/[path-sandbox]/trunk/libsandbox.c
Gentoo

Log of /trunk/libsandbox.c

Parent Directory Parent Directory | Revision Log Revision Log



Revision 170 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Tue Nov 1 16:02:30 2005 UTC (8 years, 9 months ago) by azarah
File length: 37487 byte(s)
Diff to previous 166
Do not pass mode to true_open and true_open64 if not needed.  Should fix a
segfault in some cases.


Revision 166 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Mon Sep 12 06:50:53 2005 UTC (8 years, 11 months ago) by azarah
File length: 37343 byte(s)
Diff to previous 164
Make libsb_fini() do cleanup a bit more complete just in case we get another
uClibc 'call preloaded library fini before that of app' issue ... probably
will not help much, but we try.


Revision 164 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Sun Sep 4 11:17:09 2005 UTC (8 years, 11 months ago) by azarah
File length: 37260 byte(s)
Diff to previous 163
Also allow symlink() system call to operate on a symlink in a writable path
that points to non-writable path, bug #104711.


Revision 163 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Mon Aug 29 15:39:19 2005 UTC (9 years ago) by azarah
File length: 37215 byte(s)
Diff to previous 162
Remove debug code I forgot to remove.

Revision 162 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Mon Aug 29 15:38:02 2005 UTC (9 years ago) by azarah
File length: 37277 byte(s)
Diff to previous 156
Form cleanups.

Revision 156 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Fri Aug 5 13:33:54 2005 UTC (9 years ago) by azarah
File length: 37211 byte(s)
Diff to previous 154
Do not give an access violation if the access() system call do not have
write/read access - it does not actually modify, so we only need to return
not being able to write/read.  Noted by Andres Loeh <kosmikus@gentoo.org>,
bug #101433.


Revision 154 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Mon Aug 1 08:08:08 2005 UTC (9 years ago) by azarah
File length: 36789 byte(s)
Diff to previous 153
Add support for SANDBOX_VERBOSE (enabled by default).  Adjust SANDBOX_DEBUG
to only enable if equal to 1 or yes.


Revision 153 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Mon Aug 1 07:57:35 2005 UTC (9 years ago) by azarah
File length: 36425 byte(s)
Diff to previous 145
Still do normal log if debugging is requested.

Revision 145 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Fri Jul 8 14:52:26 2005 UTC (9 years, 1 month ago) by azarah
File length: 35770 byte(s)
Diff to previous 144
Try to cleanup and make error handling/printing consistent.

Revision 144 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Thu Jul 7 22:58:16 2005 UTC (9 years, 1 month ago) by azarah
File length: 35751 byte(s)
Diff to previous 142
Cleanup access/log printing.  Make access printing honour NOCOLOR.  Fix log
printing's last line not honouring NOCOLOR.


Revision 142 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Thu Jul 7 22:14:57 2005 UTC (9 years, 1 month ago) by azarah
File length: 35762 byte(s)
Diff to previous 140
Remove unused includes and variables.

Revision 140 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Thu Jul 7 22:01:14 2005 UTC (9 years, 1 month ago) by azarah
File length: 35832 byte(s)
Diff to previous 138
Redo the interface of the get_* functions so that we do not leak memory.

Revision 138 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Thu Jul 7 13:01:31 2005 UTC (9 years, 1 month ago) by azarah
File length: 35866 byte(s)
Diff to previous 137
Fix possible segfault in env init code.

Revision 137 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Wed Jul 6 21:33:23 2005 UTC (9 years, 1 month ago) by azarah
File length: 35801 byte(s)
Diff to previous 136
Cleanup init_env_entries() and check_prefixes().

Revision 136 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Wed Jul 6 19:41:26 2005 UTC (9 years, 1 month ago) by azarah
File length: 36398 byte(s)
Diff to previous 135
Add check_prefixes() with major cleanup on check_access().

