/[path-sandbox]/trunk/sandbox.c
Gentoo

Diff of /trunk/sandbox.c

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 78 Revision 83
156 int success = 1; 156 int success = 1;
157 int pids_file = -1, num_of_pids = 0; 157 int pids_file = -1, num_of_pids = 0;
158 int *pids_array = NULL; 158 int *pids_array = NULL;
159 char pid_string[255]; 159 char pid_string[255];
160 char *sandbox_pids_file; 160 char *sandbox_pids_file;
161#ifdef USE_LD_SO_PRELOAD
162 int preload_file = -1, num_of_preloads = 0;
163 char preload_entry[255];
164 char **preload_array = NULL;
165#endif
166 161
167 /* Generate sandbox pids-file path */ 162 /* Generate sandbox pids-file path */
168 sandbox_pids_file = get_sandbox_pids_file(); 163 sandbox_pids_file = get_sandbox_pids_file();
169 164
170 /* Remove this sandbox's bash pid from the global pids 165 /* Remove this sandbox's bash pid from the global pids
194 189
195 /* Load "still active" pids into an array */ 190 /* Load "still active" pids into an array */
196 num_of_pids = load_active_pids(pids_file, &pids_array); 191 num_of_pids = load_active_pids(pids_file, &pids_array);
197 //printf("pids: %d\r\n", num_of_pids); 192 //printf("pids: %d\r\n", num_of_pids);
198 193
199#ifdef USE_LD_SO_PRELOAD
200 /* clean the /etc/ld.so.preload file if no other sandbox
201 * processes are running anymore */
202 if (1 == num_of_pids) {
203 success = 1;
204
205 if (print_debug)
206 printf("Cleaning up /etc/ld.so.preload.\n");
207
208 preload_file = file_open("/etc/ld.so.preload", "r+", 1, 0644);
209 if (-1 != preload_file) {
210 /* Load all the preload libraries into an array */
211 num_of_preloads = load_preload_libs(preload_file, &preload_array);
212 //printf("num preloads: %d\r\n", num_of_preloads);
213 /* Clear file */
214 file_truncate(preload_file);
215
216 /* store the other preload libraries back into the /etc/ld.so.preload file */
217 if (num_of_preloads > 0) {
218 for (i = 0; i < num_of_preloads; i++) {
219 sprintf(preload_entry, "%s\n", preload_array[i]);
220 if (write(preload_file, preload_entry, strlen(preload_entry)) != strlen(preload_entry)) {
221 perror(">>> /etc/ld.so.preload file write");
222 success = 0;
223 break;
224 }
225 }
226 }
227
228 /* Free memory used to store preload array */
229 for (i = 0; i < num_of_preloads; i++) {
230 if (preload_array[i])
231 free(preload_array[i]);
232 preload_array[i] = NULL;
233 }
234 if (preload_array)
235 free(preload_array);
236 preload_array = NULL;
237
238 file_close(preload_file);
239 preload_file = -1;
240 }
241 }
242#endif
243 194
244 file_truncate(pids_file); 195 file_truncate(pids_file);
245 196
246 /* if pids are still running, write only the running pids back to the file */ 197 /* if pids are still running, write only the running pids back to the file */
247 if (num_of_pids > 1) { 198 if (num_of_pids > 1) {
462} 413}
463 414
464int main(int argc, char **argv) 415int main(int argc, char **argv)
465{ 416{
466 int ret = 0, i = 0, success = 1; 417 int ret = 0, i = 0, success = 1;
467#ifdef USE_LD_SO_PRELOAD
468 int preload_file = -1;
469#endif
470 int sandbox_log_presence = 0; 418 int sandbox_log_presence = 0;
471 int sandbox_log_file = -1; 419 int sandbox_log_file = -1;
472 int pids_file = -1; 420 int pids_file = -1;
473 long len; 421 long len;
474 422
489 char **argv_bash = NULL; 437 char **argv_bash = NULL;
490 438
