JakeHillion/dissertation
1
0
Fork 0
mirror of https://git.overleaf.com/6227c8e96fcdc06e56454f24 synced 2024-12-03 18:47:10 +00:00
Code Issues Projects Releases 8 Wiki Activity
master
dissertation/diagrams/openbsd-syslogd-privsep.tex
jsh77 a1d28370a8 Update on Overleaf.
2022-05-26 23:13:24 +00:00

176 lines
8.0 KiB
TeX
Raw Permalink Blame History

\documentclass[12pt,crop,tikz]{standalone}
\providecommand{\rootdir}{..}
\usepackage{tikz}
\usetikzlibrary{backgrounds}
\usetikzlibrary{positioning}
\usetikzlibrary{calc}
\usetikzlibrary{decorations.pathreplacing}
\tikzstyle{arrow} = [thick,->,>=stealth]
% The Tableau20 colours
\definecolor{TabLightOrange}{RGB}{255,187,120}
\definecolor{TabOrange}{RGB}{255,127,14}
\definecolor{TabLightBlue}{RGB}{174,199,232}
\definecolor{TabBlue}{RGB}{31,119,180}
\definecolor{TabGreen}{RGB}{44,160,44}
\definecolor{TabLightGreen}{RGB}{152,223,138}
\definecolor{TabSalmon}{RGB}{255,152,150}
\definecolor{TabRed}{RGB}{214,39,40}
\definecolor{TabPurple}{RGB}{148,103,189}
\definecolor{TabLightPurple}{RGB}{197,176,213}
\definecolor{TabLightPink}{RGB}{247,182,210}
\definecolor{TabPink}{RGB}{227,119,194}
\definecolor{TabLightBrown}{RGB}{196,156,148}
\definecolor{TabBrown}{RGB}{140,86,75}
\definecolor{TabGray}{RGB}{127,127,127}
\definecolor{TabOlive}{RGB}{188,189,34}
\definecolor{TabLightOlive}{RGB}{219,219,141}
\definecolor{TabLightGray}{RGB}{199,199,199}
\definecolor{TabLightCyan}{RGB}{158,218,229}
\definecolor{TabCyan}{RGB}{23,190,207}
\begin{document}
\def\titlepad{0.1}
\def\boxspacing{40mm}
\def\layer{0.3}
\def\inner{0.3}
\def\innerspace{0.2}
\def\layerwidth{5cm}
\def\halflayerwidth{2.35cm}
\def\layerheight{0.8cm}
\def\innerwidth{4.4cm}
\def\halfinnerwidth{2.1cm}
\begin{tikzpicture}
[ every node/.style={font=\small}
, layer/.style= {rectangle, draw=black!50, thick, minimum width=\layerwidth , minimum height=\layerheight}
, halflayer/.style={rectangle, draw=black!50, thick, minimum width=\halflayerwidth, minimum height=\layerheight}
, inner/.style= {rectangle, draw=black!50, thick, minimum width=\innerwidth , minimum height=\layerheight}
, halfinner/.style={rectangle, draw=black!50, thick, minimum width=\halfinnerwidth, minimum height=\layerheight}
, red/.style={fill=TabPurple!40}
, orange/.style={fill=TabBlue!40}
, yellow/.style={fill=TabCyan!40}
, green/.style={fill=TabLightGreen!60}
, node distance = 0cm
, arrow={->,>=stealth}
]
%-----------------------------------------------------------------------------
% conventional syslogd
%-----------------------------------------------------------------------------
\begin{scope}[local bounding box=syslogd]
\node[layer] (syslogd-root) {Root privilege};
% hack to get the spacing right
\coordinate (std-spaced_app1) at ($ (syslogd-root.south)+(0,-\inner) $);
\node[layer, orange, below = 2mm of syslogd-root] (syslogd-app) {syslogd.c};
\node[layer, fill=white, below = 2*\layer of syslogd-app] (syslogd-untrusted) {Untrusted user data};
% Lines down the left
\coordinate (std-lline) at ($ (syslogd-app) + (-1.15,0) $);
\draw[->] (std-lline |- 0, 0 |- syslogd-root.south) -- (std-lline |- 0, 0 |- syslogd-app.north);
% Lines down the right
\coordinate (std-rline) at ($ (syslogd-app) + (1.15,0) $);
\draw[->] (std-rline |- 0, 0 |- syslogd-app.north) -- (std-rline |- 0, 0 |- syslogd-root.south);
\end{scope}
\begin{scope}[local bounding box=syslogd-kernel]
\fill[gray!15] ($ (syslogd-untrusted.north west) + (-\layer,\layer) $) rectangle ($ (syslogd-untrusted.south east) + (\layer, -\layer) $);
\end{scope}
\draw[-, gray, dashed] (syslogd-kernel.north west) -- (syslogd-kernel.north east);
\node[layer, fill=white, below = 2*\layer of syslogd-app] (syslogd-untrusted) {Untrusted user data};
\draw[->] (std-lline |- 0, 0 |- syslogd-app.south) -- (std-lline |- 0, 0 |- syslogd-untrusted.north);
\draw[<-] (std-rline |- 0, 0 |- syslogd-app.south) -- (std-rline |- 0, 0 |- syslogd-untrusted.north);
\coordinate (syslogd-nw) at ($ (syslogd.north west) + (-\inner, \inner + \titlepad) $);
\coordinate (syslogd-ne) at ($ (syslogd.north east) + ( \inner, \inner + \titlepad) $);
