Attachment #15076 for bug #21766




# Copyright 2002 Gentoo Technologies, Inc.; Distributed under the GPL v2
# $Header: /home/cvsroot/gentoo-src/portage/src/sandbox-1.1/ChangeLog,v 1.17 2003/06/29 16:20:19 azarah Exp $

  27 Jul 2003; Martin Schlemmer <azarah@gentoo.org> getcwd.c, libsandbox.c,
  sandbox_futils.c, canonicalize.c :
  Once again coreutils fails, as my systems had 2.5 kernel, the getcwd system
  call handled strings larger than PATH_MAX (bug #21766).  It however does not
  work the same on 2.4 kernels.

  To fix, I added the posix implementation of getcwd() (from glibc cvs) that
  do not need the system call.  We use the default getcwd() function via a
  wrapper (egetcwd), and then lstat the returned path.  If lstat fails, it
  means the current directory was removed, OR that the the system call for
  getcwd failed (curious is that it do not fail and return NULL or set
  errno, but rather just truncate the retured directory - usually from the
  start), and if so, we use the generic getcwd() function (__egetcwd).  Note
  that we do not use the generic version all the time, as it calls lstat()
  a great number of times, and performance degrade much.

  29 Jun 2003; Martin Schlemmer <azarah@gentoo.org> create-localdecls,
  libsandbox.c :
  Make sure SB_PATH_MAX will not wrap.  Fix two possible memory leaks.





all:	$(TARGETS)

sandbox: sandbox.o sandbox_futils.o getcwd.c
	$(CC) $^ -ldl -lc -o $@

sandbox.o: sandbox.c sandbox.h

sandbox_futils.o: sandbox_futils.c sandbox.h
	$(CC) $(CFLAGS) -Wall -c $(OBJ_DEFINES) sandbox_futils.c

libsandbox.so: libsandbox.o sandbox_futils.o
	$(CC) $^ -shared -fPIC -ldl -lc -o $@ -nostdlib -lgcc

libsandbox.o: libsandbox.c localdecls.h canonicalize.c getcwd.c
	$(CC) $(CFLAGS) -Wall -c $(OBJ_DEFINES) libsandbox.c

canonicalize.o: canonicalize.c localdecls.h
	$(CC) $(CFLAGS) -Wall -c $(OBJ_DEFINES) canonicalize.c

localdecls.h: create-localdecls libctest.c
	./create-localdecls




/* Return the canonical absolute name of a given file.
   Copyright (C) 1996-2001, 2002 Free Software Foundation, Inc.
   This file is part of the GNU C Library.

   The GNU C Library is free software; you can redistribute it and/or

   Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
   02111-1307 USA.  */

/*
 * $Header: /home/cvsroot/gentoo-src/portage/src/sandbox-1.1/canonicalize.c,v 1.3 2003/06/22 20:01:20 azarah Exp $
 */

#include <stdlib.h>
#include <string.h>
#include <unistd.h>

#include <errno.h>
#include <stddef.h>

//#include <shlib-compat.h>
                     
#ifndef __set_errno
# define __set_errno(val) errno = (val)

 *  
 */

char *
erealpath(const char *name, char *resolved)
{
  char *rpath, *dest;
  const char *start, *end, *rpath_limit;
  long int path_max;

	if (name == NULL) {
    {
      /* As per Single Unix Specification V2 we must return an error if
         either parameter is a null pointer.  We extend this to allow
         the RESOLVED parameter to be NULL in case the we are expected to
         allocate the room for the return value.  */
		__set_errno(EINVAL);
      return NULL;
    }

	if (name[0] == '\0') {
    {
      /* As per Single Unix Specification V2 we must return an error if
         the name argument points to an empty string.  */
		__set_errno(ENOENT);
      return NULL;
    }

#ifdef SB_PATH_MAX
  path_max = SB_PATH_MAX;
#else

#ifdef SB_PATH_MAX
  path_max = SB_PATH_MAX;
#else
	path_max = pathconf(name, _PC_SB_PATH_MAX);
  if (path_max <= 0)
    path_max = 1024;
#endif

	if (resolved == NULL) {
		rpath = malloc(path_max);
		if (rpath == NULL)
			return NULL;
	} else
		rpath = resolved;
  rpath_limit = rpath + path_max;

	if (name[0] != '/') {
		if (!egetcwd(rpath, path_max)) {
      if (!getcwd (rpath, path_max))
        {
          rpath[0] = '\0';
          goto error;
        }
		dest = strchr(rpath, '\0');
	} else {
  else
    {
      rpath[0] = '/';
      dest = rpath + 1;
    }

	for (start = end = name; *start; start = end) {
    {
      /* Skip sequence of multiple path-separators.  */
      while (*start == '/')
        ++start;

      /* Find end of path component.  */
      for (end = start; *end && *end != '/'; ++end)
			/* Nothing.  */ ;

      if (end - start == 0)
        break;
      else if (end - start == 1 && start[0] == '.')
			/* nothing */ ;
		else if (end - start == 2 && start[0] == '.' && start[1] == '.') {
        {
          /* Back up to previous component, ignore if at root already.  */
          if (dest > rpath + 1)
				while ((--dest)[-1] != '/') ;
		} else {
      else
        {
          size_t new_size;

          if (dest[-1] != '/')
            *dest++ = '/';

			if (dest + (end - start) >= rpath_limit) {
            {
              ptrdiff_t dest_offset = dest - rpath;
				char *new_rpath;

				if (resolved) {
					__set_errno(ENAMETOOLONG);
                  __set_errno (ENAMETOOLONG);
                  if (dest > rpath + 1)
                    dest--;
                  *dest = '\0';

                new_size += end - start + 1;
              else
                new_size += path_max;
				new_rpath = (char *) realloc(rpath, new_size);
				if (new_rpath == NULL)
					goto error;
				rpath = new_rpath;
              rpath_limit = rpath + new_size;
              if (rpath == NULL)
                return NULL;

              dest = rpath + dest_offset;
            }

			dest = __mempcpy(dest, start, end - start);
          *dest = '\0';

          }
    }
#if 1
  if (dest > rpath + 1 && dest[-1] == '/')
    --dest;
#endif
  *dest = '\0';

	return resolved ? memcpy(resolved, rpath, dest - rpath + 1) : rpath;

error:
  if (resolved)
		strcpy(resolved, rpath);
  else
		free(rpath);
  return NULL;
}


char *
erealpath (const char *name, char *resolved)
{
  if (resolved == NULL)
    {
      __set_errno (EINVAL);
      return NULL;
    }

  return ecanonicalize (name, resolved);
}


// vim:expandtab noai:cindent ai

Lines 1-6 Link Here

(-)libctest.c (-2 / +3 lines)
1	/* Dummy program to check your libc version */	1	/* Dummy program to check your libc version */
2		2
3	int main(void) {	3	int
		4	main(void)
		5	{
4	return 0;	6	return 0;
5	}	7	}
6




/*
 *  Path sandbox for the gentoo linux portage package system, initially
 *  based on the ROCK Linux Wrapper for getting a list of created files
 *
 *  to integrate with bash, bash should have been built like this


typedef struct {
  int show_access_violation;
	char **deny_prefixes;
  int num_deny_prefixes;
	char **read_prefixes;
  int num_read_prefixes;
	char **write_prefixes;
  int num_write_prefixes;
	char **predict_prefixes;
  int num_predict_prefixes;
	char **write_denied_prefixes;
  int num_write_denied_prefixes;
} sbcontext_t;

/* glibc modified realpath() functions */
char *erealpath(const char *name, char *resolved);
/* glibc modified getcwd() functions */
char *egetcwd(char *, size_t);

static void init_wrappers(void);
static void *get_dlsym(const char *);

static void clean_env_entries(char ***, int *);
static void init_context(sbcontext_t *);
static void init_env_entries(char ***, int *, char *, int);
static char *filter_path(const char *);
static int is_sandbox_on();
static int is_sandbox_pid();

/* Wrapped functions */

extern int chmod(const char *, mode_t);
static int (*true_chmod) (const char *, mode_t);
extern int chown(const char *, uid_t, gid_t);
static int (*true_chown) (const char *, uid_t, gid_t);
extern int creat(const char *, mode_t);
static int (*true_creat) (const char *, mode_t);
extern FILE *fopen(const char *, const char *);
static FILE *(*true_fopen) (const char *, const char *);
extern int lchown(const char *, uid_t, gid_t);
static int (*true_lchown) (const char *, uid_t, gid_t);
extern int link(const char *, const char *);
static int (*true_link) (const char *, const char *);
extern int mkdir(const char *, mode_t);
static int (*true_mkdir) (const char *, mode_t);
extern DIR *opendir(const char *);
static DIR *(*true_opendir) (const char *);
#ifdef WRAP_MKNOD
extern int __xmknod(const char *, mode_t, dev_t);
static int (*true___xmknod) (const char *, mode_t, dev_t);
#endif
extern int open(const char *, int, ...);
static int (*true_open) (const char *, int, ...);
extern int rename(const char *, const char *);
static int (*true_rename) (const char *, const char *);
extern int rmdir(const char *);
static int (*true_rmdir) (const char *);
extern int symlink(const char *, const char *);
static int (*true_symlink) (const char *, const char *);
extern int truncate(const char *, TRUNCATE_T);
static int (*true_truncate) (const char *, TRUNCATE_T);
extern int unlink(const char *);
static int (*true_unlink) (const char *);

#if (GLIBC_MINOR >= 1)

extern int creat64(const char *, __mode_t);
static int (*true_creat64) (const char *, __mode_t);
extern FILE *fopen64(const char *, const char *);
static FILE *(*true_fopen64) (const char *, const char *);
extern int open64(const char *, int, ...);
static int (*true_open64) (const char *, int, ...);
extern int truncate64(const char *, __off64_t);
static int (*true_truncate64) (const char *, __off64_t);

#endif

extern int execve(const char *filename, char *const argv[], char *const envp[]);
static int (*true_execve) (const char *, char *const[], char *const[]);

/*
 * Initialize the shabang
 */

static void
init_wrappers(void)
{
  void *libc_handle = NULL;


  true_execve = dlsym(libc_handle, "execve");
}
  
void
_init(void)
{
  int old_errno = errno;
  char *tmp_string = NULL;

  tmp_string = get_sandbox_lib("/");
  strncpy(sandbox_lib, tmp_string, 254);
  
	if (tmp_string)
		free(tmp_string);
  tmp_string = NULL;

  errno = old_errno;
}

static int
canonicalize(const char *path, char *resolved_path)
{
  int old_errno = errno;
  char *retval;


  retval = erealpath(path, resolved_path);
  
	if ((!retval) && (path[0] != '/')) {
    /* The path could not be canonicalized, append it
     * to the current working directory if it was not
     * an absolute path

    if (errno == ENAMETOOLONG)
      return -1;
    
		egetcwd(resolved_path, SB_PATH_MAX - 2);
    strcat(resolved_path, "/");
    strncat(resolved_path, path, SB_PATH_MAX - 1);
    

  return 0;
}

static void *
get_dlsym(const char *symname)
{
  void *libc_handle = NULL;
  void *symaddr = NULL;

