/[path-sandbox]/trunk/ChangeLog.0
Gentoo

Diff of /trunk/ChangeLog.0

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 47 Revision 159
1# ChangeLog for Path Sandbox 1# ChangeLog for Path Sandbox
2# Copyright 1999-2004 Gentoo Foundation; Distributed under the GPL v2 2# Copyright 1999-2005 Gentoo Foundation; Distributed under the GPL v2
3# $Header$ 3# $Header$
4
5 05 Aug 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c, sandbox.c,
6 sandbox.h:
7
8 Do not give an access violation if the access() system call do not have
9 write/read access - it does not actually modify, so we only need to return
10 not being able to write/read. Noted by Andres Loeh <kosmikus@gentoo.org>,
11 bug #101433.
12
13 If we are called from the command line, do not care about PORTAGE_TMPDIR,
14 and make the current directory the work directory. Also rename the variable
15 portage_tmp_dir to work_dir.
16
17 Remove the tmp_dir variable - we do not need it.
18
19 Improve error handling for get_sandbox_*_envvar() functions.
20
21 01 Aug 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c:
22
23 Still do normal log if debugging is requested.
24
25 Add support for SANDBOX_VERBOSE (enabled by default). Adjust SANDBOX_DEBUG
26 to only enable if equal to "1" or "yes".
27
28 Add /dev/tts to write permit, bug #42809.
29
30 27 July 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c, sandbox.h,
31 sandbox_futils.c:
32
33 Do not resolve symlinks in PORTAGE_TMPDIR in sandbox .. we will handle that
34 in libsandbox .. bug #100309.
35
36 22 July 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.h:
37
38 Print all logging to stderr, bug #90343, comment #15, by Zac Medico.
39
40* sandbox-1.2.11 (2005/07/14)
41
42 14 July 2005; Martin Schlemmer <azarah@gentoo.org> getcwd.c:
43 Fix getcwd, bug #98419.
44
45 08 July 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c, sandbox_futils.c,
46 libsandbox.c:
47 - Try to cleanup and make error handling/printing consistent.
48 - Remove old logs if present and conflicting with current.
49 - Fix compile error with previous change, and return rather then exit().
50
51 07 July 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c, sandbox.c,
52 sandbox.h, sandbox_futils.c:
53 - Fix possible segfault in env init code.
54 - Major cleanup of sandbox_futils.c. Removed most of the functions as we now
55 write to /var/log/sandbox/, so in theory do not need all that.
56 - Redo the interface of the get_* functions so that we do not leak memory.
57 - Remove sandbox_dir and co - we are not using it anymore.
58 - Remove unused includes and variables.
59 - Only declare functions in sandbox_futils.c that are used in libsandbox.c when
60 OUTSIDE_LIBSANDBOX is not defined.
61 - Cleanup access/log printing. Make access printing honour NOCOLOR. Fix log
62 printing's last line not honouring NOCOLOR.
63
64 06 July 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.h, sandbox_futils.c,
65 libsandbox.c:
66 - Change log dir to /var/log/sandbox/. Make sure the sandboxed process cannot
67 write to it.
68 - Clean up logging in libsandbox.c, and hopefully make it more consistant.
69 - Add check_prefixes() with major cleanup on check_access().
70 - Cleanup init_env_entries() and check_prefixes().
71
72 05 July 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c, sandbox.h,
73 sandbox_futils.c, libsandbox.c:
74 Remove unused 'pids file' code.
75
76* sandbox-1.2.10 (2005/07/03)
77
78 03 July 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c:
79 Add PREDICT items for nss-db, bug #92079. Patch from Robin Johnson.
80
81 17 June 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c:
82 General cleanups:
83 - Remove fooling around with exit codes - we error out on presence of a log
84 anyhow.
85 - Move get_sandbox_*_envvar() to sandbox_setup_environ(), as its more
86 appropriate there.
87
88 12 June 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c:
89 Cleanup the fail_nametoolong stuff a bit more.
90
91 11 June 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c:
92 Remove hopefully the last ld.so.preload bits we do not use anymore.
93
94 11 June 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c:
95 Remove the unneeded canonicalize() calls in the wrappers - we do it anyhow
96 in check_syscall(). Should speed things up a bit (at least for the getcwd()
97 and long path name test it goes down to under a second, and not 10+ seconds
98 like before). Also warn if we skip checking due to the canonicalized path
99 being too long.
