[gentoo-commits] proj/sandbox:stable-2.x commit in: libsandbox/
commit: 83b7d3141d66f2b5a2613b677e4673a51a3e9654
Author: Sv. Lockal gmail com>
AuthorDate: Sat Jan 27 10:44:55 2024 +
Commit: Mike Gilbert gentoo org>
CommitDate: Sat Jan 27 18:05:22 2024 +
URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=83b7d314
Fix SIGSEGV in gtest death tests due to small stack
In
https://github.com/google/googletest/blob/v1.14.0/googletest/src/gtest-death-test.cc#L1307
on x86-64 gtest sallocates 8192 bytes for `clone`:
```
static pid_t ExecDeathTestSpawnChild(char* const* argv, int close_fd) {
const auto stack_size = static_cast(getpagesize() * 2);
...
child_pid = clone(, stack_top, SIGCHLD, );
```
After that attempt to call execv is intercepted by libsandbox.so, which
allocates 8192 + more bytes multiple times on stack, causing SIGSEGV
(instead of expected types of crashes).
This PR moves all allocations for related function to heap, so now
call path fits `getpagesize() * 2` with large margin.
Bug: https://bugs.gentoo.org/923013
Closes: https://github.com/gentoo/sandbox/pull/26
Signed-off-by: Sv. Lockal gmail.com>
Signed-off-by: Mike Gilbert gentoo.org>
(cherry picked from commit 1f7d3654498e17e0a91c83f57e6265e08628d5fe)
libsandbox/libsandbox.c | 34 +-
1 file changed, 29 insertions(+), 5 deletions(-)
diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c
index 6a7368c..e0928bb 100644
--- a/libsandbox/libsandbox.c
+++ b/libsandbox/libsandbox.c
@@ -132,7 +132,8 @@ int resolve_dirfd_path(int dirfd, const char *path, char
*resolved_path,
save_errno();
- char fd_path[SB_PATH_MAX];
+ char *fd_path = xmalloc(SB_PATH_MAX * sizeof(char));
+
size_t at_len = resolved_path_len - 1 - 1 - (path ? strlen(path) : 0);
if (trace_pid) {
sprintf(fd_path, "/proc/%i/fd/%i", trace_pid, dirfd);
@@ -148,12 +149,14 @@ int resolve_dirfd_path(int dirfd, const char *path, char
*resolved_path,
/* see comments at end of check_syscall() */
if (errno_is_too_long()) {
restore_errno();
+ free(fd_path);
return 2;
}
sb_debug_dyn("AT_FD LOOKUP fail: %s: %s\n", fd_path,
strerror(errno));
/* If the fd isn't found, some guys (glibc) expect errno */
if (errno == ENOENT)
errno = EBADF;
+ free(fd_path);
return -1;
}
resolved_path[ret] = '/';
@@ -162,6 +165,7 @@ int resolve_dirfd_path(int dirfd, const char *path, char
*resolved_path,
strcat(resolved_path, path);
restore_errno();
+ free(fd_path);
return 0;
}
@@ -286,7 +290,7 @@ static char *resolve_path(const char *path, int follow_link)
}
if (!ret) {
- char tmp_str1[SB_PATH_MAX];
+ char *tmp_str1 = xmalloc(SB_PATH_MAX * sizeof(char));
snprintf(tmp_str1, SB_PATH_MAX, "%s", path);
dname = dirname(tmp_str1);
@@ -304,7 +308,7 @@ static char *resolve_path(const char *path, int follow_link)
filtered_path = NULL;
}
} else {
- char tmp_str2[SB_PATH_MAX];
+ char *tmp_str2 = xmalloc(SB_PATH_MAX *
sizeof(char));
/* OK, now add the basename to keep our access
* checking happy (don't want '/usr/lib' if we
* tried to do something with non-existing
@@ -316,7 +320,10 @@ static char *resolve_path(const char *path, int
follow_link)
snprintf(filtered_path + len, SB_PATH_MAX -
len, "%s%s",
(filtered_path[len - 1] != '/') ? "/" :
"",
bname);
+ free(tmp_str2);
}
+
+ free(tmp_str1);
}
}
@@ -1034,10 +1041,24 @@ bool is_sandbox_on(void)
return result;
}
+static int resolve_dirfd_path_alloc(int dirfd, const char *path, char
**resolved_path)
+{
+ size_t resolved_path_size = SB_PATH_MAX * sizeof(char);
+ *resolved_path = xmalloc(resolved_path_size);
+ int result = resolve_dirfd_path(dirfd, path, *resolved_path,
resolved_path_size);
+
+ if (result) {
+ free(*resolved_path);
+ *resolved_path = NULL;
+ }
+
+ return result;
+}
+
bool before_syscall(int dirfd, int sb_nr, const char *func, const char *file,
int flags)
{
int result;
- char at_file_buf[SB_PATH_MAX];
+ char *at_file_buf;
/* Some funcs operate on a fd directly and so filename is NULL, but
* the rest should
[gentoo-commits] proj/sandbox:stable-2.x commit in: libsandbox/
commit: f7d02c04b2a8e395f478bda03306fb68fb44ba4c
Author: Mike Gilbert gentoo org>
AuthorDate: Mon Jan 8 19:59:35 2024 +
Commit: Mike Gilbert gentoo org>
CommitDate: Mon Jan 22 21:41:13 2024 +
URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=f7d02c04
libsandbox: stat the original path for EEXIST hackaround
Resolves an issue that can occur with paths that contain parent
directory references (/../).
If part of the path does not exist, the sandboxed program should get ENOENT,
not EEXIST. If we use the canonicalized path, intermediate paths will be
eliminated and we produce the wrong result.
Bug: https://bugs.gentoo.org/921581
Signed-off-by: Mike Gilbert gentoo.org>
(cherry picked from commit ef9208bea4e0f0dff5abf358002565f36e4d7a8d)
libsandbox/pre_check_mkdirat.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libsandbox/pre_check_mkdirat.c b/libsandbox/pre_check_mkdirat.c
index b1e86cf..49c382a 100644
--- a/libsandbox/pre_check_mkdirat.c
+++ b/libsandbox/pre_check_mkdirat.c
@@ -37,7 +37,7 @@ bool sb_mkdirat_pre_check(const char *func, const char
*pathname, int dirfd)
* will trigger a sandbox violation.
*/
struct stat64 st;
- if (0 == lstat64(canonic, )) {
+ if (0 == lstat64(pathname, )) {
int new_errno;
sb_debug_dyn("EARLY FAIL: %s(%s[%s]) @ lstat: %s\n",
func, pathname, canonic, strerror(errno));
[gentoo-commits] proj/sandbox:stable-2.x commit in: /
commit: ebaca399acb215cf4dd8a06a74a6d436047b3711 Author: Mike Gilbert gentoo org> AuthorDate: Sun Aug 6 00:41:15 2023 + Commit: Mike Gilbert gentoo org> CommitDate: Sun Aug 6 00:41:15 2023 + URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=ebaca399 v2.38 Signed-off-by: Mike Gilbert gentoo.org> configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index ba878ef..7d32dd7 100644 --- a/configure.ac +++ b/configure.ac @@ -1,5 +1,5 @@ AC_PREREQ([2.69]) -AC_INIT([sandbox], [2.37], [sand...@gentoo.org]) +AC_INIT([sandbox], [2.38], [sand...@gentoo.org]) AM_INIT_AUTOMAKE([1.15 dist-xz foreign no-dist-gzip silent-rules subdir-objects -Wall]) AM_SILENT_RULES([yes]) # AM_INIT_AUTOMAKE([silent-rules]) is broken atm AC_CONFIG_HEADER([config.h])
[gentoo-commits] proj/sandbox:stable-2.x commit in: libsandbox/
commit: 0d063e31d575fb0a94b56219cafb0a198215b7aa
Author: Mike Gilbert gentoo org>
AuthorDate: Sat Aug 5 19:11:58 2023 +
Commit: Mike Gilbert gentoo org>
CommitDate: Sun Aug 6 00:39:52 2023 +
URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=0d063e31
erealpath: drop unused path_max variable
The SB_PATH_MAX macro is always defined, so this variable was pointless.
Signed-off-by: Mike Gilbert gentoo.org>
(cherry picked from commit 128d5b32b301a552299feff7cc64e5f8f7c4fee7)
libsandbox/canonicalize.c | 26 +-
1 file changed, 9 insertions(+), 17 deletions(-)
diff --git a/libsandbox/canonicalize.c b/libsandbox/canonicalize.c
index f742ed4..f282bdd 100644
--- a/libsandbox/canonicalize.c
+++ b/libsandbox/canonicalize.c
@@ -49,7 +49,6 @@ erealpath(const char *name, char *resolved)
{
char *rpath, *dest, *recover;
const char *start, *end, *rpath_limit;
- long int path_max;
if (name == NULL) {
/* As per Single Unix Specification V2 we must return an error
if
@@ -66,16 +65,9 @@ erealpath(const char *name, char *resolved)
__set_errno(ENOENT);
return NULL;
}
-#ifdef SB_PATH_MAX
- path_max = SB_PATH_MAX;
-#else
- path_max = pathconf(name, _PC_PATH_MAX);
- if (path_max <= 0)
- path_max = 1024;
-#endif
if (resolved == NULL) {
- rpath = xmalloc(path_max);
+ rpath = xmalloc(SB_PATH_MAX);
} else {
/* We can't handle resolving a buffer inline, so demand
* separate read and write strings.
