? coreutils-fix.patch ? sandbox-getcwd-fix.patch Index: ChangeLog =================================================================== RCS file: /home/cvsroot/gentoo-src/portage/src/sandbox-1.1/ChangeLog,v retrieving revision 1.17 diff -u -b -B -r1.17 ChangeLog --- ChangeLog 29 Jun 2003 16:20:19 -0000 1.17 +++ ChangeLog 27 Jul 2003 12:22:31 -0000 @@ -2,6 +2,22 @@ # Copyright 2002 Gentoo Technologies, Inc.; Distributed under the GPL v2 # $Header: /home/cvsroot/gentoo-src/portage/src/sandbox-1.1/ChangeLog,v 1.17 2003/06/29 16:20:19 azarah Exp $ + 27 Jul 2003; Martin Schlemmer getcwd.c, libsandbox.c, + sandbox_futils.c, canonicalize.c : + Once again coreutils fails, as my systems had 2.5 kernel, the getcwd system + call handled strings larger than PATH_MAX (bug #21766). It however does not + work the same on 2.4 kernels. + + To fix, I added the posix implementation of getcwd() (from glibc cvs) that + do not need the system call. We use the default getcwd() function via a + wrapper (egetcwd), and then lstat the returned path. If lstat fails, it + means the current directory was removed, OR that the the system call for + getcwd failed (curious is that it do not fail and return NULL or set + errno, but rather just truncate the retured directory - usually from the + start), and if so, we use the generic getcwd() function (__egetcwd). Note + that we do not use the generic version all the time, as it calls lstat() + a great number of times, and performance degrade much. + 29 Jun 2003; Martin Schlemmer create-localdecls, libsandbox.c : Make sure SB_PATH_MAX will not wrap. Fix two possible memory leaks. Index: Makefile =================================================================== RCS file: /home/cvsroot/gentoo-src/portage/src/sandbox-1.1/Makefile,v retrieving revision 1.4 diff -u -b -B -r1.4 Makefile --- Makefile 22 Jun 2003 20:01:20 -0000 1.4 +++ Makefile 27 Jul 2003 12:22:31 -0000 @@ -22,7 +24,7 @@ all: $(TARGETS) -sandbox: sandbox.o sandbox_futils.o +sandbox: sandbox.o sandbox_futils.o getcwd.c $(CC) $^ -ldl -lc -o $@ sandbox.o: sandbox.c sandbox.h @@ -31,14 +33,11 @@ sandbox_futils.o: sandbox_futils.c sandbox.h $(CC) $(CFLAGS) -Wall -c $(OBJ_DEFINES) sandbox_futils.c -libsandbox.so: libsandbox.o sandbox_futils.o canonicalize.o +libsandbox.so: libsandbox.o sandbox_futils.o $(CC) $^ -shared -fPIC -ldl -lc -o $@ -nostdlib -lgcc -libsandbox.o: libsandbox.c localdecls.h +libsandbox.o: libsandbox.c localdecls.h canonicalize.c getcwd.c $(CC) $(CFLAGS) -Wall -c $(OBJ_DEFINES) libsandbox.c - -canonicalize.o: canonicalize.c localdecls.h - $(CC) $(CFLAGS) -Wall -c $(OBJ_DEFINES) canonicalize.c localdecls.h: create-localdecls libctest.c ./create-localdecls Index: canonicalize.c =================================================================== RCS file: /home/cvsroot/gentoo-src/portage/src/sandbox-1.1/canonicalize.c,v retrieving revision 1.3 diff -u -b -B -r1.3 canonicalize.c --- canonicalize.c 22 Jun 2003 20:01:20 -0000 1.3 +++ canonicalize.c 27 Jul 2003 12:22:33 -0000 @@ -1,5 +1,5 @@ /* Return the canonical absolute name of a given file. - Copyright (C) 1996, 1997, 1998, 1999, 2000 Free Software Foundation, Inc. + Copyright (C) 1996-2001, 2002 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or @@ -17,10 +17,6 @@ Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. */ -/* - * $Header: /home/cvsroot/gentoo-src/portage/src/sandbox-1.1/canonicalize.c,v 1.3 2003/06/22 20:01:20 azarah Exp $ - */ - #include #include #include @@ -30,7 +26,7 @@ #include #include -#include "localdecls.h" +//#include #ifndef __set_errno # define __set_errno(val) errno = (val) @@ -55,31 +51,28 @@ * */ -static char * -ecanonicalize (const char *name, char *resolved) +char * +erealpath(const char *name, char *resolved) { char *rpath, *dest; const char *start, *end, *rpath_limit; long int path_max; - if (name == NULL) - { + if (name == NULL) { /* As per Single Unix Specification V2 we must return an error if either parameter is a null pointer. We extend this to allow the RESOLVED parameter to be NULL in case the we are expected to allocate the room for the return value. */ - __set_errno (EINVAL); + __set_errno(EINVAL); return NULL; } - if (name[0] == '\0') - { + if (name[0] == '\0') { /* As per Single Unix Specification V2 we must return an error if the name argument points to an empty string. */ - __set_errno (ENOENT); + __set_errno(ENOENT); return NULL; } - #ifdef SB_PATH_MAX path_max = SB_PATH_MAX; #else @@ -83,63 +76,59 @@ #ifdef SB_PATH_MAX path_max = SB_PATH_MAX; #else - path_max = pathconf (name, _PC_PATH_MAX); + path_max = pathconf(name, _PC_SB_PATH_MAX); if (path_max <= 0) path_max = 1024; #endif - rpath = resolved ? alloca (path_max) : malloc (path_max); + if (resolved == NULL) { + rpath = malloc(path_max); + if (rpath == NULL) + return NULL; + } else + rpath = resolved; rpath_limit = rpath + path_max; - if (name[0] != '/') - { - if (!getcwd (rpath, path_max)) - { + if (name[0] != '/') { + if (!egetcwd(rpath, path_max)) { rpath[0] = '\0'; goto error; } - dest = strchr (rpath, '\0'); - } - else - { + dest = strchr(rpath, '\0'); + } else { rpath[0] = '/'; dest = rpath + 1; } - for (start = end = name; *start; start = end) - { + for (start = end = name; *start; start = end) { /* Skip sequence of multiple path-separators. */ while (*start == '/') ++start; /* Find end of path component. */ for (end = start; *end && *end != '/'; ++end) - /* Nothing. */; + /* Nothing. */ ; if (end - start == 0) break; else if (end - start == 1 && start[0] == '.') - /* nothing */; - else if (end - start == 2 && start[0] == '.' && start[1] == '.') - { + /* nothing */ ; + else if (end - start == 2 && start[0] == '.' && start[1] == '.') { /* Back up to previous component, ignore if at root already. */ if (dest > rpath + 1) - while ((--dest)[-1] != '/'); - } - else - { + while ((--dest)[-1] != '/') ; + } else { size_t new_size; if (dest[-1] != '/') *dest++ = '/'; - if (dest + (end - start) >= rpath_limit) - { + if (dest + (end - start) >= rpath_limit) { ptrdiff_t dest_offset = dest - rpath; + char *new_rpath; - if (resolved) - { - __set_errno (ENAMETOOLONG); + if (resolved) { + __set_errno(ENAMETOOLONG); if (dest > rpath + 1) dest--; *dest = '\0'; @@ -150,47 +139,33 @@ new_size += end - start + 1; else new_size += path_max; - rpath = realloc (rpath, new_size); + new_rpath = (char *) realloc(rpath, new_size); + if (new_rpath == NULL) + goto error; + rpath = new_rpath; rpath_limit = rpath + new_size; - if (rpath == NULL) - return NULL; dest = rpath + dest_offset; } - dest = __mempcpy (dest, start, end - start); + dest = __mempcpy(dest, start, end - start); *dest = '\0'; - } } -#if 0 +#if 1 if (dest > rpath + 1 && dest[-1] == '/') --dest; #endif *dest = '\0'; - return resolved ? memcpy (resolved, rpath, dest - rpath + 1) : rpath; + return resolved ? memcpy(resolved, rpath, dest - rpath + 1) : rpath; error: if (resolved) - strcpy (resolved, rpath); + strcpy(resolved, rpath); else - free (rpath); - return NULL; -} - - -char * -erealpath (const char *name, char *resolved) -{ - if (resolved == NULL) - { - __set_errno (EINVAL); + free(rpath); return NULL; - } - - return ecanonicalize (name, resolved); } - // vim:expandtab noai:cindent ai Index: libctest.c =================================================================== RCS file: /home/cvsroot/gentoo-src/portage/src/sandbox-1.1/libctest.c,v retrieving revision 1.1 diff -u -b -B -r1.1 libctest.c --- libctest.c 25 Aug 2002 06:08:51 -0000 1.1 +++ libctest.c 27 Jul 2003 12:22:34 -0000 @@ -1,6 +1,7 @@ /* Dummy program to check your libc version */ -int main(void) { +int +main(void) +{ return 0; } - Index: libsandbox.c =================================================================== RCS file: /home/cvsroot/gentoo-src/portage/src/sandbox-1.1/libsandbox.c,v retrieving revision 1.6 diff -u -b -B -r1.6 libsandbox.c --- libsandbox.c 29 Jun 2003 16:20:19 -0000 1.6 +++ libsandbox.c 27 Jul 2003 12:22:36 -0000 @@ -1,5 +1,5 @@ /* -S * Path sandbox for the gentoo linux portage package system, initially + * Path sandbox for the gentoo linux portage package system, initially * based on the ROCK Linux Wrapper for getting a list of created files * * to integrate with bash, bash should have been built like this @@ -121,20 +119,22 @@ typedef struct { int show_access_violation; - char** deny_prefixes; + char **deny_prefixes; int num_deny_prefixes; - char** read_prefixes; + char **read_prefixes; int num_read_prefixes; - char** write_prefixes; + char **write_prefixes; int num_write_prefixes; - char** predict_prefixes; + char **predict_prefixes; int num_predict_prefixes; - char** write_denied_prefixes; + char **write_denied_prefixes; int num_write_denied_prefixes; } sbcontext_t; /* glibc modified realpath() functions */ -char *erealpath (const char *name, char *resolved); +char *erealpath(const char *name, char *resolved); +/* glibc modified getcwd() functions */ +char *egetcwd(char *, size_t); static void init_wrappers(void); static void *get_dlsym(const char *); @@ -147,66 +147,67 @@ static void clean_env_entries(char ***, int *); static void init_context(sbcontext_t *); static void init_env_entries(char ***, int *, char *, int); -static char* filter_path(const char*); +static char *filter_path(const char *); static int is_sandbox_on(); static int is_sandbox_pid(); /* Wrapped functions */ extern int chmod(const char *, mode_t); -static int(*true_chmod)(const char *, mode_t); +static int (*true_chmod) (const char *, mode_t); extern int chown(const char *, uid_t, gid_t); -static int(*true_chown)(const char *, uid_t, gid_t); +static int (*true_chown) (const char *, uid_t, gid_t); extern int creat(const char *, mode_t); -static int(*true_creat)(const char *, mode_t); -extern FILE *fopen(const char *,const char*); -static FILE *(*true_fopen)(const char *,const char*); +static int (*true_creat) (const char *, mode_t); +extern FILE *fopen(const char *, const char *); +static FILE *(*true_fopen) (const char *, const char *); extern int lchown(const char *, uid_t, gid_t); -static int(*true_lchown)(const char *, uid_t, gid_t); +static int (*true_lchown) (const char *, uid_t, gid_t); extern int link(const char *, const char *); -static int(*true_link)(const char *, const char *); +static int (*true_link) (const char *, const char *); extern int mkdir(const char *, mode_t); -static int(*true_mkdir)(const char *, mode_t); +static int (*true_mkdir) (const char *, mode_t); extern DIR *opendir(const char *); -static DIR *(*true_opendir)(const char *); +static DIR *(*true_opendir) (const char *); #ifdef WRAP_MKNOD extern int __xmknod(const char *, mode_t, dev_t); -static int(*true___xmknod)(const char *, mode_t, dev_t); +static int (*true___xmknod) (const char *, mode_t, dev_t); #endif extern int open(const char *, int, ...); -static int(*true_open)(const char *, int, ...); +static int (*true_open) (const char *, int, ...); extern int rename(const char *, const char *); -static int(*true_rename)(const char *, const char *); +static int (*true_rename) (const char *, const char *); extern int rmdir(const char *); -static int(*true_rmdir)(const char *); +static int (*true_rmdir) (const char *); extern int symlink(const char *, const char *); -static int(*true_symlink)(const char *, const char *); +static int (*true_symlink) (const char *, const char *); extern int truncate(const char *, TRUNCATE_T); -static int(*true_truncate)(const char *, TRUNCATE_T); +static int (*true_truncate) (const char *, TRUNCATE_T); extern int unlink(const char *); -static int(*true_unlink)(const char *); +static int (*true_unlink) (const char *); #if (GLIBC_MINOR >= 1) extern int creat64(const char *, __mode_t); -static int(*true_creat64)(const char *, __mode_t); -extern FILE *fopen64(const char *,const char *); -static FILE *(*true_fopen64)(const char *,const char *); +static int (*true_creat64) (const char *, __mode_t); +extern FILE *fopen64(const char *, const char *); +static FILE *(*true_fopen64) (const char *, const char *); extern int open64(const char *, int, ...); -static int(*true_open64)(const char *, int, ...); +static int (*true_open64) (const char *, int, ...); extern int truncate64(const char *, __off64_t); -static int(*true_truncate64)(const char *, __off64_t); +static int (*true_truncate64) (const char *, __off64_t); #endif -extern int execve(const char *filename, char *const argv [], char *const envp[]); -static int (*true_execve)(const char *, char *const [], char *const []); +extern int execve(const char *filename, char *const argv[], char *const envp[]); +static int (*true_execve) (const char *, char *const[], char *const[]); /* * Initialize the shabang */ -static void init_wrappers(void) +static void +init_wrappers(void) { void *libc_handle = NULL; @@ -246,7 +247,8 @@ true_execve = dlsym(libc_handle, "execve"); } -void _init(void) +void +_init(void) { int old_errno = errno; char *tmp_string = NULL; @@ -261,13 +263,15 @@ tmp_string = get_sandbox_lib("/"); strncpy(sandbox_lib, tmp_string, 254); - if (tmp_string) free(tmp_string); + if (tmp_string) + free(tmp_string); tmp_string = NULL; errno = old_errno; } -static int canonicalize(const char *path, char *resolved_path) +static int +canonicalize(const char *path, char *resolved_path) { int old_errno = errno; char *retval; @@ -280,7 +284,7 @@ retval = erealpath(path, resolved_path); - if((!retval) && (path[0] != '/')) { + if ((!retval) && (path[0] != '/')) { /* The