From 08f53f56f23f20f1906ad30c209605e1b91a95ab Mon Sep 17 00:00:00 2001 From: Shawn Webb Date: Fri, 3 Jul 2020 10:33:18 -0400 Subject: [PATCH] HBSD: Teach libarchive about the system extended attribute namespace In order to teach HardenedBSD's packaging infrastructure how to support HardenedBSD's method of exploit mitigation toggling, teach libarchive how to handle the system filesystem extended attribute namespace. Signed-off-by: Shawn Webb --- .../archive_read_disk_entry_from_file.c | 42 +++++++++++++++++-- libarchive/archive_write_disk_posix.c | 3 ++ 2 files changed, 41 insertions(+), 4 deletions(-) diff --git a/libarchive/archive_read_disk_entry_from_file.c b/libarchive/archive_read_disk_entry_from_file.c index 2a8cec8d1..876538189 100644 --- a/libarchive/archive_read_disk_entry_from_file.c +++ b/libarchive/archive_read_disk_entry_from_file.c @@ -103,6 +103,8 @@ __FBSDID("$FreeBSD"); static int setup_mac_metadata(struct archive_read_disk *, struct archive_entry *, int *fd); +static int setup_xattrs_namespace(struct archive_read_disk *, + struct archive_entry *, int *, int); static int setup_xattrs(struct archive_read_disk *, struct archive_entry *, int *fd); static int setup_sparse(struct archive_read_disk *, @@ -701,14 +703,13 @@ setup_xattr(struct archive_read_disk *a, struct archive_entry *entry, } static int -setup_xattrs(struct archive_read_disk *a, - struct archive_entry *entry, int *fd) +setup_xattrs_namespace(struct archive_read_disk *a, + struct archive_entry *entry, int *fd, int namespace) { char buff[512]; char *list, *p; ssize_t list_size; const char *path; - int namespace = EXTATTR_NAMESPACE_USER; path = NULL; @@ -727,6 +728,8 @@ setup_xattrs(struct archive_read_disk *a, if (list_size == -1 && errno == EOPNOTSUPP) return (ARCHIVE_OK); + if (list_size == -1 && errno == EPERM) + return (ARCHIVE_OK); if (list_size == -1) { archive_set_error(&a->archive, errno, "Couldn't list extended attributes"); @@ -760,7 +763,13 @@ setup_xattrs(struct archive_read_disk *a, size_t len = 255 & (int)*p; char *name; - strcpy(buff, "user."); + switch (namespace) { + case EXTATTR_NAMESPACE_SYSTEM: + strcpy(buff, "system."); + break; + default: + strcpy(buff, "user."); + } name = buff + strlen(buff); memcpy(name, p + 1, len); name[len] = '\0'; @@ -772,6 +781,31 @@ setup_xattrs(struct archive_read_disk *a, return (ARCHIVE_OK); } +static int +setup_xattrs(struct archive_read_disk *a, + struct archive_entry *entry, int *fd) +{ + int namespaces[2]; + int i, res; + + namespaces[0] = EXTATTR_NAMESPACE_USER; + namespaces[1] = EXTATTR_NAMESPACE_SYSTEM; + + for (i = 0; i < 2; i++) { + res = setup_xattrs_namespace(a, entry, fd, + namespaces[i]); + switch (res) { + case (ARCHIVE_OK): + case (ARCHIVE_WARN): + break; + default: + return (res); + } + } + + return (ARCHIVE_OK); +} + #else /* diff --git a/libarchive/archive_write_disk_posix.c b/libarchive/archive_write_disk_posix.c index 2f86222ce..ed9225056 100644 --- a/libarchive/archive_write_disk_posix.c +++ b/libarchive/archive_write_disk_posix.c @@ -4427,6 +4427,9 @@ set_xattrs(struct archive_write_disk *a) /* "user." attributes go to user namespace */ name += 5; namespace = EXTATTR_NAMESPACE_USER; + } else if (strncmp(name, "system.", 7) == 0) { + name += 7; + namespace = EXTATTR_NAMESPACE_SYSTEM; } else { /* Other namespaces are unsupported */ archive_strcat(&errlist, name); -- 2.47.2