mirrors/cosmopolitan
1
0
Fork 0
mirror of https://github.com/jart/cosmopolitan.git synced 2025-05-30 01:02:29 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fix pledge.com interop with Go DNS

Browse source 
Based on a pure analysis of the Go source code, it wants:

- SOL_SOCKET + SO_BROADCAST
- IPPROTO_IPV6 + IPV6_V6ONLY

Fixes #627
This commit is contained in:
Justine Tunney 2022-09-18 03:56:52 -07:00
parent e14ae1642e
commit be29b709b7
No known key found for this signature in database
GPG key ID: BE714B4575D6E328
3 changed files with 68 additions and 58 deletions
Download patch file Download diff file Expand all files Collapse all files

6
test/libc/calls/pledge_test.c
View file

@ -49,7 +49,9 @@
#include "libc/sysv/consts/pr.h"
#include "libc/sysv/consts/prot.h"
#include "libc/sysv/consts/sig.h"
#include "libc/sysv/consts/so.h"
#include "libc/sysv/consts/sock.h"
#include "libc/sysv/consts/sol.h"
#include "libc/testlib/ezbench.h"
#include "libc/testlib/testlib.h"
#include "libc/thread/spawn.h"
@ -310,7 +312,7 @@ TEST(pledge, wpath_doesNotImplyRpath) {
TEST(pledge, inet_forbidsOtherSockets) {
if (IsOpenbsd()) return; // b/c testing linux bpf
int ws, pid;
int ws, pid, yes = 1;
ASSERT_NE(-1, (pid = fork()));
if (!pid) {
ASSERT_SYS(0, 0, pledge("stdio inet", 0));
@ -319,10 +321,12 @@ TEST(pledge, inet_forbidsOtherSockets) {
ASSERT_SYS(0, 5, socket(AF_INET, SOCK_STREAM, IPPROTO_TCP));
ASSERT_SYS(0, 6, socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP));
ASSERT_SYS(0, 7, socket(AF_INET6, SOCK_DGRAM | SOCK_NONBLOCK, IPPROTO_UDP));
ASSERT_SYS(0, 0, setsockopt(3, SOL_SOCKET, SO_BROADCAST, &yes, 4));
ASSERT_SYS(EPERM, -1, socket(AF_UNIX, SOCK_STREAM, 0));
ASSERT_SYS(EPERM, -1, socket(AF_BLUETOOTH, SOCK_DGRAM, IPPROTO_UDP));
ASSERT_SYS(EPERM, -1, socket(AF_INET, SOCK_RAW, IPPROTO_UDP));
ASSERT_SYS(EPERM, -1, socket(AF_INET, SOCK_DGRAM, IPPROTO_RAW));
ASSERT_SYS(EPERM, -1, setsockopt(3, SOL_SOCKET, SO_TIMESTAMP, &yes, 4));
struct sockaddr_in sin = {AF_INET, 0, {htonl(0x7f000001)}};
ASSERT_SYS(0, 0, bind(4, &sin, sizeof(sin)));
uint32_t az = sizeof(sin);

