| … | |
… | |
| 156 | int success = 1; |
156 | int success = 1; |
| 157 | int pids_file = -1, num_of_pids = 0; |
157 | int pids_file = -1, num_of_pids = 0; |
| 158 | int *pids_array = NULL; |
158 | int *pids_array = NULL; |
| 159 | char pid_string[255]; |
159 | char pid_string[255]; |
| 160 | char *sandbox_pids_file; |
160 | char *sandbox_pids_file; |
| 161 | #ifdef USE_LD_SO_PRELOAD |
|
|
| 162 | int preload_file = -1, num_of_preloads = 0; |
|
|
| 163 | char preload_entry[255]; |
|
|
| 164 | char **preload_array = NULL; |
|
|
| 165 | #endif |
|
|
| 166 | |
161 | |
| 167 | /* Generate sandbox pids-file path */ |
162 | /* Generate sandbox pids-file path */ |
| 168 | sandbox_pids_file = get_sandbox_pids_file(); |
163 | sandbox_pids_file = get_sandbox_pids_file(); |
| 169 | |
164 | |
| 170 | /* Remove this sandbox's bash pid from the global pids |
165 | /* Remove this sandbox's bash pid from the global pids |
| … | |
… | |
| 194 | |
189 | |
| 195 | /* Load "still active" pids into an array */ |
190 | /* Load "still active" pids into an array */ |
| 196 | num_of_pids = load_active_pids(pids_file, &pids_array); |
191 | num_of_pids = load_active_pids(pids_file, &pids_array); |
| 197 | //printf("pids: %d\r\n", num_of_pids); |
192 | //printf("pids: %d\r\n", num_of_pids); |
| 198 | |
193 | |
| 199 | #ifdef USE_LD_SO_PRELOAD |
|
|
| 200 | /* clean the /etc/ld.so.preload file if no other sandbox |
|
|
| 201 | * processes are running anymore */ |
|
|
| 202 | if (1 == num_of_pids) { |
|
|
| 203 | success = 1; |
|
|
| 204 | |
|
|
| 205 | if (print_debug) |
|
|
| 206 | printf("Cleaning up /etc/ld.so.preload.\n"); |
|
|
| 207 | |
|
|
| 208 | preload_file = file_open("/etc/ld.so.preload", "r+", 1, 0644); |
|
|
| 209 | if (-1 != preload_file) { |
|
|
| 210 | /* Load all the preload libraries into an array */ |
|
|
| 211 | num_of_preloads = load_preload_libs(preload_file, &preload_array); |
|
|
| 212 | //printf("num preloads: %d\r\n", num_of_preloads); |
|
|
| 213 | /* Clear file */ |
|
|
| 214 | file_truncate(preload_file); |
|
|
| 215 | |
|
|
| 216 | /* store the other preload libraries back into the /etc/ld.so.preload file */ |
|
|
| 217 | if (num_of_preloads > 0) { |
|
|
| 218 | for (i = 0; i < num_of_preloads; i++) { |
|
|
| 219 | sprintf(preload_entry, "%s\n", preload_array[i]); |
|
|
| 220 | if (write(preload_file, preload_entry, strlen(preload_entry)) != strlen(preload_entry)) { |
|
|
| 221 | perror(">>> /etc/ld.so.preload file write"); |
|
|
| 222 | success = 0; |
|
|
| 223 | break; |
|
|
| 224 | } |
|
|
| 225 | } |
|
|
| 226 | } |
|
|
| 227 | |
|
|
| 228 | /* Free memory used to store preload array */ |
|
|
| 229 | for (i = 0; i < num_of_preloads; i++) { |
|
|
| 230 | if (preload_array[i]) |
|
|
| 231 | free(preload_array[i]); |
|
|
| 232 | preload_array[i] = NULL; |
|
|
| 233 | } |
|
|
| 234 | if (preload_array) |
|
|
| 235 | free(preload_array); |
|
|
| 236 | preload_array = NULL; |
|
|
| 237 | |
|
|
| 238 | file_close(preload_file); |
|
|
| 239 | preload_file = -1; |
|
|
| 240 | } |
|
|
| 241 | } |
|
|
| 242 | #endif |
|
|
| 243 | |
194 | |
| 244 | file_truncate(pids_file); |
195 | file_truncate(pids_file); |
| 245 | |
196 | |
| 246 | /* if pids are still running, write only the running pids back to the file */ |
197 | /* if pids are still running, write only the running pids back to the file */ |
| 247 | if (num_of_pids > 1) { |
198 | if (num_of_pids > 1) { |
| … | |
… | |
| 462 | } |
413 | } |
| 463 | |
414 | |
| 464 | int main(int argc, char **argv) |
415 | int main(int argc, char **argv) |
| 465 | { |
416 | { |
| 466 | int ret = 0, i = 0, success = 1; |
417 | int ret = 0, i = 0, success = 1; |
| 467 | #ifdef USE_LD_SO_PRELOAD |
|
|
| 468 | int preload_file = -1; |
|
|
| 469 | #endif |
|
|
| 470 | int sandbox_log_presence = 0; |
418 | int sandbox_log_presence = 0; |
| 471 | int sandbox_log_file = -1; |
419 | int sandbox_log_file = -1; |
| 472 | int pids_file = -1; |
420 | int pids_file = -1; |
| 473 | long len; |
421 | long len; |
| 474 | |
422 | |
| … | |
… | |
| 489 | char **argv_bash = NULL; |
437 | char **argv_bash = NULL; |
| 490 | |
438 | |
| 491 | char *run_str = "-c"; |
439 | char *run_str = "-c"; |
| 492 | char *home_dir = NULL; |