100
101 11 June 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c:
102 More comment/readability cleanups.
103
104 10 June 2005; Martin Schlemmer <azarah@gentoo.org> canonicalize.c, getcwd.c,
105 sandbox_futils.c, libsandbox.c:
106 Some strncpy/strncat and other cleanups.
107
108* sandbox-1.2.9 (2005/06/09)
109
110 09 June 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c:
111 Move symlink hack down a bit to try and minimize on the amount of lstat()
112 calls we do.
113
114 09 June 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c, sandbox.c:
115 Add hack to allow writing to /proc/self/fd (or /dev/fd), bug #91516.
116
117 09 June 2005; Martin Schlemmer <azarah@gentoo.org> symbols.in, libsandbox.c:
118 Add wrapper for access() function, bug #85413.
119
120 09 June 2005; Martin Schlemmer <azarah@gentoo.org> getcwd.c:
121 Use generic getcwd() implementation from uclibc - should be more portable
122 and looks a bit cleaner.
123
124 09 June 2005; Martin Schlemmer <azarah@gentoo.org> getcwd.c, libsandbox.c:
125 Make sure our true_* pointers are initialized to NULL, and that we check for
126 all references that they are valid.
127
128 09 June 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c:
129 Be default we will fail if the path name we try to canonicalize is too long.
130 This however could cause issues with some things (bug #94630 and #21766), so
131 if fail_nametoolong == 0, canonicalize() will return a null length string and
132 do not fail.
133
134 08 June 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c, sandbox_futils.c:
135 Do not abort if TMPDIR is not valid, but rather use '/tmp', bug #94360. Also
136 make sure we re-export the new TMPDIR environment variable.
137
138 08 June 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c:
139 Fix incorrect free of non-malloc'd array, bug #92313 and #94020. Fix noted
140 by Marcus D. Hanwell <cryos@gentoo.org>.
141
142 08 June 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c:
143 Add /dev/console to write list, bug #38588.
144
145* sandbox-1.2.8 (2005/05/13)
146
147 13 May 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c, sandbox.c,
148 sandbox.h, sandbox_futils.c:
149 General cleanups.
150
151 13 May 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c, sandbox.c,
152 sandbox.h:
153 Various LD_PRELOAD cleanups. Do not unset LD_PRELOAD for parent.
154
155 13 May 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c, sandbox.c,
156 sandbox.h, sandbox_futils.c:
157 Modify get_sandbox_pids_file(), get_sandbox_log() and get_sandbox_debug_log()
158 to use TMPDIR if present in environment.
159
160 13 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c:
161 Remove sandbox_log_file from main() as its no longer used.
162
163 13 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c, sandbox.h,
164 sandbox_futils.c:
165 Add get_sandbox_debug_log(), and use it (add behaviour similar to SANDBOX_LOG
166 if already exported when sandbox started). Fix get_sandbox_log() and new
167 get_sandbox_debug_log() to not use already exported environment variables if
168 they have '/' in them. Use snprintf()'s instead of strncpy()'s. More
169 SB_PATH_MAX fixes.
170
171* sandbox-1.2.7 (2005/05/12)
172
173 12 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c, sandbox.h,
174 sandbox_futils.c:
175 More path limit fixes. Declare SB_BUF_LEN global and use it where needed.
176
177 12 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox_futils.c:
178 Fix paths limited to 255 chars. Fix get_sandbox_dir() returning a string
179 with '(null)' in it if we did not call sandbox with absolute path.
180
181 12 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c:
182 Set SANDBOX_ON *before* doing the child's env stuff, else its not set
183 for the child.
184
185 12 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c:
186 Remove global preload_adaptable as it is no longer used.
187
188 12 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c:
189 Rewrite environment stuff to only be set when execve'ing the child process
190 to try and avoid issues like bug #91541 that causes sandbox to crash if
191 we set LD_PRELOAD sandbox side already.
192
193 11 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c:
194 Move print_sandbox_log() up to make things neater.
195
196 11 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c:
197 Remove load_preload_libs(), as its not used anymore.
198
199 11 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c, sandbox.h:
200 Remove NO_FORK stuff, as its not used, and 'strace -f' works just fine.
201
202 11 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c, sandbox.h:
203 Remove USE_SYSTEM_SHELL stuff, as it is not secure, and not in use.
204
205 11 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c, sandbox.h:
206 Remove ld.so.preload crap - we are not going to use it again.
207
208 10 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox_futils.c:
209 Fix typo in code that checks if we got valid group information, causing a
210 segmentation fault, bug #91637.
