPackage,procd-seccomp))
 $(eval $(call BuildPackage,procd-nand))
 $(eval $(call BuildPackage,procd-nand-firstboot))
-- 
1.9.1
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH procd v2 0/5] jail work

[Etienne CHAMPETIER]

This patch series rework a bit ujail,
and add capabilities support to it

Seccomp filter are very powerful but not totally generic,
each arch can have different set of syscalls,
each libc can use different syscall for the same function,
and seccomp isn't supported on all arch.

Capabilities are more high level, but still can restrict
jail to a sane minimum of privileges.

Patch 4 is a bit big and i can split it if needed, just tell me how

Waiting for your comments
Etienne
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH procd v2 1/5] add UTRACE_SUPPORT build option

[Etienne CHAMPETIER]

we can now build preload-seccomp, ujail, utrace separately

Signed-off-by: Etienne CHAMPETIER 
---
 CMakeLists.txt | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 6af17a3..805e2ed 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -84,7 +84,9 @@ TARGET_LINK_LIBRARIES(ujail ubox)
 INSTALL(TARGETS ujail
RUNTIME DESTINATION sbin
 )
+endif()
 
+IF(UTRACE_SUPPORT)
 ADD_EXECUTABLE(utrace trace/trace.c)
 TARGET_LINK_LIBRARIES(utrace ubox ${json} blobmsg_json)
 INSTALL(TARGETS utrace
-- 
1.9.1
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH procd v2 2/5] jail, seccomp: fix typo/improve log prefix

[Etienne CHAMPETIER]

(perload-jail -> preload-seccomp)

Signed-off-by: Etienne CHAMPETIER 
---
 jail/seccomp.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/jail/seccomp.h b/jail/seccomp.h
index 6c585ad..c44a607 100644
--- a/jail/seccomp.h
+++ b/jail/seccomp.h
@@ -12,8 +12,8 @@
  */
 
 #define INFO(fmt, ...) do { \
-   syslog(0,"perload-jail: "fmt, ## __VA_ARGS__); \
-   fprintf(stderr,"perload-jail: "fmt, ## __VA_ARGS__); \
+   syslog(0,"preload-seccomp: "fmt, ## __VA_ARGS__); \
+   fprintf(stderr,"preload-seccomp: "fmt, ## __VA_ARGS__); \
} while (0)
 
 int install_syscall_filter(const char *argv, const char *file);
-- 
1.9.1
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH procd v2 3/5] jail, seccomp: remove useless root check

[Etienne CHAMPETIER]

prctl(PR_SET_NO_NEW_PRIVS, 1) is enough, we don't require CAP_SYS_ADMIN
see
https://www.kernel.org/doc/Documentation/prctl/seccomp_filter.txt
https://www.kernel.org/doc/Documentation/prctl/no_new_privs.txt

Signed-off-by: Etienne CHAMPETIER 
---
 jail/preload.c | 6 --
 1 file changed, 6 deletions(-)

diff --git a/jail/preload.c b/jail/preload.c
index 97ac44d..a1cc0b6 100644
--- a/jail/preload.c
+++ b/jail/preload.c
@@ -27,14 +27,8 @@ static main_t __main__;
 
 static int __preload_main__(int argc, char **argv, char **envp)
 {
-   uid_t uid = getuid();
char *env_file = getenv("SECCOMP_FILE");
 
-   if (uid) {
-   INFO("preload-seccomp: %s: not root, cannot install seccomp 
filter\n", *argv);
-   return -1;
-   }
-
if (install_syscall_filter(*argv, env_file))
return -1;
 
-- 
1.9.1
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH procd v2 4/5] ujail: reworks & cleanups

[Etienne CHAMPETIER]

-use EXIT_SUCCESS/EXIT_FAILURE (not -1)
-parse every option in main, put them in opts struct
-add CLONE_NEWIPC to the clone() call (it's already compiled in openwrt kernel)
-return the exit status of the jailed process, or the num of the signal that 
killed it
-add missing options to usage()
-add a warning in usage() about ujail security
-debug option can now take an int as parameter (~debug level),
  with -d2 you now activate "LD_DEBUG=all" for exemple
-do not depend on libpreload-seccomp.so if -S is not present
-there is now only one ujail process instead of two

jail creation is now as follow:
1) create jail root dir (mkdir)
2) create new namespace (clone)
(in the parent wait for the child with uloop)
3) build the jail root fs (mount bind all the libs/bins ...),
pivot_root and mount special fs (procfs, sysfs) (build_jail_fs())
4) build envp (LD_PRELOAD the seccomp helper or ...)
5) drop capabilities (next patch)
6) execve the jailed bin
7) remove jail root dir (once child is dead)

there is no need to umount anything because we are already in a namespace

Todo:
-allow signals from the parent to the child

Feature request:
-when we add a file or dir, detect if it's an exec and add it's dependencies

Signed-off-by: Etienne CHAMPETIER 
---
 jail/jail.c | 391 
 1 file changed, 156 insertions(+), 235 deletions(-)

diff --git a/jail/jail.c b/jail/jail.c
index 2bba292..487d18f 100644
--- a/jail/jail.c
+++ b/jail/jail.c
@@ -43,7 +43,17 @@
 #include 
 
 #define STACK_SIZE (1024 * 1024)
-#define OPT_ARGS   "P:S:n:r:w:psuldo"
+#define OPT_ARGS   "P:S:n:r:w:d:psulo"
+
+static struct {
+   char *path;
+   char *name;
+   char **jail_argv;
+   char *seccomp;
+   int procfs;
+   int ronly;
+   int sysfs;
+} opts;
 
 struct extra {
struct list_head list;
@@ -125,7 +135,7 @@ static int mount_bind(const char *root, const char *path, 
const char *name, int
return -1;
}
 
-   if (readonly && mount(old, new, NULL, MS_BIND | MS_REMOUNT | MS_RDONLY, 
NULL)) {
+   if (readonly && mount(NULL, new, NULL, MS_BIND | MS_REMOUNT | 
MS_RDONLY, NULL)) {
ERROR("failed to remount ro %s: %s\n", new, strerror(errno));
return -1;
}
@@ -135,80 +145,75 @@ static int mount_bind(const char *root, const char *path, 
const char *name, int
return 0;
 }
 
-static int build_jail(const char *path)
+static int build_jail_fs()
 {
struct library *l;
struct extra *m;
-   int ret = 0;
 
-   mkdir(path, 0755);
-
-   if (mount("tmpfs", path, "tmpfs", MS_NOATIME, "mode=0755")) {
+   if (mount("tmpfs", opts.path, "tmpfs", MS_NOATIME, "mode=0755")) {
ERROR("tmpfs mount failed %s\n", strerror(errno));
return -1;
}
 
-   avl_for_each_element(&libraries, l, avl)
-   if (mount_bind(path, l->path, l->name, 1, -1))
-   return -1;
-
-   list_for_each_entry(m, &extras, list)
-   if (mount_bind(path, m->path, m->name, m->readonly, 0))
-   return -1;
-
-   return ret;
-}
+   if (chdir(opts.path)) {
+   ERROR("failed to chdir() in the jail root\n");
+   return -1;
+   }
 
-static void _umount(const char *root, const char *path)
-{
-   char *buf = NULL;
+   avl_init(&libraries, avl_strcmp, false, NULL);
+   alloc_library_path("/lib64");
+   alloc_library_path("/lib");
+   alloc_library_path("/usr/lib");
+   load_ldso_conf("/etc/ld.so.conf");
 
-   if (asprintf(&buf, "%s%s", root, path) < 0) {
-   ERROR("failed to alloc umount buffer: %s\n", strerror(errno));
-   } else {
-   DEBUG("umount %s\n", buf);
-   umount(buf);
-   free(buf);
+   if (elf_load_deps(*opts.jail_argv)) {
+   ERROR("failed to load dependencies\n");
+   return -1;
}
-}
 
-static int stop_jail(const char *root)
-{
-   struct library *l;
-   struct extra *m;
+   if (opts.seccomp && elf_load_deps("libpreload-seccomp.so")) {
+   ERROR("failed to load libpreload-seccomp.so\n");
+   return -1;
+   }
 
-   avl_for_each_element(&libraries, l, avl) {
-   char path[256];
-   char *p = l->path;
+   avl_for_each_element(&libraries, l, avl)
+   if (mount_bind(opts.path, l->path, l->name, 1, -1))
+   return -1;
 
-   if (strstr(p, "local"))
-   p = "/lib";
+   list_for_each

[OpenWrt-Devel] [PATCH procd v2 5/5] jail: add capabilities support

[Etienne CHAMPETIER]

If there is one or more capabilities in cap.keep,
drop all capabilities not in cap.keep.
Always drop all capabalities in cap.drop

exemple json syntax:
{
"cap.keep": [
"cap_net_raw"
],
"cap.drop": []
}

Signed-off-by: Etienne CHAMPETIER 
---
 CMakeLists.txt |  18 +---
 jail/capabilities.c| 116 +
 jail/capabilities.h|  14 ++
 jail/jail.c|  15 +--
 make_capabilities_h.sh |  10 +
 5 files changed, 164 insertions(+), 9 deletions(-)
 create mode 100644 jail/capabilities.c
 create mode 100644 jail/capabilities.h
 create mode 100755 make_capabilities_h.sh

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 805e2ed..cc1e4a5 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -67,7 +67,14 @@ ADD_CUSTOM_COMMAND(
COMMAND ./make_syscall_h.sh ${CMAKE_C_COMPILER} > ./syscall-names.h
DEPENDS ./make_syscall_h.sh
 )
-ADD_CUSTOM_TARGET(headers DEPENDS syscall-names.h)
+ADD_CUSTOM_TARGET(syscall-names-h DEPENDS syscall-names.h)
+
+ADD_CUSTOM_COMMAND(
+   OUTPUT capabilities-names.h
+   COMMAND ./make_capabilities_h.sh ${CMAKE_C_COMPILER} > 
./capabilities-names.h
+   DEPENDS ./make_capabilities_h.sh
+)
+ADD_CUSTOM_TARGET(capabilities-names-h DEPENDS capabilities-names.h)
 
 IF(SECCOMP_SUPPORT)
 ADD_LIBRARY(preload-seccomp SHARED jail/preload.c jail/seccomp.c)
@@ -75,15 +82,16 @@ TARGET_LINK_LIBRARIES(preload-seccomp dl ubox blobmsg_json)
 INSTALL(TARGETS preload-seccomp
LIBRARY DESTINATION lib
 )
-ADD_DEPENDENCIES(preload-seccomp headers)
+ADD_DEPENDENCIES(preload-seccomp syscall-names-h)
 endif()
 
 IF(JAIL_SUPPORT)
-ADD_EXECUTABLE(ujail jail/jail.c jail/elf.c)
-TARGET_LINK_LIBRARIES(ujail ubox)
+ADD_EXECUTABLE(ujail jail/jail.c jail/elf.c jail/capabilities.c)
+TARGET_LINK_LIBRARIES(ujail ubox blobmsg_json)
 INSTALL(TARGETS ujail
RUNTIME DESTINATION sbin
 )
+ADD_DEPENDENCIES(ujail capabilities-names-h)
 endif()
 
 IF(UTRACE_SUPPORT)
@@ -92,7 +100,7 @@ TARGET_LINK_LIBRARIES(utrace ubox ${json} blobmsg_json)
 INSTALL(TARGETS utrace
RUNTIME DESTINATION sbin
 )
-ADD_DEPENDENCIES(utrace headers)
+ADD_DEPENDENCIES(utrace syscall-names-h)
 
 ADD_LIBRARY(preload-trace SHARED trace/preload.c)
 TARGET_LINK_LIBRARIES(preload-trace dl)
diff --git a/jail/capabilities.c b/jail/capabilities.c
new file mode 100644
index 000..b5ea965
--- /dev/null
+++ b/jail/capabilities.c
@@ -0,0 +1,116 @@
+/*
+ * Copyright (C) 2015 Etienne CHAMPETIER 
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License version 2.1
+ * as published by the Free Software Foundation
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ */
+
+#define _GNU_SOURCE 1
+#include 
+#include 
+
+#include 
+#include 
+
+#include "log.h"
+#include "../capabilities-names.h"
+#include "capabilities.h"
+
+static int find_capabilities(const char *name)
+{
+   int i;
+
+   for (i = 0; i <= CAP_LAST_CAP; i++)
+   if (capabilities_names[i] && !strcmp(capabilities_names[i], 
name))
+   return i;
+
+   return -1;
+}
+
+int drop_capabilities(const char *file)
+{
+   enum {
+   CAP_KEEP,
+   CAP_DROP,
+   __CAP_MAX
+   };
+   static const struct blobmsg_policy policy[__CAP_MAX] = {
+   [CAP_KEEP] = { .name = "cap.keep", .type = BLOBMSG_TYPE_ARRAY },
+   [CAP_DROP] = { .name = "cap.drop", .type = BLOBMSG_TYPE_ARRAY },
+   };
+   struct blob_buf b = { 0 };
+   struct blob_attr *tb[__CAP_MAX];
+   struct blob_attr *cur;
+   int rem, cap;
+   char *name;
+   uint64_t capdrop = 0LLU;
+
+   DEBUG("dropping capabilities\n");
+
+   blob_buf_init(&b, 0);
+   if (!blobmsg_add_json_from_file(&b, file)) {
+   ERROR("failed to load %s\n", file);
+   return -1;
+   }
+
+   blobmsg_parse(policy, __CAP_MAX, tb, blob_data(b.head), 
blob_len(b.head));
+   if (!tb[CAP_KEEP] && !tb[CAP_DROP]) {
+   ERROR("failed to parse %s\n", file);
+   return -1;
+   }
+
+   blobmsg_for_each_attr(cur, tb[CAP_KEEP], rem) {
+   name = blobmsg_get_string(cur);
+   if (!name) {
+   ERROR("invalid capability name in cap.keep\n");
+   return -1;
+   }
+   cap = find_capabilities(name);
+   if (cap == -1) {
+   ERROR("unknown capability %s in cap.keep\n", name);
+   retur

[OpenWrt-Devel] [PATCH v2] procd: rework makefile, split ujail/seccomp

[Etienne CHAMPETIER]

this need to be applied after my work on ujail (procd git)
ujail doesn't depend on seccomp and some archs dont support seccomp

Signed-off-by: Etienne CHAMPETIER 
---
 package/system/procd/Makefile | 50 +--
 1 file changed, 25 insertions(+), 25 deletions(-)

diff --git a/package/system/procd/Makefile b/package/system/procd/Makefile
index 2c7ea3b..3752332 100644
--- a/package/system/procd/Makefile
+++ b/package/system/procd/Makefile
@@ -24,7 +24,8 @@ PKG_LICENSE_FILES:=
 
 PKG_MAINTAINER:=John Crispin 
 
-PKG_CONFIG_DEPENDS:= CONFIG_KERNEL_SECCOMP CONFIG_NAND_SUPPORT 
CONFIG_PROCD_SHOW_BOOT CONFIG_PROCD_ZRAM_TMPFS CONFIG_PROCD_JAIL_SUPPORT
+PKG_CONFIG_DEPENDS:= CONFIG_KERNEL_SECCOMP CONFIG_NAND_SUPPORT 
CONFIG_PROCD_SHOW_BOOT CONFIG_PROCD_ZRAM_TMPFS \
+   CONFIG_KERNEL_NAMESPACES CONFIG_PACKAGE_procd-ujail 
CONFIG_PACKAGE_procd-seccomp
 
 include $(INCLUDE_DIR)/package.mk
 include $(INCLUDE_DIR)/cmake.mk
@@ -38,12 +39,18 @@ define Package/procd
   TITLE:=OpenWrt system process manager
 endef
 
-define Package/procd-jail
+define Package/procd-ujail
   SECTION:=base
   CATEGORY:=Base system
-  DEPENDS:=procd +@KERNEL_NAMESPACES +@KERNEL_UTS_NS +@KERNEL_IPC_NS 
+@KERNEL_PID_NS @PROCD_JAIL_SUPPORT
-  TITLE:=OpenWrt process jail
-  DEFAULT:=n
+  DEPENDS:=@KERNEL_NAMESPACES +@KERNEL_UTS_NS +@KERNEL_IPC_NS +@KERNEL_PID_NS 
+libubox +libblobmsg-json
+  TITLE:=OpenWrt process jail helper
+endef
+
+define Package/procd-seccomp
+  SECTION:=base
+  CATEGORY:=Base system
+  DEPENDS:=@arm||@armeb||@mips||@mipsel||@i386||@x86_64 @!TARGET_uml 
@KERNEL_SECCOMP +libubox +libblobmsg-json
+  TITLE:=OpenWrt process seccomp helper + utrace
 endef
 
 define Package/procd-nand
@@ -73,16 +80,6 @@ config PROCD_ZRAM_TMPFS
bool
default n
prompt "Mount /tmp using zram."
-
-config PROCD_JAIL_SUPPORT
-   bool
-   default y
-   depends on (arm || armeb || mips || mipsel || i386 || x86_64) && 
PROCD_SECCOMP_SUPPORT
-
-config PROCD_SECCOMP_SUPPORT
-   bool
-   default y
-   depends on (arm || armeb || mips || mipsel || i386 || x86_64) && 
!TARGET_uml && @KERNEL_SECCOMP
 endmenu
 endef
 
@@ -99,12 +96,12 @@ ifeq ($(CONFIG_PROCD_ZRAM_TMPFS),y)
   CMAKE_OPTIONS += -DZRAM_TMPFS=1
 endif
 
-ifeq ($(CONFIG_PROCD_JAIL_SUPPORT),y)
+ifdef CONFIG_PACKAGE_procd-ujail
   CMAKE_OPTIONS += -DJAIL_SUPPORT=1
 endif
 
-ifeq ($(CONFIG_PROCD_SECCOMP_SUPPORT),y)
-  CMAKE_OPTIONS += -DSECCOMP_SUPPORT=1
+ifdef CONFIG_PACKAGE_procd-seccomp
+  CMAKE_OPTIONS += -DSECCOMP_SUPPORT=1 -DUTRACE_SUPPORT=1
 endif
 
 define Package/procd/install
@@ -115,15 +112,17 @@ define Package/procd/install
$(INSTALL_BIN) ./files/reload_config $(1)/sbin/
$(INSTALL_DATA) ./files/hotplug*.json $(1)/etc/
$(INSTALL_DATA) ./files/procd.sh $(1)/lib/functions/
-ifeq ($(CONFIG_PROCD_SECCOMP_SUPPORT),y)
-   $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libpreload-seccomp.so 
$(1)/lib
-endif
 endef
 
-define Package/procd-jail/install
-   $(INSTALL_DIR) $(1)/sbin $(1)/lib
+define Package/procd-ujail/install
+   $(INSTALL_DIR) $(1)/sbin
+   $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ujail $(1)/sbin/
+endef
 
-   $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/{utrace,ujail} $(1)/sbin/
+define Package/procd-seccomp/install
+   $(INSTALL_DIR) $(1)/sbin $(1)/lib
+   $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libpreload-seccomp.so 
$(1)/lib
+   $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/utrace $(1)/sbin/
$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libpreload-trace.so $(1)/lib
 endef
 
@@ -141,6 +140,7 @@ define Package/procd-nand-firstboot/install
 endef
 
 $(eval $(call BuildPackage,procd))
-$(eval $(call BuildPackage,procd-jail))
+$(eval $(call BuildPackage,procd-ujail))
+$(eval $(call BuildPackage,procd-seccomp))
 $(eval $(call BuildPackage,procd-nand))
 $(eval $(call BuildPackage,procd-nand-firstboot))
-- 
1.9.1
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH procd v2 0/5] jail work

[Etienne Champetier]

2015-08-26 15:48 GMT+02:00 John Crispin :

>
>
> On 26/08/2015 01:00, Etienne CHAMPETIER wrote:
> > This patch series rework a bit ujail,
> > and add capabilities support to it
>
> nice
>
> >
> > Seccomp filter are very powerful but not totally generic,
> > each arch can have different set of syscalls,
> > each libc can use different syscall for the same function,
> > and seccomp isn't supported on all arch.
> >
> > Capabilities are more high level, but still can restrict
> > jail to a sane minimum of privileges.
>
>
> >
> > Patch 4 is a bit big and i can split it if needed, just tell me how
>
> will have a closer look next few days
>
forgot to say it's tested on ar71xx with CC (and also on ubuntu 14.04)


there seem to be a way to escape from the rebind mount jail that QCA has
> found

more than one ;) can you share? (with root rights you can kexec, mount
/dev, ...)
that's why you really need to limit rights with capabilities drop or
seccomp filter
(i'm adding a vague warning in usage)


> and i have not had the time yet to finish my jailfs module.

with my patches you don't see all the bind mount anymore ("in the host"),
they are only in the jail mount namespace.

to see the mounts inside the jail you can still do
cat /proc//mounts

it
> runs and loads, i can do mounts and access files inside them using
> normal shell calls. however if is point a jail instance at the
> mountpoint it oops horribly. i suspect that i am either using vfs wrong
> or am missing locking/ref-counting somewhere. i'll throw the code onto
> github later today or tomorrow and post the link. maybe someone with
> more knowledge of vfs can help fix it.
>
what problem are you fixing with jailfs? (real question/to be sure there is
no simpler solution)
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH procd v3 0/7] jail work

[Etienne CHAMPETIER]

v3 of my (u)jail work, you can now use separately
namespaces jail, capabilities and seccomp

Openwrt procd Makefile patch v2 is still ok
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH procd v3 1/7] add UTRACE_SUPPORT build option