Revision 135 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Wed Jul 6 18:40:01 2005 UTC (9 years, 1 month ago) by azarah
File length: 37637 byte(s)
Diff to previous 134
Clean up logging in libsandbox.c, and hopefully make it more consistant.

Revision 134 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Wed Jul 6 17:35:30 2005 UTC (9 years, 1 month ago) by azarah
File length: 38555 byte(s)
Diff to previous 133
Change log dir to /var/log/sandbox/.  Make sure the sandboxed process cannot write to it.

Revision 133 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Wed Jul 6 00:36:46 2005 UTC (9 years, 1 month ago) by azarah
File length: 38905 byte(s)
Diff to previous 132
Remove unused 'pids file' code.

Revision 132 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Wed Jul 6 00:12:49 2005 UTC (9 years, 1 month ago) by azarah
File length: 39915 byte(s)
Diff to previous 122
Remove unused variables.

Revision 122 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Tue Jun 14 21:59:07 2005 UTC (9 years, 2 months ago) by azarah
File length: 39958 byte(s)
Diff to previous 121
Label rename for clarity.

Revision 121 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Tue Jun 14 21:57:00 2005 UTC (9 years, 2 months ago) by azarah
File length: 39949 byte(s)
Diff to previous 120
Cleanup the fail_nametoolong stuff a bit more.

Revision 120 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Sat Jun 11 10:04:07 2005 UTC (9 years, 2 months ago) by azarah
File length: 41002 byte(s)
Diff to previous 119
Remove hopefully the last ld.so.preload bits we do not use anymore.

Revision 119 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Sat Jun 11 10:01:11 2005 UTC (9 years, 2 months ago) by azarah
File length: 41103 byte(s)
Diff to previous 118
Remove the unneeded canonicalize() calls in the wrappers - we do it anyhow
in check_syscall().  Should speed things up a bit (at least for the getcwd()
and long path name test it goes down to under a second, and not 10+ seconds
like before).  Also warn if we skip checking due to the canonicalized path
being too long.


Revision 118 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Sat Jun 11 08:54:24 2005 UTC (9 years, 2 months ago) by azarah
File length: 42100 byte(s)
Diff to previous 117
More comment/readability cleanups

Revision 117 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Sat Jun 11 07:25:36 2005 UTC (9 years, 2 months ago) by azarah
File length: 42076 byte(s)
Diff to previous 114
Some strncpy/strncat and other cleanups.

Revision 114 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Thu Jun 9 16:53:13 2005 UTC (9 years, 2 months ago) by azarah
File length: 42214 byte(s)
Diff to previous 113
Move symlink hack down a bit to try and minimize on the amount of lstat()
calls we do.


Revision 113 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Thu Jun 9 16:47:21 2005 UTC (9 years, 2 months ago) by azarah
File length: 42188 byte(s)
Diff to previous 112
Add hack to allow writing to /proc/self/fd (or /dev/fd), bug #91516.

Revision 112 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Thu Jun 9 15:47:25 2005 UTC (9 years, 2 months ago) by azarah
File length: 41813 byte(s)
Diff to previous 110
Add wrapper for access() function, bug #85413.

Revision 110 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Thu Jun 9 14:42:11 2005 UTC (9 years, 2 months ago) by azarah
File length: 40888 byte(s)
Diff to previous 109
Make sure our true_* pointers are initialized to NULL, and that we check for
all references that they are valid.


Revision 109 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Thu Jun 9 14:32:28 2005 UTC (9 years, 2 months ago) by azarah
File length: 40686 byte(s)
Diff to previous 107
Be default we will fail if the path name we try to canonicalize is too long.
This however could cause issues with some things (bug #94630 and #21766), so
if fail_nametoolong == 0, canonicalize() will return a null length string and
do not fail.


Revision 107 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Wed Jun 8 13:39:53 2005 UTC (9 years, 2 months ago) by azarah
File length: 39727 byte(s)
Diff to previous 106
Whitespace fixes.

