aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Frysinger <vapier@gentoo.org>2009-06-04 00:19:20 -0400
committerMike Frysinger <vapier@gentoo.org>2009-06-04 00:19:20 -0400
commit70f148095b7b9acd4e8329da0766aadc88b017d8 (patch)
treef9c69308721da245f85bf0f09dfffc6234d9ab61 /libsandbox/wrapper-funcs
parentlibsandbox: make sure fopen64 uses 64bit funcs (diff)
downloadsandbox-70f148095b7b9acd4e8329da0766aadc88b017d8.tar.gz
sandbox-70f148095b7b9acd4e8329da0766aadc88b017d8.tar.bz2
sandbox-70f148095b7b9acd4e8329da0766aadc88b017d8.zip
libsandbox: add pre checks to static tracing
The normal wrapped functions go through some "pre checks" where certain normal conditions are not flagged as problematic. The static tracing lacked those pre checks though. URL: http://bugs.gentoo.org/265885 Signed-off-by: Mike Frysinger <vapier@gentoo.org> Reported-by: Daniel Robbins <drobbins@funtoo.org>
Diffstat (limited to 'libsandbox/wrapper-funcs')
-rw-r--r--libsandbox/wrapper-funcs/__64_post.h1
-rw-r--r--libsandbox/wrapper-funcs/__64_pre.h1
-rw-r--r--libsandbox/wrapper-funcs/__openat_2.c38
-rw-r--r--libsandbox/wrapper-funcs/fopen.c28
-rw-r--r--libsandbox/wrapper-funcs/fopen64.c6
-rw-r--r--libsandbox/wrapper-funcs/fopen64_pre_check.c12
-rw-r--r--libsandbox/wrapper-funcs/fopen_pre_check.c26
-rw-r--r--libsandbox/wrapper-funcs/mkdir.c4
-rw-r--r--libsandbox/wrapper-funcs/mkdirat.c42
-rw-r--r--libsandbox/wrapper-funcs/mkdirat_pre_check.c42
-rw-r--r--libsandbox/wrapper-funcs/openat.c40
-rw-r--r--libsandbox/wrapper-funcs/openat64_pre_check.c12
-rw-r--r--libsandbox/wrapper-funcs/openat_pre_check.c28
-rw-r--r--libsandbox/wrapper-funcs/unlink.c4
-rw-r--r--libsandbox/wrapper-funcs/unlinkat.c38
-rw-r--r--libsandbox/wrapper-funcs/unlinkat_pre_check.c38
16 files changed, 193 insertions, 167 deletions
diff --git a/libsandbox/wrapper-funcs/__64_post.h b/libsandbox/wrapper-funcs/__64_post.h
index 33ea3b2..2fd2182 100644
--- a/libsandbox/wrapper-funcs/__64_post.h
+++ b/libsandbox/wrapper-funcs/__64_post.h
@@ -1,2 +1,3 @@
+#undef SB64
#undef stat
#undef off_t
diff --git a/libsandbox/wrapper-funcs/__64_pre.h b/libsandbox/wrapper-funcs/__64_pre.h
index 1e836f4..2132110 100644
--- a/libsandbox/wrapper-funcs/__64_pre.h
+++ b/libsandbox/wrapper-funcs/__64_pre.h
@@ -1,2 +1,3 @@
+#define SB64
#define stat stat64
#define off_t off64_t
diff --git a/libsandbox/wrapper-funcs/__openat_2.c b/libsandbox/wrapper-funcs/__openat_2.c
index b7a6e09..4549a23 100644
--- a/libsandbox/wrapper-funcs/__openat_2.c
+++ b/libsandbox/wrapper-funcs/__openat_2.c
@@ -9,40 +9,16 @@
# define WRAPPER_ARGS_PROTO int dirfd, const char *pathname, int flags
# define WRAPPER_ARGS dirfd, pathname, flags
# define WRAPPER_SAFE() SB_SAFE_OPEN_INT_AT(dirfd, pathname, flags)
-# define USE_AT 1
#else
-# define USE_AT 0
+# define dirfd AT_FDCWD
#endif
-#ifndef PRE_CHECK_FUNC
