From 7fe92cf8e1497051fbcc05ed2b7893b523beb02f Mon Sep 17 00:00:00 2001 From: Brian Harring Date: Thu, 6 Oct 2005 18:23:46 +0000 Subject: nuking this directory, since it's no longer used. svn path=/main/branches/2.0/; revision=2115 --- src/sandbox-dev/ChangeLog | 91 --- src/sandbox-dev/Makefile | 62 -- src/sandbox-dev/canonicalize.c | 194 ------ src/sandbox-dev/create-localdecls | 95 --- src/sandbox-dev/libctest.c | 6 - src/sandbox-dev/libsandbox.c | 1214 ------------------------------------- src/sandbox-dev/sandbox.bashrc | 8 - src/sandbox-dev/sandbox.c | 816 ------------------------- src/sandbox-dev/sandbox.h | 69 --- src/sandbox-dev/sandbox_futils.c | 352 ----------- 10 files changed, 2907 deletions(-) delete mode 100644 src/sandbox-dev/ChangeLog delete mode 100644 src/sandbox-dev/Makefile delete mode 100644 src/sandbox-dev/canonicalize.c delete mode 100755 src/sandbox-dev/create-localdecls delete mode 100644 src/sandbox-dev/libctest.c delete mode 100644 src/sandbox-dev/libsandbox.c delete mode 100644 src/sandbox-dev/sandbox.bashrc delete mode 100644 src/sandbox-dev/sandbox.c delete mode 100644 src/sandbox-dev/sandbox.h delete mode 100644 src/sandbox-dev/sandbox_futils.c (limited to 'src/sandbox-dev') diff --git a/src/sandbox-dev/ChangeLog b/src/sandbox-dev/ChangeLog deleted file mode 100644 index 720976418..000000000 --- a/src/sandbox-dev/ChangeLog +++ /dev/null @@ -1,91 +0,0 @@ -# ChangeLog for Path Sandbox -# Copyright 1999-2004 Gentoo Foundation; Distributed under the GPL v2 -# $Id: /var/cvsroot/gentoo-src/portage/src/sandbox-dev/Attic/ChangeLog,v 1.9 2004/10/04 14:08:46 vapier Exp $ - - 16 Dec 2002; J Robert Ray Makefile libsandbox.c : - - Instead of parsing the SANDBOX_* env variables on each syscall, save the - result in a global sbcontext pointer and cache the value of the env vars - to detect later on if they have changed and need to be re-parsed. Works - around bug 233. - - 16 Dec 2002; Martin Schlemmer create-localdecls : - - Fix memory leak for mips, bug #12236. Thanks to Torgeir Hansen - for this fix. - - 4 Dec 2002; J Robert Ray sandbox.h sandbox_futils.c : - - sandbox_futils defined a dirname() function that was masking the same - function in glibc and was broken (e.g.: SANDBOX_DIR was being set to - '/usr/lib/portage/bi/'). Fixed function to return expected results and - renamed it to sb_dirname() to no longer mask the glibc function. Closes bug - 11231. - - 4 Dec 2002; Martin Schlemmer : - - Fix a segfault in libsandbox.c if canonicalize() was called with - first parameter = NULL. - - 1 Sep 2002; Martin Schlemmer : - - Fix my braindead 'return 1;' in a void function. Updated sandbox.c, - cleanup() for this. - - Change cleanup() in sandbox.c not to exit with fail status if - the pidsfile is missing. We really should still display sandbox - violations if they occured. - - 31 Aug 2002; Martin Schlemmer : - - Update cleanup() in sandbox.c to remove the PIDSFILE if this is - the last sandbox running. - - 25 Aug 2002; Martin Schlemmer : - - Major cleanups to mainly libsandbox.c again. - - 22 Aug 2002; Martin Schlemmer : - - Add copyrights to sandbox.h and sandbox_futils.h. If wrong, the - parties involved should please contact me so that we can fix it. - - Add opendir wrapper to libsandbox.c. - - 21 Aug 2002; Martin Schlemmer : - - Do some more cleanups to ecanonicalize(), as it dropped filenames in - rare cases (after my symlink cleanups), and caused glibc to bork. - These fixes went into canonicalize.c. - - 20 Aug 2002; Martin Schlemmer : - - Fix spawn_shell() and main() in sandbox.c to properly return fail - status. - - 19 Aug 2002; Martin Schlemmer : - - The new canonicalize() function in libsandbox.c also resolved symlinks, - which caused on cleaning sandbox errors if the symlink pointed to a - file in the live root. Ripped out canonicalize() and realpath() from - glibc; removed the symlink stuff, and changed them to ecanonicalize() - and erealpath(). - - 18 Aug 2002; Martin Schlemmer : - - Ripped out all the wrappers, and implemented those of InstallWatch. - Losts of cleanups and bugfixes. Implement a execve that forces - $LIBSANDBOX in $LD_PRELOAD. We can now thus do away with the feared - /etc/ld.so.preload (*g*) ... Made the needed changes to sandbox.c, - sandbox.h and sandbox_futils.c. Rewrote the Makefile for most - parts; it now have an install target. - - Reformat the whole thing to look somewhat like the reworked sandbox.c - and new sandbox.h and sandbox_futils.c from: - - Brad House . - - Additional Copyrights now due to the InstallWatch code: - - Copyright (C) 1998-9 Pancrazio `Ezio' de Mauro - diff --git a/src/sandbox-dev/Makefile b/src/sandbox-dev/Makefile deleted file mode 100644 index 972f5f1ea..000000000 --- a/src/sandbox-dev/Makefile +++ /dev/null @@ -1,62 +0,0 @@ -# Copyright (C) 2001 Geert Bevin, Uwyn, http://www.uwyn.com -# Distributed under the terms of the GNU General Public License, v2 or later -# Author : Geert Bevin -# -# Modified 15 Apr 2002 Jon Nelson -# Clean up Makefile somewhat, and use make's implicit rules -# -# Modified 19 Aug 2002; Martin Schlemmer -# Major rewrite to support new stuff -# -# $Id: /var/cvsroot/gentoo-src/portage/src/sandbox-dev/Attic/Makefile,v 1.3 2002/12/16 22:28:05 jrray Exp $ - -CC = gcc -LD = ld -CFLAGS = -OBJ_DEFINES = -D_GNU_SOURCE -DPIC -fPIC -D_REENTRANT -LIBS = -LDFLAGS = -DESTDIR = - -TARGETS = libsandbox.so sandbox - -all: $(TARGETS) - -sandbox: sandbox.o sandbox_futils.o - $(CC) $^ -ldl -lc -o $@ - -sandbox.o: sandbox.c sandbox.h - $(CC) $(CFLAGS) -Wall -c sandbox.c - -sandbox_futils.o: sandbox_futils.c sandbox.h - $(CC) $(CFLAGS) -Wall -c $(OBJ_DEFINES) sandbox_futils.c - -libsandbox.so: libsandbox.o sandbox_futils.o canonicalize.o - $(LD) $^ -shared -fPIC -ldl -lc -lpthread -o $@ - -libsandbox.o: libsandbox.c localdecls.h - $(CC) $(CFLAGS) -Wall -c $(OBJ_DEFINES) libsandbox.c - -canonicalize.o: canonicalize.c - $(CC) $(CFLAGS) -Wall -c $(OBJ_DEFINES) canonicalize.c - -localdecls.h: create-localdecls libctest.c - ./create-localdecls - - -install: all - install -d -m 0755 $(DESTDIR)/lib - install -d -m 0755 $(DESTDIR)/usr/lib/portage/bin - install -d -m 0755 $(DESTDIR)/usr/lib/portage/lib - install -m 0755 libsandbox.so $(DESTDIR)/lib - install -m 0755 sandbox $(DESTDIR)/usr/lib/portage/bin - install -m 0644 sandbox.bashrc $(DESTDIR)/usr/lib/portage/lib - - -clean: - rm -f $(TARGETS) - rm -f *.o *~ core - rm -f localdecls.h - - -# vim:expandtab noai:cindent ai diff --git a/src/sandbox-dev/canonicalize.c b/src/sandbox-dev/canonicalize.c deleted file mode 100644 index 038c4720d..000000000 --- a/src/sandbox-dev/canonicalize.c +++ /dev/null @@ -1,194 +0,0 @@ -/* Return the canonical absolute name of a given file. - Copyright (C) 1996, 1997, 1998, 1999, 2000 Free Software Foundation, Inc. - This file is part of the GNU C Library. - - The GNU C Library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - The GNU C Library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with the GNU C Library; if not, write to the Free - Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA - 02111-1307 USA. */ - -/* - * $Id: /var/cvsroot/gentoo-src/portage/src/sandbox-dev/Attic/canonicalize.c,v 1.2 2002/08/26 03:28:30 azarah Exp $ - */ - -#include -#include -#include -#include -#include -#include -#include -#include - -#ifndef __set_errno -# define __set_errno(val) errno = (val) -#endif - -/* Return the canonical absolute name of file NAME. A canonical name - does not contain any `.', `..' components nor any repeated path - separators ('/') or symlinks. All path components must exist. If - RESOLVED is null, the result is malloc'd; otherwise, if the - canonical name is PATH_MAX chars or more, returns null with `errno' - set to ENAMETOOLONG; if the name fits in fewer than PATH_MAX chars, - returns the name in RESOLVED. If the name cannot be resolved and - RESOLVED is non-NULL, it contains the path of the first component - that cannot be resolved. If the path can be resolved, RESOLVED - holds the same value as the value returned. */ - -/* Modified: 19 Aug 2002; Martin Schlemmer - * - * Cleaned up unneeded stuff, and change so that it will not - * resolve symlinks. Also prepended a 'e' to functions that - * I did not rip out. - * - */ - -static char * -ecanonicalize (const char *name, char *resolved) -{ - char *rpath, *dest; - const char *start, *end, *rpath_limit; - long int path_max; - - if (name == NULL) - { - /* As per Single Unix Specification V2 we must return an error if - either parameter is a null pointer. We extend this to allow - the RESOLVED parameter to be NULL in case the we are expected to - allocate the room for the return value. */ - __set_errno (EINVAL); - return NULL; - } - - if (name[0] == '\0') - { - /* As per Single Unix Specification V2 we must return an error if - the name argument points to an empty string. */ - __set_errno (ENOENT); - return NULL; - } - -#ifdef PATH_MAX - path_max = PATH_MAX; -#else - path_max = pathconf (name, _PC_PATH_MAX); - if (path_max <= 0) - path_max = 1024; -#endif - - rpath = resolved ? alloca (path_max) : malloc (path_max); - rpath_limit = rpath + path_max; - - if (name[0] != '/') - { - if (!getcwd (rpath, path_max)) - { - rpath[0] = '\0'; - goto error; - } - dest = strchr (rpath, '\0'); - } - else - { - rpath[0] = '/'; - dest = rpath + 1; - } - - for (start = end = name; *start; start = end) - { - /* Skip sequence of multiple path-separators. */ - while (*start == '/') - ++start; - - /* Find end of path component. */ - for (end = start; *end && *end != '/'; ++end) - /* Nothing. */; - - if (end - start == 0) - break; - else if (end - start == 1 && start[0] == '.') - /* nothing */; - else if (end - start == 2 && start[0] == '.' && start[1] == '.') - { - /* Back up to previous component, ignore if at root already. */ - if (dest > rpath + 1) - while ((--dest)[-1] != '/'); - } - else - { - size_t new_size; - - if (dest[-1] != '/') - *dest++ = '/'; - - if (dest + (end - start) >= rpath_limit) - { - ptrdiff_t dest_offset = dest - rpath; - - if (resolved) - { - __set_errno (ENAMETOOLONG); - if (dest > rpath + 1) - dest--; - *dest = '\0'; - goto error; - } - new_size = rpath_limit - rpath; - if (end - start + 1 > path_max) - new_size += end - start + 1; - else - new_size += path_max; - rpath = realloc (rpath, new_size); - rpath_limit = rpath + new_size; - if (rpath == NULL) - return NULL; - - dest = rpath + dest_offset; - } - - dest = __mempcpy (dest, start, end - start); - *dest = '\0'; - - } - } -#if 0 - if (dest > rpath + 1 && dest[-1] == '/') - --dest; -#endif - *dest = '\0'; - - return resolved ? memcpy (resolved, rpath, dest - rpath + 1) : rpath; - -error: - if (resolved) - strcpy (resolved, rpath); - else - free (rpath); - return NULL; -} - - -char * -erealpath (const char *name, char *resolved) -{ - if (resolved == NULL) - { - __set_errno (EINVAL); - return NULL; - } - - return ecanonicalize (name, resolved); -} - - -// vim:expandtab noai:cindent ai diff --git a/src/sandbox-dev/create-localdecls b/src/sandbox-dev/create-localdecls deleted file mode 100755 index debe63b93..000000000 --- a/src/sandbox-dev/create-localdecls +++ /dev/null @@ -1,95 +0,0 @@ -#!/bin/sh - -# This is a quick'n'dirty hack to make the program behave correctly -# under different systems. -# Example: -# when using libc5, (f)trucate's offset argument type is size_t with -# libc5, but it's off_t with libc6 (glibc2). -# -# Uhm... time to learn GNU autoconf :-) -# -# $Id: /var/cvsroot/gentoo-src/portage/src/sandbox-dev/Attic/create-localdecls,v 1.2 2002/12/16 19:19:27 azarah Exp $ - -OUTFILE='localdecls.h' - -# if your arch needs to dlopen() glibc, add it here separated by space :] -BROKEN_RTLD_ARCHLIST="mips" - -echo '/* This file is automatically generated *' > $OUTFILE -echo ' * Modify create-localdecls instead of this */' >> $OUTFILE -echo >> $OUTFILE -echo '#ifndef __LOCALDECLS_H_' >> $OUTFILE -echo '#define __LOCALDECLS_H_' >> $OUTFILE -echo >> $OUTFILE - -### -### -### - -echo -n 'Checking truncate argument type... ' -if grep -q 'truncate.*size_t' /usr/include/unistd.h ; then - echo 'size_t' - echo '#define TRUNCATE_T size_t' >> $OUTFILE -else - echo 'off_t' # At least, I HOPE it's off_t :-) - echo '#define TRUNCATE_T off_t' >> $OUTFILE -fi - -### -### -### - -echo -n 'Checking libc version... ' -gcc -Wall -o libctest libctest.c -VERSION=`ldd libctest | grep libc\\.so | awk '{print $1}'` -rm libctest -echo $VERSION -echo "#define LIBC_VERSION \"$VERSION\"" >> $OUTFILE -if test "$VERSION" = 'libc.so.5' ; then - echo '#define BROKEN_RTLD_NEXT' >> $OUTFILE - echo '#define LIBC 5' >> $OUTFILE -else - # for the arch's that need to dlopen() libc to fetch real funcs! - # 16.12.02 -Torgeir Hansen - MYARCH=`/bin/uname -m` - for x in $BROKEN_RTLD_ARCHLIST; do - if [ $x = $MYARCH ]; then - echo '#define BROKEN_RTLD_NEXT' >> $OUTFILE - fi - done - -fi - -if test "$VERSION" = 'libc.so.6' ; then - echo -n 'Checking glibc subversion... ' - tmp="`ldd /bin/sh | grep libc.so 2> /dev/null`" - LibcPath=`expr "$tmp" : '[^/]*\(/[^ ]*\)'` - tmp="`strings $LibcPath | grep -i 'c library'`" - OsLibcMajor=`expr "$tmp" : '.* \([0-9][0-9]*\)'` - OsLibcMinor=`expr "$tmp" : '.* [0-9][0-9]*\.\([0-9][0-9]*\)'` - case "$OsLibcMajor" in - 2) - # 2 is the glibc version - case "$OsLibcMinor" in - 0) - echo '#define GLIBC_MINOR 0' >> $OUTFILE - SUBVERSION='glibc-2.0' ;; - 1) - echo '#define GLIBC_MINOR 1' >> $OUTFILE - SUBVERSION='glibc-2.1' ;; - 2) - echo '#define GLIBC_MINOR 2' >> $OUTFILE - SUBVERSION='glibc-2.2' ;; - *) - echo 'Treated as glibc >= 2.1 (finger crossed)' - echo '#define GLIBC_MINOR 1' >> $OUTFILE - SUBVERSION='glibc-2.1' ;; - esac - ;; - esac -fi - -echo >> $OUTFILE -echo '#endif' >> $OUTFILE -echo - diff --git a/src/sandbox-dev/libctest.c b/src/sandbox-dev/libctest.c deleted file mode 100644 index 5fc92b508..000000000 --- a/src/sandbox-dev/libctest.c +++ /dev/null @@ -1,6 +0,0 @@ -/* Dummy program to check your libc version */ - -int main(void) { - return 0; -} - diff --git a/src/sandbox-dev/libsandbox.c b/src/sandbox-dev/libsandbox.c deleted file mode 100644 index 1de50e982..000000000 --- a/src/sandbox-dev/libsandbox.c +++ /dev/null @@ -1,1214 +0,0 @@ -/* - * Path sandbox for the gentoo linux portage package system, initially - * based on the ROCK Linux Wrapper for getting a list of created files - * - * to integrate with bash, bash should have been built like this - * - * ./configure --prefix= --host= --without-gnu-malloc - * - * it's very important that the --enable-static-link option is NOT specified - * - * Copyright (C) 2001 Geert Bevin, Uwyn, http://www.uwyn.com - * Distributed under the terms of the GNU General Public License, v2 or later - * Author : Geert Bevin - * - * Post Bevin leaving Gentoo ranks: - * -------------------------------- - * Ripped out all the wrappers, and implemented those of InstallWatch. - * Losts of cleanups and bugfixes. Implement a execve that forces $LIBSANDBOX - * in $LD_PRELOAD. Reformat the whole thing to look somewhat like the reworked - * sandbox.c from Brad House . - * - * Martin Schlemmer (18 Aug 2002) - * - * Partly Copyright (C) 1998-9 Pancrazio `Ezio' de Mauro , - * as some of the InstallWatch code was used. - * - * - * $Id: /var/cvsroot/gentoo-src/portage/src/sandbox-dev/Attic/libsandbox.c,v 1.4 2002/12/16 22:28:05 jrray Exp $ - * - */ - -/* Uncomment below to enable wrapping of mknod(). - * This is broken currently. */ -/* #define WRAP_MKNOD */ - - -#define open xxx_open -#define open64 xxx_open64 - -/* Wrapping mknod, do not have any effect, and - * wrapping __xmknod causes calls to it to segfault - */ -#ifdef WRAP_MKNOD -# define __xmknod xxx___xmknod -#endif - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#ifdef WRAP_MKNOD -# undef __xmknod -#endif - -#undef open -#undef open64 - -#include "localdecls.h" -#include "sandbox.h" - -#define PIDS_FILE "/tmp/sandboxpids.tmp" - -#define FUNCTION_SANDBOX_SAFE(func, path) \ - ((0 == is_sandbox_on()) || (1 == before_syscall(func, path))) - -#define FUNCTION_SANDBOX_SAFE_INT(func, path, flags) \ - ((0 == is_sandbox_on()) || (1 == before_syscall_open_int(func, path, flags))) - -#define FUNCTION_SANDBOX_SAFE_CHAR(func, path, mode) \ - ((0 == is_sandbox_on()) || (1 == before_syscall_open_char(func, path, mode))) - - -/* Macro to check if a wrapper is defined, if not - * then try to resolve it again. */ -#define check_dlsym(name) \ -{ \ - int old_errno=errno; \ - if (!true_ ## name) true_ ## name=get_dlsym(#name); \ - errno=old_errno; \ -} - -static char sandbox_lib[255]; - -typedef struct { - char *last_env; - int count; - char **strs; -} sbprefix_t; - -typedef struct { - int show_access_violation; - sbprefix_t deny; - sbprefix_t read; - sbprefix_t write; - sbprefix_t predict; -} sbcontext_t; - -/* glibc modified realpath() functions */ -char *erealpath (const char *name, char *resolved); - -static void init_wrappers(void); -static void *get_dlsym(const char *); -static void canonicalize(const char *, char *); -static int check_access(sbcontext_t *, const char *, const char *); -static int check_syscall(sbcontext_t *, const char *, const char *); -static int before_syscall(const char *, const char *); -static int before_syscall_open_int(const char *, const char *, int); -static int before_syscall_open_char(const char *, const char *, const char *); -static void clean_env_entries(sbprefix_t *); -static void init_context(sbcontext_t *); -static void init_env_entries(sbprefix_t *, char *); -static char* filter_path(const char*); -static int is_sandbox_on(); -static int is_sandbox_pid(); - -/* Wrapped functions */ - -extern int chmod(const char *, mode_t); -static int(*true_chmod)(const char *, mode_t); -extern int chown(const char *, uid_t, gid_t); -static int(*true_chown)(const char *, uid_t, gid_t); -extern int creat(const char *, mode_t); -static int(*true_creat)(const char *, mode_t); -extern FILE *fopen(const char *,const char*); -static FILE *(*true_fopen)(const char *,const char*); -extern int lchown(const char *, uid_t, gid_t); -static int(*true_lchown)(const char *, uid_t, gid_t); -extern int link(const char *, const char *); -static int(*true_link)(const char *, const char *); -extern int mkdir(const char *, mode_t); -static int(*true_mkdir)(const char *, mode_t); -extern DIR *opendir(const char *); -static DIR *(*true_opendir)(const char *); -#ifdef WRAP_MKNOD -extern int __xmknod(const char *, mode_t, dev_t); -static int(*true___xmknod)(const char *, mode_t, dev_t); -#endif -extern int open(const char *, int, ...); -static int(*true_open)(const char *, int, ...); -extern int rename(const char *, const