Lines 1-5
Link Here
|
1 |
/* |
1 |
/* |
2 |
S * Path sandbox for the gentoo linux portage package system, initially |
2 |
* Path sandbox for the gentoo linux portage package system, initially |
3 |
* based on the ROCK Linux Wrapper for getting a list of created files |
3 |
* based on the ROCK Linux Wrapper for getting a list of created files |
4 |
* |
4 |
* |
5 |
* to integrate with bash, bash should have been built like this |
5 |
* to integrate with bash, bash should have been built like this |
Lines 121-140
Link Here
|
121 |
|
119 |
|
122 |
typedef struct { |
120 |
typedef struct { |
123 |
int show_access_violation; |
121 |
int show_access_violation; |
124 |
char** deny_prefixes; |
122 |
char **deny_prefixes; |
125 |
int num_deny_prefixes; |
123 |
int num_deny_prefixes; |
126 |
char** read_prefixes; |
124 |
char **read_prefixes; |
127 |
int num_read_prefixes; |
125 |
int num_read_prefixes; |
128 |
char** write_prefixes; |
126 |
char **write_prefixes; |
129 |
int num_write_prefixes; |
127 |
int num_write_prefixes; |
130 |
char** predict_prefixes; |
128 |
char **predict_prefixes; |
131 |
int num_predict_prefixes; |
129 |
int num_predict_prefixes; |
132 |
char** write_denied_prefixes; |
130 |
char **write_denied_prefixes; |
133 |
int num_write_denied_prefixes; |
131 |
int num_write_denied_prefixes; |
134 |
} sbcontext_t; |
132 |
} sbcontext_t; |
135 |
|
133 |
|
136 |
/* glibc modified realpath() functions */ |
134 |
/* glibc modified realpath() functions */ |
137 |
char *erealpath (const char *name, char *resolved); |
135 |
char *erealpath(const char *name, char *resolved); |
|
|
136 |
/* glibc modified getcwd() functions */ |
137 |
char *egetcwd(char *, size_t); |
138 |
|
138 |
|
139 |
static void init_wrappers(void); |
139 |
static void init_wrappers(void); |
140 |
static void *get_dlsym(const char *); |
140 |
static void *get_dlsym(const char *); |
Lines 147-212
Link Here
|
147 |
static void clean_env_entries(char ***, int *); |
147 |
static void clean_env_entries(char ***, int *); |
148 |
static void init_context(sbcontext_t *); |
148 |
static void init_context(sbcontext_t *); |
149 |
static void init_env_entries(char ***, int *, char *, int); |
149 |
static void init_env_entries(char ***, int *, char *, int); |
150 |
static char* filter_path(const char*); |
150 |
static char *filter_path(const char *); |
151 |
static int is_sandbox_on(); |
151 |
static int is_sandbox_on(); |
152 |
static int is_sandbox_pid(); |
152 |
static int is_sandbox_pid(); |
153 |
|
153 |
|
154 |
/* Wrapped functions */ |
154 |
/* Wrapped functions */ |
155 |
|
155 |
|
156 |
extern int chmod(const char *, mode_t); |
156 |
extern int chmod(const char *, mode_t); |
157 |
static int(*true_chmod)(const char *, mode_t); |
157 |
static int (*true_chmod) (const char *, mode_t); |
158 |
extern int chown(const char *, uid_t, gid_t); |
158 |
extern int chown(const char *, uid_t, gid_t); |
159 |
static int(*true_chown)(const char *, uid_t, gid_t); |
159 |
static int (*true_chown) (const char *, uid_t, gid_t); |
160 |
extern int creat(const char *, mode_t); |
160 |
extern int creat(const char *, mode_t); |
161 |
static int(*true_creat)(const char *, mode_t); |
161 |
static int (*true_creat) (const char *, mode_t); |
162 |
extern FILE *fopen(const char *,const char*); |
162 |
extern FILE *fopen(const char *, const char *); |
163 |
static FILE *(*true_fopen)(const char *,const char*); |
163 |
static FILE *(*true_fopen) (const char *, const char *); |
164 |
extern int lchown(const char *, uid_t, gid_t); |
164 |
extern int lchown(const char *, uid_t, gid_t); |
165 |
static int(*true_lchown)(const char *, uid_t, gid_t); |
165 |
static int (*true_lchown) (const char *, uid_t, gid_t); |
166 |
extern int link(const char *, const char *); |
166 |
extern int link(const char *, const char *); |
167 |
static int(*true_link)(const char *, const char *); |
167 |
static int (*true_link) (const char *, const char *); |
168 |
extern int mkdir(const char *, mode_t); |
168 |
extern int mkdir(const char *, mode_t); |
169 |
static int(*true_mkdir)(const char *, mode_t); |
169 |
static int (*true_mkdir) (const char *, mode_t); |
170 |
extern DIR *opendir(const char *); |
170 |
extern DIR *opendir(const char *); |
171 |
static DIR *(*true_opendir)(const char *); |
171 |
static DIR *(*true_opendir) (const char *); |
172 |
#ifdef WRAP_MKNOD |
172 |
#ifdef WRAP_MKNOD |
173 |
extern int __xmknod(const char *, mode_t, dev_t); |
173 |
extern int __xmknod(const char *, mode_t, dev_t); |
174 |
static int(*true___xmknod)(const char *, mode_t, dev_t); |
174 |
static int (*true___xmknod) (const char *, mode_t, dev_t); |
175 |
#endif |
175 |
#endif |
176 |
extern int open(const char *, int, ...); |
176 |
extern int open(const char *, int, ...); |
177 |
static int(*true_open)(const char *, int, ...); |
177 |
static int (*true_open) (const char *, int, ...); |
178 |
extern int rename(const char *, const char *); |
178 |
extern int rename(const char *, const char *); |
179 |
static int(*true_rename)(const char *, const char *); |
179 |
static int (*true_rename) (const char *, const char *); |
180 |
extern int rmdir(const char *); |
180 |
extern int rmdir(const char *); |
181 |
static int(*true_rmdir)(const char *); |
181 |
static int (*true_rmdir) (const char *); |
182 |
extern int symlink(const char *, const char *); |
182 |
extern int symlink(const char *, const char *); |
183 |
static int(*true_symlink)(const char *, const char *); |
183 |
static int (*true_symlink) (const char *, const char *); |
184 |
extern int truncate(const char *, TRUNCATE_T); |
184 |
extern int truncate(const char *, TRUNCATE_T); |
185 |
static int(*true_truncate)(const char *, TRUNCATE_T); |
185 |
static int (*true_truncate) (const char *, TRUNCATE_T); |
186 |
extern int unlink(const char *); |
186 |
extern int unlink(const char *); |
187 |
static int(*true_unlink)(const char *); |
187 |
static int (*true_unlink) (const char *); |
188 |
|
188 |
|
189 |
#if (GLIBC_MINOR >= 1) |
189 |
#if (GLIBC_MINOR >= 1) |
190 |
|
190 |
|
191 |
extern int creat64(const char *, __mode_t); |
191 |
extern int creat64(const char *, __mode_t); |
192 |
static int(*true_creat64)(const char *, __mode_t); |
192 |
static int (*true_creat64) (const char *, __mode_t); |
193 |
extern FILE *fopen64(const char *,const char *); |
193 |
extern FILE *fopen64(const char *, const char *); |
194 |
static FILE *(*true_fopen64)(const char *,const char *); |
194 |
static FILE *(*true_fopen64) (const char *, const char *); |
195 |
extern int open64(const char *, int, ...); |
