avoid unnecessary security-guard invocations in ffi-lib

Relevant to racket/sandbox-lib#1
This commit is contained in:
Matthew Flatt 2017-08-21 18:43:19 -06:00
parent 67ac06e6ed
commit 8257a592a0
8 changed files with 49 additions and 12 deletions

View File

@ -12,7 +12,7 @@
(define collection 'multi)
(define version "6.10.0.2")
(define version "6.10.0.3")
(define deps `("racket-lib"
["racket" #:version ,version]))

View File

@ -2,7 +2,9 @@
;; Foreign Racket interface
(require '#%foreign setup/dirs racket/unsafe/ops racket/private/for
(only-in '#%unsafe unsafe-thread-at-root)
(only-in '#%unsafe
unsafe-thread-at-root
unsafe-make-security-guard-at-root)
(for-syntax racket/base racket/list syntax/stx racket/syntax
racket/struct-info))
@ -163,9 +165,9 @@
(ormap ffi-lib* names) ; try good names first
(ffi-lib* name0) ; try original
(ormap (lambda (name) ; try relative paths
(and (file-exists? name) (ffi-lib* (fullpath name))))
(and (file-exists?/insecure name) (ffi-lib* (fullpath name))))
names)
(and (file-exists? name0) ; relative with original
(and (file-exists?/insecure name0) ; relative with original
(ffi-lib* (fullpath name0)))
;; give up: by default, call ffi-lib so it will raise an error
(if fail
@ -267,6 +269,14 @@
;; avoid them being GCed. See set-ffi-obj! above.
(define ffi-objects-ref-table (make-hasheq))
;; Like `file-exists?`, but avoid security-guard checks on the grounds
;; that it's being called from an already-allowed unsafe operation ---
;; so a sandbox doesn't have to make additional allowances for the
;; check.
(define (file-exists?/insecure path)
(parameterize ([current-security-guard (unsafe-make-security-guard-at-root)])
(file-exists? path)))
;; ----------------------------------------------------------------------------
;; Compile-time support for fun-expanders

View File

@ -20,6 +20,7 @@
unsafe-custodian-register
unsafe-custodian-unregister
unsafe-register-process-global
unsafe-make-security-guard-at-root
unsafe-set-on-atomic-timeout!
unsafe-abort-current-continuation/no-wind
unsafe-call-with-composable-continuation/no-wind)

View File

@ -1,5 +1,5 @@
{
SHARED_OK static MZCOMPILED_STRING_FAR unsigned char expr[] = {35,126,8,54,46,49,48,46,48,46,50,84,0,0,0,0,0,0,0,0,0,
SHARED_OK static MZCOMPILED_STRING_FAR unsigned char expr[] = {35,126,8,54,46,49,48,46,48,46,51,84,0,0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,0,0,0,54,0,0,0,1,0,0,8,0,18,
0,22,0,26,0,31,0,38,0,42,0,47,0,59,0,66,0,69,0,82,0,
89,0,94,0,103,0,109,0,123,0,137,0,140,0,146,0,157,0,159,0,173,
@ -102,7 +102,7 @@
EVAL_ONE_SIZED_STR((char *)expr, 2091);
}
{
SHARED_OK static MZCOMPILED_STRING_FAR unsigned char expr[] = {35,126,8,54,46,49,48,46,48,46,50,84,0,0,0,0,0,0,0,0,0,
SHARED_OK static MZCOMPILED_STRING_FAR unsigned char expr[] = {35,126,8,54,46,49,48,46,48,46,51,84,0,0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,0,0,0,183,0,0,0,1,0,0,8,0,16,
0,29,0,34,0,51,0,63,0,85,0,114,0,158,0,164,0,178,0,193,0,
211,0,223,0,239,0,253,0,19,1,39,1,73,1,90,1,107,1,130,1,145,
@ -1011,7 +1011,7 @@
EVAL_ONE_SIZED_STR((char *)expr, 19016);
}
{
SHARED_OK static MZCOMPILED_STRING_FAR unsigned char expr[] = {35,126,8,54,46,49,48,46,48,46,50,84,0,0,0,0,0,0,0,0,0,
SHARED_OK static MZCOMPILED_STRING_FAR unsigned char expr[] = {35,126,8,54,46,49,48,46,48,46,51,84,0,0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,0,0,0,15,0,0,0,1,0,0,8,0,23,
0,48,0,65,0,83,0,105,0,128,0,149,0,171,0,181,0,191,0,199,0,
209,0,217,0,0,0,253,1,0,0,3,1,5,105,110,115,112,48,76,35,37,
@ -1042,7 +1042,7 @@
EVAL_ONE_SIZED_STR((char *)expr, 582);
}
{
SHARED_OK static MZCOMPILED_STRING_FAR unsigned char expr[] = {35,126,8,54,46,49,48,46,48,46,50,84,0,0,0,0,0,0,0,0,0,
SHARED_OK static MZCOMPILED_STRING_FAR unsigned char expr[] = {35,126,8,54,46,49,48,46,48,46,51,84,0,0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,0,0,0,102,0,0,0,1,0,0,8,0,15,
0,26,0,53,0,59,0,73,0,86,0,112,0,129,0,151,0,159,0,171,0,
186,0,202,0,220,0,241,0,253,0,13,1,36,1,60,1,72,1,103,1,108,
@ -1538,7 +1538,7 @@
EVAL_ONE_SIZED_STR((char *)expr, 10344);
}
{
SHARED_OK static MZCOMPILED_STRING_FAR unsigned char expr[] = {35,126,8,54,46,49,48,46,48,46,50,84,0,0,0,0,0,0,0,0,0,
SHARED_OK static MZCOMPILED_STRING_FAR unsigned char expr[] = {35,126,8,54,46,49,48,46,48,46,51,84,0,0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,1,0,0,8,0,18,
0,22,0,28,0,42,0,56,0,68,0,88,0,102,0,117,0,130,0,135,0,
139,0,151,0,235,0,242,0,20,1,0,0,224,1,0,0,3,1,5,105,110,