path could not be canonicalized, append it * to the current working directory if it was not * an absolute path @@ -288,7 +292,7 @@ if (errno == ENAMETOOLONG) return -1; - getcwd(resolved_path, SB_PATH_MAX - 2); + egetcwd(resolved_path, SB_PATH_MAX - 2); strcat(resolved_path, "/"); strncat(resolved_path, path, SB_PATH_MAX - 1); @@ -313,7 +317,8 @@ return 0; } -static void *get_dlsym(const char *symname) +static void * +get_dlsym(const char *symname) { void *libc_handle = NULL; void *symaddr = NULL; @@ -341,14 +346,16 @@ * Wrapper Functions */ -int chmod(const char *path, mode_t mode) +int +chmod(const char *path, mode_t mode) { int result = -1; char canonic[SB_PATH_MAX]; canonicalize_int(path, canonic); - if FUNCTION_SANDBOX_SAFE("chmod", canonic) { + if FUNCTION_SANDBOX_SAFE + ("chmod", canonic) { check_dlsym(chmod); result = true_chmod(path, mode); } @@ -356,14 +363,16 @@ return result; } -int chown(const char *path, uid_t owner, gid_t group) +int +chown(const char *path, uid_t owner, gid_t group) { int result = -1; char canonic[SB_PATH_MAX]; canonicalize_int(path, canonic); - if FUNCTION_SANDBOX_SAFE("chown", canonic) { + if FUNCTION_SANDBOX_SAFE + ("chown", canonic) { check_dlsym(chown); result = true_chown(path, owner, group); } @@ -371,7 +380,8 @@ return result; } -int creat(const char *pathname, mode_t mode) +int +creat(const char *pathname, mode_t mode) { /* Is it a system call? */ int result = -1; @@ -379,7 +389,8 @@ canonicalize_int(pathname, canonic); - if FUNCTION_SANDBOX_SAFE("creat", canonic) { + if FUNCTION_SANDBOX_SAFE + ("creat", canonic) { check_dlsym(open); result = true_open(pathname, O_CREAT | O_WRONLY | O_TRUNC, mode); } @@ -387,22 +398,25 @@ return result; } -FILE *fopen(const char *pathname, const char *mode) +FILE * +fopen(const char *pathname, const char *mode) { FILE *result = NULL; char canonic[SB_PATH_MAX]; canonicalize_ptr(pathname, canonic); - if FUNCTION_SANDBOX_SAFE_CHAR("fopen", canonic, mode) { + if FUNCTION_SANDBOX_SAFE_CHAR + ("fopen", canonic, mode) { check_dlsym(fopen); - result = true_fopen(pathname,mode); + result = true_fopen(pathname, mode); } return result; } -int lchown(const char *path, uid_t owner, gid_t group) +int +lchown(const char *path, uid_t owner, gid_t group) { /* Linux specific? */ int result = -1; @@ -410,7 +424,8 @@ canonicalize_int(path, canonic); - if FUNCTION_SANDBOX_SAFE("lchown", canonic) { + if FUNCTION_SANDBOX_SAFE + ("lchown", canonic) { check_dlsym(chown); result = true_chown(path, owner, group); } @@ -418,7 +433,8 @@ return result; } -int link(const char *oldpath, const char *newpath) +int +link(const char *oldpath, const char *newpath) { int result = -1; char old_canonic[SB_PATH_MAX], new_canonic[SB_PATH_MAX]; @@ -426,7 +442,8 @@ canonicalize_int(oldpath, old_canonic); canonicalize_int(newpath, new_canonic); - if FUNCTION_SANDBOX_SAFE("link", new_canonic) { + if FUNCTION_SANDBOX_SAFE + ("link", new_canonic) { check_dlsym(link); result = true_link(oldpath, newpath); } @@ -434,14 +451,16 @@ return result; } -int mkdir(const char *pathname, mode_t mode) +int +mkdir(const char *pathname, mode_t mode) { int result = -1; char canonic[SB_PATH_MAX]; canonicalize_int(pathname, canonic); - if FUNCTION_SANDBOX_SAFE("mkdir", canonic) { + if FUNCTION_SANDBOX_SAFE + ("mkdir", canonic) { check_dlsym(mkdir); result = true_mkdir(pathname, mode); } @@ -449,14 +468,16 @@ return result; } -DIR *opendir(const char *name) +DIR * +opendir(const char *name) { DIR *result = NULL; char canonic[SB_PATH_MAX]; canonicalize_ptr(name, canonic); - if FUNCTION_SANDBOX_SAFE("opendir", canonic) { + if FUNCTION_SANDBOX_SAFE + ("opendir", canonic) { check_dlsym(opendir); result = true_opendir(name); } @@ -466,14 +487,16 @@ #ifdef WRAP_MKNOD -int __xmknod(const char *pathname, mode_t mode, dev_t dev) +int +__xmknod(const char *pathname, mode_t mode, dev_t dev) { int result = -1; char canonic[SB_PATH_MAX]; canonicalize_int(pathname, canonic); - if FUNCTION_SANDBOX_SAFE("__xmknod", canonic) { + if FUNCTION_SANDBOX_SAFE + ("__xmknod", canonic) { check_dlsym(__xmknod); result = true___xmknod(pathname, mode, dev); } @@ -483,7 +506,8 @@ #endif -int open(const char *pathname, int flags, ...) +int +open(const char *pathname, int flags, ...) { /* Eventually, there is a third parameter: it's mode_t mode */ va_list ap; @@ -499,18 +523,20 @@ canonicalize_int(pathname, canonic); - if FUNCTION_SANDBOX_SAFE_INT("open", canonic, flags) { + if FUNCTION_SANDBOX_SAFE_INT + ("open", canonic, flags) { /* We need to resolve open() realtime in some cases, * else we get a segfault when running /bin/ps, etc * in a sandbox */ check_dlsym(open); - result=true_open(pathname, flags, mode); + result = true_open(pathname, flags, mode); } return result; } -int rename(const char *oldpath, const char *newpath) +int +rename(const char *oldpath, const char *newpath) { int result = -1; char old_canonic[SB_PATH_MAX], new_canonic[SB_PATH_MAX]; @@ -518,7 +544,8 @@ canonicalize_int(oldpath, old_canonic); canonicalize_int(newpath, new_canonic); - if FUNCTION_SANDBOX_SAFE("rename", new_canonic) { + if FUNCTION_SANDBOX_SAFE + ("rename", new_canonic) { check_dlsym(rename); result = true_rename(oldpath, newpath); } @@ -526,14 +553,16 @@ return result; } -int rmdir(const char *pathname) +int +rmdir(const char *pathname) { int result = -1; char canonic[SB_PATH_MAX]; canonicalize_int(pathname, canonic); - if FUNCTION_SANDBOX_SAFE("rmdir", canonic) { + if FUNCTION_SANDBOX_SAFE + ("rmdir", canonic) { check_dlsym(rmdir); result = true_rmdir(pathname); } @@ -541,7 +570,8 @@ return result; } -int symlink(const char *oldpath, const char *newpath) +int +symlink(const char *oldpath, const char *newpath) { int result = -1; char old_canonic[SB_PATH_MAX], new_canonic[SB_PATH_MAX]; @@ -549,7 +579,8 @@ canonicalize_int(oldpath, old_canonic); canonicalize_int(newpath, new_canonic); - if FUNCTION_SANDBOX_SAFE("symlink", new_canonic) { + if FUNCTION_SANDBOX_SAFE + ("symlink", new_canonic) { check_dlsym(symlink); result = true_symlink(oldpath, newpath); } @@ -557,14 +588,16 @@ return result; } -int truncate(const char *path, TRUNCATE_T length) +int +truncate(const char *path, TRUNCATE_T length) { int result = -1; char canonic[SB_PATH_MAX]; canonicalize_int(path, canonic); - if FUNCTION_SANDBOX_SAFE("truncate", canonic) { + if FUNCTION_SANDBOX_SAFE + ("truncate", canonic) { check_dlsym(truncate); result = true_truncate(path, length); } @@ -572,14 +605,16 @@ return result; } -int unlink(const char *pathname) +int +unlink(const char *pathname) { int result = -1; char canonic[SB_PATH_MAX]; canonicalize_int(pathname, canonic); - if FUNCTION_SANDBOX_SAFE("unlink", canonic) { + if FUNCTION_SANDBOX_SAFE + ("unlink", canonic) { check_dlsym(unlink); result = true_unlink(pathname); } @@ -589,7 +624,8 @@ #if (GLIBC_MINOR >= 1) -int creat64(const char *pathname, __mode_t mode) +int +creat64(const char *pathname, __mode_t mode) { /* Is it a system call? */ int result = -1; @@ -597,7 +633,8 @@ canonicalize_int(pathname, canonic); - if FUNCTION_SANDBOX_SAFE("creat64", canonic) { + if FUNCTION_SANDBOX_SAFE + ("creat64", canonic) { check_dlsym(open64); result = true_open64(pathname, O_CREAT | O_WRONLY | O_TRUNC, mode); } @@ -605,22 +642,25 @@ return result; } -FILE *fopen64(const char *pathname, const char *mode) +FILE * +fopen64(const char *pathname, const char *mode) { FILE *result = NULL; char canonic[SB_PATH_MAX]; canonicalize_ptr(pathname, canonic); - if FUNCTION_SANDBOX_SAFE_CHAR("fopen64", canonic, mode) { + if FUNCTION_SANDBOX_SAFE_CHAR + ("fopen64", canonic, mode) { check_dlsym(fopen64); - result = true_fopen(pathname,mode); + result = true_fopen(pathname, mode); } return result; } -int open64(const char *pathname, int flags, ...) +int +open64(const char *pathname, int flags, ...) { /* Eventually, there is a third parameter: it's mode_t mode */ va_list ap; @@ -636,22 +676,25 @@ canonicalize_int(pathname, canonic); - if FUNCTION_SANDBOX_SAFE_INT("open64", canonic, flags) { + if FUNCTION_SANDBOX_SAFE_INT + ("open64", canonic, flags) { check_dlsym(open64); - result=true_open64(pathname, flags, mode); + result = true_open64(pathname, flags, mode); } return result; } -int truncate64(const char *path, __off64_t length) +int +truncate64(const char *path, __off64_t length) { int result = -1; char canonic[SB_PATH_MAX]; canonicalize_int(path, canonic); - if FUNCTION_SANDBOX_SAFE("truncate64", canonic) { + if FUNCTION_SANDBOX_SAFE + ("truncate64", canonic) { check_dlsym(truncate64); result = true_truncate64(path, length); } @@ -665,7 +708,8 @@ * Exec Wrappers */ -int execve(const char *filename, char *const argv [], char *const envp[]) +int +execve(const char *filename, char *const argv[], char *const envp[]) { int old_errno = errno; int result = -1; @@ -676,13 +720,15 @@ canonicalize_int(filename, canonic); - if FUNCTION_SANDBOX_SAFE("execve", canonic) { + if FUNCTION_SANDBOX_SAFE + ("execve", canonic) { while (envp[count] != NULL) { if (strstr(envp[count], "LD_PRELOAD=") == envp[count]) { if (NULL != strstr(envp[count], sandbox_lib)) { break; } else { - const int max_envp_len = strlen(envp[count]) + strlen(sandbox_lib) + 1; + const int max_envp_len = + strlen(envp[count]) + strlen(sandbox_lib) + 1; /* Backup envp[count], and set it to our own one which * contains sandbox_lib */ @@ -697,7 +743,8 @@ strncpy(new_envp + strlen(old_envp) + 1, sandbox_lib, max_envp_len - strlen(new_envp)); } else { - strncpy(new_envp + strlen(old_envp), sandbox_lib, + strncpy(new_envp + + strlen(old_envp), sandbox_lib, max_envp_len - strlen(new_envp)); } @@ -707,7 +754,7 @@ /* envp[count] = new_envp; * * Get rid of the "read-only" warnings */ - memcpy((void *)&envp[count], &new_envp, sizeof(new_envp)); + memcpy((void *) &envp[count], &new_envp, sizeof (new_envp)); break; } @@ -724,7 +771,7 @@ /* Restore envp[count] again. * * envp[count] = old_envp; */ - memcpy((void *)&envp[count], &old_envp, sizeof(old_envp)); + memcpy((void *) &envp[count], &old_envp, sizeof (old_envp)); old_envp = NULL; } } @@ -743,10 +790,11 @@ /* This hack is needed for glibc 2.1.1 (and others?) * (not really needed, but good example) */ extern int fclose(FILE *); -static int (*true_fclose)(FILE *) = NULL; -int fclose(FILE *file) +static int (*true_fclose) (FILE *) = NULL; +int +fclose(FILE * file) { - int result = - 1; + int result = -1; check_dlsym(fclose); result = true_fclose(file); @@ -756,7 +804,8 @@ #endif /* GLIBC_MINOR == 1 */ -static void init_context(sbcontext_t* context) +static void +init_context(sbcontext_t * context) { context->show_access_violation = 1; context->deny_prefixes = NULL; @@ -771,11 +820,12 @@ context->num_write_denied_prefixes = 0; } -static int is_sandbox_pid() +static int +is_sandbox_pid() { int old_errno = errno; int result = 0; - FILE* pids_stream = NULL; + FILE *pids_stream = NULL; int pids_file = -1; int current_pid = 0; int tmp_pid = 0; @@ -786,9 +836,7 @@ if (NULL == pids_stream) { perror(">>> pids file fopen"); - } - else - { + } else { pids_file = fileno(pids_stream); if (pids_file < 0) { @@ -815,7 +863,8 @@ return result; } -static void clean_env_entries(char*** prefixes_array, int* prefixes_num) +static void +clean_env_entries(char ***prefixes_array, int *prefixes_num) { int old_errno = errno; int i = 0; @@ -827,7 +876,8 @@ (*prefixes_array)[i] = NULL; } } - if (*prefixes_array) free(*prefixes_array); + if (*prefixes_array) + free(*prefixes_array); *prefixes_array = NULL; *prefixes_num = 0; } @@ -835,22 +885,23 @@ errno = old_errno; } -static void init_env_entries(char*** prefixes_array, int* prefixes_num, char* env, int warn) +static void +init_env_entries(char ***prefixes_array, int *prefixes_num, char *env, int warn) { int old_errno = errno; - char* prefixes_env = getenv(env); + char *prefixes_env = getenv(env); if (NULL == prefixes_env) { fprintf(stderr, "Sandbox error : the %s environmental variable should be defined.\n", env); } else { - char* buffer = NULL; + char *buffer = NULL; int prefixes_env_length = strlen(prefixes_env); int i = 0; int num_delimiters = 0; - char* token = NULL; - char* prefix = NULL; + char *token = NULL; + char *prefix = NULL; for (i = 0; i < prefixes_env_length; i++) { if (':' == prefixes_env[i]) { @@ -859,7 +910,8 @@ } if (num_delimiters > 0) { - *prefixes_array = (char **)malloc((num_delimiters + 1) * sizeof(char *)); + *prefixes_array = + (char **) malloc((num_delimiters + 1) * sizeof (char *)); buffer = strndupa(prefixes_env, prefixes_env_length); #ifdef REENTRANT_STRTOK @@ -878,12 +930,12 @@ token = strtok(NULL, ":"); #endif - if (prefix) free(prefix); + if (prefix) + free(prefix); prefix = NULL; } - } - else if (prefixes_env_length > 0) { - (*prefixes_array) = (char **)malloc(sizeof(char *)); + } else if (prefixes_env_length > 0) { + (*prefixes_array) = (char **) malloc(sizeof (char *)); (*prefixes_array)[(*prefixes_num)++] = filter_path(prefixes_env); } @@ -892,10 +944,11 @@ errno = old_errno; } -static char* filter_path(const char* path) +static char * +filter_path(const char *path) { int old_errno = errno; - char* filtered_path = (char *)malloc(SB_PATH_MAX * sizeof(char)); + char *filtered_path = (char *) malloc(SB_PATH_MAX * sizeof (char)); canonicalize_ptr(path, filtered_path); @@ -904,23 +957,26 @@ return filtered_path; } -static int check_access(sbcontext_t* sbcontext, const char* func, const char* path) +static int +check_access(sbcontext_t * sbcontext, const