# Diff of /trunk/libsandbox.c

Revision 103 Revision 104
94 94
95/* Macro to check if a wrapper is defined, if not 95/* Macro to check if a wrapper is defined, if not
96 * then try to resolve it again. */ 96 * then try to resolve it again. */
97#define check_dlsym(name) \ 97#define check_dlsym(name) \
98{ \ 98{ \
99 int old_errno=errno; \ 99 int old_errno=errno; \
100 if (!true_ ## name) \ 100 if (!true_ ## name) \
101 true_ ## name = get_dlsym(symname_ ## name, symver_ ## name); \ 101 true_ ## name = get_dlsym(symname_ ## name, symver_ ## name); \
102 errno=old_errno; \ 102 errno=old_errno; \
103} 103}
104 104
105/* Macro to check if we could canonicalize a path. It returns an integer on 105/* Macro to check if we could canonicalize a path. It returns an integer on
106 * failure. */ 106 * failure. */
107#define canonicalize_int(path, resolved_path) \ 107#define canonicalize_int(path, resolved_path) \
108{ \ 108{ \
109 if (0 != canonicalize(path, resolved_path)) \ 109 if (0 != canonicalize(path, resolved_path)) \
110 return -1; \ 110 return -1; \
111} 111}
112 112
113/* Macro to check if we could canonicalize a path. It returns a NULL pointer on 113/* Macro to check if we could canonicalize a path. It returns a NULL pointer on
114 * failure. */ 114 * failure. */
115#define canonicalize_ptr(path, resolved_path) \ 115#define canonicalize_ptr(path, resolved_path) \
116{ \ 116{ \
117 if (0 != canonicalize(path, resolved_path)) \ 117 if (0 != canonicalize(path, resolved_path)) \
118 return NULL; \ 118 return NULL; \
119} 119}
120 120
121static char sandbox_lib[SB_PATH_MAX]; 121static char sandbox_lib[SB_PATH_MAX];
122//static char sandbox_pids_file[255]; 122//static char sandbox_pids_file[255];
123static char *sandbox_pids_file; 123static char *sandbox_pids_file;
900 goto end_loop; 900 goto end_loop;
901 } 901 }
902 count++; 902 count++;
903 } 903 }
904 904
905 end_loop: 905 end_loop:
906 errno = old_errno; 906 errno = old_errno;
907 check_dlsym(execve); 907 check_dlsym(execve);
908 result = true_execve(filename, argv, my_env); 908 result = true_execve(filename, argv, my_env);
909 old_errno = errno; 909 old_errno = errno;
910 910
1396 unsetenv("SANDBOX_DEBUG"); 1396 unsetenv("SANDBOX_DEBUG");
1397 unsetenv("SANDBOX_DEBUG_LOG"); 1397 unsetenv("SANDBOX_DEBUG_LOG");
1398 fprintf(stderr, "\e[31;01mSECURITY BREACH\033[0m SANDBOX_DEBUG_LOG %s isn't allowed by SANDBOX_WRITE.\n", 1398 fprintf(stderr, "\e[31;01mSECURITY BREACH\033[0m SANDBOX_DEBUG_LOG %s isn't allowed by SANDBOX_WRITE.\n",
1399 dpath); 1399 dpath);
1400 } else { 1400 } else {
1401 debug_log_file = true_open(dpath, O_APPEND | O_WRONLY | 1401 debug_log_file = true_open(dpath, O_APPEND | O_WRONLY | O_CREAT,
1402 O_CREAT, S_IRUSR | S_IWUSR | 1402 S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
1403 S_IRGRP | S_IROTH);
1404 if (debug_log_file >= 0) { 1403 if (debug_log_file >= 0) {
1405 write(debug_log_file, buffer, strlen(buffer)); 1404 write(debug_log_file, buffer, strlen(buffer));
1406 close(debug_log_file); 1405 close(debug_log_file);
1407 } 1406 }
1408 } 1407 }

Legend:
 Removed from v.103 changed lines Added in v.104