char *); -static int(*true_rename)(const char *, const char *); -extern int rmdir(const char *); -static int(*true_rmdir)(const char *); -extern int symlink(const char *, const char *); -static int(*true_symlink)(const char *, const char *); -extern int truncate(const char *, TRUNCATE_T); -static int(*true_truncate)(const char *, TRUNCATE_T); -extern int unlink(const char *); -static int(*true_unlink)(const char *); - -#if (GLIBC_MINOR >= 1) - -extern int creat64(const char *, __mode_t); -static int(*true_creat64)(const char *, __mode_t); -extern FILE *fopen64(const char *,const char *); -static FILE *(*true_fopen64)(const char *,const char *); -extern int open64(const char *, int, ...); -static int(*true_open64)(const char *, int, ...); -extern int truncate64(const char *, __off64_t); -static int(*true_truncate64)(const char *, __off64_t); - -#endif - -extern int execve(const char *filename, char *const argv [], char *const envp[]); -static int (*true_execve)(const char *, char *const [], char *const []); - -static sbcontext_t* sbcontext = NULL; -static sem_t ctxsem; - -/* - * Initialize the shabang - */ - -static void init_wrappers(void) -{ - void *libc_handle = NULL; - -#ifdef BROKEN_RTLD_NEXT -// printf ("RTLD_LAZY"); - libc_handle = dlopen(LIBC_VERSION, RTLD_LAZY); -#else -// printf ("RTLD_NEXT"); - libc_handle = RTLD_NEXT; -#endif - - true_chmod = dlsym(libc_handle, "chmod"); - true_chown = dlsym(libc_handle, "chown"); - true_creat = dlsym(libc_handle, "creat"); - true_fopen = dlsym(libc_handle, "fopen"); - true_lchown = dlsym(libc_handle, "lchown"); - true_link = dlsym(libc_handle, "link"); - true_mkdir = dlsym(libc_handle, "mkdir"); - true_opendir = dlsym(libc_handle, "opendir"); -#ifdef WRAP_MKNOD - true___xmknod = dlsym(libc_handle, "__xmknod"); -#endif - true_open = dlsym(libc_handle, "open"); - true_rename = dlsym(libc_handle, "rename"); - true_rmdir = dlsym(libc_handle, "rmdir"); - true_symlink = dlsym(libc_handle, "symlink"); - true_truncate = dlsym(libc_handle, "truncate"); - true_unlink = dlsym(libc_handle, "unlink"); - -#if (GLIBC_MINOR >= 1) - true_creat64 = dlsym(libc_handle, "creat64"); - true_fopen64 = dlsym(libc_handle, "fopen64"); - true_open64 = dlsym(libc_handle, "open64"); - true_truncate64 = dlsym(libc_handle, "truncate64"); -#endif - - true_execve = dlsym(libc_handle, "execve"); -} - -void _init(void) -{ - int old_errno = errno; - char *tmp_string = NULL; - - if (sem_init(&ctxsem, 0, 1)) { - fprintf(stderr, "Failed to create semaphore\n"); - abort(); - } - - init_wrappers(); - - /* Get the path and name to this library */ - tmp_string = get_sandbox_lib("/"); - strncpy(sandbox_lib, tmp_string, 254); - - if (tmp_string) free(tmp_string); - tmp_string = NULL; - - errno = old_errno; -} - -void _fini(void) -{ - if (sbcontext) { - clean_env_entries(&sbcontext->deny); - clean_env_entries(&sbcontext->read); - clean_env_entries(&sbcontext->write); - clean_env_entries(&sbcontext->predict); - free(sbcontext); - sbcontext = NULL; - } - - /* free the semaphore */ - sem_destroy(&ctxsem); -} - -static void canonicalize(const char *path, char *resolved_path) -{ - int old_errno = errno; - - /* If path == NULL, return or we get a segfault */ - if (NULL == path) return; - - if(!erealpath(path, resolved_path) && (path[0] != '/')) { - /* The path could not be canonicalized, append it - * to the current working directory if it was not - * an absolute path - */ - getcwd(resolved_path, MAXPATHLEN - 2); - strcat(resolved_path, "/"); - strncat(resolved_path, path, MAXPATHLEN - 1 - strlen(resolved_path)); - erealpath(resolved_path, resolved_path); - } - - errno = old_errno; -} - -static void *get_dlsym(const char *symname) -{ - void *libc_handle = NULL; - void *symaddr = NULL; - -#ifdef BROKEN_RTLD_NEXT - libc_handle = dlopen(LIBC_VERSION, RTLD_LAZY); - if (!libc_handle) { - printf("libsandbox.so: Can't dlopen libc: %s\n", dlerror()); - abort(); - } -#else - libc_handle = RTLD_NEXT; -#endif - - symaddr = dlsym(libc_handle, symname); - if (!symaddr) { - printf("libsandbox.so: Can't resolve %s: %s\n", symname, dlerror()); - abort(); - } - - return symaddr; -} - -/* - * Wrapper Functions - */ - -int chmod(const char *path, mode_t mode) -{ - int result = -1; - char canonic[MAXPATHLEN]; - - canonicalize(path, canonic); - - if FUNCTION_SANDBOX_SAFE("chmod", canonic) { - check_dlsym(chmod); - result = true_chmod(path, mode); - } - - return result; -} - -int chown(const char *path, uid_t owner, gid_t group) -{ - int result = -1; - char canonic[MAXPATHLEN]; - - canonicalize(path, canonic); - - if FUNCTION_SANDBOX_SAFE("chown", canonic) { - check_dlsym(chown); - result = true_chown(path, owner, group); - } - - return result; -} - -int creat(const char *pathname, mode_t mode) -{ -/* Is it a system call? */ - int result = -1; - char canonic[MAXPATHLEN]; - - canonicalize(pathname, canonic); - - if FUNCTION_SANDBOX_SAFE("creat", canonic) { - check_dlsym(open); - result = true_open(pathname, O_CREAT | O_WRONLY | O_TRUNC, mode); - } - - return result; -} - -FILE *fopen(const char *pathname, const char *mode) -{ - FILE *result = NULL; - char canonic[MAXPATHLEN]; - - canonicalize(pathname, canonic); - - if FUNCTION_SANDBOX_SAFE_CHAR("fopen", canonic, mode) { - check_dlsym(fopen); - result = true_fopen(pathname,mode); - } - - return result; -} - -int lchown(const char *path, uid_t owner, gid_t group) -{ -/* Linux specific? */ - int result = -1; - char canonic[MAXPATHLEN]; - - canonicalize(path, canonic); - - if FUNCTION_SANDBOX_SAFE("lchown", canonic) { - check_dlsym(chown); - result = true_chown(path, owner, group); - } - - return result; -} - -int link(const char *oldpath, const char *newpath) -{ - int result = -1; - char old_canonic[MAXPATHLEN], new_canonic[MAXPATHLEN]; - - canonicalize(oldpath, old_canonic); - canonicalize(newpath, new_canonic); - - if FUNCTION_SANDBOX_SAFE("link", new_canonic) { - check_dlsym(link); - result = true_link(oldpath, newpath); - } - - return result; -} - -int mkdir(const char *pathname, mode_t mode) -{ - int result = -1; - char canonic[MAXPATHLEN]; - - canonicalize(pathname, canonic); - - if FUNCTION_SANDBOX_SAFE("mkdir", canonic) { - check_dlsym(mkdir); - result = true_mkdir(pathname, mode); - } - - return result; -} - -DIR *opendir(const char *name) -{ - DIR *result = NULL; - char canonic[MAXPATHLEN]; - - canonicalize(name, canonic); - - if FUNCTION_SANDBOX_SAFE("opendir", canonic) { - check_dlsym(opendir); - result = true_opendir(name); - } - - return result; -} - -#ifdef WRAP_MKNOD - -int __xmknod(const char *pathname, mode_t mode, dev_t dev) -{ - int result = -1; - char canonic[MAXPATHLEN]; - - canonicalize(pathname, canonic); - - if FUNCTION_SANDBOX_SAFE("__xmknod", canonic) { - check_dlsym(__xmknod); - result = true___xmknod(pathname, mode, dev); - } - - return result; -} - -#endif - -int open(const char *pathname, int flags, ...) -{ -/* Eventually, there is a third parameter: it's mode_t mode */ - va_list ap; - mode_t mode = 0; - int result = -1; - char canonic[MAXPATHLEN]; - - if (flags & O_CREAT) { - va_start(ap, flags); - mode = va_arg(ap, mode_t); - va_end(ap); - } - - canonicalize(pathname, canonic); - - if FUNCTION_SANDBOX_SAFE_INT("open", canonic, flags) { - /* We need to resolve open() realtime in some cases, - * else we get a segfault when running /bin/ps, etc - * in a sandbox */ - check_dlsym(open); - result=true_open(pathname, flags, mode); - } - - return result; -} - -int rename(const char *oldpath, const char *newpath) -{ - int result = -1; - char old_canonic[MAXPATHLEN], new_canonic[MAXPATHLEN]; - - canonicalize(oldpath, old_canonic); - canonicalize(newpath, new_canonic); - - if FUNCTION_SANDBOX_SAFE("rename", new_canonic) { - check_dlsym(rename); - result = true_rename(oldpath, newpath); - } - - return result; -} - -int rmdir(const char *pathname) -{ - int result = -1; - char canonic[MAXPATHLEN]; - - canonicalize(pathname, canonic); - - if FUNCTION_SANDBOX_SAFE("rmdir", canonic) { - check_dlsym(rmdir); - result = true_rmdir(pathname); - } - - return result; -} - -int symlink(const char *oldpath, const char *newpath) -{ - int result = -1; - char old_canonic[MAXPATHLEN], new_canonic[MAXPATHLEN]; - - canonicalize(oldpath, old_canonic); - canonicalize(newpath, new_canonic); - - if FUNCTION_SANDBOX_SAFE("symlink", new_canonic) { - check_dlsym(symlink); - result = true_symlink(oldpath, newpath); - } - - return result; -} - -int truncate(const char *path, TRUNCATE_T length) -{ - int result = -1; - char canonic[MAXPATHLEN]; - - canonicalize(path, canonic); - - if FUNCTION_SANDBOX_SAFE("truncate", canonic) { - check_dlsym(truncate); - result = true_truncate(path, length); - } - - return result; -} - -int unlink(const char *pathname) -{ - int result = -1; - char canonic[MAXPATHLEN]; - - canonicalize(pathname, canonic); - - if FUNCTION_SANDBOX_SAFE("unlink", canonic) { - check_dlsym(unlink); - result = true_unlink(pathname); - } - - return result; -} - -#if (GLIBC_MINOR >= 1) - -int creat64(const char *pathname, __mode_t mode) -{ -/* Is it a system call? */ - int result = -1; - char canonic[MAXPATHLEN]; - - canonicalize(pathname, canonic); - - if FUNCTION_SANDBOX_SAFE("creat64", canonic) { - check_dlsym(open64); - result = true_open64(pathname, O_CREAT | O_WRONLY | O_TRUNC, mode); - } - - return result; -} - -FILE *fopen64(const char *pathname, const char *mode) -{ - FILE *result = NULL; - char canonic[MAXPATHLEN]; - - canonicalize(pathname, canonic); - - if FUNCTION_SANDBOX_SAFE_CHAR("fopen64", canonic, mode) { - check_dlsym(fopen64); - result = true_fopen(pathname,mode); - } - - return result; -} - -int open64(const char *pathname, int flags, ...) -{ -/* Eventually, there is a third parameter: it's mode_t mode */ - va_list ap; - mode_t mode = 0; - int result = -1; - char canonic[MAXPATHLEN]; - - if (flags & O_CREAT) { - va_start(ap, flags); - mode = va_arg(ap, mode_t); - va_end(ap); - } - - canonicalize(pathname, canonic); - - if FUNCTION_SANDBOX_SAFE_INT("open64", canonic, flags) { - check_dlsym(open64); - result=true_open64(pathname, flags, mode); - } - - return result; -} - -int truncate64(const char *path, __off64_t length) -{ - int result = -1; - char canonic[MAXPATHLEN]; - - canonicalize(path, canonic); - - if FUNCTION_SANDBOX_SAFE("truncate64", canonic) { - check_dlsym(truncate64); - result = true_truncate64(path, length); - } - - return result; -} - -#endif /* GLIBC_MINOR >= 1 */ - -/* - * Exec Wrappers - */ - -int execve(const char *filename, char *const argv [], char *const envp[]) -{ - int old_errno = errno; - int result = -1; - int count = 0; - char canonic[MAXPATHLEN]; - char *old_envp = NULL; - char *new_envp = NULL; - - canonicalize(filename, canonic); - - if FUNCTION_SANDBOX_SAFE("execve", canonic) { - while (envp[count] != NULL) { - if (strstr(envp[count], "LD_PRELOAD=") == envp[count]) { - if (NULL != strstr(envp[count], sandbox_lib)) { - break; - } else { - const int max_envp_len = strlen(envp[count]) + strlen(sandbox_lib) + 1; - - /* Backup envp[count], and set it to our own one which - * contains sandbox_lib */ - old_envp = envp[count]; - new_envp = strndupa(old_envp, max_envp_len - 1); - - /* LD_PRELOAD already have variables other than sandbox_lib, - * thus we have to add sandbox_lib via a white space. */ - if (0 != strcmp(envp[count], "LD_PRELOAD=")) { - strncpy(new_envp + strlen(old_envp), ":", - max_envp_len - strlen(new_envp)); - strncpy(new_envp + strlen(old_envp) + 1, sandbox_lib, - max_envp_len - strlen(new_envp)); - } else { - strncpy(new_envp + strlen(old_envp), sandbox_lib, - max_envp_len - strlen(new_envp)); - } - - /* Valid string? */ - new_envp[max_envp_len] = '\0'; - - /* envp[count] = new_envp; - * - * Get rid of the "read-only" warnings */ - memcpy((void *)&envp[count], &new_envp, sizeof(new_envp)); - - break; - } - } - count++; - } - - errno = old_errno; - check_dlsym(execve); - result = true_execve(filename, argv, envp); - old_errno = errno; - - if (old_envp) { - /* Restore envp[count] again. - * - * envp[count] = old_envp; */ - memcpy((void *)&envp[count], &old_envp, sizeof(old_envp)); - old_envp = NULL; - } - } - - errno = old_errno; - - return result; -} - -/* - * Internal Functions - */ - -#if (GLIBC_MINOR == 1) - -/* This hack is needed for glibc 2.1.1 (and others?) - * (not really needed, but good example) */ -extern int fclose(FILE *); -static int (*true_fclose)(FILE *) = NULL; -int fclose(FILE *file) -{ - int result = - 1; - - check_dlsym(fclose); - result = true_fclose(file); - - return result; -} - -#endif /* GLIBC_MINOR == 1 */ - -static void init_context(sbcontext_t* context) -{ - memset(context, 0, sizeof(sbcontext_t)); - context->show_access_violation = 1; -} - -static int is_sandbox_pid() -{ - int old_errno = errno; - int result = 0; - FILE* pids_stream = NULL; - int pids_file = -1; - int current_pid = 0; - int tmp_pid = 0; - - init_wrappers(); - - pids_stream = true_fopen(PIDS_FILE, "r"); - - if (NULL == pids_stream) { - perror(">>> pids file fopen"); - } - else - { - pids_file = fileno(pids_stream); - - if (pids_file < 0) { - perror(">>> pids file fileno"); - } else { - current_pid = getpid(); - - while (EOF != fscanf(pids_stream, "%d\n", &tmp_pid)) { - if (tmp_pid == current_pid) { - result = 1; - break; - } - } - } - if (EOF == fclose(pids_stream)) { - perror(">>> pids file fclose"); - } - pids_stream = NULL; - pids_file = -1; - } - - errno = old_errno; - - return result; -} - -static void clean_env_entries(sbprefix_t* prefix) -{ - int old_errno = errno; - int i = 0; - - if (NULL != prefix->strs) { - for (i = 0; i < prefix->count; i++) { - if (NULL != prefix->strs[i]) { - free(prefix->strs[i]); - prefix->strs[i] = NULL; - } - } - free(prefix->strs); - prefix->strs = NULL; - prefix->count = 0; - } - if (prefix->last_env) { - free(prefix->last_env); - prefix->last_env = NULL; - } - - errno = old_errno; -} - -static void init_env_entries(sbprefix_t* prefix, char* env) -{ - int old_errno = errno; - char* prefixes_env = getenv(env); - - if (NULL == prefixes_env) { - fprintf(stderr, - "Sandbox error : the %s environmental variable should be defined.\n", - env); - } else { - char *ptr; - int num_colons = 0; - - /* Check to see if the env value has changed since the - last time this was initalized, don't do the work again - if it hasn't. - */ - - if (prefix->last_env && !strcmp(prefix->last_env, prefixes_env)) { - errno = old_errno; - return; - } - - /* Clean any existing entries */ - clean_env_entries(prefix); - - /* Env value is different, update the cached copy */ - prefix->last_env = strdup(prefixes_env); - - ptr = prefixes_env; - while (*ptr) { - if (*ptr++ == ':') ++num_colons; - } - - if (prefix->strs) { - free(prefix->strs); - prefix->strs = 0; - } - prefix->strs = (char**)malloc((num_colons+1) * sizeof(char*)); - if (!prefix->strs) return; - memset(prefix->strs, 0, (num_colons+1) * sizeof(char*)); - prefix->count = 0; - - ptr = prefixes_env; - while (*ptr) { - char *next_colon = strchr(ptr, ':'); - if (next_colon) { - if (next_colon != ptr) { - char *str = strndup(ptr, next_colon-ptr); - if (!str) return; - prefix->strs[prefix->count++] = filter_path(str); - free(str); - } - } else { - prefix->strs[prefix->count++] = filter_path(ptr); - break; - } - - ptr = next_colon+1; - } - } - errno = old_errno; -} - -static char* filter_path(const char* path) -{ - int old_errno = errno; - char* filtered_path = (char *)malloc(MAXPATHLEN * sizeof(char)); - filtered_path[0] = 0; - - canonicalize(path, filtered_path); - - errno = old_errno; - - return filtered_path; -} - -static int check_access(sbcontext_t* sbcontext, const char* func, const char* path) -{ - int old_errno = errno; - int result = -1; - int i = 0; - char* filtered_path = filter_path(path); - - if (!filtered_path) { - errno = old_errno; - return 0; - } - - if ('/' != filtered_path[0]) { - free(filtered_path); - errno = old_errno; - return 0; - } - - if ((0 == strncmp(filtered_path, "/etc/ld.so.preload", 18)) && (is_sandbox_pid())) { - result = 1; - } - - if (-1 == result) { - if (NULL != sbcontext->deny.strs) { - for (i = 0; i < sbcontext->deny.count; i++) { - if (NULL != sbcontext->deny.strs[i]) { - if (0 == strncmp(filtered_path, - sbcontext->deny.strs[i], - strlen(sbcontext->deny.strs[i]))) { - result = 0; - break; - } - } - } - } - - if (-1 == result) { - if ((NULL != sbcontext->read.strs) && - ((0 == strncmp(func, "open_rd", 7)) || - (0 == strncmp(func, "popen", 5)) || - (0 == strncmp(func, "opendir", 7)) || - (0 == strncmp(func, "system", 6)) || - (0 == strncmp(func, "execl", 5)) || - (0 == strncmp(func, "execlp", 6)) || - (0 == strncmp(func, "execle", 6)) || - (0 == strncmp(func, "execv", 5)) || - (0 == strncmp(func, "execvp", 6)) || - (0 == strncmp(func, "execve", 6)) - ) - ) { - for (i = 0; i < sbcontext->read.count; i++) { - if (NULL != sbcontext->read.strs[i]) { - if (0 == strncmp(filtered_path, - sbcontext->read.strs[i], - strlen(sbcontext->read.strs[i]))) { - result = 1; - break; - } - } - } - } - else if ((NULL != sbcontext->write.strs) && - ((0 == strncmp(func, "open_wr", 7)) || - (0 == strncmp(func, "creat", 5)) || - (0 == strncmp(func, "creat64", 7)) || - (0 == strncmp(func, "mkdir", 5)) || - (0 == strncmp(func, "mknod", 5)) || - (0 == strncmp(func, "mkfifo", 6)) || - (0 == strncmp(func, "link", 4)) || - (0 == strncmp(func, "symlink", 7)) || - (0 == strncmp(func, "rename", 6)) || - (0 == strncmp(func, "utime", 5)) || - (0 == strncmp(func, "utimes", 6)) || - (0 == strncmp(func, "unlink", 6)) || - (0 == strncmp(func, "rmdir", 5)) || - (0 == strncmp(func, "chown", 5)) || - (0 == strncmp(func, "lchown", 6)) || - (0 == strncmp(func, "chmod", 5)) || - (0 == strncmp(func, "truncate", 8)) || - (0 == strncmp(func, "ftruncate", 9)) || - (0 == strncmp(func, "truncate64", 10)) || - (0 == strncmp(func, "ftruncate64", 11)) - ) - ) { - struct stat tmp_stat; - -#if 0 // write_denied is never set - - for (i = 0; i < sbcontext->write_denied.count; i++) { - if (NULL != sbcontext->write_denied.strs[i]) { - if (0 == strncmp(filtered_path, - sbcontext->write_denied.strs[i], - strlen(sbcontext->write_denied.strs[i]))) { - result = 0; - break; - } - } - } -#endif - - if (-1 == result) { - for (i = 0; i < sbcontext->write.count; i++) { - if (NULL != sbcontext->write.strs[i]) { - if (0 == strncmp(filtered_path, - sbcontext->write.strs[i], - strlen(sbcontext->write.strs[i]))) { - result = 1; - break; - } - } - } - - if (-1 == result) { - /* hack to prevent mkdir of existing dirs to show errors */ - if (0 == strncmp(func, "mkdir", 5)) { - if (0 == stat(filtered_path, &tmp_stat)) { - sbcontext->show_access_violation = 0; - result = 0; - } - } - - if (-1 == result) { - for (i = 0; i < sbcontext->predict.count; i++) { - if (NULL != sbcontext->predict.strs[i]) { - if (0 == strncmp(filtered_path, - sbcontext->predict.strs[i], - strlen(sbcontext->predict.strs[i]))) { - sbcontext->show_access_violation = 0; - result = 0; - break; - } - } - } - } - } - } - } - } - } - - if (-1 == result) { - result = 0; - } - - if (filtered_path) free(filtered_path); - filtered_path = NULL; - - errno = old_errno; - - return result; -} - -static int check_syscall(sbcontext_t* sbcontext, const char* func, const char* file) -{ - int old_errno = errno; - int result = 1; - struct stat log_stat; - char* log_path = NULL; - char* absolute_path = NULL; - char* tmp_buffer = NULL; - int log_file = 0; - struct stat debug_log_stat; - char* debug_log_env = NULL; - char* debug_log_path = NULL; - int debug_log_file = 0; - char buffer[512]; - - init_wrappers(); - - if ('/' == file[0]) { - absolute_path = (char *)malloc((strlen(file) + 1) * sizeof(char)); - sprintf(absolute_path, "%s", file); - } else { - tmp_buffer = get_current_dir_name(); - absolute_path = (char *)malloc((strlen(tmp_buffer) + 1 + strlen(file) + 1) * sizeof(char)); - sprintf(absolute_path,"%s/%s", tmp_buffer, file); - - if (tmp_buffer) free(tmp_buffer); - tmp_buffer = NULL; - } - - log_path = getenv("SANDBOX_LOG"); - debug_log_env = getenv("SANDBOX_DEBUG"); - debug_log_path = getenv("SANDBOX_DEBUG_LOG"); - - if (((NULL == log_path) || - (0 != strncmp(absolute_path, log_path, strlen(log_path)))) && - ((NULL == debug_log_env) || - (NULL == debug_log_path) || - (0 != strncmp(absolute_path, debug_log_path, strlen(debug_log_path)))) && - (0 == check_access(sbcontext, func, absolute_path)) - ) { - if (1 == sbcontext->show_access_violation) { - fprintf(stderr, "\e[31;01mACCESS DENIED\033[0m %s:%*s%s\n", - func, (int)(10 - strlen(func)), "", absolute_path); - - if (NULL != log_path) { - sprintf(buffer, "%s:%*s%s\n", func, (int)(10 - strlen(func)), "", absolute_path); - - if ((0 == lstat(log_path, &log_stat)) && - (0 == S_ISREG(log_stat.st_mode)) - ) { - fprintf(stderr, - "\e[31;01mSECURITY BREACH\033[0m %s already exists and is not a regular file.\n", - log_path); - } else { - log_file = true_open(log_path, - O_APPEND | O_WRONLY | O_CREAT, - S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); - if(log_file >= 0) { - write(log_file, buffer, strlen(buffer)); - close(log_file); - } - } - } - } - - result = 0; - } - else if (NULL != debug_log_env) { - if (NULL != debug_log_path) { - if (0 != strncmp(absolute_path, debug_log_path, strlen(debug_log_path))) { - sprintf(buffer, "%s:%*s%s\n", func, (int)(10 - strlen(func)), "", absolute_path); - - if ((0 == lstat(debug_log_path, &debug_log_stat)) && - (0 == S_ISREG(debug_log_stat.st_mode)) - ) { - fprintf(stderr, - "\e[31;01mSECURITY BREACH\033[0m %s already exists and is not a regular file.\n", - log_path); - } else { - debug_log_file = true_open(debug_log_path, - O_APPEND | O_WRONLY | O_CREAT, - S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); - if(debug_log_file >= 0) { - write(debug_log_file, buffer, strlen(buffer)); - close(debug_log_file); - } - } - } - } else { - fprintf(stderr, "\e[32;01mACCESS ALLOWED\033[0m %s:%*s%s\n", - func, (int)(10 - strlen(func)), "", absolute_path); - } - } - - if (absolute_path) free(absolute_path); - absolute_path = NULL; - - errno = old_errno; - - return result; -} - -static int is_sandbox_on() -{ - int old_errno = errno; - - /* $SANDBOX_ACTIVE is an env variable that should ONLY - * be used internal by sandbox.c and libsanbox.c. External - * sources should NEVER set it, else the sandbox is enabled - * in some cases when run in parallel with another sandbox, - * but not even in the sandbox shell. - * - * Azarah (3 Aug 2002) - */ - if ((NULL != getenv("SANDBOX_ON")) && - (0 == strncmp(getenv("SANDBOX_ON"), "1", 1)) && - (NULL != getenv("SANDBOX_ACTIVE")) && - (0 == strncmp(getenv("SANDBOX_ACTIVE"), "armedandready", 13)) - ) { - errno = old_errno; - - return 1; - } else { - errno = old_errno; - - return 0; - } -} - -static int before_syscall(const char* func, const char* file) -{ - int old_errno = errno; - int result = 1; - - /* Only allow one thread to access sbcontext at a time */ - sem_wait(&ctxsem); - - if (!sbcontext) { - sbcontext = (sbcontext_t*)malloc(sizeof(sbcontext_t)); - init_context(sbcontext); - } else { - /* sometimes this value gets set to 0 */ - sbcontext->show_access_violation = 1; - } - - init_env_entries(&sbcontext->deny, "SANDBOX_DENY"); - init_env_entries(&sbcontext->read, "SANDBOX_READ"); - init_env_entries(&sbcontext->write, "SANDBOX_WRITE"); - init_env_entries(&sbcontext->predict, "SANDBOX_PREDICT"); - - result = check_syscall(sbcontext, func, file); - - if (sem_post(&ctxsem)) { - fprintf(stderr, "Failed trying to release semaphore\n"); - } - - errno = old_errno; - - if (0 == result) { - errno = EACCES; - } - - return result; -} - -static int before_syscall_open_int(const char* func, const char* file, int flags) -{ - if ((flags & O_WRONLY) || (flags & O_RDWR)) { - return before_syscall("open_wr", file); - } else { - return before_syscall("open_rd", file); - } -} - -static int before_syscall_open_char(const char* func, const char* file, const char* mode) -{ - if ((strcmp(mode, "r") == 0) || (strcmp(mode, "rb") == 0)) { - return before_syscall("open_rd", file); - } else { - return before_syscall("open_wr", file); - } -} - - -// vim:expandtab noai:cindent ai diff --git a/src/sandbox-dev/sandbox.bashrc b/src/sandbox-dev/sandbox.bashrc deleted file mode 100644 index 7c562b767..000000000 --- a/src/sandbox-dev/sandbox.bashrc +++ /dev/null @@ -1,8 +0,0 @@ -# Copyright (C) 2001 Geert Bevin, Uwyn, http://www.uwyn.com -# Distributed under the terms of the GNU General Public License, v2 or later -# Author : Geert Bevin -# $Id: /var/cvsroot/gentoo-src/portage/src/sandbox-dev/Attic/sandbox.bashrc,v 1.1 2002/08/25 06:09:05 azarah Exp $ -source /etc/profile -export LD_PRELOAD="$SANDBOX_LIB" -alias make="make LD_PRELOAD=$SANDBOX_LIB" -alias su="su -c '/bin/bash -rcfile $SANDBOX_DIR/sandbox.bashrc'" diff --git a/src/sandbox-dev/sandbox.c b/src/sandbox-dev/sandbox.c deleted file mode 100644 index c388013b2..000000000 --- a/src/sandbox-dev/sandbox.c +++ /dev/null @@ -1,816 +0,0 @@ -/* -** Path sandbox for the gentoo linux portage package system, initially -** based on the ROCK Linux Wrapper for getting a list of created files -** -** to integrate with bash, bash should have been built like this -** -** ./configure --prefix= --host= --without-gnu-malloc -** -** it's very important that the --enable-static-link option is NOT specified -** -** Copyright (C) 2001 Geert Bevin, Uwyn, http://www.uwyn.com -** Distributed under the terms of the GNU General Public License, v2 or later -** Author : Geert Bevin -** $Id: /var/cvsroot/gentoo-src/portage/src/sandbox-dev/Attic/sandbox.c,v 1.4 2002/10/20 21:37:30 azarah Exp $ -*/ - -#define _GNU_SOURCE - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "sandbox.h" - -int preload_adaptable = 1; -int cleaned_up = 0; -int print_debug = 0; - -/* Read pids file, and load active pids into an array. Return number of pids in array */ -int load_active_pids(int fd, int **pids) -{ - char *data = NULL; - char *ptr = NULL, *ptr2 = NULL; - int my_pid; - int num_pids = 0; - long len; - - pids[0] = NULL; - - len = file_length(fd); - - /* Allocate and zero datablock to read pids file */ - data = (char *)malloc((len + 1)*sizeof(char)); - memset(data, 0, len + 1); - - /* Start at beginning of file */ - lseek(fd, 0L, SEEK_SET); - - /* read entire file into a buffer */ - read(fd, data, len); - - ptr = data; - - /* Loop and read all pids */ - while (1) { - /* Find new line */ - ptr2 = strchr(ptr, '\n'); - if (ptr2 == NULL) break; /* No more PIDs */ - - /* clear the \n. And ptr should have a null-terminated decimal string */ - ptr2[0] = 0; - - my_pid = atoi(ptr); - - /* If the PID is still alive, add it to our array */ - if ((0 != my_pid) && (0 == kill(my_pid, 0))) { - pids[0] = (int *)realloc(pids[0], (num_pids + 1)*sizeof(int)); - pids[0][num_pids] = my_pid; - num_pids++; - } - - /* Put ptr past the NULL we just wrote */ - ptr = ptr2 + 1; - } - - if (data) free(data); - - return num_pids; -} - -/* Read ld.so.preload file, and loads dirs into an array. Return number of entries in array */ -int load_preload_libs(int fd, char ***preloads) -{ - char *data = NULL; - char *ptr = NULL, *ptr2 = NULL; - int num_entries = 0; - long len; - - preloads[0] = NULL; - - len = file_length(fd); - - /* Allocate and zero datablock to read pids file */ - data = (char *)malloc((len + 1)*sizeof(char)); - memset(data, 0, len + 1); - - /* Start at beginning of file */ - lseek(fd, 0L, SEEK_SET); - - /* read entire file into a buffer */ - read(fd, data, len); - - ptr = data; - - /* Loop and read all pids */ - while (1) { - /* Find new line */ - ptr2 = strchr(ptr, '\n'); - - /* clear the \n. And ptr should have a null-terminated decimal string - * Don't break from the loop though because the last line may not - * terminated with a \n - */ - if (NULL != ptr2) ptr2[0] = 0; - - /* If listing does not match our libname, add it to the array */ - if ((strlen(ptr)) && (NULL == strstr(ptr, LIB_NAME))) { - preloads[0] = (char **)realloc(preloads[0], (num_entries + 1)*sizeof(char **)); - preloads[0][num_entries] = strdup(ptr); - num_entries++; - } - - if (NULL == ptr2) break; /* No more PIDs */ - - /* Put ptr past the NULL we just wrote */ - ptr = ptr2 + 1; - } - - if (data) free(data); - - return num_entries; -} - - -void cleanup() -{ - int i = 0; - int success = 1; - int pids_file = -1, num_of_pids = 0; - int *pids_array = NULL; - char pid_string[255]; -#ifdef USE_LD_SO_PRELOAD - int preload_file = -1, num_of_preloads = 0; - char preload_entry[255]; - char **preload_array = NULL; -#endif - - - /* remove this sandbox's bash pid from the global pids - * file if it has rights to adapt the ld.so.preload file */ - if ((1 == preload_adaptable) && (0 == cleaned_up)) { - cleaned_up = 1; - success = 1; - - if (print_debug) printf("Cleaning up pids file.