From: Ed M. <em...@fr...> - 2015-04-17 19:56:26
|
Capsicum is a lightweight OS capability and sandbox framework developed at the University of Cambridge Computer Laboratory, supported by grants from Google, the the FreeBSD Foundation, and DARPA. Applying Capsicum to ELF Tool Chain tools will mitigate the harm that will be done if any vulnerabilities in these tools are exploited. I've added Capsicum to readelf as a demonstration of what is involved. The commits are available in my GitHub repository in the cap-readelf branch: https://github.com/emaste/elftoolchain/tree/cap-readelf . I started from SVN revision 3187. There are three commits there (append .patch or .diff to the URLs to obtain the diffs if desired): First, a minor cleanup - readelf has an extraneous test for NULL argv that I removed. https://github.com/emaste/elftoolchain/commit/0ddbf792e2dc4da98042dcf1932fc1924433dbcb Second, a minor refactoring - I moved the opening of the file into main() and made dump_object operate on an already-opened fd. https://github.com/emaste/elftoolchain/commit/3af997a181983e9757417e186d16a2fcd23595cc Third, the Capsicum change itself - the change limits stderr and stdout to write only, and the input file to fstat and read only. Note that I enter Capsicum capability mode only for the last file in the list, as once that's done additional files cannot be opened. This is not ideal but is awkward to fix, and should be addressed by some common Capsicum infrastructure in the future. https://github.com/emaste/elftoolchain/commit/4f66fe9691a214601071fab0f63484a4fcd60a8c I plan to commit the first two changes (cleanup & refactoring) shortly. I'd like to get feedback and comments on the capsicum change before moving forward there. -Ed |