[Etienne CHAMPETIER]

we can now build preload-seccomp, ujail, utrace separately

Signed-off-by: Etienne CHAMPETIER 
---
 CMakeLists.txt | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 6af17a3..805e2ed 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -84,7 +84,9 @@ TARGET_LINK_LIBRARIES(ujail ubox)
 INSTALL(TARGETS ujail
RUNTIME DESTINATION sbin
 )
+endif()
 
+IF(UTRACE_SUPPORT)
 ADD_EXECUTABLE(utrace trace/trace.c)
 TARGET_LINK_LIBRARIES(utrace ubox ${json} blobmsg_json)
 INSTALL(TARGETS utrace
-- 
1.9.1
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH procd v3 4/7] jail: reworks & cleanups

[Etienne CHAMPETIER]

-use EXIT_SUCCESS/EXIT_FAILURE (not -1)
-parse every option in main, put them in opts struct
-add CLONE_NEWIPC to the clone() call (it's already compiled in openwrt kernel)
-return the exit status of the jailed process, or the num of the signal that 
killed it
-add missing options to usage()
-add a warning in usage() about ujail security
-debug option can now take an int as parameter (~debug level),
  with -d2 you now activate "LD_DEBUG=all" for exemple
-do not depend on libpreload-seccomp.so if -S is not present
-there is now only one ujail process instead of two

jail creation is now as follow:
1) create jail root dir (mkdir)
2) create new namespace (clone)
(in the parent wait for the child with uloop)
3) build the jail root fs (mount bind all the libs/bins ...),
pivot_root and mount special fs (procfs, sysfs) (build_jail_fs())
4) build envp (LD_PRELOAD the seccomp helper or ...)
5) drop capabilities (next patch)
6) execve the jailed bin
7) remove jail root dir (once child is dead)

there is no need to umount anything because we are already in a namespace

Todo:
-allow signals from the parent to the child

Feature request:
-when we add a file or dir, detect if it's an exec and add it's dependencies

Signed-off-by: Etienne CHAMPETIER 
---
 jail/jail.c | 393 
 1 file changed, 157 insertions(+), 236 deletions(-)

diff --git a/jail/jail.c b/jail/jail.c
index 2bba292..f8139b8 100644
--- a/jail/jail.c
+++ b/jail/jail.c
@@ -43,7 +43,17 @@
 #include 
 
 #define STACK_SIZE (1024 * 1024)
-#define OPT_ARGS   "P:S:n:r:w:psuldo"
+#define OPT_ARGS   "P:S:n:r:w:d:psulo"
+
+static struct {
+   char *path;
+   char *name;
+   char **jail_argv;
+   char *seccomp;
+   int procfs;
+   int ronly;
+   int sysfs;
+} opts;
 
 struct extra {
struct list_head list;
@@ -125,7 +135,7 @@ static int mount_bind(const char *root, const char *path, 
const char *name, int
return -1;
}
 
-   if (readonly && mount(old, new, NULL, MS_BIND | MS_REMOUNT | MS_RDONLY, 
NULL)) {
+   if (readonly && mount(NULL, new, NULL, MS_BIND | MS_REMOUNT | 
MS_RDONLY, NULL)) {
ERROR("failed to remount ro %s: %s\n", new, strerror(errno));
return -1;
}
@@ -135,80 +145,75 @@ static int mount_bind(const char *root, const char *path, 
const char *name, int
return 0;
 }
 
-static int build_jail(const char *path)
+static int build_jail_fs()
 {
struct library *l;
struct extra *m;
-   int ret = 0;
 
-   mkdir(path, 0755);
-
-   if (mount("tmpfs", path, "tmpfs", MS_NOATIME, "mode=0755")) {
+   if (mount("tmpfs", opts.path, "tmpfs", MS_NOATIME, "mode=0755")) {
ERROR("tmpfs mount failed %s\n", strerror(errno));
return -1;
}
 
-   avl_for_each_element(&libraries, l, avl)
-   if (mount_bind(path, l->path, l->name, 1, -1))
-   return -1;
-
-   list_for_each_entry(m, &extras, list)
-   if (mount_bind(path, m->path, m->name, m->readonly, 0))
-   return -1;
-
-   return ret;
-}
+   if (chdir(opts.path)) {
+   ERROR("failed to chdir() in the jail root\n");
+   return -1;
+   }
 
-static void _umount(const char *root, const char *path)
-{
-   char *buf = NULL;
+   avl_init(&libraries, avl_strcmp, false, NULL);
+   alloc_library_path("/lib64");
+   alloc_library_path("/lib");
+   alloc_library_path("/usr/lib");
+   load_ldso_conf("/etc/ld.so.conf");
 
-   if (asprintf(&buf, "%s%s", root, path) < 0) {
-   ERROR("failed to alloc umount buffer: %s\n", strerror(errno));
-   } else {
-   DEBUG("umount %s\n", buf);
-   umount(buf);
-   free(buf);
+   if (elf_load_deps(*opts.jail_argv)) {
+   ERROR("failed to load dependencies\n");
+   return -1;
}
-}
 
-static int stop_jail(const char *root)
-{
-   struct library *l;
-   struct extra *m;
+   if (opts.seccomp && elf_load_deps("libpreload-seccomp.so")) {
+   ERROR("failed to load libpreload-seccomp.so\n");
+   return -1;
+   }
 
-   avl_for_each_element(&libraries, l, avl) {
-   char path[256];
-   char *p = l->path;
+   avl_for_each_element(&libraries, l, avl)
+   if (mount_bind(opts.path, l->path, l->name, 1, -1))
+   return -1;
 
-   if (strstr(p, "local"))
-   p = "/lib";
+   list_for_each

[OpenWrt-Devel] [PATCH procd v3 2/7] jail, seccomp: fix typo/improve log prefix

[Etienne CHAMPETIER]

(perload-jail -> preload-seccomp)

Signed-off-by: Etienne CHAMPETIER 
---
 jail/seccomp.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/jail/seccomp.h b/jail/seccomp.h
index 6c585ad..c44a607 100644
--- a/jail/seccomp.h
+++ b/jail/seccomp.h
@@ -12,8 +12,8 @@
  */
 
 #define INFO(fmt, ...) do { \
-   syslog(0,"perload-jail: "fmt, ## __VA_ARGS__); \
-   fprintf(stderr,"perload-jail: "fmt, ## __VA_ARGS__); \
+   syslog(0,"preload-seccomp: "fmt, ## __VA_ARGS__); \
+   fprintf(stderr,"preload-seccomp: "fmt, ## __VA_ARGS__); \
} while (0)
 
 int install_syscall_filter(const char *argv, const char *file);
-- 
1.9.1
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH procd v3 3/7] jail, seccomp: remove useless root check

[Etienne CHAMPETIER]

prctl(PR_SET_NO_NEW_PRIVS, 1) is enough, we don't require CAP_SYS_ADMIN
see
https://www.kernel.org/doc/Documentation/prctl/seccomp_filter.txt
https://www.kernel.org/doc/Documentation/prctl/no_new_privs.txt

Signed-off-by: Etienne CHAMPETIER 
---
 jail/preload.c | 6 --
 1 file changed, 6 deletions(-)

diff --git a/jail/preload.c b/jail/preload.c
index 97ac44d..a1cc0b6 100644
--- a/jail/preload.c
+++ b/jail/preload.c
@@ -27,14 +27,8 @@ static main_t __main__;
 
 static int __preload_main__(int argc, char **argv, char **envp)
 {
-   uid_t uid = getuid();
char *env_file = getenv("SECCOMP_FILE");
 
-   if (uid) {
-   INFO("preload-seccomp: %s: not root, cannot install seccomp 
filter\n", *argv);
-   return -1;
-   }
-
if (install_syscall_filter(*argv, env_file))
return -1;
 
-- 
1.9.1
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH procd v3 6/7] jail: cleanup include

[Etienne CHAMPETIER]

Signed-off-by: Etienne CHAMPETIER 
---
 jail/elf.c  | 14 --
 jail/jail.c | 10 --
 jail/log.h  |  1 +
 3 files changed, 1 insertion(+), 24 deletions(-)

diff --git a/jail/elf.c b/jail/elf.c
index c198599..cbb3051 100644
--- a/jail/elf.c
+++ b/jail/elf.c
@@ -12,33 +12,19 @@
  */
 
 #define _GNU_SOURCE
-#include 
 #include 
-#include 
-#include 
-#include 
 
 #include 
 #include 
-#include 
-#include 
-#include 
-#include 
-#include 
 #include 
 #include 
 #include 
 #include 
-#include 
 #include 
 #include 
 #include 
 
-#include 
-#include 
 #include 
-#include 
-#include 
 
 #include "elf.h"
 
diff --git a/jail/jail.c b/jail/jail.c
index 3d0830e..40b7558 100644
--- a/jail/jail.c
+++ b/jail/jail.c
@@ -12,12 +12,6 @@
  */
 
 #define _GNU_SOURCE
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
 #include 
 #include 
 #include 
@@ -30,16 +24,12 @@
 #include 
 #include 
 #include 
-#include 
 #include 
-#include 
-#include 
 #include 
 
 #include "elf.h"
 #include "capabilities.h"
 
-#include 
 #include 
 #include 
 
diff --git a/jail/log.h b/jail/log.h
index f8590b3..b1d201e 100644
--- a/jail/log.h
+++ b/jail/log.h
@@ -12,6 +12,7 @@
  */
 
 extern int debug;
+#include 
 
 #define INFO(fmt, ...) do { \
printf("jail: "fmt, ## __VA_ARGS__); \
-- 
1.9.1
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH procd v3 5/7] jail: add capabilities support

[Etienne CHAMPETIER]

If there is one or more capabilities in cap.keep,
drop all capabilities not in cap.keep.
Always drop all capabalities in cap.drop

exemple json syntax:
{
"cap.keep": [
"cap_net_raw"
],
"cap.drop": []
}

Signed-off-by: Etienne CHAMPETIER 
---
 CMakeLists.txt |  18 +---
 jail/capabilities.c| 116 +
 jail/capabilities.h|  14 ++
 jail/jail.c|  15 +--
 make_capabilities_h.sh |  10 +
 5 files changed, 164 insertions(+), 9 deletions(-)
 create mode 100644 jail/capabilities.c
 create mode 100644 jail/capabilities.h
 create mode 100755 make_capabilities_h.sh

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 805e2ed..cc1e4a5 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -67,7 +67,14 @@ ADD_CUSTOM_COMMAND(
COMMAND ./make_syscall_h.sh ${CMAKE_C_COMPILER} > ./syscall-names.h
DEPENDS ./make_syscall_h.sh
 )
-ADD_CUSTOM_TARGET(headers DEPENDS syscall-names.h)
+ADD_CUSTOM_TARGET(syscall-names-h DEPENDS syscall-names.h)
+
+ADD_CUSTOM_COMMAND(
+   OUTPUT capabilities-names.h
+   COMMAND ./make_capabilities_h.sh ${CMAKE_C_COMPILER} > 
./capabilities-names.h
+   DEPENDS ./make_capabilities_h.sh
+)
+ADD_CUSTOM_TARGET(capabilities-names-h DEPENDS capabilities-names.h)
 
 IF(SECCOMP_SUPPORT)
 ADD_LIBRARY(preload-seccomp SHARED jail/preload.c jail/seccomp.c)
@@ -75,15 +82,16 @@ TARGET_LINK_LIBRARIES(preload-seccomp dl ubox blobmsg_json)
 INSTALL(TARGETS preload-seccomp
LIBRARY DESTINATION lib
 )
-ADD_DEPENDENCIES(preload-seccomp headers)
+ADD_DEPENDENCIES(preload-seccomp syscall-names-h)
 endif()
 
 IF(JAIL_SUPPORT)
-ADD_EXECUTABLE(ujail jail/jail.c jail/elf.c)
-TARGET_LINK_LIBRARIES(ujail ubox)
+ADD_EXECUTABLE(ujail jail/jail.c jail/elf.c jail/capabilities.c)
+TARGET_LINK_LIBRARIES(ujail ubox blobmsg_json)
 INSTALL(TARGETS ujail
RUNTIME DESTINATION sbin
 )
+ADD_DEPENDENCIES(ujail capabilities-names-h)
 endif()
 
 IF(UTRACE_SUPPORT)
@@ -92,7 +100,7 @@ TARGET_LINK_LIBRARIES(utrace ubox ${json} blobmsg_json)
 INSTALL(TARGETS utrace
RUNTIME DESTINATION sbin
 )
-ADD_DEPENDENCIES(utrace headers)
+ADD_DEPENDENCIES(utrace syscall-names-h)
 
 ADD_LIBRARY(preload-trace SHARED trace/preload.c)
 TARGET_LINK_LIBRARIES(preload-trace dl)
diff --git a/jail/capabilities.c b/jail/capabilities.c
new file mode 100644
index 000..b5ea965
--- /dev/null
+++ b/jail/capabilities.c
@@ -0,0 +1,116 @@
+/*
+ * Copyright (C) 2015 Etienne CHAMPETIER 
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License version 2.1
+ * as published by the Free Software Foundation
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ */
+
+#define _GNU_SOURCE 1
+#include 
+#include 
+
+#include 
+#include 
+
+#include "log.h"
+#include "../capabilities-names.h"
+#include "capabilities.h"
+
+static int find_capabilities(const char *name)
+{
+   int i;
+
+   for (i = 0; i <= CAP_LAST_CAP; i++)
+   if (capabilities_names[i] && !strcmp(capabilities_names[i], 
name))
+   return i;
+
+   return -1;
+}
+
+int drop_capabilities(const char *file)
+{
+   enum {
+   CAP_KEEP,
+   CAP_DROP,
+   __CAP_MAX
+   };
+   static const struct blobmsg_policy policy[__CAP_MAX] = {
+   [CAP_KEEP] = { .name = "cap.keep", .type = BLOBMSG_TYPE_ARRAY },
+   [CAP_DROP] = { .name = "cap.drop", .type = BLOBMSG_TYPE_ARRAY },
+   };
+   struct blob_buf b = { 0 };
+   struct blob_attr *tb[__CAP_MAX];
+   struct blob_attr *cur;
+   int rem, cap;
+   char *name;
+   uint64_t capdrop = 0LLU;
+
+   DEBUG("dropping capabilities\n");
+
+   blob_buf_init(&b, 0);
+   if (!blobmsg_add_json_from_file(&b, file)) {
+   ERROR("failed to load %s\n", file);
+   return -1;
+   }
+
+   blobmsg_parse(policy, __CAP_MAX, tb, blob_data(b.head), 
blob_len(b.head));
+   if (!tb[CAP_KEEP] && !tb[CAP_DROP]) {
+   ERROR("failed to parse %s\n", file);
+   return -1;
+   }
+
+   blobmsg_for_each_attr(cur, tb[CAP_KEEP], rem) {
+   name = blobmsg_get_string(cur);
+   if (!name) {
+   ERROR("invalid capability name in cap.keep\n");
+   return -1;
+   }
+   cap = find_capabilities(name);
+   if (cap == -1) {
+   ERROR("unknown capability %s in cap.keep\n", name);
+   retur

[OpenWrt-Devel] [PATCH procd v3 7/7] jail: allow to not use namespaces

[Etienne CHAMPETIER]

building a generic jail can be hard,
choosing to drop some capabilities can be easier.

This commit permit to use namespaces, capabilities
and seccomp combined as you like.

Signed-off-by: Etienne CHAMPETIER 
---
 jail/jail.c | 76 +
 1 file changed, 56 insertions(+), 20 deletions(-)

diff --git a/jail/jail.c b/jail/jail.c
index 40b7558..f459a5e 100644
--- a/jail/jail.c
+++ b/jail/jail.c
@@ -42,6 +42,7 @@ static struct {
char **jail_argv;
char *seccomp;
char *capabilities;
+   int namespace;
int procfs;
int ronly;
int sysfs;
@@ -233,13 +234,14 @@ static char** build_envp(const char *seccomp)
 static void usage(void)
 {
fprintf(stderr, "ujail  --  \n");
-   fprintf(stderr, "  -P \tpath where the jail will be staged\n");
-   fprintf(stderr, "  -S \tseccomp filter\n");
+   fprintf(stderr, "  -d \tshow debug log (increase num to increase 
verbosity)\n");
+   fprintf(stderr, "  -S \tseccomp filter config\n");
fprintf(stderr, "  -C \tcapabilities drop config\n");
fprintf(stderr, "  -n \tthe name of the jail\n");
+   fprintf(stderr, "namespace jail options:\n");
+   fprintf(stderr, "  -P \tpath where the jail will be staged\n");
fprintf(stderr, "  -r \treadonly files that should be staged\n");
fprintf(stderr, "  -w \twriteable files that should be staged\n");
-   fprintf(stderr, "  -d \tshow debug log (increase num to increase 
verbosity)\n");
fprintf(stderr, "  -p\t\tjail has /proc\n");
fprintf(stderr, "  -s\t\tjail has /sys\n");
fprintf(stderr, "  -l\t\tjail has /dev/log\n");
@@ -248,20 +250,14 @@ static void usage(void)
fprintf(stderr, "\nWarning: by default root inside the jail is the 
same\n\
 and he has the same powers as root outside the jail,\n\
 thus he can escape the jail and/or break stuff.\n\
-Please use an appropriate seccomp/capabilities filter (-S/-C) to restrict his 
powers\n");
+Please use seccomp/capabilities (-S/-C) to restrict his powers\n\n\
+If you use none of the namespace jail options,\n\
+ujail will not use namespace/build a jail,\n\
+and will only drop capabilities/apply seccomp filter.\n\n");
 }
 
-static int spawn_jail(void *arg)
+static int exec_jail()
 {
-   if (opts.name && sethostname(opts.name, strlen(opts.name))) {
-   ERROR("failed to sethostname: %s\n", strerror(errno));
-   }
-
-   if (build_jail_fs()) {
-   ERROR("failed to build jail fs");
-   exit(EXIT_FAILURE);
-   }
-
char **envp = build_envp(opts.seccomp);
if (!envp)
exit(EXIT_FAILURE);
@@ -276,6 +272,20 @@ static int spawn_jail(void *arg)
exit(EXIT_FAILURE);
 }
 
+static int spawn_jail(void *arg)
+{
+   if (opts.name && sethostname(opts.name, strlen(opts.name))) {
+   ERROR("failed to sethostname: %s\n", strerror(errno));
+   }
+
+   if (build_jail_fs()) {
+   ERROR("failed to build jail fs");
+   exit(EXIT_FAILURE);
+   }
+
+   return exec_jail();
+}
+
 static int jail_running = 1;
 static int jail_return_code = 0;
 
@@ -335,12 +345,15 @@ int main(int argc, char **argv)
debug = atoi(optarg);
break;
case 'p':
+   opts.namespace = 1;
opts.procfs = 1;
break;
case 'o':
+   opts.namespace = 1;
opts.ronly = 1;
break;
case 's':
+   opts.namespace = 1;
opts.sysfs = 1;
break;
case 'S':
@@ -352,21 +365,26 @@ int main(int argc, char **argv)
add_extra(optarg, 1);
break;
case 'P':
+   opts.namespace = 1;
opts.path = optarg;
break;
case 'n':
opts.name = optarg;
break;
case 'r':
+   opts.namespace = 1;
add_extra(optarg, 1);
break;
case 'w':
+   opts.namespace = 1;
add_extra(optarg, 0);
break;
case 'u':
+   opts.namespace = 1;
add_extra(ubus, 0);
break;
case 'l':
+   opts.namespace 

Re: [OpenWrt-Devel] [PATCH procd v2 0/5] jail work

[Etienne Champetier]

2015-08-27 12:18 GMT+02:00 John Crispin :

>
>
> On 26/08/2015 18:20, Etienne Champetier wrote:
> >
> >
> > 2015-08-26 15:48 GMT+02:00 John Crispin  > <mailto:blo...@openwrt.org>>:
> >
> > On 26/08/2015 01:00, Etienne CHAMPETIER wrote:
> > > This patch series rework a bit ujail,
> > > and add capabilities support to it
> >
> > nice
> >
> > >
> > > Seccomp filter are very powerful but not totally generic,
> > > each arch can have different set of syscalls,
> > > each libc can use different syscall for the same function,
> > > and seccomp isn't supported on all arch.
> > >
> > > Capabilities are more high level, but still can restrict
> > > jail to a sane minimum of privileges.
> >
> > >
> > > Patch 4 is a bit big and i can split it if needed, just tell me how
> >
> > will have a closer look next few days
> >
> > forgot to say it's tested on ar71xx with CC (and also on ubuntu 14.04)
> >
> > there seem to be a way to escape from the rebind mount jail that QCA
> has
> > found
> >
> > more than one ;) can you share? (with root rights you can kexec, mount
> > /dev, ...)
>
> well if you are root you are root and can delete the bootloader. the
> idea of the jail is that you are not root.
>

Totaly disagree on that.
Many core program need 1 or a few capabilities, but don't start if you are
not root
take for exemple busybox ntpd,
http://git.busybox.net/busybox/tree/networking/ntpd.c#n2122
i'm pretty sure it only need CAP_SYS_TIME, but it check for root rights :)

root give you 2 things:
all the capabilities,
read write access on root file
there is no uid==0 in the kernel, only capabilities check

If you drop all capabilities, root is a normal user,
with the exception that he is in general the owner of most or all the file
(that's when namespaces come into play)

For me the idea of the jail is to restrict the daemon as much as possible,
without patching it, so if it need to be root ...