\n"); - - /* Stat the PIDs file, make sure it exists and is a regular file */ - if (file_exist(PIDS_FILE, 1) <= 0) { - perror(">>> pids file is not a regular file"); - success = 0; - /* We should really not fail if the pidsfile is missing here, but - * rather just exit cleanly, as there is still some cleanup to do */ - return; - } - - pids_file = file_open(PIDS_FILE, "r+", 0); - if (-1 == pids_file) { - success = 0; - /* Nothing more to do here */ - return; - } - - /* Load "still active" pids into an array */ - num_of_pids = load_active_pids(pids_file, &pids_array); - //printf("pids: %d\r\n", num_of_pids); - -#ifdef USE_LD_SO_PRELOAD - /* clean the /etc/ld.so.preload file if no other sandbox - * processes are running anymore */ - if (1 == num_of_pids) { - success = 1; - - if (print_debug) printf("Cleaning up /etc/ld.so.preload.\n"); - - preload_file = file_open("/etc/ld.so.preload", "r+", 0); - if (-1 != preload_file) { - /* Load all the preload libraries into an array */ - num_of_preloads = load_preload_libs(preload_file, &preload_array); - //printf("num preloads: %d\r\n", num_of_preloads); - /* Clear file */ - file_truncate(preload_file); - - /* store the other preload libraries back into the /etc/ld.so.preload file */ - if(num_of_preloads > 0) { - for (i = 0; i < num_of_preloads; i++) { - sprintf(preload_entry, "%s\n", preload_array[i]); - if (write(preload_file, preload_entry, strlen(preload_entry)) != strlen(preload_entry)) { - perror(">>> /etc/ld.so.preload file write"); - success = 0; - break; - } - } - } - - /* Free memory used to store preload array */ - for (i = 0; i < num_of_preloads; i++) { - if (preload_array[i]) free(preload_array[i]); - preload_array[i] = NULL; - } - if (preload_array) free(preload_array); - preload_array = NULL; - - file_close(preload_file); - preload_file = -1; - } - } -#endif - - file_truncate(pids_file); - - /* if pids are still running, write only the running pids back to the file */ - if(num_of_pids > 1) { - for (i = 0; i < num_of_pids; i++) { - sprintf(pid_string, "%d\n", pids_array[i]); - if (write(pids_file, pid_string, strlen(pid_string)) != strlen(pid_string)) { - perror(">>> pids file write"); - success = 0; - break; - } - } - - file_close(pids_file); - pids_file = -1; - } else { - - file_close(pids_file); - pids_file = -1; - - /* remove the pidsfile, as this was the last sandbox */ - unlink(PIDS_FILE); - } - - if (pids_array != NULL) { - free(pids_array); - pids_array = NULL; - } - } - - if (0 == success) { - return; - } -} - -void stop(int signum) -{ - printf("Caught signal %d\r\n", signum); - cleanup(); -} - -void setenv_sandbox_write(char *home_dir, char *portage_tmp_dir, char *var_tmp_dir, char *tmp_dir) -{ - char sandbox_write_var[1024]; - - if (!getenv(ENV_SANDBOX_WRITE)) { - /* these should go into make.globals later on */ - strcpy(sandbox_write_var, ""); - strcat(sandbox_write_var, "/dev/zero:/dev/fd/:/dev/null:/dev/pts/:/dev/vc/:/dev/tty:/tmp/"); - strcat(sandbox_write_var, ":"); - /* NGPT support */ - strcat(sandbox_write_var, "/dev/shm/ngpt"); - strcat(sandbox_write_var, ":"); - strcat(sandbox_write_var, "/var/log/scrollkeeper.log"); - strcat(sandbox_write_var, ":"); - strcat(sandbox_write_var, home_dir); - strcat(sandbox_write_var, "/.gconfd/lock"); - strcat(sandbox_write_var, ":"); - strcat(sandbox_write_var, home_dir); - strcat(sandbox_write_var, "/.bash_history"); - strcat(sandbox_write_var, ":"); - strcat(sandbox_write_var, "/usr/tmp/conftest"); - strcat(sandbox_write_var, ":"); - strcat(sandbox_write_var, "/usr/lib/conftest"); - strcat(sandbox_write_var, ":"); - strcat(sandbox_write_var, "/usr/tmp/cf"); - strcat(sandbox_write_var, ":"); - strcat(sandbox_write_var, "/usr/lib/cf"); - strcat(sandbox_write_var, ":"); - if (NULL == portage_tmp_dir) { - strcat(sandbox_write_var, tmp_dir); - strcat(sandbox_write_var, ":"); - strcat(sandbox_write_var, var_tmp_dir); - strcat(sandbox_write_var, ":"); - strcat(sandbox_write_var, "/tmp/"); - strcat(sandbox_write_var, ":"); - strcat(sandbox_write_var, "/var/tmp/"); - - /* How the heck is this possible?? we just set it above! */ - } else if (0 == strcmp(sandbox_write_var, "/var/tmp/")) { - strcat(sandbox_write_var, portage_tmp_dir); - strcat(sandbox_write_var, ":"); - strcat(sandbox_write_var, tmp_dir); - strcat(sandbox_write_var, ":"); - strcat(sandbox_write_var, "/tmp/"); - - /* Still don't think this is possible, am I just stupid or something? */ - } else if (0 == strcmp(sandbox_write_var, "/tmp/")) { - strcat(sandbox_write_var, portage_tmp_dir); - strcat(sandbox_write_var, ":"); - strcat(sandbox_write_var, var_tmp_dir); - strcat(sandbox_write_var, ":"); - strcat(sandbox_write_var, "/var/tmp/"); - - /* Amazing, one I think is possible */ - } else { - strcat(sandbox_write_var, portage_tmp_dir); - strcat(sandbox_write_var, ":"); - strcat(sandbox_write_var, tmp_dir); - strcat(sandbox_write_var, ":"); - strcat(sandbox_write_var, var_tmp_dir); - strcat(sandbox_write_var, ":"); - strcat(sandbox_write_var, "/tmp/"); - strcat(sandbox_write_var, ":"); - strcat(sandbox_write_var, "/var/tmp/"); - } - - setenv(ENV_SANDBOX_WRITE, sandbox_write_var, 1); - } -} - - -void setenv_sandbox_predict(char *home_dir) -{ - char sandbox_predict_var[1024]; - - if (!getenv(ENV_SANDBOX_PREDICT)) { - /* these should go into make.globals later on */ - strcpy(sandbox_predict_var, ""); - strcat(sandbox_predict_var, home_dir); - strcat(sandbox_predict_var, "/."); - strcat(sandbox_predict_var, ":"); - strcat(sandbox_predict_var, "/usr/lib/python2.0/"); - strcat(sandbox_predict_var, ":"); - strcat(sandbox_predict_var, "/usr/lib/python2.1/"); - strcat(sandbox_predict_var, ":"); - strcat(sandbox_predict_var, "/usr/lib/python2.2/"); - setenv(ENV_SANDBOX_PREDICT, sandbox_predict_var, 1); - } -} - -int print_sandbox_log(char *sandbox_log) -{ - int sandbox_log_file = -1; - char *beep_count_env = NULL; - int i, beep_count = 0; - long len = 0; - char *buffer = NULL; - - sandbox_log_file=file_open(sandbox_log, "r", 0); - if (-1 == sandbox_log_file) { - return 0; - } - - len = file_length(sandbox_log_file); - buffer = (char *)malloc((len + 1)*sizeof(char)); - memset(buffer, 0, len + 1); - read(sandbox_log_file, buffer, len); - file_close(sandbox_log_file); - - printf("\e[31;01m--------------------------- ACCESS VIOLATION SUMMARY ---------------------------\033[0m\n"); - printf("\e[31;01mLOG FILE = \"%s\"\033[0m\n", sandbox_log); - printf("\n"); - printf("%s", buffer); - if (buffer) free(buffer); buffer = NULL; - printf("\e[31;01m--------------------------------------------------------------------------------\033[0m\n"); - - beep_count_env = getenv(ENV_SANDBOX_BEEP); - if (beep_count_env) { - beep_count = atoi(beep_count_env); - } else { - beep_count = DEFAULT_BEEP_COUNT; - } - - for (i = 0; i < beep_count; i++) { - fputc('\a', stderr); - if (i < beep_count -1) { - sleep(1); - } - } - return 1; -} - -int spawn_shell(char *argv_bash[]) -{ -#ifdef USE_SYSTEM_SHELL - int i = 0; - char *sh = NULL; - int first = 1; - int ret; - long len = 0; - - while (1) { - if (NULL == argv_bash[i]) break; - if (NULL != sh) len = strlen(sh); - sh = (char *)realloc(sh, len+strlen(argv_bash[i]) + 5); - if (first) { - sh[0] = 0; - first = 0; - } - strcat(sh, "\""); - strcat(sh, argv_bash[i]); - strcat(sh, "\" "); - - //printf("%s\n", argv_bash[i]); - i++; - } - printf("%s\n", sh); - ret = system(sh); - if (sh) free(sh); - sh = NULL; - - if (-1 == ret) return 0; - return 1; - -#else -# ifndef NO_FORK - int pid; - int status = 0; - int ret = 0; - - pid = fork(); - - /* Child's process */ - if (0 == pid) { -# endif - execv(argv_bash[0], argv_bash); -# ifndef NO_FORK - return 0; - } else if (pid < 0) { - return 0; - } - ret = waitpid(pid, &status, 0); - if ((-1 == ret) || (status > 0)) return 0; -# endif - return 1; -#endif -} - -int main(int argc, char** argv) -{ - int i = 0, success = 1; - int preload_file = -1; - int sandbox_log_presence = 0; - int sandbox_log_file = -1; - int pids_file = -1; - long len; - - int *pids_array = NULL; - int num_of_pids = 0; - - // char run_arg[255]; - char portage_tmp_dir[PATH_MAX]; - char var_tmp_dir[PATH_MAX]; - char tmp_dir[PATH_MAX]; - char sandbox_log[255]; - char sandbox_debug_log[255]; - char sandbox_dir[255]; - char sandbox_lib[255]; - char sandbox_rc[255]; - char pid_string[255]; - char **argv_bash = NULL; - - char *run_str = "-c"; - char *home_dir = NULL; - char *tmp_string = NULL; -#ifdef USE_LD_SO_PRELOAD - char **preload_array = NULL; - int num_of_preloads = 0; -#endif - - /* Only print info if called with no arguments .... */ - if (argc < 2) { - print_debug = 1; - } - - if (print_debug) printf("========================== Gentoo linux path sandbox ===========================\n"); - - - /* check if a sandbox is already running */ - if (NULL != getenv(ENV_SANDBOX_ON)) { - fprintf(stderr, "Not launching a new sandbox instance\nAnother one is already running in this process hierarchy.