[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Google Summer of Code participation

From: Wei Shen
Subject: Re: Google Summer of Code participation
Date: Sun, 16 Mar 2008 00:47:23 +0800

I read the project ideas list, and found "server overriding mechanism" is there. I have once tried investigating this issue, but failed to continue at last. Still, I wonder whether I should submit my modification to Glibc for an simple implementation of socket server overriding, though the work is rather minor (see attachment).
I also find "secure chroot implementation" in the list. IMHO, the unsafty of chroot is not caused by passive translator. In fact, currently chroot is implemented totally at client side by changing the INIT_PORT_CRDIR port matained by in Glibc. So, it is easy to escape from chroot by bypassing the file port resolving routine of Glibc, or just by modifying the CRDIR port. No need to exploit passive translators at all. We should first let the file server know and control chroot before making translators aware of it.
I made a try to implement a basic mechanism of socket servers  (pfinet and pflocal) overriding, as described below. Comments are solicited.
1) Add two new environment variables: SERVERS_SOCKET_LOCAL for the pf_local socket server and SERVERS_SOCKET_INET for the pf_inet server. The value of each variable should be set to a colon-separated list, and each element of the list is a file path that specifies a overriding server.
2) Hack _hurd_socket_server in "hurd/hurdsock.c" of Glibc to check for the two environment variables.
For example, when looking up the socket server of pf_inet domain, _hurd_socket_server first checks SERVERS_SOCKET_INET. If SERVERS_SOCKET_INET is not set or is set to null, then just queries and returns the port of the default pf_inet server as usual; or else, repeatedly tries querying each overriding server in the overriding list defined by SERVERS_SOCKET_INET, until the first existing overriding server is found (or none is found).
The modified hurd/hurdsock.c is attached to this mail. I have tested it with Glibc-2.5.
Wei Shen

Attachment: hurdsock.c
Description: Binary data

reply via email to

[Prev in Thread] Current Thread [Next in Thread]