@@ -83,11 +75,11 @@ erealpath(const char *name, char *resolved)
sb_assert(name != resolved);
rpath = resolved;
}
- rpath_limit = rpath + path_max;
+ rpath_limit = rpath + SB_PATH_MAX;
recover = NULL;
if (name[0] != '/') {
- if (!egetcwd(rpath, path_max)) {
+ if (!egetcwd(rpath, SB_PATH_MAX)) {
rpath[0] = '\0';
goto error;
}
@@ -110,16 +102,16 @@ erealpath(const char *name, char *resolved)
if (lstat64(rpath, ))
break;
if (S_ISLNK(st.st_mode)) {
- ssize_t cnt = readlink(rpath, rpath,
path_max);
+ ssize_t cnt = readlink(rpath, rpath,
SB_PATH_MAX);
if (cnt == -1)
break;
rpath[cnt] = '\0';
if (p) {
size_t bytes_left = strlen(p);
- if (bytes_left >= path_max)
+ if (bytes_left >= SB_PATH_MAX)
break;
strncat(rpath, name + (p -
rpath + 1),
- path_max - bytes_left -
1);
+ SB_PATH_MAX -
bytes_left - 1);
}
/* Ok, we have a chance at something
better. If
@@ -187,10 +179,10 @@ erealpath(const char *name, char *resolved)
goto error;
}
new_size = rpath_limit - rpath;
- if (end - start + 1 > path_max)
+ if (end - start + 1 > SB_PATH_MAX)
new_size += end - start + 1;
else
- new_size += path_max;
+ new_size += SB_PATH_MAX;
new_rpath = (char *) xrealloc(rpath, new_size);
rpath = new_rpath;
rpath_limit = rpath + new_size;
@@ -213,7 +205,7 @@ erealpath(const char *name, char *resolved)
error:
if (resolved)
- snprintf(resolved, path_max, "%s", rpath);
+ snprintf(resolved, SB_PATH_MAX, "%s", rpath);
else
free(rpath);
free(recover);
[gentoo-commits] proj/sandbox:stable-2.x commit in: src/
commit: 3ad50e42b3a55bfa2713f0bbdc496b7c78fd8038
Author: gto2023 mailbox org>
AuthorDate: Thu Jul 13 11:55:09 2023 +
Commit: Mike Gilbert gentoo org>
CommitDate: Sun Aug 6 00:39:52 2023 +
URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=3ad50e42
sandbox: prevent possible use of uninitialized members of sandbox_info struct
Signed-off-by: gto2023 mailbox.org>
Signed-off-by: Mike Gilbert gentoo.org>
(cherry picked from commit 5d13985d6ec4ceeced9b9b45f00bc19c69efbb8f)
src/sandbox.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/sandbox.c b/src/sandbox.c
index f4ffd20..9c3e0da 100644
--- a/src/sandbox.c
+++ b/src/sandbox.c
@@ -211,7 +211,7 @@ int main(int argc, char **argv)
{
int sandbox_log_presence = 0;
- struct sandbox_info_t sandbox_info;
+ struct sandbox_info_t sandbox_info = {};
char **sandbox_environ;
char **argv_bash = NULL;
[gentoo-commits] proj/sandbox:stable-2.x commit in: libsandbox/
commit: c2f63554e729401f8ef44dbf3eb67ecc12ece58c
Author: Mike Gilbert gentoo org>
AuthorDate: Sat Aug 5 19:14:09 2023 +
Commit: Mike Gilbert gentoo org>
CommitDate: Sun Aug 6 00:39:52 2023 +
URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=c2f63554
erealpath: leave space for a trailing '\0' in readlink's buffer
Signed-off-by: Mike Gilbert gentoo.org>
(cherry picked from commit 1c9a17d40de6dd3ea5b7aacaa76878357350881b)
libsandbox/canonicalize.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libsandbox/canonicalize.c b/libsandbox/canonicalize.c
index f282bdd..6c9a2d6 100644
--- a/libsandbox/canonicalize.c
+++ b/libsandbox/canonicalize.c
@@ -102,7 +102,7 @@ erealpath(const char *name, char *resolved)
if (lstat64(rpath, ))
break;
if (S_ISLNK(st.st_mode)) {
- ssize_t cnt = readlink(rpath, rpath,
SB_PATH_MAX);
+ ssize_t cnt = readlink(rpath, rpath,
SB_PATH_MAX - 1);
if (cnt == -1)
break;
rpath[cnt] = '\0';
[gentoo-commits] proj/sandbox:stable-2.x commit in: libsandbox/
commit: e4f9687b0517a691a82693c3bd772516fee01762
Author: Mike Gilbert gentoo org>
AuthorDate: Sat Aug 5 19:18:53 2023 +
Commit: Mike Gilbert gentoo org>
CommitDate: Sun Aug 6 00:39:53 2023 +
URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=e4f9687b
erealpath: use separate buffer for readlink
Fixes a compiler warning:
```
warning: passing argument 2 to 'restrict'-qualified parameter aliases with
argument 1 [-Wrestrict]
```
Signed-off-by: Mike Gilbert gentoo.org>
(cherry picked from commit 8c3bc21729c3ad13295b586cd185b2b5da686731)
libsandbox/canonicalize.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/libsandbox/canonicalize.c b/libsandbox/canonicalize.c
index 6c9a2d6..f8d32f0 100644
--- a/libsandbox/canonicalize.c
+++ b/libsandbox/canonicalize.c
@@ -102,10 +102,12 @@ erealpath(const char *name, char *resolved)
if (lstat64(rpath, ))
break;
if (S_ISLNK(st.st_mode)) {
- ssize_t cnt = readlink(rpath, rpath,
SB_PATH_MAX - 1);
+ char buffer[SB_PATH_MAX];
+ ssize_t cnt = readlink(rpath, buffer,
SB_PATH_MAX - 1);
if (cnt == -1)
break;
- rpath[cnt] = '\0';
+ buffer[cnt] = '\0';
+ strcpy(rpath, buffer);
if (p) {
size_t bytes_left = strlen(p);
if (bytes_left >= SB_PATH_MAX)
[gentoo-commits] proj/sandbox:stable-2.x commit in: libsandbox/
commit: ae2cb037f024a2bd417c6a241d907390876ecc8a
Author: Mike Gilbert gentoo org>
AuthorDate: Sat Aug 5 19:39:21 2023 +
Commit: Mike Gilbert gentoo org>
CommitDate: Sun Aug 6 00:39:53 2023 +
URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=ae2cb037
resolve_dirfd_path: use separate buffer for readlink
Fixes a compile warning:
```
warning: passing argument 2 to 'restrict'-qualified parameter aliases with
argument 1 [-Wrestrict]
```
Signed-off-by: Mike Gilbert gentoo.org>
(cherry picked from commit 4b27824ee27013c672f75bce2066c950a71280d2)
libsandbox/libsandbox.c | 9 +
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c
index 4edcf60..6a7368c 100644
--- a/libsandbox/libsandbox.c
+++ b/libsandbox/libsandbox.c
@@ -132,24 +132,25 @@ int resolve_dirfd_path(int dirfd, const char *path, char
*resolved_path,
save_errno();
+ char fd_path[SB_PATH_MAX];
size_t at_len = resolved_path_len - 1 - 1 - (path ? strlen(path) : 0);
if (trace_pid) {
- sprintf(resolved_path, "/proc/%i/fd/%i", trace_pid, dirfd);
+ sprintf(fd_path, "/proc/%i/fd/%i", trace_pid, dirfd);
} else {
/* If /proc was mounted by a process in a different pid
namespace,
* getpid cannot be used to create a valid /proc/ path.
Instead
* use sb_get_fd_dir() which works in any case.
*/
- sprintf(resolved_path, "%s/%i", sb_get_fd_dir(), dirfd);
+ sprintf(fd_path, "%s/%i", sb_get_fd_dir(), dirfd);
}
- ssize_t ret = readlink(resolved_path, resolved_path, at_len);
+ ssize_t ret = readlink(fd_path, resolved_path, at_len);
if (ret == -1) {
/* see comments at end of check_syscall() */
if (errno_is_too_long()) {
restore_errno();
return 2;
}
- sb_debug_dyn("AT_FD LOOKUP fail: %s: %s\n", resolved_path,
strerror(errno));
+ sb_debug_dyn("AT_FD LOOKUP fail: %s: %s\n", fd_path,
strerror(errno));
/* If the fd isn't found, some guys (glibc) expect errno */
if (errno == ENOENT)
errno = EBADF;
[gentoo-commits] proj/sandbox:stable-2.x commit in: src/
commit: b0b2afb1941f540126aa510d47636cd8d2cf9ad8 Author: gto2023 mailbox org> AuthorDate: Thu Jul 13 11:59:24 2023 + Commit: Mike Gilbert gentoo org> CommitDate: Sun Aug 6 00:39:52 2023 + URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=b0b2afb1 sandbox: do not compare array to NULL Fixes a compiler warning: ``` src/environ.c:211:19: warning: the comparison will always evaluate as ‘true’ for the address of ‘work_dir’ will never be NULL [-Waddress] ``` Bug: https://bugs.gentoo.org/906234 Signed-off-by: gto2023 mailbox.org> Signed-off-by: Mike Gilbert gentoo.org> (cherry picked from commit 7f230519475c2aaea91df75b0165d8b6c03b9fa9) src/environ.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/environ.c b/src/environ.c index 542dd64..2b28c0b 100644 --- a/src/environ.c +++ b/src/environ.c @@ -208,7 +208,7 @@ static int setup_cfg_vars(struct sandbox_info_t *sandbox_info) if (-1 == setup_access_var(ENV_SANDBOX_WRITE)) return -1; if ((NULL == getenv(ENV_SANDBOX_WRITE)) && - (NULL != sandbox_info->work_dir)) + strlen(sandbox_info->work_dir)) setenv(ENV_SANDBOX_WRITE, sandbox_info->work_dir, 1); if (-1 == setup_access_var(ENV_SANDBOX_PREDICT))
[gentoo-commits] proj/sandbox:stable-2.x commit in: libsandbox/trace/, libsandbox/, libsandbox/trace/linux/, /, src/
commit: 9a5171e20f695cb18f7c860ba443d0839df6d4a3
Author: Sam James gentoo org>
AuthorDate: Fri Jul 21 14:57:05 2023 +
Commit: Sam James gentoo org>
CommitDate: Sat Aug 5 04:32:37 2023 +
URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=9a5171e2
Rename multiple personalities feature
"schizo" isn't a particularly sensitive term, and it's not very clear what it
means to non-native English speakers anyway. Name it after what the feature
really does: multiple (Linux) personality support using ptrace.