 * Wrapper Functions
 */

int
chmod(const char *path, mode_t mode)
{
  int result = -1;
  char canonic[SB_PATH_MAX];

  canonicalize_int(path, canonic);

	if FUNCTION_SANDBOX_SAFE
		("chmod", canonic) {
    check_dlsym(chmod);
    result = true_chmod(path, mode);
  }

  return result;
}

int
chown(const char *path, uid_t owner, gid_t group)
{
  int result = -1;
  char canonic[SB_PATH_MAX];

  canonicalize_int(path, canonic);

	if FUNCTION_SANDBOX_SAFE
		("chown", canonic) {
    check_dlsym(chown);
    result = true_chown(path, owner, group);
  }

  return result;
}

int
creat(const char *pathname, mode_t mode)
{
/* Is it a system call? */
  int result = -1;


  canonicalize_int(pathname, canonic);

	if FUNCTION_SANDBOX_SAFE
		("creat", canonic) {
    check_dlsym(open);
    result = true_open(pathname, O_CREAT | O_WRONLY | O_TRUNC, mode);
  }

  return result;
}

FILE *
fopen(const char *pathname, const char *mode)
{
  FILE *result = NULL;
  char canonic[SB_PATH_MAX];

  canonicalize_ptr(pathname, canonic);

	if FUNCTION_SANDBOX_SAFE_CHAR
		("fopen", canonic, mode) {
    check_dlsym(fopen);
		result = true_fopen(pathname, mode);
  }
   
  return result;
}

int
lchown(const char *path, uid_t owner, gid_t group)
{
/* Linux specific? */
  int result = -1;


  canonicalize_int(path, canonic);

	if FUNCTION_SANDBOX_SAFE
		("lchown", canonic) {
    check_dlsym(chown);
    result = true_chown(path, owner, group);
  }

  return result;
}

int
link(const char *oldpath, const char *newpath)
{
  int result = -1;
  char old_canonic[SB_PATH_MAX], new_canonic[SB_PATH_MAX];

  canonicalize_int(oldpath, old_canonic);
  canonicalize_int(newpath, new_canonic);

	if FUNCTION_SANDBOX_SAFE
		("link", new_canonic) {
    check_dlsym(link);
    result = true_link(oldpath, newpath);
  }

  return result;
}

int
mkdir(const char *pathname, mode_t mode)
{
  int result = -1;
  char canonic[SB_PATH_MAX];

  canonicalize_int(pathname, canonic);

	if FUNCTION_SANDBOX_SAFE
		("mkdir", canonic) {
    check_dlsym(mkdir);
    result = true_mkdir(pathname, mode);
  }

  return result;
}

DIR *
opendir(const char *name)
{
  DIR *result = NULL;
  char canonic[SB_PATH_MAX];

  canonicalize_ptr(name, canonic);

	if FUNCTION_SANDBOX_SAFE
		("opendir", canonic) {
    check_dlsym(opendir);
    result = true_opendir(name);
  }


#ifdef WRAP_MKNOD

int
__xmknod(const char *pathname, mode_t mode, dev_t dev)
{
  int result = -1;
  char canonic[SB_PATH_MAX];

  canonicalize_int(pathname, canonic);

	if FUNCTION_SANDBOX_SAFE
		("__xmknod", canonic) {
    check_dlsym(__xmknod);
    result = true___xmknod(pathname, mode, dev);
  }


#endif

int
open(const char *pathname, int flags, ...)
{
/* Eventually, there is a third parameter: it's mode_t mode */
  va_list ap;


  canonicalize_int(pathname, canonic);

	if FUNCTION_SANDBOX_SAFE_INT
		("open", canonic, flags) {
    /* We need to resolve open() realtime in some cases,
    * else we get a segfault when running /bin/ps, etc
    * in a sandbox */
    check_dlsym(open);
		result = true_open(pathname, flags, mode);
  }

  return result;
}

int
rename(const char *oldpath, const char *newpath)
{
  int result = -1;
  char old_canonic[SB_PATH_MAX], new_canonic[SB_PATH_MAX];

  canonicalize_int(oldpath, old_canonic);
  canonicalize_int(newpath, new_canonic);

	if FUNCTION_SANDBOX_SAFE
		("rename", new_canonic) {
    check_dlsym(rename);
    result = true_rename(oldpath, newpath);
  }

  return result;
}

int
rmdir(const char *pathname)
{
  int result = -1;
  char canonic[SB_PATH_MAX];

  canonicalize_int(pathname, canonic);

	if FUNCTION_SANDBOX_SAFE
		("rmdir", canonic) {
    check_dlsym(rmdir);
    result = true_rmdir(pathname);
  }

  return result;
}

int
symlink(const char *oldpath, const char *newpath)
{
  int result = -1;
  char old_canonic[SB_PATH_MAX], new_canonic[SB_PATH_MAX];

  canonicalize_int(oldpath, old_canonic);
  canonicalize_int(newpath, new_canonic);

	if FUNCTION_SANDBOX_SAFE
		("symlink", new_canonic) {
    check_dlsym(symlink);
    result = true_symlink(oldpath, newpath);
  }

  return result;
}

int
truncate(const char *path, TRUNCATE_T length)
{
  int result = -1;
  char canonic[SB_PATH_MAX];

  canonicalize_int(path, canonic);

	if FUNCTION_SANDBOX_SAFE
		("truncate", canonic) {
    check_dlsym(truncate);
    result = true_truncate(path, length);
  }

  return result;
}

int
unlink(const char *pathname)
{
  int result = -1;
  char canonic[SB_PATH_MAX];

  canonicalize_int(pathname, canonic);

	if FUNCTION_SANDBOX_SAFE
		("unlink", canonic) {
    check_dlsym(unlink);
    result = true_unlink(pathname);
  }


#if (GLIBC_MINOR >= 1)

int
creat64(const char *pathname, __mode_t mode)
{
/* Is it a system call? */
  int result = -1;


  canonicalize_int(pathname, canonic);

	if FUNCTION_SANDBOX_SAFE
		("creat64", canonic) {
    check_dlsym(open64);
    result = true_open64(pathname, O_CREAT | O_WRONLY | O_TRUNC, mode);
  }

  return result;
}

FILE *
fopen64(const char *pathname, const char *mode)
{
  FILE *result = NULL;
  char canonic[SB_PATH_MAX];

  canonicalize_ptr(pathname, canonic);

	if FUNCTION_SANDBOX_SAFE_CHAR
		("fopen64", canonic, mode) {
    check_dlsym(fopen64);
		result = true_fopen(pathname, mode);
  }
   
  return result;
}

int
open64(const char *pathname, int flags, ...)
{
/* Eventually, there is a third parameter: it's mode_t mode */
  va_list ap;


  canonicalize_int(pathname, canonic);

	if FUNCTION_SANDBOX_SAFE_INT
		("open64", canonic, flags) {
    check_dlsym(open64);
		result = true_open64(pathname, flags, mode);
  }

  return result;
}

int
truncate64(const char *path, __off64_t length)
{
  int result = -1;
  char canonic[SB_PATH_MAX];

  canonicalize_int(path, canonic);

	if FUNCTION_SANDBOX_SAFE
		("truncate64", canonic) {
    check_dlsym(truncate64);
    result = true_truncate64(path, length);
  }

 * Exec Wrappers
 */

int
execve(const char *filename, char *const argv[], char *const envp[])
{
  int old_errno = errno;
  int result = -1;


  canonicalize_int(filename, canonic);

	if FUNCTION_SANDBOX_SAFE
		("execve", canonic) {
    while (envp[count] != NULL) {
      if (strstr(envp[count], "LD_PRELOAD=") == envp[count]) {
        if (NULL != strstr(envp[count], sandbox_lib)) {
          break;
        } else {
					const int max_envp_len =
							strlen(envp[count]) + strlen(sandbox_lib) + 1;
          
          /* Backup envp[count], and set it to our own one which
           * contains sandbox_lib */

            strncpy(new_envp + strlen(old_envp) + 1, sandbox_lib,
                    max_envp_len - strlen(new_envp));
          } else {
						strncpy(new_envp +
										strlen(old_envp), sandbox_lib,
                    max_envp_len - strlen(new_envp));
          }


          /* envp[count] = new_envp;
           *
           * Get rid of the "read-only" warnings */
					memcpy((void *) &envp[count], &new_envp, sizeof (new_envp));

          break;
        }

      /* Restore envp[count] again.
       * 
       * envp[count] = old_envp; */
			memcpy((void *) &envp[count], &old_envp, sizeof (old_envp));
      old_envp = NULL;
    }
  }

/* This hack is needed for glibc 2.1.1 (and others?)
 * (not really needed, but good example) */
extern int fclose(FILE *);
static int (*true_fclose) (FILE *) = NULL;
int
fclose(FILE * file)
{
	int result = -1;

  check_dlsym(fclose);
  result = true_fclose(file);


#endif /* GLIBC_MINOR == 1 */

static void
init_context(sbcontext_t * context)
{
  context->show_access_violation = 1;
  context->deny_prefixes = NULL;

  context->num_write_denied_prefixes = 0;
}

static int
is_sandbox_pid()
{
  int old_errno = errno;
  int result = 0;
	FILE *pids_stream = NULL;
  int pids_file = -1;
  int current_pid = 0;
  int tmp_pid = 0;


  if (NULL == pids_stream) {
    perror(">>> pids file fopen");
	} else {
  else
  {
    pids_file = fileno(pids_stream);

    if (pids_file < 0) {

  return result;
}

static void
clean_env_entries(char ***prefixes_array, int *prefixes_num)
{
  int old_errno = errno;
  int i = 0;

        (*prefixes_array)[i] = NULL;
      }
    }
		if (*prefixes_array)
			free(*prefixes_array);
    *prefixes_array = NULL;
    *prefixes_num = 0;
  }

  errno = old_errno;
}

static void
init_env_entries(char ***prefixes_array, int *prefixes_num, char *env, int warn)
{
  int old_errno = errno;
	char *prefixes_env = getenv(env);

  if (NULL == prefixes_env) {
    fprintf(stderr,
            "Sandbox error : the %s environmental variable should be defined.\n",
            env);
  } else {
		char *buffer = NULL;
    int prefixes_env_length = strlen(prefixes_env);
    int i = 0;
    int num_delimiters = 0;
		char *token = NULL;
		char *prefix = NULL;

    for (i = 0; i < prefixes_env_length; i++) {
      if (':' == prefixes_env[i]) {

    }

    if (num_delimiters > 0) {
			*prefixes_array =
					(char **) malloc((num_delimiters + 1) * sizeof (char *));
      buffer = strndupa(prefixes_env, prefixes_env_length);
      
#ifdef REENTRANT_STRTOK

        token = strtok(NULL, ":");
#endif

				if (prefix)
					free(prefix);
        prefix = NULL;
      }
		} else if (prefixes_env_length > 0) {
			(*prefixes_array) = (char **) malloc(sizeof (char *));
      (*prefixes_array) = (char **)malloc(sizeof(char *));
         
      (*prefixes_array)[(*prefixes_num)++] = filter_path(prefixes_env);
    }

  errno = old_errno;
}

static char *
filter_path(const char *path)
{
  int old_errno = errno;
	char *filtered_path = (char *) malloc(SB_PATH_MAX * sizeof (char));

  canonicalize_ptr(path, filtered_path);


  return filtered_path;
}

static int
check_access(sbcontext_t * sbcontext, const char *func, const char *path)
{
  int old_errno = errno;
  int result = -1;
  int i = 0;
	char *filtered_path = filter_path(path);

  if ('/' != filtered_path[0]) {
    errno = old_errno;

		if (filtered_path)
			free(filtered_path);
    filtered_path = NULL;

    return 0;
  }

	if ((0 == strncmp(filtered_path, "/etc/ld.so.preload", 18))
			&& (is_sandbox_pid())) {
    result = 1;
  }
   

      for (i = 0; i < sbcontext->num_deny_prefixes; i++) {
        if (NULL != sbcontext->deny_prefixes[i]) {
          if (0 == strncmp(filtered_path,
													 sbcontext->
													 deny_prefixes[i],
                           strlen(sbcontext->deny_prefixes[i]))) {
            result = 0;
            break;