440 | char *home_dir = NULL; |
| 493 | char *tmp_string = NULL; |
441 | char *tmp_string = NULL; |
| 494 | #ifdef USE_LD_SO_PRELOAD |
|
|
| 495 | char **preload_array = NULL; |
|
|
| 496 | int num_of_preloads = 0; |
|
|
| 497 | #endif |
|
|
| 498 | |
442 | |
| 499 | /* Only print info if called with no arguments .... */ |
443 | /* Only print info if called with no arguments .... */ |
| 500 | if (argc < 2) |
444 | if (argc < 2) |
| 501 | print_debug = 1; |
445 | print_debug = 1; |
| 502 | |
446 | |
| … | |
… | |
| 551 | #endif |
495 | #endif |
| 552 | if (file_exist(sandbox_rc, 0) <= 0) { |
496 | if (file_exist(sandbox_rc, 0) <= 0) { |
| 553 | fprintf(stderr, "Could not open the sandbox rc file at '%s'.\n", sandbox_rc); |
497 | fprintf(stderr, "Could not open the sandbox rc file at '%s'.\n", sandbox_rc); |
| 554 | return -1; |
498 | return -1; |
| 555 | } |
499 | } |
| 556 | #ifdef USE_LD_SO_PRELOAD |
|
|
| 557 | /* ensure that the /etc/ld.so.preload file contains an entry for the sandbox lib */ |
|
|
| 558 | if (print_debug) |
|
|
| 559 | printf("Setting up the ld.so.preload file.\n"); |
|
|
| 560 | |
|
|
| 561 | /* check if the /etc/ld.so.preload is a regular file */ |
|
|
| 562 | if (file_exist("/etc/ld.so.preload", 1) < 0) { |
|
|
| 563 | fprintf(stderr, ">>> /etc/ld.so.preload file is not a regular file\n"); |
|
|
| 564 | exit(1); |
|
|
| 565 | } |
|
|
| 566 | |
|
|
| 567 | if (getuid() == 0) { |
|
|
| 568 | /* Our r+ also will create the file if it doesn't exist */ |
|
|
| 569 | preload_file = file_open("/etc/ld.so.preload", "r+", 1, 0644); |
|
|
| 570 | if (-1 == preload_file) { |
|
|
| 571 | preload_adaptable = 0; |
|
|
| 572 | /* exit(1);*/ |
|
|
| 573 | } |
|
|
| 574 | } else { |
|
|
| 575 | /* Avoid permissions warnings if we're not root */ |
|
|
| 576 | preload_adaptable = 0; |
|
|
| 577 | } |
|
|
| 578 | |
|
|
| 579 | /* Only update /etc/ld.so.preload if we can write to it ... */ |
|
|
| 580 | if (1 == preload_adaptable) { |
|
|
| 581 | /* Load entries of preload table */ |
|
|
| 582 | num_of_preloads = load_preload_libs(preload_file, &preload_array); |
|
|
| 583 | |
|
|
| 584 | /* Zero out our ld.so.preload file */ |
|
|
| 585 | file_truncate(preload_file); |
|
|
| 586 | |
|
|
| 587 | /* Write contents of preload file */ |
|
|
| 588 | for (i = 0; i < num_of_preloads + 1; i++) { |
|
|
| 589 | /* First entry should be our sandbox library */ |
|
|
| 590 | if (0 == i) { |
|
|
| 591 | if (write(preload_file, sandbox_lib, strlen(sandbox_lib)) != strlen(sandbox_lib)) { |
|
|
| 592 | perror(">>> /etc/ld.so.preload file write"); |
|
|
| 593 | success = 0; |
|
|
| 594 | break; |
|
|
| 595 | } |
|
|
| 596 | } else { |
|
|
| 597 | /* Output all other preload entries */ |
|
|
| 598 | if (write(preload_file, preload_array[i - 1], |
|
|
| 599 | strlen(preload_array[i - 1])) != strlen(preload_array[i - 1])) { |
|
|
| 600 | perror(">>> /etc/ld.so.preload file write"); |
|
|
| 601 | success = 0; |
|
|
| 602 | break; |
|
|
| 603 | } |
|
|
| 604 | } |
|
|
| 605 | /* Don't forget the return character after each line! */ |
|
|
| 606 | if (1 != write(preload_file, "\n", 1)) { |
|
|
| 607 | perror(">>> /etc/ld.so.preload file write"); |
|
|
| 608 | success = 0; |
|
|
| 609 | break; |
|
|
| 610 | } |
|
|
| 611 | } |
|
|
| 612 | |
|
|
| 613 | for (i = 0; i < num_of_preloads; i++) { |
|
|
| 614 | if (preload_array[i]) |
|
|
| 615 | free(preload_array[i]); |
|
|
| 616 | preload_array[i] = NULL; |
|
|
| 617 | } |
|
|
| 618 | if (preload_array) |
|
|
| 619 | free(preload_array); |
|
|
| 620 | num_of_preloads = 0; |
|
|
| 621 | preload_array = NULL; |
|
|
| 622 | } |
|
|
| 623 | |
|
|
| 624 | /* That's all we needed to do with the preload file */ |
|
|
| 625 | if (0 < preload_file) |
|
|
| 626 | file_close(preload_file); |
|
|
| 627 | preload_file = -1; |
|
|
| 628 | #endif |
|
|
| 629 | |
500 | |
| 630 | /* set up the required environment variables */ |
501 | /* set up the required environment variables */ |
| 631 | if (print_debug) |
502 | if (print_debug) |
| 632 | printf("Setting up the required environment variables.\n"); |
503 | printf("Setting up the required environment variables.\n"); |
| 633 | |
504 | |
Parent Directory
| 
Revision Log
| 
Patch