Signed-off-by: Sam James gentoo.org>
(cherry picked from commit f342efa52fb54c55f009b694af1899e431300629)
configure.ac| 50 -
libsandbox/local.mk | 8 +++
libsandbox/trace/common.c | 2 +-
libsandbox/trace/linux/i386.c | 2 +-
libsandbox/trace/linux/s390.c | 6 ++---
libsandbox/trace/linux/sparc.c | 6 ++---
libsandbox/trace/linux/x86_64.c | 8 +++
src/options.c | 6 ++---
8 files changed, 44 insertions(+), 44 deletions(-)
diff --git a/configure.ac b/configure.ac
index de0dc2b..8eb60a4 100644
--- a/configure.ac
+++ b/configure.ac
@@ -47,12 +47,12 @@ AC_PREFIX_DEFAULT([/usr])
dnl multiple personality support (x86 & x86_64: multilib)
AC_MSG_CHECKING([for multiple personalities])
-AC_ARG_ENABLE([schizo],
- [AS_HELP_STRING([--enable-schizo],[Support multiple personalities])],
- [],[enable_schizo="auto"])
-AC_MSG_RESULT([$enable_schizo])
-SB_SCHIZO_SETTINGS=
-AC_DEFUN([SB_CHECK_SCHIZO],[dnl
+AC_ARG_ENABLE([personalities],
+ [AS_HELP_STRING([--enable-personalities],[Support multiple Linux
personalities using ptrace])],
+ [],[enable_personalities="auto"])
+AC_MSG_RESULT([$enable_personalities])
+SB_PERSONALITIES_SETTINGS=
+AC_DEFUN([SB_CHECK_PERSONALITIES],[dnl
AC_MSG_CHECKING([checking for $1/$2 compiler support])
ac_save_CFLAGS=$CFLAGS
CFLAGS="$CFLAGS $2"
@@ -61,42 +61,42 @@ AC_DEFUN([SB_CHECK_SCHIZO],[dnl
], [
return 0
], [
- enable_schizo=yes
- AS_VAR_APPEND([SB_SCHIZO_SETTINGS], " $1:$2")
- AS_VAR_APPEND([SB_SCHIZO_HEADERS], "
libsandbox/trace_syscalls_$1.h")
+ enable_personalities=yes
+ AS_VAR_APPEND([SB_PERSONALITIES_SETTINGS], " $1:$2")
+ AS_VAR_APPEND([SB_PERSONALITIES_HEADERS], "
libsandbox/trace_syscalls_$1.h")
AC_MSG_RESULT([yes])
- AC_DEFINE_UNQUOTED([SB_SCHIZO_$1], 1, [Support for
$1/$2 is available])
+ AC_DEFINE_UNQUOTED([SB_PERSONALITIES_$1], 1, [Support
for $1/$2 is available])
], [
AC_MSG_RESULT([no])
])
CFLAGS=$ac_save_CFLAGS
])
-if test "x$enable_schizo" != "xno" ; then
- enable_schizo=no
+if test "x$enable_personalities" != "xno" ; then
+ enable_personalities=no
case $host in
i686*linux*|\
x86_64*linux*)
- SB_CHECK_SCHIZO([x86_64], [-m64])
- SB_CHECK_SCHIZO([x86], [-m32])
- SB_CHECK_SCHIZO([x32], [-mx32])
+ SB_CHECK_PERSONALITIES([x86_64], [-m64])
+ SB_CHECK_PERSONALITIES([x86], [-m32])
+ SB_CHECK_PERSONALITIES([x32], [-mx32])
;;
s390*linux*)
- SB_CHECK_SCHIZO([s390x], [-m64])
- SB_CHECK_SCHIZO([s390], [-m31])
+ SB_CHECK_PERSONALITIES([s390x], [-m64])
+ SB_CHECK_PERSONALITIES([s390], [-m31])
;;
sparc*linux*)
- SB_CHECK_SCHIZO([sparc64], [-m64])
- SB_CHECK_SCHIZO([sparc], [-m32])
+ SB_CHECK_PERSONALITIES([sparc64], [-m64])
+ SB_CHECK_PERSONALITIES([sparc], [-m32])
;;
esac
- SB_SCHIZO_SETTINGS=${SB_SCHIZO_SETTINGS# }
- if test "x$enable_schizo" != "xno" ; then
- AC_DEFINE_UNQUOTED([SB_SCHIZO], ["$SB_SCHIZO_SETTINGS"],
[Enable multiple personalities support])
+ SB_PERSONALITIES_SETTINGS=${SB_PERSONALITIES_SETTINGS# }
+ if test "x$enable_personalities" != "xno" ; then
+ AC_DEFINE_UNQUOTED([SB_PERSONALITIES],
["$SB_PERSONALITIES_SETTINGS"], [Enable multiple personalities support])
fi
fi
-AC_SUBST(SB_SCHIZO_SETTINGS)
-AC_SUBST(SB_SCHIZO_HEADERS)
-AM_CONDITIONAL([SB_SCHIZO], [test "x$enable_schizo" != "xno"])
+AC_SUBST(SB_PERSONALITIES_SETTINGS)
+AC_SUBST(SB_PERSONALITIES_HEADERS)
+AM_CONDITIONAL([SB_PERSONALITIES], [test "x$enable_personalities" != "xno"])
dnl this test fills up the stack and then triggers a segfault ...
dnl but it's hard to wrap things without a stack, so let's ignore
diff --git a/libsandbox/local.mk b/libsandbox/local.mk
index 50bc54d..dd78a76 100644
---
[gentoo-commits] proj/sandbox:stable-2.x commit in: /
commit: fa7aa29903a6dc57fdb5dd3b6b8c4c5a7ad7126f
Author: Sam James gentoo org>
AuthorDate: Fri Jul 21 15:05:56 2023 +
Commit: Sam James gentoo org>
CommitDate: Sat Aug 5 04:32:48 2023 +
URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=fa7aa299
configure.ac: fix whitespace
Signed-off-by: Sam James gentoo.org>
(cherry picked from commit 62ce93feaa51f9e3a490ef522e0bad91f666ebe1)
configure.ac | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/configure.ac b/configure.ac
index 847bc4c..ba878ef 100644
--- a/configure.ac
+++ b/configure.ac
@@ -343,7 +343,7 @@ if test x"$have_rtld_next" = xyes ; then
AC_DEFINE([HAVE_RTLD_NEXT], [1], [Have RTLD_NEXT enabled libc])
fi
-dnl we need to handle symbols differently based upon their version,
+dnl we need to handle symbols differently based upon their version,
dnl but we have to know which symbols the libc supports first
AC_MSG_CHECKING([libc path])
echo "int main(void) { return 0; }" > libctest.c
@@ -381,7 +381,7 @@ AC_DEFINE_UNQUOTED([LIBC_PATH], ["$LIBC_PATH"], [Full path
to the libc])
AC_MSG_RESULT([$LIBC_PATH])
AC_SUBST([LIBC_PATH])
-dnl when intercepting libc calls, we have to know the name of the
+dnl when intercepting libc calls, we have to know the name of the
dnl libc to load and search with dl*() calls
AC_MSG_CHECKING([libc version])
dnl the sed script at the end here looks funny but it's ok ...
[gentoo-commits] proj/sandbox:stable-2.x commit in: /
commit: 38507cc25cebe228d72cb75a2ab4acfaacf2a5fe Author: Sam James gentoo org> AuthorDate: Fri Jul 21 15:04:23 2023 + Commit: Sam James gentoo org> CommitDate: Sat Aug 5 04:32:44 2023 + URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=38507cc2 configure.ac: cleanup error messages Signed-off-by: Sam James gentoo.org> (cherry picked from commit 4f42e1984227012797030839b5e757a6da147141) configure.ac | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/configure.ac b/configure.ac index 8eb60a4..847bc4c 100644 --- a/configure.ac +++ b/configure.ac @@ -293,18 +293,18 @@ if test x"$va_copy" != xva_copy ; then ) fi -dnl Verify people aren't doing stupid shit +dnl Avoid footguns. if test x"$enable_static" != xno ; then - AC_MSG_ERROR([dont be a Kumba, building a libsandbox.a is stupid]) + AC_MSG_ERROR([Building a static libsandbox.a is not supported]) fi if test x"$enable_shared" != xyes ; then - AC_MSG_ERROR([dont be a Kumba, omitting a libsandbox.so is stupid]) + AC_MSG_ERROR([Omitting a libsandbox.so is not supported]) fi if echo " $CFLAGS " | $EGREP ' -static ' >/dev/null 2>&1; then - AC_MSG_ERROR([dont be a Kumba, using -static in CFLAGS is stupid]) + AC_MSG_ERROR([Using -static in CFLAGS is not supported]) fi if echo " $LDFLAGS " | $EGREP ' -static ' >/dev/null 2>&1; then - AC_MSG_ERROR([dont be a Kumba, using -static in LDFLAGS is stupid]) + AC_MSG_ERROR([Using -static in LDFLAGS is not supported]) fi dnl Some libc's like those on bsd have dlopen() in libc, and not libdl
[gentoo-commits] proj/sandbox:stable-2.x commit in: libsandbox/
commit: 143e5fd3b50fa7085c9c4eb66c103e3c6d1b64c7 Author: Mike Gilbert gentoo org> AuthorDate: Mon Jul 17 14:55:27 2023 + Commit: Mike Gilbert gentoo org> CommitDate: Fri Aug 4 00:26:27 2023 + URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=143e5fd3 libsandbox: skip checking access() without W_OK or R_OK mode If access/faccessat is called with F_OK or X_OK in the mode argument, there is no need to check the path. Bug: https://bugs.gentoo.org/910273 Signed-off-by: Mike Gilbert gentoo.org> (cherry picked from commit 8d6a4839ebd909903691e4a71d6a94b3809adc82) libsandbox/libsandbox.c | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c index e5f6d38..08b85ce 100644 --- a/libsandbox/libsandbox.c +++ b/libsandbox/libsandbox.c @@ -1095,8 +1095,11 @@ bool before_syscall_access(int dirfd, int sb_nr, const char *func, const char *f const char *ext_func; if (flags & W_OK) sb_nr = SB_NR_ACCESS_WR, ext_func = "access_wr"; - else + else if (flags & R_OK) sb_nr = SB_NR_ACCESS_RD, ext_func = "access_rd"; + else + /* Must be F_OK or X_OK; we do not need to check either. */ + return true; return before_syscall(dirfd, sb_nr, ext_func, file, flags); }
[gentoo-commits] proj/sandbox:stable-2.x commit in: libsbutil/, libsandbox/, src/
commit: 4d33585e8070f17c182888f3573e5ce3d1ff6a70
Author: Mike Gilbert gentoo org>
AuthorDate: Mon Jul 17 15:03:13 2023 +
Commit: Mike Gilbert gentoo org>
CommitDate: Fri Aug 4 00:26:30 2023 +
URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=4d33585e
libsbutil: add sbio_faccessat and use it in sb_exists
sbio_faccessat allows libsbutil to access the unwrapped version of
faccessat when called from libsandbox.
Using faccessat in place of fstatat seems to give a small boost in
performance.
Pass AT_EACCESS faccessat to enable a faster path if uid != euid.
Bug: https://bugs.gentoo.org/910273
Signed-off-by: Mike Gilbert gentoo.org>
(cherry picked from commit 0317bbe09fe23e4bd972ee254f14817def701731)
libsandbox/libsandbox.c | 1 +
libsandbox/wrappers.h | 2 ++
libsbutil/sb_exists.c | 10 ++
libsbutil/sbutil.h | 1 +
src/sandbox.c | 1 +
5 files changed, 15 insertions(+)
diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c
index 08b85ce..4edcf60 100644
--- a/libsandbox/libsandbox.c
+++ b/libsandbox/libsandbox.c
@@ -54,6 +54,7 @@ static char message_path[SB_PATH_MAX];
bool sandbox_on = true;
static bool sb_init = false;
static bool sb_env_init = false;
+int (*sbio_faccessat)(int, const char *, int, int) = sb_unwrapped_faccessat;
int (*sbio_open)(const char *, int, mode_t) = sb_unwrapped_open;
FILE *(*sbio_popen)(const char *, const char *) = sb_unwrapped_popen;
diff --git a/libsandbox/wrappers.h b/libsandbox/wrappers.h
index bf5bf64..3237397 100644
--- a/libsandbox/wrappers.h
+++ b/libsandbox/wrappers.h
@@ -15,6 +15,8 @@
*/
#definesb_unwrapped_access sb_unwrapped_access_DEFAULT
attribute_hidden int sb_unwrapped_access (const char *, int);
+#definesb_unwrapped_faccessat sb_unwrapped_faccessat_DEFAULT
+attribute_hidden int sb_unwrapped_faccessat (int, const char *, int, int);
#definesb_unwrapped_getcwd sb_unwrapped_getcwd_DEFAULT
attribute_hidden char *sb_unwrapped_getcwd (char *, size_t);
#definesb_unwrapped_open sb_unwrapped_open_DEFAULT
diff --git a/libsbutil/sb_exists.c b/libsbutil/sb_exists.c
index d34f0cc..c2171fe 100644
--- a/libsbutil/sb_exists.c
+++ b/libsbutil/sb_exists.c
@@ -10,5 +10,15 @@
int sb_exists(int dirfd, const char *pathname, int flags)
{
struct stat64 buf;
+
+ if (sbio_faccessat(dirfd, pathname, F_OK, flags|AT_EACCESS) == 0)
+ return 0;
+
+ /* musl's faccessat gives EINVAL when the kernel does not support
+* faccessat2 and AT_SYMLINK_NOFOLLOW is set.