           (0 == strncmp(func, "execlp", 6)) ||
           (0 == strncmp(func, "execle", 6)) ||
           (0 == strncmp(func, "execv", 5)) ||
					 (0 == strncmp(func, "execvp", 6))
					 || (0 == strncmp(func, "execve", 6))
          )
         ) {
        for (i = 0; i < sbcontext->num_read_prefixes; i++) {
          if (NULL != sbcontext->read_prefixes[i]) {
            if (0 == strncmp(filtered_path,
														 sbcontext->
														 read_prefixes[i],
                             strlen(sbcontext->read_prefixes[i]))) {
              result = 1;
              break;
            }
          }
        }
			} else if ((NULL != sbcontext->write_prefixes) &&
      else if ((NULL != sbcontext->write_prefixes) &&
               ((0 == strncmp(func, "open_wr", 7)) ||
                (0 == strncmp(func, "creat", 5)) ||
                (0 == strncmp(func, "creat64", 7)) ||


        for (i = 0; i < sbcontext->num_write_denied_prefixes; i++) {
          if (NULL != sbcontext->write_denied_prefixes[i]) {
						if (0 ==
								strncmp(filtered_path,
												sbcontext->
												write_denied_prefixes
												[i], strlen(sbcontext->write_denied_prefixes[i]))) {
              result = 0;
              break;
            }

        if (-1 == result) {
          for (i = 0; i < sbcontext->num_write_prefixes; i++) {
            if (NULL != sbcontext->write_prefixes[i]) {
							if (0 ==
									strncmp
									(filtered_path,
                               sbcontext->write_prefixes[i],
                               strlen(sbcontext->write_prefixes[i]))) {
                result = 1;

            if (-1 == result) {
              for (i = 0; i < sbcontext->num_predict_prefixes; i++) {
                if (NULL != sbcontext->predict_prefixes[i]) {
									if (0 ==
											strncmp
											(filtered_path,
											 sbcontext->
											 predict_prefixes[i],
                                   strlen(sbcontext->predict_prefixes[i]))) {
                    sbcontext->show_access_violation = 0;
                    result = 0;

    result = 0;
  }

	if (filtered_path)
		free(filtered_path);
  filtered_path = NULL;

  errno = old_errno;

  return result;
}

static int
check_syscall(sbcontext_t * sbcontext, const char *func, const char *file)
{
  int old_errno = errno;
  int result = 1;
  struct stat log_stat;
	char *log_path = NULL;
	char *absolute_path = NULL;
	char *tmp_buffer = NULL;
  int log_file = 0;
  struct stat debug_log_stat;
	char *debug_log_env = NULL;
	char *debug_log_path = NULL;
  int debug_log_file = 0;
  char buffer[512];

  init_wrappers();

  if ('/' == file[0]) {
		absolute_path = (char *) malloc((strlen(file) + 1) * sizeof (char));
    sprintf(absolute_path, "%s", file);
  } else {
		tmp_buffer = (char *) malloc(SB_PATH_MAX * sizeof (char));
		egetcwd(tmp_buffer, SB_PATH_MAX - 1);
		absolute_path = (char *) malloc((strlen(tmp_buffer) + 1 + strlen(file) + 1)
																		* sizeof (char));
		sprintf(absolute_path, "%s/%s", tmp_buffer, file);
    
		if (tmp_buffer)
			free(tmp_buffer);
    tmp_buffer = NULL;
  }
  

       (0 != strncmp(absolute_path, log_path, strlen(log_path)))) &&
      ((NULL == debug_log_env) ||
       (NULL == debug_log_path) ||
			 (0 != strncmp(absolute_path, debug_log_path, strlen(debug_log_path))))
			&& (0 == check_access(sbcontext, func, absolute_path))
     ) {
    if (1 == sbcontext->show_access_violation) {
			fprintf(stderr,
							"\e[31;01mACCESS DENIED\033[0m  %s:%*s%s\n",
							func, (int) (10 - strlen(func)), "", absolute_path);
         
      if (NULL != log_path) {
				sprintf(buffer, "%s:%*s%s\n", func, (int) (10 - strlen(func)), "",
								absolute_path);
      
				if ((0 == lstat(log_path, &log_stat))
						&& (0 == S_ISREG(log_stat.st_mode))
           ) {
          fprintf(stderr,
                  "\e[31;01mSECURITY BREACH\033[0m  %s already exists and is not a regular file.\n",
                  log_path);
        } else {
          log_file = true_open(log_path,
															 O_APPEND | O_WRONLY
															 | O_CREAT,
                               S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
					if (log_file >= 0) {
            write(log_file, buffer, strlen(buffer));
            close(log_file);
          }

    }

    result = 0;
	} else if (NULL != debug_log_env) {
  else if (NULL != debug_log_env) {
    if (NULL != debug_log_path) {
      if (0 != strncmp(absolute_path, debug_log_path, strlen(debug_log_path))) {
				sprintf(buffer, "%s:%*s%s\n", func, (int) (10 - strlen(func)), "",
								absolute_path);
        
				if ((0 == lstat(debug_log_path, &debug_log_stat))
						&& (0 == S_ISREG(debug_log_stat.st_mode))
           ) {
          fprintf(stderr,
                  "\e[31;01mSECURITY BREACH\033[0m  %s already exists and is not a regular file.\n",
                  log_path);
        } else {
					debug_log_file =
							true_open(debug_log_path,
												O_APPEND | O_WRONLY |
												O_CREAT, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
					if (debug_log_file >= 0) {
            write(debug_log_file, buffer, strlen(buffer));
            close(debug_log_file);
          }
        }
      }
    } else {
			fprintf(stderr,
							"\e[32;01mACCESS ALLOWED\033[0m %s:%*s%s\n",
							func, (int) (10 - strlen(func)), "", absolute_path);
    }
  }

	if (absolute_path)
		free(absolute_path);
  absolute_path = NULL;

  errno = old_errno;

  return result;
}

static int
is_sandbox_on()
{
  int old_errno = errno;
  

  }
}

static int
before_syscall(const char *func, const char *file)
{
  int old_errno = errno;
  int result = 1;

  init_context(&sbcontext);

  init_env_entries(&(sbcontext.deny_prefixes),
									 &(sbcontext.num_deny_prefixes), "SANDBOX_DENY", 1);
                   "SANDBOX_DENY", 1);
  init_env_entries(&(sbcontext.read_prefixes),
									 &(sbcontext.num_read_prefixes), "SANDBOX_READ", 1);
                   "SANDBOX_READ", 1);
  init_env_entries(&(sbcontext.write_prefixes),
									 &(sbcontext.num_write_prefixes), "SANDBOX_WRITE", 1);
                   "SANDBOX_WRITE", 1);
  init_env_entries(&(sbcontext.predict_prefixes),
									 &(sbcontext.num_predict_prefixes), "SANDBOX_PREDICT", 1);
                   "SANDBOX_PREDICT", 1);

  result = check_syscall(&sbcontext, func, file);

	clean_env_entries(&(sbcontext.deny_prefixes), &(sbcontext.num_deny_prefixes));
	clean_env_entries(&(sbcontext.read_prefixes), &(sbcontext.num_read_prefixes));
  clean_env_entries(&(sbcontext.read_prefixes),
                    &(sbcontext.num_read_prefixes));
  clean_env_entries(&(sbcontext.write_prefixes),
                    &(sbcontext.num_write_prefixes));
  clean_env_entries(&(sbcontext.predict_prefixes),

  return result;
}

static int
before_syscall_open_int(const char *func, const char *file, int flags)
{
  if ((flags & O_WRONLY) || (flags & O_RDWR)) {
    return before_syscall("open_wr", file);

  }
}

static int
before_syscall_open_char(const char *func, const char *file, const char *mode)
{
	if ((strcmp(mode, "r") == 0) || (strcmp(mode, "rb") == 0)
			|| (strcmp(mode, "rm") == 0)) {
    return before_syscall("open_rd", file);
  } else {
    return before_syscall("open_wr", file);
  }
}

#include "getcwd.c"
#include "canonicalize.c"

// vim:expandtab noai:cindent ai




int print_debug = 0;

/* Read pids file, and load active pids into an array.  Return number of pids in array */
int
load_active_pids(int fd, int **pids)
{
  char *data = NULL;
  char *ptr = NULL, *ptr2 = NULL;

  len = file_length(fd);

  /* Allocate and zero datablock to read pids file */
	data = (char *) malloc((len + 1) * sizeof (char));
  memset(data, 0, len + 1);

  /* Start at beginning of file */


    /* If the PID is still alive, add it to our array */
    if ((0 != my_pid) && (0 == kill(my_pid, 0))) {
			pids[0] = (int *) realloc(pids[0], (num_pids + 1) * sizeof (int));
      pids[0][num_pids] = my_pid;
      num_pids++;
    }

}

/* Read ld.so.preload file, and loads dirs into an array.  Return number of entries in array */
int
load_preload_libs(int fd, char ***preloads)
{
  char *data = NULL;
  char *ptr = NULL, *ptr2 = NULL;

  len = file_length(fd);

  /* Allocate and zero datablock to read pids file */
	data = (char *) malloc((len + 1) * sizeof (char));
  memset(data, 0, len + 1);

  /* Start at beginning of file */


    /* If listing does not match our libname, add it to the array */
    if ((strlen(ptr)) && (NULL == strstr(ptr, LIB_NAME))) {
			preloads[0] =
					(char **) realloc(preloads[0], (num_entries + 1) * sizeof (char **));
      preloads[0][num_entries] = strdup(ptr);
      num_entries++;
    }

  return num_entries;
}

void
cleanup()
{
  int i = 0;
  int success = 1;

        file_truncate(preload_file);

        /* store the other preload libraries back into the /etc/ld.so.preload file */
				if (num_of_preloads > 0) {
          for (i = 0; i < num_of_preloads; i++) {
            sprintf(preload_entry, "%s\n", preload_array[i]);
						if (write
								(preload_file,
								 preload_entry,
								 strlen(preload_entry)) != strlen(preload_entry)) {
              perror(">>> /etc/ld.so.preload file write");
              success = 0;
              break;


    /* Free memory used to store preload array */
        for (i = 0; i < num_of_preloads; i++) {
					if (preload_array[i])
						free(preload_array[i]);
          preload_array[i] = NULL;
        }
        if (preload_array)

    file_truncate(pids_file);

    /* if pids are still running, write only the running pids back to the file */
		if (num_of_pids > 1) {
      for (i = 0; i < num_of_pids; i++) {
        if (pids_array[i] != getpid()) {
          sprintf(pid_string, "%d\n", pids_array[i]);

					if (write(pids_file, pid_string, strlen(pid_string)) !=
							strlen(pid_string)) {
            perror(">>> pids file write");
            success = 0;
            break;

    return;
}

void
stop(int signum)
{
  printf("Caught signal %d\r\n", signum);
  cleanup();
}

void
setenv_sandbox_write(char *home_dir, char *portage_tmp_dir, char *var_tmp_dir,
										 char *tmp_dir)
{
  char sandbox_write_var[1024];

  if (!getenv(ENV_SANDBOX_WRITE)) {
    /* these should go into make.globals later on */
    strcpy(sandbox_write_var, "");
		strcat(sandbox_write_var,
					 "/dev/zero:/dev/fd/:/dev/null:/dev/pts/:/dev/vc/:/dev/tty:/tmp/");
    strcat(sandbox_write_var, ":");
    /* NGPT support */
    strcat(sandbox_write_var, "/dev/shm/ngpt");

