/[path-sandbox]/trunk/src/sandbox.c
Gentoo

Diff of /trunk/src/sandbox.c

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 99 Revision 100
273 273
274int sandbox_setenv(char **env, char *name, char *val) { 274int sandbox_setenv(char **env, char *name, char *val) {
275 char **tmp_env = env; 275 char **tmp_env = env;
276 char *tmp_string = NULL; 276 char *tmp_string = NULL;
277 277
278 /* XXX: We add the new variable to the end (no replacing). If this
279 * is changed, we need to fix sandbox_setup_environ() below */
278 while (NULL != *tmp_env) 280 while (NULL != *tmp_env)
279 tmp_env++; 281 tmp_env++;
280 282
281 /* strlen(name) + strlen(val) + '=' + '\0' */ 283 /* strlen(name) + strlen(val) + '=' + '\0' */
282 /* FIXME: Should probably free this at some stage - more neatness than 284 /* FIXME: Should probably free this at some stage - more neatness than
298 * setting LD_PRELOAD parent side */ 300 * setting LD_PRELOAD parent side */
299char **sandbox_setup_environ(char *sandbox_dir, char *sandbox_lib, char *sandbox_rc, char *sandbox_log, 301char **sandbox_setup_environ(char *sandbox_dir, char *sandbox_lib, char *sandbox_rc, char *sandbox_log,
300 char *sandbox_debug_log, char *sandbox_write_envvar, char *sandbox_predict_envvar) 302 char *sandbox_debug_log, char *sandbox_write_envvar, char *sandbox_predict_envvar)
301{ 303{
302 int env_size = 0; 304 int env_size = 0;
305 int have_ld_preload = 0;
303 306
304 char **new_environ; 307 char **new_environ;
305 char **env_ptr = environ; 308 char **env_ptr = environ;
306 char *ld_preload_envvar = NULL; 309 char *ld_preload_envvar = NULL;
310 char *orig_ld_preload_envvar = NULL;
307 311
308 /* Unset these, as its easier than replacing when setting up our 312 /* Unset these, as its easier than replacing when setting up our
309 * new environment below */ 313 * new environment below */
310 unsetenv(ENV_SANDBOX_DIR); 314 unsetenv(ENV_SANDBOX_DIR);
311 unsetenv(ENV_SANDBOX_LIB); 315 unsetenv(ENV_SANDBOX_LIB);
312 unsetenv(ENV_SANDBOX_BASHRC); 316 unsetenv(ENV_SANDBOX_BASHRC);
313 unsetenv(ENV_SANDBOX_LOG); 317 unsetenv(ENV_SANDBOX_LOG);
314 unsetenv(ENV_SANDBOX_DEBUG_LOG); 318 unsetenv(ENV_SANDBOX_DEBUG_LOG);
315 319
316 if (NULL != getenv("LD_PRELOAD")) { 320 if (NULL != getenv(ENV_LD_PRELOAD)) {
321 have_ld_preload = 1;
322 orig_ld_preload_envvar = getenv(ENV_LD_PRELOAD);
323
317 /* FIXME: Should probably free this at some stage - more neatness 324 /* FIXME: Should probably free this at some stage - more neatness
318 * than a real leak that will cause issues. */ 325 * than a real leak that will cause issues. */
319 ld_preload_envvar = malloc(strlen(getenv("LD_PRELOAD")) + 326 ld_preload_envvar = calloc(strlen(orig_ld_preload_envvar) +
320 strlen(sandbox_lib) + 2); 327 strlen(sandbox_lib) + 2, sizeof(char *));
321 if (NULL == ld_preload_envvar) 328 if (NULL == ld_preload_envvar)
322 return NULL; 329 return NULL;
323 strncpy(ld_preload_envvar, sandbox_lib, strlen(sandbox_lib)); 330 snprintf(ld_preload_envvar, strlen(orig_ld_preload_envvar) +
