1 |
# ChangeLog for Path Sandbox |
2 |
# Copyright 1999-2005 Gentoo Foundation; Distributed under the GPL v2 |
3 |
# $Header$ |
4 |
|
5 |
12 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c: |
6 |
Rewrite environment stuff to only be set when execve'ing the child process |
7 |
to try and avoid issues like bug #91541 that causes sandbox to crash if |
8 |
we set LD_PRELOAD sandbox side already. |
9 |
|
10 |
11 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c: |
11 |
Move print_sandbox_log() up to make things neater. |
12 |
|
13 |
11 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c: |
14 |
Remove load_preload_libs(), as its not used anymore. |
15 |
|
16 |
11 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c, sandbox.h: |
17 |
Remove NO_FORK stuff, as its not used, and 'strace -f' works just fine. |
18 |
|
19 |
11 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c, sandbox.h: |
20 |
Remove USE_SYSTEM_SHELL stuff, as it is not secure, and not in use. |
21 |
|
22 |
11 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c, sandbox.h: |
23 |
Remove ld.so.preload crap - we are not going to use it again. |
24 |
|
25 |
10 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox_futils.c: |
26 |
Fix typo in code that checks if we got valid group information, causing a |
27 |
segmentation fault, bug #91637. |
28 |
|
29 |
* sandbox-1.2.6 (2005/05/10) |
30 |
|
31 |
10 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c: |
32 |
Do not use LD_PRELOAD if it contains libtsocks.so, as it breaks sandbox |
33 |
for some odd reason, bug #91541. |
34 |
|
35 |
09 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c: |
36 |
Fix typo (sizeof -> strlen). |
37 |
|
38 |
08 May 2005; Brian Harring <ferringb@gentoo.org> libsandbox.c: |
39 |
rewrote the sbcontext caching code so it accounts for env changes since lib |
40 |
initialization. |
41 |
|
42 |
05 May 2005; Martin Schlemmer <azarah@gentoo.org> configure.in, libctest.c: |
43 |
We create libctest.c via configure, so no need to keep it around. Do some |
44 |
cleanup related to libctest.c and libctest during configure. |
45 |
|
46 |
04 May 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c: |
47 |
Add rename support of symlinks pointing to protected files/directories. |
48 |
|
49 |
* sandbox-1.2.5 (2005/05/04) |
50 |
|
51 |
04 May 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c, sandbox.c, |
52 |
sandbox.bashrc: |
53 |
Do not reset already set LD_PRELOAD when starting sandbox. If LD_PRELOAD is |
54 |
already set, init of the env vars fails for some reason, so do this later on, |
55 |
and do not warn (bug #91431). |
56 |
|
57 |
03 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c, sandbox.h, |
58 |
sandbox.bashrc: |
59 |
Fixup sandbox and sandbox.bashrc to call bash with the proper .bashrc. |
60 |
|
61 |
* sandbox-1.2.4 (2005/05/03) |
62 |
|
63 |
03 May 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c: |
64 |
Do not init the env entries with each call, as it creates too many calls to |
65 |
lstat, etc. Should speedup things a bit, bug #91040. |
66 |
|
67 |
03 May 2005; Martin Schlemmer <azarah@gentoo.org> sandbox.c: |
68 |
Add /dev/pty to default write list. Noticed by Morfic. |
69 |
|
70 |
02 May 2005; Mike Frysinger <vapier@gentoo.org> configure.in, localdecls.h, |
71 |
sandbox.h: |
72 |
uClibc doesn't support dlvsym() so add a configure check to make sure it doesn't |
73 |
exist. Also update localdecls.h so BROKEN_RTLD_NEXT isn't defined in uClibc. |
74 |
|
75 |
* sandbox-1.2.3 (2005/04/29) |
76 |
|
77 |
29 Apr 2005; Martin Schlemmer <azarah@gentoo.org> configure.in: |
78 |
Do not check for (*&#$(* CXX or F77. |
79 |
|
80 |
29 Apr 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c: |
81 |
Do not append '/' to pathname in filter_path() if it already ends with it. |
82 |
|
83 |