  }
}

void
setenv_sandbox_predict(char *home_dir)
{
  char sandbox_predict_var[1024];


  }
}

int
print_sandbox_log(char *sandbox_log)
{
  int sandbox_log_file = -1;
  char *beep_count_env = NULL;

  long len = 0;
  char *buffer = NULL;

	sandbox_log_file = file_open(sandbox_log, "r", 0);
  if (-1 == sandbox_log_file)
    return 0;

  len = file_length(sandbox_log_file);
	buffer = (char *) malloc((len + 1) * sizeof (char));
  memset(buffer, 0, len + 1);
  read(sandbox_log_file, buffer, len);
  file_close(sandbox_log_file);

	printf
			("\e[31;01m--------------------------- ACCESS VIOLATION SUMMARY ---------------------------\033[0m\n");
  printf("\e[31;01mLOG FILE = \"%s\"\033[0m\n", sandbox_log);
  printf("\n");
  printf("%s", buffer);
  if (buffer)
    free(buffer);
  buffer = NULL;
	printf
			("\e[31;01m--------------------------------------------------------------------------------\033[0m\n");

  beep_count_env = getenv(ENV_SANDBOX_BEEP);
  if (beep_count_env)


  for (i = 0; i < beep_count; i++) {
    fputc('\a', stderr);
		if (i < beep_count - 1)
      sleep(1);
  }
  return 1;
}

int
spawn_shell(char *argv_bash[])
{
#ifdef USE_SYSTEM_SHELL
  int i = 0;

      break;
    if (NULL != sh)
      len = strlen(sh);
		sh = (char *) realloc(sh, len + strlen(argv_bash[i]) + 5);
    if (first) {
      sh[0] = 0;
      first = 0;

#endif
}

int
main(int argc, char **argv)
{
  int i = 0, success = 1;
#ifdef USE_LD_SO_PRELOAD

    print_debug = 1;

  if (print_debug)
		printf
				("========================== Gentoo linux path sandbox ===========================\n");

  /* check if a sandbox is already running */
  if (NULL != getenv(ENV_SANDBOX_ON)) {
		fprintf(stderr,
						"Not launching a new sandbox instance\nAnother one is already running in this process hierarchy.\n");
    exit(1);
  } else {


      printf("Verification of the required files.\n");

    if (file_exist(sandbox_lib, 0) <= 0) {
			fprintf(stderr, "Could not open the sandbox library at '%s'.\n",
							sandbox_lib);
      return -1;
    } else if (file_exist(sandbox_rc, 0) <= 0) {
			fprintf(stderr, "Could not open the sandbox rc file at '%s'.\n",
							sandbox_rc);
      return -1;
    }

#ifdef USE_LD_SO_PRELOAD
    /* ensure that the /etc/ld.so.preload file contains an entry for the sandbox lib */
    if (print_debug)


    if (getuid() == 0) {
      /* Our r+ also will create the file if it doesn't exist */
			preload_file = file_open("/etc/ld.so.preload", "r+", 1, 0644);
      if (-1 == preload_file) {
        preload_adaptable = 0;
/*      exit(1);*/

      for (i = 0; i < num_of_preloads + 1; i++) {
        /* First entry should be our sandbox library */
        if (0 == i) {
					if (write
							(preload_file, sandbox_lib,
							 strlen(sandbox_lib)) != strlen(sandbox_lib)) {
            perror(">>> /etc/ld.so.preload file write");
            success = 0;
            break;
          }
        } else {
          /* Output all other preload entries */
					if (write
							(preload_file, preload_array[i - 1],
							 strlen(preload_array[i - 1])) != strlen(preload_array[i - 1])) {
            perror(">>> /etc/ld.so.preload file write");
            success = 0;
            break;

      printf("Setting up the required environment variables.\n");

    /* Generate sandbox log full path */
		tmp_string = get_sandbox_log();
    strncpy(sandbox_log, tmp_string, 254);
    if (tmp_string)
      free(tmp_string);


    setenv(ENV_SANDBOX_LOG, sandbox_log, 1);

		snprintf(sandbox_debug_log, 254, "%s%s%s",
						 DEBUG_LOG_FILE_PREFIX, pid_string, LOG_FILE_EXT);
    setenv(ENV_SANDBOX_DEBUG_LOG, sandbox_debug_log, 1);

    home_dir = getenv("HOME");

     * this, access is denied to /var/tmp, hurtin' ebuilds.
     */

		realpath(getenv("PORTAGE_TMPDIR"), portage_tmp_dir);
		realpath("/var/tmp", var_tmp_dir);
		realpath("/tmp", tmp_dir);

    setenv(ENV_SANDBOX_DIR, sandbox_dir, 1);
    setenv(ENV_SANDBOX_LIB, sandbox_lib, 1);

    if (NULL != portage_tmp_dir)
      chdir(portage_tmp_dir);

		argv_bash = (char **) malloc(6 * sizeof (char *));
    argv_bash[0] = strdup("/bin/bash");
    argv_bash[1] = strdup("-rcfile");
    argv_bash[2] = strdup(sandbox_rc);

    argv_bash[5] = NULL;
    
    if (argc >= 2) {
			for (i = 1; i < argc; i++) {
        if (NULL == argv_bash[4])
          len = 0;
        else
          len = strlen(argv_bash[4]);
        
				argv_bash[4] =
						(char *) realloc(argv_bash[4],
														 (len + strlen(argv[i]) + 2) * sizeof (char));
        
        if (0 == len)
          argv_bash[4][0] = 0;

      }
    }
#if 0
		char *argv_bash[] = {
                        "/bin/bash",
                        "-rcfile",
                        NULL,

        else
          sprintf(pid_string, "%d\n", pids_array[i]);
        
				if (write(pids_file, pid_string, strlen(pid_string)) !=
						strlen(pid_string)) {
          perror(">>> pids file write");
          success = 0;
          break;

    /* STARTING PROTECTED ENVIRONMENT */
    if (print_debug) {
      printf("The protected environment has been started.\n");
			printf
					("--------------------------------------------------------------------------------\n");
    }

    if (print_debug)

    cleanup();

    if (print_debug) {
			printf
					("========================== Gentoo linux path sandbox ===========================\n");
      printf("The protected environment has been shut down.\n");
    }



      sandbox_log_file = -1;
    } else if (print_debug) {
			printf
					("--------------------------------------------------------------------------------\n");
    }

    if ((sandbox_log_presence) || (!success))





#include "sandbox.h"

/* glibc modified getcwd() functions */
char *egetcwd(char *, size_t);

char *
get_sandbox_path(char *argv0)
{
  char path[255];
  char *cwd = NULL;


  /* ARGV[0] specifies relative path */
  } else {
		egetcwd(cwd, 253);
      sprintf(path, "%s/%s", cwd, argv0);
		if (cwd)
			free(cwd);
      cwd = NULL;
  }

  /* Return just directory */
	return (sb_dirname(path));
}

char *
get_sandbox_lib(char *sb_path)
{
  char path[255];


  if (file_exist(path, 0) <= 0) {
    snprintf(path, 254, "%s%s", sb_path, LIB_NAME);
  }
	return (strdup(path));
}

char *
get_sandbox_rc(char *sb_path)
{
  char path[255];


  if (file_exist(path, 0) <= 0) {
    snprintf(path, 254, "%s%s", sb_path, BASHRC_NAME);
  }
	return (strdup(path));
}

char *
get_sandbox_log()
{
  char path[255];
  char pid_string[20];

  }
  strcat(path, pid_string);
  strcat(path, LOG_FILE_EXT);
	return (strdup(path));
}

/* Obtain base directory name. Do not allow trailing / */
char *
sb_dirname(const char *path)
{
  char *ret = NULL;
  char *ptr = NULL;

  int cut_len = -1;

  /* don't think NULL will ever be passed, but just in case */
	if (NULL == path)
		return (strdup("."));

  /* Grab pointer to last slash */
  ptr = strrchr(path, '/');
  if (NULL == ptr) {
		return (strdup("."));
  }

  /* decimal location of pointer */
  loc = ptr - path;

  /* Remove any trailing slash */
	for (i = loc - 1; i >= 0; i--) {
    if (path[i] != '/') {
      cut_len = i + 1;  /* make cut_len the length of the string to keep */
      break;

  }
  
  /* It could have been just a plain /, return a 1byte 0 filled string */
	if (-1 == cut_len)
		return (strdup(""));

  /* Allocate memory, and return the directory */
	ret = (char *) malloc((cut_len + 1) * sizeof (char));
  memcpy(ret, path, cut_len);
  ret[cut_len] = 0;

	return (ret);
}

/*

}*/

/* Convert text (string) modes to integer values */
int
file_getmode(char *mode)
{
  int mde = 0;
  if (0 == strcasecmp(mode, "r+")) {

  } else {
    mde = O_RDONLY;
  }
	return (mde);
}

/* Get current position in file */
long
file_tell(int fp)
{
	return (lseek(fp, 0L, SEEK_CUR));
}

/* lock the file, preferrably the POSIX way */
int
file_lock(int fd, int lock, char *filename)
{
  int err;
#ifdef USE_FLOCK

}

/* unlock the file, preferrably the POSIX way */
int
file_unlock(int fd)
{
#ifdef USE_FLOCK
  if (flock(fd, LOCK_UN) < 0) {

/* Auto-determine from how the file was opened, what kind of lock to lock
 * the file with
 */
int
file_locktype(char *mode)
{
#ifdef USE_FLOCK
	if (NULL != (strchr(mode, 'w')) || (NULL != strchr(mode, '+'))
			|| (NULL != strchr(mode, 'a')))
		return (LOCK_EX);
	return (LOCK_SH);
#else
	if (NULL != (strchr(mode, 'w')) || (NULL != strchr(mode, '+'))
			|| (NULL != strchr(mode, 'a')))
		return (F_WRLCK);
	return (F_RDLCK);
#endif
}

/* Use standard fopen style modes to open the specified file.  Also auto-determines and
 * locks the file either in shared or exclusive mode depending on opening mode
 */
int
file_open(char *filename, char *mode, int perm_specified, ...)
{
  int fd;
  char error[250];

  if (-1 == fd) {
    snprintf(error, 249, ">>> %s file mode: %s open", filename, mode);
    perror(error);
		return (fd);
  }
  /* Only lock the file if opening succeeded */
  if (-1 != fd) {

    snprintf(error, 249, ">>> %s file mode:%s open", filename, mode);
    perror(error);
  }
	return (fd);
}

/* Close and unlock file */
void
file_close(int fd)
{
  if (-1 != fd) {
    file_unlock(fd);

}

/* Return length of file */
long
file_length(int fd)
{
  long pos, len;
  pos = file_tell(fd);
  len = lseek(fd, 0L, SEEK_END);
  lseek(fd, pos, SEEK_SET);
	return (len);
}

/* Zero out file */
int
file_truncate(int fd)
{
  lseek(fd, 0L, SEEK_SET);
  if (ftruncate(fd, 0) < 0) {

}

/* Check to see if a file exists Return: 1 success, 0 file not found, -1 error */
int
file_exist(char *filename, int checkmode)
{
  struct stat mystat;