\coordinate (syslogd-sw) at ($ (syslogd.south west) + (-\inner,-\inner) $);
\coordinate (syslogd-se) at ($ (syslogd.south east) + ( \inner,-\inner) $);
\draw[draw, thick] (syslogd-nw) rectangle (syslogd-se);
\node[rectangle, fill=white] at ($(syslogd-nw)!0.5!(syslogd-ne)$) (syslogd_label) {\normalsize\textbf{Conventional syslogd}};
%-----------------------------------------------------------------------------
% privsep syslogd
% -----------------------------------------------------------------------------
\begin{scope}[local bounding box=client]
% \coordinate[right=5cm of syslogd-] (client_center)
\node[layer, below = 3cm of syslogd] (privsep-syslogd-root) {Root privilege};
% hack to get the spacing right
\coordinate (spaced_app1) at ($ (privsep-syslogd-root.south)+(0,-\inner) $);
\begin{scope}[local bounding box=privsep-syslogd-app]
\node[inner, red, below = \layer of spaced_app1, yshift=-0.2cm] (rpc1) {privsep.c};
\node[inner, orange, below = 10mm of rpc1] (rpc2) {syslogd.c};
\end{scope}
\coordinate (rpc1-nw) at ($ (privsep-syslogd-app.north west) + (-0.3, 0.3 + \titlepad) $);
\coordinate (rpc1-ne) at ($ (privsep-syslogd-app.north east) + ( 0.3, 0.3 + \titlepad) $);
\coordinate (rpc1-sw) at ($ (privsep-syslogd-app.south west) + (-0.3,-0.3) $);
\coordinate (rpc1-se) at ($ (privsep-syslogd-app.south east) + ( 0.3,-0.3) $);
\draw[draw,thick,dotted] (rpc1-nw) rectangle (rpc1-se);
\coordinate (rpc-bottom) at ($(privsep-syslogd-app.south west)!0.5!(privsep-syslogd-app.south east) + (0, -0.3)$);
\node[layer, fill=white, below = 3*\layer of privsep-syslogd-app] (privsep-syslogd-untrusted) {Untrusted user data};
% Lines down the left
\coordinate (lline) at ($ (privsep-syslogd-app) + (-1.15,0) $);
\draw[->] (lline |- 0, 0 |- privsep-syslogd-root.south) -- (lline |- 0, 0 |- rpc1.north);
\draw[->] (lline |- 0, 0 |- rpc1.south) -- node[left, text width = 1cm, align = center]
{\normalsize\emph{open files}} (lline |- 0, 0 |- rpc2.north);
% Lines down the right
\coordinate (rline) at ($ (privsep-syslogd-app) + (1.15,0) $);
\draw[->] (rline |- 0, 0 |- rpc1.north) -- (rline |- 0, 0 |- privsep-syslogd-root.south);
%\draw[->] (rline |- 0, 0 |- rpc2.north) -- (rline |- 0, 0 |- rpc1.south);
\draw[->] (rline |- 0, 0 |- rpc2.north) -- node[right, text width = 1cm, align = center]
{\normalsize\emph{RPCs}} (rline |- 0, 0 |- rpc1.south);
\end{scope}
\begin{scope}[on background layer, local bounding box=client-kernel]
\fill[gray!15] ($ (privsep-syslogd-untrusted.north west) + (-\layer,\layer) $) rectangle ($ (privsep-syslogd-untrusted.south east) + (\layer, -\layer) $);
\end{scope}
\draw[-, gray, dashed] (client-kernel.north west) -- (client-kernel.north east);
\coordinate (client-nw) at ($ (client.north west) + (-\inner, \inner + \titlepad) $);
\coordinate (client-ne) at ($ (client.north east) + ( \inner, \inner + \titlepad) $);
\coordinate (client-sw) at ($ (client.south west) + (-\inner,-\inner) $);
\coordinate (client-se) at ($ (client.south east) + ( \inner,-\inner) $);
\draw[draw, thick] (client-nw) rectangle (client-se);
\node[rectangle, fill=white] at ($(client-nw)!0.5!(client-ne)$) (client_label) {\normalsize\textbf{privsep syslogd}};
\draw[->] (lline |- 0, 0 |- privsep-syslogd-app.south) -- (lline |- 0, 0 |- privsep-syslogd-untrusted.north);
\draw[<-] (rline |- 0, 0 |- privsep-syslogd-app.south) -- (rline |- 0, 0 |- privsep-syslogd-untrusted.north);
\coordinate (yheight) at ($ (syslogd-root.east) + (0, -1) $);
\coordinate (trans-arrow-l) at (syslogd-kernel.east |- 0, 0 |- yheight);
\coordinate (trans-arrow-r) at (client-kernel.west |- 0, 0 |- yheight);
%\draw[very thick, ->] ($(trans-arrow-l) + (0.5, 0)$) -- node[above, text width = 4cm, align = center, yshift=3mm]
%\draw[very thick, ->] (syslogd-kernel) -- ($ (client.north) + (0, 2*\inner) $)
\draw[very thick, ->] (syslogd-kernel.south) -- node[right, text width = 3.9cm, align = center, yshift=0.5mm]
{\normalsize\emph{Pass file descriptors \\[1mm] rather than \\[1mm] ambient privilege}} ($ (client.north) + (0, 2*\inner) $);
\end{tikzpicture}
\end{document}
Reference in New Issue View Git Blame Copy Permalink