/[path-sandbox]/trunk/src/sandbox.c
Gentoo

Diff of /trunk/src/sandbox.c

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 297 Revision 298
399 * is changed, we need to fix sandbox_setup_environ() below */ 399 * is changed, we need to fix sandbox_setup_environ() below */
400 while (NULL != *tmp_env) 400 while (NULL != *tmp_env)
401 tmp_env++; 401 tmp_env++;
402 402
403 /* strlen(name) + strlen(val) + '=' + '\0' */ 403 /* strlen(name) + strlen(val) + '=' + '\0' */
404 /* FIXME: Should probably free this at some stage - more neatness than
405 * a real leak that will cause issues. */
406 tmp_string = xcalloc(strlen(name) + strlen(val) + 2, sizeof(char *)); 404 tmp_string = xcalloc(strlen(name) + strlen(val) + 2, sizeof(char));
407 if (NULL == tmp_string) { 405 if (NULL == tmp_string) {
408 perror("sandbox: Out of memory (sandbox_setenv)"); 406 perror("sandbox: Out of memory (sandbox_setenv)");
409 exit(EXIT_FAILURE); 407 exit(EXIT_FAILURE);
410 } 408 }
411 409
421char **sandbox_setup_environ(struct sandbox_info_t *sandbox_info, bool interactive) 419char **sandbox_setup_environ(struct sandbox_info_t *sandbox_info, bool interactive)
422{ 420{
423 int env_size = 0; 421 int env_size = 0;
424 int have_ld_preload = 0; 422 int have_ld_preload = 0;
425 423
426 char **new_environ; 424 char **new_environ = NULL;
427 char **env_ptr = environ; 425 char **env_ptr;
428 char *ld_preload_envvar = NULL; 426 char *ld_preload_envvar = NULL;
429 char *orig_ld_preload_envvar = NULL; 427 char *orig_ld_preload_envvar = NULL;
430 char sb_pid[64]; 428 char sb_pid[64];
431 429
432 if (-1 == sandbox_setup_env_config(sandbox_info)) 430 if (-1 == sandbox_setup_env_config(sandbox_info))
440 unsetenv(ENV_SANDBOX_BASHRC); 438 unsetenv(ENV_SANDBOX_BASHRC);
441 unsetenv(ENV_SANDBOX_LOG); 439 unsetenv(ENV_SANDBOX_LOG);
442 unsetenv(ENV_SANDBOX_DEBUG_LOG); 440 unsetenv(ENV_SANDBOX_DEBUG_LOG);
443 unsetenv(ENV_SANDBOX_WORKDIR); 441 unsetenv(ENV_SANDBOX_WORKDIR);
444 unsetenv(ENV_SANDBOX_ACTIVE); 442 unsetenv(ENV_SANDBOX_ACTIVE);
443 unsetenv(ENV_SANDBOX_INTRACTV);
444 unsetenv(ENV_BASH_ENV);
445 445
446 if (NULL != getenv(ENV_LD_PRELOAD)) { 446 if (NULL != getenv(ENV_LD_PRELOAD)) {
447 have_ld_preload = 1; 447 have_ld_preload = 1;
448 orig_ld_preload_envvar = getenv(ENV_LD_PRELOAD); 448 orig_ld_preload_envvar = getenv(ENV_LD_PRELOAD);
449 449
450 ld_preload_envvar = xcalloc(strlen(orig_ld_preload_envvar) + 450 ld_preload_envvar = xcalloc(strlen(orig_ld_preload_envvar) +
451 strlen(sandbox_info->sandbox_lib) + 2, 451 strlen(sandbox_info->sandbox_lib) + 2,
452 sizeof(char *)); 452 sizeof(char));
453 if (NULL == ld_preload_envvar) 453 if (NULL == ld_preload_envvar)
454 return NULL; 454 return NULL;
455 snprintf(ld_preload_envvar, strlen(orig_ld_preload_envvar) + 455 snprintf(ld_preload_envvar, strlen(orig_ld_preload_envvar) +
456 strlen(sandbox_info->sandbox_lib) + 2, "%s %s", 456 strlen(sandbox_info->sandbox_lib) + 2, "%s %s",
457 sandbox_info->sandbox_lib, orig_ld_preload_envvar); 457 sandbox_info->sandbox_lib, orig_ld_preload_envvar);
462 return NULL; 462 return NULL;
463 } 463 }
464 /* Do not unset this, as strange things might happen */ 464 /* Do not unset this, as strange things might happen */
465 /* unsetenv(ENV_LD_PRELOAD); */ 465 /* unsetenv(ENV_LD_PRELOAD); */
466 466
467 env_ptr = environ;
467 while (NULL != *env_ptr) { 468 while (NULL != *env_ptr) {
468 env_size++; 469 env_size++;
469 env_ptr++; 470 env_ptr++;
470 } 471 }
471 472
