/[path-sandbox]/trunk/ChangeLog.0
Gentoo

Diff of /trunk/ChangeLog.0

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

trunk/ChangeLog Revision 47 trunk/ChangeLog.0 Revision 369
1# ChangeLog for Path Sandbox 1# ChangeLog for Path Sandbox
2# Copyright 1999-2004 Gentoo Foundation; Distributed under the GPL v2 2# Copyright 1999-2005 Gentoo Foundation; Distributed under the GPL v2
3# $Header$ 3
4 01 Dec 2005; Martin Schlemmer <azarah@gentoo.org> configure.in, Makefile.am,
5 localdecls.h, scripts/Makefile.am, scripts/gen_symbol_version_map.awk,
6 scripts/gen_symbol_header.awk, src/Makefile.am, src/symbols.in,
7 src/libsandbox.c, src/getcwd.c, src/sandbox.c, data/sandbox.bashrc:
8
9 Use versioned symbols on supported libc's for functions we wrap, as well as
10 provide all versions of specific functions. Some syntax cleanups.
11
12 Only check SANDBOX_ACTIVE, and not its value. More BASH_ENV fixes.
13
14 Rename configure.in to configure.ac.
15
16 Fix non-versioned libc's to also prepend '__' to internal symbols by using
17 strong aliases.
18
19 Remove the SB_STATIC and including of getcwd.c, etc voodoo, as we new use a
20 symbol map, and all non-exported symbols are local. Cleanup getcwd.c, as
21 the generic getcwd for older 2.4 kernels do not work properly anyhow, and
22 just makes things slower. Some other warning fixes.
23
24 Rename src/symbols.in to src/symbols.h.in.
25
26 Cleanup local defines for egetcwd() and erealpath().
27
28 Rename filter_path() to resolve_path() and other renames for clarity.
29
30 Fixup SANDBOX_ON handling after already running changes.
31
32 Use egetcwd() in sandbox.c.
33
34 Rather use fstat() to get file size in file_length() than lseek().
35
36 Wrap mknod() as well. Misc cleanups.
37
38 Wrap mkfifo() as it seems it was missing.
39
40 28 Nov 2005; Martin Schlemmer <azarah@gentoo.org> configure.in, sandbox.c,
41 sandbox_fdutils.c:
42
43 Detect if we on 64bit arch automatically.
44
45 Update contact email. Fix quoting.
46
47 Revert 64bit arch test, as we should build the 32bit version without full
48 path checking as well, and add --enable-multilib switch to configure.
49
50* sandbox-1.2.14 (2005/11/28)
51
52 28 Nov 2005; Martin Schlemmer <azarah@gentoo.org> getcwd.c, libsandbox.c,
53 sandbox.c, sandbox.h, sandbox.bashrc:
54
55 Check generic getcwd()'s return as well for validity, bug #101728.
56
57 Cleanup environ variables.
58
59 Rather check SANDBOX_ACTIVE if we are already running. Set SANDBOX_ACTIVE
60 to readonly in sandbox.bashrc.
61
62 Make sure we use our bashrc.
63
64 01 Nov 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c:
65
66 Do not pass mode to true_open and true_open64 if not needed. Should fix a
67 segfault in some cases.
68
69* sandbox-1.2.13 (2005/09/12)
70
71 12 Sep 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c, libsandbox.c:
72
73 Do not handle adding working directory to SANDBOX_WRITE, as portage does it
74 itself.
75
76 Make libsb_fini() do cleanup a bit more complete just in case we get another
77 uClibc 'call preloaded library fini before that of app' issue ... probably
78 will not help much, but we try.
79
80 04 Sep 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c:
81
82 Also allow symlink() system call to operate on a symlink in a writable path
83 that points to non-writable path, bug #104711.
84
85* sandbox-1.2.12 (2005/08/05)
86
87 05 Aug 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c, sandbox.c,
88 sandbox.h:
89
90 Do not give an access violation if the access() system call do not have
91 write/read access - it does not actually modify, so we only need to return
92 not being able to write/read. Noted by Andres Loeh <kosmikus@gentoo.org>,
93 bug #101433.
