/[path-sandbox]/trunk/ChangeLog.0
Gentoo

Diff of /trunk/ChangeLog.0

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 47 Revision 192
1# ChangeLog for Path Sandbox 1# ChangeLog for Path Sandbox
2# Copyright 1999-2004 Gentoo Foundation; Distributed under the GPL v2 2# Copyright 1999-2005 Gentoo Foundation; Distributed under the GPL v2
3# $Header$ 3# $Header$
4
5 01 Dec 2005; Martin Schlemmer <azarah@gentoo.org> configure.in, Makefile.am,
6 localdecls.h, scripts/Makefile.am, scripts/gen_symbol_version_map.awk,
7 scripts/gen_symbol_header.awk, src/Makefile.am, src/symbols.in,
8 src/libsandbox.c, src/getcwd.c, src/sandbox.c, data/sandbox.bashrc:
9
10 Use versioned symbols on supported libc's for functions we wrap, as well as
11 provide all versions of specific functions. Some syntax cleanups.
12
13 Only check SANDBOX_ACTIVE, and not its value. More BASH_ENV fixes.
14
15 Rename configure.in to configure.ac.
16
17 Fix non-versioned libc's to also prepend '__' to internal symbols by using
18 strong aliases.
19
20 Remove the SB_STATIC and including of getcwd.c, etc voodoo, as we new use a
21 symbol map, and all non-exported symbols are local. Cleanup getcwd.c, as
22 the generic getcwd for older 2.4 kernels do not work properly anyhow, and
23 just makes things slower. Some other warning fixes.
24
25 Rename src/symbols.in to src/symbols.h.in.
26
27 Cleanup local defines for egetcwd() and erealpath().
28
29 Rename filter_path() to resolve_path() and other renames for clarity.
30
31 28 Nov 2005; Martin Schlemmer <azarah@gentoo.org> configure.in, sandbox.c,
32 sandbox_fdutils.c:
33
34 Detect if we on 64bit arch automatically.
35
36 Update contact email. Fix quoting.
37
38 Revert 64bit arch test, as we should build the 32bit version without full
39 path checking as well, and add --enable-multilib switch to configure.
40
41* sandbox-1.2.14 (2005/11/28)
42
43 28 Nov 2005; Martin Schlemmer <azarah@gentoo.org> getcwd.c, libsandbox.c,
44 sandbox.c, sandbox.h, sandbox.bashrc:
45
46 Check generic getcwd()'s return as well for validity, bug #101728.
47
48 Cleanup environ variables.
49
50 Rather check SANDBOX_ACTIVE if we are already running. Set SANDBOX_ACTIVE
51 to readonly in sandbox.bashrc.
52
53 Make sure we use our bashrc.
54
55 01 Nov 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c:
56
57 Do not pass mode to true_open and true_open64 if not needed. Should fix a
58 segfault in some cases.
59
60* sandbox-1.2.13 (2005/09/12)
61
62 12 Sep 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c, libsandbox.c:
63
64 Do not handle adding working directory to SANDBOX_WRITE, as portage does it
65 itself.
66
67 Make libsb_fini() do cleanup a bit more complete just in case we get another
68 uClibc 'call preloaded library fini before that of app' issue ... probably
69 will not help much, but we try.
70
71 04 Sep 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c:
72
73 Also allow symlink() system call to operate on a symlink in a writable path
74 that points to non-writable path, bug #104711.
75
76* sandbox-1.2.12 (2005/08/05)
77
78 05 Aug 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c, sandbox.c,
79 sandbox.h:
80
81 Do not give an access violation if the access() system call do not have
82 write/read access - it does not actually modify, so we only need to return
83 not being able to write/read. Noted by Andres Loeh <kosmikus@gentoo.org>,
84 bug #101433.
85
86 If we are called from the command line, do not care about PORTAGE_TMPDIR,
87 and make the current directory the work directory. Also rename the variable
88 portage_tmp_dir to work_dir.