+* https://www.openwall.com/lists/musl/2023/06/19/1 */
+ if (errno != EINVAL)
+ return -1;
+
return fstatat64(dirfd, pathname, , flags);
}
diff --git a/libsbutil/sbutil.h b/libsbutil/sbutil.h
index 981fe0d..ed335e2 100644
--- a/libsbutil/sbutil.h
+++ b/libsbutil/sbutil.h
@@ -98,6 +98,7 @@ extern const char sb_fd_dir[];
const char *sb_get_cmdline(pid_t pid);
/* libsandbox need to use a wrapper for open */
+attribute_hidden extern int (*sbio_faccessat)(int, const char *, int, int);
attribute_hidden extern int (*sbio_open)(const char *, int, mode_t);
attribute_hidden extern FILE *(*sbio_popen)(const char *, const char *);
extern const char *sbio_message_path;
diff --git a/src/sandbox.c b/src/sandbox.c
index ed0c7f6..f4ffd20 100644
--- a/src/sandbox.c
+++ b/src/sandbox.c
@@ -21,6 +21,7 @@
static int print_debug = 0;
#define dprintf(fmt, args...) do { if (print_debug) printf(fmt, ## args); }
while (0)
#define dputs(str) do { if (print_debug) puts(str); } while (0)
+int (*sbio_faccessat)(int, const char *, int, int) = faccessat;
int (*sbio_open)(const char *, int, mode_t) = (void *)open;
FILE *(*sbio_popen)(const char *, const char *) = popen;
[gentoo-commits] proj/sandbox:stable-2.x commit in: libsandbox/
commit: f3c48c3262edab7db3fc95d87ac1511a97ad930e
Author: Mike Gilbert gentoo org>
AuthorDate: Mon Jul 31 15:39:40 2023 +
Commit: Mike Gilbert gentoo org>
CommitDate: Tue Aug 1 14:15:12 2023 +
URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=f3c48c32
libsandbox: always permit access to '/memfd:'
For memfd objects, the kernel populates the target for symlinks under
/proc/$PID/fd as "/memfd:name". Said target does not actually exist.
It is unfortunate that the kernel includes the leading slash, but we
will just have to work around it.
Bug: https://bugs.gentoo.org/910561
Signed-off-by: Mike Gilbert gentoo.org>
(cherry picked from commit 27232d52fee4abecd5f709acc616fa1296e0464f)
libsandbox/libsandbox.c | 6 ++
1 file changed, 6 insertions(+)
diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c
index 847b4e2..e5f6d38 100644
--- a/libsandbox/libsandbox.c
+++ b/libsandbox/libsandbox.c
@@ -713,6 +713,12 @@ static int check_access(sbcontext_t *sbcontext, int sb_nr,
const char *func,
/* Fall in a read/write denied path, Deny Access */
goto out;
+ if (!strncmp(resolv_path, "/memfd:", strlen("/memfd:"))) {
+ /* Allow operations on memfd objects #910561 */
+ result = 1;
+ goto out;
+ }
+
if (!sym_func) {
retval = check_prefixes(sbcontext->deny_prefixes,
sbcontext->num_deny_prefixes, resolv_path);
[gentoo-commits] proj/sandbox:stable-2.x commit in: /
commit: 816bd9fc97f130df92e2c7e0cda5f472588a6d86 Author: Mike Gilbert gentoo org> AuthorDate: Mon Jul 17 13:55:53 2023 + Commit: Mike Gilbert gentoo org> CommitDate: Mon Jul 17 13:55:53 2023 + URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=816bd9fc v2.37 Signed-off-by: Mike Gilbert gentoo.org> configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 0a3c4fc..de0dc2b 100644 --- a/configure.ac +++ b/configure.ac @@ -1,5 +1,5 @@ AC_PREREQ([2.69]) -AC_INIT([sandbox], [2.36], [sand...@gentoo.org]) +AC_INIT([sandbox], [2.37], [sand...@gentoo.org]) AM_INIT_AUTOMAKE([1.15 dist-xz foreign no-dist-gzip silent-rules subdir-objects -Wall]) AM_SILENT_RULES([yes]) # AM_INIT_AUTOMAKE([silent-rules]) is broken atm AC_CONFIG_HEADER([config.h])
[gentoo-commits] proj/sandbox:stable-2.x commit in: libsbutil/
commit: 0cd40599d89e50c23f14970f6e4a31f0500a8b15
Author: Mike Gilbert gentoo org>
AuthorDate: Mon Jul 17 13:43:51 2023 +
Commit: Mike Gilbert gentoo org>
CommitDate: Mon Jul 17 13:55:25 2023 +
URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=0cd40599
sb_exists: drop use of faccessat
faccessat appears to perform quite poorly under certain conditions.
Go back to using fstatat until this can be debugged.
Bug: https://bugs.gentoo.org/910273
Signed-off-by: Mike Gilbert gentoo.org>
(cherry picked from commit 6a6a6a6c9680e5868544887a7ab4d141833abfb6)
libsbutil/sb_exists.c | 10 --
1 file changed, 10 deletions(-)
diff --git a/libsbutil/sb_exists.c b/libsbutil/sb_exists.c
index 9ec7730..d34f0cc 100644
--- a/libsbutil/sb_exists.c
+++ b/libsbutil/sb_exists.c
@@ -10,15 +10,5 @@
int sb_exists(int dirfd, const char *pathname, int flags)
{
struct stat64 buf;
-
- if (faccessat(dirfd, pathname, F_OK, flags) == 0)
- return 0;
-
- /* musl's faccessat gives EINVAL when the kernel does not support
-* faccessat2 and AT_SYMLINK_NOFOLLOW is set.
-* https://www.openwall.com/lists/musl/2023/06/19/1 */
- if (errno != EINVAL)
- return -1;
-
return fstatat64(dirfd, pathname, , flags);
}
[gentoo-commits] proj/sandbox:stable-2.x commit in: libsandbox/trace/linux/
commit: 1b3255175804af8743c9b264e4709cd6a3e8f353 Author: Mike Gilbert gentoo org> AuthorDate: Mon Jul 10 15:11:41 2023 + Commit: Mike Gilbert gentoo org> CommitDate: Mon Jul 10 15:52:35 2023 + URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=1b325517 libsandbox/trace: cast NT_ARM_SYSTEM_CALL to avoid warnings Bug: https://bugs.gentoo.org/910195 Signed-off-by: Mike Gilbert gentoo.org> (cherry picked from commit 12c24e7f990dec058563ca1ef954bfd8264f2f96) libsandbox/trace/linux/aarch64.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libsandbox/trace/linux/aarch64.c b/libsandbox/trace/linux/aarch64.c index 8f32912..82e829c 100644 --- a/libsandbox/trace/linux/aarch64.c +++ b/libsandbox/trace/linux/aarch64.c @@ -36,7 +36,7 @@ static int trace_get_sysnum(void *vregs) .iov_base = , .iov_len = sizeof(nr), }; - do_ptrace(PTRACE_GETREGSET, NT_ARM_SYSTEM_CALL, _nr); + do_ptrace(PTRACE_GETREGSET, (void *)(uintptr_t)NT_ARM_SYSTEM_CALL, _nr); return nr; } @@ -46,5 +46,5 @@ static void trace_set_sysnum(void *vregs, int nr) .iov_base = , .iov_len = sizeof(nr), }; - do_ptrace(PTRACE_SETREGSET, NT_ARM_SYSTEM_CALL, _nr); + do_ptrace(PTRACE_SETREGSET, (void *)(uintptr_t)NT_ARM_SYSTEM_CALL, _nr); }
[gentoo-commits] proj/sandbox:stable-2.x commit in: /
commit: 96838cf81d6fe0d6f8b68fb188844666387bdf57 Author: Mike Gilbert gentoo org> AuthorDate: Mon Jul 10 15:52:52 2023 + Commit: Mike Gilbert gentoo org> CommitDate: Mon Jul 10 15:52:52 2023 + URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=96838cf8 v2.36 Signed-off-by: Mike Gilbert gentoo.org> configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index c3e772f..0a3c4fc 100644 --- a/configure.ac +++ b/configure.ac @@ -1,5 +1,5 @@ AC_PREREQ([2.69]) -AC_INIT([sandbox], [2.35], [sand...@gentoo.org]) +AC_INIT([sandbox], [2.36], [sand...@gentoo.org]) AM_INIT_AUTOMAKE([1.15 dist-xz foreign no-dist-gzip silent-rules subdir-objects -Wall]) AM_SILENT_RULES([yes]) # AM_INIT_AUTOMAKE([silent-rules]) is broken atm AC_CONFIG_HEADER([config.h])
[gentoo-commits] proj/sandbox:stable-2.x commit in: /
commit: c642111b431f0822234dd2f2b4411832616ab0b0 Author: Mike Gilbert gentoo org> AuthorDate: Sat Jul 8 03:08:09 2023 + Commit: Mike Gilbert gentoo org> CommitDate: Sat Jul 8 03:08:09 2023 + URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=c642111b v2.35 Signed-off-by: Mike Gilbert gentoo.org> configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index d55ac79..c3e772f 100644 --- a/configure.ac +++ b/configure.ac @@ -1,5 +1,5 @@ AC_PREREQ([2.69]) -AC_INIT([sandbox], [2.34], [sand...@gentoo.org]) +AC_INIT([sandbox], [2.35], [sand...@gentoo.org]) AM_INIT_AUTOMAKE([1.15 dist-xz foreign no-dist-gzip silent-rules subdir-objects -Wall]) AM_SILENT_RULES([yes]) # AM_INIT_AUTOMAKE([silent-rules]) is broken atm AC_CONFIG_HEADER([config.h])
[gentoo-commits] proj/sandbox:stable-2.x commit in: libsandbox/trace/linux/
commit: 879cfbd1ec96b8690b70430b7d8b4b6ccd9ce7d8
Author: Mike Gilbert gentoo org>
AuthorDate: Sat Jul 8 02:50:02 2023 +
Commit: Mike Gilbert gentoo org>
CommitDate: Sat Jul 8 03:07:44 2023 +
URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=879cfbd1
libsandbox/trace: fix syscall cancellation on arm64
arm64 has a dedicated regset to manipulate the system call number.
See kernel commit 766a85d7bc5d7f1ddd6de28bdb844eae45ec63b0.