211
212* sandbox-1.2.6 (2005/05/10)
213
214 10 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c:
215 Do not use LD_PRELOAD if it contains libtsocks.so, as it breaks sandbox
216 for some odd reason, bug #91541.
217
218 09 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c:
219 Fix typo (sizeof -> strlen).
220
221 08 May 2005; Brian Harring <ferringb@gentoo.org> libsandbox.c:
222 rewrote the sbcontext caching code so it accounts for env changes since lib
223 initialization.
224
225 05 May 2005; Martin Schlemmer <azarah@gentoo.org> configure.in, libctest.c:
226 We create libctest.c via configure, so no need to keep it around. Do some
227 cleanup related to libctest.c and libctest during configure.
228
229 04 May 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c:
230 Add rename support of symlinks pointing to protected files/directories.
231
232* sandbox-1.2.5 (2005/05/04)
233
234 04 May 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c, sandbox.c,
235 sandbox.bashrc:
236 Do not reset already set LD_PRELOAD when starting sandbox. If LD_PRELOAD is
237 already set, init of the env vars fails for some reason, so do this later on,
238 and do not warn (bug #91431).
239
240 03 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c, sandbox.h,
241 sandbox.bashrc:
242 Fixup sandbox and sandbox.bashrc to call bash with the proper .bashrc.
243
244* sandbox-1.2.4 (2005/05/03)
245
246 03 May 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c:
247 Do not init the env entries with each call, as it creates too many calls to
248 lstat, etc. Should speedup things a bit, bug #91040.
249
250 03 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c:
251 Add /dev/pty to default write list. Noticed by Morfic.
252
253 02 May 2005; Mike Frysinger <vapier@gentoo.org> configure.in, localdecls.h,
254 sandbox.h:
255 uClibc doesn't support dlvsym() so add a configure check to make sure it doesn't
256 exist. Also update localdecls.h so BROKEN_RTLD_NEXT isn't defined in uClibc.
257
258* sandbox-1.2.3 (2005/04/29)
259
260 29 Apr 2005; Martin Schlemmer <azarah@gentoo.org> configure.in:
261 Do not check for (*&#$(* CXX or F77.
262
263 29 Apr 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c:
264 Do not append '/' to pathname in filter_path() if it already ends with it.
265
266 28 Apr 2005; Mike Frysinger <vapier@gentoo.org> Makefile.am, configure.in:
267 With az's help, clean up autotools to work with cross-compiling.
268
269* sandbox-1.2.2 (2005/04/28)
4 270
5 28 Apr 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c: 271 28 Apr 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c:
6 Only check for /dev/{null,zero} for unlink hack, else ricers using /dev/shm 272 Only check for /dev/{null,zero} for unlink hack, else ricers using /dev/shm
7 have issues; bug #90592. 273 have issues; bug #90592.
8 274
9* sandbox-1.2.1 275* sandbox-1.2.1 (2005/04/23)
10 276
11 23 Apr 2005; Martin Schlemmer <azarah@gentoo.org> Makefile.am, canonicalize.c, 277 23 Apr 2005; Martin Schlemmer <azarah@gentoo.org> Makefile.am, canonicalize.c,
12 getcwd.c, libsandbox.c, localdecls.h, sandbox.h, sandbox_futils.c: 278 getcwd.c, libsandbox.c, localdecls.h, sandbox.h, sandbox_futils.c:
13 Make sure all functions used in libsandbox.c is declared static. Define 279 Make sure all functions used in libsandbox.c is declared static. Define
14 SB_STATIC in localdecls.h for this. Include sandbox_futils.c rather than 280 SB_STATIC in localdecls.h for this. Include sandbox_futils.c rather than
15 linking with its object. Hopefully this will fix bug #90153. 281 linking with its object. Hopefully this will fix bug #90153.
16 282
17* sandbox-1.2 283* sandbox-1.2 (2005/04/23)
18 284
19 22 Mar 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c: 285 22 Mar 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c:
20 Allow lchown a symlink in write-allowed path pointing to write-denied 286 Allow lchown a symlink in write-allowed path pointing to write-denied
21 target. 287 target.
22 288

Legend:
Removed from v.47  
changed lines
  Added in v.159

  ViewVC Help
Powered by ViewVC 1.1.20