.p@h tmp 0$ sandbox /bin/bash --version * ACCESS DENIED: open_wr: /dev/tty * ACCESS DENIED: open_wr: /dev/pts/4 * ACCESS DENIED: open_rd: /usr/share/sandbox/sandbox.bashrc /bin/bash: /usr/share/sandbox/sandbox.bashrc: Permission denied * ACCESS DENIED: execve: /bin/bash * ACCESS DENIED: open_rd: /bin/bash /bin/bash: /bin/bash: Permission denied * --------------------------- ACCESS VIOLATION SUMMARY --------------------------- * LOG FILE: "/tmp/sandbox-6855.log" * VERSION 1.0 FORMAT: F - Function called FORMAT: S - Access Status FORMAT: P - Path as passed to function FORMAT: A - Absolute Path (not canonical) FORMAT: R - Canonical Path FORMAT: C - Command Line F: open_wr S: deny P: /dev/tty A: /dev/tty R: /dev/tty C: /bin/bash -rcfile /usr/share/sandbox/sandbox.bashrc -c /bin/bash --version F: open_wr S: deny P: /dev/pts/4 A: /dev/pts/4 R: /dev/pts/4 C: /bin/bash -rcfile /usr/share/sandbox/sandbox.bashrc -c /bin/bash --version F: open_rd S: deny P: /usr/share/sandbox/sandbox.bashrc A: /usr/share/sandbox/sandbox.bashrc R: /usr/share/sandbox/sandbox.bashrc C: /bin/bash -rcfile /usr/share/sandbox/sandbox.bashrc -c /bin/bash --version F: execve S: deny P: /bin/bash A: /bin/bash R: /bin/bash C: /bin/bash -rcfile /usr/share/sandbox/sandbox.bashrc -c /bin/bash --version F: open_rd S: deny P: /bin/bash A: /bin/bash R: /bin/bash C: /bin/bash -rcfile /usr/share/sandbox/sandbox.bashrc -c /bin/bash --version * -------------------------------------------------------------------------------- .p@h tmp 0$ ls -l /dev/tty /usr/share/sandbox/sandbox.bashrc /bin/bash -rwxr-xr-x 1 root root 774472 Mar 8 16:04 /bin/bash crw-rw-rw- 1 root tty 5, 0 Mar 8 11:37 /dev/tty -rw-r--r-- 1 root root 3792 Mar 8 15:53 /usr/share/sandbox/sandbox.bashrc Reproducible: Always
Created attachment 690036 [details] /etc/sandbox.conf
Please include the full build.log, emerge--info, and the sandbox log referenced.
Created attachment 690039 [details] strace -o s -f -y -k sandbox /bin/bash --version
Created attachment 690060 [details] sandbox build log
Created attachment 690063 [details] build log
Created attachment 690066 [details] emerge --info
Created attachment 690069 [details] sandbox.log
Created attachment 690084 [details] valgrind
Created attachment 690087 [details] valgrind -s //just in case
Created attachment 690090 [details] build log // empty ldflags
> sh sys-apps/busybox 1.33.0 If you switch shell to 'bash' and rebuild sandbox does it change the behaviour? > configure: loading cache /var/tmp/portage/sys-apps/sandbox-2.20/work/conf.cache Where does it come from? At least 'install' tool and toolchain files are detected at different paths than on a default system.
sandbox's ELF file is destroyed by Makefile.am's sed against the binary: install-exec-hook: set -e ; \ for f in $(bindir)/sandbox $(libdir)/libsandbox.so ; do \ sed -i.tmp \ 's:__SANDBOX_TESTING:\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00:' \ $(DESTDIR)$$f ; \ rm -f $(DESTDIR)$$f.tmp ; \ done bash: $ echo -n __SANDBOX_TESTING | sed 's:__SANDBOX_TESTING:\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00:' | hexdump -C 00000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00000010 00 |.| 00000011 busybox sh: $ echo -n __SANDBOX_TESTING | sed 's:__SANDBOX_TESTING:\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00:' | hexdump -C 00000000 78 30 30 78 30 30 78 30 30 78 30 30 78 30 30 78 |x00x00x00x00x00x| 00000010 30 30 78 30 30 78 30 30 78 30 30 78 30 30 78 30 |00x00x00x00x00x0| 00000020 30 78 30 30 78 30 30 78 30 30 78 30 30 78 30 30 |0x00x00x00x00x00| 00000030 78 30 30 |x00| 00000033
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=2b304d8ee40c38023411a3ea184c29ad5a1f8070 commit 2b304d8ee40c38023411a3ea184c29ad5a1f8070 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2021-05-04 07:53:23 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2021-05-04 07:53:23 +0000 Makefile.am: don't mangle final binary with sed In bug #774861 pash found out that /bin/sh -> busybox produces invalid `sandbox` binary. It happens because `busybox sed` does not implement hex escape insertions, like: $ printf "a" | gnu-sed 's/a/\x00/' | hexdump -C 00000000 00 |.| $ printf "a" | busybox sed 's/a/\x00/' | hexdump -C 00000000 78 30 30 |x00| The change exposes `__SANDBOX_TESTING` variable to external users. Reported-by: pash Bug: https://bugs.gentoo.org/774861 Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org> Makefile.am | 9 --------- 1 file changed, 9 deletions(-)
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c561570e4684ae6abc41b272519a5cbc32c13a08 commit c561570e4684ae6abc41b272519a5cbc32c13a08 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2021-05-04 22:08:56 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2021-05-04 22:14:21 +0000 sys-apps/sandbox: bump up to 2.24 Main change is removal of binary mangling to remove `__SANDBOX_TESTING` handling in final result. Reported-by: pash Closes: https://bugs.gentoo.org/774861 Package-Manager: Portage-3.0.18, Repoman-3.0.3 Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org> sys-apps/sandbox/Manifest | 1 + sys-apps/sandbox/sandbox-2.24.ebuild | 54 ++++++++++++++++++++++++++++++++++++ 2 files changed, 55 insertions(+)