Bug: https://bugs.gentoo.org/909416
Signed-off-by: Mike Gilbert gentoo.org>
(cherry picked from commit f4c6bf434459d2d7b57c003e4eab81f2f8c21f51)
libsandbox/trace/linux/aarch64.c | 21 -
1 file changed, 20 insertions(+), 1 deletion(-)
diff --git a/libsandbox/trace/linux/aarch64.c b/libsandbox/trace/linux/aarch64.c
index d056259..8f32912 100644
--- a/libsandbox/trace/linux/aarch64.c
+++ b/libsandbox/trace/linux/aarch64.c
@@ -1,5 +1,4 @@
#define trace_reg_ret regs[0] /* x0 */
-#define trace_reg_sysnum regs[8] /* w0 */
#undef trace_get_regs
static long trace_get_regs(void *vregs)
@@ -29,3 +28,23 @@ static unsigned long trace_arg(void *vregs, int num)
else
return -1;
}
+
+static int trace_get_sysnum(void *vregs)
+{
+ int nr;
+ struct iovec iov_nr = {
+ .iov_base = ,
+ .iov_len = sizeof(nr),
+ };
+ do_ptrace(PTRACE_GETREGSET, NT_ARM_SYSTEM_CALL, _nr);
+ return nr;
+}
+
+static void trace_set_sysnum(void *vregs, int nr)
+{
+ struct iovec iov_nr = {
+ .iov_base = ,
+ .iov_len = sizeof(nr),
+ };
+ do_ptrace(PTRACE_SETREGSET, NT_ARM_SYSTEM_CALL, _nr);
+}
[gentoo-commits] proj/sandbox:stable-2.x commit in: /
commit: 3cbe56b72b0aad22b87fb1abdd8d3a902acf07b6 Author: Mike Gilbert gentoo org> AuthorDate: Sat Jul 1 23:53:43 2023 + Commit: Mike Gilbert gentoo org> CommitDate: Sat Jul 1 23:53:43 2023 + URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=3cbe56b7 v2.34 Signed-off-by: Mike Gilbert gentoo.org> configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 8cdca8b..d55ac79 100644 --- a/configure.ac +++ b/configure.ac @@ -1,5 +1,5 @@ AC_PREREQ([2.69]) -AC_INIT([sandbox], [2.33], [sand...@gentoo.org]) +AC_INIT([sandbox], [2.34], [sand...@gentoo.org]) AM_INIT_AUTOMAKE([1.15 dist-xz foreign no-dist-gzip silent-rules subdir-objects -Wall]) AM_SILENT_RULES([yes]) # AM_INIT_AUTOMAKE([silent-rules]) is broken atm AC_CONFIG_HEADER([config.h])
[gentoo-commits] proj/sandbox:stable-2.x commit in: tests/
commit: 378995f8efc182f42c4e553eacb081cd67bb2f2a
Author: Michael Orlitzky gentoo org>
AuthorDate: Sat Jul 1 20:52:34 2023 +
Commit: Mike Gilbert gentoo org>
CommitDate: Sat Jul 1 23:53:01 2023 +
URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=378995f8
tests: use explicit adddeny() calls in fchmod and fchown tests.
When running the test suite under portage, the entire build directory
will be writable because portage adds PORTAGE_TMPDIR to SANDBOX_WRITE
(thanks floppym). This breaks the tests for these two wrappers, since
they expect to fail when trying to write above $PWD.
To avoid that, we create a new file to call fchown/fchmod on, and then
explicitly deny access to it.
Closes: https://bugs.gentoo.org/909445
Signed-off-by: Michael Orlitzky gentoo.org>
Signed-off-by: Mike Gilbert gentoo.org>
(cherry picked from commit e5032c6b89621db0475e36fb06c2905b6a9c024c)
tests/fchmod-1.sh | 6 +-
tests/fchown-1.sh | 6 +-
2 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/tests/fchmod-1.sh b/tests/fchmod-1.sh
index db404ba..140d84f 100755
--- a/tests/fchmod-1.sh
+++ b/tests/fchmod-1.sh
@@ -4,11 +4,15 @@
#
addwrite $PWD
+rm -f deny || exit 1
+touch deny || exit 1
+adddeny $PWD/deny
# The sandbox doesn't log anything when it returns a junk file
# descriptor? It doesn't look like we can test the contents of
# sandbox.log here... instead, we just have to count on fchmod
# failing, which it does if you use O_RDWR, and it *should* if you use
# O_RDONLY (because that won't stop the change of permissions).
-fchmod-0 $(stat --format='%#04a' ../..) ../.. && exit 1
+fchmod-0 $(stat --format='%#04a' $PWD/deny) $PWD/deny && exit 1
+
exit 0
diff --git a/tests/fchown-1.sh b/tests/fchown-1.sh
index 1b4a173..6c1178e 100755
--- a/tests/fchown-1.sh
+++ b/tests/fchown-1.sh
@@ -4,11 +4,15 @@
#
addwrite $PWD
+rm -f deny || exit 1
+touch deny || exit 1
+adddeny $PWD/deny
# The sandbox doesn't log anything when it returns a junk file
# descriptor? It doesn't look like we can test the contents of
# sandbox.log here... instead, we just have to count on fchown
# failing, which it does if you use O_RDWR, and it *should* if you use
# O_RDONLY (because that won't stop the change of ownership).
-fchown-0 ${SB_UID} ${SB_GID} ../.. && exit 1
+fchown-0 ${SB_UID} ${SB_GID} $PWD/deny && exit 1
+
exit 0
[gentoo-commits] proj/sandbox:stable-2.x commit in: /
commit: 4d23fef44f592455b59793199afe96f239cd5923 Author: Mike Gilbert gentoo org> AuthorDate: Fri Jun 30 16:53:42 2023 + Commit: Mike Gilbert gentoo org> CommitDate: Fri Jun 30 16:53:42 2023 + URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=4d23fef4 v2.33 Signed-off-by: Mike Gilbert gentoo.org> configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index a030dce..8cdca8b 100644 --- a/configure.ac +++ b/configure.ac @@ -1,5 +1,5 @@ AC_PREREQ([2.69]) -AC_INIT([sandbox], [2.32], [sand...@gentoo.org]) +AC_INIT([sandbox], [2.33], [sand...@gentoo.org]) AM_INIT_AUTOMAKE([1.15 dist-xz foreign no-dist-gzip silent-rules subdir-objects -Wall]) AM_SILENT_RULES([yes]) # AM_INIT_AUTOMAKE([silent-rules]) is broken atm AC_CONFIG_HEADER([config.h])
[gentoo-commits] proj/sandbox:stable-2.x commit in: /
commit: a38d957a825418fefeebc4212cc9e6d34ecdd8b0
Author: Mike Gilbert gentoo org>
AuthorDate: Fri Jun 23 03:14:58 2023 +
Commit: Mike Gilbert gentoo org>
CommitDate: Fri Jun 23 17:25:40 2023 +
URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=a38d957a
configure: update libc grep expression
On Alpine, libc's SONAME is 'libc.musl-x86_64.so.1'.
Signed-off-by: Mike Gilbert gentoo.org>
(cherry picked from commit 3ccc775d6f98c1917408bc3a370cfd6d3d789d50)
configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index ca5ed5b..a030dce 100644
--- a/configure.ac
+++ b/configure.ac
@@ -389,7 +389,7 @@ echo "int main(void) { return 0; }" > libctest.c
$CC $CFLAGS $CPPFLAGS $LDFLAGS -o libctest libctest.c
LIBC_VERSION=$(
$READELF -d libctest | \
- $EGREP 'NEEDED.* \@<:@libc\.so' | \
+ $EGREP 'NEEDED.* \@<:@libc\..*so' | \
$AWK '{print $NF}' | [sed -e 's:\[::' -e 's:\]::']
)
rm -f libctest*
[gentoo-commits] proj/sandbox:stable-2.x commit in: .github/workflows/
commit: 84e3934c938a6c94c40b0d0857a333a7be247800
Author: Mike Gilbert gentoo org>
AuthorDate: Fri Jun 23 15:35:43 2023 +
Commit: Mike Gilbert gentoo org>
CommitDate: Fri Jun 23 17:25:44 2023 +
URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=84e3934c
CI: clean up glibc job
Signed-off-by: Mike Gilbert gentoo.org>
(cherry picked from commit e2f8b0382aef54fd0827c61f05589b82ddfa8331)
.github/workflows/build-test-ci.yml | 32 +++-
1 file changed, 3 insertions(+), 29 deletions(-)
diff --git a/.github/workflows/build-test-ci.yml
b/.github/workflows/build-test-ci.yml
index 4a3ef88..5c95baa 100644
--- a/.github/workflows/build-test-ci.yml
+++ b/.github/workflows/build-test-ci.yml
@@ -3,58 +3,32 @@
name: Build+Test CI
-#on:
-# push:
-#branches: [master, gh-actions]
-#tags: [v*]
-# pull_request:
-#types: [created, opened, edited, push]
-
on: [pull_request, push]
jobs:
glibc:
strategy:
matrix:
-os: [ubuntu-latest]
cc: [gcc, clang]
-sanitize: [none] # [none, asan, ubsan]
fail-fast: false
-runs-on: ${{ matrix.os }}
+runs-on: ubuntu-latest
env:
CC: ${{ matrix.cc }}
- SANITIZER: ${{ matrix.sanitize }}
- UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1"
steps:
- name: Install dependencies
run: |
sudo apt-get update -qq
sudo apt-get install build-essential gcc clang automake autoconf
autoconf-archive libtool pax-utils -qy
-case "$SANITIZER" in
- none)
- ;;
- asan)
- echo CFLAGS="-O2 -ggdb3 -fsanitize=address" >> $GITHUB_ENV
- echo CXXFLAGS="-O2 -ggdb3 -fsanitize=address" >> $GITHUB_ENV
- echo LDFLAGS="-fsanitize=address" >> $GITHUB_ENV
- ;;
- ubsan)
- echo CFLAGS="-O2 -ggdb3 -fsanitize=undefined" >> $GITHUB_ENV
- echo CXXFLAGS="-O2 -ggdb3 -fsanitize=undefined" >> $GITHUB_ENV
- echo LDFLAGS="-fsanitize=undefined" >> $GITHUB_ENV
- ;;
-esac
-
- uses: actions/checkout@v3
name: Checkout
- name: Build
run: |
./autogen.sh
-./configure || cat config.log
+./configure || { cat config.log; false; }
make V=1
-make V=1 check
+make V=1 check || { cat tests/testsuite.log; false; }
make V=1 distcheck
musl:
[gentoo-commits] proj/sandbox:stable-2.x commit in: .github/workflows/
commit: 90b9a7a12ebd1531738877e63f85c42b740e0a36
Author: Mike Gilbert gentoo org>
AuthorDate: Fri Jun 23 03:14:58 2023 +
Commit: Mike Gilbert gentoo org>
CommitDate: Fri Jun 23 17:25:43 2023 +
URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=90b9a7a1
CI: add musl config
Signed-off-by: Mike Gilbert gentoo.org>
(cherry picked from commit 8fd0fb9f956c65dab850895102b21a7fef92b753)
.github/workflows/build-test-ci.yml | 21 -
1 file changed, 20 insertions(+), 1 deletion(-)
diff --git a/.github/workflows/build-test-ci.yml