195 |
extern int open64(const char *, int, ...); |
196 |
static int(*true_open64)(const char *, int, ...); |
196 |
static int (*true_open64) (const char *, int, ...); |
197 |
extern int truncate64(const char *, __off64_t); |
197 |
extern int truncate64(const char *, __off64_t); |
198 |
static int(*true_truncate64)(const char *, __off64_t); |
198 |
static int (*true_truncate64) (const char *, __off64_t); |
199 |
|
199 |
|
200 |
#endif |
200 |
#endif |
201 |
|
201 |
|
202 |
extern int execve(const char *filename, char *const argv [], char *const envp[]); |
202 |
extern int execve(const char *filename, char *const argv[], char *const envp[]); |
203 |
static int (*true_execve)(const char *, char *const [], char *const []); |
203 |
static int (*true_execve) (const char *, char *const[], char *const[]); |
204 |
|
204 |
|
205 |
/* |
205 |
/* |
206 |
* Initialize the shabang |
206 |
* Initialize the shabang |
207 |
*/ |
207 |
*/ |
208 |
|
208 |
|
209 |
static void init_wrappers(void) |
209 |
static void |
|
|
210 |
init_wrappers(void) |
210 |
{ |
211 |
{ |
211 |
void *libc_handle = NULL; |
212 |
void *libc_handle = NULL; |
212 |
|
213 |
|
Lines 246-252
Link Here
|
246 |
true_execve = dlsym(libc_handle, "execve"); |
247 |
true_execve = dlsym(libc_handle, "execve"); |
247 |
} |
248 |
} |
248 |
|
249 |
|
249 |
void _init(void) |
250 |
void |
|
|
251 |
_init(void) |
250 |
{ |
252 |
{ |
251 |
int old_errno = errno; |
253 |
int old_errno = errno; |
252 |
char *tmp_string = NULL; |
254 |
char *tmp_string = NULL; |
Lines 261-273
Link Here
|
261 |
tmp_string = get_sandbox_lib("/"); |
263 |
tmp_string = get_sandbox_lib("/"); |
262 |
strncpy(sandbox_lib, tmp_string, 254); |
264 |
strncpy(sandbox_lib, tmp_string, 254); |
263 |
|
265 |
|
264 |
if (tmp_string) free(tmp_string); |
266 |
if (tmp_string) |
|
|
267 |
free(tmp_string); |
265 |
tmp_string = NULL; |
268 |
tmp_string = NULL; |
266 |
|
269 |
|
267 |
errno = old_errno; |
270 |
errno = old_errno; |
268 |
} |
271 |
} |
269 |
|
272 |
|
270 |
static int canonicalize(const char *path, char *resolved_path) |
273 |
static int |
|
|
274 |
canonicalize(const char *path, char *resolved_path) |
271 |
{ |
275 |
{ |
272 |
int old_errno = errno; |
276 |
int old_errno = errno; |
273 |
char *retval; |
277 |
char *retval; |
Lines 280-286
Link Here
|
280 |
|
284 |
|
281 |
retval = erealpath(path, resolved_path); |
285 |
retval = erealpath(path, resolved_path); |
282 |
|
286 |
|
283 |
if((!retval) && (path[0] != '/')) { |
287 |
if ((!retval) && (path[0] != '/')) { |
284 |
/* The path could not be canonicalized, append it |
288 |
/* The path could not be canonicalized, append it |
285 |
* to the current working directory if it was not |
289 |
* to the current working directory if it was not |
286 |
* an absolute path |
290 |
* an absolute path |
Lines 288-294
Link Here
|
288 |
if (errno == ENAMETOOLONG) |
292 |
if (errno == ENAMETOOLONG) |
289 |
return -1; |
293 |
return -1; |
290 |
|
294 |
|
291 |
getcwd(resolved_path, SB_PATH_MAX - 2); |
295 |
egetcwd(resolved_path, SB_PATH_MAX - 2); |
292 |
strcat(resolved_path, "/"); |
296 |
strcat(resolved_path, "/"); |
293 |
strncat(resolved_path, path, SB_PATH_MAX - 1); |
297 |
strncat(resolved_path, path, SB_PATH_MAX - 1); |
294 |
|
298 |
|
Lines 313-319
Link Here
|
313 |
return 0; |
317 |
return 0; |
314 |
} |
318 |
} |
315 |
|
319 |
|
316 |
static void *get_dlsym(const char *symname) |
320 |
static void * |
|
|
321 |
get_dlsym(const char *symname) |
317 |
{ |
322 |
{ |
318 |
void *libc_handle = NULL; |
323 |
void *libc_handle = NULL; |
319 |
void *symaddr = NULL; |
324 |
void *symaddr = NULL; |
Lines 341-354
Link Here
|
341 |
* Wrapper Functions |
346 |
* Wrapper Functions |
342 |
*/ |
347 |
*/ |
343 |
|
348 |
|
344 |
int chmod(const char *path, mode_t mode) |
349 |
int |
|
|
350 |
chmod(const char *path, mode_t mode) |
345 |
{ |
351 |
{ |
346 |
int result = -1; |
352 |
int result = -1; |
347 |
char canonic[SB_PATH_MAX]; |
353 |
char canonic[SB_PATH_MAX]; |
348 |
|
354 |
|
349 |
canonicalize_int(path, canonic); |
355 |
canonicalize_int(path, canonic); |
350 |
|
356 |
|
351 |
if FUNCTION_SANDBOX_SAFE("chmod", canonic) { |
357 |
if FUNCTION_SANDBOX_SAFE |
|
|
358 |
("chmod", canonic) { |
352 |
check_dlsym(chmod); |
359 |
check_dlsym(chmod); |
353 |
result = true_chmod(path, mode); |
360 |
result = true_chmod(path, mode); |
354 |
} |
361 |
} |
Lines 356-369
Link Here
|
356 |
return result; |
363 |
return result; |
357 |
} |
364 |
} |
358 |
|
365 |
|
359 |
int chown(const char *path, uid_t owner, gid_t group) |
366 |
int |
|
|
367 |
chown(const char *path, uid_t owner, gid_t group) |
360 |
{ |
368 |
{ |
361 |
int result = -1; |
369 |
int result = -1; |
362 |
char canonic[SB_PATH_MAX]; |
370 |
char canonic[SB_PATH_MAX]; |
363 |
|
371 |
|
364 |
canonicalize_int(path, canonic); |
372 |
canonicalize_int(path, canonic); |
365 |
|
373 |
|
366 |
if FUNCTION_SANDBOX_SAFE("chown", canonic) { |
374 |
if FUNCTION_SANDBOX_SAFE |
|
|
375 |
("chown", canonic) { |
367 |
check_dlsym(chown); |
376 |
check_dlsym(chown); |
368 |
result = true_chown(path, owner, group); |
377 |
result = true_chown(path, owner, group); |
369 |
} |
378 |
} |
Lines 371-377
Link Here
|
371 |
return result; |
380 |
return result; |
372 |
} |
381 |
} |
373 |
|
382 |
|
374 |
int creat(const char *pathname, mode_t mode) |
383 |
int |
|
|
384 |
creat(const char *pathname, mode_t mode) |
375 |
{ |
385 |
{ |
376 |
/* Is it a system call? */ |
386 |
/* Is it a system call? */ |
377 |
int result = -1; |
387 |
int result = -1; |
Lines 379-385
Link Here
|
379 |
|
389 |
|
380 |
canonicalize_int(pathname, canonic); |
390 |
canonicalize_int(pathname, canonic); |
381 |
|
391 |
|
382 |
if FUNCTION_SANDBOX_SAFE("creat", canonic) { |
392 |
if FUNCTION_SANDBOX_SAFE |
|
|
393 |
("creat", canonic) { |
383 |
check_dlsym(open); |
394 |
check_dlsym(open); |
384 |
result = true_open(pathname, O_CREAT | O_WRONLY | O_TRUNC, mode); |
395 |
result = true_open(pathname, O_CREAT | O_WRONLY | O_TRUNC, mode); |
385 |
} |
396 |
} |
Lines 387-408
Link Here
|
387 |
return result; |
398 |
return result; |
388 |
} |
399 |
} |
389 |
|
400 |
|
390 |
FILE *fopen(const char *pathname, const char *mode) |
401 |
FILE * |
|
|
402 |
fopen(const char *pathname, const char *mode) |
391 |
{ |
403 |
{ |
392 |
FILE *result = NULL; |
404 |
FILE *result = NULL; |
393 |
char canonic[SB_PATH_MAX]; |
405 |
char canonic[SB_PATH_MAX]; |
394 |
|
406 |
|
395 |
canonicalize_ptr(pathname, canonic); |
407 |
canonicalize_ptr(pathname, canonic); |
396 |
|
408 |
|
397 |
