libsandbox: set syscall error rather than killing on violations

If we kill the app, then the syscall that we flagged as a violation will
complete, and our entire purpose has failed -- to prevent modifications
to the protected paths.

Instead, set the syscall number to an invalid one, continue the syscall,
then set the syscall return value (which will become the errno) after the
syscall finishes.  This way the bad syscall isn't actually executed, and
we let the app continue to run like normal.

URL: http://bugs.gentoo.org/406543
Reported-by: Marijn Schouten <hkbst@gentoo.org>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>

1 files changed, 6 insertions, 4 deletions

diff --git a/libsandbox/trace/linux/i386.c b/libsandbox/trace/linux/i386.c
index 7508e25..9a3f590 100644
--- a/libsandbox/trace/linux/i386.c
+++ b/libsandbox/trace/linux/i386.c
@@ -1,7 +1,4 @@
-static int trace_sysnum(void)
-{
-	return do_peekuser(4 * ORIG_EAX);
-}
+#define trace_sysnum_puser (4 * ORIG_EAX)
 
 static long trace_raw_ret(void *vregs)
 {
@@ -9,6 +6,11 @@ static long trace_raw_ret(void *vregs)
 	return regs->eax;
 }
 
+static void trace_set_ret(void *vregs, int err)
+{
+	do_pokeuser(EAX, -err);
+}
+
 static unsigned long trace_arg(void *vregs, int num)
 {
 	trace_regs *regs = vregs;