Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 592750 - sys-apps/sandbox: forces itself into LD_PRELOAD when explicitly disabled
Summary: sys-apps/sandbox: forces itself into LD_PRELOAD when explicitly disabled
Status: RESOLVED FIXED
Alias: None
Product: Portage Development
Classification: Unclassified
Component: Sandbox (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Sandbox Maintainers
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-09-03 06:00 UTC by Michał Górny
Modified: 2018-02-19 16:21 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2016-09-03 06:00:20 UTC
Preloading sandbox breaks ASAN tests in compiler-rt, so I'd like to disable it. However, no matter how hard I try this malware puts itself back in LD_PRELOAD...

Please make it stop altering environment when explicitly disabled via SANDBOX_ON=0.
Comment 1 Larry the Git Cow gentoo-dev 2018-02-18 21:32:33 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=1b0f7b0d035a10ba172b659abbe425c8523bdb96

commit 1b0f7b0d035a10ba172b659abbe425c8523bdb96
Author:     Michał Górny <mgorny@gentoo.org>
AuthorDate: 2018-02-12 18:14:07 +0000
Commit:     Michał Górny <mgorny@gentoo.org>
CommitDate: 2018-02-12 19:05:27 +0000

    Disable environment propagation if sandbox is disabled
    
    Do not enforce restoring sandbox variables in the environment if sandbox
    is explicitly disabled. This makes it possible to set SANDBOX_ON=0
    and then unset LD_PRELOAD without having to resort to ugly hacks to
    prevent sandbox from restoring itself.
    
    The only limitation is that if user sets SANDBOX_ON=0 first, then wipes
    the environment, he will no longer be able to reenable sandbox via doing
    SANDBOX_ON=1. However, it is rather unlikely that such a thing would
    need to happen in real use.
    
    Bug: https://bugs.gentoo.org/592750

 libsandbox/libsandbox.c | 5 +++++
 1 file changed, 5 insertions(+)}
Comment 2 Larry the Git Cow gentoo-dev 2018-02-19 16:21:43 UTC
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=db22543396bba4574c1be797f502c5d535279174

commit db22543396bba4574c1be797f502c5d535279174
Author:     Michał Górny <mgorny@gentoo.org>
AuthorDate: 2018-02-19 15:57:51 +0000
Commit:     Michał Górny <mgorny@gentoo.org>
CommitDate: 2018-02-19 16:21:36 +0000

    sys-apps/sandbox: Bump to 2.13
    
    Closes: https://bugs.gentoo.org/592750

 sys-apps/sandbox/Manifest            |  1 +
 sys-apps/sandbox/sandbox-2.13.ebuild | 76 ++++++++++++++++++++++++++++++++++++
 2 files changed, 77 insertions(+)