> i will prvide details later on
>
cool


>
> > that's why you really need to limit rights with capabilities drop or
> > seccomp filter
> > (i'm adding a vague warning in usage)
>
> why do you want to run a privileged user and restrict is perms rather
> than just use an unprivileged user ?
>
see comment before


>
> >
> >
> > and i have not had the time yet to finish my jailfs module.
> >
> > with my patches you don't see all the bind mount anymore ("in the host"),
> > they are only in the jail mount namespace.
> >
> > to see the mounts inside the jail you can still do
> > cat /proc//mounts
>
> we dont want rebind mounts at all, they were only an intermediate solution
>

why? what's the problem with rebind mounts?
It work for me TM :)


>
> >
> > it
> > runs and loads, i can do mounts and access files inside them using
> > normal shell calls. however if is point a jail instance at the
> > mountpoint it oops horribly. i suspect that i am either using vfs
> wrong
> > or am missing locking/ref-counting somewhere. i'll throw the code
> onto
> > github later today or tomorrow and post the link. maybe someone with
> > more knowledge of vfs can help fix it.
> >
> > what problem are you fixing with jailfs? (real question/to be sure there
> > is no simpler solution)
> >
>
> jailfs is similar overlayfs as it has a lower dir that we overlay but
> now with changes but with a set of filter rules ... consider it like a
> firewall for file i/o
>

My question is what features does jailfs provides that you can't do now?
I'm not writing that to criticize or discourage you, just want to know ;)

In any case thanks for your work

Etienne
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] Renaming trunk to Dxx Dxx ?

[Etienne Champetier]

2015-09-09 15:20 GMT+02:00 Hannu Nyman :

> I repeat my earlier wish that trunk should be renamed as soon as possible.
>
> There has been several changes during the summer that have made trunk to
> significantly deviate from the CC branch. Some of the changes are under the
> hood (like musl vs. uClibc), but especially the recent telnet removal is
> rather prominent change for users. From documentation / advice / forum
> discussion perspective it is rather frustrating that both trunk and 15.05
> are still referenced as "Chaos Calmer".
>
> Having trunk renamed to something Dxxx Dxxx would clarify things.
>
> +1
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] Renaming trunk to Dxx Dxx ? Or seperate name for Trunk?

[Etienne Champetier]

2015-09-11 8:46 GMT+02:00 John Crispin :

>
>
> On 11/09/2015 08:39, Rafał Miłecki wrote:
> > On 11 September 2015 at 07:51, John Crispin  wrote:
> >> On 11/09/2015 07:18, Rafał Miłecki wrote:
> >>> On 9 September 2015 at 17:24, Tobias Welz  wrote:
>  BTW: Why does the trunk has to be "renamed". The trunk is always
> recent, so
>  it could also have a persistent name like "Bleeding Edge" (BTW: is
> this a
>  cocktail?) and it would be always clear, that you are on the trunk.
> Similar
>  like Debian Unstable (trunk) is always called "Sid".
> >>>
> >>> We may wait with branching until some rcX (we did that in past), so we
> >>> need a release name in trunk.
> >>
> >> we just need to change the name inside trunk when we fork. this time we
> >> did not do this as we did a public vote for the name and the result was
> >> not known when we forked.
> >
> > I know, my reply was to explain why we *want* names in trunk :)
> >
>
> agreed! I tried to explain why what you and me think is best did not
> work out this time :)
>
>
Now that everyone has explained why it's cool to have a name in trunk,
maybe we can have it :)
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] Renaming trunk to Dxx Dxx ? Or seperate name for Trunk?

[Etienne Champetier]

2015-09-11 8:59 GMT+02:00 John Crispin :

>
>
> On 11/09/2015 08:53, Etienne Champetier wrote:
> >
> >
> > 2015-09-11 8:46 GMT+02:00 John Crispin  > <mailto:blo...@openwrt.org>>:
> >
> >
> >
> > On 11/09/2015 08:39, Rafał Miłecki wrote:
> > > On 11 September 2015 at 07:51, John Crispin  <mailto:blo...@openwrt.org>> wrote:
> > >> On 11/09/2015 07:18, Rafał Miłecki wrote:
> > >>> On 9 September 2015 at 17:24, Tobias Welz  t...@wiznet.eu>> wrote:
> > >>>> BTW: Why does the trunk has to be "renamed". The trunk is
> always recent, so
> > >>>> it could also have a persistent name like "Bleeding Edge" (BTW:
> is this a
> > >>>> cocktail?) and it would be always clear, that you are on the
> trunk. Similar
> > >>>> like Debian Unstable (trunk) is always called "Sid".
> > >>>
> > >>> We may wait with branching until some rcX (we did that in past),
> so we
> > >>> need a release name in trunk.
> > >>
> > >> we just need to change the name inside trunk when we fork. this
> time we
> > >> did not do this as we did a public vote for the name and the
> result was
> > >> not known when we forked.
> > >
> > > I know, my reply was to explain why we *want* names in trunk :)
> > >
> >
> > agreed! I tried to explain why what you and me think is best did not
> > work out this time :)
> >
> >
> > Now that everyone has explained why it's cool to have a name in trunk,
> > maybe we can have it :)
> >
>
> yes, once all the stuff required for doing so is resolved :) as you may
> have noticed CC-final is already uploaded to the dl server. we did basic
> testing already and all seems well. only missing bit is that the folder
> currently shows a 403 and we are waiting on someone that has access to
> the machine to figure out why. once that is done we will announce CC and
> change trunk to DD :)
>

We should change the name of trunk as soon as we branch, waiting just add
confusion.
If we don't have the new name yet we can still put the 2 letters (EE next
time).

In any case thanks for CC, and long live OpenWRT
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] OpenWRT www version banner a security risk

[Etienne Champetier]

Hi,

Le 13 sept. 2015 16:34, "Daniel Dickinson"  a
écrit :
>
> Actually two far more useful solutions:
>
> 1) By default only answer requests from 'lan' network in
/etc/config/uhttp instead of 0.0.0.0/32
> 2) Some useful alert if what appears to be a firewally misconfiguration
is created (default OpenWrt firewall block LuCI on WAN, therefore the
current issue is that by default uhttpd listens on all addresses, not just
lan AND user has broken their firewall and allowed HTTP access to the
router on the WAN in the *firewall* config.
>
> Of the two 2) is harder and takes more work.
>
> Regards,
>
> Daniel
>
>
> On 2015-09-13 10:28 AM, Daniel Dickinson wrote:
>>
>> Quite frankly if someone has unintionally exposed LuCI to the internet I
>> think they've got a lot bigger problem than exposed version information,
>> and that not putting the version information at best delays only very
>> slightly a would be attacker.
>>
>> And for properly configured installs, the version information is
>> extremely useful for doing support and such like.
>>
>> Not that it likely means much, by vote is against such weak bandaid to
>> what is fundamentally an issue a user creates for themselves that is
>> much larger than the details of what's on the screen.
>>
>> What would be more relevent solution is for LuCI to have a banner that
>> indicates that the LuCI is visible on the WAN, thus alerting the user to
>> a misconfiguration, if it is that.
>>
>> Regards,
>>
>> Daniel
>>
>> On 2015-09-13 10:21 AM, MauritsVB wrote:
>>>
>>> At the moment the OpenWRT www login screen provides *very* detailed
>>> version information before anyone has even entered a password. It
>>> displays not just “15.05” or “Chaos Calmer” but even the exact git
>>> version on the banner.
>>>
>>> While it’s not advised to open this login screen to the world, fact is
>>> that it does happen intentionally or accidentally. Just a Google
>>> search for “Powered by LuCI Master (git-“ will provide many accessible
>>> OpenWRT login screens, including exact version information.
>>>
>>> As soon as someone discovers a vulnerability in a OpenWRT version all
>>> an attacker needs to do is perform a Google search to find many
>>> installations with versions that are vulnerable (even if a patch is
>>> already available).
>>>
>>> In the interest of hardening the default OpenWRT install, can I
>>> suggest that by default OpenWRT doesn’t disclose the version (not even
>>> 15.05 or “Chaos Calmer”) on the login screen? For extra safety I would
>>> even suggest to leave “OpenWRT” off the login screen, the only people
>>> who should use this screen already know it’s running OpenWRT.
>>>
>>> Any thoughts?
>>>
>>> Maurits
>>>

You should patch openwrt to add robots.txt
Hidding version doesn't really slow down attack, default config is safe, so
for me all is OK.
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] OpenWRT www version banner a security risk

[Etienne Champetier]

Hi Daniel,

Le 13 sept. 2015 22:04, "Daniel Dickinson"  a
écrit :
>
> I do think allowing to choose to disable the banner is a minor benefit,
however, as I've said, there are much more effective means of preventing
accidential exposure, and quite frankly if the user is *choosing* to open
the web interface I think an warning and disabling the banner if the user
foolishly insists on opening the interface despite the warning is more
useful thank disabling the banner by default.
>
> If you're going to argue it prevents against internal threats than I
would argue that if your internal network is hostile enough that you need
to worry about attacks on openwrt from your internal network AND you're not
skilled enough to limit access to LuCI (or better, build an image without
LuCI and just use SSH) to the specific trusted hosts (preferably by
combination of MAC address and IP address) in the firewall, or (better) to
use a 'management' VPN or VLAN that only trusted hosts can get on, then
you're in a lot more trouble than eliminating the banner for LuCI will
solve.
>
>
> Regards,
>
> Daniel
>
> On 2015-09-13 10:21 AM, MauritsVB wrote:
>>
>> At the moment the OpenWRT www login screen provides *very* detailed
version information before anyone has even entered a password. It displays
not just “15.05” or “Chaos Calmer” but even the exact git version on the
banner.
>>
>> While it’s not advised to open this login screen to the world, fact is
that it does happen intentionally or accidentally. Just a Google search for
“Powered by LuCI Master (git-“ will provide many accessible OpenWRT login
screens, including exact version information.
>>
>> As soon as someone discovers a vulnerability in a OpenWRT version all an
attacker needs to do is perform a Google search to find many installations
with versions that are vulnerable (even if a patch is already available).
>>
>> In the interest of hardening the default OpenWRT install, can I suggest
that by default OpenWRT doesn’t disclose the version (not even 15.05 or
“Chaos Calmer”) on the login screen? For extra safety I would even suggest
to leave “OpenWRT” off the login screen, the only people who should use
this screen already know it’s running OpenWRT.
>>
>> Any thoughts?
>>
>> Maurits
>>

For me listenning only on lan will break all my setups (15+):
- On most of my openwrt there is no lan, it's management, or
'name-of-the-site' ...
- on some of them i can access from multiple interface (VPNs + ...)

You can't prevent people from shooting themselves in the foot (maybe port
openning was on purpose),
but you can:
-Put a huge warning in luci when you set firewall default to 'ACCEPT'
-add robots.txt (i think the router will still end up on shodan)
-add a big warning if robots.txt is accessed (reliable way to know that
you're open on the internet)

Also you are talking about luci but what about dropbear (ssh)? There is no
anti brute force, and maybe there is a banner (on my phone, can't check)

Please don't break my setups :)
Etienne
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] OpenWRT www version banner a security risk

[Etienne Champetier]

Hi again,

Le 13 sept. 2015 22:50, "Daniel Dickinson"  a
écrit :
>
> On 2015-09-13 4:41 PM, Luiz Angelo Daros de Luca wrote:
>>
>> While openwrt doesn't offer security release, hiding version in banner
>> is not very effective. If the attacker can detect it is OpenWRT and if
>> there is a known security issue for any major version, it is enough to
>> try an attack.
>>
>> Robot.txt is effective as Google is a common tool to look for targets. I
>
>
> Do you have any references / statistics / facts to justify this claim?
>
>
>> guess brute force scanners would not care to detect luci open to web as
>> it is a rare target (if Google does not list them). If they care, again,
>
>
> Erm, if luci is rare target, then who is going to bother with searching
for vulnerable banners?
>
> Furthermore, the far better way to avoid this exposure is prevent
exposing the web interface unintentionally in the first place.
>
> I'm not convinced robots.txt prevents a significant number attacks,
although given small size of robots.txt I don't think it would hurt to
include it anyway.
>
> I'm merely pointing out that the robots.txt is really not a very
effective solution to the stated reason for wanting it (protecting user
from accidental exposure, or from choosing to expose without realize the
risks of doing so).
>
> I think solving the real problem is more important than relying on a
bandaid and saying 'job done'.
>
> (Which is how I view Etienne's robots.txt email).

Sorry i gave a wrong impresion.
My point is even if you give no version information at all, there is still
enough change between each release to have unique signature, and ipv4 can
be scanned in hours, so if it's open you're dead.
robots.txt is just there to slow down scriptskiddies, not a fix at all
(We can still use robots.txt to warn the user)

>
> Regards,
>
> Daniel
>
>> they would just try the known attack.
>>
>> Regards,
>>
>>
>> Em dom, 13 de set de 2015 17:05, Daniel Dickinson
>> mailto:open...@daniel.thecshore.com>>
>>
>> escreveu:
>>
>> I do think allowing to choose to disable the banner is a minor
benefit,
>> however, as I've said, there are much more effective means of
preventing
>> accidential exposure, and quite frankly if the user is *choosing* to
>> open the web interface I think an warning and disabling the banner if
>> the user foolishly insists on opening the interface despite the
warning
>> is more useful thank disabling the banner by default.
>>
>> If you're going to argue it prevents against internal threats than I
>> would argue that if your internal network is hostile enough that you
>> need to worry about attacks on openwrt from your internal network AND
>> you're not skilled enough to limit access to LuCI (or better, build
an
>> image without LuCI and just use SSH) to the specific trusted hosts
>> (preferably by combination of MAC address and IP address) in the
>> firewall, or (better) to use a 'management' VPN or VLAN that only
>> trusted hosts can get on, then you're in a lot more trouble than
>> eliminating the banner for LuCI will solve.
>>
>> Regards,
>>
>> Daniel
>>
>> On 2015-09-13 10:21 AM, MauritsVB wrote:
>>  > At the moment the OpenWRT www login screen provides *very*
>> detailed version information before anyone has even entered a
>> password. It displays not just “15.05” or “Chaos Calmer” but even
>> the exact git version on the banner.
>>  >
>>  > While it’s not advised to open this login screen to the world,
>> fact is that it does happen intentionally or accidentally. Just a
>> Google search for “Powered by LuCI Master (git-“ will provide many
>> accessible OpenWRT login screens, including exact version
information.
>>  >
>>  > As soon as someone discovers a vulnerability in a OpenWRT version
>> all an attacker needs to do is perform a Google search to find many
>> installations with versions that are vulnerable (even if a patch is
>> already available).
>>  >
>>  > In the interest of hardening the default OpenWRT install, can I
>> suggest that by default OpenWRT doesn’t disclose the version (not
>> even 15.05 or “Chaos Calmer”) on the login screen? For extra safety
>> I would even suggest to leave “OpenWRT” off the login screen, the
>> only people who should use this screen already know it’s running
>> OpenWRT.
>>  >
>>  > Any thoughts?
>>  >
>>  > Maurits
>>  > ___
>>  > openwrt-devel mailing list
>>  > openwrt-devel@lists.openwrt.org
>> 
>>
>>  > https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
>>  >
>> ___
>> openwrt-devel mailing list
>> openwrt-devel@lists.openwrt.org 
>> https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
>>
> 

Re: [OpenWrt-Devel] OpenWRT www version banner a security risk

[Etienne Champetier]

Hi,

Le 14 sept. 2015 06:36, "Daniel Dickinson"  a
écrit :
>
> On 2015-09-14 12:30 AM, Daniel Dickinson wrote:
>>
>> On 2015-09-13 11:39 PM, Florian Fainelli wrote:
>>>
>>> On Sep 13, 2015 2:00 PM, "Etienne Champetier"
>>> mailto:champetier.etie...@gmail.com>>
>>> wrote:
>>>  >
>>>  > Hi Daniel,
>>>  >
>>>  > Le 13 sept. 2015 22:04, "Daniel Dickinson"
>>> mailto:open...@daniel.thecshore.com>> a
>>> écrit :
>>>  > >
>>>  > > I do think allowing to choose to disable the banner is a minor
>>> benefit, however, as I've said, there are much more effective means of
>>> preventing accidential exposure, and quite frankly if the user is
>>> *choosing* to open the web interface I think an warning and disabling
>>> the banner if the user foolishly insists on opening the interface
>>> despite the warning is more useful thank disabling the banner by
default.
>>>  > >
>>>  > > If you're going to argue it prevents against internal threats than
>>> I would argue that if your internal network is hostile enough that you
>>> need to worry about attacks on openwrt from your internal network AND
>>> you're not skilled enough to limit access to LuCI (or better, build an
>>> image without LuCI and just use SSH) to the specific trusted hosts
>>> (preferably by combination of MAC address and IP address) in the
>>> firewall, or (better) to use a 'management' VPN or VLAN that only
>>> trusted hosts can get on, then you're in a lot more trouble than
>>> eliminating the banner for LuCI will solve.
>>>  > >
>>>  > >
>>>  > > Regards,
>>>  > >
>>>  > > Daniel
>>>  > >
>>>  > > On 2015-09-13 10:21 AM, MauritsVB wrote:
>>>  > >>
>>>  > >> At the moment the OpenWRT www login screen provides *very*
>>> detailed version information before anyone has even entered a password.
>>> It displays not just “15.05” or “Chaos Calmer” but even the exact git
>>> version on the banner.
>>>  > >>
>>>  > >> While it’s not advised to open this login screen to the world,
>>> fact is that it does happen intentionally or accidentally. Just a Google
>>> search for “Powered by LuCI Master (git-“ will provide many accessible
>>> OpenWRT login screens, including exact version information.
>>>  > >>
>>>  > >> As soon as someone discovers a vulnerability in a OpenWRT version
>>> all an attacker needs to do is perform a Google search to find many
>>> installations with versions that are vulnerable (even if a patch is
>>> already available).
>>>  > >>
>>>  > >> In the interest of hardening the default OpenWRT install, can I
>>> suggest that by default OpenWRT doesn’t disclose the version (not even
>>> 15.05 or “Chaos Calmer”) on the login screen? For extra safety I would
>>> even suggest to leave “OpenWRT” off the login screen, the only people
>>> who should use this screen already know it’s running OpenWRT.
>>>  > >>
>>>  > >> Any thoughts?
>>>  > >>
>>>  > >> Maurits
>>>  > >>
>>>  >
>>>  > For me listenning only on lan will break all my setups (15+):
>>>  > - On most of my openwrt there is no lan, it's management, or
>>> 'name-of-the-site' ...
>>>  > - on some of them i can access from multiple interface (VPNs + ...)
>>>  >
>>>  > You can't prevent people from shooting themselves in the foot (maybe
>>> port openning was on purpose),
>>>  > but you can:
>>>  > -Put a huge warning in luci when you set firewall default to 'ACCEPT'
>>>  > -add robots.txt (i think the router will still end up on shodan)
>>>  > -add a big warning if robots.txt is accessed (reliable way to know
>>> that you're open on the internet)
>>>  >
>>>  > Also you are talking about luci but what about dropbear (ssh)? There
>>> is no anti brute force, and maybe there is a banner (on my phone, can't
>>> check)
>>>
>>> For that you could setup different things ranging from using iptables'
>>> mlimit match per protocol all the way to having something like fail2ban
>>> (written in python though) which can do more complex
>

Re: [OpenWrt-Devel] [PATCH procd v2 0/5] jail work

[Etienne Champetier]

hi,

2015-08-27 13:38 GMT+02:00 John Crispin :

>
>
> On 27/08/2015 13:25, Etienne Champetier wrote:
> >
> >
> > 2015-08-27 12:18 GMT+02:00 John Crispin  > <mailto:blo...@openwrt.org>>:
> >
> >
> >
> > On 26/08/2015 18:20, Etienne Champetier wrote:
> > >
> > >
> > > 2015-08-26 15:48 GMT+02:00 John Crispin  <mailto:blo...@openwrt.org>
> > > <mailto:blo...@openwrt.org <mailto:blo...@openwrt.org>>>:
> > >
> > > On 26/08/2015 01:00, Etienne CHAMPETIER wrote:
> > > > This patch series rework a bit ujail,
> > > > and add capabilities support to it
> > >
> > > nice
> > >
> > > >
> > > > Seccomp filter are very powerful but not totally generic,
> > > > each arch can have different set of syscalls,
> > > > each libc can use different syscall for the same function,
> > > > and seccomp isn't supported on all arch.
> > > >
> > > > Capabilities are more high level, but still can restrict
> > > > jail to a sane minimum of privileges.
> > >
> > > >
> > > > Patch 4 is a bit big and i can split it if needed, just tell
> me how
> > >
> > > will have a closer look next few days
> > >
> > > forgot to say it's tested on ar71xx with CC (and also on ubuntu
> 14.04)
> > >
> > > there seem to be a way to escape from the rebind mount jail
> that QCA has
> > > found
> > >
> > > more than one ;) can you share? (with root rights you can kexec,
> mount
> > > /dev, ...)
> >
> > well if you are root you are root and can delete the bootloader. the
> > idea of the jail is that you are not root.
> >
> >
> > Totaly disagree on that.
> > Many core program need 1 or a few capabilities, but don't start if you
> > are not root
> > take for exemple busybox ntpd,
> > http://git.busybox.net/busybox/tree/networking/ntpd.c#n2122
> > i'm pretty sure it only need CAP_SYS_TIME, but it check for root rights
> :)
> >
> > root give you 2 things:
> > all the capabilities,
> > read write access on root file
> > there is no uid==0 in the kernel, only capabilities check
> >
> > If you drop all capabilities, root is a normal user,
> > with the exception that he is in general the owner of most or all the
> file
> > (that's when namespaces come into play)
> >
> > For me the idea of the jail is to restrict the daemon as much as
> possible,
> > without patching it, so if it need to be root ...
> >
>
>
> we just need support for the USERNS. i think but there will always be
> apps that refuse to start if !root.
>
> i had already added !root support to ubus using ACLs. this allows us to
> run at least all the openwrt services in the jail as !root
>
> so lets assume that we can run the majority of apps as !root but i agree
> that for the left overs we can implement CAPS support and we also need
> CGROUPS support i think. i hjope that i have time at the end of the year
> or start of 2016 to add all these.
>
> i think that we should always try to run as !root and only use real root
> if there is no technical way to avoid this (and patching lots of
> services is not a solution, as in remove the root check form ntp)
>
>
> >
> > i will prvide details later on
> >
> > cool
> >
> >
> >
> > > that's why you really need to limit rights with capabilities drop
> or
> > > seccomp filter
> > > (i'm adding a vague warning in usage)
> >
> > why do you want to run a privileged user and restrict is perms rather
> > than just use an unprivileged user ?
> >
> > see comment before
> >
> >
> >
> > >
> > >
> > > and i have not had the time yet to finish my jailfs module.
> > >
> > > with my patches you don't see all the bind mount anymore ("in the
> host"),
> > > they are only in the jail mount namespace.
> > >
> > > to see the mounts inside the jail you can still do
> > > cat /proc//mounts
> >
> > we dont want rebind mounts at all, they were only an intermediate
> > solution
> >
> >
> > why? what's the pro

[OpenWrt-Devel] r46816, remove unused crypt() algorithms -> switch to sha512?

