commit: 701486a499631955c150344559762ac301147833 Author: Mike Frysinger <vapier <AT> gentoo <DOT> org> AuthorDate: Fri Oct 22 03:20:21 2021 +0000 Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org> CommitDate: Fri Oct 22 04:15:04 2021 +0000 URL: https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=701486a4
libsandbox: add xattr wrappers #672566 These modify the filesystem, so don't let them do their business. Fixes: https://bugs.gentoo.org/672566 Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org> configure.ac | 5 +++++ headers.h | 3 +++ libsandbox/libsandbox.c | 24 +++++++++++++++--------- libsandbox/symbols.h.in | 4 ++++ libsandbox/wrapper-funcs/lremovexattr.c | 11 +++++++++++ libsandbox/wrapper-funcs/lsetxattr.c | 11 +++++++++++ libsandbox/wrapper-funcs/removexattr.c | 11 +++++++++++ libsandbox/wrapper-funcs/setxattr.c | 11 +++++++++++ tests/Makefile.am | 4 ++++ tests/lremovexattr-0.c | 15 +++++++++++++++ tests/lsetxattr-0.c | 24 ++++++++++++++++++++++++ tests/removexattr-0.c | 15 +++++++++++++++ tests/removexattr-1.sh | 13 +++++++++++++ tests/removexattr.at | 1 + tests/setxattr-0.c | 24 ++++++++++++++++++++++++ tests/setxattr-1.sh | 13 +++++++++++++ tests/setxattr.at | 1 + tests/tests.h | 1 + 18 files changed, 182 insertions(+), 9 deletions(-) diff --git a/configure.ac b/configure.ac index e16892f..96c602f 100644 --- a/configure.ac +++ b/configure.ac @@ -143,6 +143,7 @@ AC_CHECK_HEADERS_ONCE(m4_flatten([ sys/uio.h sys/user.h sys/wait.h + sys/xattr.h asm/ptrace.h linux/ptrace.h ])) @@ -185,6 +186,8 @@ AC_CHECK_FUNCS_ONCE(m4_flatten([ getcwd lchown linkat + lremovexattr + lsetxattr lutimes memmove memcpy @@ -210,10 +213,12 @@ AC_CHECK_FUNCS_ONCE(m4_flatten([ ptrace realpath remove + removexattr renameat renameat2 rmdir setenv + setxattr strcasecmp strchr strdup diff --git a/headers.h b/headers.h index 13e005a..605413e 100644 --- a/headers.h +++ b/headers.h @@ -143,6 +143,9 @@ #ifdef HAVE_SYS_WAIT_H # include <sys/wait.h> #endif +#ifdef HAVE_SYS_XATTR_H +# include <sys/xattr.h> +#endif #ifdef __ia64__ /* what a pos */ # define ia64_fpreg FU_ia64_fpreg diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c index c00c92c..beaf305 100644 --- a/libsandbox/libsandbox.c +++ b/libsandbox/libsandbox.c @@ -676,15 +676,17 @@ static bool symlink_func(int sb_nr, int flags, const char *abs_path) struct stat st; /* These funcs always operate on symlinks */ - if (!(sb_nr == SB_NR_UNLINK || - sb_nr == SB_NR_UNLINKAT || - sb_nr == SB_NR_LCHOWN || - sb_nr == SB_NR_REMOVE || - sb_nr == SB_NR_RENAME || - sb_nr == SB_NR_RENAMEAT || - sb_nr == SB_NR_RENAMEAT2|| - sb_nr == SB_NR_RMDIR || - sb_nr == SB_NR_SYMLINK || + if (!(sb_nr == SB_NR_UNLINK || + sb_nr == SB_NR_UNLINKAT || + sb_nr == SB_NR_LCHOWN || + sb_nr == SB_NR_LREMOVEXATTR || + sb_nr == SB_NR_LSETXATTR || + sb_nr == SB_NR_REMOVE || + sb_nr == SB_NR_RENAME || + sb_nr == SB_NR_RENAMEAT || + sb_nr == SB_NR_RENAMEAT2 || + sb_nr == SB_NR_RMDIR || + sb_nr == SB_NR_SYMLINK || sb_nr == SB_NR_SYMLINKAT)) { /* These funcs sometimes operate on symlinks */ @@ -776,6 +778,8 @@ static int check_access(sbcontext_t *sbcontext, int sb_nr, const char *func, sb_nr == SB_NR_LCHOWN || sb_nr == SB_NR_LINK || sb_nr == SB_NR_LINKAT || + sb_nr == SB_NR_LREMOVEXATTR|| + sb_nr == SB_NR_LSETXATTR || sb_nr == SB_NR_LUTIMES || sb_nr == SB_NR_MKDIR || sb_nr == SB_NR_MKDIRAT || @@ -794,10 +798,12 @@ static int check_access(sbcontext_t *sbcontext, int sb_nr, const char *func, sb_nr == SB_NR_MKSTEMPS64 || sb_nr == SB_NR_OPEN_WR || sb_nr == SB_NR_REMOVE || + sb_nr == SB_NR_REMOVEXATTR || sb_nr == SB_NR_RENAME || sb_nr == SB_NR_RENAMEAT || sb_nr == SB_NR_RENAMEAT2 || sb_nr == SB_NR_RMDIR || + sb_nr == SB_NR_SETXATTR || sb_nr == SB_NR_SYMLINK || sb_nr == SB_NR_SYMLINKAT || sb_nr == SB_NR_TRUNCATE || diff --git a/libsandbox/symbols.h.in b/libsandbox/symbols.h.in index 954d5ae..0fe6eca 100644 --- a/libsandbox/symbols.h.in +++ b/libsandbox/symbols.h.in @@ -69,6 +69,10 @@ execvpe fexecve system popen +removexattr +lremovexattr +setxattr +lsetxattr utime utimes utimensat diff --git a/libsandbox/wrapper-funcs/lremovexattr.c b/libsandbox/wrapper-funcs/lremovexattr.c new file mode 100644 index 0000000..bfcb931 --- /dev/null +++ b/libsandbox/wrapper-funcs/lremovexattr.c @@ -0,0 +1,11 @@ +/* + * lremovexattr() wrapper. + * + * Copyright 1999-2021 Gentoo Foundation + * Licensed under the GPL-2 + */ + +#define WRAPPER_ARGS_PROTO const char *path, const char *name +#define WRAPPER_ARGS path, name +#define WRAPPER_SAFE() SB_SAFE(path) +#include "__wrapper_simple.c" diff --git a/libsandbox/wrapper-funcs/lsetxattr.c b/libsandbox/wrapper-funcs/lsetxattr.c new file mode 100644 index 0000000..2369e51 --- /dev/null +++ b/libsandbox/wrapper-funcs/lsetxattr.c @@ -0,0 +1,11 @@ +/* + * setxattr() wrapper. + * + * Copyright 1999-2021 Gentoo Foundation + * Licensed under the GPL-2 + */ + +#define WRAPPER_ARGS_PROTO const char *path, const char *name, const void *value, size_t size, int flags +#define WRAPPER_ARGS path, name, value, size, flags +#define WRAPPER_SAFE() SB_SAFE(path) +#include "__wrapper_simple.c" diff --git a/libsandbox/wrapper-funcs/removexattr.c b/libsandbox/wrapper-funcs/removexattr.c new file mode 100644 index 0000000..4e33fe6 --- /dev/null +++ b/libsandbox/wrapper-funcs/removexattr.c @@ -0,0 +1,11 @@ +/* + * removexattr() wrapper. + * + * Copyright 1999-2021 Gentoo Foundation + * Licensed under the GPL-2 + */ + +#define WRAPPER_ARGS_PROTO const char *path, const char *name +#define WRAPPER_ARGS path, name +#define WRAPPER_SAFE() SB_SAFE(path) +#include "__wrapper_simple.c" diff --git a/libsandbox/wrapper-funcs/setxattr.c b/libsandbox/wrapper-funcs/setxattr.c new file mode 100644 index 0000000..2369e51 --- /dev/null +++ b/libsandbox/wrapper-funcs/setxattr.c @@ -0,0 +1,11 @@ +/* + * setxattr() wrapper. + * + * Copyright 1999-2021 Gentoo Foundation + * Licensed under the GPL-2 + */ + +#define WRAPPER_ARGS_PROTO const char *path, const char *name, const void *value, size_t size, int flags +#define WRAPPER_ARGS path, name, value, size, flags +#define WRAPPER_SAFE() SB_SAFE(path) +#include "__wrapper_simple.c" diff --git a/tests/Makefile.am b/tests/Makefile.am index e47c996..846a8f6 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -30,6 +30,8 @@ check_PROGRAMS = \ link-0 \ linkat-0 \ linkat_static-0 \ + lremovexattr-0 \ + lsetxattr-0 \ lutimes-0 \ mkdtemp-0 \ mkdir-0 \ @@ -55,10 +57,12 @@ check_PROGRAMS = \ openat64-0 \ opendir-0 \ remove-0 \ + removexattr-0 \ rename-0 \ renameat-0 \ renameat2-0 \ rmdir-0 \ + setxattr-0 \ signal_static-0 \ symlink-0 \ symlinkat-0 \ diff --git a/tests/lremovexattr-0.c b/tests/lremovexattr-0.c new file mode 100644 index 0000000..4abdfff --- /dev/null +++ b/tests/lremovexattr-0.c @@ -0,0 +1,15 @@ +#define FUNC removexattr +#define SFUNC "removexattr" +#define FUNC_STR "\"%s\", \"%s\"" +#define FUNC_IMP path, name +#define ARG_CNT 2 +#define ARG_USE "<path> <name>" + +#define process_args() \ + s = argv[i++]; \ + char *path = s; \ + \ + s = argv[i++]; \ + char *name = s; + +#include "test-skel-0.c" diff --git a/tests/lsetxattr-0.c b/tests/lsetxattr-0.c new file mode 100644 index 0000000..b1ed475 --- /dev/null +++ b/tests/lsetxattr-0.c @@ -0,0 +1,24 @@ +#define FUNC lsetxattr +#define SFUNC "lsetxattr" +#define FUNC_STR "\"%s\", \"%s\", \"%s\", %zu, %i" +#define FUNC_IMP path, name, value, size, flags +#define ARG_CNT 5 +#define ARG_USE "<path> <name> <value> <size> <flags>" + +#define process_args() \ + s = argv[i++]; \ + char *path = s; \ + \ + s = argv[i++]; \ + char *name = s; \ + \ + s = argv[i++]; \ + char *value = s; \ + \ + s = argv[i++]; \ + size_t size = atoi(s); \ + \ + s = argv[i++]; \ + int flags = atoi(s); + +#include "test-skel-0.c" diff --git a/tests/removexattr-0.c b/tests/removexattr-0.c new file mode 100644 index 0000000..4abdfff --- /dev/null +++ b/tests/removexattr-0.c @@ -0,0 +1,15 @@ +#define FUNC removexattr +#define SFUNC "removexattr" +#define FUNC_STR "\"%s\", \"%s\"" +#define FUNC_IMP path, name +#define ARG_CNT 2 +#define ARG_USE "<path> <name>" + +#define process_args() \ + s = argv[i++]; \ + char *path = s; \ + \ + s = argv[i++]; \ + char *name = s; + +#include "test-skel-0.c" diff --git a/tests/removexattr-1.sh b/tests/removexattr-1.sh new file mode 100755 index 0000000..327f4dd --- /dev/null +++ b/tests/removexattr-1.sh @@ -0,0 +1,13 @@ +#!/bin/sh +# Make sure we catch removexattr. +[ "${at_xfail}" = "yes" ] && exit 77 # see trace-0 +xattr-0 ; ret=$? ; [ ${ret} -eq 0 ] || exit ${ret} + +# Set it to something to make sure it works. +touch f +setxattr-0 0 f user.sandbox test 4 0 || exit 1 + +# Try to remove it and get rejected. +adddeny "${PWD}" +removexattr-0 0 f user.sandbox +test -e sandbox.log diff --git a/tests/removexattr.at b/tests/removexattr.at new file mode 100644 index 0000000..081d7d2 --- /dev/null +++ b/tests/removexattr.at @@ -0,0 +1 @@ +SB_CHECK(1) diff --git a/tests/setxattr-0.c b/tests/setxattr-0.c new file mode 100644 index 0000000..2717b85 --- /dev/null +++ b/tests/setxattr-0.c @@ -0,0 +1,24 @@ +#define FUNC setxattr +#define SFUNC "setxattr" +#define FUNC_STR "\"%s\", \"%s\", \"%s\", %zu, %i" +#define FUNC_IMP path, name, value, size, flags +#define ARG_CNT 5 +#define ARG_USE "<path> <name> <value> <size> <flags>" + +#define process_args() \ + s = argv[i++]; \ + char *path = s; \ + \ + s = argv[i++]; \ + char *name = s; \ + \ + s = argv[i++]; \ + char *value = s; \ + \ + s = argv[i++]; \ + size_t size = atoi(s); \ + \ + s = argv[i++]; \ + int flags = atoi(s); + +#include "test-skel-0.c" diff --git a/tests/setxattr-1.sh b/tests/setxattr-1.sh new file mode 100755 index 0000000..6bbe1df --- /dev/null +++ b/tests/setxattr-1.sh @@ -0,0 +1,13 @@ +#!/bin/sh +# Make sure we catch setxattr. +[ "${at_xfail}" = "yes" ] && exit 77 # see trace-0 +xattr-0 ; ret=$? ; [ ${ret} -eq 0 ] || exit ${ret} + +# Set it to something to make sure it works. +touch f +setxattr-0 0 f user.sandbox test 4 0 || exit 1 + +# Try to set it again and get rejected. +adddeny "${PWD}" +setxattr-0 0 f user.sandbox test 4 0 +test -e sandbox.log diff --git a/tests/setxattr.at b/tests/setxattr.at new file mode 100644 index 0000000..081d7d2 --- /dev/null +++ b/tests/setxattr.at @@ -0,0 +1 @@ +SB_CHECK(1) diff --git a/tests/tests.h b/tests/tests.h index 22733ca..610388d 100644 --- a/tests/tests.h +++ b/tests/tests.h @@ -73,6 +73,7 @@ const value_pair tbl_errno[] = { PAIR(EMLINK) PAIR(ENAMETOOLONG) PAIR(ENOBUFS) + PAIR(ENODATA) PAIR(ENODEV) PAIR(ENOENT) PAIR(ENOEXEC)