Revision 106 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Wed Jun 8 13:37:18 2005 UTC (9 years, 2 months ago) by azarah
File length: 39803 byte(s)
Diff to previous 104
Fix incorrect free of non-malloc'd array, bug #92313 and #94020.  Fix noted
by Marcus D. Hanwell <cryos@gentoo.org>.


Revision 104 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Sun Jun 5 07:45:28 2005 UTC (9 years, 2 months ago) by vapier
File length: 39833 byte(s)
Diff to previous 101
whitespace tweaks


Revision 101 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Fri May 13 15:23:28 2005 UTC (9 years, 3 months ago) by azarah
File length: 39843 byte(s)
Diff to previous 100
General cleanups.


Revision 100 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Fri May 13 14:18:05 2005 UTC (9 years, 3 months ago) by azarah
File length: 39907 byte(s)
Diff to previous 99
Various LD_PRELOAD cleanups.  Do not unset LD_PRELOAD for parent.


Revision 99 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Fri May 13 13:30:51 2005 UTC (9 years, 3 months ago) by azarah
File length: 39901 byte(s)
Diff to previous 76
Modify get_sandbox_pids_file(), get_sandbox_log() and get_sandbox_debug_log()
to use TMPDIR if present in environment.


Revision 76 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Sun May 8 11:27:37 2005 UTC (9 years, 3 months ago) by ferringb
File length: 39826 byte(s)
Diff to previous 74
rewrote sbcontext caching so it accounts for env changes since lib initialization.


Revision 74 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Wed May 4 15:33:47 2005 UTC (9 years, 3 months ago) by azarah
File length: 38127 byte(s)
Diff to previous 71
Add rename support of symlinks pointing to protected files/directories.


Revision 71 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Wed May 4 14:46:50 2005 UTC (9 years, 3 months ago) by azarah
File length: 38082 byte(s)
Diff to previous 66
Do not reset already set LD_PRELOAD when starting sandbox.  If LD_PRELOAD is
already set, init of the env vars fails for some reason, so do this later on,
and do not warn (bug #91431).


Revision 66 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Tue May 3 10:56:19 2005 UTC (9 years, 3 months ago) by azarah
File length: 38118 byte(s)
Diff to previous 54
Do not init the env entries with each call, as it creates too many calls to
lstat, etc.  Should speedup things a bit.


Revision 54 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Thu Apr 28 22:41:57 2005 UTC (9 years, 4 months ago) by azarah
File length: 37707 byte(s)
Diff to previous 47
Do not append '/' to pathname in filter_path() if it already ends with it.


Revision 47 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Thu Apr 28 15:49:30 2005 UTC (9 years, 4 months ago) by azarah
File length: 37648 byte(s)
Diff to previous 43
Only check for /dev/{null,zero} for unlink hack, else ricers using /dev/shm
have issues; bug #90592.


Revision 43 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Sat Apr 23 20:44:15 2005 UTC (9 years, 4 months ago) by azarah
File length: 37594 byte(s)
Diff to previous 40
Make sure all functions used in libsandbox.c is declared static.  Define
SB_STATIC in localdecls.h for this.  Include sandbox_futils.c rather than
linking with its object.  Hopefully this will fix bug #90153.


Revision 40 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Mon Mar 21 23:30:13 2005 UTC (9 years, 5 months ago) by azarah
File length: 37578 byte(s)
Diff to previous 39
Allow lchown a symlink in write-allowed path pointing to write-denied target.


Revision 39 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Mon Mar 21 08:54:02 2005 UTC (9 years, 5 months ago) by genone
File length: 37531 byte(s)
Diff to previous 37
show resolved symlinks in log


Revision 37 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Mon Mar 14 00:28:10 2005 UTC (9 years, 5 months ago) by azarah
File length: 37278 byte(s)
Diff to previous 36
Seems -nostdlib was the problem with the constructor/destructor - remove it
from Makefile.am, and change the constructor/destructor names again.