Return to bug 21766

Lines 1-5 Link Here

(-)canonicalize.c (-63 / +38 lines)
1	/* Return the canonical absolute name of a given file.	1	/* Return the canonical absolute name of a given file.
2	Copyright (C) 1996, 1997, 1998, 1999, 2000 Free Software Foundation, Inc.	2	Copyright (C) 1996-2001, 2002 Free Software Foundation, Inc.
3	This file is part of the GNU C Library.	3	This file is part of the GNU C Library.
4		4
5	The GNU C Library is free software; you can redistribute it and/or	5	The GNU C Library is free software; you can redistribute it and/or
Lines 17-26 Link Here
17	Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA	17	Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
18	02111-1307 USA. */	18	02111-1307 USA. */
19		19
20	/*
21	* $Header: /home/cvsroot/gentoo-src/portage/src/sandbox-1.1/canonicalize.c,v 1.3 2003/06/22 20:01:20 azarah Exp $
22	*/
23
24	#include <stdlib.h>	20	#include <stdlib.h>
25	#include <string.h>	21	#include <string.h>
26	#include <unistd.h>	22	#include <unistd.h>
Lines 30-36 Link Here
30	#include <errno.h>	26	#include <errno.h>
31	#include <stddef.h>	27	#include <stddef.h>
32		28
33	#include "localdecls.h"	29	//#include <shlib-compat.h>
34		30
35	#ifndef __set_errno	31	#ifndef __set_errno
36	# define __set_errno(val) errno = (val)	32	# define __set_errno(val) errno = (val)
Lines 55-85 Link Here
55	*	51	*
56	*/	52	*/
57		53
58	static char *	54	char *
59	ecanonicalize (const char name, char resolved)	55	erealpath(const char name, char resolved)
60	{	56	{
61	char rpath, dest;	57	char rpath, dest;
62	const char start, end, *rpath_limit;	58	const char start, end, *rpath_limit;
63	long int path_max;	59	long int path_max;
64		60
65	if (name == NULL)	61	if (name == NULL) {
66	{
67	/* As per Single Unix Specification V2 we must return an error if	62	/* As per Single Unix Specification V2 we must return an error if
68	either parameter is a null pointer. We extend this to allow	63	either parameter is a null pointer. We extend this to allow
69	the RESOLVED parameter to be NULL in case the we are expected to	64	the RESOLVED parameter to be NULL in case the we are expected to
70	allocate the room for the return value. */	65	allocate the room for the return value. */
71	__set_errno (EINVAL);	66	__set_errno(EINVAL);
72	return NULL;	67	return NULL;
73	}	68	}
74		69
75	if (name[0] == '\0')	70	if (name[0] == '\0') {
76	{
77	/* As per Single Unix Specification V2 we must return an error if	71	/* As per Single Unix Specification V2 we must return an error if
78	the name argument points to an empty string. */	72	the name argument points to an empty string. */
79	__set_errno (ENOENT);	73	__set_errno(ENOENT);
80	return NULL;	74	return NULL;
81	}	75	}
82
83	#ifdef SB_PATH_MAX	76	#ifdef SB_PATH_MAX
84	path_max = SB_PATH_MAX;	77	path_max = SB_PATH_MAX;
85	#else	78	#else
Lines 83-145 Link Here
83	#ifdef SB_PATH_MAX	76	#ifdef SB_PATH_MAX
84	path_max = SB_PATH_MAX;	77	path_max = SB_PATH_MAX;
85	#else	78	#else
86	path_max = pathconf (name, _PC_PATH_MAX);	79	path_max = pathconf(name, _PC_SB_PATH_MAX);
87	if (path_max <= 0)	80	if (path_max <= 0)
88	path_max = 1024;	81	path_max = 1024;
89	#endif	82	#endif
90		83
91	rpath = resolved ? alloca (path_max) : malloc (path_max);	84	if (resolved == NULL) {
		85	rpath = malloc(path_max);
		86	if (rpath == NULL)
		87	return NULL;
		88	} else
		89	rpath = resolved;
92	rpath_limit = rpath + path_max;	90	rpath_limit = rpath + path_max;
93		91
94	if (name[0] != '/')	92	if (name[0] != '/') {
95	{	93	if (!egetcwd(rpath, path_max)) {
96	if (!getcwd (rpath, path_max))
97	{
98	rpath[0] = '\0';	94	rpath[0] = '\0';
99	goto error;	95	goto error;
100	}	96	}
101	dest = strchr (rpath, '\0');	97	dest = strchr(rpath, '\0');
102	}	98	} else {
103	else
104	{
105	rpath[0] = '/';	99	rpath[0] = '/';
106	dest = rpath + 1;	100	dest = rpath + 1;
107	}	101	}
108		102
109	for (start = end = name; *start; start = end)	103	for (start = end = name; *start; start = end) {
110	{
111	/* Skip sequence of multiple path-separators. */	104	/* Skip sequence of multiple path-separators. */
112	while (*start == '/')	105	while (*start == '/')
113	++start;	106	++start;
114		107
115	/* Find end of path component. */	108	/* Find end of path component. */
116	for (end = start; end && end != '/'; ++end)	109	for (end = start; end && end != '/'; ++end)
117	/* Nothing. */;	110	/* Nothing. */ ;
118		111
119	if (end - start == 0)	112	if (end - start == 0)
120	break;	113	break;
121	else if (end - start == 1 && start[0] == '.')	114	else if (end - start == 1 && start[0] == '.')
122	/* nothing */;	115	/* nothing */ ;
123	else if (end - start == 2 && start[0] == '.' && start[1] == '.')	116	else if (end - start == 2 && start[0] == '.' && start[1] == '.') {
124	{
125	/* Back up to previous component, ignore if at root already. */	117	/* Back up to previous component, ignore if at root already. */
126	if (dest > rpath + 1)	118	if (dest > rpath + 1)
127	while ((--dest)[-1] != '/');	119	while ((--dest)[-1] != '/') ;
128	}	120	} else {
129	else
130	{
131	size_t new_size;	121	size_t new_size;
132		122
133	if (dest[-1] != '/')	123	if (dest[-1] != '/')
134	*dest++ = '/';	124	*dest++ = '/';
135		125
136	if (dest + (end - start) >= rpath_limit)	126	if (dest + (end - start) >= rpath_limit) {
137	{
138	ptrdiff_t dest_offset = dest - rpath;	127	ptrdiff_t dest_offset = dest - rpath;
		128	char *new_rpath;
139		129
140	if (resolved)	130	if (resolved) {
141	{	131	__set_errno(ENAMETOOLONG);
142	__set_errno (ENAMETOOLONG);
143	if (dest > rpath + 1)	132	if (dest > rpath + 1)
144	dest--;	133	dest--;
145	*dest = '\0';	134	*dest = '\0';
Lines 150-196 Link Here
150	new_size += end - start + 1;	139	new_size += end - start + 1;
151	else	140	else
152	new_size += path_max;	141	new_size += path_max;
153	rpath = realloc (rpath, new_size);	142	new_rpath = (char *) realloc(rpath, new_size);
		143	if (new_rpath == NULL)
		144	goto error;
		145	rpath = new_rpath;
154	rpath_limit = rpath + new_size;	146	rpath_limit = rpath + new_size;
155	if (rpath == NULL)
156	return NULL;
157		147
158	dest = rpath + dest_offset;	148	dest = rpath + dest_offset;
159	}	149	}
160		150
161	dest = __mempcpy (dest, start, end - start);	151	dest = __mempcpy(dest, start, end - start);
162	*dest = '\0';	152	*dest = '\0';
163
164	}	153	}
165	}	154	}
166	#if 0	155	#if 1
167	if (dest > rpath + 1 && dest[-1] == '/')	156	if (dest > rpath + 1 && dest[-1] == '/')
168	--dest;	157	--dest;
169	#endif	158	#endif
170	*dest = '\0';	159	*dest = '\0';
171		160
172	return resolved ? memcpy (resolved, rpath, dest - rpath + 1) : rpath;	161	return resolved ? memcpy(resolved, rpath, dest - rpath + 1) : rpath;
173		162
174	error:	163	error:
175	if (resolved)	164	if (resolved)
176	strcpy (resolved, rpath);	165	strcpy(resolved, rpath);
177	else	166	else
178	free (rpath);	167	free(rpath);
179	return NULL;
180	}
181
182
183	char *
184	erealpath (const char name, char resolved)
185	{
186	if (resolved == NULL)
187	{
188	__set_errno (EINVAL);
189	return NULL;	168	return NULL;
190	}
191
192	return ecanonicalize (name, resolved);
193	}	169	}
194
195		170
196	// vim:expandtab noai:cindent ai	171	// vim:expandtab noai:cindent ai

Lines 2-7 Link Here

(-)ChangeLog (+16 lines)
2	# Copyright 2002 Gentoo Technologies, Inc.; Distributed under the GPL v2	2	# Copyright 2002 Gentoo Technologies, Inc.; Distributed under the GPL v2
3	# $Header: /home/cvsroot/gentoo-src/portage/src/sandbox-1.1/ChangeLog,v 1.17 2003/06/29 16:20:19 azarah Exp $	3	# $Header: /home/cvsroot/gentoo-src/portage/src/sandbox-1.1/ChangeLog,v 1.17 2003/06/29 16:20:19 azarah Exp $
4		4
		5	27 Jul 2003; Martin Schlemmer <azarah@gentoo.org> getcwd.c, libsandbox.c,
		6	sandbox_futils.c, canonicalize.c :
		7	Once again coreutils fails, as my systems had 2.5 kernel, the getcwd system
		8	call handled strings larger than PATH_MAX (bug #21766). It however does not
		9	work the same on 2.4 kernels.
		10
		11	To fix, I added the posix implementation of getcwd() (from glibc cvs) that
		12	do not need the system call. We use the default getcwd() function via a
		13	wrapper (egetcwd), and then lstat the returned path. If lstat fails, it
		14	means the current directory was removed, OR that the the system call for
		15	getcwd failed (curious is that it do not fail and return NULL or set
		16	errno, but rather just truncate the retured directory - usually from the
		17	start), and if so, we use the generic getcwd() function (__egetcwd). Note
		18	that we do not use the generic version all the time, as it calls lstat()
		19	a great number of times, and performance degrade much.
		20
5	29 Jun 2003; Martin Schlemmer <azarah@gentoo.org> create-localdecls,	21	29 Jun 2003; Martin Schlemmer <azarah@gentoo.org> create-localdecls,
6	libsandbox.c :	22	libsandbox.c :
7	Make sure SB_PATH_MAX will not wrap. Fix two possible memory leaks.	23	Make sure SB_PATH_MAX will not wrap. Fix two possible memory leaks.