if FUNCTION_SANDBOX_SAFE_CHAR("fopen", canonic, mode) { |
409 |
if FUNCTION_SANDBOX_SAFE_CHAR |
|
|
410 |
("fopen", canonic, mode) { |
398 |
check_dlsym(fopen); |
411 |
check_dlsym(fopen); |
399 |
result = true_fopen(pathname,mode); |
412 |
result = true_fopen(pathname, mode); |
400 |
} |
413 |
} |
401 |
|
414 |
|
402 |
return result; |
415 |
return result; |
403 |
} |
416 |
} |
404 |
|
417 |
|
405 |
int lchown(const char *path, uid_t owner, gid_t group) |
418 |
int |
|
|
419 |
lchown(const char *path, uid_t owner, gid_t group) |
406 |
{ |
420 |
{ |
407 |
/* Linux specific? */ |
421 |
/* Linux specific? */ |
408 |
int result = -1; |
422 |
int result = -1; |
Lines 410-416
Link Here
|
410 |
|
424 |
|
411 |
canonicalize_int(path, canonic); |
425 |
canonicalize_int(path, canonic); |
412 |
|
426 |
|
413 |
if FUNCTION_SANDBOX_SAFE("lchown", canonic) { |
427 |
if FUNCTION_SANDBOX_SAFE |
|
|
428 |
("lchown", canonic) { |
414 |
check_dlsym(chown); |
429 |
check_dlsym(chown); |
415 |
result = true_chown(path, owner, group); |
430 |
result = true_chown(path, owner, group); |
416 |
} |
431 |
} |
Lines 418-424
Link Here
|
418 |
return result; |
433 |
return result; |
419 |
} |
434 |
} |
420 |
|
435 |
|
421 |
int link(const char *oldpath, const char *newpath) |
436 |
int |
|
|
437 |
link(const char *oldpath, const char *newpath) |
422 |
{ |
438 |
{ |
423 |
int result = -1; |
439 |
int result = -1; |
424 |
char old_canonic[SB_PATH_MAX], new_canonic[SB_PATH_MAX]; |
440 |
char old_canonic[SB_PATH_MAX], new_canonic[SB_PATH_MAX]; |
Lines 426-432
Link Here
|
426 |
canonicalize_int(oldpath, old_canonic); |
442 |
canonicalize_int(oldpath, old_canonic); |
427 |
canonicalize_int(newpath, new_canonic); |
443 |
canonicalize_int(newpath, new_canonic); |
428 |
|
444 |
|
429 |
if FUNCTION_SANDBOX_SAFE("link", new_canonic) { |
445 |
if FUNCTION_SANDBOX_SAFE |
|
|
446 |
("link", new_canonic) { |
430 |
check_dlsym(link); |
447 |
check_dlsym(link); |
431 |
result = true_link(oldpath, newpath); |
448 |
result = true_link(oldpath, newpath); |
432 |
} |
449 |
} |
Lines 434-447
Link Here
|
434 |
return result; |
451 |
return result; |
435 |
} |
452 |
} |
436 |
|
453 |
|
437 |
int mkdir(const char *pathname, mode_t mode) |
454 |
int |
|
|
455 |
mkdir(const char *pathname, mode_t mode) |
438 |
{ |
456 |
{ |
439 |
int result = -1; |
457 |
int result = -1; |
440 |
char canonic[SB_PATH_MAX]; |
458 |
char canonic[SB_PATH_MAX]; |
441 |
|
459 |
|
442 |
canonicalize_int(pathname, canonic); |
460 |
canonicalize_int(pathname, canonic); |
443 |
|
461 |
|
444 |
if FUNCTION_SANDBOX_SAFE("mkdir", canonic) { |
462 |
if FUNCTION_SANDBOX_SAFE |
|
|
463 |
("mkdir", canonic) { |
445 |
check_dlsym(mkdir); |
464 |
check_dlsym(mkdir); |
446 |
result = true_mkdir(pathname, mode); |
465 |
result = true_mkdir(pathname, mode); |
447 |
} |
466 |
} |
Lines 449-462
Link Here
|
449 |
return result; |
468 |
return result; |
450 |
} |
469 |
} |
451 |
|
470 |
|
452 |
DIR *opendir(const char *name) |
471 |
DIR * |
|
|
472 |
opendir(const char *name) |
453 |
{ |
473 |
{ |
454 |
DIR *result = NULL; |
474 |
DIR *result = NULL; |
455 |
char canonic[SB_PATH_MAX]; |
475 |
char canonic[SB_PATH_MAX]; |
456 |
|
476 |
|
457 |
canonicalize_ptr(name, canonic); |
477 |
canonicalize_ptr(name, canonic); |
458 |
|
478 |
|
459 |
if FUNCTION_SANDBOX_SAFE("opendir", canonic) { |
479 |
if FUNCTION_SANDBOX_SAFE |
|
|
480 |
("opendir", canonic) { |
460 |
check_dlsym(opendir); |
481 |
check_dlsym(opendir); |
461 |
result = true_opendir(name); |
482 |
result = true_opendir(name); |
462 |
} |
483 |
} |
Lines 466-479
Link Here
|
466 |
|
487 |
|
467 |
#ifdef WRAP_MKNOD |
488 |
#ifdef WRAP_MKNOD |
468 |
|
489 |
|
469 |
int __xmknod(const char *pathname, mode_t mode, dev_t dev) |
490 |
int |
|
|
491 |
__xmknod(const char *pathname, mode_t mode, dev_t dev) |
470 |
{ |
492 |
{ |
471 |
int result = -1; |
493 |
int result = -1; |
472 |
char canonic[SB_PATH_MAX]; |
494 |
char canonic[SB_PATH_MAX]; |
473 |
|
495 |
|
474 |
canonicalize_int(pathname, canonic); |
496 |
canonicalize_int(pathname, canonic); |
475 |
|
497 |
|
476 |
if FUNCTION_SANDBOX_SAFE("__xmknod", canonic) { |
498 |
if FUNCTION_SANDBOX_SAFE |
|
|
499 |
("__xmknod", canonic) { |
477 |
check_dlsym(__xmknod); |
500 |
check_dlsym(__xmknod); |
478 |
result = true___xmknod(pathname, mode, dev); |
501 |
result = true___xmknod(pathname, mode, dev); |
479 |
} |
502 |
} |
Lines 483-489
Link Here
|
483 |
|
506 |
|
484 |
#endif |
507 |
#endif |
485 |
|
508 |
|
486 |
int open(const char *pathname, int flags, ...) |
509 |
int |
|
|
510 |
open(const char *pathname, int flags, ...) |
487 |
{ |
511 |
{ |
488 |
/* Eventually, there is a third parameter: it's mode_t mode */ |
512 |
/* Eventually, there is a third parameter: it's mode_t mode */ |
489 |
va_list ap; |
513 |
va_list ap; |
Lines 499-516
Link Here
|
499 |
|
523 |
|
500 |
canonicalize_int(pathname, canonic); |
524 |
canonicalize_int(pathname, canonic); |
501 |
|
525 |
|
502 |
if FUNCTION_SANDBOX_SAFE_INT("open", canonic, flags) { |
526 |
if FUNCTION_SANDBOX_SAFE_INT |
|
|
527 |
("open", canonic, flags) { |
503 |
/* We need to resolve open() realtime in some cases, |
528 |
/* We need to resolve open() realtime in some cases, |
504 |
* else we get a segfault when running /bin/ps, etc |
529 |
* else we get a segfault when running /bin/ps, etc |
505 |
* in a sandbox */ |
530 |
* in a sandbox */ |
506 |
check_dlsym(open); |
531 |
check_dlsym(open); |
507 |
result=true_open(pathname, flags, mode); |
532 |
result = true_open(pathname, flags, mode); |
508 |
} |
533 |
} |
509 |
|
534 |
|
510 |
return result; |
535 |
return result; |
511 |
} |
536 |
} |
512 |
|
537 |
|
513 |
int rename(const char *oldpath, const char *newpath) |
538 |
int |
|
|
539 |
rename(const char *oldpath, const char *newpath) |
514 |
{ |
540 |
{ |
515 |
int result = -1; |
541 |
int result = -1; |
516 |
char old_canonic[SB_PATH_MAX], new_canonic[SB_PATH_MAX]; |
542 |
char old_canonic[SB_PATH_MAX], new_canonic[SB_PATH_MAX]; |
Lines 518-524
Link Here
|
518 |
canonicalize_int(oldpath, old_canonic); |
544 |
canonicalize_int(oldpath, old_canonic); |
519 |
canonicalize_int(newpath, new_canonic); |
545 |
canonicalize_int(newpath, new_canonic); |
520 |
|
546 |
|
521 |
if FUNCTION_SANDBOX_SAFE("rename", new_canonic) { |
547 |
if FUNCTION_SANDBOX_SAFE |
|
|
548 |
("rename", new_canonic) { |
522 |
check_dlsym(rename); |
549 |
check_dlsym(rename); |
523 |
result = true_rename(oldpath, newpath); |
550 |
result = true_rename(oldpath, newpath); |
524 |
} |
551 |
} |
Lines 526-539
Link Here
|
526 |