Revision 36 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Sun Mar 13 23:29:28 2005 UTC (9 years, 5 months ago) by azarah
File length: 37496 byte(s)
Diff to previous 35
Also rename the _init() and _fini() declarations.


Revision 35 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Sun Mar 13 23:23:00 2005 UTC (9 years, 5 months ago) by azarah
File length: 37500 byte(s)
Diff to previous 32
Fixup the constructor/destructor function names again (they should be _init()
and _fini() it seems, and not being called caused sandbox_lib_path to be
unset, and thus breaking the execve() wrapper's LD_PRELOAD protection).
Add both the path in given SANDBOX_x variable, as well as its symlink
resolved path in init_env_entries().  Modify filter_path() to be able to
resolve paths without resolving symlinks, as well as to be able to resolve
symlinks.  Fix a possible segfault in check_access().  Add symlink resolving
to check_access() resolving bug #31019.  Add 'hack' for unlink, as the fix
for bug #31019 cause access violations if we try to remove a symlink that is
not in protected path, but points to a protected path.  Fix a memory leak in
sandbox.c (sandbox_pids_file in main()).  Fix the realpath() calls in main()
(sandbox.c) being unchecked.  Fix the debug logname not having the pid in it
(pid_string was uninitialized).  General syntax cleanups.


Revision 32 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Wed Mar 2 17:30:16 2005 UTC (9 years, 5 months ago) by azarah
File length: 32684 byte(s)
Diff to previous 30
Hack to make sure sandboxed process cannot remove a device node, bug #79836.


Revision 30 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Wed Mar 2 09:04:45 2005 UTC (9 years, 5 months ago) by azarah
File length: 32834 byte(s)
Diff to previous 29
White space fixes.


Revision 29 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Wed Mar 2 09:01:36 2005 UTC (9 years, 5 months ago) by azarah
File length: 33215 byte(s)
Diff to previous 28
Fix inverse test logic in canonicalize.c, use a strncpy.  Fix gcc warning in
getcwd.c.  Add symbols.in and logic to Makefile.am to generate symbol versions
for glibc and other libc's that use this.  Update libsandbox.c to use these
symbol versions if available.  Fix exec wrapper to re-export LD_PRELOAD if the
process unset it.


Revision 28 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Wed Mar 2 05:48:12 2005 UTC (9 years, 5 months ago) by ferringb
File length: 32959 byte(s)
Diff to previous 26
killed off _init and _fini in favor of
void __attribute__ ((constructor)) init_func and
void __attribute__ ((destructor)) closing_func.  _(init|func) were deprecated.


Revision 26 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Mon Dec 6 21:42:51 2004 UTC (9 years, 8 months ago) by ferringb
File length: 32794 byte(s)
Diff to previous 25
hopefully cvs is done being stupid.  Compilation fixes, along w/ make dist fix.


Revision 25 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Sun Dec 5 06:14:21 2004 UTC (9 years, 8 months ago) by ferringb
File length: 32795 byte(s)
Diff to previous 24
compilation fixups.


Revision 24 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Sun Dec 5 05:42:10 2004 UTC (9 years, 8 months ago) by ferringb
File length: 32770 byte(s)
Diff to previous 22
should make things compile again


Revision 22 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Thu Dec 2 05:20:50 2004 UTC (9 years, 8 months ago) by vapier
File length: 32768 byte(s)
Diff to previous 2
need to include config.h


Revision 2 - (view) (download) (as text) (annotate) - [select for diffs]
Added Fri Nov 19 22:03:42 2004 UTC (9 years, 9 months ago) by ferringb
File length: 32748 byte(s)
Initial revision


This form allows you to request diffs between any two revisions of this file. For each of the two "sides" of the diff, enter a numeric revision.

  Diffs between and
  Type of Diff should be a

Sticky Revision:
(Current path doesn't exist after revision 177)

  ViewVC Help
Powered by ViewVC 1.1.20