28 Apr 2005; Mike Frysinger <vapier@gentoo.org> Makefile.am, configure.in: |
84 |
With az's help, clean up autotools to work with cross-compiling. |
85 |
|
86 |
* sandbox-1.2.2 (2005/04/28) |
87 |
|
88 |
28 Apr 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c: |
89 |
Only check for /dev/{null,zero} for unlink hack, else ricers using /dev/shm |
90 |
have issues; bug #90592. |
91 |
|
92 |
* sandbox-1.2.1 (2005/04/23) |
93 |
|
94 |
23 Apr 2005; Martin Schlemmer <azarah@gentoo.org> Makefile.am, canonicalize.c, |
95 |
getcwd.c, libsandbox.c, localdecls.h, sandbox.h, sandbox_futils.c: |
96 |
Make sure all functions used in libsandbox.c is declared static. Define |
97 |
SB_STATIC in localdecls.h for this. Include sandbox_futils.c rather than |
98 |
linking with its object. Hopefully this will fix bug #90153. |
99 |
|
100 |
* sandbox-1.2 (2005/04/23) |
101 |
|
102 |
22 Mar 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c: |
103 |
Allow lchown a symlink in write-allowed path pointing to write-denied |
104 |
target. |
105 |
|
106 |
21 Mar 2005; Marius Mauch <genone@gentoo.org> libsandbox.c: |
107 |
Also show resolved symlink names in the log. |
108 |
|
109 |
14 Mar 2005; Martin Schlemmer <azarah@gentoo.org> Makefile.am, libsandbox.c: |
110 |
Seems -nostdlib was the problem with the constructor/destructor - remove it |
111 |
from Makefile.am, and change the constructor/destructor names again. |
112 |
|
113 |
14 Mar 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c: |
114 |
Also rename the _init() and _fini() declarations. |
115 |
|
116 |
14 Mar 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c, sandbox.c: |
117 |
Fixup the constructor/destructor function names again (they should be _init() |
118 |
and _fini() it seems, and not being called caused sandbox_lib_path to be |
119 |
unset, and thus breaking the execve() wrapper's LD_PRELOAD protection). |
120 |
Add both the path in given SANDBOX_x variable, as well as its symlink |
121 |
resolved path in init_env_entries(). Modify filter_path() to be able to |
122 |
resolve paths without resolving symlinks, as well as to be able to resolve |
123 |
symlinks. Fix a possible segfault in check_access(). Add symlink resolving |
124 |
to check_access() resolving bug #31019. Add 'hack' for unlink, as the fix |
125 |
for bug #31019 cause access violations if we try to remove a symlink that is |
126 |
not in protected path, but points to a protected path. Fix a memory leak in |
127 |
sandbox.c (sandbox_pids_file in main()). Fix the realpath() calls in main() |
128 |
(sandbox.c) being unchecked. Fix the debug logname not having the pid in it |
129 |
(pid_string was uninitialized). General syntax cleanups. |
130 |
|
131 |
09 Mar 2005; Brian Harring <ferringb@gentoo.org> sandbox.c: Fixed the |
132 |
infamous "pids file is not a regular file" w/out newline bug. |
133 |
|
134 |
09 Mar 2005; Brian Harring <ferringb@gentoo.org> Makefile.am, configure.in: |
135 |
Correct libc_version path detection, since it was screwing up if libdir != |
136 |
"/lib/". |
137 |
|
138 |
02 Mar 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c: |
139 |
Hack to make sure sandboxed process cannot remove a device node, bug #79836. |
140 |
|
141 |
02 Mar 2005; Martin Schlemmer <azarah@gentoo.org> Makefile.am: |
142 |
Fix symbols.in not added to dist. |
143 |
|
144 |
02 Mar 2005; Martin Schlemmer <azarah@gentoo.org> Makefile.am, canonicalize.c, |
145 |
getcwd.c, libsandbox.c, sandbox.c, sandbox.h, sandbox_futils.c: |
146 |
White space fixes. |
147 |
|
148 |
02 Mar 2005; Martin Schlemmer <azarah@gentoo.org> Makefile.am, canonicalize.c, |
149 |
configure.in, getcwd.c, libsandbox.c, symbols.in: |
150 |
Fix inverse test logic in canonicalize.c, use a strncpy. Fix gcc warning in |
151 |
getcwd.c. Add symbols.in and logic to Makefile.am to generate symbol versions |
152 |
for glibc and other libc's that use this. Update libsandbox.c to use these |
