Attachment #57461 for bug #90592

View | Details | Raw Unified | Return to bug 90592
Collapse All | Expand All





	canonicalize_int(pathname, canonic);

	/* XXX: Hack to make sure sandboxed process cannot remove
	 * a device node, bug #79836. */
	if (0 == strncmp(canonic, "/dev/", 5)) {
		errno = EACCES;
		return result;
	}

	if FUNCTION_SANDBOX_SAFE
		("unlink", canonic) {
		check_dlsym(unlink);

Lines 300-306 Link Here

(-)sandbox-1.2.1.orig/sandbox.c (-1 / +2 lines)
300	/* these could go into make.globals later on */	300	/* these could go into make.globals later on */
301	snprintf(buf, sizeof(buf),	301	snprintf(buf, sizeof(buf),
302	"%s:%s/.gconfd/lock:%s/.bash_history:",	302	"%s:%s/.gconfd/lock:%s/.bash_history:",
303	"/dev/zero:/dev/fd/:/dev/null:/dev/pts/:"	303	"/dev/zero:/dev/fd/:/dev/pts/:"
304	"/dev/vc/:/dev/tty:/tmp/:"	304	"/dev/vc/:/dev/tty:/tmp/:"
305	"/dev/shm/ngpt:/var/log/scrollkeeper.log:"	305	"/dev/shm/ngpt:/var/log/scrollkeeper.log:"
306	"/usr/tmp/conftest:/usr/lib/conftest:"	306	"/usr/tmp/conftest:/usr/lib/conftest:"
Lines 342-347 Link Here
342	"/usr/lib/python2.4/:"	342	"/usr/lib/python2.4/:"
343	"/usr/lib/python2.5/:"	343	"/usr/lib/python2.5/:"
344	"/usr/lib/python3.0/:",	344	"/usr/lib/python3.0/:",
		345	"/dev/null:",
345	home_dir);	346	home_dir);
346		347
347	buf[sizeof(buf) - 1] = '\0';	348	buf[sizeof(buf) - 1] = '\0';

Return to bug 90592

Lines 620-632 Link Here

(-)sandbox-1.2.1.orig/libsandbox.c (-7 lines)
620		620
621	canonicalize_int(pathname, canonic);	621	canonicalize_int(pathname, canonic);
622		622
623	/* XXX: Hack to make sure sandboxed process cannot remove
624	* a device node, bug #79836. */
625	if (0 == strncmp(canonic, "/dev/", 5)) {
626	errno = EACCES;
627	return result;
628	}
629
630	if FUNCTION_SANDBOX_SAFE	623	if FUNCTION_SANDBOX_SAFE
631	("unlink", canonic) {	624	("unlink", canonic) {
632	check_dlsym(unlink);	625	check_dlsym(unlink);