Parent Directory | Revision Log
|Links to HEAD:||(view) (download) (as text) (annotate)|
Various LD_PRELOAD cleanups. Do not unset LD_PRELOAD for parent.
Modify get_sandbox_pids_file(), get_sandbox_log() and get_sandbox_debug_log() to use TMPDIR if present in environment.
Remove sandbox_log_file from main() as its no longer used.
Add get_sandbox_debug_log(), and use it (add behaviour similar to SANDBOX_LOG if already exported when sandbox started). Fix get_sandbox_log() and new get_sandbox_debug_log() to not use already exported environment variables if they have '/' in them. Use snprintf()'s instead of strncpy()'s. More SB_PATH_MAX fixes.
Add comments about memory we do not free at the moment.
More path limit fixes. Declare SB_BUF_LEN global and use it where needed.
Set SANDBOX_ON *before* doing the child's env stuff, else its not set for the child.
Remove global preload_adaptable as it is no longer used.
Rewrite environment stuff to only be set when execve'ing the child process to try and avoid issues like bug #91541 that causes sandbox to crash if we set LD_PRELOAD sandbox side already.
Move print_sandbox_log() up to make things neater.
Remove load_preload_libs(), as its not used anymore.
Remove NO_FORK stuff, as its not used, and 'strace -f' works just fine.
Remove USE_SYSTEM_SHELL stuff, as it is not secure, and not in use (continued).
Remove USE_SYSTEM_SHELL stuff, as it is not secure, and not in use.
Remove ld.so.preload crap - we are not going to use it again.
Do not use LD_PRELOAD if it contains libtsocks.so, as it breaks sandbox for some odd reason, bug #91541.
Fix typo (sizeof -> strlen).
Do not reset already set LD_PRELOAD when starting sandbox. If LD_PRELOAD is already set, init of the env vars fails for some reason, so do this later on, and do not warn (bug #91431).
Fixup sandbox and sandbox.bashrc to call bash with the proper .bashrc.
Add /dev/pty to default write list. Noticed by Morfic.
Fixup the constructor/destructor function names again (they should be _init() and _fini() it seems, and not being called caused sandbox_lib_path to be unset, and thus breaking the execve() wrapper's LD_PRELOAD protection). Add both the path in given SANDBOX_x variable, as well as its symlink resolved path in init_env_entries(). Modify filter_path() to be able to resolve paths without resolving symlinks, as well as to be able to resolve symlinks. Fix a possible segfault in check_access(). Add symlink resolving to check_access() resolving bug #31019. Add 'hack' for unlink, as the fix for bug #31019 cause access violations if we try to remove a symlink that is not in protected path, but points to a protected path. Fix a memory leak in sandbox.c (sandbox_pids_file in main()). Fix the realpath() calls in main() (sandbox.c) being unchecked. Fix the debug logname not having the pid in it (pid_string was uninitialized). General syntax cleanups.
happy output time. missing new line.
White space fixes.
shift sandbox out of gentoo-src/portage to it's own directory, w/ appropriate autotooling.
This form allows you to request diffs between any two revisions of this file. For each of the two "sides" of the diff, select a symbolic revision name using the selection box, or choose 'Use Text Field' and enter a numeric revision.
|Powered by ViewVC 1.1.20|