b/.github/workflows/build-test-ci.yml
index 7ad056b..4a3ef88 100644
--- a/.github/workflows/build-test-ci.yml
+++ b/.github/workflows/build-test-ci.yml
@@ -13,7 +13,7 @@ name: Build+Test CI
on: [pull_request, push]
jobs:
- make:
+ glibc:
strategy:
matrix:
os: [ubuntu-latest]
@@ -56,3 +56,22 @@ jobs:
make V=1
make V=1 check
make V=1 distcheck
+
+ musl:
+runs-on: ubuntu-latest
+container:
+ image: alpine:latest
+ options: --cap-add=SYS_PTRACE
+steps:
+ - name: Install dependencies
+run: apk add bash coreutils build-base automake autoconf
autoconf-archive libtool pax-utils gawk sed
+
+ - name: Checkout
+uses: actions/checkout@v3
+
+ - name: Build
+run: |
+ ./autogen.sh
+ ./configure || { cat config.log; false; }
+ make V=1
+ make V=1 check || { cat tests/testsuite.log; false; }
[gentoo-commits] proj/sandbox:stable-2.x commit in: libsandbox/, libsandbox/wrapper-funcs/
commit: 3e1725e56f0edb4e7d88aa08a9f9cdcbca08d713 Author: Mike Gilbert gentoo org> AuthorDate: Thu Jun 22 17:41:09 2023 + Commit: Mike Gilbert gentoo org> CommitDate: Fri Jun 23 14:25:22 2023 + URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=3e1725e5 libsandbox: wrap musl time64 functions musl uses different names from glibc for the time64 symbols. Add them to symbols.h, and use symlinks for the wrapper-func files. Bug: https://bugs.gentoo.org/908970 Signed-off-by: Mike Gilbert gentoo.org> (cherry picked from commit 2911fdc0d72e37e99cac6609b4799ee06b29cd31) libsandbox/symbols.h.in | 4 libsandbox/wrapper-funcs/__futimesat_time64.c | 1 + libsandbox/wrapper-funcs/__lutimes_time64.c | 1 + libsandbox/wrapper-funcs/__utimensat_time64.c | 1 + libsandbox/wrapper-funcs/__utimes_time64.c| 1 + 5 files changed, 8 insertions(+) diff --git a/libsandbox/symbols.h.in b/libsandbox/symbols.h.in index 297c13a..5805592 100644 --- a/libsandbox/symbols.h.in +++ b/libsandbox/symbols.h.in @@ -79,11 +79,15 @@ utime __utime64 utimes __utimes64 +__utimes_time64 utimensat __utimensat64 utimensat_time64 +__utimensat_time64 futimesat __futimesat64 +__futimesat_time64 lutimes __lutimes64 +__lutimes_time64 fork vfork diff --git a/libsandbox/wrapper-funcs/__futimesat_time64.c b/libsandbox/wrapper-funcs/__futimesat_time64.c new file mode 12 index 000..c3a9b23 --- /dev/null +++ b/libsandbox/wrapper-funcs/__futimesat_time64.c @@ -0,0 +1 @@ +__futimesat64.c \ No newline at end of file diff --git a/libsandbox/wrapper-funcs/__lutimes_time64.c b/libsandbox/wrapper-funcs/__lutimes_time64.c new file mode 12 index 000..1819ce7 --- /dev/null +++ b/libsandbox/wrapper-funcs/__lutimes_time64.c @@ -0,0 +1 @@ +__lutimes64.c \ No newline at end of file diff --git a/libsandbox/wrapper-funcs/__utimensat_time64.c b/libsandbox/wrapper-funcs/__utimensat_time64.c new file mode 12 index 000..2dceb14 --- /dev/null +++ b/libsandbox/wrapper-funcs/__utimensat_time64.c @@ -0,0 +1 @@ +__utimensat64.c \ No newline at end of file diff --git a/libsandbox/wrapper-funcs/__utimes_time64.c b/libsandbox/wrapper-funcs/__utimes_time64.c new file mode 12 index 000..3dea445 --- /dev/null +++ b/libsandbox/wrapper-funcs/__utimes_time64.c @@ -0,0 +1 @@ +__utimes64.c \ No newline at end of file
[gentoo-commits] proj/sandbox:stable-2.x commit in: tests/
commit: 88ffe50668ff8ffc25324ab62c0e4de85509a5de
Author: Michael Orlitzky gentoo org>
AuthorDate: Sun Jan 28 01:05:02 2018 +
Commit: Mike Gilbert gentoo org>
CommitDate: Thu Jun 22 13:55:26 2023 +
URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=88ffe506
tests: add test case for fchown/fchmod with O_RDONLY.
Bug: https://bugs.gentoo.org/599706
Signed-off-by: Michael Orlitzky gentoo.org>
Signed-off-by: Mike Gilbert gentoo.org>
tests/fchmod-0.c | 35 +++
tests/fchmod-1.sh | 14 ++
tests/fchmod.at | 1 +
tests/fchown-0.c | 34 ++
tests/fchown-1.sh | 14 ++
tests/fchown.at | 1 +
tests/local.mk| 2 ++
7 files changed, 101 insertions(+)
diff --git a/tests/fchmod-0.c b/tests/fchmod-0.c
new file mode 100644
index 000..de0c237
--- /dev/null
+++ b/tests/fchmod-0.c
@@ -0,0 +1,35 @@
+/*
+ * https://bugs.gentoo.org/599706
+ *
+ */
+
+#include "headers.h"
+
+int main(int argc, char *argv[])
+{
+ if (argc < 2)
+ return -2;
+
+ int mode = 0;
+ sscanf(argv[1], "%i", );
+ /* The sandbox catches this:
+*
+* int fd = open(argv[2], O_RDWR);
+*
+* And it /should/ catch this:
+*
+*int fd = open(argv[2], O_RDONLY);
+*
+* ...but the latter only works when /proc/self/fd/%i
+* is available.
+*
+*/
+#ifdef SANDBOX_PROC_SELF_FD
+ int fd = open(argv[2], O_RDONLY);
+#else
+ int fd = open(argv[2], O_RDWR);
+#endif
+ int fchmod_result = fchmod(fd, (mode_t)mode);
+ close(fd);
+ return fchmod_result;
+}
diff --git a/tests/fchmod-1.sh b/tests/fchmod-1.sh
new file mode 100755
index 000..db404ba
--- /dev/null
+++ b/tests/fchmod-1.sh
@@ -0,0 +1,14 @@
+#!/bin/sh
+#
+# https://bugs.gentoo.org/599706
+#
+
+addwrite $PWD
+
+# The sandbox doesn't log anything when it returns a junk file
+# descriptor? It doesn't look like we can test the contents of
+# sandbox.log here... instead, we just have to count on fchmod
+# failing, which it does if you use O_RDWR, and it *should* if you use
+# O_RDONLY (because that won't stop the change of permissions).
+fchmod-0 $(stat --format='%#04a' ../..) ../.. && exit 1
+exit 0
diff --git a/tests/fchmod.at b/tests/fchmod.at
new file mode 100644
index 000..081d7d2
--- /dev/null
+++ b/tests/fchmod.at
@@ -0,0 +1 @@
+SB_CHECK(1)
diff --git a/tests/fchown-0.c b/tests/fchown-0.c
new file mode 100644
index 000..7fdca73
--- /dev/null
+++ b/tests/fchown-0.c
@@ -0,0 +1,34 @@
+/*
+ * https://bugs.gentoo.org/599706
+ *
+ */
+
+#include "headers.h"
+
+int main(int argc, char *argv[])
+{
+ if (argc < 3)
+ return -2;
+
+ uid_t uid = atoi(argv[1]);
+ gid_t gid = atoi(argv[2]);
+ /* The sandbox catches this:
+*
+* int fd = open(argv[3], O_RDWR);
+*
+* And it /should/ catch this:
+*
+*int fd = open(argv[3], O_RDONLY);
+*
+* ...but the latter only works when /proc/self/fd/%i
+* is available.
+*/
+#ifdef SANDBOX_PROC_SELF_FD
+ int fd = open(argv[3], O_RDONLY);
+#else
+ int fd = open(argv[3], O_RDWR);
+#endif
+ int fchown_result = fchown(fd, uid, gid);
+ close(fd);
+ return fchown_result;
+}
diff --git a/tests/fchown-1.sh b/tests/fchown-1.sh
new file mode 100755
index 000..1b4a173
--- /dev/null
+++ b/tests/fchown-1.sh
@@ -0,0 +1,14 @@
+#!/bin/sh
+#
+# https://bugs.gentoo.org/599706
+#
+
+addwrite $PWD
+
+# The sandbox doesn't log anything when it returns a junk file
+# descriptor? It doesn't look like we can test the contents of
+# sandbox.log here... instead, we just have to count on fchown
+# failing, which it does if you use O_RDWR, and it *should* if you use
+# O_RDONLY (because that won't stop the change of ownership).
+fchown-0 ${SB_UID} ${SB_GID} ../.. && exit 1
+exit 0
diff --git a/tests/fchown.at b/tests/fchown.at
new file mode 100644
index 000..081d7d2
--- /dev/null
+++ b/tests/fchown.at
@@ -0,0 +1 @@
+SB_CHECK(1)
diff --git a/tests/local.mk b/tests/local.mk
index 86a8a65..2f429e6 100644
--- a/tests/local.mk
+++ b/tests/local.mk
@@ -29,7 +29,9 @@ check_PROGRAMS += \
%D%/execv-0 \
%D%/execvp-0 \
%D%/faccessat-0 \
+ %D%/fchmod-0 \
%D%/fchmodat-0 \
+ %D%/fchown-0 \
%D%/fchownat-0 \
%D%/fopen-0 \
%D%/fopen64-0 \
[gentoo-commits] proj/sandbox:stable-2.x commit in: tests/
commit: 817965df90b7f421da65d2e1355957b588d8d2fe
Author: Michael Orlitzky gentoo org>
AuthorDate: Sun Jan 28 03:38:26 2018 +
Commit: Mike Gilbert gentoo org>
CommitDate: Thu Jun 22 13:55:26 2023 +
URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=817965df
tests: add more tests to make sure fchown/fchmod are handled correctly.
Closes: https://bugs.gentoo.org/599706
Signed-off-by: Michael Orlitzky gentoo.org>
Signed-off-by: Mike Gilbert gentoo.org>
tests/fchmod-2.sh | 11 +++
tests/fchmod.at | 1 +
tests/fchown-2.sh | 11 +++
tests/fchown.at | 1 +
4 files changed, 24 insertions(+)
diff --git a/tests/fchmod-2.sh b/tests/fchmod-2.sh
new file mode 100755
index 000..96d7cc9
--- /dev/null
+++ b/tests/fchmod-2.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+#
+# Ensure that fchmod() doesn't trigger spurious violations in the most
+# basic of cases.
+#
+addwrite $PWD
+
+# This should not trigger a violation.
+rm -f file
+touch file
+fchmod-0 0644 file || exit 1
diff --git a/tests/fchmod.at b/tests/fchmod.at
index 081d7d2..d364b4b 100644
--- a/tests/fchmod.at
+++ b/tests/fchmod.at
@@ -1 +1,2 @@
SB_CHECK(1)
+SB_CHECK(2)
diff --git a/tests/fchown-2.sh b/tests/fchown-2.sh
new file mode 100755
index 000..dedfbe4
--- /dev/null
+++ b/tests/fchown-2.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+#
+# Ensure that fchown() doesn't trigger spurious violations in the most
+# basic of cases.