324 strncat(ld_preload_envvar, " ", 1); 331 strlen(sandbox_lib) + 2, "%s %s",
325 strncat(ld_preload_envvar, getenv("LD_PRELOAD"), 332 sandbox_lib, orig_ld_preload_envvar);
326 strlen(getenv("LD_PRELOAD")));
327 } else { 333 } else {
328 /* FIXME: Should probably free this at some stage - more neatness 334 /* FIXME: Should probably free this at some stage - more neatness
329 * than a real leak that will cause issues. */ 335 * than a real leak that will cause issues. */
330 ld_preload_envvar = strndup(sandbox_lib, strlen(sandbox_lib)); 336 ld_preload_envvar = strndup(sandbox_lib, strlen(sandbox_lib));
331 if (NULL == ld_preload_envvar) 337 if (NULL == ld_preload_envvar)
332 return NULL; 338 return NULL;
333 } 339 }
340 /* Do not unset this, as strange things might happen */
334 unsetenv("LD_PRELOAD"); 341 /* unsetenv(ENV_LD_PRELOAD); */
335 342
336 while (NULL != *env_ptr) { 343 while (NULL != *env_ptr) {
337 env_size++; 344 env_size++;
338 env_ptr++; 345 env_ptr++;
339 } 346 }
349 sandbox_setenv(new_environ, ENV_SANDBOX_DIR, sandbox_dir); 356 sandbox_setenv(new_environ, ENV_SANDBOX_DIR, sandbox_dir);
350 sandbox_setenv(new_environ, ENV_SANDBOX_LIB, sandbox_lib); 357 sandbox_setenv(new_environ, ENV_SANDBOX_LIB, sandbox_lib);
351 sandbox_setenv(new_environ, ENV_SANDBOX_BASHRC, sandbox_rc); 358 sandbox_setenv(new_environ, ENV_SANDBOX_BASHRC, sandbox_rc);
352 sandbox_setenv(new_environ, ENV_SANDBOX_LOG, sandbox_log); 359 sandbox_setenv(new_environ, ENV_SANDBOX_LOG, sandbox_log);
353 sandbox_setenv(new_environ, ENV_SANDBOX_DEBUG_LOG, sandbox_debug_log); 360 sandbox_setenv(new_environ, ENV_SANDBOX_DEBUG_LOG, sandbox_debug_log);
361 /* If LD_PRELOAD was not set, set it here, else do it below */
362 if (1 != have_ld_preload)
354 sandbox_setenv(new_environ, "LD_PRELOAD", ld_preload_envvar); 363 sandbox_setenv(new_environ, ENV_LD_PRELOAD, ld_preload_envvar);
355 364
356 if (!getenv(ENV_SANDBOX_DENY)) 365 if (!getenv(ENV_SANDBOX_DENY))
357 sandbox_setenv(new_environ, ENV_SANDBOX_DENY, LD_PRELOAD_FILE); 366 sandbox_setenv(new_environ, ENV_SANDBOX_DENY, LD_PRELOAD_FILE);
358 367
359 if (!getenv(ENV_SANDBOX_READ)) 368 if (!getenv(ENV_SANDBOX_READ))
379 env_size++; 388 env_size++;
380 389
381 /* Now add the rest */ 390 /* Now add the rest */
382 env_ptr = environ; 391 env_ptr = environ;
383 while (NULL != *env_ptr) { 392 while (NULL != *env_ptr) {
393 if ((1 == have_ld_preload) &&
394 (strstr(*env_ptr, LD_PRELOAD_EQ) == *env_ptr))
395 /* If LD_PRELOAD was set, and this is it in the original
396 * environment, replace it with our new copy */
397 /* XXX: The following works as it just add whatever as
398 * the last variable to nev_environ */
399 sandbox_setenv(new_environ, ENV_LD_PRELOAD,
400 ld_preload_envvar);
401 else
384 new_environ[env_size + (env_ptr - environ)] = *env_ptr; 402 new_environ[env_size + (env_ptr - environ)] = *env_ptr;
385 env_ptr++; 403 env_ptr++;
386 } 404 }
387 405
388 return new_environ; 406 return new_environ;
389} 407}

Legend:
Removed from v.99  
changed lines
  Added in v.100

  ViewVC Help
Powered by ViewVC 1.1.20