[Etienne Champetier]

Hi Felix,

Maybe we should keep sha512 and switch to it? md5 is not best security
practice these days.
I've checked, ubuntu 14.04 and fedora 22 both use sha512 in /etc/shadow

I wonder if AF_ALG can be of any interest here (integrate needed algo by
default into the kernel, then patch core software to use kernel
implementation)

To conclude maybe you should emit a clear error when we try a now
unsupported hash,
because crypt can be used by other app, so maybe you just broke another app
and someone will waste a good amount of time debugging it

Regards
Etienne
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] r46816, remove unused crypt() algorithms -> switch to sha512?

[Etienne Champetier]

Hi,

Le 15 sept. 2015 01:40, "Felix Fietkau"  a écrit :
>
> On 2015-09-15 00:22, Etienne Champetier wrote:
> > Hi Felix,
> >
> > Maybe we should keep sha512 and switch to it? md5 is not best security
> > practice these days.
> I don't see the point. It's true that for file integrity purposes, md5
> is weaker than sha512, but for salted passwords it should not make much
> of a practical difference. Cryptographic attacks against MD5 don't work
> here, brute force is still the fastest way to crack those.

Yep, and there is a 100x between md5 and sha512, so it does matter a bit
http://blog.codinghorror.com/speed-hashing/

>
> > I've checked, ubuntu 14.04 and fedora 22 both use sha512 in /etc/shadow
> Not a very convincing reason for me. The impractical aspect of switching
> password hashing algorithms is that we then need to support both the new
> one and the old one for a long time.

If 5k is the cost of some more security, i'm personnaly OK to pay the price

>
> > I wonder if AF_ALG can be of any interest here (integrate needed algo by
> > default into the kernel, then patch core software to use kernel
> > implementation)
> That would just make it more bloated without making any real practical
> difference. This approach would be especially bad for CPU intensive
> crypto if the kernel can only do software crypto. In that case bouncing
> between kernel and user space would waste many CPU cycles.
>
> > To conclude maybe you should emit a clear error when we try a now
> > unsupported hash,
> > because crypt can be used by other app, so maybe you just broke another
> > app and someone will waste a good amount of time debugging it
> I don't think anything's using crypt() with a custom generated non-md5
> salt. Most programs that store password hashes simply do their own crypto.

I will send a patch for this part

>
> - Felix

Regards,
Etienne
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] John, no permission to change patches even own

[Etienne Champetier]

Hi

You should respond to the original mail and not create a new thread each
time

Le 19 janv. 2016 03:03, "Daniel Dickinson" daniel.thecshore.com
> a écrit :
>
> Hi John,
>
> Contrary to what you believed it is not possible for the ordinary users
(of which I am one at the moment) to modify their own patches, so I can't
discard, archive, or otherwise do anything to patches even my own.

Maybe your patch email and your account email doesn't match exactly (+
filter or typo)?

There is not a lot of fonctions, but you can change the state of a patch to
superseeded or rejected which should be enough.
I ve created my account without admin intervention and i'm a 'normal' user.

Regards
Etienne

>
> Regards,
>
> Daniel
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] Multi-wwan and AP only radio0

[Etienne Champetier]

Hi,

Le 5 févr. 2016 07:14, "Okupandolared"  a écrit :
>
> Hello.
>
> I have a WR740N with Barrie braker, I achieved to create my own image
with all requirements and after flash image, install mwan3 and
luci-app-mwa3.
>
> Currently I connect to a wireless network as a client-A WWAN, and create
another wireless network as master AP Wireless-B
>
> I wonder if you could connect to two wireless clients? 2 WWAN and balaced
with mwan3
>
> I would like to have 2 WWAN, connect to two WiFi networks as a client,
and another one as wireless LAN AP

In  general  you can only have 1 client per wireless card, so  i would say
no.

>
> thanks for everything
>
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] svn.openwrt.org down?

[Etienne Champetier]

You should switch to git (haven't checked if it works right now though)
Le 25 févr. 2016 21:39, "Shankar Unni"  a
écrit :

> The svn server on svn.openwrt.org seems to be down? The machine itself
> is up and running, however.
>
> Is there a known outage?
>
>
> % svn up
> svn: Can't connect to host 'svn.openwrt.org': Connection refused
>
> % ping svn.openwrt.org
> PING svn.openwrt.org (78.24.191.177) 56(84) bytes of data.
> 64 bytes from openwrt.org (78.24.191.177): icmp_req=1 ttl=51 time=181 ms
> 64 bytes from openwrt.org (78.24.191.177): icmp_req=2 ttl=51 time=180 ms
> ___
> openwrt-devel mailing list
> openwrt-devel@lists.openwrt.org
> https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
>
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH] procd: restrict ujail to supported platforms

[Etienne Champetier]

cc list

2016-04-13 14:40 GMT+02:00 Etienne Champetier 
:

> Hi Zefir
>
> 2016-04-13 14:26 GMT+02:00 Zefir Kurtisi :
>
>> ujail can be selected on e.g. PowerPC platforms, which
>> currently causes the procd build to fail:
>> ./trace/trace.c:48:2: error: #error tracing is not supported on this
>> architecture
>>  #error tracing is not supported on this architecture
>>   ^
>> ./trace/trace.c: In function 'tracer_cb':
>> ./trace/trace.c:128:50: error: 'reg_syscall_nr' undeclared (first use in
>> this function)
>> int syscall = ptrace(PTRACE_PEEKUSER, c->pid, reg_syscall_nr);
>>   ^
>> This patch restricts ujail to those platforms supported.
>>
>
> trace/trace.c is the source code of utrace binary,
> which is in procd-seccomp package, not procd-ujail
>
>
> http://git.openwrt.org/?p=project/procd.git;a=blob;f=CMakeLists.txt;h=74959e02951d286efda4c361eb1cbe7cba38e668;hb=HEAD#l108
>
> https://github.com/openwrt/openwrt/blob/73b5446e9a64adb1cc55da1982447251babe2076/package/system/procd/Makefile#L111
>
> https://github.com/openwrt/openwrt/blob/73b5446e9a64adb1cc55da1982447251babe2076/package/system/procd/Makefile#L132
>
>
>> Signed-off-by: Zefir Kurtisi 
>> ---
>>  package/system/procd/Makefile | 3 ++-
>>  1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/package/system/procd/Makefile b/package/system/procd/Makefile
>> index 294985c..acd1714 100644
>> --- a/package/system/procd/Makefile
>> +++ b/package/system/procd/Makefile
>> @@ -49,7 +49,8 @@ endef
>>  define Package/procd-ujail
>>SECTION:=base
>>CATEGORY:=Base system
>> -  DEPENDS:=@KERNEL_NAMESPACES +@KERNEL_UTS_NS +@KERNEL_IPC_NS
>> +@KERNEL_PID_NS +libubox +libblobmsg-json
>> +  DEPENDS:=@KERNEL_NAMESPACES +@KERNEL_UTS_NS +@KERNEL_IPC_NS
>> +@KERNEL_PID_NS +libubox +libblobmsg-json \
>> +  @arm||@armeb||@mips||@mipsel||@i386||@x86_64
>>TITLE:=OpenWrt process jail helper
>>  endef
>>
>> --
>>
>
>
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] git.openwrt.org site half broken

[Etienne Champetier]

Hi,

someone messed with git.openwrt.org nginx config, i can't get the js and css.

see https://git.openwrt.org/project/static/gitweb.css (doesn't look
like a css :) )

Cheers
Etienne
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [LEDE-DEV] git.openwrt.org site half broken

[Etienne Champetier]

2016-06-03 11:13 GMT+02:00 John Crispin :
>
>
> On 02/06/2016 13:20, Etienne Champetier wrote:
>> Hi,
>>
>> someone messed with git.openwrt.org nginx config, i can't get the js and css.
>>
>> see https://git.openwrt.org/project/static/gitweb.css (doesn't look
>> like a css :) )
>>
>> Cheers
>> Etienne
>>
>
> that url looks weird.
> -> https://git.openwrt.org/static/gitweb.css
> works and for me the service seems to be functional.

Indeed, i don't know were i found
https://git.openwrt.org/project/
right url is
https://git.openwrt.org/

>
> John
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] ujail bug/feature with file replacement with mv

[Etienne Champetier]

Hi,

Just a heads up,
ujail uses "bind mount" to include file and directories into the jail,
so if you include a file named aaa (procd_add_jail_mount(_rw) aaa),
and then replace it outside of the jail using "mv bbb aaa",
in the jail you will still have file aaa.

Workaround is to use a directory instead of a file.
This might be usefull to remember if you try to change a config file
atomically with mv and signal the process.

Regards
Etienne
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH] procd: Allow override of default respawn parameters

[Etienne Champetier]

Hi,

2015-09-18 11:03 GMT+02:00 Helmut Schaa :

> Hi John,
>
> On Fri, Sep 18, 2015 at 10:18 AM, John Crispin  wrote:
> > Hi
> >
> > On 18/09/2015 09:59, Helmut Schaa wrote:
> >> Allow to pass RESPAWN_THESHOLD_DEFAULT, DRESPAWN_TIMEOUT_DEFAULT
> >> and RESPAWN_RETRY_DEFAULT as parameters to cmake to change the
> >> default respawn behavior.
> >>
> >
> > technically ok but why cant you tweak them in your packages initd script
> > ? i am wondering what the use case is and if there are other possible
> > solutions
>
> In our tree we've patched most (maybe even all) services to respawn forever
> (respawn_retry=-1). Including all OpenWrt provided services. Instead of
> keeping
> these local modifications to several packages it's easier to just
> override procds
> default behavior.
>
> I think there might be other people around running OpenWrt on headless
> boxes
> where the respawn retry should not be limited by default. However,
> this is of course
> not suitable for a default OpenWrt box.
>
> If there are good reasons not to include this in procd feel free to
> drop this patch.
> However, it causes zero runtime overhead and is quite simple.
>
> As a followup I'd add a config flag for procd "respawn_forver_mode" or so
> that
> just sets respawn_retry to -1.
>
> Helmut
>
> It would be great to be able to configure these settings at runtime (ie in
an uci file)

Etienne
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH procd] Add MS_NODEV MS_NOEXEC MS_NOSUID mount options where needed

[Etienne CHAMPETIER]

These options aren't mandatory, but can prevent some future
bugs from being exploited. Good reading:
http://lwn.net/Articles/647757/

Value chosen by looking at fedora 22 / ubuntu 14.04

Not tested yet (away from my tests routers)

Not touching jail/jail.c as this conflict with
my pending patch serie

Signed-off-by: Etienne CHAMPETIER 
---
 initd/early.c   | 12 ++--
 plug/coldplug.c |  4 ++--
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/initd/early.c b/initd/early.c
index 89c8104..f410256 100644
--- a/initd/early.c
+++ b/initd/early.c
@@ -62,18 +62,18 @@ early_mounts(void)
 {
unsigned int oldumask = umask(0);
 
-   mount("proc", "/proc", "proc", MS_NOATIME, 0);
-   mount("sysfs", "/sys", "sysfs", MS_NOATIME, 0);
-   mount("none", "/sys/fs/cgroup", "cgroup", 0, 0);
-   mount("tmpfs", "/dev", "tmpfs", MS_NOATIME, "mode=0755,size=512K");
+   mount("proc", "/proc", "proc", MS_NOATIME | MS_NODEV | MS_NOEXEC | 
MS_NOSUID, 0);
+   mount("sysfs", "/sys", "sysfs", MS_NOATIME | MS_NODEV | MS_NOEXEC | 
MS_NOSUID, 0);
+   mount("cgroup", "/sys/fs/cgroup", "cgroup",  MS_NODEV | MS_NOEXEC | 
MS_NOSUID, 0);
+   mount("tmpfs", "/dev", "tmpfs", MS_NOATIME | MS_NOSUID, 
"mode=0755,size=512K");
symlink("/tmp/shm", "/dev/shm");
mkdir("/dev/pts", 0755);
-   mount("devpts", "/dev/pts", "devpts", MS_NOATIME, "mode=600");
+   mount("devpts", "/dev/pts", "devpts", MS_NOATIME | MS_NOEXEC | 
MS_NOSUID, "mode=600");
early_dev();
 
early_console("/dev/console");
if (mount_zram_on_tmp()) {
-   mount("tmpfs", "/tmp", "tmpfs", MS_NOSUID | MS_NODEV | 
MS_NOATIME, NULL);
+   mount("tmpfs", "/tmp", "tmpfs", MS_NOSUID | MS_NODEV | 
MS_NOATIME, 0);
mkdir("/tmp/shm", 01777);
} else {
mkdir("/tmp/shm", 01777);
diff --git a/plug/coldplug.c b/plug/coldplug.c
index bfd3513..123e17d 100644
--- a/plug/coldplug.c
+++ b/plug/coldplug.c
@@ -44,11 +44,11 @@ void procd_coldplug(void)
 
umount2("/dev/pts", MNT_DETACH);
umount2("/dev/", MNT_DETACH);
-   mount("tmpfs", "/dev", "tmpfs", 0, "mode=0755,size=512K");
+   mount("tmpfs", "/dev", "tmpfs", MS_NOSUID, "mode=0755,size=512K");
symlink("/tmp/shm", "/dev/shm");
mkdir("/dev/pts", 0755);
umask(oldumask);
-   mount("devpts", "/dev/pts", "devpts", 0, 0);
+   mount("devpts", "/dev/pts", "devpts", MS_NOEXEC | MS_NOSUID, 0);
udevtrigger.cb = udevtrigger_complete;
udevtrigger.pid = fork();
if (!udevtrigger.pid) {
-- 
1.9.1
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [RFC] procd: Allow to enable endless respawning of services

[Etienne Champetier]

Hi,

2015-09-21 17:26 GMT+02:00 Helmut Schaa :

> Extend /etc/config/system with a parameter to enable
> infinite respawn mode:
>
> config system
> option service_endless_respawn 1
>

why not "service_respawn_retry", which set "respawn_retry" default value
(if i want to set 20 instead of -1, so a bad service stop using cpu at one
point)



>
> All services that don't specify specific respawn parameters
> will get their defaults added by procd.sh and if service_endless_respawn
> is set respawn_retry will be set to -1. This makes procd to
> respawn the service forever.
>
> Signed-off-by: Helmut Schaa 
> ---
>  package/system/procd/files/procd.sh | 12 
>  1 file changed, 12 insertions(+)
>
> diff --git a/package/system/procd/files/procd.sh
> b/package/system/procd/files/procd.sh
> index e83e75c..04111b9 100644
> --- a/package/system/procd/files/procd.sh
> +++ b/package/system/procd/files/procd.sh
> @@ -316,6 +316,18 @@ _procd_append_param() {
>  }
>
>  _procd_close_instance() {
> +   local respawn_vals
> +   if json_select respawn ; then
> +   json_get_values respawn_vals
> +   if [ -z "$respawn_vals" ]; then
> +   # Set respawn defaults
> +   local respawn_retry
> +   [[ -n "$(uci_get 
> system.@system[0].service_endless_respawn)"
> ]] && respawn_retry=-1
> +   _procd_add_array_data 3600 5 ${respawn_retry:-5}
> +   fi
> +   json_select ..
> +   fi
> +
> json_close_object
>  }
>
> --
> 1.8.4.5
>
>
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH] dnsmasq: remove dnssec timecheck enable on SIGHUP

[Etienne Champetier]

Hi,

2015-10-01 12:19 GMT+02:00 Kevin Darbyshire-Bryant <
ke...@darbyshire-bryant.me.uk>:

> This patch stops SIGHUP from enabling dnssec timechecks if disabled by
> use of --dnssec-no-timecheck option.  --dnssec-timestamp continues to
> work correctly.
>

I haven't really followed the previous discusion,
but maybe you can just use another signal?


>
> Enabling dnssec timechecks now requires restarting dnsmasq without
> the --dnssec-no-timecheck configuration option and closes a
> potential denial of service exploit by sending SIGHUP when system
> time does not correspond with Internet time.
>


>
> This change may be useful for future ntpd/dnsmasq hotplug integration.
>
>
> Signed-off-by: Kevin Darbyshire-Bryant 
> ---
>  .../dnsmasq/patches/220-dnssec-disable-timecheck-hup.patch  | 13
> +
>  1 file changed, 13 insertions(+)
>  create mode 100644
> package/network/services/dnsmasq/patches/220-dnssec-disable-timecheck-hup.patch
>
>
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH] dnsmasq: remove dnssec timecheck enable on SIGHUP

[Etienne Champetier]

2015-10-01 13:21 GMT+02:00 Kevin Darbyshire-Bryant <
ke...@darbyshire-bryant.me.uk>:

>
>
> On 01/10/15 11:37, Etienne Champetier wrote:
> > Hi,
> >
> > 2015-10-01 12:19 GMT+02:00 Kevin Darbyshire-Bryant
> > mailto:ke...@darbyshire-bryant.me.uk>>:
> >
> > This patch stops SIGHUP from enabling dnssec timechecks if disabled
> by
> > use of --dnssec-no-timecheck option.  --dnssec-timestamp continues to
> > work correctly.
> >
> >
> > I haven't really followed the previous discusion,
> > but maybe you can just use another signal?
> The user defined signals USR1 & USR2 are already occupied by dnsmasq
> with debug/info dump type functions.  Maybe one of the SIGTT* signals
> could be repurposed but I don't know how valid a solution that is.
>
> However even if that were done it still doesn't stop a malicious
> user/process from sending that new signal and potentially disabling dns
> resolution (assuming dnssec is being used & the system time is incorrect)
>

you can only signal yourself
http://stackoverflow.com/a/13335054/3768051


>
> Ideally some evaluation of threat presented by 'sysfixtime', 'dnssec
> timestamp files', 'dnssec no timecheck' and the multi-function
> 'overloading' of SIGHUP into dnsmasq in the context of dnssec &
> correct/incorrect system time should take place and an appropriate,
> considered response and solution proposed/implemented.  That person
> isn't me ;-)
>
> I personally think that sysfixtime is a necessary evil, but at the very
> least at the present moment until a more correct solution is
> implemented, it should not be using dnsmasq's timestamp file as a source
> time reference on boot.
>
>
> >
> >
> >
> > Enabling dnssec timechecks now requires restarting dnsmasq without
> > the --dnssec-no-timecheck configuration option and closes a
> > potential denial of service exploit by sending SIGHUP when system
> > time does not correspond with Internet time.
> >
> >
> >
> >
> > This change may be useful for future ntpd/dnsmasq hotplug
> integration.
> >
> >
> > Signed-off-by: Kevin Darbyshire-Bryant
> > mailto:ke...@darbyshire-bryant.me.uk
> >>
> > ---
> >  .../dnsmasq/patches/220-dnssec-disable-timecheck-hup.patch  | 13
> > +
> >  1 file changed, 13 insertions(+)
> >  create mode 100644
> >
>  
> package/network/services/dnsmasq/patches/220-dnssec-disable-timecheck-hup.patch
> >
> >
>
>
>
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [RFC] libubox/binary.h design proposal

[Etienne Champetier]

Hi,

2015-10-04 22:47 GMT+02:00 Javier Domingo Cansino :

> Hello,
>
> I asked Friday on IRC how to write blobs, I was suggested using
> blob_raw_put from libubox/blob.h, but as I have to implement a binary
> protocol that uses different endianess, non aligned data etc., I think the
> best solution is creating a set of helper functions to write/read blobs.
>

I don't know what you really want to do, but have you looked at protobuf?
https://en.wikipedia.org/wiki/Protocol_Buffers