94
95 If we are called from the command line, do not care about PORTAGE_TMPDIR,
96 and make the current directory the work directory. Also rename the variable
97 portage_tmp_dir to work_dir.
98
99 Remove the tmp_dir variable - we do not need it.
100
101 Improve error handling for get_sandbox_*_envvar() functions.
102
103 01 Aug 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c:
104
105 Still do normal log if debugging is requested.
106
107 Add support for SANDBOX_VERBOSE (enabled by default). Adjust SANDBOX_DEBUG
108 to only enable if equal to "1" or "yes".
109
110 Add /dev/tts to write permit, bug #42809.
111
112 27 July 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c, sandbox.h,
113 sandbox_futils.c:
114
115 Do not resolve symlinks in PORTAGE_TMPDIR in sandbox .. we will handle that
116 in libsandbox .. bug #100309.
117
118 22 July 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.h:
119
120 Print all logging to stderr, bug #90343, comment #15, by Zac Medico.
121
122* sandbox-1.2.11 (2005/07/14)
123
124 14 July 2005; Martin Schlemmer <azarah@gentoo.org> getcwd.c:
125 Fix getcwd, bug #98419.
126
127 08 July 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c, sandbox_futils.c,
128 libsandbox.c:
129 - Try to cleanup and make error handling/printing consistent.
130 - Remove old logs if present and conflicting with current.
131 - Fix compile error with previous change, and return rather then exit().
132
133 07 July 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c, sandbox.c,
134 sandbox.h, sandbox_futils.c:
135 - Fix possible segfault in env init code.
136 - Major cleanup of sandbox_futils.c. Removed most of the functions as we now
137 write to /var/log/sandbox/, so in theory do not need all that.
138 - Redo the interface of the get_* functions so that we do not leak memory.
139 - Remove sandbox_dir and co - we are not using it anymore.
140 - Remove unused includes and variables.
141 - Only declare functions in sandbox_futils.c that are used in libsandbox.c when
142 OUTSIDE_LIBSANDBOX is not defined.
143 - Cleanup access/log printing. Make access printing honour NOCOLOR. Fix log
144 printing's last line not honouring NOCOLOR.
145
146 06 July 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.h, sandbox_futils.c,
147 libsandbox.c:
148 - Change log dir to /var/log/sandbox/. Make sure the sandboxed process cannot
149 write to it.
150 - Clean up logging in libsandbox.c, and hopefully make it more consistant.
151 - Add check_prefixes() with major cleanup on check_access().
152 - Cleanup init_env_entries() and check_prefixes().
153
154 05 July 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c, sandbox.h,
155 sandbox_futils.c, libsandbox.c:
156 Remove unused 'pids file' code.
157
158* sandbox-1.2.10 (2005/07/03)
159
160 03 July 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c:
161 Add PREDICT items for nss-db, bug #92079. Patch from Robin Johnson.
162
163 17 June 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c:
164 General cleanups:
165 - Remove fooling around with exit codes - we error out on presence of a log
166 anyhow.
167 - Move get_sandbox_*_envvar() to sandbox_setup_environ(), as its more
168 appropriate there.
169
170 12 June 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c:
171 Cleanup the fail_nametoolong stuff a bit more.
172
173 11 June 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c:
174 Remove hopefully the last ld.so.preload bits we do not use anymore.
175
176 11 June 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c:
177 Remove the unneeded canonicalize() calls in the wrappers - we do it anyhow
178 in check_syscall(). Should speed things up a bit (at least for the getcwd()
179 and long path name test it goes down to under a second, and not 10+ seconds
180 like before). Also warn if we skip checking due to the canonicalized path
181 being too long.
182
183 11 June 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c:
184 More comment/readability cleanups.
185
186 10 June 2005; Martin Schlemmer <azarah@gentoo.org> canonicalize.c, getcwd.c,
187 sandbox_futils.c, libsandbox.c:
188 Some strncpy/strncat and other cleanups.
189
190* sandbox-1.2.9 (2005/06/09)
191
192 09 June 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c:
193 Move symlink hack down a bit to try and minimize on the amount of lstat()
194 calls we do.