153 |
symbol versions if available. Fix exec wrapper to re-export LD_PRELOAD if the |
154 |
process unset it. |
155 |
|
156 |
01 Mar 2005; Brian Harring <ferringb@gentoo.org> libsandbox.c: |
157 |
killed off _init and _fini in favor of |
158 |
void __attribute__ ((constructor)) init_func and |
159 |
void __attribute__ ((destructor)) closing_func. _(init|func) were deprecated. |
160 |
|
161 |
06 Dec 2004; Brian Harring <ferringb@gentoo.org> Makefile.am, libsandbox.c, |
162 |
canonicalize.c, getcwd.c: Fixed compilation *again*. Hopefully cvs is done |
163 |
having the hick-ups. |
164 |
|
165 |
04 Dec 2004; Brian Harring <ferringb@gentoo.org> libsandbox.c, getcwd.c, |
166 |
Makefile.am: Fixed compilation. |
167 |
|
168 |
01 Dec 2004; Brian Harring <ferringb@gentoo.org> aclocal.m4: |
169 |
Gutted the bugger so it stops checking for a c++ and fortran compiler. |
170 |
Do *not* regenerate aclocal.m4 for making a release until a better |
171 |
solution is created. |
172 |
|
173 |
20 Nov 2004; Brian Harring <ferringb@gentoo.org> Makefile.am, sandbox_futils.c: |
174 |
Removal of more hardcoded paths. |
175 |
|
176 |
20 Nov 2004; Brian Harring <ferringb@gentoo.org> Makefile.am, configure.in, |
177 |
sandbox_futils.c: tweaks to install sandbox.bashrc, and use it. |
178 |
|
179 |
19 Nov 2004; Brian Harring <ferringb@gentoo.org>: |
180 |
Sandbox is now autotooled, create-localdecls needs to be killed and the code |
181 |
shifted into configure.in. Currently builds *one* libsandbox.so- if multiple |
182 |
are desired (-m64 and -m32 for amd64), the ebuild should do it (imo). |
183 |
To get to a point of testing, automake && autoconf; created requisite files w/ |
184 |
a(utomake|clocal)-1.8, and autoconf 2.59. Installs to /usr/, instead of |
185 |
/lib and /usr/lib/portage/bin. |
186 |
|
187 |
14 Nov 2004; Brian Harring <ferringb@gentoo.org> libsandbox.c, sandbox.c: |
188 |
closing out bug #70225, potential overflow of the sandbox_pids_file var. |
189 |
|
190 |
07 Nov 2004; Brian Harring <ferringb@gentoo.org> libsandbox.c: c99 standard, |
191 |
(think it was at least) allows intermixing of code and data segments. bug #70351 |
192 |
should be fixed by this. |
193 |
|
194 |
03 Nov 2004; Brian Harring <ferringb@gentoo.org> libsandbox.c, sandbox_futils.c: |
195 |
futils fix from bug #65201 via solar, and libsandbox log path checks via #69137 |
196 |
|
197 |
02 Aug 2004; Nicholas Jones <carpaski@gentoo.org> libsandbox.c: Code from |
198 |
Seth Robertson that tracked down all adjuct flags for read operations that |
199 |
do not invoke a write operation. |
200 |
|
201 |
04 Apr 2004; Nicholas Jones <carpaski@gentoo.org> libsandbox.c, sandbox.c: |
202 |
Another fix from jstubbs regarding a free() on a stack variable for the |
203 |
environment -- tracking now prevents extraneous free()'s segfault. |
204 |
|
205 |
04 Apr 2004; Nicholas Jones <carpaski@gentoo.org> libsandbox.c, sandbox.c: |
206 |
J. Stubbs tracked down a new bug where mkdir was failing to the patch on |
207 |
the lstat in mkdir... it now only returns 0 or -1 as documented for mkdir. |
208 |
Also remove the errno = ESUCCESS settings as documentation points out that |
209 |
a library isn't allowed to do that. |
210 |
|
211 |
04 Apr 2004; Nicholas Jones <carpaski@gentoo.org> libsandbox.c: Added a |
212 |
file_security_check() function to check random potential exploits on files |
213 |
that sandbox is to load and read -- Normally sandboxpids.tmp. This fixes |
214 |
the 'system-crippling' exploits (bug 21923) and catches a few other |
215 |
potential problems. |
216 |
|
217 |
20 Mar 2004; Nicholas Jones <carpaski@gentoo.org> Makefile: Updates for |
218 |
32/64 bit sandbox. Made CC and LD '?=' values to allow passed in CC to work. |
219 |
|
220 |
20 Mar 2004; Nicholas Jones <carpaski@gentoo.org> libsandbox.c: |
221 |