>
> As this is quite generic library, there might already exist some work done
> that I am missing (please link!). I would love to have feedback from this
> design before typing code.
>
> I have started my work on github[1], which is basically a header file with
> the following comment and some prototype ideas. The syntax I have thought
> is described there, but it basically follows a printf syntax, allowing raw
> chars to be written.
>
> Cheers!
>
> /*
>  * Syntax for the function is as follows.
>  *   %[n][a][lb][01r]{i,y,w,d,q,s}
>  *
>  *   All the characters that don't follow this will be treated as raw chars
>  *   to be written as they are.
>  *
>  * Data type
>  *   * i - bit
>  *   * y - byte
>  *   * w - 2 byte word
>  *   * d - 4 byte word
>  *   * q - 8 byte word
>  *   * s - string without termination (use strlen()+1 in quantity to null)
>  *
>  * Data value
>  *   * 0 - fill the specified space with zeros
>  *   * 1 - fill the specified space with ones
>  *   * r - fill the specified space with random data
>  *
>  *   String data type is not valid in this case
>  *
>  * Endianess. No conversion by default
>  *   * l - little endian
>  *   * b - big endian
>  *
>  * Alignment. No alignment by default
>  *   * a - align this to it's datatype
>  * bits are aligned to byte
>  *
>  * Quantity. One by default
>  *   * n - number of same datatype (placed together)
>  * this denotes length of string, padded with 0
>  *
>  * Some examples:
>  *   * %4lw - 4 little endian 2 byte word
>  *   * %2i  - 2 bits 'ab' from value b'00ab'
>  *   * %2bi - 2 bits 'ab' from value b'00ba'
>  *   * %2li - 2 bits 'ab' from value b'ab00'
>  *
>  */
>
>
> [1] Github branch: https://github.com/txomon/libubox
>
> ___
> openwrt-devel mailing list
> openwrt-devel@lists.openwrt.org
> https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
>
>
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH procd v3 0/7] jail work

[Etienne Champetier]

Hi John,

2015-10-05 11:14 GMT+02:00 John Crispin :

>
>
> On 27/08/2015 01:26, Etienne CHAMPETIER wrote:
> > v3 of my (u)jail work, you can now use separately
> > namespaces jail, capabilities and seccomp
> >
> > Openwrt procd Makefile patch v2 is still ok
>
>
>
> Hi,
>
> just merged 1-5, 6 &7 fail to apply, could you rebase them and i will
> merge them immediately
>
> John
>
>
it seems you didn't apply patch 5 (jail: add capabilities support):

$ git pull --rebase
> remote: Counting objects: 35, done.
> remote: Compressing objects: 100% (24/24), done.
> remote: Total 24 (delta 17), reused 0 (delta 0)
> Unpacking objects: 100% (24/24), done.
> From git://nbd.name/luci2/procd
>b6618ff..fafbf73  master -> origin/master
> First, rewinding head to replay your work on top of it...
> Applying: jail: add capabilities support
> Applying: jail: cleanup include
> Applying: jail: allow to not use namespaces
>


patchwork.ozlabs.org/bundle/champtar/jail-work-v3/?state=*
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH procd v3 0/7] jail work

[Etienne Champetier]

Hi,

Le 5 oct. 2015 13:49, "Etienne Champetier"  a
écrit :
>
> Hi John,
>
> 2015-10-05 11:14 GMT+02:00 John Crispin :
>>
>>
>>
>> On 27/08/2015 01:26, Etienne CHAMPETIER wrote:
>> > v3 of my (u)jail work, you can now use separately
>> > namespaces jail, capabilities and seccomp
>> >
>> > Openwrt procd Makefile patch v2 is still ok
>>
>>
>>
>> Hi,
>>
>> just merged 1-5, 6 &7 fail to apply, could you rebase them and i will
>> merge them immediately
>>
>> John
>>
>
> it seems you didn't apply patch 5 (jail: add capabilities support):
>
>> $ git pull --rebase
>> remote: Counting objects: 35, done.
>> remote: Compressing objects: 100% (24/24), done.
>> remote: Total 24 (delta 17), reused 0 (delta 0)
>> Unpacking objects: 100% (24/24), done.
>> From git://nbd.name/luci2/procd
>>b6618ff..fafbf73  master -> origin/master
>> First, rewinding head to replay your work on top of it...
>> Applying: jail: add capabilities support
>> Applying: jail: cleanup include
>> Applying: jail: allow to not use namespaces
>
>
>
> patchwork.ozlabs.org/bundle/champtar/jail-work-v3/?state=*
>

Friendly ping,
Please apply my patches so future fixes are on top of my work

Regards
Etienne
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH procd] jail: Add MS_NODEV MS_NOEXEC MS_NOSUID mount options where needed

[Etienne CHAMPETIER]

this completes fafbf7338ec8304f2a0ec0ba76048fba2c01c07e

Signed-off-by: Etienne CHAMPETIER 
---
 jail/jail.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/jail/jail.c b/jail/jail.c
index f459a5e..56dc9ca 100644
--- a/jail/jail.c
+++ b/jail/jail.c
@@ -193,11 +193,11 @@ static int build_jail_fs()
rmdir("/old");
if (opts.procfs) {
mkdir("/proc", 0755);
-   mount("proc", "/proc", "proc", MS_NOATIME, 0);
+   mount("proc", "/proc", "proc", MS_NOATIME | MS_NODEV | 
MS_NOEXEC | MS_NOSUID, 0);
}
if (opts.sysfs) {
mkdir("/sys", 0755);
-   mount("sysfs", "/sys", "sysfs", MS_NOATIME, 0);
+   mount("sysfs", "/sys", "sysfs", MS_NOATIME | MS_NODEV | 
MS_NOEXEC | MS_NOSUID, 0);
}
if (opts.ronly)
mount(NULL, "/", NULL, MS_RDONLY | MS_REMOUNT, 0);
-- 
1.9.1
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] SVN to GIT transition

[Etienne Champetier]

Hi All,

Here are some commands to make a "full" git repo, from the "trunk" repo
(the only complaint that everyone agrees on)
We keep git commit sha's for the trunk, and we add all branches/tags

It needs some more tunning, but it's a good start :)

1) clone the trunk repo
git clone git://git.openwrt.org/openwrt.git openwrt-git-svn
cd openwrt-git-svn

2) init git svn
git svn init -T"/trunk" -t"/tags" -b"/branches" --prefix="svn/" svn://
svn.openwrt.org/openwrt

3) tell git that we already have trunk
git update-ref refs/remotes/svn/trunk refs/remotes/origin/master

4) download all branches/tags (except trunk because we already have it)
git svn fetch

resulting .git/config

> [core]
> repositoryformatversion = 0
> filemode = true
> bare = false
> logallrefupdates = true
> [remote "origin"]
> url = git://git.openwrt.org/openwrt.git
> fetch = +refs/heads/*:refs/remotes/origin/*
> [branch "master"]
> remote = origin
> merge = refs/heads/master
> [svn-remote "svn"]
> url = svn://svn.openwrt.org/openwrt
> fetch = trunk:refs/remotes/svn/trunk
> branches = branches/*:refs/remotes/svn/*
> tags = tags/*:refs/remotes/svn/tags/*
>


original SO post: http://stackoverflow.com/a/12251845

Good night
Etienne
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] SVN to GIT transition

[Etienne Champetier]

Hi again,

2015-10-12 23:49 GMT+02:00 Etienne Champetier 
:

> Hi All,
>
> Here are some commands to make a "full" git repo, from the "trunk" repo
> (the only complaint that everyone agrees on)
> We keep git commit sha's for the trunk, and we add all branches/tags
>
> It needs some more tunning, but it's a good start :)
>
> 1) clone the trunk repo
> git clone git://git.openwrt.org/openwrt.git openwrt-git-svn
> cd openwrt-git-svn
>
> 2) init git svn
> git svn init -T"/trunk" -t"/tags" -b"/branches" --prefix="svn/" svn://
> svn.openwrt.org/openwrt
>
> 3) tell git that we already have trunk
> git update-ref refs/remotes/svn/trunk refs/remotes/origin/master
>
> 4) download all branches/tags (except trunk because we already have it)
> git svn fetch
>
> resulting .git/config
>
>> [core]
>> repositoryformatversion = 0
>> filemode = true
>> bare = false
>> logallrefupdates = true
>> [remote "origin"]
>> url = git://git.openwrt.org/openwrt.git
>> fetch = +refs/heads/*:refs/remotes/origin/*
>> [branch "master"]
>> remote = origin
>> merge = refs/heads/master
>> [svn-remote "svn"]
>> url = svn://svn.openwrt.org/openwrt
>> fetch = trunk:refs/remotes/svn/trunk
>> branches = branches/*:refs/remotes/svn/*
>> tags = tags/*:refs/remotes/svn/tags/*
>>
>
>
> original SO post: http://stackoverflow.com/a/12251845
>
> Good night
> Etienne
>

Who has access/is running the script to mirror the svn on git.openwrt.org ?
I would like to know the exact commands used to update the git mirror

Here is an exemple of what we can have (I don't want to migrate to github,
i'm using it out of simplicity)
for now svn tags are git branches
https://github.com/champtar/openwrt-full

to do that i've added to my .git/config (after step 4)

> [remote "champtar"]
> url = g...@github.com:champtar/openwrt-full.git
> fetch = +refs/heads/*:refs/remotes/champtar/*
> push = refs/remotes/svn/*:refs/heads/*
>

and pushed with:
git push --mirror champtar

some more reading
http://john.albin.net/git/convert-subversion-to-git
http://wiki.gnucash.org/wiki/Git_Svn_Mirror

Regards
Etienne
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH] busybox: enable find mtime support by default

[Etienne Champetier]

Hi Dirk,


2015-10-16 12:10 GMT+02:00 Dirk Brenken :

> busybox binary in openwrt neither supports stat nor find mtime. This patch
> adds find mtime support by default.
>

what's the size before/after (ipk size)


> Signed-off-by: Dirk Brenken 
> ---
> --- trunk/package/utils/busybox/Config-defaults.in.orig 2015-09-11
> 23:24:58.0 +0200
> +++ trunk/package/utils/busybox/Config-defaults.in 2015-10-16
> 11:48:58.0 +0200
> 
>
>
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH] busybox: enable find mtime support by default

[Etienne Champetier]

Hi,
Le 18 oct. 2015 21:31, "Dirk Brenken"  a écrit :
>
> Hi,
>
> I can't see the diff/patch below on patchwork, anything wrong with the
> submitted patch?

How did you generate it?
You should use git send-email, and resend.
Also add the size before/after in the commit message.

>
> Thanks
> Dirk
>
> Am Freitag, den 16.10.2015, 12:10 +0200 schrieb Dirk Brenken:
> > busybox binary in openwrt neither supports stat nor find mtime. This
> > patch adds find mtime support by default.
> >
> > Signed-off-by: Dirk Brenken 
> > ---
> > --- trunk/package/utils/busybox/Config-defaults.in.orig   2015-
> > 09-11 23:24:58.0 +0200
> > +++ trunk/package/utils/busybox/Config-defaults.in2015-10-16
> > 11:48:58.0 +0200
> > @@ -987,7 +987,7 @@ config BUSYBOX_DEFAULT_FEATURE_FIND_PRIN
> >   default y
> >  config BUSYBOX_DEFAULT_FEATURE_FIND_MTIME
> >   bool
> > - default n
> > + default y
> >  config BUSYBOX_DEFAULT_FEATURE_FIND_MMIN
> >   bool
> >   default n
> > ___
> > openwrt-devel mailing list
> > openwrt-devel@lists.openwrt.org
> > https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
> ___
> openwrt-devel mailing list
> openwrt-devel@lists.openwrt.org
> https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] backport 46936 (procd: rework makefile, split ujail/seccomp)

[Etienne Champetier]

Hi John,

since 47268, we need -DUTRACE_SUPPORT=1 to compile utrace
https://dev.openwrt.org/changeset/47268/
http://nbd.name/gitweb.cgi?p=luci2/procd.git;a=summary

can you (or anyone else) backport r46936 or should i resend?
https://dev.openwrt.org/changeset/46936/trunk/package/system/procd

Thanks in advance
Etienne
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH CC] procd: rework makefile, split ujail/seccomp

[Etienne CHAMPETIER]

ujail doesn't depend on seccomp and some archs dont support seccomp

Backport of r46936
needed since last procd update (r47268)

Signed-off-by: Etienne CHAMPETIER 
---
 package/system/procd/Makefile | 52 +--
 1 file changed, 26 insertions(+), 26 deletions(-)

diff --git a/package/system/procd/Makefile b/package/system/procd/Makefile
index 2522561..badd3e4 100644
--- a/package/system/procd/Makefile
+++ b/package/system/procd/Makefile
@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=procd
-PKG_VERSION:=2015-10-26
+PKG_VERSION:=2015-10-29
 
 PKG_RELEASE=$(PKG_SOURCE_VERSION)
 
@@ -24,7 +24,8 @@ PKG_LICENSE_FILES:=
 
 PKG_MAINTAINER:=John Crispin 
 
-PKG_CONFIG_DEPENDS:= CONFIG_KERNEL_SECCOMP CONFIG_NAND_SUPPORT 
CONFIG_PROCD_SHOW_BOOT CONFIG_PROCD_ZRAM_TMPFS CONFIG_PROCD_JAIL_SUPPORT
+PKG_CONFIG_DEPENDS:= CONFIG_KERNEL_SECCOMP CONFIG_NAND_SUPPORT 
CONFIG_PROCD_SHOW_BOOT CONFIG_PROCD_ZRAM_TMPFS \
+   CONFIG_KERNEL_NAMESPACES CONFIG_PACKAGE_procd-ujail 
CONFIG_PACKAGE_procd-seccomp
 
 include $(INCLUDE_DIR)/package.mk
 include $(INCLUDE_DIR)/cmake.mk
@@ -38,12 +39,18 @@ define Package/procd
   TITLE:=OpenWrt system process manager
 endef
 
-define Package/procd-jail
+define Package/procd-ujail
   SECTION:=base
   CATEGORY:=Base system
-  DEPENDS:=procd +@KERNEL_NAMESPACES +@KERNEL_UTS_NS +@KERNEL_IPC_NS 
+@KERNEL_PID_NS @PROCD_JAIL_SUPPORT
-  TITLE:=OpenWrt process jail
-  DEFAULT:=n
+  DEPENDS:=@KERNEL_NAMESPACES +@KERNEL_UTS_NS +@KERNEL_IPC_NS +@KERNEL_PID_NS 
+libubox +libblobmsg-json
+  TITLE:=OpenWrt process jail helper
+endef
+
+define Package/procd-seccomp
+  SECTION:=base
+  CATEGORY:=Base system
+  DEPENDS:=@arm||@armeb||@mips||@mipsel||@i386||@x86_64 @!TARGET_uml 
@KERNEL_SECCOMP +libubox +libblobmsg-json
+  TITLE:=OpenWrt process seccomp helper + utrace
 endef
 
 define Package/procd-nand
@@ -73,16 +80,6 @@ config PROCD_ZRAM_TMPFS
bool
default n
prompt "Mount /tmp using zram."
-
-config PROCD_JAIL_SUPPORT
-   bool
-   default y
-   depends on (arm || armeb || mips || mipsel || i386 || x86_64) && 
PROCD_SECCOMP_SUPPORT
-
-config PROCD_SECCOMP_SUPPORT
-   bool
-   default y
-   depends on (arm || armeb || mips || mipsel || i386 || x86_64) && 
!TARGET_uml && @KERNEL_SECCOMP
 endmenu
 endef
 
@@ -99,12 +96,12 @@ ifeq ($(CONFIG_PROCD_ZRAM_TMPFS),y)
   CMAKE_OPTIONS += -DZRAM_TMPFS=1
 endif
 
-ifeq ($(CONFIG_PROCD_JAIL_SUPPORT),y)
+ifdef CONFIG_PACKAGE_procd-ujail
   CMAKE_OPTIONS += -DJAIL_SUPPORT=1
 endif
 
-ifeq ($(CONFIG_PROCD_SECCOMP_SUPPORT),y)
-  CMAKE_OPTIONS += -DSECCOMP_SUPPORT=1
+ifdef CONFIG_PACKAGE_procd-seccomp
+  CMAKE_OPTIONS += -DSECCOMP_SUPPORT=1 -DUTRACE_SUPPORT=1
 endif
 
 define Package/procd/install
@@ -115,15 +112,17 @@ define Package/procd/install
$(INSTALL_BIN) ./files/reload_config $(1)/sbin/
$(INSTALL_DATA) ./files/hotplug*.json $(1)/etc/
$(INSTALL_DATA) ./files/procd.sh $(1)/lib/functions/
-ifeq ($(CONFIG_PROCD_SECCOMP_SUPPORT),y)
-   $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libpreload-seccomp.so 
$(1)/lib
-endif
 endef
 
-define Package/procd-jail/install
-   $(INSTALL_DIR) $(1)/sbin $(1)/lib
+define Package/procd-ujail/install
+   $(INSTALL_DIR) $(1)/sbin
+   $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ujail $(1)/sbin/
+endef
 
-   $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/{utrace,ujail} $(1)/sbin/
+define Package/procd-seccomp/install
+   $(INSTALL_DIR) $(1)/sbin $(1)/lib
+   $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libpreload-seccomp.so 
$(1)/lib
+   $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/utrace $(1)/sbin/
$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libpreload-trace.so $(1)/lib
 endef
 
@@ -141,6 +140,7 @@ define Package/procd-nand-firstboot/install
 endef
 
 $(eval $(call BuildPackage,procd))
-$(eval $(call BuildPackage,procd-jail))
+$(eval $(call BuildPackage,procd-ujail))
+$(eval $(call BuildPackage,procd-seccomp))
 $(eval $(call BuildPackage,procd-nand))
 $(eval $(call BuildPackage,procd-nand-firstboot))
-- 
1.9.1
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH CC] procd: rework makefile, split ujail/seccomp

[Etienne Champetier]

Hi

2015-10-29 22:04 GMT+01:00 Etienne CHAMPETIER 
:

> ujail doesn't depend on seccomp and some archs dont support seccomp
>
> Backport of r46936
> needed since last procd update (r47268)
>

friendly ping
this is run tested on ar71xx / CC (uclibc)


>
> [...]
>
>
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] ujail not working with musl / DD

[Etienne Champetier]

Hi all, John,

I'm a bit out of my game on this bug, ujail is not adding the interpretor
in the jail (/lib/ld-musl-x86_64.so.1) with musl DD
it's working with uclibc CC, on my ubuntu 14.04, but not with musl DD

https://dev.openwrt.org/ticket/20785
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH procd 1/2] ujail: remove useless arg in clone call

[Etienne CHAMPETIER]

Signed-off-by: Etienne CHAMPETIER 
---
 jail/jail.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/jail/jail.c b/jail/jail.c
index 56dc9ca..08babde 100644
--- a/jail/jail.c
+++ b/jail/jail.c
@@ -272,7 +272,7 @@ static int exec_jail()
exit(EXIT_FAILURE);
 }
 
-static int spawn_jail(void *arg)
+static int spawn_jail()
 {
if (opts.name && sethostname(opts.name, strlen(opts.name))) {
ERROR("failed to sethostname: %s\n", strerror(errno));
@@ -424,7 +424,7 @@ int main(int argc, char **argv)
if (opts.namespace) {
jail_process.pid = clone(spawn_jail,
child_stack + STACK_SIZE,
-   CLONE_NEWUTS | CLONE_NEWPID | CLONE_NEWNS | 
CLONE_NEWIPC | SIGCHLD, argv);
+   CLONE_NEWUTS | CLONE_NEWPID | CLONE_NEWNS | 
CLONE_NEWIPC | SIGCHLD, NULL);
} else {
jail_process.pid = fork();
}
-- 
1.9.1
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH procd 2/2] ujail: rework file dependencies detection (use ldd)

[Etienne CHAMPETIER]

Using ldd (via popen()) is a hack, but it's simpler (and working)
we have 3 libc and many archs, too many ways to resolve .so

Current code:
-do not parse the intepreter (PT_INTERP) part of the elf
-do not get the library path priority right (/lib64 is before /lib,
musl take the libs in /lib even on 64bits images)
-do not handle RPATH

This patch:
-use ldd to detect ELF dependencies
-add support for shell script

uClibc ldd doesn't work with shared lib, thus this patch break
seccomp with uClibc

Signed-off-by: Etienne CHAMPETIER 
---
 CMakeLists.txt |   2 +-
 jail/deps.c| 198 
 jail/deps.h|  23 
 jail/elf.c | 355 -
 jail/elf.h |  38 --
 jail/jail.c| 138 +++---
 jail/jail.h|  18 +++
 7 files changed, 284 insertions(+), 488 deletions(-)
 create mode 100644 jail/deps.c
 create mode 100644 jail/deps.h
 delete mode 100644 jail/elf.c
 delete mode 100644 jail/elf.h
 create mode 100644 jail/jail.h

diff --git a/CMakeLists.txt b/CMakeLists.txt
index d749c25..8e3f7ea 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -87,7 +87,7 @@ ADD_DEPENDENCIES(preload-seccomp syscall-names-h)
 endif()
 
 IF(JAIL_SUPPORT)
-ADD_EXECUTABLE(ujail jail/jail.c jail/elf.c jail/capabilities.c)
+ADD_EXECUTABLE(ujail jail/jail.c jail/deps.c jail/capabilities.c)
 TARGET_LINK_LIBRARIES(ujail ubox blobmsg_json)
 INSTALL(TARGETS ujail
RUNTIME DESTINATION ${CMAKE_INSTALL_SBINDIR}
diff --git a/jail/deps.c b/jail/deps.c
new file mode 100644
index 000..0141cef
--- /dev/null
+++ b/jail/deps.c
@@ -0,0 +1,198 @@
+/*
+ * Copyright (C) 2015 John Crispin 
+ * Copyright (C) 2015 Etienne Champetier 
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License version 2.1
+ * as published by the Free Software Foundation
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ */
+
+#define _GNU_SOURCE
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include 
+#include 
+
+#include "deps.h"
+#include "log.h"
+#include "jail.h"
+
+struct mount {
+struct avl_node avl;
+const char *path;
+int readonly;
+int error;
+};
+
+struct avl_tree mounts;
+
+static int add_mount(const char *path, int readonly, int error)
+{
+   if (avl_find(&mounts, path))
+   return 1;
+
+   struct mount *m;
+   m = calloc(1, sizeof(struct mount));
+   assert(m != NULL);
+   m->avl.key = m->path = strdup(path);
+   m->readonly = readonly;
+   m->error = error;
+
+   avl_insert(&mounts, &m->avl);
+   DEBUG("adding mount %s ro(%d) err(%d)\n", m->path, m->readonly, 
m->error != 0);
+   return 0;
+}
+
+int add_mount_if_exists(const char *path, int readonly, int error) {
+   struct stat s;
+   if (stat(path, &s) == -1) {
+   DEBUG("%s doesn't exist\n", path);
+   return -1;
+   }
+   return add_mount(path, readonly, error);
+}
+
+int mount_all(const char *jailroot) {
+   struct mount *m;
+   avl_for_each_element(&mounts, m, avl)
+   if (mount_bind(jailroot, m->path, m->readonly, m->error))
+   return -1;
+
+   return 0;
+}
+
+void mount_list_init() {
+   avl_init(&mounts, avl_strcmp, false, NULL);
+}
+
+//we already read 2 char from f (#!)
+static int add_script_deps(FILE *f, const char *path, int readonly, int error)
+{
+   char buf[PATH_MAX];
+   int i = 0;
+   int c;
+   while ((c = fgetc(f)) != EOF) {
+   if (i == 0 && c != '/')
+   continue;
+   if (c <= 0x20 || c > 0x7e)
+   break;
+   buf[i] = c;
+   i++;
+   if (i >= sizeof(buf)) {
+   ERROR("script interpretor too long (%s)\n", path);
+   return -1;
+   }
+   }
+   buf[i] = '\0';
+   return add_path_and_deps(buf, readonly, error);
+}
+
+static int add_elf_deps(const char *path, int readonly, int error)
+{
+   char buf[PATH_MAX];
+   int nb = snprintf(buf, sizeof(buf), "ldd %s", path);
+   assert(nb >= 0);
+
+   FILE *f = popen(buf, "r");
+   char c;
+   int i = 0;
+   while (((c = fgetc(f)) != EOF)) {
+   if (i == 0 && c != '/') {
+   continue;
+   } else if (i > 0 && (c <=

Re: [OpenWrt-Devel] [PATCH procd 2/2] ujail: rework file dependencies detection (use ldd)

[Etienne Champetier]

Hi,

first sorry, i've forgot to add the ticket reference
https://dev.openwrt.org/ticket/20785

also full disclore, I'm only writing C for OpenWrt
so is there a compilation flag to disable C++,
or can you be more specific on what C++ ism i'm using ?