-# define _PRE_CHECK_FUNC(x) sb_##x##_pre_check
-# define PRE_CHECK_FUNC(x) _PRE_CHECK_FUNC(x)
-#endif
-static inline bool PRE_CHECK_FUNC(WRAPPER_NAME)(WRAPPER_ARGS_PROTO)
-{
- if (!(flags & O_CREAT)) {
- /* If we're not trying to create, fail normally if
- * file does not stat
- */
-#if USE_AT
- if (dirfd == AT_FDCWD || pathname[0] == '/')
+#ifdef SB64
+# define WRAPPER_PRE_CHECKS() sb_openat64_pre_check(STRING_NAME, pathname, dirfd, flags)
+#else
+# define WRAPPER_PRE_CHECKS() sb_openat_pre_check(STRING_NAME, pathname, dirfd, flags)
#endif
-#undef USE_AT
- {
- struct stat st;
- save_errno();
- if (-1 == stat(pathname, &st)) {
- if (is_env_on(ENV_SANDBOX_DEBUG))
- SB_EINFO("EARLY FAIL", " %s(%s): %s\n",
- STRING_NAME, pathname, strerror(errno));
- return false;
- }
- restore_errno();
- }
- }
-
- return true;
-}
-#define WRAPPER_PRE_CHECKS() PRE_CHECK_FUNC(WRAPPER_NAME)(WRAPPER_ARGS)
#include "__wrapper_simple.c"
+
+#undef dirfd
diff --git a/libsandbox/wrapper-funcs/fopen.c b/libsandbox/wrapper-funcs/fopen.c
index 57e7dba..ce2fdf3 100644
--- a/libsandbox/wrapper-funcs/fopen.c
+++ b/libsandbox/wrapper-funcs/fopen.c
@@ -11,30 +11,10 @@
#define WRAPPER_RET_TYPE FILE *
#define WRAPPER_RET_DEFAULT NULL
-#ifndef SB_FOPEN_PRE_CHECK
-#define SB_FOPEN_PRE_CHECK
-static inline bool sb_fopen_pre_check(WRAPPER_ARGS_PROTO)
-{
- if ((NULL != mode) && (mode[0] == 'r')) {
- save_errno();
-
- /* If we're trying to read, fail normally if file does not stat */
- struct stat st;
- if (-1 == stat(pathname, &st)) {
- if (is_env_on(ENV_SANDBOX_DEBUG))
- SB_EINFO("EARLY FAIL", " %s(%s): %s\n",
- STRING_NAME, pathname, strerror(errno));
- return false;
- }
-
- restore_errno();
- }
-
- return true;
-}
-#endif
-#ifndef WRAPPER_PRE_CHECKS
-# define WRAPPER_PRE_CHECKS() sb_fopen_pre_check(WRAPPER_ARGS)
+#ifdef SB64
+# define WRAPPER_PRE_CHECKS() sb_fopen64_pre_check(STRING_NAME, pathname, mode)
+#else
+# define WRAPPER_PRE_CHECKS() sb_fopen_pre_check(STRING_NAME, pathname, mode)
#endif
#include "__wrapper_simple.c"
diff --git a/libsandbox/wrapper-funcs/fopen64.c b/libsandbox/wrapper-funcs/fopen64.c
index 60116fe..8e0cdb0 100644
--- a/libsandbox/wrapper-funcs/fopen64.c
+++ b/libsandbox/wrapper-funcs/fopen64.c
@@ -1,14 +1,10 @@
/*
* fopen64() wrapper.
*
- * Copyright 1999-2008 Gentoo Foundation
+ * Copyright 1999-2009 Gentoo Foundation
* Licensed under the GPL-2
*/
#include "__64_pre.h"
-#undef SB_FOPEN_PRE_CHECK
-#define sb_fopen_pre_check sb_fopen64_pre_check
-#define WRAPPER_PRE_CHECKS() sb_fopen64_pre_check(WRAPPER_ARGS)
#include "fopen.c"
-#undef sb_fopen_pre_check
#include "__64_post.h"
diff --git a/libsandbox/wrapper-funcs/fopen64_pre_check.c b/libsandbox/wrapper-funcs/fopen64_pre_check.c
new file mode 100644
index 0000000..3f7a737
--- /dev/null
+++ b/libsandbox/wrapper-funcs/fopen64_pre_check.c
@@ -0,0 +1,12 @@
+/*
+ * fopen64() pre-check.