return result; |
553 |
return result; |
527 |
} |
554 |
} |
528 |
|
555 |
|
529 |
int rmdir(const char *pathname) |
556 |
int |
|
|
557 |
rmdir(const char *pathname) |
530 |
{ |
558 |
{ |
531 |
int result = -1; |
559 |
int result = -1; |
532 |
char canonic[SB_PATH_MAX]; |
560 |
char canonic[SB_PATH_MAX]; |
533 |
|
561 |
|
534 |
canonicalize_int(pathname, canonic); |
562 |
canonicalize_int(pathname, canonic); |
535 |
|
563 |
|
536 |
if FUNCTION_SANDBOX_SAFE("rmdir", canonic) { |
564 |
if FUNCTION_SANDBOX_SAFE |
|
|
565 |
("rmdir", canonic) { |
537 |
check_dlsym(rmdir); |
566 |
check_dlsym(rmdir); |
538 |
result = true_rmdir(pathname); |
567 |
result = true_rmdir(pathname); |
539 |
} |
568 |
} |
Lines 541-547
Link Here
|
541 |
return result; |
570 |
return result; |
542 |
} |
571 |
} |
543 |
|
572 |
|
544 |
int symlink(const char *oldpath, const char *newpath) |
573 |
int |
|
|
574 |
symlink(const char *oldpath, const char *newpath) |
545 |
{ |
575 |
{ |
546 |
int result = -1; |
576 |
int result = -1; |
547 |
char old_canonic[SB_PATH_MAX], new_canonic[SB_PATH_MAX]; |
577 |
char old_canonic[SB_PATH_MAX], new_canonic[SB_PATH_MAX]; |
Lines 549-555
Link Here
|
549 |
canonicalize_int(oldpath, old_canonic); |
579 |
canonicalize_int(oldpath, old_canonic); |
550 |
canonicalize_int(newpath, new_canonic); |
580 |
canonicalize_int(newpath, new_canonic); |
551 |
|
581 |
|
552 |
if FUNCTION_SANDBOX_SAFE("symlink", new_canonic) { |
582 |
if FUNCTION_SANDBOX_SAFE |
|
|
583 |
("symlink", new_canonic) { |
553 |
check_dlsym(symlink); |
584 |
check_dlsym(symlink); |
554 |
result = true_symlink(oldpath, newpath); |
585 |
result = true_symlink(oldpath, newpath); |
555 |
} |
586 |
} |
Lines 557-570
Link Here
|
557 |
return result; |
588 |
return result; |
558 |
} |
589 |
} |
559 |
|
590 |
|
560 |
int truncate(const char *path, TRUNCATE_T length) |
591 |
int |
|
|
592 |
truncate(const char *path, TRUNCATE_T length) |
561 |
{ |
593 |
{ |
562 |
int result = -1; |
594 |
int result = -1; |
563 |
char canonic[SB_PATH_MAX]; |
595 |
char canonic[SB_PATH_MAX]; |
564 |
|
596 |
|
565 |
canonicalize_int(path, canonic); |
597 |
canonicalize_int(path, canonic); |
566 |
|
598 |
|
567 |
if FUNCTION_SANDBOX_SAFE("truncate", canonic) { |
599 |
if FUNCTION_SANDBOX_SAFE |
|
|
600 |
("truncate", canonic) { |
568 |
check_dlsym(truncate); |
601 |
check_dlsym(truncate); |
569 |
result = true_truncate(path, length); |
602 |
result = true_truncate(path, length); |
570 |
} |
603 |
} |
Lines 572-585
Link Here
|
572 |
return result; |
605 |
return result; |
573 |
} |
606 |
} |
574 |
|
607 |
|
575 |
int unlink(const char *pathname) |
608 |
int |
|
|
609 |
unlink(const char *pathname) |
576 |
{ |
610 |
{ |
577 |
int result = -1; |
611 |
int result = -1; |
578 |
char canonic[SB_PATH_MAX]; |
612 |
char canonic[SB_PATH_MAX]; |
579 |
|
613 |
|
580 |
canonicalize_int(pathname, canonic); |
614 |
canonicalize_int(pathname, canonic); |
581 |
|
615 |
|
582 |
if FUNCTION_SANDBOX_SAFE("unlink", canonic) { |
616 |
if FUNCTION_SANDBOX_SAFE |
|
|
617 |
("unlink", canonic) { |
583 |
check_dlsym(unlink); |
618 |
check_dlsym(unlink); |
584 |
result = true_unlink(pathname); |
619 |
result = true_unlink(pathname); |
585 |
} |
620 |
} |
Lines 589-595
Link Here
|
589 |
|
624 |
|
590 |
#if (GLIBC_MINOR >= 1) |
625 |
#if (GLIBC_MINOR >= 1) |
591 |
|
626 |
|
592 |
int creat64(const char *pathname, __mode_t mode) |
627 |
int |
|
|
628 |
creat64(const char *pathname, __mode_t mode) |
593 |
{ |
629 |
{ |
594 |
/* Is it a system call? */ |
630 |
/* Is it a system call? */ |
595 |
int result = -1; |
631 |
int result = -1; |
Lines 597-603
Link Here
|
597 |
|
633 |
|
598 |
canonicalize_int(pathname, canonic); |
634 |
canonicalize_int(pathname, canonic); |
599 |
|
635 |
|
600 |
if FUNCTION_SANDBOX_SAFE("creat64", canonic) { |
636 |
if FUNCTION_SANDBOX_SAFE |
|
|
637 |
("creat64", canonic) { |
601 |
check_dlsym(open64); |
638 |
check_dlsym(open64); |
602 |
result = true_open64(pathname, O_CREAT | O_WRONLY | O_TRUNC, mode); |
639 |
result = true_open64(pathname, O_CREAT | O_WRONLY | O_TRUNC, mode); |
603 |
} |
640 |
} |
Lines 605-626
Link Here
|
605 |
return result; |
642 |
return result; |
606 |
} |
643 |
} |
607 |
|
644 |
|
608 |
FILE *fopen64(const char *pathname, const char *mode) |
645 |
FILE * |
|
|
646 |
fopen64(const char *pathname, const char *mode) |
609 |
{ |
647 |
{ |
610 |
FILE *result = NULL; |
648 |
FILE *result = NULL; |
611 |
char canonic[SB_PATH_MAX]; |
649 |
char canonic[SB_PATH_MAX]; |
612 |
|
650 |
|
613 |
canonicalize_ptr(pathname, canonic); |
651 |
canonicalize_ptr(pathname, canonic); |
614 |
|
652 |
|
615 |
if FUNCTION_SANDBOX_SAFE_CHAR("fopen64", canonic, mode) { |
653 |
if FUNCTION_SANDBOX_SAFE_CHAR |
|
|
654 |
("fopen64", canonic, mode) { |
616 |
check_dlsym(fopen64); |
655 |
check_dlsym(fopen64); |
617 |
result = true_fopen(pathname,mode); |
656 |
result = true_fopen(pathname, mode); |
618 |
} |
657 |
} |
619 |
|
658 |
|
620 |
return result; |
659 |
return result; |
621 |
} |
660 |
} |
622 |
|
661 |
|
623 |
int open64(const char *pathname, int flags, ...) |
662 |
int |
|
|
663 |
open64(const char *pathname, int flags, ...) |
624 |
{ |
664 |
{ |
625 |
/* Eventually, there is a third parameter: it's mode_t mode */ |
665 |
/* Eventually, there is a third parameter: it's mode_t mode */ |
626 |
va_list ap; |
666 |
va_list ap; |
Lines 636-657
Link Here
|
636 |
|
676 |
|
637 |
canonicalize_int(pathname, canonic); |
677 |
canonicalize_int(pathname, canonic); |
638 |
|
678 |
|
639 |
if FUNCTION_SANDBOX_SAFE_INT("open64", canonic, flags) { |
679 |
if FUNCTION_SANDBOX_SAFE_INT |
|
|
680 |
("open64", canonic, flags) { |
640 |
check_dlsym(open64); |
681 |
check_dlsym(open64); |
641 |
result=true_open64(pathname, flags, mode); |
682 |
result = true_open64(pathname, flags, mode); |
642 |
} |
683 |
} |
643 |
|
684 |
|
644 |
return result; |
685 |
return result; |
645 |
} |
686 |
} |
646 |
|
687 |
|
647 |
int truncate64(const char *path, __off64_t length) |
688 |
int |
|
|
689 |
truncate64(const char *path, __off64_t length) |
648 |
{ |
690 |
{ |
649 |
int result = -1; |
691 |
int result = -1; |
650 |
char canonic[SB_PATH_MAX]; |
692 |
char canonic[SB_PATH_MAX]; |
651 |
|
693 |
|
652 |
canonicalize_int(path, canonic); |
694 |
canonicalize_int(path, canonic); |
653 |
|
695 |
|
654 |
if FUNCTION_SANDBOX_SAFE("truncate64", canonic) { |
696 |
if FUNCTION_SANDBOX_SAFE |
|
|
697 |
("truncate64", canonic) { |
655 |
check_dlsym(truncate64); |
698 |
check_dlsym(truncate64); |
656 |
result = true_truncate64(path, length); |
