[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor/master] Move winprocess_sys into a new low-level hardening module

To: tor-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [tor/master] Move winprocess_sys into a new low-level hardening module
From: nickm@xxxxxxxxxxxxxx
Date: Mon, 24 Feb 2020 12:51:37 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 24 Feb 2020 07:51:52 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-commits/>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
Patch-author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>

commit 90524de0b268a76665fbe9ddce4878b10c9389c4
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date:   Thu Feb 13 13:14:54 2020 -0500

    Move winprocess_sys into a new low-level hardening module
    
    This code was in our process module, but it doesn't belong there:
    process is for launching and monitoring subprocesses, not for
    hardening the current process.
    
    This change lets us have our subsystem init order more closely match
    our dependency order.
---
 .gitignore                                     |  2 ++
 Makefile.am                                    |  2 ++
 src/app/main/subsystem_list.c                  |  2 +-
 src/include.am                                 |  1 +
 src/lib/llharden/.may_include                  |  3 +++
 src/lib/llharden/include.am                    | 19 +++++++++++++++++++
 src/lib/llharden/lib_llharden.md               |  6 ++++++
 src/lib/{process => llharden}/winprocess_sys.c |  2 +-
 src/lib/{process => llharden}/winprocess_sys.h |  0
 src/lib/process/include.am                     |  6 ++----
 10 files changed, 37 insertions(+), 6 deletions(-)

diff --git a/.gitignore b/.gitignore
index 77610b319..469bbd39a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -186,6 +186,8 @@ uptime-*.json
 /src/lib/libtor-geoip-testing.a
 /src/lib/libtor-intmath.a
 /src/lib/libtor-intmath-testing.a
+/src/lib/libtor-llharden.a
+/src/lib/libtor-llharden-testing.a
 /src/lib/libtor-lock.a
 /src/lib/libtor-lock-testing.a
 /src/lib/libtor-log.a
diff --git a/Makefile.am b/Makefile.am
index ac61a990f..7774995ae 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -70,6 +70,7 @@ TOR_UTIL_LIBS = \
 	src/lib/libtor-wallclock.a \
 	src/lib/libtor-err.a \
 	src/lib/libtor-version.a \
+	src/lib/libtor-llharden.a \
 	src/lib/libtor-intmath.a \
 	src/lib/libtor-ctime.a
 