char *func, const char *path) { int old_errno = errno; int result = -1; int i = 0; - char* filtered_path = filter_path(path); + char *filtered_path = filter_path(path); if ('/' != filtered_path[0]) { errno = old_errno; - if (filtered_path) free(filtered_path); + if (filtered_path) + free(filtered_path); filtered_path = NULL; return 0; } - if ((0 == strncmp(filtered_path, "/etc/ld.so.preload", 18)) && (is_sandbox_pid())) { + if ((0 == strncmp(filtered_path, "/etc/ld.so.preload", 18)) + && (is_sandbox_pid())) { result = 1; } @@ -929,7 +985,8 @@ for (i = 0; i < sbcontext->num_deny_prefixes; i++) { if (NULL != sbcontext->deny_prefixes[i]) { if (0 == strncmp(filtered_path, - sbcontext->deny_prefixes[i], + sbcontext-> + deny_prefixes[i], strlen(sbcontext->deny_prefixes[i]))) { result = 0; break; @@ -948,22 +1005,22 @@ (0 == strncmp(func, "execlp", 6)) || (0 == strncmp(func, "execle", 6)) || (0 == strncmp(func, "execv", 5)) || - (0 == strncmp(func, "execvp", 6)) || - (0 == strncmp(func, "execve", 6)) + (0 == strncmp(func, "execvp", 6)) + || (0 == strncmp(func, "execve", 6)) ) ) { for (i = 0; i < sbcontext->num_read_prefixes; i++) { if (NULL != sbcontext->read_prefixes[i]) { if (0 == strncmp(filtered_path, - sbcontext->read_prefixes[i], + sbcontext-> + read_prefixes[i], strlen(sbcontext->read_prefixes[i]))) { result = 1; break; } } } - } - else if ((NULL != sbcontext->write_prefixes) && + } else if ((NULL != sbcontext->write_prefixes) && ((0 == strncmp(func, "open_wr", 7)) || (0 == strncmp(func, "creat", 5)) || (0 == strncmp(func, "creat64", 7)) || @@ -990,9 +1047,11 @@ for (i = 0; i < sbcontext->num_write_denied_prefixes; i++) { if (NULL != sbcontext->write_denied_prefixes[i]) { - if (0 == strncmp(filtered_path, - sbcontext->write_denied_prefixes[i], - strlen(sbcontext->write_denied_prefixes[i]))) { + if (0 == + strncmp(filtered_path, + sbcontext-> + write_denied_prefixes + [i], strlen(sbcontext->write_denied_prefixes[i]))) { result = 0; break; } @@ -1002,7 +1061,9 @@ if (-1 == result) { for (i = 0; i < sbcontext->num_write_prefixes; i++) { if (NULL != sbcontext->write_prefixes[i]) { - if (0 == strncmp(filtered_path, + if (0 == + strncmp + (filtered_path, sbcontext->write_prefixes[i], strlen(sbcontext->write_prefixes[i]))) { result = 1; @@ -1023,8 +1084,11 @@ if (-1 == result) { for (i = 0; i < sbcontext->num_predict_prefixes; i++) { if (NULL != sbcontext->predict_prefixes[i]) { - if (0 == strncmp(filtered_path, - sbcontext->predict_prefixes[i], + if (0 == + strncmp + (filtered_path, + sbcontext-> + predict_prefixes[i], strlen(sbcontext->predict_prefixes[i]))) { sbcontext->show_access_violation = 0; result = 0; @@ -1043,7 +1107,8 @@ result = 0; } - if (filtered_path) free(filtered_path); + if (filtered_path) + free(filtered_path); filtered_path = NULL; errno = old_errno; @@ -1051,32 +1116,36 @@ return result; } -static int check_syscall(sbcontext_t* sbcontext, const char* func, const char* file) +static int +check_syscall(sbcontext_t * sbcontext, const char *func, const char *file) { int old_errno = errno; int result = 1; struct stat log_stat; - char* log_path = NULL; - char* absolute_path = NULL; - char* tmp_buffer = NULL; + char *log_path = NULL; + char *absolute_path = NULL; + char *tmp_buffer = NULL; int log_file = 0; struct stat debug_log_stat; - char* debug_log_env = NULL; - char* debug_log_path = NULL; + char *debug_log_env = NULL; + char *debug_log_path = NULL; int debug_log_file = 0; char buffer[512]; init_wrappers(); if ('/' == file[0]) { - absolute_path = (char *)malloc((strlen(file) + 1) * sizeof(char)); + absolute_path = (char *) malloc((strlen(file) + 1) * sizeof (char)); sprintf(absolute_path, "%s", file); } else { - tmp_buffer = get_current_dir_name(); - absolute_path = (char *)malloc((strlen(tmp_buffer) + 1 + strlen(file) + 1) * sizeof(char)); - sprintf(absolute_path,"%s/%s", tmp_buffer, file); + tmp_buffer = (char *) malloc(SB_PATH_MAX * sizeof (char)); + egetcwd(tmp_buffer, SB_PATH_MAX - 1); + absolute_path = (char *) malloc((strlen(tmp_buffer) + 1 + strlen(file) + 1) + * sizeof (char)); + sprintf(absolute_path, "%s/%s", tmp_buffer, file); - if (tmp_buffer) free(tmp_buffer); + if (tmp_buffer) + free(tmp_buffer); tmp_buffer = NULL; } @@ -1088,27 +1157,30 @@ (0 != strncmp(absolute_path, log_path, strlen(log_path)))) && ((NULL == debug_log_env) || (NULL == debug_log_path) || - (0 != strncmp(absolute_path, debug_log_path, strlen(debug_log_path)))) && - (0 == check_access(sbcontext, func, absolute_path)) + (0 != strncmp(absolute_path, debug_log_path, strlen(debug_log_path)))) + && (0 == check_access(sbcontext, func, absolute_path)) ) { if (1 == sbcontext->show_access_violation) { - fprintf(stderr, "\e[31;01mACCESS DENIED\033[0m %s:%*s%s\n", - func, (int)(10 - strlen(func)), "", absolute_path); + fprintf(stderr, + "\e[31;01mACCESS DENIED\033[0m %s:%*s%s\n", + func, (int) (10 - strlen(func)), "", absolute_path); if (NULL != log_path) { - sprintf(buffer, "%s:%*s%s\n", func, (int)(10 - strlen(func)), "", absolute_path); + sprintf(buffer, "%s:%*s%s\n", func, (int) (10 - strlen(func)), "", + absolute_path); - if ((0 == lstat(log_path, &log_stat)) && - (0 == S_ISREG(log_stat.st_mode)) + if ((0 == lstat(log_path, &log_stat)) + && (0 == S_ISREG(log_stat.st_mode)) ) { fprintf(stderr, "\e[31;01mSECURITY BREACH\033[0m %s already exists and is not a regular file.\n", log_path); } else { log_file = true_open(log_path, - O_APPEND | O_WRONLY | O_CREAT, + O_APPEND | O_WRONLY + | O_CREAT, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); - if(log_file >= 0) { + if (log_file >= 0) { write(log_file, buffer, strlen(buffer)); close(log_file); } @@ -1117,35 +1189,38 @@ } result = 0; - } - else if (NULL != debug_log_env) { + } else if (NULL != debug_log_env) { if (NULL != debug_log_path) { if (0 != strncmp(absolute_path, debug_log_path, strlen(debug_log_path))) { - sprintf(buffer, "%s:%*s%s\n", func, (int)(10 - strlen(func)), "", absolute_path); + sprintf(buffer, "%s:%*s%s\n", func, (int) (10 - strlen(func)), "", + absolute_path); - if ((0 == lstat(debug_log_path, &debug_log_stat)) && - (0 == S_ISREG(debug_log_stat.st_mode)) + if ((0 == lstat(debug_log_path, &debug_log_stat)) + && (0 == S_ISREG(debug_log_stat.st_mode)) ) { fprintf(stderr, "\e[31;01mSECURITY BREACH\033[0m %s already exists and is not a regular file.