98254a7c1f
This change reconciles our pledge() implementation with the OpenBSD
kernel source code. We now a polyfill that's much closer to OpenBSD's
behavior. For example, it was discovered that "stdio" permits threads.
There were a bunch of Linux system calls that needed to be added, like
sched_yield(). The exec / execnative category division is now dropped.
We're instead using OpenBSD's "prot_exec" promise for launching APE
binaries and dynamic shared objects. We also now filter clone() flags.
The pledge.com command has been greatly improved. It now does unveiling
by default when Landlock is available. It's now smart enough to unveil a
superset of paths that OpenBSD automatically unveils with pledge(), such
as /etc/localtime. pledge.com also now checks if the executable being
launched is a dynamic shared object, in which case it unveils libraries.
These changes now make it possible to pledge curl on ubuntu 20.04 glibc:
pledge.com -p 'stdio rpath prot_exec inet dns tty sendfd recvfd' \
curl -s https://justine.lol/hello.txt
Here's what pledging curl on Alpine 3.16 with Musl Libc looks like:
pledge.com -p 'stdio rpath prot_exec dns inet' \
curl -s https://justine.lol/hello.txt
Here's what pledging curl.com w/ ape loader looks like:
pledge.com -p 'stdio rpath prot_exec dns inet' \
o//examples/curl.com https://justine.lol/hello.txt
The most secure sandbox, is curl.com converted to static ELF:
o//tool/build/assimilate.com o//examples/curl.com
pledge.com -p 'stdio rpath dns inet' \
o//examples/curl.com https://justine.lol/hello.txt
A weird corner case needed to be handled when resolving symbolic links
during the unveiling process, that's arguably a Landlock bug. It's not
surprising since Musl and Glibc are also inconsistent here too.
|
||
|---|---|---|
| .. | ||
| calls | ||
| consts | ||
| errfuns | ||
| consts.sh | ||
| describeos.greg.c | ||
| errfun.S | ||
| errfuns.h | ||
| errfuns.sh | ||
| errno.c | ||
| errno_location.greg.c | ||
| gen.sh | ||
| macros.internal.h | ||
| README.md | ||
| restorert.S | ||
| strace.greg.c | ||
| syscall.S | ||
| syscalls.sh | ||
| syscount.S | ||
| systemfive.S | ||
| sysv.mk | ||
SYNOPSIS
System Five Import Libraries
OVERVIEW
Bell System Five is the umbrella term we use to describe Linux, FreeBSD, OpenBSD, and Mac OS X which all have nearly-identical application binary interfaces that stood the test of time, having definitions nearly the same as those of AT&T back in the 1980's.
Cosmopolitan aims to help you build apps that can endure over the course of decades, just like these systems have: without needing to lift a finger for maintenance churn, broken builds, broken hearts.
The challenge to System V binary compatibility basically boils down to numbers. All these systems agree on what services are provided, but tend to grant them wildly different numbers.
We address this by putting all the numbers in a couple big shell scripts, ask the GNU Assembler to encode them into binaries using an efficient LEB128 encoding, unpacked by _init(), and ref'd via extern const. It gives us good debuggability, and any costs are gained back by fewer branches in wrapper functions.z