Lines 22-28 Link Here

(-)Makefile (-6 / +3 lines)
22		24
23	all: $(TARGETS)	25	all: $(TARGETS)
24		26
25	sandbox: sandbox.o sandbox_futils.o	27	sandbox: sandbox.o sandbox_futils.o getcwd.c
26	$(CC) $^ -ldl -lc -o $@	28	$(CC) $^ -ldl -lc -o $@
27		29
28	sandbox.o: sandbox.c sandbox.h	30	sandbox.o: sandbox.c sandbox.h
Lines 31-44 Link Here
31	sandbox_futils.o: sandbox_futils.c sandbox.h	33	sandbox_futils.o: sandbox_futils.c sandbox.h
32	$(CC) $(CFLAGS) -Wall -c $(OBJ_DEFINES) sandbox_futils.c	34	$(CC) $(CFLAGS) -Wall -c $(OBJ_DEFINES) sandbox_futils.c
33		35
34	libsandbox.so: libsandbox.o sandbox_futils.o canonicalize.o	36	libsandbox.so: libsandbox.o sandbox_futils.o
35	$(CC) $^ -shared -fPIC -ldl -lc -o $@ -nostdlib -lgcc	37	$(CC) $^ -shared -fPIC -ldl -lc -o $@ -nostdlib -lgcc
36		38
37	libsandbox.o: libsandbox.c localdecls.h	39	libsandbox.o: libsandbox.c localdecls.h canonicalize.c getcwd.c
38	$(CC) $(CFLAGS) -Wall -c $(OBJ_DEFINES) libsandbox.c	40	$(CC) $(CFLAGS) -Wall -c $(OBJ_DEFINES) libsandbox.c
39
40	canonicalize.o: canonicalize.c localdecls.h
41	$(CC) $(CFLAGS) -Wall -c $(OBJ_DEFINES) canonicalize.c
42		41
43	localdecls.h: create-localdecls libctest.c	42	localdecls.h: create-localdecls libctest.c
44	./create-localdecls	43	./create-localdecls