View File

@ -15,7 +15,7 @@
#define USE_COMPILED_STARTUP 1
#define EXPECTED_PRIM_COUNT 1159
#define EXPECTED_UNSAFE_COUNT 141
#define EXPECTED_UNSAFE_COUNT 142
#define EXPECTED_FLFXNUM_COUNT 69
#define EXPECTED_EXTFL_COUNT 45
#define EXPECTED_FUTURES_COUNT 15

View File

@ -13,12 +13,12 @@
consistently.)
*/
#define MZSCHEME_VERSION "6.10.0.2"
#define MZSCHEME_VERSION "6.10.0.3"
#define MZSCHEME_VERSION_X 6
#define MZSCHEME_VERSION_Y 10
#define MZSCHEME_VERSION_Z 0
#define MZSCHEME_VERSION_W 2
#define MZSCHEME_VERSION_W 3
#define MZSCHEME_VERSION_MAJOR ((MZSCHEME_VERSION_X * 100) + MZSCHEME_VERSION_Y)
#define MZSCHEME_VERSION_MINOR ((MZSCHEME_VERSION_Z * 1000) + MZSCHEME_VERSION_W)

View File

@ -366,6 +366,7 @@ static Scheme_Object *is_thread_cell_values(int argc, Scheme_Object *args[]);
static Scheme_Object *make_security_guard(int argc, Scheme_Object *argv[]);
static Scheme_Object *security_guard_p(int argc, Scheme_Object *argv[]);
static Scheme_Object *current_security_guard(int argc, Scheme_Object *argv[]);
static Scheme_Object *unsafe_make_security_guard_at_root(int argc, Scheme_Object *argv[]);
static Scheme_Object *security_guard_check_file(int argc, Scheme_Object *argv[]);
static Scheme_Object *security_guard_check_file_link(int argc, Scheme_Object *argv[]);
@ -642,6 +643,8 @@ scheme_init_unsafe_thread (Scheme_Env *env)
GLOBAL_PRIM_W_ARITY("unsafe-register-process-global", unsafe_register_process_global, 2, 2, env);
GLOBAL_PRIM_W_ARITY("unsafe-set-on-atomic-timeout!", unsafe_set_on_atomic_timeout, 1, 1, env);
GLOBAL_PRIM_W_ARITY("unsafe-make-security-guard-at-root", unsafe_make_security_guard_at_root, 0, 3, env);
}
void scheme_init_thread_places(void) {
@ -8215,6 +8218,27 @@ static Scheme_Object *make_security_guard(int argc, Scheme_Object *argv[])
return (Scheme_Object *)sg;
}
static Scheme_Object *unsafe_make_security_guard_at_root(int argc, Scheme_Object *argv[])
{
Scheme_Security_Guard *sg;
if (argc > 0)
scheme_check_proc_arity("unsafe-make-security-guard-at-root", 3, 0, argc, argv);
if (argc > 1)
scheme_check_proc_arity("unsafe-make-security-guard-at-root", 4, 1, argc, argv);
if (argc > 2)
scheme_check_proc_arity2("unsafe-make-security-guard-at-root", 3, 2, argc, argv, 1);
sg = MALLOC_ONE_TAGGED(Scheme_Security_Guard);
sg->so.type = scheme_security_guard_type;
sg->parent = NULL;
sg->file_proc = ((argc > 0) ? argv[0] : NULL);
sg->network_proc = ((argc > 1) ? argv[1] : NULL);
sg->link_proc = ((argc > 2) ? argv[2] : NULL);
return (Scheme_Object *)sg;
}
static Scheme_Object *security_guard_p(int argc, Scheme_Object *argv[])
{
return ((SAME_TYPE(SCHEME_TYPE(argv[0]), scheme_security_guard_type))

View File

@ -303,6 +303,8 @@ static void get_dl_error(rktio_t *rktio)
rktio->dll_error = strdup(s);
else
rktio->dll_error = strdup("unknown error");
set_racket_error(RKTIO_ERROR_DLL);
}
#endif