2015-11-21 9:08 GMT+01:00 John Crispin :

>
>
> On 21/11/2015 00:05, Etienne CHAMPETIER wrote:
> > Using ldd (via popen()) is a hack, but it's simpler (and working)
>
> indeed
>
> > we have 3 libc and many archs, too many ways to resolve .so
> where does it break ?
>
>
> > Current code:
> > -do not parse the intepreter (PT_INTERP) part of the elf
> why should it ?
>


here is the output of "objdump -x -s" on /bin/cat (subtarget x86_64 / DD)

> Dynamic Section:
>   NEEDED   libgcc_s.so.1
>   NEEDED   libc.so
> Contents of section .interp:
>  /lib/ld-musl-x86_64.so.1
>
> and the output of ldd /bin/cat

> root@OpenWrt:/# ldd /bin/cat
> /lib/ld-musl-x86_64.so.1 (0x7fbe78583000)
> libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x7fbe78371000)
> libc.so => /lib/ld-musl-x86_64.so.1 (0x7fbe78583000)
>

if you run "ujail -d1 -p -- /bin/cat /proc/self/mounts"
the execve() call fail with "ENOENT (No such file or directory)"

now if you add "/lib/ld-musl-x86_64.so.1" to the jail (-r), and you remove
symlink
from /lib64 to /lib, it works

the good question is why does it fails with musl/DD and work with uclibc/CC
and glibc?


> > -do not get the library path priority right (/lib64 is before /lib,
> > musl take the libs in /lib even on 64bits images)
>
> libc dependent and not procd depended
>

ujail has to resolve the same libs as the libc does,
so it depends on the libc, but it's still a ujail problem
that was my main motivation to use ldd


> > -do not handle RPATH
> >
> > This patch:
> > -use ldd to detect ELF dependencies
> > -add support for shell script
>
> elaborate that please
>

if the file start with #!, add the exec and it dependencies to the jail


>
>
> > uClibc ldd doesn't work with shared lib, thus this patch break
> > seccomp with uClibc
>
> so after you patch we can never again update procd in CC ?
>

yes

i will try to improve the current elf parsing code,
but i'm afraid that it will break depending on the arch and ...


>
> John
>
> >
> > Signed-off-by: Etienne CHAMPETIER 
> > ---
> >  CMakeLists.txt |   2 +-
> >  jail/deps.c| 198 
> >  jail/deps.h|  23 
> >  jail/elf.c | 355
> -
> >  jail/elf.h |  38 --
> >  jail/jail.c| 138 +++---
> >  jail/jail.h|  18 +++
> >  7 files changed, 284 insertions(+), 488 deletions(-)
> >  create mode 100644 jail/deps.c
> >  create mode 100644 jail/deps.h
> >  delete mode 100644 jail/elf.c
> >  delete mode 100644 jail/elf.h
> >  create mode 100644 jail/jail.h
> >
> > diff --git a/CMakeLists.txt b/CMakeLists.txt
> > index d749c25..8e3f7ea 100644
> > --- a/CMakeLists.txt
> > +++ b/CMakeLists.txt
> > @@ -87,7 +87,7 @@ ADD_DEPENDENCIES(preload-seccomp syscall-names-h)
> >  endif()
> >
> >  IF(JAIL_SUPPORT)
> > -ADD_EXECUTABLE(ujail jail/jail.c jail/elf.c jail/capabilities.c)
> > +ADD_EXECUTABLE(ujail jail/jail.c jail/deps.c jail/capabilities.c)
> >  TARGET_LINK_LIBRARIES(ujail ubox blobmsg_json)
> >  INSTALL(TARGETS ujail
> >   RUNTIME DESTINATION ${CMAKE_INSTALL_SBINDIR}
> > diff --git a/jail/deps.c b/jail/deps.c
> > new file mode 100644
> > index 000..0141cef
> > --- /dev/null
> > +++ b/jail/deps.c
> > @@ -0,0 +1,198 @@
> > +/*
> > + * Copyright (C) 2015 John Crispin 
> > + * Copyright (C) 2015 Etienne Champetier 
> > + *
> > + * This program is free software; you can redistribute it and/or modify
> > + * it under the terms of the GNU Lesser General Public License version
> 2.1
> > + * as published by the Free Software Foundation
> > + *
> > + * This program is distributed in the hope that it will be useful,
> > + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> > + * GNU General Public License for more details.
> > + */
> > +
> > +#define _GNU_SOURCE
> > +
> > +#include 
> > +#include 
> > +#include 
> > +#include 
> > +#include 
> > +#include 
> > +#include 
> > +#include 
> > +#include 
> > +#include 
> > +#includ

[OpenWrt-Devel] [PATCH procd 1/4] ujail: don't add non existant library_path

[Etienne CHAMPETIER]

Signed-off-by: Etienne CHAMPETIER 
---
 jail/elf.c | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/jail/elf.c b/jail/elf.c
index cbb3051..34a5aca 100644
--- a/jail/elf.c
+++ b/jail/elf.c
@@ -33,6 +33,10 @@ static LIST_HEAD(library_paths);
 
 void alloc_library_path(const char *path)
 {
+   struct stat s;
+   if (stat(path, &s))
+   return;
+
struct library_path *p;
char *_path;
 
@@ -343,10 +347,6 @@ void load_ldso_conf(const char *conf)
load_ldso_conf(gl.gl_pathv[i]);
globfree(&gl);
} else {
-   struct stat s;
-
-   if (stat(line, &s))
-   continue;
alloc_library_path(line);
}
}
-- 
1.9.1
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH procd 2/4] ujail: remove useless arg in clone call

[Etienne CHAMPETIER]

spawn_jail(void) produce a compilation error,
so we use spawn_jail()

Signed-off-by: Etienne CHAMPETIER 
---
 jail/jail.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/jail/jail.c b/jail/jail.c
index 56dc9ca..08babde 100644
--- a/jail/jail.c
+++ b/jail/jail.c
@@ -272,7 +272,7 @@ static int exec_jail()
exit(EXIT_FAILURE);
 }
 
-static int spawn_jail(void *arg)
+static int spawn_jail()
 {
if (opts.name && sethostname(opts.name, strlen(opts.name))) {
ERROR("failed to sethostname: %s\n", strerror(errno));
@@ -424,7 +424,7 @@ int main(int argc, char **argv)
if (opts.namespace) {
jail_process.pid = clone(spawn_jail,
child_stack + STACK_SIZE,
-   CLONE_NEWUTS | CLONE_NEWPID | CLONE_NEWNS | 
CLONE_NEWIPC | SIGCHLD, argv);
+   CLONE_NEWUTS | CLONE_NEWPID | CLONE_NEWNS | 
CLONE_NEWIPC | SIGCHLD, NULL);
} else {
jail_process.pid = fork();
}
-- 
1.9.1
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH procd 3/4] ujail: use const, stop using extern

[Etienne CHAMPETIER]

extern for function declaration in '.h' doesn't make sense

Signed-off-by: Etienne CHAMPETIER 
---
 jail/elf.c | 28 +++-
 jail/elf.h | 10 +-
 2 files changed, 20 insertions(+), 18 deletions(-)

diff --git a/jail/elf.c b/jail/elf.c
index 34a5aca..a26aa0b 100644
--- a/jail/elf.c
+++ b/jail/elf.c
@@ -69,7 +69,7 @@ static void alloc_library(const char *path, const char *name)
DEBUG("adding library %s/%s\n", path, name);
 }
 
-static int elf_open(char **dir, char *file)
+static int elf_open(char **dir, const char *file)
 {
struct library_path *p;
char path[256];
@@ -95,7 +95,7 @@ static int elf_open(char **dir, char *file)
return fd;
 }
 
-char* find_lib(char *file)
+char* find_lib(const char *file)
 {
struct library *l;
static char path[256];
@@ -114,7 +114,7 @@ char* find_lib(char *file)
return path;
 }
 
-static int elf64_find_section(char *map, unsigned int type, unsigned int 
*offset, unsigned int *size, unsigned int *vaddr)
+static int elf64_find_section(const char *map, unsigned int type, unsigned int 
*offset, unsigned int *size, unsigned int *vaddr)
 {
Elf64_Ehdr *e;
Elf64_Phdr *ph;
@@ -137,7 +137,7 @@ static int elf64_find_section(char *map, unsigned int type, 
unsigned int *offset
return -1;
 }
 
-static int elf32_find_section(char *map, unsigned int type, unsigned int 
*offset, unsigned int *size, unsigned int *vaddr)
+static int elf32_find_section(const char *map, unsigned int type, unsigned int 
*offset, unsigned int *size, unsigned int *vaddr)
 {
Elf32_Ehdr *e;
Elf32_Phdr *ph;
@@ -160,7 +160,7 @@ static int elf32_find_section(char *map, unsigned int type, 
unsigned int *offset
return -1;
 }
 
-static int elf_find_section(char *map, unsigned int type, unsigned int 
*offset, unsigned int *size, unsigned int *vaddr)
+static int elf_find_section(const char *map, unsigned int type, unsigned int 
*offset, unsigned int *size, unsigned int *vaddr)
 {
int clazz = map[EI_CLASS];
 
@@ -174,10 +174,10 @@ static int elf_find_section(char *map, unsigned int type, 
unsigned int *offset,
return -1;
 }
 
-static int elf32_scan_dynamic(char *map, int dyn_offset, int dyn_size, int 
load_offset)
+static int elf32_scan_dynamic(const char *map, int dyn_offset, int dyn_size, 
int load_offset)
 {
Elf32_Dyn *dynamic = (Elf32_Dyn *) (map + dyn_offset);
-   char *strtab = NULL;
+   const char *strtab = NULL;
 
while ((void *) dynamic < (void *) (map + dyn_offset + dyn_size)) {
Elf32_Dyn *curr = dynamic;
@@ -208,10 +208,10 @@ static int elf32_scan_dynamic(char *map, int dyn_offset, 
int dyn_size, int load_
return 0;
 }
 
-static int elf64_scan_dynamic(char *map, int dyn_offset, int dyn_size, int 
load_offset)
+static int elf64_scan_dynamic(const char *map, int dyn_offset, int dyn_size, 
int load_offset)
 {
Elf64_Dyn *dynamic = (Elf64_Dyn *) (map + dyn_offset);
-   char *strtab = NULL;
+   const char *strtab = NULL;
 
while ((void *) dynamic < (void *) (map + dyn_offset + dyn_size)) {
Elf64_Dyn *curr = dynamic;
@@ -242,7 +242,7 @@ static int elf64_scan_dynamic(char *map, int dyn_offset, 
int dyn_size, int load_
return 0;
 }
 
-int elf_load_deps(char *library)
+int elf_load_deps(const char *library)
 {
unsigned int dyn_offset, dyn_size;
unsigned int load_offset, load_vaddr;
@@ -288,10 +288,12 @@ int elf_load_deps(char *library)
if (dir) {
alloc_library(dir, library);
} else {
-   char *elf = strdup(library);
+   char *elf1 = strdup(library);
+   char *elf2 = strdup(library);
 
-   alloc_library(dirname(elf), basename(library));
-   free(elf);
+   alloc_library(dirname(elf1), basename(elf2));
+   free(elf1);
+   free(elf2);
}
clazz = map[EI_CLASS];
 
diff --git a/jail/elf.h b/jail/elf.h
index 3ae311e..6c14c39 100644
--- a/jail/elf.h
+++ b/jail/elf.h
@@ -28,11 +28,11 @@ struct library_path {
char *path;
 };
 
-extern struct avl_tree libraries;
+struct avl_tree libraries;
 
-extern void alloc_library_path(const char *path);
-extern char* find_lib(char *file);
-extern int elf_load_deps(char *library);
-extern void load_ldso_conf(const char *conf);
+void alloc_library_path(const char *path);
+int elf_load_deps(const char *library);
+char* find_lib(const char *file);
+void load_ldso_conf(const char *conf);
 
 #endif
-- 
1.9.1
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH procd 4/4] ujail: rework fs jail part

[Etienne CHAMPETIER]

this patch:
-add script (#!) dependencies detection (we add interpreter and it's 
dependencies)
-add dependencies detection for all files added with -r or -w (ELF and scripts)
-use PATH_MAX for path related buffers
-check magic ELF header before trying to parse the file
-search in /lib before /lib64
-add ELF interpreter (DT_INTERP)

we still don't handle
-DT_RPATH, DT_RUNPATH, nodeflib, ...
see http://man7.org/linux/man-pages/man8/ld.so.8.html
-musl ld conf file
-coffee :)

quickly run tested on DD r47603 (x86_64 kvm) and ubuntu
not tested yet on CC

should fix
https://dev.openwrt.org/ticket/20785

Signed-off-by: Etienne CHAMPETIER 
---
 CMakeLists.txt |   2 +-
 jail/elf.c | 132 +++---
 jail/elf.h |   9 ++-
 jail/fs.c  | 179 +
 jail/fs.h  |  20 +++
 jail/jail.c| 112 +++-
 jail/jail.h|  18 ++
 jail/log.h |   1 +
 8 files changed, 303 insertions(+), 170 deletions(-)
 create mode 100644 jail/fs.c
 create mode 100644 jail/fs.h
 create mode 100644 jail/jail.h

diff --git a/CMakeLists.txt b/CMakeLists.txt
index d749c25..2718125 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -87,7 +87,7 @@ ADD_DEPENDENCIES(preload-seccomp syscall-names-h)
 endif()
 
 IF(JAIL_SUPPORT)
-ADD_EXECUTABLE(ujail jail/jail.c jail/elf.c jail/capabilities.c)
+ADD_EXECUTABLE(ujail jail/jail.c jail/elf.c jail/fs.c jail/capabilities.c)
 TARGET_LINK_LIBRARIES(ujail ubox blobmsg_json)
 INSTALL(TARGETS ujail
RUNTIME DESTINATION ${CMAKE_INSTALL_SBINDIR}
diff --git a/jail/elf.c b/jail/elf.c
index a26aa0b..c8d1221 100644
--- a/jail/elf.c
+++ b/jail/elf.c
@@ -12,26 +12,25 @@
  */
 
 #define _GNU_SOURCE
-#include 
 
-#include 
-#include 
-#include 
 #include 
 #include 
 #include 
-#include 
 #include 
 #include 
+#include 
+#include 
 
 #include 
 
+#include "fs.h"
 #include "elf.h"
+#include "log.h"
 
 struct avl_tree libraries;
 static LIST_HEAD(library_paths);
 
-void alloc_library_path(const char *path)
+static void alloc_library_path(const char *path)
 {
struct stat s;
if (stat(path, &s))
@@ -51,7 +50,11 @@ void alloc_library_path(const char *path)
DEBUG("adding ld.so path %s\n", path);
 }
 
-static void alloc_library(const char *path, const char *name)
+/*
+ * path = full path
+ * name = soname/avl key
+ */
+void alloc_library(const char *path, const char *name)
 {
struct library *l;
char *_name, *_path;
@@ -66,52 +69,39 @@ static void alloc_library(const char *path, const char 
*name)
l->path = strcpy(_path, path);
 
avl_insert(&libraries, &l->avl);
-   DEBUG("adding library %s/%s\n", path, name);
+   DEBUG("adding library %s (%s)\n", path, name);
 }
 
-static int elf_open(char **dir, const char *file)
+int elf_open(char **fullpath, const char *file)
 {
+   *fullpath = NULL;
+   assert(file[0] != '/');
+
struct library_path *p;
-   char path[256];
+   char path[PATH_MAX];
int fd = -1;
 
-   *dir = NULL;
-
list_for_each_entry(p, &library_paths, list) {
-   if (strlen(p->path))
-   snprintf(path, sizeof(path), "%s/%s", p->path, file);
-   else
-   strncpy(path, file, sizeof(path));
+   snprintf(path, sizeof(path), "%s/%s", p->path, file);
fd = open(path, O_RDONLY);
if (fd >= 0) {
-   *dir = p->path;
+   *fullpath = strdup(path);
break;
}
}
 
-   if (fd == -1)
-   fd = open(file, O_RDONLY);
-
return fd;
 }
 
 char* find_lib(const char *file)
 {
struct library *l;
-   static char path[256];
-   const char *p;
 
l = avl_find_element(&libraries, file, l, avl);
if (!l)
return NULL;
 
-   p = l->path;
-   if (strstr(p, "local"))
-   p = "/lib";
-
-   snprintf(path, sizeof(path), "%s/%s", p, file);
-
-   return path;
+   return l->path;
 }
 
 static int elf64_find_section(const char *map, unsigned int type, unsigned int 
*offset, unsigned int *size, unsigned int *vaddr)
@@ -201,7 +191,7 @@ static int elf32_scan_dynamic(const char *map, int 
dyn_offset, int dyn_size, int
if (curr->d_tag != DT_NEEDED)
continue;
 
-   if (elf_load_deps(&strtab[curr->d_un.d_val]))
+   if (add_path_and_deps(&strtab[curr->d_un.d_val], 1, -1, 1) == 
-1)
return -1;
}
 
@@ -235,85 +225,48 @@ static int elf64_scan_dynamic(const char *map, int 
dyn_offset, int dyn_size, int
if (curr->d_

Re: [OpenWrt-Devel] [PATCH procd 2/4] ujail: remove useless arg in clone call

[Etienne Champetier]

Hi,

Le 23 nov. 2015 08:18, "John Crispin"  a écrit :
>
>
>
> On 23/11/2015 01:39, Etienne CHAMPETIER wrote:
> > spawn_jail(void) produce a compilation error,
> > so we use spawn_jail()
> >
> > Signed-off-by: Etienne CHAMPETIER 
> > ---
> >  jail/jail.c | 4 ++--
> >  1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/jail/jail.c b/jail/jail.c
> > index 56dc9ca..08babde 100644
> > --- a/jail/jail.c
> > +++ b/jail/jail.c
> > @@ -272,7 +272,7 @@ static int exec_jail()
> >   exit(EXIT_FAILURE);
> >  }
> >
> > -static int spawn_jail(void *arg)
> > +static int spawn_jail()
>
> Hi,
>
> this is still wrong. also you might want to write a sentence why it is
> useless.
>

Well, we don't use it, and passing arg to not use it really doesn't improve
readability.

