Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 101433 - "access" system call can cause access violation
Summary: "access" system call can cause access violation
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Core system (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Sandbox Maintainers
URL:
Whiteboard:
Keywords:
: 95840 96453 97707 98694 101515 147714 147935 148610 148982 149481 149486 150081 150305 150854 151066 152004 152035 152452 152698 152754 152755 152857 153316 156025 (view as bug list)
Depends on:
Blocks:
 
Reported: 2005-08-05 06:15 UTC by Andres Loeh (RETIRED)
Modified: 2006-12-16 17:02 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
test program (access.c,64 bytes, text/plain)
2005-08-05 06:16 UTC, Andres Loeh (RETIRED) 		Details
sandbox-bug101433.patch (sandbox-bug101433.patch,1.38 KB, patch)
2005-08-05 06:31 UTC, Martin Schlemmer (RETIRED) 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andres Loeh (RETIRED) gentoo-dev 2005-08-05 06:15:19 UTC 
If access is called with W_OK on a protected file, an open_wr violation
is caused.

For instance, with the attached program, I get the following output:

loeh@bard ~/trans $ gcc -o access access.c
loeh@bard ~/trans $ sandboxshell 
 * Loading sandboxed shell
 *  Log File:           /tmp/sandboxme-05.08.2005-15.11.19.log
 *  Debug Log File:     /tmp/sandboxme-05.08.2005-15.11.19.log.debug
 *  sandboxon:          turn sandbox on
 *  sandboxoff:         turn sandbox off
 *  addread <path>:     allow <path> to be read
 *  addwrite <path>:    allow <path> to be written
 *  adddeny <path>:     deny access to <path>
 *  addpredict <path>:  allow fake access to <path>
[s]loeh@bard ~/trans $ ./access
ACCESS DENIED  access_wr: /usr/bin/ls

I would expect the access test to fail, but without a sandbox violation.
Occurs with sandbox-1.2.11, but also with older versions.

Really old versions (before sys-apps/sandbox existed) didn't have this
problem, but I can no longer easily check.
Comment 1 Andres Loeh (RETIRED) gentoo-dev 2005-08-05 06:16:52 UTC 
Created attachment 65172 [details]
test program
Comment 2 Martin Schlemmer (RETIRED) gentoo-dev 2005-08-05 06:31:32 UTC 
Created attachment 65176 [details, diff]
sandbox-bug101433.patch

Should fix it:

-----
lycan kpathsea # sandbox
========================== Gentoo linux path sandbox
===========================
Detection of the support files.
Verification of the required files.
Setting up the required environment variables.
The protected environment has been started.
--------------------------------------------------------------------------------

Process being started in forked instance.
lycan portage # /root/bin/access w /bin/ls && echo yes || echo no
no
lycan portage # exit
exit
Cleaning up sandbox process
========================== Gentoo linux path sandbox
===========================
The protected environment has been shut down.
--------------------------------------------------------------------------------

lycan kpathsea #
Comment 3 Martin Schlemmer (RETIRED) gentoo-dev 2005-08-05 06:34:38 UTC 
Committed in trunk .. will be in next version (1.2.12).
Comment 4 Jakub Moc (RETIRED) gentoo-dev 2005-08-09 06:16:44 UTC 
*** Bug 95840 has been marked as a duplicate of this bug. ***
Comment 5 Jakub Moc (RETIRED) gentoo-dev 2005-08-09 06:20:59 UTC 
*** Bug 96453 has been marked as a duplicate of this bug. ***
Comment 6 Jakub Moc (RETIRED) gentoo-dev 2005-08-09 06:25:07 UTC 
*** Bug 101515 has been marked as a duplicate of this bug. ***
Comment 7 Jakub Moc (RETIRED) gentoo-dev 2005-08-14 15:35:30 UTC 
*** Bug 97707 has been marked as a duplicate of this bug. ***
Comment 8 Martin Schlemmer (RETIRED) gentoo-dev 2005-08-15 10:15:10 UTC 
Can we please stable sandbox-1.2.12 by all archs?
Comment 9 Markus Rothe (RETIRED) gentoo-dev 2005-08-15 12:28:44 UTC 
stable on ppc64
Comment 10 Ian Leitch (RETIRED) gentoo-dev 2005-08-15 12:37:19 UTC 
Stable on x86
Comment 11 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-08-15 12:54:10 UTC 
Stable on ppc and hppa.
Comment 12 Gustavo Zacarias (RETIRED) gentoo-dev 2005-08-16 05:59:49 UTC 
sparc stable.
Comment 13 Jakub Moc (RETIRED) gentoo-dev 2005-08-25 09:52:03 UTC 
*** Bug 98694 has been marked as a duplicate of this bug. ***
Comment 14 Fernando J. Pereda (RETIRED) gentoo-dev 2005-08-30 16:48:47 UTC 
Stable on alpha, sorry for the delay guys

Cheers,
Ferdy
Comment 15 Martin Schlemmer (RETIRED) gentoo-dev 2005-08-30 16:56:07 UTC 
Hmm, does mips actually use sandbox by now?  Or can we consider this closed?
Comment 16 Stuart Longland (RETIRED) gentoo-dev 2005-08-30 17:13:33 UTC 
sandbox does work on MIPS, however, it's been known to really slow down build
times.  It also causes problems with large builds.