699 |
result = true_truncate64(path, length); |
657 |
} |
700 |
} |
Lines 665-671
Link Here
|
665 |
* Exec Wrappers |
708 |
* Exec Wrappers |
666 |
*/ |
709 |
*/ |
667 |
|
710 |
|
668 |
int execve(const char *filename, char *const argv [], char *const envp[]) |
711 |
int |
|
|
712 |
execve(const char *filename, char *const argv[], char *const envp[]) |
669 |
{ |
713 |
{ |
670 |
int old_errno = errno; |
714 |
int old_errno = errno; |
671 |
int result = -1; |
715 |
int result = -1; |
Lines 676-688
Link Here
|
676 |
|
720 |
|
677 |
canonicalize_int(filename, canonic); |
721 |
canonicalize_int(filename, canonic); |
678 |
|
722 |
|
679 |
if FUNCTION_SANDBOX_SAFE("execve", canonic) { |
723 |
if FUNCTION_SANDBOX_SAFE |
|
|
724 |
("execve", canonic) { |
680 |
while (envp[count] != NULL) { |
725 |
while (envp[count] != NULL) { |
681 |
if (strstr(envp[count], "LD_PRELOAD=") == envp[count]) { |
726 |
if (strstr(envp[count], "LD_PRELOAD=") == envp[count]) { |
682 |
if (NULL != strstr(envp[count], sandbox_lib)) { |
727 |
if (NULL != strstr(envp[count], sandbox_lib)) { |
683 |
break; |
728 |
break; |
684 |
} else { |
729 |
} else { |
685 |
const int max_envp_len = strlen(envp[count]) + strlen(sandbox_lib) + 1; |
730 |
const int max_envp_len = |
|
|
731 |
strlen(envp[count]) + strlen(sandbox_lib) + 1; |
686 |
|
732 |
|
687 |
/* Backup envp[count], and set it to our own one which |
733 |
/* Backup envp[count], and set it to our own one which |
688 |
* contains sandbox_lib */ |
734 |
* contains sandbox_lib */ |
Lines 697-703
Link Here
|
697 |
strncpy(new_envp + strlen(old_envp) + 1, sandbox_lib, |
743 |
strncpy(new_envp + strlen(old_envp) + 1, sandbox_lib, |
698 |
max_envp_len - strlen(new_envp)); |
744 |
max_envp_len - strlen(new_envp)); |
699 |
} else { |
745 |
} else { |
700 |
strncpy(new_envp + strlen(old_envp), sandbox_lib, |
746 |
strncpy(new_envp + |
|
|
747 |
strlen(old_envp), sandbox_lib, |
701 |
max_envp_len - strlen(new_envp)); |
748 |
max_envp_len - strlen(new_envp)); |
702 |
} |
749 |
} |
703 |
|
750 |
|
Lines 707-713
Link Here
|
707 |
/* envp[count] = new_envp; |
754 |
/* envp[count] = new_envp; |
708 |
* |
755 |
* |
709 |
* Get rid of the "read-only" warnings */ |
756 |
* Get rid of the "read-only" warnings */ |
710 |
memcpy((void *)&envp[count], &new_envp, sizeof(new_envp)); |
757 |
memcpy((void *) &envp[count], &new_envp, sizeof (new_envp)); |
711 |
|
758 |
|
712 |
break; |
759 |
break; |
713 |
} |
760 |
} |
Lines 724-730
Link Here
|
724 |
/* Restore envp[count] again. |
771 |
/* Restore envp[count] again. |
725 |
* |
772 |
* |
726 |
* envp[count] = old_envp; */ |
773 |
* envp[count] = old_envp; */ |
727 |
memcpy((void *)&envp[count], &old_envp, sizeof(old_envp)); |
774 |
memcpy((void *) &envp[count], &old_envp, sizeof (old_envp)); |
728 |
old_envp = NULL; |
775 |
old_envp = NULL; |
729 |
} |
776 |
} |
730 |
} |
777 |
} |
Lines 743-752
Link Here
|
743 |
/* This hack is needed for glibc 2.1.1 (and others?) |
790 |
/* This hack is needed for glibc 2.1.1 (and others?) |
744 |
* (not really needed, but good example) */ |
791 |
* (not really needed, but good example) */ |
745 |
extern int fclose(FILE *); |
792 |
extern int fclose(FILE *); |
746 |
static int (*true_fclose)(FILE *) = NULL; |
793 |
static int (*true_fclose) (FILE *) = NULL; |
747 |
int fclose(FILE *file) |
794 |
int |
|
|
795 |
fclose(FILE * file) |
748 |
{ |
796 |
{ |
749 |
int result = - 1; |
797 |
int result = -1; |
750 |
|
798 |
|
751 |
check_dlsym(fclose); |
799 |
check_dlsym(fclose); |
752 |
result = true_fclose(file); |
800 |
result = true_fclose(file); |
Lines 756-762
Link Here
|
756 |
|
804 |
|
757 |
#endif /* GLIBC_MINOR == 1 */ |
805 |
#endif /* GLIBC_MINOR == 1 */ |
758 |
|
806 |
|
759 |
static void init_context(sbcontext_t* context) |
807 |
static void |
|
|
808 |
init_context(sbcontext_t * context) |
760 |
{ |
809 |
{ |
761 |
context->show_access_violation = 1; |
810 |
context->show_access_violation = 1; |
762 |
context->deny_prefixes = NULL; |
811 |
context->deny_prefixes = NULL; |
Lines 771-781
Link Here
|
771 |
context->num_write_denied_prefixes = 0; |
820 |
context->num_write_denied_prefixes = 0; |
772 |
} |
821 |
} |
773 |
|
822 |
|
774 |
static int is_sandbox_pid() |
823 |
static int |
|
|
824 |
is_sandbox_pid() |
775 |
{ |
825 |
{ |
776 |
int old_errno = errno; |
826 |
int old_errno = errno; |
777 |
int result = 0; |
827 |
int result = 0; |
778 |
FILE* pids_stream = NULL; |
828 |
FILE *pids_stream = NULL; |
779 |
int pids_file = -1; |
829 |
int pids_file = -1; |
780 |
int current_pid = 0; |
830 |
int current_pid = 0; |
781 |
int tmp_pid = 0; |
831 |
int tmp_pid = 0; |
Lines 786-794
Link Here
|
786 |
|
836 |
|
787 |
if (NULL == pids_stream) { |
837 |
if (NULL == pids_stream) { |
788 |
perror(">>> pids file fopen"); |
838 |
perror(">>> pids file fopen"); |
789 |
} |
839 |
} else { |
790 |
else |
|
|
791 |
{ |
792 |
pids_file = fileno(pids_stream); |
840 |
pids_file = fileno(pids_stream); |
793 |
|
841 |
|
794 |
if (pids_file < 0) { |
842 |
if (pids_file < 0) { |
Lines 815-821
Link Here
|
815 |
return result; |
863 |
return result; |
816 |
} |
864 |
} |
817 |
|
865 |
|
818 |
static void clean_env_entries(char*** prefixes_array, int* prefixes_num) |
866 |
static void |
|
|
867 |
clean_env_entries(char ***prefixes_array, int *prefixes_num) |
819 |
{ |
868 |
{ |
820 |
int old_errno = errno; |
869 |
int old_errno = errno; |
821 |
int i = 0; |
870 |
int i = 0; |
Lines 827-833
Link Here
|
827 |
(*prefixes_array)[i] = NULL; |
876 |
(*prefixes_array)[i] = NULL; |
828 |
} |
877 |
} |
829 |
} |
878 |
} |
830 |
if (*prefixes_array) free(*prefixes_array); |
879 |
if (*prefixes_array) |
|
|
880 |
free(*prefixes_array); |
831 |
*prefixes_array = NULL; |
881 |
*prefixes_array = NULL; |
832 |
*prefixes_num = 0; |
882 |
*prefixes_num = 0; |
833 |
} |
883 |
} |
Lines 835-856
Link Here
|
835 |
errno = old_errno; |
885 |
errno = old_errno; |
836 |
} |
886 |
} |
837 |
|
887 |
|
838 |
static void init_env_entries(char*** prefixes_array, int* prefixes_num, char* env, int warn) |
888 |
static void |
|
|
889 |
init_env_entries(char ***prefixes_array, int *prefixes_num, char *env, int warn) |
839 |
{ |
890 |
{ |
840 |
int old_errno = errno; |
891 |
int old_errno = errno; |
841 |
char* prefixes_env = getenv(env); |
892 |
char *prefixes_env = getenv(env); |
842 |
|
893 |
|
843 |
if (NULL == prefixes_env) { |
894 |
if (NULL == prefixes_env) { |
844 |
fprintf(stderr, |
895 |
fprintf(stderr, |
845 |
"Sandbox error : the %s environmental variable should be defined.\n", |
896 |