491 char *run_str = "-c"; 439 char *run_str = "-c";
492 char *home_dir = NULL; 440 char *home_dir = NULL;
493 char *tmp_string = NULL; 441 char *tmp_string = NULL;
494#ifdef USE_LD_SO_PRELOAD
495 char **preload_array = NULL;
496 int num_of_preloads = 0;
497#endif
498 442
499 /* Only print info if called with no arguments .... */ 443 /* Only print info if called with no arguments .... */
500 if (argc < 2) 444 if (argc < 2)
501 print_debug = 1; 445 print_debug = 1;
502 446
551#endif 495#endif
552 if (file_exist(sandbox_rc, 0) <= 0) { 496 if (file_exist(sandbox_rc, 0) <= 0) {
553 fprintf(stderr, "Could not open the sandbox rc file at '%s'.\n", sandbox_rc); 497 fprintf(stderr, "Could not open the sandbox rc file at '%s'.\n", sandbox_rc);
554 return -1; 498 return -1;
555 } 499 }
556#ifdef USE_LD_SO_PRELOAD
557 /* ensure that the /etc/ld.so.preload file contains an entry for the sandbox lib */
558 if (print_debug)
559 printf("Setting up the ld.so.preload file.\n");
560
561 /* check if the /etc/ld.so.preload is a regular file */
562 if (file_exist("/etc/ld.so.preload", 1) < 0) {
563 fprintf(stderr, ">>> /etc/ld.so.preload file is not a regular file\n");
564 exit(1);
565 }
566
567 if (getuid() == 0) {
568 /* Our r+ also will create the file if it doesn't exist */
569 preload_file = file_open("/etc/ld.so.preload", "r+", 1, 0644);
570 if (-1 == preload_file) {
571 preload_adaptable = 0;
572/* exit(1);*/
573 }
574 } else {
575 /* Avoid permissions warnings if we're not root */
576 preload_adaptable = 0;
577 }
578
579 /* Only update /etc/ld.so.preload if we can write to it ... */
580 if (1 == preload_adaptable) {
581 /* Load entries of preload table */
582 num_of_preloads = load_preload_libs(preload_file, &preload_array);
583
584 /* Zero out our ld.so.preload file */
585 file_truncate(preload_file);
586
587 /* Write contents of preload file */
588 for (i = 0; i < num_of_preloads + 1; i++) {
589 /* First entry should be our sandbox library */
590 if (0 == i) {
591 if (write(preload_file, sandbox_lib, strlen(sandbox_lib)) != strlen(sandbox_lib)) {
592 perror(">>> /etc/ld.so.preload file write");
593 success = 0;
594 break;
595 }
596 } else {
597 /* Output all other preload entries */
598 if (write(preload_file, preload_array[i - 1],
599 strlen(preload_array[i - 1])) != strlen(preload_array[i - 1])) {
600 perror(">>> /etc/ld.so.preload file write");
601 success = 0;
602 break;
603 }
604 }
605 /* Don't forget the return character after each line! */
606 if (1 != write(preload_file, "\n", 1)) {
607 perror(">>> /etc/ld.so.preload file write");
608 success = 0;
609 break;
610 }
611 }
612
613 for (i = 0; i < num_of_preloads; i++) {
614 if (preload_array[i])
615 free(preload_array[i]);
616 preload_array[i] = NULL;
617 }
618 if (preload_array)
619 free(preload_array);
620 num_of_preloads = 0;
621 preload_array = NULL;
622 }
623
624 /* That's all we needed to do with the preload file */
625 if (0 < preload_file)
626 file_close(preload_file);
627 preload_file = -1;
628#endif
629 500
630 /* set up the required environment variables */ 501 /* set up the required environment variables */
631 if (print_debug) 502 if (print_debug)
632 printf("Setting up the required environment variables.\n"); 503 printf("Setting up the required environment variables.\n");
633 504

Legend:
Removed from v.78  
changed lines
  Added in v.83

  ViewVC Help
Powered by ViewVC 1.1.20