Given the hardware we use doesn't need assistance as far as going slow is
concirned, we therefore don't use sandbox on MIPS.

If there's a compelling reason for us to mark it stable, then sure, but
otherwise I don't think it worth while.

Close at will. :-)
Comment 17 Martin Schlemmer (RETIRED) gentoo-dev 2005-08-30 17:40:01 UTC 
K, fixed.
Comment 18 Jakub Moc (RETIRED) gentoo-dev 2006-09-15 11:46:14 UTC 
*** Bug 147714 has been marked as a duplicate of this bug. ***
Comment 19 Jakub Moc (RETIRED) gentoo-dev 2006-09-17 07:49:55 UTC 
*** Bug 147935 has been marked as a duplicate of this bug. ***
Comment 20 Jakub Moc (RETIRED) gentoo-dev 2006-09-22 01:19:49 UTC 
*** Bug 148610 has been marked as a duplicate of this bug. ***
Comment 21 Claus Ladekjær Wilson 2006-09-22 03:06:20 UTC 
I had my system repaired this way:
FEATURES="-sandbox -usersandbox" emerge sandbox
Then all access violation problems disappeared.
Comment 22 Jakub Moc (RETIRED) gentoo-dev 2006-09-24 12:27:54 UTC 
*** Bug 148982 has been marked as a duplicate of this bug. ***
Comment 23 Jakub Moc (RETIRED) gentoo-dev 2006-09-29 00:40:08 UTC 
*** Bug 149481 has been marked as a duplicate of this bug. ***
Comment 24 Jakub Moc (RETIRED) gentoo-dev 2006-09-29 00:40:25 UTC 
*** Bug 149486 has been marked as a duplicate of this bug. ***
Comment 25 Jakub Moc (RETIRED) gentoo-dev 2006-10-04 11:23:38 UTC 
*** Bug 150081 has been marked as a duplicate of this bug. ***
Comment 26 Jakub Moc (RETIRED) gentoo-dev 2006-10-07 01:59:06 UTC 
*** Bug 150305 has been marked as a duplicate of this bug. ***
Comment 27 Jakub Moc (RETIRED) gentoo-dev 2006-10-11 00:33:17 UTC 
*** Bug 150854 has been marked as a duplicate of this bug. ***
Comment 28 Jakub Moc (RETIRED) gentoo-dev 2006-10-13 00:24:58 UTC 
*** Bug 151066 has been marked as a duplicate of this bug. ***
Comment 29 Jakub Moc (RETIRED) gentoo-dev 2006-10-19 13:39:37 UTC 
*** Bug 152004 has been marked as a duplicate of this bug. ***
Comment 30 Jakub Moc (RETIRED) gentoo-dev 2006-10-20 00:49:44 UTC 
*** Bug 152035 has been marked as a duplicate of this bug. ***
Comment 31 Jakub Moc (RETIRED) gentoo-dev 2006-10-22 23:44:47 UTC 
*** Bug 152452 has been marked as a duplicate of this bug. ***
Comment 32 Jakub Moc (RETIRED) gentoo-dev 2006-10-24 14:08:58 UTC 
*** Bug 152698 has been marked as a duplicate of this bug. ***
Comment 33 Jakub Moc (RETIRED) gentoo-dev 2006-10-25 01:07:17 UTC 
*** Bug 152754 has been marked as a duplicate of this bug. ***
Comment 34 Jakub Moc (RETIRED) gentoo-dev 2006-10-25 01:40:04 UTC 
*** Bug 152755 has been marked as a duplicate of this bug. ***
Comment 35 Jakub Moc (RETIRED) gentoo-dev 2006-10-26 01:43:32 UTC 
*** Bug 152857 has been marked as a duplicate of this bug. ***
Comment 36 Jakub Moc (RETIRED) gentoo-dev 2006-10-29 09:18:40 UTC 
*** Bug 153316 has been marked as a duplicate of this bug. ***
Comment 37 Jakub Moc (RETIRED) gentoo-dev 2006-11-23 05:47:33 UTC 
*** Bug 156025 has been marked as a duplicate of this bug. ***