+ *
+ * Copyright 1999-2009 Gentoo Foundation
+ * Licensed under the GPL-2
+ */
+
+#include "__64_pre.h"
+#define sb_fopen_pre_check sb_fopen64_pre_check
+#include "fopen_pre_check.c"
+#undef sb_fopen_pre_check
+#include "__64_post.h"
diff --git a/libsandbox/wrapper-funcs/fopen_pre_check.c b/libsandbox/wrapper-funcs/fopen_pre_check.c
new file mode 100644
index 0000000..9ee3b60
--- /dev/null
+++ b/libsandbox/wrapper-funcs/fopen_pre_check.c
@@ -0,0 +1,26 @@
+/*
+ * fopen() pre-check.
+ *
+ * Copyright 1999-2009 Gentoo Foundation
+ * Licensed under the GPL-2
+ */
+
+bool sb_fopen_pre_check(const char *func, const char *pathname, const char *mode)
+{
+ if ((NULL != mode) && (mode[0] == 'r')) {
+ save_errno();
+
+ /* If we're trying to read, fail normally if file does not stat */
+ struct stat st;
+ if (-1 == stat(pathname, &st)) {
+ if (is_env_on(ENV_SANDBOX_DEBUG))
+ SB_EINFO("EARLY FAIL", " %s(%s): %s\n",
+ func, pathname, strerror(errno));
+ return false;
+ }
+
+ restore_errno();
+ }
+
+ return true;
+}
diff --git a/libsandbox/wrapper-funcs/mkdir.c b/libsandbox/wrapper-funcs/mkdir.c
index cc4cbee..4962490 100644
--- a/libsandbox/wrapper-funcs/mkdir.c
+++ b/libsandbox/wrapper-funcs/mkdir.c
@@ -1,13 +1,11 @@
/*
* mkdir() wrapper.
*
- * Copyright 1999-2008 Gentoo Foundation
+ * Copyright 1999-2009 Gentoo Foundation
* Licensed under the GPL-2
*/
#define WRAPPER_ARGS_PROTO const char *pathname, mode_t mode
#define WRAPPER_ARGS pathname, mode
#define WRAPPER_SAFE() SB_SAFE(pathname)
-#define sb_mkdirat_pre_check sb_mkdir_pre_check
#include "mkdirat.c"
-#undef sb_mkdirat_pre_check
diff --git a/libsandbox/wrapper-funcs/mkdirat.c b/libsandbox/wrapper-funcs/mkdirat.c
index f809c9f..4445356 100644
--- a/libsandbox/wrapper-funcs/mkdirat.c
+++ b/libsandbox/wrapper-funcs/mkdirat.c
@@ -1,7 +1,7 @@
/*
* mkdirat() wrapper.
*
- * Copyright 1999-2008 Gentoo Foundation
+ * Copyright 1999-2009 Gentoo Foundation
* Licensed under the GPL-2
*/
@@ -9,42 +9,12 @@
# define WRAPPER_ARGS_PROTO int dirfd, const char *pathname, mode_t mode
# define WRAPPER_ARGS dirfd, pathname, mode
# define WRAPPER_SAFE() SB_SAFE_AT(dirfd, pathname, 0)
+#else
+# define dirfd AT_FDCWD
#endif
-static inline bool sb_mkdirat_pre_check(WRAPPER_ARGS_PROTO)
-{
- char canonic[SB_PATH_MAX];
-
- save_errno();
-
- if (-1 == canonicalize(pathname, canonic))
- /* see comments in check_syscall() */
- if (ENAMETOOLONG != errno) {
- if (is_env_on(ENV_SANDBOX_DEBUG))
- SB_EINFO("EARLY FAIL", " %s(%s) @ canonicalize: %s\n",
- STRING_NAME, pathname, strerror(errno));
- return false;
- }
-
- /* XXX: Hack to prevent errors if the directory exist, and are
- * not writable - we rather return EEXIST than fail. This can
- * occur if doing something like `mkdir -p /`. We certainly do
- * not want to pass this attempt up to the higher levels as those
- * will trigger a sandbox violation.
- */
- struct stat st;
- if (0 == lstat(canonic, &st)) {
- if (is_env_on(ENV_SANDBOX_DEBUG))
- SB_EINFO("EARLY FAIL", " %s(%s) @ lstat: %s\n",
- STRING_NAME, pathname, strerror(errno));
- errno = EEXIST;
- return false;
- }
-
- restore_errno();
-
- return true;
-}
-#define WRAPPER_PRE_CHECKS() sb_mkdirat_pre_check(WRAPPER_ARGS)
+#define WRAPPER_PRE_CHECKS() sb_mkdirat_pre_check(STRING_NAME, pathname, dirfd)
#include "__wrapper_simple.c"
+
+#undef dirfd
diff --git a/libsandbox/wrapper-funcs/mkdirat_pre_check.c b/libsandbox/wrapper-funcs/mkdirat_pre_check.c
new file mode 100644
index 0000000..ea9ff9a
--- /dev/null
+++ b/libsandbox/wrapper-funcs/mkdirat_pre_check.c
@@ -0,0 +1,42 @@
+/*
+ * mkdir*() pre-check.