Lines 38-44 Link Here

(-)sandbox.c (-48 / +79 lines)
38	int print_debug = 0;	38	int print_debug = 0;
39		39
40	/* Read pids file, and load active pids into an array. Return number of pids in array */	40	/* Read pids file, and load active pids into an array. Return number of pids in array */
41	int load_active_pids(int fd, int **pids)	41	int
		42	load_active_pids(int fd, int **pids)
42	{	43	{
43	char *data = NULL;	44	char *data = NULL;
44	char ptr = NULL, ptr2 = NULL;	45	char ptr = NULL, ptr2 = NULL;
Lines 51-57 Link Here
51	len = file_length(fd);	52	len = file_length(fd);
52		53
53	/* Allocate and zero datablock to read pids file */	54	/* Allocate and zero datablock to read pids file */
54	data = (char )malloc((len + 1)sizeof(char));	55	data = (char ) malloc((len + 1) sizeof (char));
55	memset(data, 0, len + 1);	56	memset(data, 0, len + 1);
56		57
57	/* Start at beginning of file */	58	/* Start at beginning of file */
Lines 76-82 Link Here
76		77
77	/* If the PID is still alive, add it to our array */	78	/* If the PID is still alive, add it to our array */
78	if ((0 != my_pid) && (0 == kill(my_pid, 0))) {	79	if ((0 != my_pid) && (0 == kill(my_pid, 0))) {
79	pids[0] = (int )realloc(pids[0], (num_pids + 1)sizeof(int));	80	pids[0] = (int ) realloc(pids[0], (num_pids + 1) sizeof (int));
80	pids[0][num_pids] = my_pid;	81	pids[0][num_pids] = my_pid;
81	num_pids++;	82	num_pids++;
82	}	83	}
Lines 93-99 Link Here
93	}	94	}
94		95
95	/* Read ld.so.preload file, and loads dirs into an array. Return number of entries in array */	96	/* Read ld.so.preload file, and loads dirs into an array. Return number of entries in array */
96	int load_preload_libs(int fd, char ***preloads)	97	int
		98	load_preload_libs(int fd, char ***preloads)
97	{	99	{
98	char *data = NULL;	100	char *data = NULL;
99	char ptr = NULL, ptr2 = NULL;	101	char ptr = NULL, ptr2 = NULL;
Lines 105-111 Link Here
105	len = file_length(fd);	107	len = file_length(fd);
106		108
107	/* Allocate and zero datablock to read pids file */	109	/* Allocate and zero datablock to read pids file */
108	data = (char )malloc((len + 1)sizeof(char));	110	data = (char ) malloc((len + 1) sizeof (char));
109	memset(data, 0, len + 1);	111	memset(data, 0, len + 1);
110		112
111	/* Start at beginning of file */	113	/* Start at beginning of file */
Lines 130-136 Link Here
130		132
131	/* If listing does not match our libname, add it to the array */	133	/* If listing does not match our libname, add it to the array */
132	if ((strlen(ptr)) && (NULL == strstr(ptr, LIB_NAME))) {	134	if ((strlen(ptr)) && (NULL == strstr(ptr, LIB_NAME))) {
133	preloads[0] = (char *)realloc(preloads[0], (num_entries + 1)sizeof(char **));	135	preloads[0] =
		136	(char *) realloc(preloads[0], (num_entries + 1) sizeof (char **));
134	preloads[0][num_entries] = strdup(ptr);	137	preloads[0][num_entries] = strdup(ptr);
135	num_entries++;	138	num_entries++;
136	}	139	}
Lines 149-156 Link Here
149	return num_entries;	152	return num_entries;
150	}	153	}
151		154
152		155	void
153	void cleanup()	156	cleanup()
154	{	157	{
155	int i = 0;	158	int i = 0;
156	int success = 1;	159	int success = 1;
Lines 211-220 Link Here
211	file_truncate(preload_file);	213	file_truncate(preload_file);
212		214
213	/* store the other preload libraries back into the /etc/ld.so.preload file */	215	/* store the other preload libraries back into the /etc/ld.so.preload file */
214	if(num_of_preloads > 0) {	216	if (num_of_preloads > 0) {
215	for (i = 0; i < num_of_preloads; i++) {	217	for (i = 0; i < num_of_preloads; i++) {
216	sprintf(preload_entry, "%s\n", preload_array[i]);	218	sprintf(preload_entry, "%s\n", preload_array[i]);
217	if (write(preload_file, preload_entry, strlen(preload_entry)) != strlen(preload_entry)) {	219	if (write
		220	(preload_file,
		221	preload_entry,
		222	strlen(preload_entry)) != strlen(preload_entry)) {
218	perror(">>> /etc/ld.so.preload file write");	223	perror(">>> /etc/ld.so.preload file write");
219	success = 0;	224	success = 0;
220	break;	225	break;
Lines 224-230 Link Here
224		229
225	/* Free memory used to store preload array */	230	/* Free memory used to store preload array */
226	for (i = 0; i < num_of_preloads; i++) {	231	for (i = 0; i < num_of_preloads; i++) {
227	if (preload_array[i]) free(preload_array[i]);	232	if (preload_array[i])
		233	free(preload_array[i]);
228	preload_array[i] = NULL;	234	preload_array[i] = NULL;
229	}	235	}
230	if (preload_array)	236	if (preload_array)
Lines 240-251 Link Here
240	file_truncate(pids_file);	246	file_truncate(pids_file);
241		247
242	/* if pids are still running, write only the running pids back to the file */	248	/* if pids are still running, write only the running pids back to the file */
243	if(num_of_pids > 1) {	249	if (num_of_pids > 1) {
244	for (i = 0; i < num_of_pids; i++) {	250	for (i = 0; i < num_of_pids; i++) {
245	if (pids_array[i] != getpid()) {	251	if (pids_array[i] != getpid()) {
246	sprintf(pid_string, "%d\n", pids_array[i]);	252	sprintf(pid_string, "%d\n", pids_array[i]);
247		253
248	if (write(pids_file, pid_string, strlen(pid_string)) != strlen(pid_string)) {	254	if (write(pids_file, pid_string, strlen(pid_string)) !=
		255	strlen(pid_string)) {
249	perror(">>> pids file write");	256	perror(">>> pids file write");
250	success = 0;	257	success = 0;
251	break;	258	break;
Lines 273-292 Link Here
273	return;	280	return;
274	}	281	}
275		282
276	void stop(int signum)	283	void
		284	stop(int signum)
277	{	285	{
278	printf("Caught signal %d\r\n", signum);	286	printf("Caught signal %d\r\n", signum);
279	cleanup();	287	cleanup();
280	}	288	}
281		289
282	void setenv_sandbox_write(char home_dir, char portage_tmp_dir, char var_tmp_dir, char tmp_dir)	290	void
		291	setenv_sandbox_write(char home_dir, char portage_tmp_dir, char *var_tmp_dir,
		292	char *tmp_dir)
283	{	293	{
284	char sandbox_write_var[1024];	294	char sandbox_write_var[1024];
285		295
286	if (!getenv(ENV_SANDBOX_WRITE)) {	296	if (!getenv(ENV_SANDBOX_WRITE)) {
287	/* these should go into make.globals later on */	297	/* these should go into make.globals later on */
288	strcpy(sandbox_write_var, "");	298	strcpy(sandbox_write_var, "");
289	strcat(sandbox_write_var, "/dev/zero:/dev/fd/:/dev/null:/dev/pts/:/dev/vc/:/dev/tty:/tmp/");	299	strcat(sandbox_write_var,
		300	"/dev/zero:/dev/fd/:/dev/null:/dev/pts/:/dev/vc/:/dev/tty:/tmp/");
290	strcat(sandbox_write_var, ":");	301	strcat(sandbox_write_var, ":");
291	/* NGPT support */	302	/* NGPT support */
292	strcat(sandbox_write_var, "/dev/shm/ngpt");	303	strcat(sandbox_write_var, "/dev/shm/ngpt");
Lines 349-356 Link Here
349	}	360	}
350	}	361	}
351		362
352		363	void
353	void setenv_sandbox_predict(char *home_dir)	364	setenv_sandbox_predict(char *home_dir)
354	{	365	{
355	char sandbox_predict_var[1024];	366	char sandbox_predict_var[1024];
356		367
Lines 369-375 Link Here
369	}	380	}
370	}	381	}
371		382
372	int print_sandbox_log(char *sandbox_log)	383	int
		384	print_sandbox_log(char *sandbox_log)
373	{	385	{
374	int sandbox_log_file = -1;	386	int sandbox_log_file = -1;
375	char *beep_count_env = NULL;	387	char *beep_count_env = NULL;
Lines 377-400 Link Here
377	long len = 0;	389	long len = 0;
378	char *buffer = NULL;	390	char *buffer = NULL;
379		391
380	sandbox_log_file=file_open(sandbox_log, "r", 0);	392	sandbox_log_file = file_open(sandbox_log, "r", 0);
381	if (-1 == sandbox_log_file)	393	if (-1 == sandbox_log_file)
382	return 0;	394	return 0;
383		395
384	len = file_length(sandbox_log_file);	396	len = file_length(sandbox_log_file);
385	buffer = (char )malloc((len + 1)sizeof(char));	397	buffer = (char ) malloc((len + 1) sizeof (char));
386	memset(buffer, 0, len + 1);	398	memset(buffer, 0, len + 1);
387	read(sandbox_log_file, buffer, len);	399	read(sandbox_log_file, buffer, len);
388	file_close(sandbox_log_file);	400	file_close(sandbox_log_file);
389		401
390	printf("\e[31;01m--------------------------- ACCESS VIOLATION SUMMARY ---------------------------\033[0m\n");	402	printf
		403	("\e[31;01m--------------------------- ACCESS VIOLATION SUMMARY ---------------------------\033[0m\n");
391	printf("\e[31;01mLOG FILE = \"%s\"\033[0m\n", sandbox_log);	404	printf("\e[31;01mLOG FILE = \"%s\"\033[0m\n", sandbox_log);
392	printf("\n");	405	printf("\n");
393	printf("%s", buffer);	406	printf("%s", buffer);
394	if (buffer)	407	if (buffer)
395	free(buffer);	408	free(buffer);
396	buffer = NULL;	409	buffer = NULL;
397	printf("\e[31;01m--------------------------------------------------------------------------------\033[0m\n");	410	printf
		411	("\e[31;01m--------------------------------------------------------------------------------\033[0m\n");
398		412
399	beep_count_env = getenv(ENV_SANDBOX_BEEP);	413	beep_count_env = getenv(ENV_SANDBOX_BEEP);
400	if (beep_count_env)	414	if (beep_count_env)
Lines 404-416 Link Here
404		418
405	for (i = 0; i < beep_count; i++) {	419	for (i = 0; i < beep_count; i++) {
406	fputc('\a', stderr);	420	fputc('\a', stderr);
407	if (i < beep_count -1)	421	if (i < beep_count - 1)
408	sleep(1);	422	sleep(1);
409	}	423	}
410	return 1;	424	return 1;
411	}	425	}
412		426
413	int spawn_shell(char *argv_bash[])	427	int
		428	spawn_shell(char *argv_bash[])
414	{	429	{
415	#ifdef USE_SYSTEM_SHELL	430	#ifdef USE_SYSTEM_SHELL
416	int i = 0;	431	int i = 0;
Lines 424-430 Link Here
424	break;	439	break;
425	if (NULL != sh)	440	if (NULL != sh)
426	len = strlen(sh);	441	len = strlen(sh);
427	sh = (char *)realloc(sh, len+strlen(argv_bash[i]) + 5);	442	sh = (char *) realloc(sh, len + strlen(argv_bash[i]) + 5);
428	if (first) {	443	if (first) {
429	sh[0] = 0;	444	sh[0] = 0;
430	first = 0;	445	first = 0;
Lines 471-477 Link Here
471	#endif	486	#endif
472	}	487	}
473		488
474	int main(int argc, char** argv)	489	int
		490	main(int argc, char **argv)
475	{	491	{
476	int i = 0, success = 1;	492	int i = 0, success = 1;
477	#ifdef USE_LD_SO_PRELOAD	493	#ifdef USE_LD_SO_PRELOAD
Lines 510-520 Link Here
510	print_debug = 1;	526	print_debug = 1;
511		527
512	if (print_debug)	528	if (print_debug)
513	printf("========================== Gentoo linux path sandbox ===========================\n");	529	printf
		530	("========================== Gentoo linux path sandbox ===========================\n");
514		531
515	/* check if a sandbox is already running */	532	/* check if a sandbox is already running */
516	if (NULL != getenv(ENV_SANDBOX_ON)) {	533	if (NULL != getenv(ENV_SANDBOX_ON)) {
517	fprintf(stderr, "Not launching a new sandbox instance\nAnother one is already running in this process hierarchy.\n");	534	fprintf(stderr,
		535	"Not launching a new sandbox instance\nAnother one is already running in this process hierarchy.\n");
518	exit(1);	536	exit(1);
519	} else {	537	} else {
520		538
Lines 549-561 Link Here
549	printf("Verification of the required files.\n");	567	printf("Verification of the required files.\n");
550		568
551	if (file_exist(sandbox_lib, 0) <= 0) {	569	if (file_exist(sandbox_lib, 0) <= 0) {
552	fprintf(stderr, "Could not open the sandbox library at '%s'.\n", sandbox_lib);	570	fprintf(stderr, "Could not open the sandbox library at '%s'.\n",
		571	sandbox_lib);
553	return -1;	572	return -1;
554	} else if (file_exist(sandbox_rc, 0) <= 0) {	573	} else if (file_exist(sandbox_rc, 0) <= 0) {
555	fprintf(stderr, "Could not open the sandbox rc file at '%s'.\n", sandbox_rc);	574	fprintf(stderr, "Could not open the sandbox rc file at '%s'.\n",
		575	sandbox_rc);
556	return -1;	576	return -1;
557	}	577	}
558
559	#ifdef USE_LD_SO_PRELOAD	578	#ifdef USE_LD_SO_PRELOAD
560	/* ensure that the /etc/ld.so.preload file contains an entry for the sandbox lib */	579	/* ensure that the /etc/ld.so.preload file contains an entry for the sandbox lib */
561	if (print_debug)	580	if (print_debug)
Lines 569-575 Link Here
569		588
570	if (getuid() == 0) {	589	if (getuid() == 0) {
571	/* Our r+ also will create the file if it doesn't exist */	590	/* Our r+ also will create the file if it doesn't exist */
572	preload_file=file_open("/etc/ld.so.preload", "r+", 1, 0644);	591	preload_file = file_open("/etc/ld.so.preload", "r+", 1, 0644);
573	if (-1 == preload_file) {	592	if (-1 == preload_file) {
574	preload_adaptable = 0;	593	preload_adaptable = 0;
575	/* exit(1);*/	594	/* exit(1);*/
Lines 591-604 Link Here
591	for (i = 0; i < num_of_preloads + 1; i++) {	610	for (i = 0; i < num_of_preloads + 1; i++) {
592	/* First entry should be our sandbox library */	611	/* First entry should be our sandbox library */
593	if (0 == i) {	612	if (0 == i) {
594	if (write(preload_file, sandbox_lib, strlen(sandbox_lib)) != strlen(sandbox_lib)) {	613	if (write
		614	(preload_file, sandbox_lib,
		615	strlen(sandbox_lib)) != strlen(sandbox_lib)) {
595	perror(">>> /etc/ld.so.preload file write");	616	perror(">>> /etc/ld.so.preload file write");
596	success = 0;	617	success = 0;
597	break;	618	break;
598	}	619	}
599	} else {	620	} else {
600	/* Output all other preload entries */	621	/* Output all other preload entries */
601	if (write(preload_file, preload_array[i - 1], strlen(preload_array[i - 1])) != strlen(preload_array[i - 1])) {	622	if (write
		623	(preload_file, preload_array[i - 1],
		624	strlen(preload_array[i - 1])) != strlen(preload_array[i - 1])) {
602	perror(">>> /etc/ld.so.preload file write");	625	perror(">>> /etc/ld.so.preload file write");
603	success = 0;	626	success = 0;
604	break;	627	break;
Lines 634-640 Link Here
634	printf("Setting up the required environment variables.\n");	657	printf("Setting up the required environment variables.\n");
635		658
636	/* Generate sandbox log full path */	659	/* Generate sandbox log full path */
637	tmp_string=get_sandbox_log();	660	tmp_string = get_sandbox_log();
638	strncpy(sandbox_log, tmp_string, 254);	661	strncpy(sandbox_log, tmp_string, 254);
639	if (tmp_string)	662	if (tmp_string)
640	free(tmp_string);	663	free(tmp_string);
Lines 642-648 Link Here
642		665
643	setenv(ENV_SANDBOX_LOG, sandbox_log, 1);	666	setenv(ENV_SANDBOX_LOG, sandbox_log, 1);
644		667
645	snprintf(sandbox_debug_log, 254, "%s%s%s", DEBUG_LOG_FILE_PREFIX, pid_string, LOG_FILE_EXT);	668	snprintf(sandbox_debug_log, 254, "%s%s%s",
		669	DEBUG_LOG_FILE_PREFIX, pid_string, LOG_FILE_EXT);
646	setenv(ENV_SANDBOX_DEBUG_LOG, sandbox_debug_log, 1);	670	setenv(ENV_SANDBOX_DEBUG_LOG, sandbox_debug_log, 1);
647		671
648	home_dir = getenv("HOME");	672	home_dir = getenv("HOME");
Lines 656-664 Link Here
656	* this, access is denied to /var/tmp, hurtin' ebuilds.	680	* this, access is denied to /var/tmp, hurtin' ebuilds.
657	*/	681	*/
658		682
659	realpath(getenv("PORTAGE_TMPDIR"),portage_tmp_dir);	683	realpath(getenv("PORTAGE_TMPDIR"), portage_tmp_dir);
660	realpath("/var/tmp",var_tmp_dir);	684	realpath("/var/tmp", var_tmp_dir);
661	realpath("/tmp",tmp_dir);	685	realpath("/tmp", tmp_dir);
662		686
663	setenv(ENV_SANDBOX_DIR, sandbox_dir, 1);	687	setenv(ENV_SANDBOX_DIR, sandbox_dir, 1);
664	setenv(ENV_SANDBOX_LIB, sandbox_lib, 1);	688	setenv(ENV_SANDBOX_LIB, sandbox_lib, 1);
Lines 680-686 Link Here
680	if (NULL != portage_tmp_dir)	704	if (NULL != portage_tmp_dir)
681	chdir(portage_tmp_dir);	705	chdir(portage_tmp_dir);
682		706
683	argv_bash=(char *)malloc(6 sizeof(char *));	707	argv_bash = (char *) malloc(6 sizeof (char *));
684	argv_bash[0] = strdup("/bin/bash");	708	argv_bash[0] = strdup("/bin/bash");
685	argv_bash[1] = strdup("-rcfile");	709	argv_bash[1] = strdup("-rcfile");
686	argv_bash[2] = strdup(sandbox_rc);	710	argv_bash[2] = strdup(sandbox_rc);
Lines 694-706 Link Here
694	argv_bash[5] = NULL;	718	argv_bash[5] = NULL;
695		719
696	if (argc >= 2) {	720	if (argc >= 2) {
697	for (i = 1; i< argc; i++) {	721	for (i = 1; i < argc; i++) {
698	if (NULL == argv_bash[4])	722	if (NULL == argv_bash[4])
699	len = 0;	723	len = 0;
700	else	724	else
701	len = strlen(argv_bash[4]);	725	len = strlen(argv_bash[4]);
702		726
703	argv_bash[4]=(char )realloc(argv_bash[4], (len + strlen(argv[i]) + 2) sizeof(char));	727	argv_bash[4] =
		728	(char *) realloc(argv_bash[4],
		729	(len + strlen(argv[i]) + 2) * sizeof (char));
704		730
705	if (0 == len)	731	if (0 == len)
706	argv_bash[4][0] = 0;	732	argv_bash[4][0] = 0;
Lines 711-717 Link Here
711	}	737	}
712	}	738	}
713	#if 0	739	#if 0
714	char* argv_bash[] = {	740	char *argv_bash[] = {
715	"/bin/bash",	741	"/bin/bash",
716	"-rcfile",	742	"-rcfile",
717	NULL,	743	NULL,
Lines 773-779 Link Here
773	else	799	else
774	sprintf(pid_string, "%d\n", pids_array[i]);	800	sprintf(pid_string, "%d\n", pids_array[i]);
775		801
776	if (write(pids_file, pid_string, strlen(pid_string)) != strlen(pid_string)) {	802	if (write(pids_file, pid_string, strlen(pid_string)) !=
		803	strlen(pid_string)) {
777	perror(">>> pids file write");	804	perror(">>> pids file write");
778	success = 0;	805	success = 0;
779	break;	806	break;
Lines 798-804 Link Here
798	/* STARTING PROTECTED ENVIRONMENT */	825	/* STARTING PROTECTED ENVIRONMENT */
799	if (print_debug) {	826	if (print_debug) {
800	printf("The protected environment has been started.\n");	827	printf("The protected environment has been started.\n");
801	printf("--------------------------------------------------------------------------------\n");	828	printf
		829	("--------------------------------------------------------------------------------\n");
802	}	830	}
803		831
804	if (print_debug)	832	if (print_debug)
Lines 827-833 Link Here
827	cleanup();	855	cleanup();
828		856
829	if (print_debug) {	857	if (print_debug) {
830	printf("========================== Gentoo linux path sandbox ===========================\n");	858	printf
		859	("========================== Gentoo linux path sandbox ===========================\n");
831	printf("The protected environment has been shut down.\n");	860	printf("The protected environment has been shut down.\n");
832	}	861	}
833		862
Lines 844-850 Link Here
844		873
845	sandbox_log_file = -1;	874	sandbox_log_file = -1;
846	} else if (print_debug) {	875	} else if (print_debug) {
847	printf("--------------------------------------------------------------------------------\n");	876	printf
		877	("--------------------------------------------------------------------------------\n");
848	}	878	}
849		879
850	if ((sandbox_log_presence) \|\| (!success))	880	if ((sandbox_log_presence) \|\| (!success))