"Sandbox error : the %s environmental variable should be defined.\n", |
846 |
env); |
897 |
env); |
847 |
} else { |
898 |
} else { |
848 |
char* buffer = NULL; |
899 |
char *buffer = NULL; |
849 |
int prefixes_env_length = strlen(prefixes_env); |
900 |
int prefixes_env_length = strlen(prefixes_env); |
850 |
int i = 0; |
901 |
int i = 0; |
851 |
int num_delimiters = 0; |
902 |
int num_delimiters = 0; |
852 |
char* token = NULL; |
903 |
char *token = NULL; |
853 |
char* prefix = NULL; |
904 |
char *prefix = NULL; |
854 |
|
905 |
|
855 |
for (i = 0; i < prefixes_env_length; i++) { |
906 |
for (i = 0; i < prefixes_env_length; i++) { |
856 |
if (':' == prefixes_env[i]) { |
907 |
if (':' == prefixes_env[i]) { |
Lines 859-865
Link Here
|
859 |
} |
910 |
} |
860 |
|
911 |
|
861 |
if (num_delimiters > 0) { |
912 |
if (num_delimiters > 0) { |
862 |
*prefixes_array = (char **)malloc((num_delimiters + 1) * sizeof(char *)); |
913 |
*prefixes_array = |
|
|
914 |
(char **) malloc((num_delimiters + 1) * sizeof (char *)); |
863 |
buffer = strndupa(prefixes_env, prefixes_env_length); |
915 |
buffer = strndupa(prefixes_env, prefixes_env_length); |
864 |
|
916 |
|
865 |
#ifdef REENTRANT_STRTOK |
917 |
#ifdef REENTRANT_STRTOK |
Lines 878-889
Link Here
|
878 |
token = strtok(NULL, ":"); |
930 |
token = strtok(NULL, ":"); |
879 |
#endif |
931 |
#endif |
880 |
|
932 |
|
881 |
if (prefix) free(prefix); |
933 |
if (prefix) |
|
|
934 |
free(prefix); |
882 |
prefix = NULL; |
935 |
prefix = NULL; |
883 |
} |
936 |
} |
884 |
} |
937 |
} else if (prefixes_env_length > 0) { |
885 |
else if (prefixes_env_length > 0) { |
938 |
(*prefixes_array) = (char **) malloc(sizeof (char *)); |
886 |
(*prefixes_array) = (char **)malloc(sizeof(char *)); |
|
|
887 |
|
939 |
|
888 |
(*prefixes_array)[(*prefixes_num)++] = filter_path(prefixes_env); |
940 |
(*prefixes_array)[(*prefixes_num)++] = filter_path(prefixes_env); |
889 |
} |
941 |
} |
Lines 892-901
Link Here
|
892 |
errno = old_errno; |
944 |
errno = old_errno; |
893 |
} |
945 |
} |
894 |
|
946 |
|
895 |
static char* filter_path(const char* path) |
947 |
static char * |
|
|
948 |
filter_path(const char *path) |
896 |
{ |
949 |
{ |
897 |
int old_errno = errno; |
950 |
int old_errno = errno; |
898 |
char* filtered_path = (char *)malloc(SB_PATH_MAX * sizeof(char)); |
951 |
char *filtered_path = (char *) malloc(SB_PATH_MAX * sizeof (char)); |
899 |
|
952 |
|
900 |
canonicalize_ptr(path, filtered_path); |
953 |
canonicalize_ptr(path, filtered_path); |
901 |
|
954 |
|
Lines 904-926
Link Here
|
904 |
return filtered_path; |
957 |
return filtered_path; |
905 |
} |
958 |
} |
906 |
|
959 |
|
907 |
static int check_access(sbcontext_t* sbcontext, const char* func, const char* path) |
960 |
static int |
|
|
961 |
check_access(sbcontext_t * sbcontext, const char *func, const char *path) |
908 |
{ |
962 |
{ |
909 |
int old_errno = errno; |
963 |
int old_errno = errno; |
910 |
int result = -1; |
964 |
int result = -1; |
911 |
int i = 0; |
965 |
int i = 0; |
912 |
char* filtered_path = filter_path(path); |
966 |
char *filtered_path = filter_path(path); |
913 |
|
967 |
|
914 |
if ('/' != filtered_path[0]) { |
968 |
if ('/' != filtered_path[0]) { |
915 |
errno = old_errno; |
969 |
errno = old_errno; |
916 |
|
970 |
|
917 |
if (filtered_path) free(filtered_path); |
971 |
if (filtered_path) |
|
|
972 |
free(filtered_path); |
918 |
filtered_path = NULL; |
973 |
filtered_path = NULL; |
919 |
|
974 |
|
920 |
return 0; |
975 |
return 0; |
921 |
} |
976 |
} |
922 |
|
977 |
|
923 |
if ((0 == strncmp(filtered_path, "/etc/ld.so.preload", 18)) && (is_sandbox_pid())) { |
978 |
if ((0 == strncmp(filtered_path, "/etc/ld.so.preload", 18)) |
|
|
979 |
&& (is_sandbox_pid())) { |
924 |
result = 1; |
980 |
result = 1; |
925 |
} |
981 |
} |
926 |
|
982 |
|
Lines 929-935
Link Here
|
929 |
for (i = 0; i < sbcontext->num_deny_prefixes; i++) { |
985 |
for (i = 0; i < sbcontext->num_deny_prefixes; i++) { |
930 |
if (NULL != sbcontext->deny_prefixes[i]) { |
986 |
if (NULL != sbcontext->deny_prefixes[i]) { |
931 |
if (0 == strncmp(filtered_path, |
987 |
if (0 == strncmp(filtered_path, |
932 |
sbcontext->deny_prefixes[i], |
988 |
sbcontext-> |
|
|
989 |
deny_prefixes[i], |
933 |
strlen(sbcontext->deny_prefixes[i]))) { |
990 |
strlen(sbcontext->deny_prefixes[i]))) { |
934 |
result = 0; |
991 |
result = 0; |
935 |
break; |
992 |
break; |
Lines 948-969
Link Here
|
948 |
(0 == strncmp(func, "execlp", 6)) || |
1005 |
(0 == strncmp(func, "execlp", 6)) || |
949 |
(0 == strncmp(func, "execle", 6)) || |
1006 |
(0 == strncmp(func, "execle", 6)) || |
950 |
(0 == strncmp(func, "execv", 5)) || |
1007 |
(0 == strncmp(func, "execv", 5)) || |
951 |
(0 == strncmp(func, "execvp", 6)) || |
1008 |
(0 == strncmp(func, "execvp", 6)) |
952 |
(0 == strncmp(func, "execve", 6)) |
1009 |
|| (0 == strncmp(func, "execve", 6)) |
953 |
) |
1010 |
) |
954 |
) { |
1011 |
) { |
955 |
for (i = 0; i < sbcontext->num_read_prefixes; i++) { |
1012 |
for (i = 0; i < sbcontext->num_read_prefixes; i++) { |
956 |
if (NULL != sbcontext->read_prefixes[i]) { |
1013 |
if (NULL != sbcontext->read_prefixes[i]) { |
957 |
if (0 == strncmp(filtered_path, |
1014 |
if (0 == strncmp(filtered_path, |
958 |
sbcontext->read_prefixes[i], |
1015 |
sbcontext-> |
|
|
1016 |
read_prefixes[i], |
959 |
strlen(sbcontext->read_prefixes[i]))) { |
1017 |
strlen(sbcontext->read_prefixes[i]))) { |
960 |
result = 1; |
1018 |
result = 1; |
961 |
break; |
1019 |
break; |
962 |
} |
1020 |
} |
963 |
} |
1021 |
} |
964 |
} |
1022 |
} |
965 |
} |
1023 |
} else if ((NULL != sbcontext->write_prefixes) && |
966 |
else if ((NULL != sbcontext->write_prefixes) && |
|
|
967 |
((0 == strncmp(func, "open_wr", 7)) || |
1024 |
((0 == strncmp(func, "open_wr", 7)) || |
968 |
(0 == strncmp(func, "creat", 5)) || |
1025 |
(0 == strncmp(func, "creat", 5)) || |
969 |
(0 == strncmp(func, "creat64", 7)) || |
1026 |
(0 == strncmp(func, "creat64", 7)) || |
Lines 990-998
Link Here
|
990 |
|
1047 |
|
991 |
for (i = 0; i < sbcontext->num_write_denied_prefixes; i++) { |
1048 |
for (i = 0; i < sbcontext->num_write_denied_prefixes; i++) { |
992 |
if (NULL != sbcontext->write_denied_prefixes[i]) { |
1049 |
if (NULL != sbcontext->write_denied_prefixes[i]) { |
993 |
if (0 == strncmp(filtered_path, |
1050 |
if (0 == |
994 |
sbcontext->write_denied_prefixes[i], |
1051 |
strncmp(filtered_path, |
995 |
strlen(sbcontext->write_denied_prefixes[i]))) { |
1052 |
sbcontext-> |
|
|
1053 |
write_denied_prefixes |
1054 |
[i], strlen(sbcontext->write_denied_prefixes[i]))) { |
996 |
result = 0; |
1055 |