89
90 Remove the tmp_dir variable - we do not need it.
91
92 Improve error handling for get_sandbox_*_envvar() functions.
93
94 01 Aug 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c:
95
96 Still do normal log if debugging is requested.
97
98 Add support for SANDBOX_VERBOSE (enabled by default). Adjust SANDBOX_DEBUG
99 to only enable if equal to "1" or "yes".
100
101 Add /dev/tts to write permit, bug #42809.
102
103 27 July 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c, sandbox.h,
104 sandbox_futils.c:
105
106 Do not resolve symlinks in PORTAGE_TMPDIR in sandbox .. we will handle that
107 in libsandbox .. bug #100309.
108
109 22 July 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.h:
110
111 Print all logging to stderr, bug #90343, comment #15, by Zac Medico.
112
113* sandbox-1.2.11 (2005/07/14)
114
115 14 July 2005; Martin Schlemmer <azarah@gentoo.org> getcwd.c:
116 Fix getcwd, bug #98419.
117
118 08 July 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c, sandbox_futils.c,
119 libsandbox.c:
120 - Try to cleanup and make error handling/printing consistent.
121 - Remove old logs if present and conflicting with current.
122 - Fix compile error with previous change, and return rather then exit().
123
124 07 July 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c, sandbox.c,
125 sandbox.h, sandbox_futils.c:
126 - Fix possible segfault in env init code.
127 - Major cleanup of sandbox_futils.c. Removed most of the functions as we now
128 write to /var/log/sandbox/, so in theory do not need all that.
129 - Redo the interface of the get_* functions so that we do not leak memory.
130 - Remove sandbox_dir and co - we are not using it anymore.
131 - Remove unused includes and variables.
132 - Only declare functions in sandbox_futils.c that are used in libsandbox.c when
133 OUTSIDE_LIBSANDBOX is not defined.
134 - Cleanup access/log printing. Make access printing honour NOCOLOR. Fix log
135 printing's last line not honouring NOCOLOR.
136
137 06 July 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.h, sandbox_futils.c,
138 libsandbox.c:
139 - Change log dir to /var/log/sandbox/. Make sure the sandboxed process cannot
140 write to it.
141 - Clean up logging in libsandbox.c, and hopefully make it more consistant.
142 - Add check_prefixes() with major cleanup on check_access().
143 - Cleanup init_env_entries() and check_prefixes().
144
145 05 July 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c, sandbox.h,
146 sandbox_futils.c, libsandbox.c:
147 Remove unused 'pids file' code.
148
149* sandbox-1.2.10 (2005/07/03)
150
151 03 July 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c:
152 Add PREDICT items for nss-db, bug #92079. Patch from Robin Johnson.
153
154 17 June 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c:
155 General cleanups:
156 - Remove fooling around with exit codes - we error out on presence of a log
157 anyhow.
158 - Move get_sandbox_*_envvar() to sandbox_setup_environ(), as its more
159 appropriate there.
160
161 12 June 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c:
162 Cleanup the fail_nametoolong stuff a bit more.
163
164 11 June 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c:
165 Remove hopefully the last ld.so.preload bits we do not use anymore.
166
167 11 June 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c:
168 Remove the unneeded canonicalize() calls in the wrappers - we do it anyhow
169 in check_syscall(). Should speed things up a bit (at least for the getcwd()
170 and long path name test it goes down to under a second, and not 10+ seconds
171 like before). Also warn if we skip checking due to the canonicalized path
172 being too long.
173
174 11 June 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c:
175 More comment/readability cleanups.
176
177 10 June 2005; Martin Schlemmer <azarah@gentoo.org> canonicalize.c, getcwd.c,
178 sandbox_futils.c, libsandbox.c:
179 Some strncpy/strncat and other cleanups.
180
181* sandbox-1.2.9 (2005/06/09)
182
183 09 June 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c:
184 Move symlink hack down a bit to try and minimize on the amount of lstat()
185 calls we do.