195
196 09 June 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c, sandbox.c:
197 Add hack to allow writing to /proc/self/fd (or /dev/fd), bug #91516.
198
199 09 June 2005; Martin Schlemmer <azarah@gentoo.org> symbols.in, libsandbox.c:
200 Add wrapper for access() function, bug #85413.
201
202 09 June 2005; Martin Schlemmer <azarah@gentoo.org> getcwd.c:
203 Use generic getcwd() implementation from uclibc - should be more portable
204 and looks a bit cleaner.
205
206 09 June 2005; Martin Schlemmer <azarah@gentoo.org> getcwd.c, libsandbox.c:
207 Make sure our true_* pointers are initialized to NULL, and that we check for
208 all references that they are valid.
209
210 09 June 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c:
211 Be default we will fail if the path name we try to canonicalize is too long.
212 This however could cause issues with some things (bug #94630 and #21766), so
213 if fail_nametoolong == 0, canonicalize() will return a null length string and
214 do not fail.
215
216 08 June 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c, sandbox_futils.c:
217 Do not abort if TMPDIR is not valid, but rather use '/tmp', bug #94360. Also
218 make sure we re-export the new TMPDIR environment variable.
219
220 08 June 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c:
221 Fix incorrect free of non-malloc'd array, bug #92313 and #94020. Fix noted
222 by Marcus D. Hanwell <cryos@gentoo.org>.
223
224 08 June 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c:
225 Add /dev/console to write list, bug #38588.
226
227* sandbox-1.2.8 (2005/05/13)
228
229 13 May 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c, sandbox.c,
230 sandbox.h, sandbox_futils.c:
231 General cleanups.
232
233 13 May 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c, sandbox.c,
234 sandbox.h:
235 Various LD_PRELOAD cleanups. Do not unset LD_PRELOAD for parent.
236
237 13 May 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c, sandbox.c,
238 sandbox.h, sandbox_futils.c:
239 Modify get_sandbox_pids_file(), get_sandbox_log() and get_sandbox_debug_log()
240 to use TMPDIR if present in environment.
241
242 13 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c:
243 Remove sandbox_log_file from main() as its no longer used.
244
245 13 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c, sandbox.h,
246 sandbox_futils.c:
247 Add get_sandbox_debug_log(), and use it (add behaviour similar to SANDBOX_LOG
248 if already exported when sandbox started). Fix get_sandbox_log() and new
249 get_sandbox_debug_log() to not use already exported environment variables if
250 they have '/' in them. Use snprintf()'s instead of strncpy()'s. More
251 SB_PATH_MAX fixes.
252
253* sandbox-1.2.7 (2005/05/12)
254
255 12 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c, sandbox.h,
256 sandbox_futils.c:
257 More path limit fixes. Declare SB_BUF_LEN global and use it where needed.
258
259 12 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox_futils.c:
260 Fix paths limited to 255 chars. Fix get_sandbox_dir() returning a string
261 with '(null)' in it if we did not call sandbox with absolute path.
262
263 12 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c:
264 Set SANDBOX_ON *before* doing the child's env stuff, else its not set
265 for the child.
266
267 12 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c:
268 Remove global preload_adaptable as it is no longer used.
269
270 12 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c:
271 Rewrite environment stuff to only be set when execve'ing the child process
272 to try and avoid issues like bug #91541 that causes sandbox to crash if
273 we set LD_PRELOAD sandbox side already.
274
275 11 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c:
276 Move print_sandbox_log() up to make things neater.
277
278 11 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c:
279 Remove load_preload_libs(), as its not used anymore.
280
281 11 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c, sandbox.h:
282 Remove NO_FORK stuff, as its not used, and 'strace -f' works just fine.
283
284 11 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c, sandbox.h:
285 Remove USE_SYSTEM_SHELL stuff, as it is not secure, and not in use.
286
287 11 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c, sandbox.h:
288 Remove ld.so.preload crap - we are not going to use it again.
289
290 10 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox_futils.c:
291 Fix typo in code that checks if we got valid group information, causing a
292 segmentation fault, bug #91637.
293
294* sandbox-1.2.6 (2005/05/10)
295
296 10 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c:
297 Do not use LD_PRELOAD if it contains libtsocks.so, as it breaks sandbox
298 for some odd reason, bug #91541.
299
300 09 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c:
301 Fix typo (sizeof -> strlen).
302
303 08 May 2005; Brian Harring <ferringb@gentoo.org> libsandbox.c:
304 rewrote the sbcontext caching code so it accounts for env changes since lib
305 initialization.
306
307 05 May 2005; Martin Schlemmer <azarah@gentoo.org> configure.in, libctest.c:
308 We create libctest.c via configure, so no need to keep it around. Do some
309 cleanup related to libctest.c and libctest during configure.
310
311 04 May 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c:
312 Add rename support of symlinks pointing to protected files/directories.
313
314* sandbox-1.2.5 (2005/05/04)
315
316 04 May 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c, sandbox.c,
317 sandbox.bashrc:
318 Do not reset already set LD_PRELOAD when starting sandbox. If LD_PRELOAD is
319 already set, init of the env vars fails for some reason, so do this later on,
320 and do not warn (bug #91431).
321
322 03 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c, sandbox.h,
323 sandbox.bashrc:
324 Fixup sandbox and sandbox.bashrc to call bash with the proper .bashrc.
325
326* sandbox-1.2.4 (2005/05/03)
327
328 03 May 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c:
329 Do not init the env entries with each call, as it creates too many calls to
330 lstat, etc. Should speedup things a bit, bug #91040.
331
332 03 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c:
333 Add /dev/pty to default write list. Noticed by Morfic.
334
335 02 May 2005; Mike Frysinger <vapier@gentoo.org> configure.in, localdecls.h,
336 sandbox.h:
337 uClibc doesn't support dlvsym() so add a configure check to make sure it doesn't
338 exist. Also update localdecls.h so BROKEN_RTLD_NEXT isn't defined in uClibc.
339
340* sandbox-1.2.3 (2005/04/29)
341
342 29 Apr 2005; Martin Schlemmer <azarah@gentoo.org> configure.in:
343 Do not check for (*&#$(* CXX or F77.
344
345 29 Apr 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c:
346 Do not append '/' to pathname in filter_path() if it already ends with it.
347
348 28 Apr 2005; Mike Frysinger <vapier@gentoo.org> Makefile.am, configure.in:
349 With az's help, clean up autotools to work with cross-compiling.
350
351* sandbox-1.2.2 (2005/04/28)
4 352
5 28 Apr 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c: 353 28 Apr 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c:
6 Only check for /dev/{null,zero} for unlink hack, else ricers using /dev/shm 354 Only check for /dev/{null,zero} for unlink hack, else ricers using /dev/shm
7 have issues; bug #90592. 355 have issues; bug #90592.
8 356
9* sandbox-1.2.1 357* sandbox-1.2.1 (2005/04/23)
10 358
11 23 Apr 2005; Martin Schlemmer <azarah@gentoo.org> Makefile.am, canonicalize.c, 359 23 Apr 2005; Martin Schlemmer <azarah@gentoo.org> Makefile.am, canonicalize.c,
12 getcwd.c, libsandbox.c, localdecls.h, sandbox.h, sandbox_futils.c: 360 getcwd.c, libsandbox.c, localdecls.h, sandbox.h, sandbox_futils.c:
13 Make sure all functions used in libsandbox.c is declared static. Define 361 Make sure all functions used in libsandbox.c is declared static. Define
14 SB_STATIC in localdecls.h for this. Include sandbox_futils.c rather than 362 SB_STATIC in localdecls.h for this. Include sandbox_futils.c rather than
15 linking with its object. Hopefully this will fix bug #90153. 363 linking with its object. Hopefully this will fix bug #90153.
16 364
17* sandbox-1.2 365* sandbox-1.2 (2005/04/23)
18 366
19 22 Mar 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c: 367 22 Mar 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c:
20 Allow lchown a symlink in write-allowed path pointing to write-denied 368 Allow lchown a symlink in write-allowed path pointing to write-denied
21 target. 369 target.
22 370

Legend:
Removed from v.47  
changed lines
  Added in v.369

  ViewVC Help
Powered by ViewVC 1.1.20