result = 0; |
997 |
break; |
1056 |
break; |
998 |
} |
1057 |
} |
Lines 1002-1008
Link Here
|
1002 |
if (-1 == result) { |
1061 |
if (-1 == result) { |
1003 |
for (i = 0; i < sbcontext->num_write_prefixes; i++) { |
1062 |
for (i = 0; i < sbcontext->num_write_prefixes; i++) { |
1004 |
if (NULL != sbcontext->write_prefixes[i]) { |
1063 |
if (NULL != sbcontext->write_prefixes[i]) { |
1005 |
if (0 == strncmp(filtered_path, |
1064 |
if (0 == |
|
|
1065 |
strncmp |
1066 |
(filtered_path, |
1006 |
sbcontext->write_prefixes[i], |
1067 |
sbcontext->write_prefixes[i], |
1007 |
strlen(sbcontext->write_prefixes[i]))) { |
1068 |
strlen(sbcontext->write_prefixes[i]))) { |
1008 |
result = 1; |
1069 |
result = 1; |
Lines 1023-1030
Link Here
|
1023 |
if (-1 == result) { |
1084 |
if (-1 == result) { |
1024 |
for (i = 0; i < sbcontext->num_predict_prefixes; i++) { |
1085 |
for (i = 0; i < sbcontext->num_predict_prefixes; i++) { |
1025 |
if (NULL != sbcontext->predict_prefixes[i]) { |
1086 |
if (NULL != sbcontext->predict_prefixes[i]) { |
1026 |
if (0 == strncmp(filtered_path, |
1087 |
if (0 == |
1027 |
sbcontext->predict_prefixes[i], |
1088 |
strncmp |
|
|
1089 |
(filtered_path, |
1090 |
sbcontext-> |
1091 |
predict_prefixes[i], |
1028 |
strlen(sbcontext->predict_prefixes[i]))) { |
1092 |
strlen(sbcontext->predict_prefixes[i]))) { |
1029 |
sbcontext->show_access_violation = 0; |
1093 |
sbcontext->show_access_violation = 0; |
1030 |
result = 0; |
1094 |
result = 0; |
Lines 1043-1049
Link Here
|
1043 |
result = 0; |
1107 |
result = 0; |
1044 |
} |
1108 |
} |
1045 |
|
1109 |
|
1046 |
if (filtered_path) free(filtered_path); |
1110 |
if (filtered_path) |
|
|
1111 |
free(filtered_path); |
1047 |
filtered_path = NULL; |
1112 |
filtered_path = NULL; |
1048 |
|
1113 |
|
1049 |
errno = old_errno; |
1114 |
errno = old_errno; |
Lines 1051-1082
Link Here
|
1051 |
return result; |
1116 |
return result; |
1052 |
} |
1117 |
} |
1053 |
|
1118 |
|
1054 |
static int check_syscall(sbcontext_t* sbcontext, const char* func, const char* file) |
1119 |
static int |
|
|
1120 |
check_syscall(sbcontext_t * sbcontext, const char *func, const char *file) |
1055 |
{ |
1121 |
{ |
1056 |
int old_errno = errno; |
1122 |
int old_errno = errno; |
1057 |
int result = 1; |
1123 |
int result = 1; |
1058 |
struct stat log_stat; |
1124 |
struct stat log_stat; |
1059 |
char* log_path = NULL; |
1125 |
char *log_path = NULL; |
1060 |
char* absolute_path = NULL; |
1126 |
char *absolute_path = NULL; |
1061 |
char* tmp_buffer = NULL; |
1127 |
char *tmp_buffer = NULL; |
1062 |
int log_file = 0; |
1128 |
int log_file = 0; |
1063 |
struct stat debug_log_stat; |
1129 |
struct stat debug_log_stat; |
1064 |
char* debug_log_env = NULL; |
1130 |
char *debug_log_env = NULL; |
1065 |
char* debug_log_path = NULL; |
1131 |
char *debug_log_path = NULL; |
1066 |
int debug_log_file = 0; |
1132 |
int debug_log_file = 0; |
1067 |
char buffer[512]; |
1133 |
char buffer[512]; |
1068 |
|
1134 |
|
1069 |
init_wrappers(); |
1135 |
init_wrappers(); |
1070 |
|
1136 |
|
1071 |
if ('/' == file[0]) { |
1137 |
if ('/' == file[0]) { |
1072 |
absolute_path = (char *)malloc((strlen(file) + 1) * sizeof(char)); |
1138 |
absolute_path = (char *) malloc((strlen(file) + 1) * sizeof (char)); |
1073 |
sprintf(absolute_path, "%s", file); |
1139 |
sprintf(absolute_path, "%s", file); |
1074 |
} else { |
1140 |
} else { |
1075 |
tmp_buffer = get_current_dir_name(); |
1141 |
tmp_buffer = (char *) malloc(SB_PATH_MAX * sizeof (char)); |
1076 |
absolute_path = (char *)malloc((strlen(tmp_buffer) + 1 + strlen(file) + 1) * sizeof(char)); |
1142 |
egetcwd(tmp_buffer, SB_PATH_MAX - 1); |
1077 |
sprintf(absolute_path,"%s/%s", tmp_buffer, file); |
1143 |
absolute_path = (char *) malloc((strlen(tmp_buffer) + 1 + strlen(file) + 1) |
|
|
1144 |
* sizeof (char)); |
1145 |
sprintf(absolute_path, "%s/%s", tmp_buffer, file); |
1078 |
|
1146 |
|
1079 |
if (tmp_buffer) free(tmp_buffer); |
1147 |
if (tmp_buffer) |
|
|
1148 |
free(tmp_buffer); |
1080 |
tmp_buffer = NULL; |
1149 |
tmp_buffer = NULL; |
1081 |
} |
1150 |
} |
1082 |
|
1151 |
|
Lines 1088-1114
Link Here
|
1088 |
(0 != strncmp(absolute_path, log_path, strlen(log_path)))) && |
1157 |
(0 != strncmp(absolute_path, log_path, strlen(log_path)))) && |
1089 |
((NULL == debug_log_env) || |
1158 |
((NULL == debug_log_env) || |
1090 |
(NULL == debug_log_path) || |
1159 |
(NULL == debug_log_path) || |
1091 |
(0 != strncmp(absolute_path, debug_log_path, strlen(debug_log_path)))) && |
1160 |
(0 != strncmp(absolute_path, debug_log_path, strlen(debug_log_path)))) |
1092 |
(0 == check_access(sbcontext, func, absolute_path)) |
1161 |
&& (0 == check_access(sbcontext, func, absolute_path)) |
1093 |
) { |
1162 |
) { |
1094 |
if (1 == sbcontext->show_access_violation) { |
1163 |
if (1 == sbcontext->show_access_violation) { |
1095 |
fprintf(stderr, "\e[31;01mACCESS DENIED\033[0m %s:%*s%s\n", |
1164 |
fprintf(stderr, |
1096 |
func, (int)(10 - strlen(func)), "", absolute_path); |
1165 |
"\e[31;01mACCESS DENIED\033[0m %s:%*s%s\n", |
|
|
1166 |
func, (int) (10 - strlen(func)), "", absolute_path); |
1097 |
|
1167 |
|
1098 |
if (NULL != log_path) { |
1168 |
if (NULL != log_path) { |
1099 |
sprintf(buffer, "%s:%*s%s\n", func, (int)(10 - strlen(func)), "", absolute_path); |
1169 |
sprintf(buffer, "%s:%*s%s\n", func, (int) (10 - strlen(func)), "", |
|
|
1170 |
absolute_path); |
1100 |
|
1171 |
|
1101 |
if ((0 == lstat(log_path, &log_stat)) && |
1172 |
if ((0 == lstat(log_path, &log_stat)) |
1102 |
(0 == S_ISREG(log_stat.st_mode)) |
1173 |
&& (0 == S_ISREG(log_stat.st_mode)) |
1103 |
) { |
1174 |
) { |
1104 |
fprintf(stderr, |
1175 |
fprintf(stderr, |
1105 |
"\e[31;01mSECURITY BREACH\033[0m %s already exists and is not a regular file.\n", |
1176 |
"\e[31;01mSECURITY BREACH\033[0m %s already exists and is not a regular file.\n", |
1106 |
log_path); |
1177 |
log_path); |
1107 |
} else { |
1178 |
} else { |
1108 |
log_file = true_open(log_path, |
1179 |
log_file = true_open(log_path, |
1109 |
O_APPEND | O_WRONLY | O_CREAT, |
1180 |
O_APPEND | O_WRONLY |
|
|
1181 |
| O_CREAT, |
1110 |
S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); |
1182 |
S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); |
1111 |
if(log_file >= 0) { |
1183 |
if (log_file >= 0) { |
1112 |
write(log_file, buffer, strlen(buffer)); |
1184 |
write(log_file, buffer, strlen(buffer)); |
1113 |
close(log_file); |
1185 |
close(log_file); |
1114 |
} |
1186 |
} |
Lines 1117-1151
Link Here
|
1117 |
} |
1189 |
} |
1118 |
|
1190 |
|
1119 |
result = 0; |
1191 |