\n", log_path); } else { - debug_log_file = true_open(debug_log_path, - O_APPEND | O_WRONLY | O_CREAT, - S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); - if(debug_log_file >= 0) { + debug_log_file = + true_open(debug_log_path, + O_APPEND | O_WRONLY | + O_CREAT, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); + if (debug_log_file >= 0) { write(debug_log_file, buffer, strlen(buffer)); close(debug_log_file); } } } } else { - fprintf(stderr, "\e[32;01mACCESS ALLOWED\033[0m %s:%*s%s\n", - func, (int)(10 - strlen(func)), "", absolute_path); + fprintf(stderr, + "\e[32;01mACCESS ALLOWED\033[0m %s:%*s%s\n", + func, (int) (10 - strlen(func)), "", absolute_path); } } - if (absolute_path) free(absolute_path); + if (absolute_path) + free(absolute_path); absolute_path = NULL; errno = old_errno; @@ -1153,7 +1228,8 @@ return result; } -static int is_sandbox_on() +static int +is_sandbox_on() { int old_errno = errno; @@ -1180,7 +1256,8 @@ } } -static int before_syscall(const char* func, const char* file) +static int +before_syscall(const char *func, const char *file) { int old_errno = errno; int result = 1; @@ -1189,24 +1266,18 @@ init_context(&sbcontext); init_env_entries(&(sbcontext.deny_prefixes), - &(sbcontext.num_deny_prefixes), - "SANDBOX_DENY", 1); + &(sbcontext.num_deny_prefixes), "SANDBOX_DENY", 1); init_env_entries(&(sbcontext.read_prefixes), - &(sbcontext.num_read_prefixes), - "SANDBOX_READ", 1); + &(sbcontext.num_read_prefixes), "SANDBOX_READ", 1); init_env_entries(&(sbcontext.write_prefixes), - &(sbcontext.num_write_prefixes), - "SANDBOX_WRITE", 1); + &(sbcontext.num_write_prefixes), "SANDBOX_WRITE", 1); init_env_entries(&(sbcontext.predict_prefixes), - &(sbcontext.num_predict_prefixes), - "SANDBOX_PREDICT", 1); + &(sbcontext.num_predict_prefixes), "SANDBOX_PREDICT", 1); result = check_syscall(&sbcontext, func, file); - clean_env_entries(&(sbcontext.deny_prefixes), - &(sbcontext.num_deny_prefixes)); - clean_env_entries(&(sbcontext.read_prefixes), - &(sbcontext.num_read_prefixes)); + clean_env_entries(&(sbcontext.deny_prefixes), &(sbcontext.num_deny_prefixes)); + clean_env_entries(&(sbcontext.read_prefixes), &(sbcontext.num_read_prefixes)); clean_env_entries(&(sbcontext.write_prefixes), &(sbcontext.num_write_prefixes)); clean_env_entries(&(sbcontext.predict_prefixes), @@ -1221,7 +1292,8 @@ return result; } -static int before_syscall_open_int(const char* func, const char* file, int flags) +static int +before_syscall_open_int(const char *func, const char *file, int flags) { if ((flags & O_WRONLY) || (flags & O_RDWR)) { return before_syscall("open_wr", file); @@ -1230,14 +1302,18 @@ } } -static int before_syscall_open_char(const char* func, const char* file, const char* mode) +static int +before_syscall_open_char(const char *func, const char *file, const char *mode) { - if ((strcmp(mode, "r") == 0) || (strcmp(mode, "rb") == 0) || (strcmp(mode, "rm") == 0)) { + if ((strcmp(mode, "r") == 0) || (strcmp(mode, "rb") == 0) + || (strcmp(mode, "rm") == 0)) { return before_syscall("open_rd", file); } else { return before_syscall("open_wr", file); } } +#include "getcwd.c" +#include "canonicalize.c" // vim:expandtab noai:cindent ai Index: sandbox.c =================================================================== RCS file: /home/cvsroot/gentoo-src/portage/src/sandbox-1.1/sandbox.c,v retrieving revision 1.9 diff -u -b -B -r1.9 sandbox.c --- sandbox.c 22 Feb 2003 15:59:15 -0000 1.9 +++ sandbox.c 27 Jul 2003 12:22:38 -0000 @@ -38,7 +38,8 @@ int print_debug = 0; /* Read pids file, and load active pids into an array. Return number of pids in array */ -int load_active_pids(int fd, int **pids) +int +load_active_pids(int fd, int **pids) { char *data = NULL; char *ptr = NULL, *ptr2 = NULL; @@ -51,7 +52,7 @@ len = file_length(fd); /* Allocate and zero datablock to read pids file */ - data = (char *)malloc((len + 1)*sizeof(char)); + data = (char *) malloc((len + 1) * sizeof (char)); memset(data, 0, len + 1); /* Start at beginning of file */ @@ -76,7 +77,7 @@ /* If the PID is still alive, add it to our array */ if ((0 != my_pid) && (0 == kill(my_pid, 0))) { - pids[0] = (int *)realloc(pids[0], (num_pids + 1)*sizeof(int)); + pids[0] = (int *) realloc(pids[0], (num_pids + 1) * sizeof (int)); pids[0][num_pids] = my_pid; num_pids++; } @@ -93,7 +94,8 @@ } /* Read ld.so.preload file, and loads dirs into an array. Return number of entries in array */ -int load_preload_libs(int fd, char ***preloads) +int +load_preload_libs(int fd, char ***preloads) { char *data = NULL; char *ptr = NULL, *ptr2 = NULL; @@ -105,7 +107,7 @@ len = file_length(fd); /* Allocate and zero datablock to read pids file */ - data = (char *)malloc((len + 1)*sizeof(char)); + data = (char *) malloc((len + 1) * sizeof (char)); memset(data, 0, len + 1); /* Start at beginning of file */ @@ -130,7 +132,8 @@ /* If listing does not match our libname, add it to the array */ if ((strlen(ptr)) && (NULL == strstr(ptr, LIB_NAME))) { - preloads[0] = (char **)realloc(preloads[0], (num_entries + 1)*sizeof(char **)); + preloads[0] = + (char **) realloc(preloads[0], (num_entries + 1) * sizeof (char **)); preloads[0][num_entries] = strdup(ptr); num_entries++; } @@ -149,8 +152,8 @@ return num_entries; } - -void cleanup() +void +cleanup() { int i = 0; int success = 1; @@ -211,10 +213,13 @@ file_truncate(preload_file); /* store the other preload libraries back into the /etc/ld.so.preload file */ - if(num_of_preloads > 0) { + if (num_of_preloads > 0) { for (i = 0; i < num_of_preloads; i++) { sprintf(preload_entry, "%s\n", preload_array[i]); - if (write(preload_file, preload_entry, strlen(preload_entry)) != strlen(preload_entry)) { + if (write + (preload_file, + preload_entry, + strlen(preload_entry)) != strlen(preload_entry)) { perror(">>> /etc/ld.so.preload file write"); success = 0; break; @@ -224,7 +229,8 @@ /* Free memory used to store preload array */ for (i = 0; i < num_of_preloads; i++) { - if (preload_array[i]) free(preload_array[i]); + if (preload_array[i]) + free(preload_array[i]); preload_array[i] = NULL; } if (preload_array) @@ -240,12 +246,13 @@ file_truncate(pids_file); /* if pids are still running, write only the running pids back to the file */ - if(num_of_pids > 1) { + if (num_of_pids > 1) { for (i = 0; i < num_of_pids; i++) { if (pids_array[i] != getpid()) { sprintf(pid_string, "%d\n", pids_array[i]); - if (write(pids_file, pid_string, strlen(pid_string)) != strlen(pid_string)) { + if (write(pids_file, pid_string, strlen(pid_string)) != + strlen(pid_string)) { perror(">>> pids file write"); success = 0; break; @@ -273,20 +280,24 @@ return; } -void stop(int signum) +void +stop(int signum) { printf("Caught signal %d\r\n", signum); cleanup(); } -void setenv_sandbox_write(char *home_dir, char *portage_tmp_dir, char *var_tmp_dir, char *tmp_dir) +void +setenv_sandbox_write(char *home_dir, char *portage_tmp_dir, char *var_tmp_dir, + char *tmp_dir) { char sandbox_write_var[1024]; if (!getenv(ENV_SANDBOX_WRITE)) { /* these should go into make.globals later on */ strcpy(sandbox_write_var, ""); - strcat(sandbox_write_var, "/dev/zero:/dev/fd/:/dev/null:/dev/pts/:/dev/vc/:/dev/tty:/tmp/"); + strcat(sandbox_write_var, + "/dev/zero:/dev/fd/:/dev/null:/dev/pts/:/dev/vc/:/dev/tty:/tmp/"); strcat(sandbox_write_var, ":"); /* NGPT support */ strcat(sandbox_write_var, "/dev/shm/ngpt"); @@ -349,8 +360,8 @@ } } - -void setenv_sandbox_predict(char *home_dir) +void +setenv_sandbox_predict(char *home_dir) { char sandbox_predict_var[1024]; @@ -369,7 +380,8 @@ } } -int print_sandbox_log(char *sandbox_log) +int +print_sandbox_log(char *sandbox_log) { int sandbox_log_file = -1; char *beep_count_env = NULL; @@ -377,24 +389,26 @@ long len = 0; char *buffer = NULL; - sandbox_log_file=file_open(sandbox_log, "r", 0); + sandbox_log_file = file_open(sandbox_log, "r", 0); if (-1 == sandbox_log_file) return 0; len = file_length(sandbox_log_file); - buffer = (char *)malloc((len + 1)*sizeof(char)); + buffer = (char *) malloc((len + 1) * sizeof (char)); memset(buffer, 0, len + 1); read(sandbox_log_file, buffer, len); file_close(sandbox_log_file); - printf("\e[31;01m--------------------------- ACCESS VIOLATION SUMMARY ---------------------------\033[0m\n"); + printf + ("\e[31;01m--------------------------- ACCESS VIOLATION SUMMARY ---------------------------\033[0m\n"); printf("\e[31;01mLOG FILE = \"%s\"\033[0m\n", sandbox_log); printf("\n"); printf("%s", buffer); if (buffer) free(buffer); buffer = NULL; - printf("\e[31;01m--------------------------------------------------------------------------------\033[0m\n"); + printf + ("\e[31;01m--------------------------------------------------------------------------------\033[0m\n"); beep_count_env = getenv(ENV_SANDBOX_BEEP); if (beep_count_env) @@ -404,13 +418,14 @@ for (i = 0; i < beep_count; i++) { fputc('\a', stderr); - if (i < beep_count -1) + if (i < beep_count - 1) sleep(1); } return 1; } -int spawn_shell(char *argv_bash[]) +int +spawn_shell(char *argv_bash[]) { #ifdef USE_SYSTEM_SHELL int i = 0; @@ -424,7 +439,7 @@ break; if (NULL != sh) len = strlen(sh); - sh = (char *)realloc(sh, len+strlen(argv_bash[i]) + 5); + sh = (char *) realloc(sh, len + strlen(argv_bash[i]) + 5); if (first) { sh[0] = 0; first = 0; @@ -471,7 +486,8 @@ #endif } -int main(int argc, char** argv) +int +main(int argc, char **argv) { int i = 0, success = 1; #ifdef USE_LD_SO_PRELOAD @@ -510,11 +526,13 @@ print_debug = 1; if (print_debug) - printf("========================== Gentoo linux path sandbox ===========================\n"); + printf + ("========================== Gentoo linux path sandbox ===========================\n"); /* check if a sandbox is already running */ if (NULL != getenv(ENV_SANDBOX_ON)) { - fprintf(stderr, "Not launching a new sandbox instance\nAnother one is already running in this process hierarchy.\n"); + fprintf(stderr, + "Not launching a new sandbox instance\nAnother one is already running in this process hierarchy.\n"); exit(1); } else { @@ -549,13 +567,14 @@ printf("Verification of the required files.\n"); if (file_exist(sandbox_lib, 0) <= 0) { - fprintf(stderr, "Could not open the sandbox library at '%s'.\n", sandbox_lib); + fprintf(stderr, "Could not open the sandbox library at '%s'.\n", + sandbox_lib); return -1; } else if (file_exist(sandbox_rc, 0) <= 0) { - fprintf(stderr, "Could not open the sandbox rc file at '%s'.\n", sandbox_rc); + fprintf(stderr, "Could not open the sandbox rc file at '%s'.\n", + sandbox_rc); return -1; } - #ifdef USE_LD_SO_PRELOAD /* ensure that the /etc/ld.so.preload file contains an entry for the sandbox lib */ if (print_debug) @@ -569,7 +588,7 @@ if (getuid() == 0) { /* Our r+ also will create the file if it doesn't exist */ - preload_file=file_open("/etc/ld.so.preload", "r+", 1, 0644); + preload_file = file_open("/etc/ld.so.preload", "r+", 1, 0644); if (-1 == preload_file) { preload_adaptable = 0; /* exit(1);*/ @@ -591,14 +610,18 @@ for (i = 0; i < num_of_preloads + 1; i++) { /* First entry should be our sandbox library */ if (0 == i) { - if (write(preload_file, sandbox_lib, strlen(sandbox_lib)) != strlen(sandbox_lib)) { + if (write + (preload_file, sandbox_lib, + strlen(sandbox_lib)) != strlen(sandbox_lib)) { perror(">>> /etc/ld.so.preload file write"); success = 0; break; } } else { /* Output all other preload entries */ - if (write(preload_file, preload_array[i - 1], strlen(preload_array[i - 1])) != strlen(preload_array[i - 1])) { + if (write + (preload_file, preload_array[i - 1], + strlen(preload_array[i - 1])) != strlen(preload_array[i - 1])) { perror(">>> /etc/ld.so.preload file write"); success = 0; break; @@ -634,7 +657,7 @@ printf("Setting up the required environment variables.\n"); /* Generate sandbox log full path */ - tmp_string=get_sandbox_log(); + tmp_string = get_sandbox_log(); strncpy(sandbox_log, tmp_string, 254); if (tmp_string) free(tmp_string); @@ -642,7 +665,8 @@ setenv(ENV_SANDBOX_LOG, sandbox_log, 1); - snprintf(sandbox_debug_log, 254, "%s%s%s", DEBUG_LOG_FILE_PREFIX, pid_string, LOG_FILE_EXT); + snprintf(sandbox_debug_log, 254, "%s%s%s", + DEBUG_LOG_FILE_PREFIX, pid_string, LOG_FILE_EXT); setenv(ENV_SANDBOX_DEBUG_LOG, sandbox_debug_log, 1); home_dir = getenv("HOME"); @@ -656,9 +680,9 @@ * this, access is denied to /var/tmp, hurtin' ebuilds. */ - realpath(getenv("PORTAGE_TMPDIR"),portage_tmp_dir); - realpath("/var/tmp",var_tmp_dir); - realpath("/tmp",tmp_dir); + realpath(getenv("PORTAGE_TMPDIR"), portage_tmp_dir); + realpath("/var/tmp", var_tmp_dir); + realpath("/tmp", tmp_dir); setenv(ENV_SANDBOX_DIR, sandbox_dir, 1); setenv(ENV_SANDBOX_LIB, sandbox_lib, 1); @@ -680,7 +704,7 @@ if (NULL != portage_tmp_dir) chdir(portage_tmp_dir); - argv_bash=(char **)malloc(6 * sizeof(char *)); + argv_bash = (char **) malloc(6 * sizeof (char *)); argv_bash[0] = strdup("/bin/bash"); argv_bash[1] = strdup("-rcfile"); argv_bash[2] = strdup(sandbox_rc); @@ -694,13 +718,15 @@ argv_bash[5] = NULL; if (argc >= 2) { - for (i = 1; i< argc; i++) { + for (i = 1; i < argc; i++) { if (NULL == argv_bash[4]) len = 0; else len = strlen(argv_bash[4]); - argv_bash[4]=(char *)realloc(argv_bash[4], (len + strlen(argv[i]) + 2) * sizeof(char)); + argv_bash[4] = + (char *) realloc(argv_bash[4], + (len + strlen(argv[i]) + 2) * sizeof (char)); if (0 == len) argv_bash[4][0] = 0; @@ -711,7 +737,7 @@ } } #if 0 - char* argv_bash[] = { + char *argv_bash[] = { "/bin/bash", "-rcfile", NULL, @@ -773,7 +799,8 @@ else sprintf(pid_string, "%d\n", pids_array[i]); - if (write(pids_file, pid_string, strlen(pid_string)) != strlen(pid_string)) { + if (write(pids_file, pid_string, strlen(pid_string)) != + strlen(pid_string)) { perror(">>> pids file write"); success = 0; break; @@ -798,7 +825,8 @@ /* STARTING PROTECTED ENVIRONMENT */ if (print_debug) { printf("The protected environment has been started.