Parent Directory | Revision Log
Remove USE_SYSTEM_SHELL stuff, as it is not secure, and not in use (continued).
Remove USE_SYSTEM_SHELL stuff, as it is not secure, and not in use.
Remove ld.so.preload crap - we are not going to use it again.
Do not use LD_PRELOAD if it contains libtsocks.so, as it breaks sandbox for some odd reason, bug #91541.
Fix typo (sizeof -> strlen).
Do not reset already set LD_PRELOAD when starting sandbox. If LD_PRELOAD is already set, init of the env vars fails for some reason, so do this later on, and do not warn (bug #91431).
Fixup sandbox and sandbox.bashrc to call bash with the proper .bashrc.
Add /dev/pty to default write list. Noticed by Morfic.
Fixup the constructor/destructor function names again (they should be _init() and _fini() it seems, and not being called caused sandbox_lib_path to be unset, and thus breaking the execve() wrapper's LD_PRELOAD protection). Add both the path in given SANDBOX_x variable, as well as its symlink resolved path in init_env_entries(). Modify filter_path() to be able to resolve paths without resolving symlinks, as well as to be able to resolve symlinks. Fix a possible segfault in check_access(). Add symlink resolving to check_access() resolving bug #31019. Add 'hack' for unlink, as the fix for bug #31019 cause access violations if we try to remove a symlink that is not in protected path, but points to a protected path. Fix a memory leak in sandbox.c (sandbox_pids_file in main()). Fix the realpath() calls in main() (sandbox.c) being unchecked. Fix the debug logname not having the pid in it (pid_string was uninitialized). General syntax cleanups.
happy output time. missing new line.
White space fixes.
This form allows you to request diffs between any two revisions of this file. For each of the two "sides" of the diff, enter a numeric revision.
|Powered by ViewVC 1.1.20|