bug 42048 -- Fixed the lstat/errno conditions for mkdir <caleb@g.o>. |
222 |
Added the 64/32 bit sandbox patch for AMD64 bug 32963 <brad/azarah>. |
223 |
|
224 |
29 Feb 2004; Martin Schlemmer <azarah@gentoo.org> sandbox.c, sandbox_futils.c : |
225 |
Fix permissions and group of pids file and logs. Permissions should be 0664 |
226 |
and group should be 'portage'. Bug #34260. |
227 |
|
228 |
28 Feb 2004; Martin Schlemmer <azarah@gentoo.org> libsandbox.c : |
229 |
Besides a small cleanup, redo how we replace LD_PRELOAD in the environ passed |
230 |
to the real execve (in our execve wrapper). Seems that on some arches (sparc |
231 |
among others) do not allow us to tamper with the readonly copy passed to |
232 |
execve, so pass our own copy of the environment. Bug #42290. |
233 |
|
234 |
11 Jan 2004; Nicholas Jones <carpaski@gentoo.org> create-decls: |
235 |
Changed tail to head and added a notice about duration of glibc check. |
236 |
|
237 |
21 Dec 2003; Nicholas Jones <carpaski@gentoo.org> create-decls: |
238 |
Changed the glibc subversion check to use /usr/bin/* instead of /bin/sh |
239 |
as there isn't a guarentee that it is dynamic. |
240 |
|
241 |
02 Nov 2003; Martin Schlemmer <azarah@gentoo.org> libsandbox.c : |
242 |
If 'file' passed to before_syscall(const char *func, const char *file) is |
243 |
invalid, we should set errno to ENOENT, and not EINVAL. This should |
244 |
close bug #32238. |
245 |
|
246 |
14 Oct 2003; Martin Schlemmer <azarah@gentoo.org> libsandbox.c : |
247 |
Fix a bug that occurs mainly on 64bit arch, where the file passed to |
248 |
the functions we wrap, is invalid, and then cause canonicalize to pass |
249 |
garbage to before_syscall(), thanks to great detective work from |
250 |
Andrea Luzzardi <al@sig11.org> (bug #29846). |
251 |
|
252 |
13 Oct 2003; Martin Schlemmer <azarah@gentoo.org> create-localdecls : |
253 |
Add a uClibc detection patch from Peter S. Mazinger <ps.m@gmx.net>. |
254 |
|
255 |
13 Oct 2003; Martin Schlemmer <azarah@gentoo.org> libsandbox.c : |
256 |
Fix a bug in libsandbox.c 's checking in the rename wrapper - it basically |
257 |
only checked the destination patch, and not the source, so we could move |
258 |
a protected file to a unprotected directory, and then delete/modify it. |
259 |
Thanks to Andrea Luzzardi (scox) <al@sig11.org>, bug #30992, for this fix. |
260 |
|
261 |
12 Oct 2003; Nicholas Jones <carpaski@gentoo.org> sandbox.c : |
262 |
Added python2.3 to the predict section/variable. |
263 |
|
264 |
28 Sep 2003; Martin Schlemmer <azarah@gentoo.org> libsandbox.c, sandbox.c, |
265 |
sandbox.h, sandbox_futils.c : |
266 |
Add support to set the pids file via SANDBOX_PIDS_FILE at startup. If |
267 |
it is not set, it will revert to its old value. |
268 |
|
269 |
27 Sep 2003; Martin Schlemmer <azarah@gentoo.org> libsandbox.c : |
270 |
Fix our mkdir wrapper to check if the dir exist, and return EEXIST if so, |
271 |
rather than failing with a violation, bug #29748. |
272 |
|
273 |
27 Jul 2003; Martin Schlemmer <azarah@gentoo.org> libsandbox.c : |
274 |
Fix canonicalize() to ignore calls with path = "". |
275 |
|
276 |
27 Jul 2003; Martin Schlemmer <azarah@gentoo.org> getcwd.c, libsandbox.c, |
277 |
sandbox_futils.c, canonicalize.c : |
278 |
Once again coreutils fails, as my systems had 2.5 kernel, the getcwd system |
279 |
call handled strings larger than PATH_MAX (bug #21766). It however does not |
280 |
work the same on 2.4 kernels. |
281 |
|
282 |
To fix, I added the posix implementation of getcwd() (from glibc cvs) that |
283 |
do not need the system call. We use the default getcwd() function via a |
284 |
wrapper (egetcwd), and then lstat the returned path. If lstat fails, it |
285 |
means the current directory was removed, OR that the the system call for |
286 |
getcwd failed (curious is that it do not fail and return NULL or set |
287 |