Lines 26-33 Link Here

(-)sandbox_futils.c (-38 / +60 lines)
26		26
27	#include "sandbox.h"	27	#include "sandbox.h"
28		28
		29	/* glibc modified getcwd() functions */
		30	char egetcwd(char , size_t);
29		31
30	char get_sandbox_path(char argv0)	32	char *
		33	get_sandbox_path(char *argv0)
31	{	34	{
32	char path[255];	35	char path[255];
33	char *cwd = NULL;	36	char *cwd = NULL;
Lines 38-54 Link Here
38		41
39	/* ARGV[0] specifies relative path */	42	/* ARGV[0] specifies relative path */
40	} else {	43	} else {
41	getcwd(cwd, 253);	44	egetcwd(cwd, 253);
42	sprintf(path, "%s/%s", cwd, argv0);	45	sprintf(path, "%s/%s", cwd, argv0);
43	if (cwd) free(cwd);	46	if (cwd)
		47	free(cwd);
44	cwd = NULL;	48	cwd = NULL;
45	}	49	}
46		50
47	/* Return just directory */	51	/* Return just directory */
48	return(sb_dirname(path));	52	return (sb_dirname(path));
49	}	53	}
50		54
51	char get_sandbox_lib(char sb_path)	55	char *
		56	get_sandbox_lib(char *sb_path)
52	{	57	{
53	char path[255];	58	char path[255];
54		59
Lines 56-65 Link Here
56	if (file_exist(path, 0) <= 0) {	61	if (file_exist(path, 0) <= 0) {
57	snprintf(path, 254, "%s%s", sb_path, LIB_NAME);	62	snprintf(path, 254, "%s%s", sb_path, LIB_NAME);
58	}	63	}
59	return(strdup(path));	64	return (strdup(path));
60	}	65	}
61		66
62	char get_sandbox_rc(char sb_path)	67	char *
		68	get_sandbox_rc(char *sb_path)
63	{	69	{
64	char path[255];	70	char path[255];
65		71
Lines 67-76 Link Here
67	if (file_exist(path, 0) <= 0) {	73	if (file_exist(path, 0) <= 0) {
68	snprintf(path, 254, "%s%s", sb_path, BASHRC_NAME);	74	snprintf(path, 254, "%s%s", sb_path, BASHRC_NAME);
69	}	75	}
70	return(strdup(path));	76	return (strdup(path));
71	}	77	}
72		78
73	char *get_sandbox_log()	79	char *
		80	get_sandbox_log()
74	{	81	{
75	char path[255];	82	char path[255];
76	char pid_string[20];	83	char pid_string[20];
Lines 86-96 Link Here
86	}	93	}
87	strcat(path, pid_string);	94	strcat(path, pid_string);
88	strcat(path, LOG_FILE_EXT);	95	strcat(path, LOG_FILE_EXT);
89	return(strdup(path));	96	return (strdup(path));
90	}	97	}
91		98
92	/* Obtain base directory name. Do not allow trailing / */	99	/* Obtain base directory name. Do not allow trailing / */
93	char sb_dirname(const char path)	100	char *
		101	sb_dirname(const char *path)
94	{	102	{
95	char *ret = NULL;	103	char *ret = NULL;
96	char *ptr = NULL;	104	char *ptr = NULL;
Lines 98-116 Link Here
98	int cut_len = -1;	106	int cut_len = -1;
99		107
100	/* don't think NULL will ever be passed, but just in case */	108	/* don't think NULL will ever be passed, but just in case */
101	if (NULL == path) return(strdup("."));	109	if (NULL == path)
		110	return (strdup("."));
102		111
103	/* Grab pointer to last slash */	112	/* Grab pointer to last slash */
104	ptr = strrchr(path, '/');	113	ptr = strrchr(path, '/');
105	if (NULL == ptr) {	114	if (NULL == ptr) {
106	return(strdup("."));	115	return (strdup("."));
107	}	116	}
108		117
109	/* decimal location of pointer */	118	/* decimal location of pointer */
110	loc = ptr - path;	119	loc = ptr - path;
111		120
112	/* Remove any trailing slash */	121	/* Remove any trailing slash */
113	for (i = loc-1; i >= 0; i--) {	122	for (i = loc - 1; i >= 0; i--) {
114	if (path[i] != '/') {	123	if (path[i] != '/') {
115	cut_len = i + 1; /* make cut_len the length of the string to keep */	124	cut_len = i + 1; /* make cut_len the length of the string to keep */
116	break;	125	break;
Lines 118-131 Link Here
118	}	127	}
119		128
120	/* It could have been just a plain /, return a 1byte 0 filled string */	129	/* It could have been just a plain /, return a 1byte 0 filled string */
121	if (-1 == cut_len) return(strdup(""));	130	if (-1 == cut_len)
		131	return (strdup(""));
122		132
123	/* Allocate memory, and return the directory */	133	/* Allocate memory, and return the directory */
124	ret = (char )malloc((cut_len + 1) sizeof(char));	134	ret = (char ) malloc((cut_len + 1) sizeof (char));
125	memcpy(ret, path, cut_len);	135	memcpy(ret, path, cut_len);
126	ret[cut_len] = 0;	136	ret[cut_len] = 0;
127		137
128	return(ret);	138	return (ret);
129	}	139	}
130		140
131	/*	141	/*
Lines 153-159 Link Here
153	}*/	163	}*/
154		164
155	/* Convert text (string) modes to integer values */	165	/* Convert text (string) modes to integer values */
156	int file_getmode(char *mode)	166	int
		167	file_getmode(char *mode)
157	{	168	{
158	int mde = 0;	169	int mde = 0;
159	if (0 == strcasecmp(mode, "r+")) {	170	if (0 == strcasecmp(mode, "r+")) {
Lines 171-187 Link Here
171	} else {	182	} else {
172	mde = O_RDONLY;	183	mde = O_RDONLY;
173	}	184	}
174	return(mde);	185	return (mde);
175	}	186	}
176		187
177	/* Get current position in file */	188	/* Get current position in file */
178	long file_tell(int fp)	189	long
		190	file_tell(int fp)
179	{	191	{
180	return(lseek(fp, 0L, SEEK_CUR));	192	return (lseek(fp, 0L, SEEK_CUR));
181	}	193	}
182		194
183	/* lock the file, preferrably the POSIX way */	195	/* lock the file, preferrably the POSIX way */
184	int file_lock(int fd, int lock, char *filename)	196	int
		197	file_lock(int fd, int lock, char *filename)
185	{	198	{
186	int err;	199	int err;
187	#ifdef USE_FLOCK	200	#ifdef USE_FLOCK
Lines 207-213 Link Here
207	}	220	}
208		221
209	/* unlock the file, preferrably the POSIX way */	222	/* unlock the file, preferrably the POSIX way */
210	int file_unlock(int fd)	223	int
		224	file_unlock(int fd)
211	{	225	{
212	#ifdef USE_FLOCK	226	#ifdef USE_FLOCK
213	if (flock(fd, LOCK_UN) < 0) {	227	if (flock(fd, LOCK_UN) < 0) {
Lines 232-254 Link Here
232	/* Auto-determine from how the file was opened, what kind of lock to lock	246	/* Auto-determine from how the file was opened, what kind of lock to lock
233	* the file with	247	* the file with
234	*/	248	*/
235	int file_locktype(char *mode)	249	int
		250	file_locktype(char *mode)
236	{	251	{
237	#ifdef USE_FLOCK	252	#ifdef USE_FLOCK
238	if (NULL != (strchr(mode, 'w')) \|\| (NULL != strchr(mode, '+')) \|\| (NULL != strchr(mode, 'a')))	253	if (NULL != (strchr(mode, 'w')) \|\| (NULL != strchr(mode, '+'))
239	return(LOCK_EX);	254	\|\| (NULL != strchr(mode, 'a')))
240	return(LOCK_SH);	255	return (LOCK_EX);
		256	return (LOCK_SH);
241	#else	257	#else
242	if (NULL != (strchr(mode, 'w')) \|\| (NULL != strchr(mode, '+')) \|\| (NULL != strchr(mode, 'a')))	258	if (NULL != (strchr(mode, 'w')) \|\| (NULL != strchr(mode, '+'))
243	return(F_WRLCK);	259	\|\| (NULL != strchr(mode, 'a')))
244	return(F_RDLCK);	260	return (F_WRLCK);
		261	return (F_RDLCK);
245	#endif	262	#endif
246	}	263	}
247		264
248	/* Use standard fopen style modes to open the specified file. Also auto-determines and	265	/* Use standard fopen style modes to open the specified file. Also auto-determines and
249	* locks the file either in shared or exclusive mode depending on opening mode	266	* locks the file either in shared or exclusive mode depending on opening mode
250	*/	267	*/
251	int file_open(char filename, char mode, int perm_specified, ...)	268	int
		269	file_open(char filename, char mode, int perm_specified, ...)
252	{	270	{
253	int fd;	271	int fd;
254	char error[250];	272	char error[250];
Lines 268-274 Link Here
268	if (-1 == fd) {	286	if (-1 == fd) {
269	snprintf(error, 249, ">>> %s file mode: %s open", filename, mode);	287	snprintf(error, 249, ">>> %s file mode: %s open", filename, mode);
270	perror(error);	288	perror(error);
271	return(fd);	289	return (fd);
272	}	290	}
273	/* Only lock the file if opening succeeded */	291	/* Only lock the file if opening succeeded */
274	if (-1 != fd) {	292	if (-1 != fd) {
Lines 280-290 Link Here
280	snprintf(error, 249, ">>> %s file mode:%s open", filename, mode);	298	snprintf(error, 249, ">>> %s file mode:%s open", filename, mode);
281	perror(error);	299	perror(error);
282	}	300	}
283	return(fd);	301	return (fd);
284	}	302	}
285		303
286	/* Close and unlock file */	304	/* Close and unlock file */
287	void file_close(int fd)	305	void
		306	file_close(int fd)
288	{	307	{
289	if (-1 != fd) {	308	if (-1 != fd) {
290	file_unlock(fd);	309	file_unlock(fd);
Lines 293-309 Link Here
293	}	312	}
294		313
295	/* Return length of file */	314	/* Return length of file */
296	long file_length(int fd)	315	long
		316	file_length(int fd)
297	{	317	{
298	long pos, len;	318	long pos, len;
299	pos = file_tell(fd);	319	pos = file_tell(fd);
300	len = lseek(fd, 0L, SEEK_END);	320	len = lseek(fd, 0L, SEEK_END);
301	lseek(fd, pos, SEEK_SET);	321	lseek(fd, pos, SEEK_SET);
302	return(len);	322	return (len);
303	}	323	}
304		324
305	/* Zero out file */	325	/* Zero out file */
306	int file_truncate(int fd)	326	int
		327	file_truncate(int fd)
307	{	328	{
308	lseek(fd, 0L, SEEK_SET);	329	lseek(fd, 0L, SEEK_SET);
309	if (ftruncate(fd, 0) < 0) {	330	if (ftruncate(fd, 0) < 0) {
Lines 314-320 Link Here
314	}	335	}
315		336
316	/* Check to see if a file exists Return: 1 success, 0 file not found, -1 error */	337	/* Check to see if a file exists Return: 1 success, 0 file not found, -1 error */
317	int file_exist(char *filename, int checkmode)	338	int
		339	file_exist(char *filename, int checkmode)
318	{	340	{
319	struct stat mystat;	341	struct stat mystat;
320		342