| /[path-sandbox]/trunk/src/sandbox.c |
Parent Directory
| 
Revision Log
| Links to HEAD: | (view) (download) (as text) (annotate) |
Fix double free() in sandbox.
Remove uneeded test, as setenv(,,0) do not replace.
Use debug versions of malloc(), realloc() and calloc().
Free some of our custom environment data.
Set default values via a config file. Also support sandbox.d config directory for package specific configuration files.
Remove last libsandbox-only functions in favour for ones provided by librcutil. Setup log_domain properly for debugging.
Updates for changes to librcutil.
Use librcutil.
Rename EINFO, etc to SB_EINFO, etc to not conflict with macros from librcutil.
Set NOCOLOR to 'no', else ebuild.sh do not set COLS, etc.
Just killing the child with SANDBOX_ABORT do not actually abort the make process in many cases. So also kill the offending child, and pray that make will also abort. This is really hackish, and we should rather kill the whole process tree, but currently its too much work (considering that we are in signal context which probably will make things difficult - not even talking about the bsd's ...), so it will have to do.
Make stop_called volatile as its used in signal handler.
Add /dev/full to write allowed paths, bug #137240.
Add SANDBOX_INTRACTV logic, and Vapier's sandboxshell mojo.
Add is_env_off(). Also check for true/false. Use is_env_*.
Theoretically add support to terminate immediately if we had an access violation, bug #138499. Uses environment variable SANDBOX_ABORT.
More changes to try and resolve OSes with generic getcwd() implementations.
Rename sandbox_futils.c to sandbox_utils.c. Add gstrndup() and gbasename() to sandbox_utils.c. Add check for glibc, and fixup things to not need glibc only extensions if not needed for versioned symbols.
Add /dev/shm to write path.
Use egetcwd() in sandbox.c.
Fixup SANDBOX_ON handling after already running changes.
Only check SANDBOX_ACTIVE, and not its value. More BASH_ENV fixes.
Revert 64bit arch test, as we should build the 32bit version without full path checking as well, and add --enable-multilib switch to configure.
Reorder source layout.
Make sure we use our bashrc.
Rather check SANDBOX_ACTIVE if we are already running. Set SANDBOX_ACTIVE to readonly in sandbox.bashrc.
Cleanup environ variables.
Do not handle adding working directory to SANDBOX_WRITE, as portage does it itself.
Improve error handling for get_sandbox_*_envvar() functions.
Remove the tmp_dir variable - we do not need it.
If we are called from the command line, do not care about PORTAGE_TMPDIR, and make the current directory the work directory. Also rename the variable portage_tmp_dir to work_dir.
Add /dev/tts to write permit, bug #42809.
Do not resolve symlinks in PORTAGE_TMPDIR in sandbox .. we will handle that in libsandbox .. bug #100309.
Fix compile error with previous change, and return rather then exit().
Remove old logs if present and conflicting with current.
Try to cleanup and make error handling/printing consistent.
Cleanup access/log printing. Make access printing honour NOCOLOR. Fix log printing's last line not honouring NOCOLOR.
Remove unused includes and variables.
Remove sandbox_dir and co - we are not using it anymore.
Redo the interface of the get_* functions so that we do not leak memory.
Major cleanup of sandbox_futils.c. Removed most of the functions as we now write to /var/log/sandbox/, so in theory do not need all that.
Remove unused 'pids file' code.
Remove unused variables.
Remove trailing ':' for SANDBOX_PREDICT.
Fix typo in Robin's patch.
Add PREDICT items for nss-db, bug #92079. Patch from Robin Johnson.
Move get_sandbox_*_envvar() to sandbox_setup_environ(), as its more appropriate there.
Remove fooling around with exit codes - we error out on presence of a log anyhow.
Add hack to allow writing to /proc/self/fd (or /dev/fd), bug #91516.
Do not abort if TMPDIR is not valid, but rather use '/tmp', bug #94360. Also make sure we re-export the new TMPDIR environment variable.
Add /dev/console to write list, bug #38588.
General cleanups.
Various LD_PRELOAD cleanups. Do not unset LD_PRELOAD for parent.
Modify get_sandbox_pids_file(), get_sandbox_log() and get_sandbox_debug_log() to use TMPDIR if present in environment.
Remove sandbox_log_file from main() as its no longer used.
Add get_sandbox_debug_log(), and use it (add behaviour similar to SANDBOX_LOG if already exported when sandbox started). Fix get_sandbox_log() and new get_sandbox_debug_log() to not use already exported environment variables if they have '/' in them. Use snprintf()'s instead of strncpy()'s. More SB_PATH_MAX fixes.
Add comments about memory we do not free at the moment.
More path limit fixes. Declare SB_BUF_LEN global and use it where needed.
Set SANDBOX_ON *before* doing the child's env stuff, else its not set for the child.
Remove global preload_adaptable as it is no longer used.
Rewrite environment stuff to only be set when execve'ing the child process to try and avoid issues like bug #91541 that causes sandbox to crash if we set LD_PRELOAD sandbox side already.
Move print_sandbox_log() up to make things neater.
Remove load_preload_libs(), as its not used anymore.
Remove NO_FORK stuff, as its not used, and 'strace -f' works just fine.
Remove USE_SYSTEM_SHELL stuff, as it is not secure, and not in use (continued).
Remove USE_SYSTEM_SHELL stuff, as it is not secure, and not in use.
Remove ld.so.preload crap - we are not going to use it again.
Do not use LD_PRELOAD if it contains libtsocks.so, as it breaks sandbox for some odd reason, bug #91541.
Fix typo (sizeof -> strlen).
Do not reset already set LD_PRELOAD when starting sandbox. If LD_PRELOAD is already set, init of the env vars fails for some reason, so do this later on, and do not warn (bug #91431).
Fixup sandbox and sandbox.bashrc to call bash with the proper .bashrc.
Add /dev/pty to default write list. Noticed by Morfic.
Fixup the constructor/destructor function names again (they should be _init() and _fini() it seems, and not being called caused sandbox_lib_path to be unset, and thus breaking the execve() wrapper's LD_PRELOAD protection). Add both the path in given SANDBOX_x variable, as well as its symlink resolved path in init_env_entries(). Modify filter_path() to be able to resolve paths without resolving symlinks, as well as to be able to resolve symlinks. Fix a possible segfault in check_access(). Add symlink resolving to check_access() resolving bug #31019. Add 'hack' for unlink, as the fix for bug #31019 cause access violations if we try to remove a symlink that is not in protected path, but points to a protected path. Fix a memory leak in sandbox.c (sandbox_pids_file in main()). Fix the realpath() calls in main() (sandbox.c) being unchecked. Fix the debug logname not having the pid in it (pid_string was uninitialized). General syntax cleanups.
happy output time. missing new line.
White space fixes.
Initial revision
This form allows you to request diffs between any two revisions of this file. For each of the two "sides" of the diff, enter a numeric revision.
| ViewVC Help | |
| Powered by ViewVC 1.1.13 |