7cf66bc161
This change introduces the nointernet() function which may be called to prevent a process and its descendants from communicating with publicly routable Internet addresses. GNU Make has been modified to always call this function. In the future Landlock Make will have a way to whitelist subnets to override this behavior, or disable it entirely. Support is available for Linux only. Our firewall does not require root access. Calling nointernet() will return control to the caller inside a new process that has a SECCOMP BPF filter installed, which traps network related system calls. Your original process then becomes a permanent ptrace() supervisor that monitors all processes and threads descending from the returned child. Whenever a networking system call happens the kernel will stop the process and wakes up the monitor, which then peeks into the child memory to read the sockaddr_in to determine if it's ok. The downside to doing this is that there can be only one supervisor at a time using ptrace() on a process. So this firewall won't be enabled if you run make under strace or inside gdb. It also makes testing tricky. |
||
|---|---|---|
| .. | ||
| alg | ||
| bits | ||
| calls | ||
| crt | ||
| dns | ||
| elf | ||
| fmt | ||
| integral | ||
| intrin | ||
| isystem | ||
| linux | ||
| log | ||
| mem | ||
| nexgen32e | ||
| nt | ||
| rand | ||
| runtime | ||
| sock | ||
| stdio | ||
| str | ||
| stubs | ||
| sysv | ||
| testlib | ||
| thread | ||
| time | ||
| tinymath | ||
| unicode | ||
| x | ||
| zipos | ||
| assert.h | ||
| atomic.h | ||
| complex.h | ||
| dce.h | ||
| disclaimer.inc | ||
| dos.h | ||
| errno.h | ||
| inttypes.h | ||
| libc.mk | ||
| limits.h | ||
| literal.h | ||
| mach.h | ||
| macho.internal.h | ||
| macros-cpp.internal.inc | ||
| macros.internal.h | ||
| macros.internal.inc | ||
| math.h | ||
| notice.inc | ||
| notice.internal.h | ||
| paths.h | ||
| README.md | ||
| type2str.h | ||
| zip.h | ||
Cosmopolitan Standard Library
This directory defines static archives defining functions, like
printf(), mmap(), win32, etc. Please note that the Cosmopolitan
build configuration doesn't link any C/C++ library dependencies
by default, so you still have the flexibility to choose the one
provided by your system. If you'd prefer Cosmopolitan, just add
$(LIBC) and $(CRT) to your linker arguments.
Your library is compromised of many bite-sized static archives. We use the checkdeps tool to guarantee that the contents of the archives are organized in a logical way that's easy to use with or without our makefile infrastructure, since there's no cyclic dependencies.
The Cosmopolitan Library exports only the most stable canonical
system calls for all supported operating systems, regardless of
which platform is used for compilation. We polyfill many of the
APIs, e.g. read(), write() so they work consistently everywhere
while other apis, e.g. CreateWindowEx(), might only work on one
platform, in which case they become no-op functions on others.
Cosmopolitan polyfill wrappers will usually use the dollar sign naming convention, so they may be bypassed when necessary. This same convention is used when multiple implementations of string library and other performance-critical function are provided to allow Cosmopolitan to go fast on both old and newer computers.
We take an approach to configuration that relies heavily on the
compiler's dead code elimination pass (libc/dce.h). Most of the
code is written so that, for example, folks not wanting support
for OpenBSD can flip a bit in SUPPORT_VECTOR and that code will
be omitted from the build. The same is true for builds that are
tuned using -march=native which effectively asks the library to
not include runtime support hooks for x86 processors older than
what you use.
Please note that, unlike Cygwin or MinGW, Cosmopolitan does not achieve broad support by bolting on a POSIX emulation layer. We do nothing more than (in most cases) stateless API translations that get you 90% of the way there in a fast lightweight manner. We therefore can't address some of the subtle differences, such as the nuances of absolute paths on Windows. Our approach could be compared to something more along the lines of, "the Russians just used a pencil to write in space", versus spending millions researching a pen like NASA.