\n"); - printf("--------------------------------------------------------------------------------\n"); + printf + ("--------------------------------------------------------------------------------\n"); } if (print_debug) @@ -827,7 +855,8 @@ cleanup(); if (print_debug) { - printf("========================== Gentoo linux path sandbox ===========================\n"); + printf + ("========================== Gentoo linux path sandbox ===========================\n"); printf("The protected environment has been shut down.\n"); } @@ -844,7 +873,8 @@ sandbox_log_file = -1; } else if (print_debug) { - printf("--------------------------------------------------------------------------------\n"); + printf + ("--------------------------------------------------------------------------------\n"); } if ((sandbox_log_presence) || (!success)) Index: sandbox.h =================================================================== RCS file: /home/cvsroot/gentoo-src/portage/src/sandbox-1.1/sandbox.h,v retrieving revision 1.3 diff -u -b -B -r1.3 sandbox.h Index: sandbox_futils.c =================================================================== RCS file: /home/cvsroot/gentoo-src/portage/src/sandbox-1.1/sandbox_futils.c,v retrieving revision 1.3 diff -u -b -B -r1.3 sandbox_futils.c --- sandbox_futils.c 4 Dec 2002 15:29:45 -0000 1.3 +++ sandbox_futils.c 27 Jul 2003 12:22:38 -0000 @@ -26,8 +26,11 @@ #include "sandbox.h" +/* glibc modified getcwd() functions */ +char *egetcwd(char *, size_t); -char *get_sandbox_path(char *argv0) +char * +get_sandbox_path(char *argv0) { char path[255]; char *cwd = NULL; @@ -38,17 +41,19 @@ /* ARGV[0] specifies relative path */ } else { - getcwd(cwd, 253); + egetcwd(cwd, 253); sprintf(path, "%s/%s", cwd, argv0); - if (cwd) free(cwd); + if (cwd) + free(cwd); cwd = NULL; } /* Return just directory */ - return(sb_dirname(path)); + return (sb_dirname(path)); } -char *get_sandbox_lib(char *sb_path) +char * +get_sandbox_lib(char *sb_path) { char path[255]; @@ -56,10 +61,11 @@ if (file_exist(path, 0) <= 0) { snprintf(path, 254, "%s%s", sb_path, LIB_NAME); } - return(strdup(path)); + return (strdup(path)); } -char *get_sandbox_rc(char *sb_path) +char * +get_sandbox_rc(char *sb_path) { char path[255]; @@ -67,10 +73,11 @@ if (file_exist(path, 0) <= 0) { snprintf(path, 254, "%s%s", sb_path, BASHRC_NAME); } - return(strdup(path)); + return (strdup(path)); } -char *get_sandbox_log() +char * +get_sandbox_log() { char path[255]; char pid_string[20]; @@ -86,11 +93,12 @@ } strcat(path, pid_string); strcat(path, LOG_FILE_EXT); - return(strdup(path)); + return (strdup(path)); } /* Obtain base directory name. Do not allow trailing / */ -char *sb_dirname(const char *path) +char * +sb_dirname(const char *path) { char *ret = NULL; char *ptr = NULL; @@ -98,19 +106,20 @@ int cut_len = -1; /* don't think NULL will ever be passed, but just in case */ - if (NULL == path) return(strdup(".")); + if (NULL == path) + return (strdup(".")); /* Grab pointer to last slash */ ptr = strrchr(path, '/'); if (NULL == ptr) { - return(strdup(".")); + return (strdup(".")); } /* decimal location of pointer */ loc = ptr - path; /* Remove any trailing slash */ - for (i = loc-1; i >= 0; i--) { + for (i = loc - 1; i >= 0; i--) { if (path[i] != '/') { cut_len = i + 1; /* make cut_len the length of the string to keep */ break; @@ -118,14 +127,15 @@ } /* It could have been just a plain /, return a 1byte 0 filled string */ - if (-1 == cut_len) return(strdup("")); + if (-1 == cut_len) + return (strdup("")); /* Allocate memory, and return the directory */ - ret = (char *)malloc((cut_len + 1) * sizeof(char)); + ret = (char *) malloc((cut_len + 1) * sizeof (char)); memcpy(ret, path, cut_len); ret[cut_len] = 0; - return(ret); + return (ret); } /* @@ -153,7 +163,8 @@ }*/ /* Convert text (string) modes to integer values */ -int file_getmode(char *mode) +int +file_getmode(char *mode) { int mde = 0; if (0 == strcasecmp(mode, "r+")) { @@ -171,17 +182,19 @@ } else { mde = O_RDONLY; } - return(mde); + return (mde); } /* Get current position in file */ -long file_tell(int fp) +long +file_tell(int fp) { - return(lseek(fp, 0L, SEEK_CUR)); + return (lseek(fp, 0L, SEEK_CUR)); } /* lock the file, preferrably the POSIX way */ -int file_lock(int fd, int lock, char *filename) +int +file_lock(int fd, int lock, char *filename) { int err; #ifdef USE_FLOCK @@ -207,7 +220,8 @@ } /* unlock the file, preferrably the POSIX way */ -int file_unlock(int fd) +int +file_unlock(int fd) { #ifdef USE_FLOCK if (flock(fd, LOCK_UN) < 0) { @@ -232,23 +246,27 @@ /* Auto-determine from how the file was opened, what kind of lock to lock * the file with */ -int file_locktype(char *mode) +int +file_locktype(char *mode) { #ifdef USE_FLOCK - if (NULL != (strchr(mode, 'w')) || (NULL != strchr(mode, '+')) || (NULL != strchr(mode, 'a'))) - return(LOCK_EX); - return(LOCK_SH); + if (NULL != (strchr(mode, 'w')) || (NULL != strchr(mode, '+')) + || (NULL != strchr(mode, 'a'))) + return (LOCK_EX); + return (LOCK_SH); #else - if (NULL != (strchr(mode, 'w')) || (NULL != strchr(mode, '+')) || (NULL != strchr(mode, 'a'))) - return(F_WRLCK); - return(F_RDLCK); + if (NULL != (strchr(mode, 'w')) || (NULL != strchr(mode, '+')) + || (NULL != strchr(mode, 'a'))) + return (F_WRLCK); + return (F_RDLCK); #endif } /* Use standard fopen style modes to open the specified file. Also auto-determines and * locks the file either in shared or exclusive mode depending on opening mode */ -int file_open(char *filename, char *mode, int perm_specified, ...) +int +file_open(char *filename, char *mode, int perm_specified, ...) { int fd; char error[250]; @@ -268,7 +286,7 @@ if (-1 == fd) { snprintf(error, 249, ">>> %s file mode: %s open", filename, mode); perror(error); - return(fd); + return (fd); } /* Only lock the file if opening succeeded */ if (-1 != fd) { @@ -280,11 +298,12 @@ snprintf(error, 249, ">>> %s file mode:%s open", filename, mode); perror(error); } - return(fd); + return (fd); } /* Close and unlock file */ -void file_close(int fd) +void +file_close(int fd) { if (-1 != fd) { file_unlock(fd); @@ -293,17 +312,19 @@ } /* Return length of file */ -long file_length(int fd) +long +file_length(int fd) { long pos, len; pos = file_tell(fd); len = lseek(fd, 0L, SEEK_END); lseek(fd, pos, SEEK_SET); - return(len); + return (len); } /* Zero out file */ -int file_truncate(int fd) +int +file_truncate(int fd) { lseek(fd, 0L, SEEK_SET); if (ftruncate(fd, 0) < 0) { @@ -314,7 +335,8 @@ } /* Check to see if a file exists Return: 1 success, 0 file not found, -1 error */ -int file_exist(char *filename, int checkmode) +int +file_exist(char *filename, int checkmode) { struct stat mystat;