+#
+addwrite $PWD
+
+# This should not trigger a violation.
+rm -f file
+touch file
+fchown-0 ${SB_UID} ${SB_GID} file || exit 1
diff --git a/tests/fchown.at b/tests/fchown.at
index 081d7d2..d364b4b 100644
--- a/tests/fchown.at
+++ b/tests/fchown.at
@@ -1 +1,2 @@
SB_CHECK(1)
+SB_CHECK(2)
[gentoo-commits] proj/sandbox:stable-2.x commit in: libsandbox/, libsandbox/wrapper-funcs/
commit: 45a8321f5015b19e706b8a3a1e2203bba900f24d
Author: Michael Orlitzky orlitzky com>
AuthorDate: Tue Jun 20 21:58:57 2023 +
Commit: Mike Gilbert gentoo org>
CommitDate: Thu Jun 22 13:55:26 2023 +
URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=45a8321f
libsandbox: add support for fchown/fchmod on linux
The fchown/fchmod functions use a file descriptor obtained from
open(), and the sandbox relies on its open() wrapper for safety. But
it turns out that fchown/fchmod can operate on a descriptor opened
O_RDONLY, which the open() wrapper is happy to give you. Oops. This is
bug 599706.
There's no POSIX way to map the descriptor to a path once you've got
it, but on linux you can use the magic path "/proc/self/fd/%i" which
should be a symlink pointing to the path passed to open(). Once we
have that path, we can use the existing "is this path safe" machinery
in the sandbox. There is precedent for this approach in sandbox, and
the SANDBOX_PROC_SELF_FD macro already exists to indicate that the
feature is available.
Bug: https://bugs.gentoo.org/599706
Signed-off-by: Michael Orlitzky gentoo.org>
Signed-off-by: Mike Gilbert gentoo.org>
libsandbox/libsandbox.c | 17 +
libsandbox/libsandbox.h | 7 +++
libsandbox/symbols.h.in | 2 ++
libsandbox/trace.c| 14 ++
libsandbox/wrapper-funcs/fchmod.c | 11 +++
libsandbox/wrapper-funcs/fchown.c | 11 +++
6 files changed, 62 insertions(+)
diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c
index b9ef52e..847b4e2 100644
--- a/libsandbox/libsandbox.c
+++ b/libsandbox/libsandbox.c
@@ -766,7 +766,9 @@ static int check_access(sbcontext_t *sbcontext, int sb_nr,
const char *func,
sb_nr == SB_NR_CHOWN ||
sb_nr == SB_NR_CREAT ||
sb_nr == SB_NR_CREAT64 ||
+ sb_nr == SB_NR_FCHMOD ||
sb_nr == SB_NR_FCHMODAT||
+ sb_nr == SB_NR_FCHOWN ||
sb_nr == SB_NR_FCHOWNAT||
/*sb_nr == SB_NR_FTRUNCATE ||
sb_nr == SB_NR_FTRUNCATE64 ||*/
@@ -1102,6 +1104,21 @@ bool before_syscall_open_int(int dirfd, int sb_nr, const
char *func, const char
return before_syscall(dirfd, sb_nr, ext_func, file, flags);
}
+bool before_syscall_fd(int sb_nr, const char *func, int fd) {
+#ifdef SANDBOX_PROC_SELF_FD
+ /* We only know how to handle e.g. fchmod() and fchown() on
+* linux, where it's possible to (eventually) get a path out
+* of the given file descriptor. The "64" below accounts for
+* the length of an integer string, and is probably
+* overkill. */
+ char path[sizeof("/proc/self/fd/") + 64];
+ snprintf(path, sizeof("/proc/self/fd/") + 64, "/proc/self/fd/%i", fd);
+ return before_syscall(AT_FDCWD, sb_nr, func, path, 0);
+#else
+ return true;
+#endif
+}
+
bool before_syscall_open_char(int dirfd, int sb_nr, const char *func, const
char *file, const char *mode)
{
if (NULL == mode)
diff --git a/libsandbox/libsandbox.h b/libsandbox/libsandbox.h
index 206c506..01a4c6c 100644
--- a/libsandbox/libsandbox.h
+++ b/libsandbox/libsandbox.h
@@ -46,6 +46,11 @@
#define SB_SAFE_OPEN_CHAR(_path, _mode) \
SB_SAFE_OPEN_CHAR_AT(AT_FDCWD, _path, _mode)
+#define _SB_SAFE_FD(_nr, _name, _fd) \
+__SB_SAFE(before_syscall_fd(_nr, _name, fd))
+#define SB_SAFE_FD(_fd) \
+ _SB_SAFE_FD(WRAPPER_NR, STRING_NAME, _fd)
+
/* Symbols that don't exist in the C library will be <= this value. */
#define SB_NR_UNDEF -9
#define SB_NR_IS_DEFINED(nr) (nr > SB_NR_UNDEF)
@@ -55,6 +60,8 @@ bool before_syscall(int, int, const char *, const char *,
int);
bool before_syscall_access(int, int, const char *, const char *, int);
bool before_syscall_open_int(int, int, const char *, const char *, int);
bool before_syscall_open_char(int, int, const char *, const char *, const char
*);
+bool before_syscall_fd(int, const char *, int);
+
enum sandbox_method_t get_sandbox_method(void);
void *get_dlsym(const char *symname, const char *symver);
diff --git a/libsandbox/symbols.h.in b/libsandbox/symbols.h.in
index ecf141c..297c13a 100644
--- a/libsandbox/symbols.h.in
+++ b/libsandbox/symbols.h.in
@@ -7,8 +7,10 @@
# before 'creat()' as 'creat()' uses 'open()' ...
chmod
+fchmod
fchmodat
chown
+fchown
fchownat
open
__open_2
diff --git a/libsandbox/trace.c b/libsandbox/trace.c
index 4ae58aa..7ac4b5d 100644
--- a/libsandbox/trace.c
+++ b/libsandbox/trace.c
@@ -390,8 +390,22 @@ static bool trace_check_syscall(const struct syscall_entry
*se, void *regs)
ret = 1;
free(path);
return ret;
+
+ } else if (nr == SB_NR_FCHMOD) {
+ int fd = trace_arg(regs, 1);
+ mode_t mode = trace_arg(regs, 2);
+ __sb_debug("(%i, %o)", fd, mode);
+ return
[gentoo-commits] proj/sandbox:stable-2.x commit in: /
commit: a5fcf9744ad6e60cb4de8db47f1aa6ce42c51479 Author: Mike Gilbert gentoo org> AuthorDate: Wed Jun 21 14:45:41 2023 + Commit: Mike Gilbert gentoo org> CommitDate: Wed Jun 21 14:45:41 2023 + URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=a5fcf974 v2.32 Signed-off-by: Mike Gilbert gentoo.org> configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index b78cf98..ca5ed5b 100644 --- a/configure.ac +++ b/configure.ac @@ -1,5 +1,5 @@ AC_PREREQ([2.69]) -AC_INIT([sandbox], [2.31], [sand...@gentoo.org]) +AC_INIT([sandbox], [2.32], [sand...@gentoo.org]) AM_INIT_AUTOMAKE([1.15 dist-xz foreign no-dist-gzip silent-rules subdir-objects -Wall]) AM_SILENT_RULES([yes]) # AM_INIT_AUTOMAKE([silent-rules]) is broken atm AC_CONFIG_HEADER([config.h])
[gentoo-commits] proj/sandbox:stable-2.x commit in: libsbutil/, libsandbox/wrapper-funcs/, libsbutil/src/, libsandbox/
commit: 609dd64e6e88b8abbbd424c24e5e40abe95cdb1c
Author: Mike Gilbert gentoo org>
AuthorDate: Mon Jun 19 15:50:46 2023 +
Commit: Mike Gilbert gentoo org>
CommitDate: Wed Jun 21 14:41:51 2023 +
URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=609dd64e
libsbutil: add sb_exists function
This provides a central place to work around a bug on musl where
faccessat sets errno to EINVAL when the kernel does not support
faccessat2.
Bug: https://bugs.gentoo.org/908765
Signed-off-by: Mike Gilbert gentoo.org>
(cherry picked from commit b55840ebe3278032777a3b52cecc6dac325dcf85)
libsandbox/pre_check_openat.c | 2 +-
libsandbox/wrapper-funcs/fopen_pre_check.c | 2 +-
libsbutil/local.mk | 1 +
libsbutil/sb_exists.c | 24
libsbutil/sbutil.h | 1 +
libsbutil/src/file.c | 2 +-
6 files changed, 29 insertions(+), 3 deletions(-)
diff --git a/libsandbox/pre_check_openat.c b/libsandbox/pre_check_openat.c
index 8fd3b23..99c03eb 100644
--- a/libsandbox/pre_check_openat.c
+++ b/libsandbox/pre_check_openat.c
@@ -19,7 +19,7 @@ bool sb_openat_pre_check(const char *func, const char
*pathname, int dirfd, int
save_errno();
/* Doesn't exist -> skip permission checks */
- if (faccessat(dirfd, pathname, F_OK, (flags & O_NOFOLLOW) ?
AT_SYMLINK_NOFOLLOW : 0) == -1) {
+ if (sb_exists(dirfd, pathname, (flags & O_NOFOLLOW) ?
AT_SYMLINK_NOFOLLOW : 0) == -1) {
sb_debug_dyn("EARLY FAIL: %s(%s): %s\n", func, pathname,
strerror(errno));
return false;
}
diff --git a/libsandbox/wrapper-funcs/fopen_pre_check.c
b/libsandbox/wrapper-funcs/fopen_pre_check.c
index 95108e0..e3ed2c6 100644
--- a/libsandbox/wrapper-funcs/fopen_pre_check.c
+++ b/libsandbox/wrapper-funcs/fopen_pre_check.c
@@ -11,7 +11,7 @@ bool sb_fopen_pre_check(const char *func, const char
*pathname, const char *mode
save_errno();
/* If we're trying to read, fail normally if file does not stat
*/
- if (faccessat(AT_FDCWD, pathname, F_OK, 0) == -1) {
+ if (sb_exists(AT_FDCWD, pathname, 0) == -1) {
sb_debug_dyn("EARLY FAIL: %s(%s): %s\n",
func, pathname, strerror(errno));
return false;
diff --git a/libsbutil/local.mk b/libsbutil/local.mk
index 126c7ce..1cb5de7 100644
--- a/libsbutil/local.mk
+++ b/libsbutil/local.mk
@@ -16,6 +16,7 @@ noinst_LTLIBRARIES += %D%/libsbutil.la
%D%/environment.c \
%D%/sb_backtrace.c\
%D%/sb_efuncs.c \
+ %D%/sb_exists.c \
%D%/sb_gdb.c \
%D%/sb_method.c \
%D%/sb_open.c \
diff --git a/libsbutil/sb_exists.c b/libsbutil/sb_exists.c
new file mode 100644
index 000..9ec7730
--- /dev/null
+++ b/libsbutil/sb_exists.c
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2023 Gentoo Authors
+ * Distributed under the terms of the GNU General Public License v2
+ */
+
+#include "headers.h"
+#include "sbutil.h"
+
+/* Wrapper for faccessat to work around buggy behavior on musl */
+int sb_exists(int dirfd, const char *pathname, int flags)
+{
+ struct stat64 buf;
+
+ if (faccessat(dirfd, pathname, F_OK, flags) == 0)
+ return 0;
+
+ /* musl's faccessat gives EINVAL when the kernel does not support
+* faccessat2 and AT_SYMLINK_NOFOLLOW is set.