I know it break your code style, but it seems we can't have both here :(

Etienne

> John
>
> >  {
> >   if (opts.name && sethostname(opts.name, strlen(opts.name))) {
> >   ERROR("failed to sethostname: %s\n", strerror(errno));
> > @@ -424,7 +424,7 @@ int main(int argc, char **argv)
> >   if (opts.namespace) {
> >   jail_process.pid = clone(spawn_jail,
> >   child_stack + STACK_SIZE,
> > - CLONE_NEWUTS | CLONE_NEWPID | CLONE_NEWNS |
CLONE_NEWIPC | SIGCHLD, argv);
> > + CLONE_NEWUTS | CLONE_NEWPID | CLONE_NEWNS |
CLONE_NEWIPC | SIGCHLD, NULL);
> >   } else {
> >   jail_process.pid = fork();
> >   }
> >
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH procd 3/4] ujail: use const, stop using extern

[Etienne Champetier]

Hi
Le 23 nov. 2015 08:19, "John Crispin"  a écrit :
>
> Hi,
>
> subject relates to extern but then the patch adds const. please make the
> description consistent with the content
>

The subject do start with "use const"
I will improve it in v2

>     John
>
> On 23/11/2015 01:39, Etienne CHAMPETIER wrote:
> > extern for function declaration in '.h' doesn't make sense
> >
> > Signed-off-by: Etienne CHAMPETIER 
> > ---
> >  jail/elf.c | 28 +++-
> >  jail/elf.h | 10 +-
> >  2 files changed, 20 insertions(+), 18 deletions(-)
> >
> > diff --git a/jail/elf.c b/jail/elf.c
> > index 34a5aca..a26aa0b 100644
> > --- a/jail/elf.c
> > +++ b/jail/elf.c
> > @@ -69,7 +69,7 @@ static void alloc_library(const char *path, const
char *name)
> >   DEBUG("adding library %s/%s\n", path, name);
> >  }
> >
> > -static int elf_open(char **dir, char *file)
> > +static int elf_open(char **dir, const char *file)
> >  {
> >   struct library_path *p;
> >   char path[256];
> > @@ -95,7 +95,7 @@ static int elf_open(char **dir, char *file)
> >   return fd;
> >  }
> >
> > -char* find_lib(char *file)
> > +char* find_lib(const char *file)
> >  {
> >   struct library *l;
> >   static char path[256];
> > @@ -114,7 +114,7 @@ char* find_lib(char *file)
> >   return path;
> >  }
> >
> > -static int elf64_find_section(char *map, unsigned int type, unsigned
int *offset, unsigned int *size, unsigned int *vaddr)
> > +static int elf64_find_section(const char *map, unsigned int type,
unsigned int *offset, unsigned int *size, unsigned int *vaddr)
> >  {
> >   Elf64_Ehdr *e;
> >   Elf64_Phdr *ph;
> > @@ -137,7 +137,7 @@ static int elf64_find_section(char *map, unsigned
int type, unsigned int *offset
> >   return -1;
> >  }
> >
> > -static int elf32_find_section(char *map, unsigned int type, unsigned
int *offset, unsigned int *size, unsigned int *vaddr)
> > +static int elf32_find_section(const char *map, unsigned int type,
unsigned int *offset, unsigned int *size, unsigned int *vaddr)
> >  {
> >   Elf32_Ehdr *e;
> >   Elf32_Phdr *ph;
> > @@ -160,7 +160,7 @@ static int elf32_find_section(char *map, unsigned
int type, unsigned int *offset
> >   return -1;
> >  }
> >
> > -static int elf_find_section(char *map, unsigned int type, unsigned int
*offset, unsigned int *size, unsigned int *vaddr)
> > +static int elf_find_section(const char *map, unsigned int type,
unsigned int *offset, unsigned int *size, unsigned int *vaddr)
> >  {
> >   int clazz = map[EI_CLASS];
> >
> > @@ -174,10 +174,10 @@ static int elf_find_section(char *map, unsigned
int type, unsigned int *offset,
> >   return -1;
> >  }
> >
> > -static int elf32_scan_dynamic(char *map, int dyn_offset, int dyn_size,
int load_offset)
> > +static int elf32_scan_dynamic(const char *map, int dyn_offset, int
dyn_size, int load_offset)
> >  {
> >   Elf32_Dyn *dynamic = (Elf32_Dyn *) (map + dyn_offset);
> > - char *strtab = NULL;
> > + const char *strtab = NULL;
> >
> >   while ((void *) dynamic < (void *) (map + dyn_offset + dyn_size))
{
> >   Elf32_Dyn *curr = dynamic;
> > @@ -208,10 +208,10 @@ static int elf32_scan_dynamic(char *map, int
dyn_offset, int dyn_size, int load_
> >   return 0;
> >  }
> >
> > -static int elf64_scan_dynamic(char *map, int dyn_offset, int dyn_size,
int load_offset)
> > +static int elf64_scan_dynamic(const char *map, int dyn_offset, int
dyn_size, int load_offset)
> >  {
> >   Elf64_Dyn *dynamic = (Elf64_Dyn *) (map + dyn_offset);
> > - char *strtab = NULL;
> > + const char *strtab = NULL;
> >
> >   while ((void *) dynamic < (void *) (map + dyn_offset + dyn_size))
{
> >   Elf64_Dyn *curr = dynamic;
> > @@ -242,7 +242,7 @@ static int elf64_scan_dynamic(char *map, int
dyn_offset, int dyn_size, int load_
> >   return 0;
> >  }
> >
> > -int elf_load_deps(char *library)
> > +int elf_load_deps(const char *library)
> >  {
> >   unsigned int dyn_offset, dyn_size;
> >   unsigned int load_offset, load_vaddr;
> > @@ -288,10 +288,12 @@ int elf_load_deps(char *library)
> >   if (dir) {
> >   alloc_library(dir, library);
> >   } else {
> > - char *elf = strdup(library);
> > + char *elf1 = strdup(library);
> > + char *el

Re: [OpenWrt-Devel] [PATCH procd 2/4] ujail: remove useless arg in clone call

[Etienne Champetier]

2015-11-23 9:11 GMT+01:00 John Crispin :

>
>
> On 23/11/2015 09:09, Etienne Champetier wrote:
> > Hi,
> >
> > Le 23 nov. 2015 08:18, "John Crispin"  > <mailto:blo...@openwrt.org>> a écrit :
> >>
> >>
> >>
> >> On 23/11/2015 01:39, Etienne CHAMPETIER wrote:
> >> > spawn_jail(void) produce a compilation error,
> >> > so we use spawn_jail()
> >> >
> >> > Signed-off-by: Etienne CHAMPETIER  > <mailto:champetier.etie...@gmail.com>>
> >> > ---
> >> >  jail/jail.c | 4 ++--
> >> >  1 file changed, 2 insertions(+), 2 deletions(-)
> >> >
> >> > diff --git a/jail/jail.c b/jail/jail.c
> >> > index 56dc9ca..08babde 100644
> >> > --- a/jail/jail.c
> >> > +++ b/jail/jail.c
> >> > @@ -272,7 +272,7 @@ static int exec_jail()
> >> >   exit(EXIT_FAILURE);
> >> >  }
> >> >
> >> > -static int spawn_jail(void *arg)
> >> > +static int spawn_jail()
> >>
> >> Hi,
> >>
> >> this is still wrong. also you might want to write a sentence why it is
> >> useless.
> >>
> >
> > Well, we don't use it, and passing arg to not use it really doesn't
> > improve readability.
> >
> > I know it break your code style, but it seems we can't have both here :(
> >
> > Etienne
> >
> >> John
>
>
> i wont merge it until there is a (void). it is valid code. try it and
> you will see that i am right.
>
> sorry my commit message is bad

try to put NULL at the end of the clone() call, and try with spawn_jail()
and
spawn_jail(void), and you will see

i know that spawn_jail(void) is valid code, but then the clone call refuses
to compile

*/home/etienne/procd/jail/jail.c: In function ‘main’:*
> */home/etienne/procd/jail/jail.c:381:4: error: passing argument 1 of
> ‘clone’ from incompatible pointer type [-Werror]*
> *CLONE_NEWUTS | CLONE_NEWPID | CLONE_NEWNS | CLONE_NEWIPC | SIGCHLD,
> NULL);*
> *^*
> *In file included from /usr/include/sched.h:41:0,*
> * from /home/etienne/procd/jail/jail.c:26:*
> */usr/include/x86_64-linux-gnu/bits/sched.h:81:12: note: expected ‘int
> (*)(void *)’ but argument is of type ‘int (*)(void)’*
> * extern int clone (int (*__fn) (void *__arg), void *__child_stack,*
> *^*
> *cc1: all warnings being treated as errors*
> *make[2]: *** [CMakeFiles/ujail.dir/jail/jail.c.o] Error 1*
> *make[1]: *** [CMakeFiles/ujail.dir/all] Error 2*
> *make: *** [all] Error 2*
>





>
> >>
> >> >  {
> >> >   if (opts.name <http://opts.name> && sethostname(opts.name
> > <http://opts.name>, strlen(opts.name <http://opts.name>))) {
> >> >   ERROR("failed to sethostname: %s\n", strerror(errno));
> >> > @@ -424,7 +424,7 @@ int main(int argc, char **argv)
> >> >   if (opts.namespace) {
> >> >   jail_process.pid = clone(spawn_jail,
> >> >   child_stack + STACK_SIZE,
> >> > - CLONE_NEWUTS | CLONE_NEWPID | CLONE_NEWNS |
> > CLONE_NEWIPC | SIGCHLD, argv);
> >> > + CLONE_NEWUTS | CLONE_NEWPID | CLONE_NEWNS |
> > CLONE_NEWIPC | SIGCHLD, NULL);
> >> >   } else {
> >> >   jail_process.pid = fork();
> >> >   }
> >> >
> >
>
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH procd 2/4] ujail: remove useless arg in clone call

[Etienne Champetier]

Hey,

2015-11-23 12:52 GMT+01:00 Paul Fertser :

> Hey Etienne,
>
> Etienne Champetier  writes:
> > i know that spawn_jail(void) is valid code, but then the clone call
> > refuses to compile
>
> That's type-safety for you. spawn_jail() is valid code too but it's not
> type-safe, so AFAICT you're avoiding the errors by letting the compiler
> ignore them, not by providing a proper solution. :)
>

clone really want a function like "int fn(void * arg)"

Is

> *static int spawn_jail(void * _notused)*
>
ok for you both?

Etienne
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH procd v2 01/17] ujail: don't add non existant library_path

[Etienne CHAMPETIER]

Signed-off-by: Etienne CHAMPETIER 
---
 jail/elf.c | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/jail/elf.c b/jail/elf.c
index cbb3051..34a5aca 100644
--- a/jail/elf.c
+++ b/jail/elf.c
@@ -33,6 +33,10 @@ static LIST_HEAD(library_paths);
 
 void alloc_library_path(const char *path)
 {
+   struct stat s;
+   if (stat(path, &s))
+   return;
+
struct library_path *p;
char *_path;
 
@@ -343,10 +347,6 @@ void load_ldso_conf(const char *conf)
load_ldso_conf(gl.gl_pathv[i]);
globfree(&gl);
} else {
-   struct stat s;
-
-   if (stat(line, &s))
-   continue;
alloc_library_path(line);
}
}
-- 
1.9.1
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH procd v2 02/17] ujail: don't pass unused arg in clone call

[Etienne CHAMPETIER]

clone() call need a function with "void *" arg
(else we have a compilation error)

Signed-off-by: Etienne CHAMPETIER 
---
 jail/jail.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/jail/jail.c b/jail/jail.c
index 56dc9ca..9952ed9 100644
--- a/jail/jail.c
+++ b/jail/jail.c
@@ -272,7 +272,7 @@ static int exec_jail()
exit(EXIT_FAILURE);
 }
 
-static int spawn_jail(void *arg)
+static int spawn_jail(void *_notused)
 {
if (opts.name && sethostname(opts.name, strlen(opts.name))) {
ERROR("failed to sethostname: %s\n", strerror(errno));
@@ -424,7 +424,7 @@ int main(int argc, char **argv)
if (opts.namespace) {
jail_process.pid = clone(spawn_jail,
child_stack + STACK_SIZE,
-   CLONE_NEWUTS | CLONE_NEWPID | CLONE_NEWNS | 
CLONE_NEWIPC | SIGCHLD, argv);
+   CLONE_NEWUTS | CLONE_NEWPID | CLONE_NEWNS | 
CLONE_NEWIPC | SIGCHLD, NULL);
} else {
jail_process.pid = fork();
}
-- 
1.9.1
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH procd v2 03/17] ujail: stop using extern in elf.h

[Etienne CHAMPETIER]

extern qualifiers for function definitions doesn't really make sense

Signed-off-by: Etienne CHAMPETIER 
---
 jail/elf.h | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/jail/elf.h b/jail/elf.h
index 3ae311e..19ceb3e 100644
--- a/jail/elf.h
+++ b/jail/elf.h
@@ -30,9 +30,9 @@ struct library_path {
 
 extern struct avl_tree libraries;
 
-extern void alloc_library_path(const char *path);
-extern char* find_lib(char *file);
-extern int elf_load_deps(char *library);
-extern void load_ldso_conf(const char *conf);
+void alloc_library_path(const char *path);
+char* find_lib(char *file);
+int elf_load_deps(char *library);
+void load_ldso_conf(const char *conf);
 
 #endif
-- 
1.9.1
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH procd v2 04/17] ujail: use more const in elf.*

[Etienne CHAMPETIER]

Signed-off-by: Etienne CHAMPETIER 
---
 jail/elf.c  | 28 +++-
 jail/elf.h  |  4 ++--
 jail/jail.c |  2 +-
 3 files changed, 18 insertions(+), 16 deletions(-)

diff --git a/jail/elf.c b/jail/elf.c
index 34a5aca..fb046b4 100644
--- a/jail/elf.c
+++ b/jail/elf.c
@@ -69,7 +69,7 @@ static void alloc_library(const char *path, const char *name)
DEBUG("adding library %s/%s\n", path, name);
 }
 
-static int elf_open(char **dir, char *file)
+static int elf_open(char **dir, const char *file)
 {
struct library_path *p;
char path[256];
@@ -95,7 +95,7 @@ static int elf_open(char **dir, char *file)
return fd;
 }
 
-char* find_lib(char *file)
+const char* find_lib(const char *file)
 {
struct library *l;
static char path[256];
@@ -114,7 +114,7 @@ char* find_lib(char *file)
return path;
 }
 
-static int elf64_find_section(char *map, unsigned int type, unsigned int 
*offset, unsigned int *size, unsigned int *vaddr)
+static int elf64_find_section(const char *map, unsigned int type, unsigned int 
*offset, unsigned int *size, unsigned int *vaddr)
 {
Elf64_Ehdr *e;
Elf64_Phdr *ph;
@@ -137,7 +137,7 @@ static int elf64_find_section(char *map, unsigned int type, 
unsigned int *offset
return -1;
 }
 
-static int elf32_find_section(char *map, unsigned int type, unsigned int 
*offset, unsigned int *size, unsigned int *vaddr)
+static int elf32_find_section(const char *map, unsigned int type, unsigned int 
*offset, unsigned int *size, unsigned int *vaddr)
 {
Elf32_Ehdr *e;
Elf32_Phdr *ph;
@@ -160,7 +160,7 @@ static int elf32_find_section(char *map, unsigned int type, 
unsigned int *offset
return -1;
 }
 
-static int elf_find_section(char *map, unsigned int type, unsigned int 
*offset, unsigned int *size, unsigned int *vaddr)
+static int elf_find_section(const char *map, unsigned int type, unsigned int 
*offset, unsigned int *size, unsigned int *vaddr)
 {
int clazz = map[EI_CLASS];
 
@@ -174,10 +174,10 @@ static int elf_find_section(char *map, unsigned int type, 
unsigned int *offset,
return -1;
 }
 
-static int elf32_scan_dynamic(char *map, int dyn_offset, int dyn_size, int 
load_offset)
+static int elf32_scan_dynamic(const char *map, int dyn_offset, int dyn_size, 
int load_offset)
 {
Elf32_Dyn *dynamic = (Elf32_Dyn *) (map + dyn_offset);
-   char *strtab = NULL;
+   const char *strtab = NULL;
 
while ((void *) dynamic < (void *) (map + dyn_offset + dyn_size)) {
Elf32_Dyn *curr = dynamic;
@@ -208,10 +208,10 @@ static int elf32_scan_dynamic(char *map, int dyn_offset, 
int dyn_size, int load_
return 0;
 }
 
-static int elf64_scan_dynamic(char *map, int dyn_offset, int dyn_size, int 
load_offset)
+static int elf64_scan_dynamic(const char *map, int dyn_offset, int dyn_size, 
int load_offset)
 {
Elf64_Dyn *dynamic = (Elf64_Dyn *) (map + dyn_offset);
-   char *strtab = NULL;
+   const char *strtab = NULL;
 
while ((void *) dynamic < (void *) (map + dyn_offset + dyn_size)) {
Elf64_Dyn *curr = dynamic;
@@ -242,7 +242,7 @@ static int elf64_scan_dynamic(char *map, int dyn_offset, 
int dyn_size, int load_
return 0;
 }
 
-int elf_load_deps(char *library)
+int elf_load_deps(const char *library)
 {
unsigned int dyn_offset, dyn_size;
unsigned int load_offset, load_vaddr;
@@ -288,10 +288,12 @@ int elf_load_deps(char *library)
if (dir) {
alloc_library(dir, library);
} else {
-   char *elf = strdup(library);
+   char *elf1 = strdup(library);
+   char *elf2 = strdup(library);
 
-   alloc_library(dirname(elf), basename(library));
-   free(elf);
+   alloc_library(dirname(elf1), basename(elf2));
+   free(elf1);
+   free(elf2);
}
clazz = map[EI_CLASS];
 
diff --git a/jail/elf.h b/jail/elf.h
index 19ceb3e..ddbe234 100644
--- a/jail/elf.h
+++ b/jail/elf.h
@@ -31,8 +31,8 @@ struct library_path {
 extern struct avl_tree libraries;
 
 void alloc_library_path(const char *path);
-char* find_lib(char *file);
-int elf_load_deps(char *library);
+int elf_load_deps(const char *library);
+const char* find_lib(const char *file);
 void load_ldso_conf(const char *conf);
 
 #endif
diff --git a/jail/jail.c b/jail/jail.c
index 9952ed9..52f88ef 100644
--- a/jail/jail.c
+++ b/jail/jail.c
@@ -212,7 +212,7 @@ static char** build_envp(const char *seccomp)
static char preload_var[64];
static char seccomp_var[64];
static char debug_var[] = "LD_DEBUG=all";
-   char *preload_lib = find_lib("libpreload-seccomp.so");
+   const char *preload_lib = find_lib("libpreload-seccomp.so");
int count = 0;
 
if (seccomp && !preload_lib) {
-- 
1.9.1
___
openwrt-de

[OpenWrt-Devel] [PATCH procd v2 00/17] ujail fs jail rework/fixes/improvements

[Etienne CHAMPETIER]

As requested, i've split up in smaller patches my work
I also follow the unwritten code style requirement :)

"rework fs jail part" commit is still a bit big
but if i split it further i will edit the same line
in each commit (tell me if it too big)

Etienne CHAMPETIER (17):
  ujail: don't add non existant library_path
  ujail: don't pass unused arg in clone call
  ujail: stop using extern in elf.h
  ujail: use more const in elf.*
  ujail: use "#pragma once" in .h where needed
  ujail: add  to log.h
  ujail: add  and  to seccomp.h
  ujail: remove "#include log.h" from elf.h
  ujail: search libs in /lib before /lib64
  ujail: use PATH_MAX for path related buffers
  ujail: add init_library_search()
  ujail: fixup code style: "func()" -> "func(void)"
  ujail: remove some debug/dev hack
  ujail: DT_STRTAB uses d_ptr in d_un union (not d_val)
  ujail: rework fs jail part
  ujail: automatically add script (#!) interpreter
  ujail: add ELF interpreter (DT_INTERP) to the jail

 CMakeLists.txt  |   2 +-
 jail/capabilities.h |   1 +
 jail/elf.c  | 154 +---
 jail/elf.h  |  15 ++---
 jail/fs.c   | 181 
 jail/fs.h   |  18 ++
 jail/jail.c | 118 +++---
 jail/jail.h |  15 +
 jail/log.h  |   2 +
 jail/preload.c  |   2 -
 jail/seccomp.c  |   2 -
 jail/seccomp.h  |   4 ++
 12 files changed, 322 insertions(+), 192 deletions(-)
 create mode 100644 jail/fs.c
 create mode 100644 jail/fs.h
 create mode 100644 jail/jail.h

-- 
1.9.1
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH procd v2 05/17] ujail: use "#pragma once" in .h where needed

[Etienne CHAMPETIER]

Signed-off-by: Etienne CHAMPETIER 
---
 jail/capabilities.h | 1 +
 jail/elf.h  | 4 +---
 jail/log.h  | 1 +
 jail/seccomp.h  | 1 +
 4 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/jail/capabilities.h b/jail/capabilities.h
index e6699e9..beb67cc 100644
--- a/jail/capabilities.h
+++ b/jail/capabilities.h
@@ -10,5 +10,6 @@
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
  */
+#pragma once
 
 int drop_capabilities(const char *file);
diff --git a/jail/elf.h b/jail/elf.h
index ddbe234..82cbe14 100644
--- a/jail/elf.h
+++ b/jail/elf.h
@@ -10,8 +10,8 @@
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
  */
+#pragma once
 
-#ifndef _ELF_H__
 #include 
 #include 
 
@@ -34,5 +34,3 @@ void alloc_library_path(const char *path);
 int elf_load_deps(const char *library);
 const char* find_lib(const char *file);
 void load_ldso_conf(const char *conf);
-
-#endif
diff --git a/jail/log.h b/jail/log.h
index b1d201e..89e797b 100644
--- a/jail/log.h
+++ b/jail/log.h
@@ -10,6 +10,7 @@
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
  */
+#pragma once
 
 extern int debug;
 #include 
diff --git a/jail/seccomp.h b/jail/seccomp.h
index 45eede7..6540246 100644
--- a/jail/seccomp.h
+++ b/jail/seccomp.h
@@ -10,6 +10,7 @@
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
  */
+#pragma once
 
 #define INFO(fmt, ...) do { \
syslog(LOG_INFO,"preload-seccomp: "fmt, ## __VA_ARGS__); \
-- 
1.9.1
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH procd v2 07/17] ujail: add and to seccomp.h