errno, but rather just truncate the retured directory - usually from the |
288 |
start), and if so, we use the generic getcwd() function (__egetcwd). Note |
289 |
that we do not use the generic version all the time, as it calls lstat() |
290 |
a great number of times, and performance degrade much. |
291 |
|
292 |
29 Jun 2003; Martin Schlemmer <azarah@gentoo.org> create-localdecls, |
293 |
libsandbox.c : |
294 |
Make sure SB_PATH_MAX will not wrap. Fix two possible memory leaks. |
295 |
|
296 |
22 Jun 2003; Martin Schlemmer <azarah@gentoo.org> libsandbox.c, canonicalize.c |
297 |
create-localdecls : |
298 |
When checking path names of files accessed, we need to canonicalize it, else |
299 |
it may be a symlink in a 'write allowed' directory pointing to a file in a |
300 |
directory we should not have write access to. |
301 |
|
302 |
With something like coreutils-5.0, we have two problems: |
303 |
1) One of the tests checks if getcwd() can return a path longer than |
304 |
PATH_MAX. This test then tries to create a dir which even while |
305 |
created local (mkdir("conftest2")), it ends up being resolved with |
306 |
a name that is much larger than PATH_MAX. The problem now is that |
307 |
canonicalize() have undefined behaviour when the path was too long |
308 |
(returned wrongly truncated paths, etc), and pass the wrong path to |
309 |
before_syscall() (causing the bogus sandbox violations). |
310 |
2) The ecanonicalize() function we used, along with the canonicalize() |
311 |
function did not support longer than PATH_MAX. This is partly a |
312 |
cause for 1), but the error checking (rather lack of it) of calls |
313 |
to erealpath() in canonicalize() was the prime reason for 1). |
314 |
|
315 |
As we do not use this canonicalized name to call the function, we resolve this |
316 |
by fixing canonicalize() to do better error checking, and ecanonicalize() as |
317 |
well as all functions in libsandbox.c to use a PATH_MAX of 'PATH_MAX * 2'. |
318 |
While they will resolve paths properly now, and can check if a write/read is |
319 |
allowed, the functions called from the sandboxed environment will still work |
320 |
as expected. |
321 |
|
322 |
This should resolve bug #21766. |
323 |
|
324 |
06 Apr 2003; Martin Schlemmer <azarah@gentoo.org> libsandbox.c : |
325 |
For some reason sandbox fails with a 'open_wr' if you run 'locale -a' under |
326 |
it (bug #16298). |
327 |
|
328 |
Problem is that for some reason locale fopen's locale.alias with mode "rm". |
329 |
|
330 |
------------------------------------------------------- |
331 |
nosferatu root # grep fopen locale.log |
332 |
fopen("/usr/share/locale/locale.alias", "rm"ACCESS DENIED open_wr: /usr/share/locale/locale.alias |
333 |
nosferatu root # |
334 |
-------------------------------------------------------- |
335 |
|
336 |
I checked the source of locale, but it have fopen with mode 'r', so |
337 |
not sure where the "rm" mode comes from. Anyhow, changed the check in |
338 |
before_syscall_open_char() to also see mode "rm" as readonly. |
339 |
|
340 |
23 Feb 2003; Martin Schlemmer <azarah@gentoo.org> create-localdecls : |
341 |
|
342 |
Add glibc-2.3 support. |
343 |
|
344 |
22 Feb 2003; Martin Schlemmer <azarah@gentoo.org> sandbox.c : |
345 |
|
346 |
Some /etc/ld.so.preload fixes. Just changed the #if defines to cover all |
347 |
operations releated to preload, as well as only try to modify ld.so.preload |
348 |
if we can. Also modify to write the pid to /tmp/sandboxpids.tmp even when |
349 |
not using ld.so.preload. Fix to not write this instance of sandbox's pid |
350 |
to /tmp/sandboxpids.tmp on exit if this is not the last sandbox running. |
351 |
|
352 |
22 Feb 2003; Nicholas Jones <carpaski@gentoo.org> Makefile : |
353 |
|
354 |
Changed the LD to CC for hppa. |
355 |
|
356 |
22 Feb 2003; Nicholas Jones <carpaski@gentoo.org> create-localdecls : |