\n"); - exit(1); - } else { - - /* determine the location of all the sandbox support files */ - if (print_debug) printf("Detection of the support files.\n"); - - /* Generate base sandbox path */ - tmp_string = get_sandbox_path(argv[0]); - strncpy(sandbox_dir, tmp_string, 254); - if (tmp_string) free(tmp_string); - tmp_string = NULL; - strcat(sandbox_dir, "/"); - - /* Generate sandbox lib path */ - tmp_string = get_sandbox_lib(sandbox_dir); - strncpy(sandbox_lib, tmp_string, 254); - if (tmp_string) free(tmp_string); - tmp_string = NULL; - - /* Generate sandbox bashrc path */ - tmp_string = get_sandbox_rc(sandbox_dir); - strncpy(sandbox_rc, tmp_string, 254); - if (tmp_string) free(tmp_string); - tmp_string = NULL; - - /* verify the existance of required files */ - if (print_debug) printf("Verification of the required files.\n"); - - if (file_exist(sandbox_lib, 0) <= 0) { - fprintf(stderr, "Could not open the sandbox library at '%s'.\n", sandbox_lib); - return -1; - } else if (file_exist(sandbox_rc, 0) <= 0) { - fprintf(stderr, "Could not open the sandbox rc file at '%s'.\n", sandbox_rc); - return -1; - } - -#ifdef USE_LD_SO_PRELOAD - /* ensure that the /etc/ld.so.preload file contains an entry for the sandbox lib */ - if (print_debug) printf("Setting up the ld.so.preload file.\n"); -#endif - - /* check if the /etc/ld.so.preload is a regular file */ - if (file_exist("/etc/ld.so.preload", 1) < 0) { - fprintf(stderr, ">>> /etc/ld.so.preload file is not a regular file\n"); - exit(1); - } - - /* Our r+ also will create the file if it doesn't exist */ - preload_file=file_open("/etc/ld.so.preload", "r+", 1, 0644); - if (-1 == preload_file) { - preload_adaptable = 0; -/* exit(1);*/ - } - -#ifdef USE_LD_SO_PRELOAD - /* Load entries of preload table */ - num_of_preloads = load_preload_libs(preload_file, &preload_array); - - /* Zero out our ld.so.preload file */ - file_truncate(preload_file); - - /* Write contents of preload file */ - for (i = 0; i < num_of_preloads + 1; i++) { - /* First entry should be our sandbox library */ - if (0 == i) { - if (write(preload_file, sandbox_lib, strlen(sandbox_lib)) != strlen(sandbox_lib)) { - perror(">>> /etc/ld.so.preload file write"); - success = 0; - break; - } - } else { - /* Output all other preload entries */ - if (write(preload_file, preload_array[i - 1], strlen(preload_array[i - 1])) != strlen(preload_array[i - 1])) { - perror(">>> /etc/ld.so.preload file write"); - success = 0; - break; - } - } - /* Don't forget the return character after each line! */ - if (1 != write(preload_file, "\n", 1)) { - perror(">>> /etc/ld.so.preload file write"); - success = 0; - break; - } - } - - for (i = 0; i < num_of_preloads; i++) { - if (preload_array[i]) free(preload_array[i]); - preload_array[i] = NULL; - } - if (preload_array) free(preload_array); - num_of_preloads = 0; - preload_array = NULL; -#endif - - /* That's all we needed to do with the preload file */ - file_close(preload_file); - preload_file = -1; - - /* set up the required environment variables */ - if (print_debug) printf("Setting up the required environment variables.\n"); - - /* Generate sandbox log full path */ - tmp_string=get_sandbox_log(); - strncpy(sandbox_log, tmp_string, 254); - if (tmp_string) free(tmp_string); - tmp_string = NULL; - - setenv(ENV_SANDBOX_LOG, sandbox_log, 1); - - snprintf(sandbox_debug_log, 254, "%s%s%s", DEBUG_LOG_FILE_PREFIX, pid_string, LOG_FILE_EXT); - setenv(ENV_SANDBOX_DEBUG_LOG, sandbox_debug_log, 1); - - home_dir = getenv("HOME"); - - /* drobbins: we need to expand these paths using realpath() so that PORTAGE_TMPDIR - * can contain symlinks (example, /var is a symlink, /var/tmp is a symlink.) Without - * this, access is denied to /var/tmp, hurtin' ebuilds. - */ - - realpath(getenv("PORTAGE_TMPDIR"),portage_tmp_dir); - realpath("/var/tmp",var_tmp_dir); - realpath("/tmp",tmp_dir); - - setenv(ENV_SANDBOX_DIR, sandbox_dir, 1); - setenv(ENV_SANDBOX_LIB, sandbox_lib, 1); - setenv("LD_PRELOAD", sandbox_lib, 1); - - if (!getenv(ENV_SANDBOX_DENY)) { - setenv(ENV_SANDBOX_DENY, LD_PRELOAD_FILE, 1); - } - - if (!getenv(ENV_SANDBOX_READ)) { - setenv(ENV_SANDBOX_READ, "/", 1); - } - - /* Set up Sandbox Write path */ - setenv_sandbox_write(home_dir, portage_tmp_dir, var_tmp_dir, tmp_dir); - setenv_sandbox_predict(home_dir); - - setenv(ENV_SANDBOX_ON, "1", 0); - - /* if the portage temp dir was present, cd into it */ - if (NULL != portage_tmp_dir) { - chdir(portage_tmp_dir); - } - - argv_bash=(char **)malloc(6 * sizeof(char *)); - argv_bash[0] = strdup("/bin/bash"); - argv_bash[1] = strdup("-rcfile"); - argv_bash[2] = strdup(sandbox_rc); - if (argc < 2) { - argv_bash[3] = NULL; - } else { - argv_bash[3] = strdup(run_str); /* "-c" */ - } - argv_bash[4] = NULL; /* strdup(run_arg); */ - argv_bash[5] = NULL; - - if (argc >= 2) { - for (i = 1; i< argc; i++) { - if (NULL == argv_bash[4]) len = 0; - else len = strlen(argv_bash[4]); - argv_bash[4]=(char *)realloc(argv_bash[4], (len + strlen(argv[i]) + 2) * sizeof(char)); - if (0 == len) argv_bash[4][0] = 0; - if (1 != i) strcat(argv_bash[4], " "); - strcat(argv_bash[4], argv[i]); - } - } -#if 0 - char* argv_bash[] = { - "/bin/bash", - "-rcfile", - NULL, - NULL, - NULL, - NULL - }; - - /* adding additional bash arguments */ - for (i = 1; i < argc; i++) { - if (1 == i) { - argv_bash[3] = run_str; - argv_bash[4] = run_arg; - strcpy(argv_bash[4], argv[i]); - } else { - strcat(argv_bash[4], " "); - strcat(argv_bash[4], argv[i]); - } - } -#endif - - /* set up the required signal handlers */ - signal(SIGHUP, &stop); - signal(SIGINT, &stop); - signal(SIGQUIT, &stop); - signal(SIGTERM, &stop); - - /* this one should NEVER be set in ebuilds, as it is the one - * private thing libsandbox.so use to test if the sandbox - * should be active for this pid, or not. - * - * azarah (3 Aug 2002) - */ - - setenv("SANDBOX_ACTIVE", "armedandready", 1); - - - /* Load our PID into PIDs file if environment is adaptable */ - if (preload_adaptable) { - success = 1; - if (file_exist(PIDS_FILE, 1) < 0) { - success = 0; - fprintf(stderr, ">>> pids file is not a regular file"); - } else { - pids_file=file_open(PIDS_FILE, "r+", 1, 0644); - if (-1 == pids_file) { - success = 0; - } else { - /* Grab still active pids */ - num_of_pids = load_active_pids(pids_file, &pids_array); - - /* Zero out file */ - file_truncate(pids_file); - - /* Output active pids, and append our pid */ - for (i = 0; i < num_of_pids + 1; i++) { - /* Time for our entry */ - if (i == num_of_pids) { - sprintf(pid_string, "%d\n", getpid()); - } else { - sprintf(pid_string, "%d\n", pids_array[i]); - } - if (write(pids_file, pid_string, strlen(pid_string)) != strlen(pid_string)) { - perror(">>> /etc/ld.so.preload file write"); - success = 0; - break; - } - } - /* Clean pids_array */ - if (pids_array) free(pids_array); - pids_array = NULL; - num_of_pids = 0; - - /* We're done with the pids file */ - file_close(pids_file); - } - } - - /* Something went wrong, bail out */ - if (success == 0) - exit(1); - } - - /* STARTING PROTECTED ENVIRONMENT */ - if (print_debug) { - printf("The protected environment has been started.\n"); - printf("--------------------------------------------------------------------------------\n"); - } - - if (print_debug) printf("Shell being started in forked process.\n"); - - /* Start Bash */ - if (!spawn_shell(argv_bash)) { - if (print_debug) fprintf(stderr, ">>> shell process failed to spawn\n"); - success = 0; - } - - /* Free bash stuff */ - for (i = 0; i < 6; i++) { - if (argv_bash[i]) free(argv_bash[i]); - argv_bash[i] = NULL; - } - if (argv_bash) free(argv_bash); - argv_bash = NULL; - - if (print_debug) { - printf("Cleaning up sandbox process\n"); - } - - cleanup(); - - if (print_debug) { - printf("========================== Gentoo linux path sandbox ===========================\n"); - printf("The protected environment has been shut down.