Move winprocess_sys into a new low-level hardening module

This code was in our process module, but it doesn't belong there:
process is for launching and monitoring subprocesses, not for
hardening the current process.

This change lets us have our subsystem init order more closely match
our dependency order.

diff --git a/.gitignore b/.gitignore
index 77610b31930cbd70677b233e8ba9ee3ebfbd0620..469bbd39a54c97bb7398281f900b89737ef880e8 100644 (file)
--- a/.gitignore
+++ b/.gitignore
@@ -186,6 +186,8 @@ uptime-*.json
 /src/lib/libtor-geoip-testing.a
 /src/lib/libtor-intmath.a
 /src/lib/libtor-intmath-testing.a
+/src/lib/libtor-llharden.a
+/src/lib/libtor-llharden-testing.a
 /src/lib/libtor-lock.a
 /src/lib/libtor-lock-testing.a
 /src/lib/libtor-log.a

diff --git a/Makefile.am b/Makefile.am
index ac61a990fca444d632ed696aadb729343beeb640..7774995aea857201dc147cdb70edf749ee86dc94 100644 (file)
--- a/Makefile.am
+++ b/Makefile.am
@@ -70,6 +70,7 @@ TOR_UTIL_LIBS = \
        src/lib/libtor-wallclock.a \
        src/lib/libtor-err.a \
        src/lib/libtor-version.a \
+       src/lib/libtor-llharden.a \
        src/lib/libtor-intmath.a \
        src/lib/libtor-ctime.a
 
@@ -104,6 +105,7 @@ TOR_UTIL_TESTING_LIBS = \
        src/lib/libtor-wallclock-testing.a \
        src/lib/libtor-err-testing.a \
        src/lib/libtor-version-testing.a \
+       src/lib/libtor-llharden-testing.a \
        src/lib/libtor-intmath.a \
        src/lib/libtor-ctime-testing.a
 endif

diff --git a/src/app/main/subsystem_list.c b/src/app/main/subsystem_list.c
index bb15b173654acdf02a8df3e4de57e241c14c68c0..84c6e6ec0e14db073349d489bc4ec9a6f98e45a9 100644 (file)
--- a/src/app/main/subsystem_list.c
+++ b/src/app/main/subsystem_list.c
@@ -24,7 +24,7 @@
 #include "lib/log/log_sys.h"
 #include "lib/net/network_sys.h"
 #include "lib/process/process_sys.h"
-#include "lib/process/winprocess_sys.h"
+#include "lib/llharden/winprocess_sys.h"
 #include "lib/thread/thread_sys.h"
 #include "lib/time/time_sys.h"
 #include "lib/tls/tortls_sys.h"

diff --git a/src/include.am b/src/include.am
index f5f868d23fc135126d0dd1fce96267d9d2173e7f..657f6e823af0ba10d3c71a05905cc0251d8682a8 100644 (file)
--- a/src/include.am
+++ b/src/include.am
@@ -19,6 +19,7 @@ include src/lib/fs/include.am
 include src/lib/geoip/include.am
 include src/lib/include.libdonna.am
 include src/lib/intmath/include.am
+include src/lib/llharden/include.am
 include src/lib/lock/include.am
 include src/lib/log/include.am
 include src/lib/math/include.am

diff --git a/src/lib/llharden/.may_include b/src/lib/llharden/.may_include
new file mode 100644 (file)
index 0000000..038237d
--- /dev/null
+++ b/src/lib/llharden/.may_include
@@ -0,0 +1,3 @@
+lib/llharden/*.h
+lib/subsys/*.h
+orconfig.h

diff --git a/src/lib/llharden/include.am b/src/lib/llharden/include.am
new file mode 100644 (file)
index 0000000..0a4788c
--- /dev/null
+++ b/src/lib/llharden/include.am
@@ -0,0 +1,19 @@
+
+noinst_LIBRARIES += src/lib/libtor-llharden.a
+
+if UNITTESTS_ENABLED
+noinst_LIBRARIES += src/lib/libtor-llharden-testing.a
+endif
+
+# ADD_C_FILE: INSERT SOURCES HERE.
+src_lib_libtor_llharden_a_SOURCES =            \
+       src/lib/llharden/winprocess_sys.c
+
+src_lib_libtor_llharden_testing_a_SOURCES = \
+       $(src_lib_libtor_llharden_a_SOURCES)
+src_lib_libtor_llharden_testing_a_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS)
+src_lib_libtor_llharden_testing_a_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS)
+
+# ADD_C_FILE: INSERT HEADERS HERE.
+noinst_HEADERS +=                              \
+       src/lib/llharden/winprocess_sys.h

diff --git a/src/lib/llharden/lib_llharden.md b/src/lib/llharden/lib_llharden.md
new file mode 100644 (file)
index 0000000..69e9af5
--- /dev/null
+++ b/src/lib/llharden/lib_llharden.md
@@ -0,0 +1,6 @@
+@dir /lib/llharden
+@brief lib/llharden: low-level unconditional process hardening
+
+This module contains process hardening code that we want to run before any
+other code, including configuration.  It needs to be self-contained, since
+nothing else will be initialized at this point.

diff --git a/src/lib/process/winprocess_sys.c b/src/lib/llharden/winprocess_sys.c
similarity index 97%
rename from src/lib/process/winprocess_sys.c
rename to src/lib/llharden/winprocess_sys.c
index e43a77e467e58888ebfeb63968ece4c49d823f64..a5f22c182b5fa8a7e27463efc5f5ceee398a262e 100644 (file)
--- a/src/lib/process/winprocess_sys.c
+++ b/src/lib/llharden/winprocess_sys.c
@@ -8,7 +8,7 @@
 
 #include "orconfig.h"
 #include "lib/subsys/subsys.h"
-#include "lib/process/winprocess_sys.h"
+#include "lib/llharden/winprocess_sys.h"
 
 #include <stdbool.h>
 #include <stddef.h>

diff --git a/src/lib/process/winprocess_sys.h b/src/lib/llharden/winprocess_sys.h
similarity index 100%
rename from src/lib/process/winprocess_sys.h
rename to src/lib/llharden/winprocess_sys.h

diff --git a/src/lib/process/include.am b/src/lib/process/include.am
index af5f99617b13b57d18fef861783e735ded65db17..18876b3f54296d247798c01d10f7cc45d7713069 100644 (file)
--- a/src/lib/process/include.am
+++ b/src/lib/process/include.am
@@ -16,8 +16,7 @@ src_lib_libtor_process_a_SOURCES =            \
        src/lib/process/process_win32.c         \
        src/lib/process/restrict.c              \
        src/lib/process/setuid.c                \
-       src/lib/process/waitpid.c               \
-       src/lib/process/winprocess_sys.c
+       src/lib/process/waitpid.c
 
 src_lib_libtor_process_testing_a_SOURCES = \
        $(src_lib_libtor_process_a_SOURCES)
@@ -35,5 +34,4 @@ noinst_HEADERS +=                             \
        src/lib/process/process_win32.h         \
        src/lib/process/restrict.h              \
        src/lib/process/setuid.h                \
-       src/lib/process/waitpid.h               \
-       src/lib/process/winprocess_sys.h
+       src/lib/process/waitpid.h