[Etienne CHAMPETIER]

headers must include all there dependencies, no more, no less

Signed-off-by: Etienne CHAMPETIER 
---
 jail/preload.c | 2 --
 jail/seccomp.c | 2 --
 jail/seccomp.h | 3 +++
 3 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/jail/preload.c b/jail/preload.c
index a1cc0b6..5466f27 100644
--- a/jail/preload.c
+++ b/jail/preload.c
@@ -13,12 +13,10 @@
 
 #define _GNU_SOURCE
 #include 
-#include 
 #include 
 #include 
 #include 
 #include 
-#include 
 
 #include "seccomp.h"
 #include "../preload.h"
diff --git a/jail/seccomp.c b/jail/seccomp.c
index de01fc6..dcd19ec 100644
--- a/jail/seccomp.c
+++ b/jail/seccomp.c
@@ -10,11 +10,9 @@
  * found in the LICENSE file.
  */
 #define _GNU_SOURCE 1
-#include 
 #include 
 #include 
 #include 
-#include 
 
 #include 
 #include 
diff --git a/jail/seccomp.h b/jail/seccomp.h
index 6540246..615cc4d 100644
--- a/jail/seccomp.h
+++ b/jail/seccomp.h
@@ -12,6 +12,9 @@
  */
 #pragma once
 
+#include 
+#include 
+
 #define INFO(fmt, ...) do { \
syslog(LOG_INFO,"preload-seccomp: "fmt, ## __VA_ARGS__); \
fprintf(stderr,"preload-seccomp: "fmt, ## __VA_ARGS__); \
-- 
1.9.1
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH procd v2 08/17] ujail: remove "#include log.h" from elf.h

[Etienne CHAMPETIER]

headers must include all there dependencies, no more, no less

Signed-off-by: Etienne CHAMPETIER 
---
 jail/elf.c  | 1 +
 jail/elf.h  | 2 --
 jail/jail.c | 1 +
 3 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/jail/elf.c b/jail/elf.c
index 6d36215..5e22606 100644
--- a/jail/elf.c
+++ b/jail/elf.c
@@ -26,6 +26,7 @@
 #include 
 
 #include "elf.h"
+#include "log.h"
 
 struct avl_tree libraries;
 static LIST_HEAD(library_paths);
diff --git a/jail/elf.h b/jail/elf.h
index 82cbe14..6687f3c 100644
--- a/jail/elf.h
+++ b/jail/elf.h
@@ -15,8 +15,6 @@
 #include 
 #include 
 
-#include "log.h"
-
 struct library {
struct avl_node avl;
char *name;
diff --git a/jail/jail.c b/jail/jail.c
index 7349a05..ae09623 100644
--- a/jail/jail.c
+++ b/jail/jail.c
@@ -28,6 +28,7 @@
 
 #include "elf.h"
 #include "capabilities.h"
+#include "log.h"
 
 #include 
 #include 
-- 
1.9.1
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH procd v2 06/17] ujail: add to log.h

[Etienne CHAMPETIER]

headers must include all there dependencies, no more, no less
(it uses fprintf)

Signed-off-by: Etienne CHAMPETIER 
---
 jail/elf.c  | 1 -
 jail/jail.c | 1 -
 jail/log.h  | 1 +
 3 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/jail/elf.c b/jail/elf.c
index fb046b4..6d36215 100644
--- a/jail/elf.c
+++ b/jail/elf.c
@@ -16,7 +16,6 @@
 
 #include 
 #include 
-#include 
 #include 
 #include 
 #include 
diff --git a/jail/jail.c b/jail/jail.c
index 52f88ef..7349a05 100644
--- a/jail/jail.c
+++ b/jail/jail.c
@@ -20,7 +20,6 @@
 #include 
 #include 
 #include 
-#include 
 #include 
 #include 
 #include 
diff --git a/jail/log.h b/jail/log.h
index 89e797b..0da3f2e 100644
--- a/jail/log.h
+++ b/jail/log.h
@@ -13,6 +13,7 @@
 #pragma once
 
 extern int debug;
+#include 
 #include 
 
 #define INFO(fmt, ...) do { \
-- 
1.9.1
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH procd v2 09/17] ujail: search libs in /lib before /lib64

[Etienne CHAMPETIER]

musl (openwrt DD r47603 x86-64) looks for lib only in /lib,
not in /lib64, and /lib64 is a symlink to /lib, so ujail find
all the libs in /lib64, add them in the jail (only under /lib64)
and then musl fails to find the libs.

uClibc (openwrt CC r47608 x86-64) looks for lib in /lib and
/usr/lib, not in /lib64 (/lib64 is also a symlink to /lib)

/lib64 is before /lib since the first commit, i don't know
if it was on purpose

this partly fixes
https://dev.openwrt.org/ticket/20785

Signed-off-by: Etienne CHAMPETIER 
---
 jail/jail.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/jail/jail.c b/jail/jail.c
index ae09623..e8c8f08 100644
--- a/jail/jail.c
+++ b/jail/jail.c
@@ -154,8 +154,8 @@ static int build_jail_fs()
}
 
avl_init(&libraries, avl_strcmp, false, NULL);
-   alloc_library_path("/lib64");
alloc_library_path("/lib");
+   alloc_library_path("/lib64");
alloc_library_path("/usr/lib");
load_ldso_conf("/etc/ld.so.conf");
 
-- 
1.9.1
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH procd v2 11/17] ujail: add init_library_search()

[Etienne CHAMPETIER]

move all libraries search initialisation stuff
into elf.c / init_library_search()

for now we don't handle musl specific files

Signed-off-by: Etienne CHAMPETIER 
---
 jail/elf.c  | 13 +++--
 jail/elf.h  |  3 +--
 jail/jail.c |  6 +-
 3 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/jail/elf.c b/jail/elf.c
index 2acac71..c3a392c 100644
--- a/jail/elf.c
+++ b/jail/elf.c
@@ -32,7 +32,7 @@
 struct avl_tree libraries;
 static LIST_HEAD(library_paths);
 
-void alloc_library_path(const char *path)
+static void alloc_library_path(const char *path)
 {
struct stat s;
if (stat(path, &s))
@@ -311,7 +311,7 @@ err_out:
return ret;
 }
 
-void load_ldso_conf(const char *conf)
+static void load_ldso_conf(const char *conf)
 {
FILE* fp = fopen(conf, "r");
char line[PATH_MAX];
@@ -356,3 +356,12 @@ void load_ldso_conf(const char *conf)
 
fclose(fp);
 }
+
+void init_library_search(void)
+{
+   avl_init(&libraries, avl_strcmp, false, NULL);
+   alloc_library_path("/lib");
+   alloc_library_path("/lib64");
+   alloc_library_path("/usr/lib");
+   load_ldso_conf("/etc/ld.so.conf");
+}
diff --git a/jail/elf.h b/jail/elf.h
index 6687f3c..bb9c143 100644
--- a/jail/elf.h
+++ b/jail/elf.h
@@ -28,7 +28,6 @@ struct library_path {
 
 extern struct avl_tree libraries;
 
-void alloc_library_path(const char *path);
 int elf_load_deps(const char *library);
 const char* find_lib(const char *file);
-void load_ldso_conf(const char *conf);
+void init_library_search(void);
diff --git a/jail/jail.c b/jail/jail.c
index 90aa482..5b24f63 100644
--- a/jail/jail.c
+++ b/jail/jail.c
@@ -154,11 +154,7 @@ static int build_jail_fs()
return -1;
}
 
-   avl_init(&libraries, avl_strcmp, false, NULL);
-   alloc_library_path("/lib");
-   alloc_library_path("/lib64");
-   alloc_library_path("/usr/lib");
-   load_ldso_conf("/etc/ld.so.conf");
+   init_library_search();
 
if (elf_load_deps(*opts.jail_argv)) {
ERROR("failed to load dependencies\n");
-- 
1.9.1
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH procd v2 10/17] ujail: use PATH_MAX for path related buffers

[Etienne CHAMPETIER]

Signed-off-by: Etienne CHAMPETIER 
---
 jail/elf.c  | 9 +
 jail/jail.c | 9 +
 2 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/jail/elf.c b/jail/elf.c
index 5e22606..2acac71 100644
--- a/jail/elf.c
+++ b/jail/elf.c
@@ -22,6 +22,7 @@
 #include 
 #include 
 #include 
+#include 
 
 #include 
 
@@ -72,7 +73,7 @@ static void alloc_library(const char *path, const char *name)
 static int elf_open(char **dir, const char *file)
 {
struct library_path *p;
-   char path[256];
+   char path[PATH_MAX];
int fd = -1;
 
*dir = NULL;
@@ -98,7 +99,7 @@ static int elf_open(char **dir, const char *file)
 const char* find_lib(const char *file)
 {
struct library *l;
-   static char path[256];
+   static char path[PATH_MAX];
const char *p;
 
l = avl_find_element(&libraries, file, l, avl);
@@ -313,7 +314,7 @@ err_out:
 void load_ldso_conf(const char *conf)
 {
FILE* fp = fopen(conf, "r");
-   char line[256];
+   char line[PATH_MAX];
 
if (!fp) {
DEBUG("failed to open %s\n", conf);
@@ -323,7 +324,7 @@ void load_ldso_conf(const char *conf)
while (!feof(fp)) {
int len;
 
-   if (!fgets(line, 256, fp))
+   if (!fgets(line, sizeof(line), fp))
break;
len = strlen(line);
if (len < 2)
diff --git a/jail/jail.c b/jail/jail.c
index e8c8f08..90aa482 100644
--- a/jail/jail.c
+++ b/jail/jail.c
@@ -25,6 +25,7 @@
 #include 
 #include 
 #include 
+#include 
 
 #include "elf.h"
 #include "capabilities.h"
@@ -93,8 +94,8 @@ static int mount_bind(const char *root, const char *path, 
const char *name, int
 {
const char *p = path;
struct stat s;
-   char old[256];
-   char new[256];
+   char old[PATH_MAX];
+   char new[PATH_MAX];
int fd;
 
if (strstr(p, "local"))
@@ -209,8 +210,8 @@ static int build_jail_fs()
 static char** build_envp(const char *seccomp)
 {
static char *envp[MAX_ENVP];
-   static char preload_var[64];
-   static char seccomp_var[64];
+   static char preload_var[PATH_MAX];
+   static char seccomp_var[PATH_MAX];
static char debug_var[] = "LD_DEBUG=all";
const char *preload_lib = find_lib("libpreload-seccomp.so");
int count = 0;
-- 
1.9.1
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH procd v2 13/17] ujail: remove some debug/dev hack

[Etienne CHAMPETIER]

this code is present since first ujail commit (dfcfcca7)

Signed-off-by: Etienne CHAMPETIER 
---
 jail/elf.c  | 7 +--
 jail/jail.c | 8 ++--
 2 files changed, 3 insertions(+), 12 deletions(-)

diff --git a/jail/elf.c b/jail/elf.c
index c3a392c..7c52880 100644
--- a/jail/elf.c
+++ b/jail/elf.c
@@ -100,17 +100,12 @@ const char* find_lib(const char *file)
 {
struct library *l;
static char path[PATH_MAX];
-   const char *p;
 
l = avl_find_element(&libraries, file, l, avl);
if (!l)
return NULL;
 
-   p = l->path;
-   if (strstr(p, "local"))
-   p = "/lib";
-
-   snprintf(path, sizeof(path), "%s/%s", p, file);
+   snprintf(path, sizeof(path), "%s/%s", l->path, file);
 
return path;
 }
diff --git a/jail/jail.c b/jail/jail.c
index b7e6946..f62d121 100644
--- a/jail/jail.c
+++ b/jail/jail.c
@@ -92,21 +92,17 @@ static int mkdir_p(char *dir, mode_t mask)
 
 static int mount_bind(const char *root, const char *path, const char *name, 
int readonly, int error)
 {
-   const char *p = path;
struct stat s;
char old[PATH_MAX];
char new[PATH_MAX];
int fd;
 
-   if (strstr(p, "local"))
-   p = "/lib";
-
snprintf(old, sizeof(old), "%s/%s", path, name);
-   snprintf(new, sizeof(new), "%s%s", root, p);
+   snprintf(new, sizeof(new), "%s%s", root, path);
 
mkdir_p(new, 0755);
 
-   snprintf(new, sizeof(new), "%s%s/%s", root, p, name);
+   snprintf(new, sizeof(new), "%s%s/%s", root, path, name);
 
if (stat(old, &s)) {
ERROR("%s does not exist\n", old);
-- 
1.9.1
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH procd v2 12/17] ujail: fixup code style: "func()" -> "func(void)"

[Etienne CHAMPETIER]

Signed-off-by: Etienne CHAMPETIER 
---
 jail/jail.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/jail/jail.c b/jail/jail.c
index 5b24f63..b7e6946 100644
--- a/jail/jail.c
+++ b/jail/jail.c
@@ -139,7 +139,7 @@ static int mount_bind(const char *root, const char *path, 
const char *name, int
return 0;
 }
 
-static int build_jail_fs()
+static int build_jail_fs(void)
 {
struct library *l;
struct extra *m;
@@ -253,7 +253,7 @@ ujail will not use namespace/build a jail,\n\
 and will only drop capabilities/apply seccomp filter.\n\n");
 }
 
-static int exec_jail()
+static int exec_jail(void)
 {
char **envp = build_envp(opts.seccomp);
if (!envp)
-- 
1.9.1
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH procd v2 15/17] ujail: rework fs jail part

[Etienne CHAMPETIER]

Change functions to work with full paths (do less split and concat of path)
  Store "soname" as key and the fullpath as path in "libraries"
  Remove "extras" list and replace it with "mounts" avl_tree
  ("mounts" also store fullpath)

Add add_path_and_deps() function to handle file/lib openning and mmaping
  Check if file is an elf (magic number) before passing it to elf_load_deps()
  elf_load_deps() now only handle elf parsing part
  next commit adds script (#!) handling

Use add_path_and_deps() with -r and -w args to automatically add dependencies

Signed-off-by: Etienne CHAMPETIER 
---
 CMakeLists.txt |   2 +-
 jail/elf.c |  98 +---
 jail/elf.h |   4 +-
 jail/fs.c  | 153 +
 jail/fs.h  |  18 +++
 jail/jail.c|  91 ++
 jail/jail.h|  15 ++
 7 files changed, 240 insertions(+), 141 deletions(-)
 create mode 100644 jail/fs.c
 create mode 100644 jail/fs.h
 create mode 100644 jail/jail.h

diff --git a/CMakeLists.txt b/CMakeLists.txt
index d749c25..2718125 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -87,7 +87,7 @@ ADD_DEPENDENCIES(preload-seccomp syscall-names-h)
 endif()
 
 IF(JAIL_SUPPORT)
-ADD_EXECUTABLE(ujail jail/jail.c jail/elf.c jail/capabilities.c)
+ADD_EXECUTABLE(ujail jail/jail.c jail/elf.c jail/fs.c jail/capabilities.c)
 TARGET_LINK_LIBRARIES(ujail ubox blobmsg_json)
 INSTALL(TARGETS ujail
RUNTIME DESTINATION ${CMAKE_INSTALL_SBINDIR}
diff --git a/jail/elf.c b/jail/elf.c
index 46c19df..136789e 100644
--- a/jail/elf.c
+++ b/jail/elf.c
@@ -12,14 +12,10 @@
  */
 
 #define _GNU_SOURCE
-#include 
 
-#include 
-#include 
 #include 
 #include 
 #include 
-#include 
 #include 
 #include 
 #include 
@@ -27,6 +23,7 @@
 #include 
 
 #include "elf.h"
+#include "fs.h"
 #include "log.h"
 
 struct avl_tree libraries;
@@ -52,7 +49,11 @@ static void alloc_library_path(const char *path)
DEBUG("adding ld.so path %s\n", path);
 }
 
-static void alloc_library(const char *path, const char *name)
+/*
+ * path = full path
+ * name = soname/avl key
+ */
+void alloc_library(const char *path, const char *name)
 {
struct library *l;
char *_name, *_path;
@@ -67,47 +68,38 @@ static void alloc_library(const char *path, const char 
*name)
l->path = strcpy(_path, path);
 
avl_insert(&libraries, &l->avl);
-   DEBUG("adding library %s/%s\n", path, name);
+   DEBUG("adding library %s (%s)\n", path, name);
 }
 
-static int elf_open(char **dir, const char *file)
+int lib_open(char **fullpath, const char *file)
 {
struct library_path *p;
char path[PATH_MAX];
int fd = -1;
 
-   *dir = NULL;
+   *fullpath = NULL;
 
list_for_each_entry(p, &library_paths, list) {
-   if (strlen(p->path))
-   snprintf(path, sizeof(path), "%s/%s", p->path, file);
-   else
-   strncpy(path, file, sizeof(path));
+   snprintf(path, sizeof(path), "%s/%s", p->path, file);
fd = open(path, O_RDONLY);
if (fd >= 0) {
-   *dir = p->path;
+   *fullpath = strdup(path);
break;
}
}
 
-   if (fd == -1)
-   fd = open(file, O_RDONLY);
-
return fd;
 }
 
 const char* find_lib(const char *file)
 {
struct library *l;
-   static char path[PATH_MAX];
 
l = avl_find_element(&libraries, file, l, avl);
if (!l)
return NULL;
 
-   snprintf(path, sizeof(path), "%s/%s", l->path, file);
-
-   return path;
+   return l->path;
 }
 
 static int elf64_find_section(const char *map, unsigned int type, unsigned int 
*offset, unsigned int *size, unsigned int *vaddr)
@@ -197,7 +189,7 @@ static int elf32_scan_dynamic(const char *map, int 
dyn_offset, int dyn_size, int
if (curr->d_tag != DT_NEEDED)
continue;
 
-   if (elf_load_deps(&strtab[curr->d_un.d_val]))
+   if (add_path_and_deps(&strtab[curr->d_un.d_val], 1, -1, 1))
return -1;
}
 
@@ -231,79 +223,37 @@ static int elf64_scan_dynamic(const char *map, int 
dyn_offset, int dyn_size, int
if (curr->d_tag != DT_NEEDED)
continue;
 
-   if (elf_load_deps(&strtab[curr->d_un.d_val]))
+   if (add_path_and_deps(&strtab[curr->d_un.d_val], 1, -1, 1))
return -1;
}
 
return 0;
 }
 
-int elf_load_deps(const char *library)
+int elf_load_deps(const char *path, const char *map)
 {
unsigned int dyn_offset, dyn_size;
   

[OpenWrt-Devel] [PATCH procd v2 14/17] ujail: DT_STRTAB uses d_ptr in d_un union (not d_val)

[Etienne CHAMPETIER]

see
https://docs.oracle.com/cd/E19683-01/817-3677/chapter6-42444/index.html

Signed-off-by: Etienne CHAMPETIER 
---
 jail/elf.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/jail/elf.c b/jail/elf.c
index 7c52880..46c19df 100644
--- a/jail/elf.c
+++ b/jail/elf.c
@@ -182,7 +182,7 @@ static int elf32_scan_dynamic(const char *map, int 
dyn_offset, int dyn_size, int
if (curr->d_tag != DT_STRTAB)
continue;
 
-   strtab = map + (curr->d_un.d_val - load_offset);
+   strtab = map + (curr->d_un.d_ptr - load_offset);
break;
}
 
@@ -216,7 +216,7 @@ static int elf64_scan_dynamic(const char *map, int 
dyn_offset, int dyn_size, int
if (curr->d_tag != DT_STRTAB)
continue;
 
-   strtab = map + (curr->d_un.d_val - load_offset);
+   strtab = map + (curr->d_un.d_ptr - load_offset);
break;
}
 
-- 
1.9.1
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH procd v2 16/17] ujail: automatically add script (#!) interpreter

[Etienne CHAMPETIER]

this make simple script work easily with ujail

Signed-off-by: Etienne CHAMPETIER 
---
 jail/fs.c | 28 
 1 file changed, 28 insertions(+)

diff --git a/jail/fs.c b/jail/fs.c
index aeab730..c848700 100644
--- a/jail/fs.c
+++ b/jail/fs.c
@@ -79,6 +79,29 @@ void mount_list_init(void) {
avl_init(&mounts, avl_strcmp, false, NULL);
 }
 
+static int add_script_interp(const char *path, const char *map, int size)
+{
+   int start = 2;
+   while (start < size && map[start] != '/') {
+   start++;
+   }
+   if (start >= size) {
+   ERROR("bad script interp (%s)", path);
+   return -1;
+   }
+   int stop = start + 1;
+   while (stop < size && map[stop] > 0x20 && map[stop] <= 0x7e) {
+   stop++;
+   }
+   if (stop >= size || (stop-start) > PATH_MAX) {
+   ERROR("bad script interp (%s)", path);
+   return -1;
+   }
+   char buf[PATH_MAX];
+   strncpy(buf, map+start, stop-start);
+   return add_path_and_deps(buf, 1, -1, 0);
+}
+
 int add_path_and_deps(const char *path, int readonly, int error, int lib)
 {
assert(path != NULL);
@@ -135,6 +158,11 @@ int add_path_and_deps(const char *path, int readonly, int 
error, int lib)
goto out;
}
 
+   if (map[0] == '#' && map[1] == '!') {
+   ret = add_script_interp(path, map, s.st_size);
+   goto out;
+   }
+
if (map[0] == ELFMAG0 && map[1] == ELFMAG1 && map[2] == ELFMAG2 && 
map[3] == ELFMAG3) {
ret = elf_load_deps(path, map);
goto out;
-- 
1.9.1
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel