/[path-sandbox]/trunk/libsandbox.c
Gentoo

Diff of /trunk/libsandbox.c

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 152 Revision 153
1147{ 1147{
1148 struct stat log_stat; 1148 struct stat log_stat;
1149 char buffer[512]; 1149 char buffer[512];
1150 char *absolute_path = NULL; 1150 char *absolute_path = NULL;
1151 char *resolved_path = NULL; 1151 char *resolved_path = NULL;
1152 char *log_path = NULL; 1152 char *log_path = NULL, *debug_log_path = NULL;
1153 int old_errno = errno; 1153 int old_errno = errno;
1154 int result = 1; 1154 int result = 1;
1155 int log_file = 0; 1155 int log_file = 0, debug_log_file = 0;
1156 int debug = 0; 1156 int access = 0, debug = 0;
1157 int color = ((getenv("NOCOLOR") != NULL) ? 0 : 1); 1157 int color = ((getenv("NOCOLOR") != NULL) ? 0 : 1);
1158 1158
1159 init_wrappers(); 1159 init_wrappers();
1160 1160
1161 absolute_path = filter_path(file, 0); 1161 absolute_path = filter_path(file, 0);
1163 goto fp_error; 1163 goto fp_error;
1164 resolved_path = filter_path(file, 1); 1164 resolved_path = filter_path(file, 1);
1165 if (NULL == resolved_path) 1165 if (NULL == resolved_path)
1166 goto fp_error; 1166 goto fp_error;
1167 1167
1168 if (NULL == getenv("SANDBOX_DEBUG")) {
1169 log_path = getenv("SANDBOX_LOG"); 1168 log_path = getenv("SANDBOX_LOG");
1170 } else { 1169 if (NULL != getenv("SANDBOX_DEBUG")) {
1171 log_path = getenv("SANDBOX_DEBUG_LOG"); 1170 debug_log_path = getenv("SANDBOX_DEBUG_LOG");
1172 debug = 1; 1171 debug = 1;
1173 } 1172 }
1174 1173
1175 result = check_access(sbcontext, func, absolute_path, resolved_path); 1174 result = check_access(sbcontext, func, absolute_path, resolved_path);
1176 1175
1183 } else if ((1 == debug) && (0 == sbcontext->show_access_violation)) { 1182 } else if ((1 == debug) && (0 == sbcontext->show_access_violation)) {
1184 EWARN(color, "ACCESS PREDICTED", " %s:%*s%s\n", 1183 EWARN(color, "ACCESS PREDICTED", " %s:%*s%s\n",
1185 func, (int)(10 - strlen(func)), "", absolute_path); 1184 func, (int)(10 - strlen(func)), "", absolute_path);
1186 } 1185 }
1187 1186
1188 if ((NULL != log_path) &&
1189 (((0 == debug) && (0 == result) && (1 == sbcontext->show_access_violation)) || 1187 if ((0 == result) && (1 == sbcontext->show_access_violation))
1190 (1 == debug))) { 1188 access = 1;
1189
1190 if (((NULL != log_path) && (1 == access)) ||
1191 ((NULL != debug_log_path) && (1 == debug))) {
1191 if (0 != strncmp(absolute_path, resolved_path, strlen(absolute_path))) { 1192 if (0 != strncmp(absolute_path, resolved_path, strlen(absolute_path))) {
1192 sprintf(buffer, "%s:%*s%s (symlink to %s)\n", func, 1193 sprintf(buffer, "%s:%*s%s (symlink to %s)\n", func,
1193 (int)(10 - strlen(func)), "", 1194 (int)(10 - strlen(func)), "",
1194 absolute_path, resolved_path); 1195 absolute_path, resolved_path);
1195 } else { 1196 } else {
1196 sprintf(buffer, "%s:%*s%s\n", func, 1197 sprintf(buffer, "%s:%*s%s\n", func,
1197 (int)(10 - strlen(func)), "", 1198 (int)(10 - strlen(func)), "",
1198 absolute_path); 1199 absolute_path);
1199 } 1200 }
1201 if (1 == access) {
1200 if ((0 == lstat(log_path, &log_stat)) && 1202 if ((0 == lstat(log_path, &log_stat)) &&
1201 (0 == S_ISREG(log_stat.st_mode))) { 1203 (0 == S_ISREG(log_stat.st_mode))) {
1202 EERROR(color, "SECURITY BREACH", " '%s' %s\n", log_path, 1204 EERROR(color, "SECURITY BREACH", " '%s' %s\n", log_path,
1203 "already exists and is not a regular file!"); 1205 "already exists and is not a regular file!");
1204 } else { 1206 } else {
1205 check_dlsym(open); 1207 check_dlsym(open);
1206 log_file = true_open(log_path, O_APPEND | O_WRONLY | 1208 log_file = true_open(log_path, O_APPEND | O_WRONLY |
1207 O_CREAT, S_IRUSR | S_IWUSR | S_IRGRP | 1209 O_CREAT, S_IRUSR | S_IWUSR | S_IRGRP |
1208 S_IROTH); 1210 S_IROTH);
1209 if (log_file >= 0) { 1211 if (log_file >= 0) {
1210 write(log_file, buffer, strlen(buffer)); 1212 write(log_file, buffer, strlen(buffer));
1211 close(log_file); 1213 close(log_file);
1214 }
1215 }
1216 }
1217 if (1 == debug) {
1218 if ((0 == lstat(debug_log_path, &log_stat)) &&
1219 (0 == S_ISREG(log_stat.st_mode))) {
1220 EERROR(color, "SECURITY BREACH", " '%s' %s\n", debug_log_path,
1221 "already exists and is not a regular file!");
1222 } else {
1223 check_dlsym(open);
1224 debug_log_file = true_open(debug_log_path, O_APPEND | O_WRONLY |
1225 O_CREAT, S_IRUSR | S_IWUSR | S_IRGRP |
1226 S_IROTH);
1227 if (debug_log_file >= 0) {
1228 write(debug_log_file, buffer, strlen(buffer));
1229 close(debug_log_file);
1230 }
1212 } 1231 }
1213 } 1232 }
1214 } 1233 }
1215 1234
1216 if (NULL != absolute_path) 1235 if (NULL != absolute_path)

Legend:
Removed from v.152  
changed lines
  Added in v.153

  ViewVC Help
Powered by ViewVC 1.1.20