Move winprocess_sys into a new low-level hardening module

This code was in our process module, but it doesn't belong there:
process is for launching and monitoring subprocesses, not for
hardening the current process.

This change lets us have our subsystem init order more closely match
our dependency order.
This commit is contained in:
Nick Mathewson 2020-02-13 13:14:54 -05:00
parent 691d271b2e
commit 90524de0b2
10 changed files with 37 additions and 6 deletions

2
.gitignore vendored
View File

@ -186,6 +186,8 @@ uptime-*.json
/src/lib/libtor-geoip-testing.a /src/lib/libtor-geoip-testing.a
/src/lib/libtor-intmath.a /src/lib/libtor-intmath.a
/src/lib/libtor-intmath-testing.a /src/lib/libtor-intmath-testing.a
/src/lib/libtor-llharden.a
/src/lib/libtor-llharden-testing.a
/src/lib/libtor-lock.a /src/lib/libtor-lock.a
/src/lib/libtor-lock-testing.a /src/lib/libtor-lock-testing.a
/src/lib/libtor-log.a /src/lib/libtor-log.a

View File

@ -70,6 +70,7 @@ TOR_UTIL_LIBS = \
src/lib/libtor-wallclock.a \ src/lib/libtor-wallclock.a \
src/lib/libtor-err.a \ src/lib/libtor-err.a \
src/lib/libtor-version.a \ src/lib/libtor-version.a \
src/lib/libtor-llharden.a \
src/lib/libtor-intmath.a \ src/lib/libtor-intmath.a \
src/lib/libtor-ctime.a src/lib/libtor-ctime.a
@ -104,6 +105,7 @@ TOR_UTIL_TESTING_LIBS = \
src/lib/libtor-wallclock-testing.a \ src/lib/libtor-wallclock-testing.a \
src/lib/libtor-err-testing.a \ src/lib/libtor-err-testing.a \
src/lib/libtor-version-testing.a \ src/lib/libtor-version-testing.a \
src/lib/libtor-llharden-testing.a \
src/lib/libtor-intmath.a \ src/lib/libtor-intmath.a \
src/lib/libtor-ctime-testing.a src/lib/libtor-ctime-testing.a
endif endif

View File

@ -24,7 +24,7 @@
#include "lib/log/log_sys.h" #include "lib/log/log_sys.h"
#include "lib/net/network_sys.h" #include "lib/net/network_sys.h"
#include "lib/process/process_sys.h" #include "lib/process/process_sys.h"
#include "lib/process/winprocess_sys.h" #include "lib/llharden/winprocess_sys.h"
#include "lib/thread/thread_sys.h" #include "lib/thread/thread_sys.h"
#include "lib/time/time_sys.h" #include "lib/time/time_sys.h"
#include "lib/tls/tortls_sys.h" #include "lib/tls/tortls_sys.h"

View File

@ -19,6 +19,7 @@ include src/lib/fs/include.am
include src/lib/geoip/include.am include src/lib/geoip/include.am
include src/lib/include.libdonna.am include src/lib/include.libdonna.am
include src/lib/intmath/include.am include src/lib/intmath/include.am
include src/lib/llharden/include.am
include src/lib/lock/include.am include src/lib/lock/include.am
include src/lib/log/include.am include src/lib/log/include.am
include src/lib/math/include.am include src/lib/math/include.am

View File

@ -0,0 +1,3 @@
lib/llharden/*.h
lib/subsys/*.h
orconfig.h

View File

@ -0,0 +1,19 @@
noinst_LIBRARIES += src/lib/libtor-llharden.a
if UNITTESTS_ENABLED
noinst_LIBRARIES += src/lib/libtor-llharden-testing.a
endif
# ADD_C_FILE: INSERT SOURCES HERE.
src_lib_libtor_llharden_a_SOURCES = \
src/lib/llharden/winprocess_sys.c
src_lib_libtor_llharden_testing_a_SOURCES = \
$(src_lib_libtor_llharden_a_SOURCES)
src_lib_libtor_llharden_testing_a_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS)
src_lib_libtor_llharden_testing_a_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS)
# ADD_C_FILE: INSERT HEADERS HERE.
noinst_HEADERS += \
src/lib/llharden/winprocess_sys.h

View File

@ -0,0 +1,6 @@
@dir /lib/llharden
@brief lib/llharden: low-level unconditional process hardening
This module contains process hardening code that we want to run before any
other code, including configuration. It needs to be self-contained, since
nothing else will be initialized at this point.

View File

@ -8,7 +8,7 @@
#include "orconfig.h" #include "orconfig.h"
#include "lib/subsys/subsys.h" #include "lib/subsys/subsys.h"
#include "lib/process/winprocess_sys.h" #include "lib/llharden/winprocess_sys.h"
#include <stdbool.h> #include <stdbool.h>
#include <stddef.h> #include <stddef.h>

View File

@ -16,8 +16,7 @@ src_lib_libtor_process_a_SOURCES = \
src/lib/process/process_win32.c \ src/lib/process/process_win32.c \
src/lib/process/restrict.c \ src/lib/process/restrict.c \
src/lib/process/setuid.c \ src/lib/process/setuid.c \
src/lib/process/waitpid.c \ src/lib/process/waitpid.c
src/lib/process/winprocess_sys.c
src_lib_libtor_process_testing_a_SOURCES = \ src_lib_libtor_process_testing_a_SOURCES = \
$(src_lib_libtor_process_a_SOURCES) $(src_lib_libtor_process_a_SOURCES)
@ -35,5 +34,4 @@ noinst_HEADERS += \
src/lib/process/process_win32.h \ src/lib/process/process_win32.h \
src/lib/process/restrict.h \ src/lib/process/restrict.h \
src/lib/process/setuid.h \ src/lib/process/setuid.h \
src/lib/process/waitpid.h \ src/lib/process/waitpid.h
src/lib/process/winprocess_sys.h