+* https://www.openwall.com/lists/musl/2023/06/19/1 */
+ if (errno != EINVAL)
+ return -1;
+
+ return fstatat64(dirfd, pathname, , flags);
+}
diff --git a/libsbutil/sbutil.h b/libsbutil/sbutil.h
index d81543b..981fe0d 100644
--- a/libsbutil/sbutil.h
+++ b/libsbutil/sbutil.h
@@ -109,6 +109,7 @@ size_t sb_write(int fd, const void *buf, size_t count);
int sb_close(int fd);
void sb_close_all_fds(void);
int sb_copy_file_to_fd(const char *file, int ofd);
+int sb_exists(int dirfd, const char *pathname, int flags);
/* Reliable output */
__printf(1, 2) void sb_printf(const char *format, ...);
diff --git a/libsbutil/src/file.c b/libsbutil/src/file.c
index 5a361f4..64a6f0e 100644
--- a/libsbutil/src/file.c
+++ b/libsbutil/src/file.c
@@ -15,7 +15,7 @@
bool
rc_file_exists (const char *pathname)
{
- return faccessat(AT_FDCWD, pathname, F_OK, AT_SYMLINK_NOFOLLOW) == 0;
+ return sb_exists(AT_FDCWD, pathname, AT_SYMLINK_NOFOLLOW) == 0;
}
bool
[gentoo-commits] proj/sandbox:stable-2.x commit in: /
commit: 4228dca81575872fcd964b514916ee214816f053 Author: Mike Gilbert gentoo org> AuthorDate: Tue Jun 13 18:34:06 2023 + Commit: Mike Gilbert gentoo org> CommitDate: Tue Jun 13 18:34:06 2023 + URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=4228dca8 v2.31 Signed-off-by: Mike Gilbert gentoo.org> configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index a274580..b78cf98 100644 --- a/configure.ac +++ b/configure.ac @@ -1,5 +1,5 @@ AC_PREREQ([2.69]) -AC_INIT([sandbox], [2.30], [sand...@gentoo.org]) +AC_INIT([sandbox], [2.31], [sand...@gentoo.org]) AM_INIT_AUTOMAKE([1.15 dist-xz foreign no-dist-gzip silent-rules subdir-objects -Wall]) AM_SILENT_RULES([yes]) # AM_INIT_AUTOMAKE([silent-rules]) is broken atm AC_CONFIG_HEADER([config.h])
[gentoo-commits] proj/sandbox:stable-2.x commit in: libsandbox/, tests/
commit: a96f5a62b05f7895acb0990cd65f7842f0b1ff7a
Author: Mike Gilbert gentoo org>
AuthorDate: Mon Jun 12 14:58:39 2023 +
Commit: Mike Gilbert gentoo org>
CommitDate: Tue Jun 13 17:22:48 2023 +
URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=a96f5a62
libsandbox: add lutimes to symlink_func
lutimes operates on symlinks, so we should not check for access against
the symlink target.
Bug: https://bugs.gentoo.org/908105
Signed-off-by: Mike Gilbert gentoo.org>
(cherry picked from commit cdc89a00ac0bc3170d4ca7bfc77bc2572ce076b0)
libsandbox/libsandbox.c | 1 +
tests/lutimes-1.sh | 9 +
tests/lutimes.at| 1 +
3 files changed, 11 insertions(+)
diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c
index 0ca2bc9..b9ef52e 100644
--- a/libsandbox/libsandbox.c
+++ b/libsandbox/libsandbox.c
@@ -679,6 +679,7 @@ static bool symlink_func(int sb_nr, int flags)
sb_nr == SB_NR_LCHOWN ||
sb_nr == SB_NR_LREMOVEXATTR ||
sb_nr == SB_NR_LSETXATTR||
+ sb_nr == SB_NR_LUTIMES ||
sb_nr == SB_NR_REMOVE ||
sb_nr == SB_NR_RENAME ||
sb_nr == SB_NR_RENAMEAT ||
diff --git a/tests/lutimes-1.sh b/tests/lutimes-1.sh
new file mode 100755
index 000..8638bb2
--- /dev/null
+++ b/tests/lutimes-1.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+addwrite "${PWD}"
+
+sym="lutimes-1.sym"
+ln -s /bad/path "${sym}"
+
+lutimes-0 0 "${sym}" NULL || exit 1
+lutimes-0 -1,EACCES /bin/sh NULL || exit 1
diff --git a/tests/lutimes.at b/tests/lutimes.at
new file mode 100644
index 000..081d7d2
--- /dev/null
+++ b/tests/lutimes.at
@@ -0,0 +1 @@
+SB_CHECK(1)
[gentoo-commits] proj/sandbox:stable-2.x commit in: /
commit: b926cd079443bb9d0420b11201d4bd88a7aacd08
Author: James Le Cuirot gentoo org>
AuthorDate: Sat Jan 21 16:36:05 2023 +
Commit: Sam James gentoo org>
CommitDate: Fri May 12 01:39:38 2023 +
URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=b926cd07
build: Fix libc path configure test for mold
bfd, gold, lld, and mold all support `-Wl,--trace`, which has cleaner
output than `-Wl,--verbose`. mold doesn't output anything with the
latter, so the test didn't support that until now. The only difference
between them now is that mold prefixes its output with `trace: ` whereas
the others do not.
I checked the Solaris linker, but that does not support `-Wl,--trace`.
Bug: https://bugs.gentoo.org/830463
Signed-off-by: James Le Cuirot gentoo.org>
Closes: https://github.com/gentoo/sandbox/pull/5
Signed-off-by: Sam James gentoo.org>
(cherry picked from commit 190300def3160ca39bd8590d1bbc7305ae07cc5b)
configure.ac | 15 +--
1 file changed, 5 insertions(+), 10 deletions(-)
diff --git a/configure.ac b/configure.ac
index ace4173..a274580 100644
--- a/configure.ac
+++ b/configure.ac
@@ -363,16 +363,11 @@ try_link() {
) 1>_MESSAGE_LOG_FD
}
LIBC_PATH=$(AS_IF(
- dnl GNU linker (bfd & gold) searching for
- dnl (bfd) "attempt to open
/usr/lib/gcc/x86_64-pc-linux-gnu/8.3.0/../../../../lib64/libc.so succeeded"
- dnl (gold)
"/usr/lib/gcc/x86_64-pc-linux-gnu/8.3.0/../../../../x86_64-pc-linux-gnu/bin/ld:
Attempt to open /lib64/libc.so.6 succeeded"
- dnl if log does not contain "attempt" word then it's not a GNU linker
- [try_link -Wl,--verbose && grep -q '[[Aa]]ttempt' libctest.log],
- [$AWK '/[[Aa]]ttempt to open/ { if (($(NF-1) ~ /\/libc\.so/) &&
($NF == "succeeded")) LIBC = $(NF-1); }; END {print LIBC}' libctest.log],
- dnl LLVM lld searching for latest (successful) entry of
- dnl "ld.lld:
/usr/lib/gcc/x86_64-pc-linux-gnu/8.3.0/../../../../lib64/libc.so"
- dnl "ld.lld: /lib64/libc.so.6"
- [try_link -Wl,--verbose],
+ dnl GNU linkers (bfd, gold), LLVM lld, mold - searching for latest
entry of:
+ dnl
"/usr/lib/gcc/x86_64-pc-linux-gnu/8.3.0/../../../../lib64/libc.so"
+ dnl "/lib64/libc.so.6"
+ dnl Note that mold prefixes output with "trace: " whereas others do not.
+ [try_link -Wl,--trace],
[$EGREP -o '/[[^ ]]*/libc.so.*' libctest.log | tail -n1],
dnl Solaris linker
[try_link -Wl,-m],
[gentoo-commits] proj/sandbox:stable-2.x commit in: .github/workflows/
commit: b5651178b925f3e1cd283ccf6336a068d53d6e7d
Author: Sam James gentoo org>
AuthorDate: Fri Jan 6 06:58:34 2023 +
Commit: Sam James gentoo org>
CommitDate: Fri Jan 6 07:15:00 2023 +
URL:https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=b5651178
CI: add Github Actions
Signed-off-by: Sam James gentoo.org>
(cherry picked from commit cb63ad4fb4b8a21b269f330f2512da0a6ce7399e)
.github/workflows/build-test-ci.yml | 58 +
1 file changed, 58 insertions(+)
diff --git a/.github/workflows/build-test-ci.yml
b/.github/workflows/build-test-ci.yml
new file mode 100644
index 000..7ad056b
--- /dev/null
+++ b/.github/workflows/build-test-ci.yml
@@ -0,0 +1,58 @@
+# GitHub actions workflow.
+#
https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions
+
+name: Build+Test CI
+
+#on:
+# push:
+#branches: [master, gh-actions]
+#tags: [v*]
+# pull_request:
+#types: [created, opened, edited, push]
+
+on: [pull_request, push]
+
+jobs:
+ make:
+strategy:
+ matrix:
+os: [ubuntu-latest]
+cc: [gcc, clang]
+sanitize: [none] # [none, asan, ubsan]
+ fail-fast: false
+runs-on: ${{ matrix.os }}
+env:
+ CC: ${{ matrix.cc }}
+ SANITIZER: ${{ matrix.sanitize }}
+ UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1"
+steps:
+- name: Install dependencies
+ run: |
+sudo apt-get update -qq
+sudo apt-get install build-essential gcc clang automake autoconf
autoconf-archive libtool pax-utils -qy
+
+case "$SANITIZER" in
+ none)
+ ;;
+ asan)
+ echo CFLAGS="-O2 -ggdb3 -fsanitize=address" >> $GITHUB_ENV
+ echo CXXFLAGS="-O2 -ggdb3 -fsanitize=address" >> $GITHUB_ENV
+ echo LDFLAGS="-fsanitize=address" >> $GITHUB_ENV
+ ;;
+ ubsan)
+ echo CFLAGS="-O2 -ggdb3 -fsanitize=undefined" >> $GITHUB_ENV
+ echo CXXFLAGS="-O2 -ggdb3 -fsanitize=undefined" >> $GITHUB_ENV
+ echo LDFLAGS="-fsanitize=undefined" >> $GITHUB_ENV
+ ;;
+esac
+
+- uses: actions/checkout@v3
+ name: Checkout
+
+- name: Build
+ run: |
+./autogen.sh
+./configure || cat config.log
+make V=1
+make V=1 check
+make V=1 distcheck