result = 0; |
1120 |
} |
1192 |
} else if (NULL != debug_log_env) { |
1121 |
else if (NULL != debug_log_env) { |
|
|
1122 |
if (NULL != debug_log_path) { |
1193 |
if (NULL != debug_log_path) { |
1123 |
if (0 != strncmp(absolute_path, debug_log_path, strlen(debug_log_path))) { |
1194 |
if (0 != strncmp(absolute_path, debug_log_path, strlen(debug_log_path))) { |
1124 |
sprintf(buffer, "%s:%*s%s\n", func, (int)(10 - strlen(func)), "", absolute_path); |
1195 |
sprintf(buffer, "%s:%*s%s\n", func, (int) (10 - strlen(func)), "", |
|
|
1196 |
absolute_path); |
1125 |
|
1197 |
|
1126 |
if ((0 == lstat(debug_log_path, &debug_log_stat)) && |
1198 |
if ((0 == lstat(debug_log_path, &debug_log_stat)) |
1127 |
(0 == S_ISREG(debug_log_stat.st_mode)) |
1199 |
&& (0 == S_ISREG(debug_log_stat.st_mode)) |
1128 |
) { |
1200 |
) { |
1129 |
fprintf(stderr, |
1201 |
fprintf(stderr, |
1130 |
"\e[31;01mSECURITY BREACH\033[0m %s already exists and is not a regular file.\n", |
1202 |
"\e[31;01mSECURITY BREACH\033[0m %s already exists and is not a regular file.\n", |
1131 |
log_path); |
1203 |
log_path); |
1132 |
} else { |
1204 |
} else { |
1133 |
debug_log_file = true_open(debug_log_path, |
1205 |
debug_log_file = |
1134 |
O_APPEND | O_WRONLY | O_CREAT, |
1206 |
true_open(debug_log_path, |
1135 |
S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); |
1207 |
O_APPEND | O_WRONLY | |
1136 |
if(debug_log_file >= 0) { |
1208 |
O_CREAT, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); |
|
|
1209 |
if (debug_log_file >= 0) { |
1137 |
write(debug_log_file, buffer, strlen(buffer)); |
1210 |
write(debug_log_file, buffer, strlen(buffer)); |
1138 |
close(debug_log_file); |
1211 |
close(debug_log_file); |
1139 |
} |
1212 |
} |
1140 |
} |
1213 |
} |
1141 |
} |
1214 |
} |
1142 |
} else { |
1215 |
} else { |
1143 |
fprintf(stderr, "\e[32;01mACCESS ALLOWED\033[0m %s:%*s%s\n", |
1216 |
fprintf(stderr, |
1144 |
func, (int)(10 - strlen(func)), "", absolute_path); |
1217 |
"\e[32;01mACCESS ALLOWED\033[0m %s:%*s%s\n", |
|
|
1218 |
func, (int) (10 - strlen(func)), "", absolute_path); |
1145 |
} |
1219 |
} |
1146 |
} |
1220 |
} |
1147 |
|
1221 |
|
1148 |
if (absolute_path) free(absolute_path); |
1222 |
if (absolute_path) |
|
|
1223 |
free(absolute_path); |
1149 |
absolute_path = NULL; |
1224 |
absolute_path = NULL; |
1150 |
|
1225 |
|
1151 |
errno = old_errno; |
1226 |
errno = old_errno; |
Lines 1153-1159
Link Here
|
1153 |
return result; |
1228 |
return result; |
1154 |
} |
1229 |
} |
1155 |
|
1230 |
|
1156 |
static int is_sandbox_on() |
1231 |
static int |
|
|
1232 |
is_sandbox_on() |
1157 |
{ |
1233 |
{ |
1158 |
int old_errno = errno; |
1234 |
int old_errno = errno; |
1159 |
|
1235 |
|
Lines 1180-1186
Link Here
|
1180 |
} |
1256 |
} |
1181 |
} |
1257 |
} |
1182 |
|
1258 |
|
1183 |
static int before_syscall(const char* func, const char* file) |
1259 |
static int |
|
|
1260 |
before_syscall(const char *func, const char *file) |
1184 |
{ |
1261 |
{ |
1185 |
int old_errno = errno; |
1262 |
int old_errno = errno; |
1186 |
int result = 1; |
1263 |
int result = 1; |
Lines 1189-1212
Link Here
|
1189 |
init_context(&sbcontext); |
1266 |
init_context(&sbcontext); |
1190 |
|
1267 |
|
1191 |
init_env_entries(&(sbcontext.deny_prefixes), |
1268 |
init_env_entries(&(sbcontext.deny_prefixes), |
1192 |
&(sbcontext.num_deny_prefixes), |
1269 |
&(sbcontext.num_deny_prefixes), "SANDBOX_DENY", 1); |
1193 |
"SANDBOX_DENY", 1); |
|
|
1194 |
init_env_entries(&(sbcontext.read_prefixes), |
1270 |
init_env_entries(&(sbcontext.read_prefixes), |
1195 |
&(sbcontext.num_read_prefixes), |
1271 |
&(sbcontext.num_read_prefixes), "SANDBOX_READ", 1); |
1196 |
"SANDBOX_READ", 1); |
|
|
1197 |
init_env_entries(&(sbcontext.write_prefixes), |
1272 |
init_env_entries(&(sbcontext.write_prefixes), |
1198 |
&(sbcontext.num_write_prefixes), |
1273 |
&(sbcontext.num_write_prefixes), "SANDBOX_WRITE", 1); |
1199 |
"SANDBOX_WRITE", 1); |
|
|
1200 |
init_env_entries(&(sbcontext.predict_prefixes), |
1274 |
init_env_entries(&(sbcontext.predict_prefixes), |
1201 |
&(sbcontext.num_predict_prefixes), |
1275 |
&(sbcontext.num_predict_prefixes), "SANDBOX_PREDICT", 1); |
1202 |
"SANDBOX_PREDICT", 1); |
|
|
1203 |
|
1276 |
|
1204 |
result = check_syscall(&sbcontext, func, file); |
1277 |
result = check_syscall(&sbcontext, func, file); |
1205 |
|
1278 |
|
1206 |
clean_env_entries(&(sbcontext.deny_prefixes), |
1279 |
clean_env_entries(&(sbcontext.deny_prefixes), &(sbcontext.num_deny_prefixes)); |
1207 |
&(sbcontext.num_deny_prefixes)); |
1280 |
clean_env_entries(&(sbcontext.read_prefixes), &(sbcontext.num_read_prefixes)); |
1208 |
clean_env_entries(&(sbcontext.read_prefixes), |
|
|
1209 |
&(sbcontext.num_read_prefixes)); |
1210 |
clean_env_entries(&(sbcontext.write_prefixes), |
1281 |
clean_env_entries(&(sbcontext.write_prefixes), |
1211 |
&(sbcontext.num_write_prefixes)); |
1282 |
&(sbcontext.num_write_prefixes)); |
1212 |
clean_env_entries(&(sbcontext.predict_prefixes), |
1283 |
clean_env_entries(&(sbcontext.predict_prefixes), |
Lines 1221-1227
Link Here
|
1221 |
return result; |
1292 |
return result; |
1222 |
} |
1293 |
} |
1223 |
|
1294 |
|
1224 |
static int before_syscall_open_int(const char* func, const char* file, int flags) |
1295 |
static int |
|
|
1296 |
before_syscall_open_int(const char *func, const char *file, int flags) |
1225 |
{ |
1297 |
{ |
1226 |
if ((flags & O_WRONLY) || (flags & O_RDWR)) { |
1298 |
if ((flags & O_WRONLY) || (flags & O_RDWR)) { |
1227 |
return before_syscall("open_wr", file); |
1299 |
return before_syscall("open_wr", file); |
Lines 1230-1243
Link Here
|
1230 |
} |
1302 |
} |
1231 |
} |
1303 |
} |
1232 |
|
1304 |
|
1233 |
static int before_syscall_open_char(const char* func, const char* file, const char* mode) |
1305 |
static int |
|
|
1306 |
before_syscall_open_char(const char *func, const char *file, const char *mode) |
1234 |
{ |
1307 |
{ |
1235 |
if ((strcmp(mode, "r") == 0) || (strcmp(mode, "rb") == 0) || (strcmp(mode, "rm") == 0)) { |
1308 |
if ((strcmp(mode, "r") == 0) || (strcmp(mode, "rb") == 0) |
|
|
1309 |
|| (strcmp(mode, "rm") == 0)) { |
1236 |
return before_syscall("open_rd", file); |
1310 |
return before_syscall("open_rd", file); |
1237 |
} else { |
1311 |
} else { |
1238 |
return before_syscall("open_wr", file); |
1312 |
return before_syscall("open_wr", file); |
1239 |
} |
1313 |
} |
1240 |
} |
1314 |
} |
1241 |
|
1315 |
|
|
|
1316 |
#include "getcwd.c" |
1317 |
#include "canonicalize.c" |
1242 |
|
1318 |
|
1243 |
// vim:expandtab noai:cindent ai |
1319 |
// vim:expandtab noai:cindent ai |