186
187 09 June 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c, sandbox.c:
188 Add hack to allow writing to /proc/self/fd (or /dev/fd), bug #91516.
189
190 09 June 2005; Martin Schlemmer <azarah@gentoo.org> symbols.in, libsandbox.c:
191 Add wrapper for access() function, bug #85413.
192
193 09 June 2005; Martin Schlemmer <azarah@gentoo.org> getcwd.c:
194 Use generic getcwd() implementation from uclibc - should be more portable
195 and looks a bit cleaner.
196
197 09 June 2005; Martin Schlemmer <azarah@gentoo.org> getcwd.c, libsandbox.c:
198 Make sure our true_* pointers are initialized to NULL, and that we check for
199 all references that they are valid.
200
201 09 June 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c:
202 Be default we will fail if the path name we try to canonicalize is too long.
203 This however could cause issues with some things (bug #94630 and #21766), so
204 if fail_nametoolong == 0, canonicalize() will return a null length string and
205 do not fail.
206
207 08 June 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c, sandbox_futils.c:
208 Do not abort if TMPDIR is not valid, but rather use '/tmp', bug #94360. Also
209 make sure we re-export the new TMPDIR environment variable.
210
211 08 June 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c:
212 Fix incorrect free of non-malloc'd array, bug #92313 and #94020. Fix noted
213 by Marcus D. Hanwell <cryos@gentoo.org>.
214
215 08 June 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c:
216 Add /dev/console to write list, bug #38588.
217
218* sandbox-1.2.8 (2005/05/13)
219
220 13 May 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c, sandbox.c,
221 sandbox.h, sandbox_futils.c:
222 General cleanups.
223
224 13 May 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c, sandbox.c,
225 sandbox.h:
226 Various LD_PRELOAD cleanups. Do not unset LD_PRELOAD for parent.
227
228 13 May 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c, sandbox.c,
229 sandbox.h, sandbox_futils.c:
230 Modify get_sandbox_pids_file(), get_sandbox_log() and get_sandbox_debug_log()
231 to use TMPDIR if present in environment.
232
233 13 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c:
234 Remove sandbox_log_file from main() as its no longer used.
235
236 13 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c, sandbox.h,
237 sandbox_futils.c:
238 Add get_sandbox_debug_log(), and use it (add behaviour similar to SANDBOX_LOG
239 if already exported when sandbox started). Fix get_sandbox_log() and new
240 get_sandbox_debug_log() to not use already exported environment variables if
241 they have '/' in them. Use snprintf()'s instead of strncpy()'s. More
242 SB_PATH_MAX fixes.
243
244* sandbox-1.2.7 (2005/05/12)
245
246 12 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c, sandbox.h,
247 sandbox_futils.c:
248 More path limit fixes. Declare SB_BUF_LEN global and use it where needed.
249
250 12 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox_futils.c:
251 Fix paths limited to 255 chars. Fix get_sandbox_dir() returning a string
252 with '(null)' in it if we did not call sandbox with absolute path.
253
254 12 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c:
255 Set SANDBOX_ON *before* doing the child's env stuff, else its not set
256 for the child.
257
258 12 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c:
259 Remove global preload_adaptable as it is no longer used.
260
261 12 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c:
262 Rewrite environment stuff to only be set when execve'ing the child process
263 to try and avoid issues like bug #91541 that causes sandbox to crash if
264 we set LD_PRELOAD sandbox side already.
265
266 11 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c:
267 Move print_sandbox_log() up to make things neater.
268
269 11 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c:
270 Remove load_preload_libs(), as its not used anymore.
271
272 11 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c, sandbox.h:
273 Remove NO_FORK stuff, as its not used, and 'strace -f' works just fine.
274
275 11 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c, sandbox.h:
276 Remove USE_SYSTEM_SHELL stuff, as it is not secure, and not in use.
277
278 11 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c, sandbox.h:
279 Remove ld.so.preload crap - we are not going to use it again.
280
281 10 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox_futils.c:
282 Fix typo in code that checks if we got valid group information, causing a
283 segmentation fault, bug #91637.
284
285* sandbox-1.2.6 (2005/05/10)
286
287 10 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c:
288 Do not use LD_PRELOAD if it contains libtsocks.so, as it breaks sandbox
289 for some odd reason, bug #91541.
290
291 09 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c:
292 Fix typo (sizeof -> strlen).
293
294 08 May 2005; Brian Harring <ferringb@gentoo.org> libsandbox.c:
295 rewrote the sbcontext caching code so it accounts for env changes since lib
296 initialization.
297
298 05 May 2005; Martin Schlemmer <azarah@gentoo.org> configure.in, libctest.c:
299 We create libctest.c via configure, so no need to keep it around. Do some
300 cleanup related to libctest.c and libctest during configure.
301
302 04 May 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c:
303 Add rename support of symlinks pointing to protected files/directories.
304
305* sandbox-1.2.5 (2005/05/04)
306
307 04 May 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c, sandbox.c,
308 sandbox.bashrc:
309 Do not reset already set LD_PRELOAD when starting sandbox. If LD_PRELOAD is
310 already set, init of the env vars fails for some reason, so do this later on,
311 and do not warn (bug #91431).
312
313 03 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c, sandbox.h,
314 sandbox.bashrc:
315 Fixup sandbox and sandbox.bashrc to call bash with the proper .bashrc.
316
317* sandbox-1.2.4 (2005/05/03)
318
319 03 May 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c:
320 Do not init the env entries with each call, as it creates too many calls to
321 lstat, etc. Should speedup things a bit, bug #91040.
322
323 03 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c:
324 Add /dev/pty to default write list. Noticed by Morfic.
325
326 02 May 2005; Mike Frysinger <vapier@gentoo.org> configure.in, localdecls.h,
327 sandbox.h:
328 uClibc doesn't support dlvsym() so add a configure check to make sure it doesn't
329 exist. Also update localdecls.h so BROKEN_RTLD_NEXT isn't defined in uClibc.
330
331* sandbox-1.2.3 (2005/04/29)
332
333 29 Apr 2005; Martin Schlemmer <azarah@gentoo.org> configure.in:
334 Do not check for (*&#$(* CXX or F77.
335
336 29 Apr 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c:
337 Do not append '/' to pathname in filter_path() if it already ends with it.
338
339 28 Apr 2005; Mike Frysinger <vapier@gentoo.org> Makefile.am, configure.in:
340 With az's help, clean up autotools to work with cross-compiling.
341
342* sandbox-1.2.2 (2005/04/28)
4 343
5 28 Apr 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c: 344 28 Apr 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c:
6 Only check for /dev/{null,zero} for unlink hack, else ricers using /dev/shm 345 Only check for /dev/{null,zero} for unlink hack, else ricers using /dev/shm
7 have issues; bug #90592. 346 have issues; bug #90592.
8 347
9* sandbox-1.2.1 348* sandbox-1.2.1 (2005/04/23)
10 349
11 23 Apr 2005; Martin Schlemmer <azarah@gentoo.org> Makefile.am, canonicalize.c, 350 23 Apr 2005; Martin Schlemmer <azarah@gentoo.org> Makefile.am, canonicalize.c,
12 getcwd.c, libsandbox.c, localdecls.h, sandbox.h, sandbox_futils.c: 351 getcwd.c, libsandbox.c, localdecls.h, sandbox.h, sandbox_futils.c:
13 Make sure all functions used in libsandbox.c is declared static. Define 352 Make sure all functions used in libsandbox.c is declared static. Define
14 SB_STATIC in localdecls.h for this. Include sandbox_futils.c rather than 353 SB_STATIC in localdecls.h for this. Include sandbox_futils.c rather than
15 linking with its object. Hopefully this will fix bug #90153. 354 linking with its object. Hopefully this will fix bug #90153.
16 355
17* sandbox-1.2 356* sandbox-1.2 (2005/04/23)
18 357
19 22 Mar 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c: 358 22 Mar 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c:
20 Allow lchown a symlink in write-allowed path pointing to write-denied 359 Allow lchown a symlink in write-allowed path pointing to write-denied
21 target. 360 target.
22 361
Legend:
Removed from v.47  
changed lines
  Added in v.192
  ViewVC Help
Powered by ViewVC 1.1.13