\n"); - } - - if (file_exist(sandbox_log, 0)) { - sandbox_log_presence = 1; - success = 1; - if (!print_sandbox_log(sandbox_log)) { - success = 0; - } - -#if 0 - if (!success) { - exit(1); - } -#endif - sandbox_log_file = -1; - } else if (print_debug) { - printf("--------------------------------------------------------------------------------\n"); - } - - if ((sandbox_log_presence) || (!success)) { - return 1; - } else { - return 0; - } - } -} - - - -// vim:expandtab noai:cindent ai diff --git a/src/sandbox-dev/sandbox.h b/src/sandbox-dev/sandbox.h deleted file mode 100644 index 91f759f60..000000000 --- a/src/sandbox-dev/sandbox.h +++ /dev/null @@ -1,69 +0,0 @@ -/* - * Copyright (C) 2002 Brad House , - * Possibly based on code from Geert Bevin, Uwyn, http://www.uwyn.com - * Distributed under the terms of the GNU General Public License, v2 or later - * Author: Brad House - * - * $Id: /var/cvsroot/gentoo-src/portage/src/sandbox-dev/Attic/sandbox.h,v 1.2 2002/12/04 18:11:32 azarah Exp $ - */ - -#ifndef __SANDBOX_H__ -#define __SANDBOX_H__ - -/* Uncomment below to use flock instead of fcntl (POSIX way) to lock/unlock files */ -/* #define USE_FLOCK */ - -/* Uncomment below to use system() to execute the shell rather than execv */ -/* #define USE_SYSTEM_SHELL */ - -/* Uncomment below to use /etc/ld.so.preload (could be very intrusive!!) */ -/* #define USE_LD_SO_PRELOAD */ - -/* Uncommend to not have the protected shell forked, just run in parent process */ -/* ONLY FOR DEBUGGING PURPOSES!! (strace needs it like that) */ -/* #define NO_FORK */ - - -#define LD_PRELOAD_FILE "/etc/ld.so.preload" -#define LIB_NAME "libsandbox.so" -#define BASHRC_NAME "sandbox.bashrc" -#define PIDS_FILE "/tmp/sandboxpids.tmp" -#define LOG_FILE_PREFIX "/tmp/sandbox-" -#define DEBUG_LOG_FILE_PREFIX "/tmp/sandbox-debug-" -#define LOG_FILE_EXT ".log" - -#define ENV_SANDBOX_DEBUG_LOG "SANDBOX_DEBUG_LOG" -#define ENV_SANDBOX_LOG "SANDBOX_LOG" -#define ENV_SANDBOX_DIR "SANDBOX_DIR" -#define ENV_SANDBOX_LIB "SANDBOX_LIB" - -#define ENV_SANDBOX_DENY "SANDBOX_DENY" -#define ENV_SANDBOX_READ "SANDBOX_READ" -#define ENV_SANDBOX_WRITE "SANDBOX_WRITE" -#define ENV_SANDBOX_PREDICT "SANDBOX_PREDICT" - -#define ENV_SANDBOX_ON "SANDBOX_ON" -#define ENV_SANDBOX_BEEP "SANDBOX_BEEP" - -#define DEFAULT_BEEP_COUNT 3 - -char *get_sandbox_path(char *argv0); -char *get_sandbox_lib(char *sb_path); -char *get_sandbox_rc(char *sb_path); -char *get_sandbox_log(); -char *sb_dirname(const char *path); -int file_getmode(char *mode); -long file_tell(int fp); -int file_lock(int fd, int lock, char *filename); -int file_unlock(int fd); -int file_locktype(char *mode); -int file_open(char *filename, char *mode, int perm_specified, ...); -void file_close(int fd); -long file_length(int fd); -int file_truncate(int fd); -int file_exist(char *filename, int checkmode); - -#endif - - -// vim:expandtab noai:cindent ai diff --git a/src/sandbox-dev/sandbox_futils.c b/src/sandbox-dev/sandbox_futils.c deleted file mode 100644 index 4498625dc..000000000 --- a/src/sandbox-dev/sandbox_futils.c +++ /dev/null @@ -1,352 +0,0 @@ -/* - * Copyright (C) 2002 Brad House - * Distributed under the terms of the GNU General Public License, v2 or later - * Author: Brad House - * - * $Id: /var/cvsroot/gentoo-src/portage/src/sandbox-dev/Attic/sandbox_futils.c,v 1.3 2002/12/04 18:11:32 azarah Exp $ - * - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "sandbox.h" - - -char *get_sandbox_path(char *argv0) -{ - char path[255]; - char *cwd = NULL; - - /* ARGV[0] specifies full path */ - if (argv0[0] == '/') { - strncpy(path, argv0, 254); - - /* ARGV[0] specifies relative path */ - } else { - getcwd(cwd, 253); - sprintf(path, "%s/%s", cwd, argv0); - if (cwd) free(cwd); - cwd = NULL; - } - - /* Return just directory */ - return(sb_dirname(path)); -} - -char *get_sandbox_lib(char *sb_path) -{ - char path[255]; - - snprintf(path, 254, "/lib/%s", LIB_NAME); - if (file_exist(path, 0) <= 0) { - snprintf(path, 254, "%s%s", sb_path, LIB_NAME); - } - return(strdup(path)); -} - -char *get_sandbox_rc(char *sb_path) -{ - char path[255]; - - snprintf(path, 254, "/usr/lib/portage/lib/%s", BASHRC_NAME); - if (file_exist(path, 0) <= 0) { - snprintf(path, 254, "%s%s", sb_path, BASHRC_NAME); - } - return(strdup(path)); -} - -char *get_sandbox_log() -{ - char path[255]; - char pid_string[20]; - char *sandbox_log_env = NULL; - - sprintf(pid_string, "%d", getpid()); - - strcpy(path, LOG_FILE_PREFIX); - sandbox_log_env = getenv(ENV_SANDBOX_LOG); - if (sandbox_log_env) { - strcat(path, sandbox_log_env); - strcat(path, "-"); - } - strcat(path, pid_string); - strcat(path, LOG_FILE_EXT); - return(strdup(path)); -} - -/* Obtain base directory name. Do not allow trailing / */ -char *sb_dirname(const char *path) -{ - char *ret = NULL; - char *ptr = NULL; - int loc = 0, i; - int cut_len = -1; - - /* don't think NULL will ever be passed, but just in case */ - if (NULL == path) return(strdup(".")); - - /* Grab pointer to last slash */ - ptr = strrchr(path, '/'); - if (NULL == ptr) { - return(strdup(".")); - } - - /* decimal location of pointer */ - loc = ptr - path; - - /* Remove any trailing slash */ - for (i = loc-1; i >= 0; i--) { - if (path[i] != '/') { - cut_len = i + 1; /* make cut_len the length of the string to keep */ - break; - } - } - - /* It could have been just a plain /, return a 1byte 0 filled string */ - if (-1 == cut_len) return(strdup("")); - - /* Allocate memory, and return the directory */ - ret = (char *)malloc((cut_len + 1) * sizeof(char)); - memcpy(ret, path, cut_len); - ret[cut_len] = 0; - - return(ret); -} - -/* -char* dirname(const char* path) -{ - char* base = NULL; - unsigned int length = 0; - - base = strrchr(path, '/'); - if (NULL == base) - { - return strdup("."); - } - while (base > path && *base == '/') - { - base--; - } - length = (unsigned int) 1 + base - path; - - base = malloc(sizeof(char)*(length+1)); - memmove(base, path, length); - base[length] = 0; - - return base; -}*/ - -/* Convert text (string) modes to integer values */ -int file_getmode(char *mode) -{ - int mde = 0; - if (0 == strcasecmp(mode, "r+")) { - mde = O_RDWR | O_CREAT; - } else if (0 == strcasecmp(mode, "w+")) { - mde = O_RDWR | O_CREAT | O_TRUNC; - } else if (0 == strcasecmp(mode, "a+")) { - mde = O_RDWR | O_CREAT | O_APPEND; - } else if (0 == strcasecmp(mode, "r")) { - mde = O_RDONLY; - } else if (0 == strcasecmp(mode, "w")) { - mde = O_WRONLY | O_CREAT | O_TRUNC; - } else if (0 == strcasecmp(mode, "a")) { - mde = O_WRONLY | O_APPEND | O_CREAT; - } else { - mde = O_RDONLY; - } - return(mde); -} - -/* Get current position in file */ -long file_tell(int fp) -{ - return(lseek(fp, 0L, SEEK_CUR)); -} - -/* lock the file, preferrably the POSIX way */ -int file_lock(int fd, int lock, char *filename) -{ - int err; -#ifdef USE_FLOCK - if (flock(fd, lock) < 0) { - err = errno; - fprintf(stderr, ">>> %s flock file lock: %s\n", filename, strerror(err)); - return 0; - } -#else - struct flock fl; - fl.l_type = lock; - fl.l_whence = SEEK_SET; - fl.l_start = 0L; - fl.l_len = 0L; - fl.l_pid = getpid(); - if (fcntl(fd, F_SETLKW, &fl) < 0) { - err = errno; - fprintf(stderr, ">>> %s fcntl file lock: %s\n", filename, strerror(err)); - return 0; - } -#endif - return 1; -} - -/* unlock the file, preferrably the POSIX way */ -int file_unlock(int fd) -{ -#ifdef USE_FLOCK - if (flock(fd, LOCK_UN) < 0) { - perror(">>> flock file unlock"); - return 0; - } -#else - struct flock fl; - fl.l_type = F_UNLCK; - fl.l_whence = SEEK_SET; - fl.l_start = 0L; - fl.l_len = 0L; - fl.l_pid = getpid(); - if (fcntl(fd, F_SETLKW, &fl) < 0) { - perror(">>> fcntl file unlock"); - return 0; - } -#endif - return 1; -} - -/* Auto-determine from how the file was opened, what kind of lock to lock - * the file with - */ -int file_locktype(char *mode) -{ -#ifdef USE_FLOCK - if (NULL != (strchr(mode, 'w')) || (NULL != strchr(mode, '+')) || (NULL != strchr(mode, 'a'))) - return(LOCK_EX); - return(LOCK_SH); -#else - if (NULL != (strchr(mode, 'w')) || (NULL != strchr(mode, '+')) || (NULL != strchr(mode, 'a'))) - return(F_WRLCK); - return(F_RDLCK); -#endif -} - -/* Use standard fopen style modes to open the specified file. Also auto-determines and - * locks the file either in shared or exclusive mode depending on opening mode - */ -int file_open(char *filename, char *mode, int perm_specified, ...) -{ - int fd; - char error[250]; - va_list ap; - int perm; - - if (perm_specified) { - va_start(ap, perm_specified); - perm = va_arg(ap, int); - va_end(ap); - } - if (perm_specified) { - fd = open(filename, file_getmode(mode), perm); - } else { - fd = open(filename, file_getmode(mode)); - } - if (-1 == fd) { - snprintf(error, 249, ">>> %s file mode: %s open", filename, mode); - perror(error); - return(fd); - } - /* Only lock the file if opening succeeded */ - if (-1 != fd) { - if (0 == file_lock(fd, file_locktype(mode), filename)) { - close(fd); - return -1; - } - } else { - snprintf(error, 249, ">>> %s file mode:%s open", filename, mode); - perror(error); - } - return(fd); -} - -/* Close and unlock file */ -void file_close(int fd) -{ - if (-1 != fd) { - file_unlock(fd); - close(fd); - } -} - -/* Return length of file */ -long file_length(int fd) -{ - long pos, len; - pos = file_tell(fd); - len = lseek(fd, 0L, SEEK_END); - lseek(fd, pos, SEEK_SET); - return(len); -} - -/* Zero out file */ -int file_truncate(int fd) -{ - lseek(fd, 0L, SEEK_SET); - if (ftruncate(fd, 0) < 0) { - perror(">>> file truncate"); - return 0; - } - return 1; -} - -/* Check to see if a file exists Return: 1 success, 0 file not found, -1 error */ -int file_exist(char *filename, int checkmode) -{ - struct stat mystat; - - /* Verify file exists and is regular file (not sym link) */ - if (checkmode) { - if (-1 == lstat(filename, &mystat)) { - /* file doesn't exist */ - if (ENOENT == errno) { - return 0; - } else { /* permission denied or other error */ - perror(">>> stat file"); - return -1; - } - } - if (!S_ISREG(mystat.st_mode)) - return -1; - - /* Just plain verify the file exists */ - } else { - if (-1 == stat(filename, &mystat)) { - /* file does not exist */ - if (ENOENT == errno) { - return 0; - } else { /* permission denied or other error */ - perror(">>> stat file"); - return -1; - } - } - } - - return 1; -} - - -// vim:expandtab noai:cindent ai -- cgit v1.2.3-1-g7c22