472 /* FIXME: Should probably free this at some stage - more neatness than 473 /* XXX: Freed by main() after spawn_shell() */
473 * a real leak that will cause issues. */
474 new_environ = xcalloc((env_size + 15 + 1) * sizeof(char *), sizeof(char *)); 474 new_environ = xcalloc(env_size + 20, sizeof(char *));
475 if (NULL == new_environ) 475 if (NULL == new_environ)
476 goto error; 476 goto error;
477 477
478 snprintf(sb_pid, sizeof(sb_pid), "%i", getpid()); 478 snprintf(sb_pid, sizeof(sb_pid), "%i", getpid());
479 479
518 518
519 /* Now add the rest */ 519 /* Now add the rest */
520 env_ptr = environ; 520 env_ptr = environ;
521 while (NULL != *env_ptr) { 521 while (NULL != *env_ptr) {
522 if ((1 == have_ld_preload) && 522 if ((1 == have_ld_preload) &&
523 (strstr(*env_ptr, LD_PRELOAD_EQ) == *env_ptr)) 523 (strstr(*env_ptr, LD_PRELOAD_EQ) == *env_ptr)) {
524 /* If LD_PRELOAD was set, and this is it in the original 524 /* If LD_PRELOAD was set, and this is it in the original
525 * environment, replace it with our new copy */ 525 * environment, replace it with our new copy */
526 /* XXX: The following works as it just add whatever as 526 /* XXX: The following works as it just add whatever as
527 * the last variable to nev_environ */ 527 * the last variable to nev_environ */
528 sandbox_setenv(new_environ, ENV_LD_PRELOAD, 528 sandbox_setenv(new_environ, ENV_LD_PRELOAD,
529 ld_preload_envvar); 529 ld_preload_envvar);
530 else 530 } else {
531 new_environ[env_size + (env_ptr - environ)] = *env_ptr; 531 char *new_var;
532
533 new_var = xstrndup(*env_ptr, strlen(*env_ptr));
534 if (NULL == new_var)
535 goto error;
536
537 new_environ[env_size] = new_var;
538 }
539
532 env_ptr++; 540 env_ptr++;
541 env_size++;
533 } 542 }
534 543
535 if (NULL != ld_preload_envvar) 544 if (NULL != ld_preload_envvar)
536 free(ld_preload_envvar); 545 free(ld_preload_envvar);
537 546
538 return new_environ; 547 return new_environ;
539 548
540error: 549error:
550 if (NULL != new_environ)
551 str_list_free(new_environ);
541 if (NULL != ld_preload_envvar) 552 if (NULL != ld_preload_envvar)
542 free(ld_preload_envvar); 553 free(ld_preload_envvar);
543 554
544 return NULL; 555 return NULL;
545} 556}
552 child_pid = fork(); 563 child_pid = fork();
553 564
554 /* Child's process */ 565 /* Child's process */
555 if (0 == child_pid) { 566 if (0 == child_pid) {
556 execve(argv_bash[0], argv_bash, env); 567 execve(argv_bash[0], argv_bash, env);
557 return 0; 568 _exit(EXIT_FAILURE);
558 } else if (child_pid < 0) { 569 } else if (child_pid < 0) {
559 if (debug) 570 if (debug)
560 fprintf(stderr, "Process failed to spawn!\n"); 571 fprintf(stderr, "Process failed to spawn!\n");
561 return 0; 572 return 0;
562 } 573 }
693 704
694 /* Start Bash */ 705 /* Start Bash */
695 if (!spawn_shell(argv_bash, sandbox_environ, print_debug)) 706 if (!spawn_shell(argv_bash, sandbox_environ, print_debug))
696 success = 0; 707 success = 0;
697 708
698 /* Free bash stuff */ 709 /* Free bash and envp stuff */
699 for (i = 0; i < 6; i++) {
700 if (argv_bash[i])
701 free(argv_bash[i]);
702 argv_bash[i] = NULL;
703 }
704 if (argv_bash)
705 free(argv_bash); 710 str_list_free(argv_bash);
706 argv_bash = NULL; 711 str_list_free(sandbox_environ);
707 712
708 if (print_debug) 713 if (print_debug)
709 printf("Cleaning up sandbox process\n"); 714 printf("Cleaning up sandbox process\n");
710 715
711 if (print_debug) { 716 if (print_debug) {

Legend:
Removed from v.297  
changed lines
  Added in v.298

  ViewVC Help
Powered by ViewVC 1.1.20