357 |
|
358 |
Killed the previous changes I made. |
359 |
|
360 |
17 Feb 2003; Nicholas Jones <carpaski@gentoo.org> create-localdecls : |
361 |
|
362 |
Added parisc to BROKEN_RTLD_ARCHLIST to see if it we can fix the relocation probs. |
363 |
|
364 |
09 Jan 2003; J Robert Ray <jrray@gentoo.org> sandbox.c : |
365 |
|
366 |
Don't segfault if $HOME isn't set, set $HOME to "/" instead. Fixes bug 10868. |
367 |
|
368 |
16 Dec 2002; Martin Schlemmer <azarah@gentoo.org> create-localdecls : |
369 |
|
370 |
Fix memory leak for mips, bug #12236. Thanks to Torgeir Hansen <torgeir@trenger.ro> |
371 |
for this fix. |
372 |
|
373 |
4 Dec 2002; J Robert Ray <jrray@gentoo.org> sandbox.h sandbox_futils.c : |
374 |
|
375 |
sandbox_futils defined a dirname() function that was masking the same |
376 |
function in glibc and was broken (e.g.: SANDBOX_DIR was being set to |
377 |
'/usr/lib/portage/bi/'). Fixed function to return expected results and |
378 |
renamed it to sb_dirname() to no longer mask the glibc function. Closes bug |
379 |
11231. |
380 |
|
381 |
4 Dec 2002; Martin Schlemmer <azarah@gentoo.org> : |
382 |
|
383 |
Fix a segfault in libsandbox.c if canonicalize() was called with |
384 |
first parameter = NULL. |
385 |
|
386 |
1 Sep 2002; Martin Schlemmer <azarah@gentoo.org> : |
387 |
|
388 |
Fix my braindead 'return 1;' in a void function. Updated sandbox.c, |
389 |
cleanup() for this. |
390 |
|
391 |
Change cleanup() in sandbox.c not to exit with fail status if |
392 |
the pidsfile is missing. We really should still display sandbox |
393 |
violations if they occured. |
394 |
|
395 |
31 Aug 2002; Martin Schlemmer <azarah@gentoo.org> : |
396 |
|
397 |
Update cleanup() in sandbox.c to remove the PIDSFILE if this is |
398 |
the last sandbox running. |
399 |
|
400 |
25 Aug 2002; Martin Schlemmer <azarah@gentoo.org> : |
401 |
|
402 |
Major cleanups to mainly libsandbox.c again. |
403 |
|
404 |
22 Aug 2002; Martin Schlemmer <azarah@gentoo.org> : |
405 |
|
406 |
Add copyrights to sandbox.h and sandbox_futils.h. If wrong, the |
407 |
parties involved should please contact me so that we can fix it. |
408 |
|
409 |
Add opendir wrapper to libsandbox.c. |
410 |
|
411 |
21 Aug 2002; Martin Schlemmer <azarah@gentoo.org> : |
412 |
|
413 |
Do some more cleanups to ecanonicalize(), as it dropped filenames in |
414 |
rare cases (after my symlink cleanups), and caused glibc to bork. |
415 |
These fixes went into canonicalize.c. |
416 |
|
417 |
20 Aug 2002; Martin Schlemmer <azarah@gentoo.org> : |
418 |
|
419 |
Fix spawn_shell() and main() in sandbox.c to properly return fail |
420 |
status. |
421 |
|
422 |
19 Aug 2002; Martin Schlemmer <azarah@gentoo.org> : |
423 |
|
424 |
The new canonicalize() function in libsandbox.c also resolved symlinks, |
425 |
which caused on cleaning sandbox errors if the symlink pointed to a |
426 |
file in the live root. Ripped out canonicalize() and realpath() from |
427 |
glibc; removed the symlink stuff, and changed them to ecanonicalize() |
428 |
and erealpath(). |
429 |
|
430 |
18 Aug 2002; Martin Schlemmer <azarah@gentoo.org> : |
431 |
|
432 |
Ripped out all the wrappers, and implemented those of InstallWatch. |
433 |
Losts of cleanups and bugfixes. Implement a execve that forces |
434 |
$LIBSANDBOX in $LD_PRELOAD. We can now thus do away with the feared |
435 |
/etc/ld.so.preload (*g*) ... Made the needed changes to sandbox.c, |
436 |
sandbox.h and sandbox_futils.c. Rewrote the Makefile for most |
437 |
parts; it now have an install target. |
438 |
|
439 |
Reformat the whole thing to look somewhat like the reworked sandbox.c |
440 |
and new sandbox.h and sandbox_futils.c from: |
441 |
|
442 |
Brad House <brad@mainstreetsoftworks.com>. |
443 |
|
444 |
Additional Copyrights now due to the InstallWatch code: |
445 |
|
446 |
Copyright (C) 1998-9 Pancrazio `Ezio' de Mauro <p@demauro.net> |