40
test/tool/build/pledge_test.sh
View file

@ -4,14 +4,14 @@ t=/tmp/pledge-test
if [ $# = 0 ]; then
if ! [ $(id -u) = 0 ]; then
make -j16 MODE= \
o//examples/ls.com \
o//examples/curl.com \
o//examples/life.com \
o//examples/hello.com \
o//examples/printargs.com \
o//tool/build/assimilate.com \
o//tool/build/pledge.com || exit
make -j16 MODE=fastbuild \
o/fastbuild/examples/ls.com \
o/fastbuild/examples/curl.com \
o/fastbuild/examples/life.com \
o/fastbuild/examples/hello.com \
o/fastbuild/examples/printargs.com \
o/fastbuild/tool/build/assimilate.com \
o/fastbuild/tool/build/pledge.com || exit
make -j16 MODE=$m \
o/$m/examples/ls.com \
o/$m/examples/curl.com \
@ -67,16 +67,16 @@ elif [ "$1" = ape_binfmt_test_suite ]; then
ape/apeinstall.sh >/dev/null 2>&1
startit ape binfmt life.com
o//tool/build/pledge.com -p 'stdio rpath prot_exec' o//examples/life.com
o/fastbuild/tool/build/pledge.com -p 'stdio rpath prot_exec' o/fastbuild/examples/life.com
[ $? = 42 ]
checkem
startit ape binfmt hello.com
[ "$(o//tool/build/pledge.com -p 'stdio rpath prot_exec' o//examples/hello.com)" = "hello world" ]
[ "$(o/fastbuild/tool/build/pledge.com -p 'stdio rpath prot_exec' o/fastbuild/examples/hello.com)" = "hello world" ]
checkem
startit ape binfmt curl.com
[ "$(o//tool/build/pledge.com -p 'stdio inet dns rpath prot_exec' o//examples/curl.com https://justine.lol/hello.txt)" = "hello world" ]
[ "$(o/fastbuild/tool/build/pledge.com -p 'stdio inet dns rpath prot_exec' o/fastbuild/examples/curl.com https://justine.lol/hello.txt)" = "hello world" ]
checkem
elif [ "$1" = ape_loader_test_suite ]; then
@ -84,16 +84,16 @@ elif [ "$1" = ape_loader_test_suite ]; then
ape/apeuninstall.sh >/dev/null 2>&1
startit ape loader life.com
o//tool/build/pledge.com -p 'stdio rpath prot_exec' o//examples/life.com
o/fastbuild/tool/build/pledge.com -p 'stdio rpath prot_exec' o/fastbuild/examples/life.com
[ $? = 42 ]
checkem
startit ape loader hello.com
[ "$(o//tool/build/pledge.com -p 'stdio rpath prot_exec' o//examples/hello.com)" = "hello world" ]
[ "$(o/fastbuild/tool/build/pledge.com -p 'stdio rpath prot_exec' o/fastbuild/examples/hello.com)" = "hello world" ]
checkem
startit ape loader curl.com
[ "$(o//tool/build/pledge.com -p 'stdio inet dns rpath prot_exec' o//examples/curl.com https://justine.lol/hello.txt)" = "hello world" ]
[ "$(o/fastbuild/tool/build/pledge.com -p 'stdio inet dns rpath prot_exec' o/fastbuild/examples/curl.com https://justine.lol/hello.txt)" = "hello world" ]
checkem
ape/apeinstall.sh >/dev/null 2>&1
@ -103,21 +103,21 @@ elif [ "$1" = ape_assimilated_test_suite ]; then
mkdir -p $t/assimilated
startit ape assimilated life.com
cp o//examples/life.com $t/assimilated
o//tool/build/assimilate.com $t/assimilated/life.com
cp o/fastbuild/examples/life.com $t/assimilated
o/fastbuild/tool/build/assimilate.com $t/assimilated/life.com
o/$m/tool/build/pledge.com -p 'stdio' $t/assimilated/life.com
[ $? = 42 ]
checkem
startit ape assimilated hello.com
cp o//examples/hello.com $t/assimilated
o//tool/build/assimilate.com $t/assimilated/hello.com
cp o/fastbuild/examples/hello.com $t/assimilated
o/fastbuild/tool/build/assimilate.com $t/assimilated/hello.com
[ "$(o/$m/tool/build/pledge.com -p 'stdio' $t/assimilated/hello.com)" = "hello world" ]
checkem
startit ape assimilated curl.com
cp o//examples/curl.com $t/assimilated
o//tool/build/assimilate.com $t/assimilated/curl.com
cp o/fastbuild/examples/curl.com $t/assimilated
o/fastbuild/tool/build/assimilate.com $t/assimilated/curl.com
[ "$(o/$m/tool/build/pledge.com -p 'stdio rpath inet dns' $t/assimilated/curl.com https://justine.lol/hello.txt)" = "hello world" ]
checkem