@@ -104,6 +105,7 @@ TOR_UTIL_TESTING_LIBS = \
 	src/lib/libtor-wallclock-testing.a \
 	src/lib/libtor-err-testing.a \
 	src/lib/libtor-version-testing.a \
+	src/lib/libtor-llharden-testing.a \
 	src/lib/libtor-intmath.a \
 	src/lib/libtor-ctime-testing.a
 endif
diff --git a/src/app/main/subsystem_list.c b/src/app/main/subsystem_list.c
index bb15b1736..84c6e6ec0 100644
--- a/src/app/main/subsystem_list.c
+++ b/src/app/main/subsystem_list.c
@@ -24,7 +24,7 @@
 #include "lib/log/log_sys.h"
 #include "lib/net/network_sys.h"
 #include "lib/process/process_sys.h"
-#include "lib/process/winprocess_sys.h"
+#include "lib/llharden/winprocess_sys.h"
 #include "lib/thread/thread_sys.h"
 #include "lib/time/time_sys.h"
 #include "lib/tls/tortls_sys.h"
diff --git a/src/include.am b/src/include.am
index f5f868d23..657f6e823 100644
--- a/src/include.am
+++ b/src/include.am
@@ -19,6 +19,7 @@ include src/lib/fs/include.am
 include src/lib/geoip/include.am
 include src/lib/include.libdonna.am
 include src/lib/intmath/include.am
+include src/lib/llharden/include.am
 include src/lib/lock/include.am
 include src/lib/log/include.am
 include src/lib/math/include.am
diff --git a/src/lib/llharden/.may_include b/src/lib/llharden/.may_include
new file mode 100644
index 000000000..038237dad
--- /dev/null
+++ b/src/lib/llharden/.may_include
@@ -0,0 +1,3 @@
+lib/llharden/*.h
+lib/subsys/*.h
+orconfig.h
diff --git a/src/lib/llharden/include.am b/src/lib/llharden/include.am
new file mode 100644
index 000000000..0a4788c7d
--- /dev/null
+++ b/src/lib/llharden/include.am
@@ -0,0 +1,19 @@
+
+noinst_LIBRARIES += src/lib/libtor-llharden.a
+
+if UNITTESTS_ENABLED
+noinst_LIBRARIES += src/lib/libtor-llharden-testing.a
+endif
+
+# ADD_C_FILE: INSERT SOURCES HERE.
+src_lib_libtor_llharden_a_SOURCES =		\
+	src/lib/llharden/winprocess_sys.c
+
+src_lib_libtor_llharden_testing_a_SOURCES = \
+	$(src_lib_libtor_llharden_a_SOURCES)
+src_lib_libtor_llharden_testing_a_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS)
+src_lib_libtor_llharden_testing_a_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS)
+
+# ADD_C_FILE: INSERT HEADERS HERE.
+noinst_HEADERS +=				\
+	src/lib/llharden/winprocess_sys.h
diff --git a/src/lib/llharden/lib_llharden.md b/src/lib/llharden/lib_llharden.md
new file mode 100644
index 000000000..69e9af532
--- /dev/null
+++ b/src/lib/llharden/lib_llharden.md
@@ -0,0 +1,6 @@
+@dir /lib/llharden
+@brief lib/llharden: low-level unconditional process hardening
+
+This module contains process hardening code that we want to run before any
+other code, including configuration.  It needs to be self-contained, since
+nothing else will be initialized at this point.
diff --git a/src/lib/process/winprocess_sys.c b/src/lib/llharden/winprocess_sys.c
similarity index 97%
rename from src/lib/process/winprocess_sys.c
rename to src/lib/llharden/winprocess_sys.c
index e43a77e46..a5f22c182 100644
--- a/src/lib/process/winprocess_sys.c
+++ b/src/lib/llharden/winprocess_sys.c
@@ -8,7 +8,7 @@
 
 #include "orconfig.h"
 #include "lib/subsys/subsys.h"
-#include "lib/process/winprocess_sys.h"
+#include "lib/llharden/winprocess_sys.h"
 
 #include <stdbool.h>
 #include <stddef.h>
diff --git a/src/lib/process/winprocess_sys.h b/src/lib/llharden/winprocess_sys.h
similarity index 100%
rename from src/lib/process/winprocess_sys.h
rename to src/lib/llharden/winprocess_sys.h
diff --git a/src/lib/process/include.am b/src/lib/process/include.am
index af5f99617..18876b3f5 100644
--- a/src/lib/process/include.am
+++ b/src/lib/process/include.am
@@ -16,8 +16,7 @@ src_lib_libtor_process_a_SOURCES =		\
 	src/lib/process/process_win32.c		\
 	src/lib/process/restrict.c		\
 	src/lib/process/setuid.c		\
-	src/lib/process/waitpid.c		\
-	src/lib/process/winprocess_sys.c
+	src/lib/process/waitpid.c
 
 src_lib_libtor_process_testing_a_SOURCES = \
 	$(src_lib_libtor_process_a_SOURCES)
@@ -35,5 +34,4 @@ noinst_HEADERS +=				\
 	src/lib/process/process_win32.h		\
 	src/lib/process/restrict.h		\
 	src/lib/process/setuid.h		\
-	src/lib/process/waitpid.h		\
-	src/lib/process/winprocess_sys.h
+	src/lib/process/waitpid.h



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Prev by Author: [tor-commits] [tor/maint-0.4.3] dirlist: Add configured trusted dir to the nodelist address set
Next by Author: [tor-commits] [tor/master] One more light changelog edit.
Previous by thread: [tor-commits] [tor/master] Re-order most subsystems to correspond to dependency order.
Next by thread: [tor-commits] [tor/master] Initialize all subsystems during the unit tests
Index(es):
- Author
- Thread