+ *
+ * Copyright 1999-2009 Gentoo Foundation
+ * Licensed under the GPL-2
+ */
+
+bool sb_mkdirat_pre_check(const char *func, const char *pathname, int dirfd)
+{
+ char canonic[SB_PATH_MAX];
+
+ save_errno();
+
+ /* XXX: need to check pathname with dirfd */
+ if (-1 == canonicalize(pathname, canonic))
+ /* see comments in check_syscall() */
+ if (ENAMETOOLONG != errno) {
+ if (is_env_on(ENV_SANDBOX_DEBUG))
+ SB_EINFO("EARLY FAIL", " %s(%s) @ canonicalize: %s\n",
+ func, pathname, strerror(errno));
+ return false;
+ }
+
+ /* XXX: Hack to prevent errors if the directory exist, and are
+ * not writable - we rather return EEXIST than fail. This can
+ * occur if doing something like `mkdir -p /`. We certainly do
+ * not want to pass this attempt up to the higher levels as those
+ * will trigger a sandbox violation.
+ */
+ struct stat st;
+ if (0 == lstat(canonic, &st)) {
+ if (is_env_on(ENV_SANDBOX_DEBUG))
+ SB_EINFO("EARLY FAIL", " %s(%s[%s]) @ lstat: %s\n",
+ func, pathname, canonic, strerror(errno));
+ errno = EEXIST;
+ return false;
+ }
+
+ restore_errno();
+
+ return true;
+}
diff --git a/libsandbox/wrapper-funcs/openat.c b/libsandbox/wrapper-funcs/openat.c
index 123b7c2..3e46ad5 100644
--- a/libsandbox/wrapper-funcs/openat.c
+++ b/libsandbox/wrapper-funcs/openat.c
@@ -1,7 +1,7 @@
/*
* openat() wrapper.
*
- * Copyright 1999-2008 Gentoo Foundation
+ * Copyright 1999-2009 Gentoo Foundation
* Licensed under the GPL-2
*/
@@ -12,42 +12,15 @@
# define WRAPPER_ARGS dirfd, pathname, flags
# define WRAPPER_ARGS_FULL WRAPPER_ARGS, mode
# define WRAPPER_SAFE() SB_SAFE_OPEN_INT_AT(dirfd, pathname, flags)
-# define USE_AT 1
#else
-# define USE_AT 0
+# define dirfd AT_FDCWD
#endif
-#ifndef PRE_CHECK_FUNC
-# define _PRE_CHECK_FUNC(x) sb_##x##_pre_check
-# define PRE_CHECK_FUNC(x) _PRE_CHECK_FUNC(x)
-#endif
-
-static inline bool PRE_CHECK_FUNC(WRAPPER_NAME)(_WRAPPER_ARGS_PROTO)
-{
- if (!(flags & O_CREAT)) {
- /* If we're not trying to create, fail normally if
- * file does not stat
- */
-#if USE_AT
- if (dirfd == AT_FDCWD || pathname[0] == '/')
+#ifdef SB64
+# define WRAPPER_PRE_CHECKS() sb_openat64_pre_check(STRING_NAME, pathname, dirfd, flags)
+#else
+# define WRAPPER_PRE_CHECKS() sb_openat_pre_check(STRING_NAME, pathname, dirfd, flags)
#endif
-#undef USE_AT
- {
- struct stat st;
- save_errno();
- if (-1 == stat(pathname, &st)) {
- if (is_env_on(ENV_SANDBOX_DEBUG))
- SB_EINFO("EARLY FAIL", " %s(%s): %s\n",
- STRING_NAME, pathname, strerror(errno));
- return false;
- }
- restore_errno();
- }
- }
-
- return true;
-}
-#define WRAPPER_PRE_CHECKS() PRE_CHECK_FUNC(WRAPPER_NAME)(WRAPPER_ARGS)
#define WRAPPER_SAFE_POST_EXPAND \
int mode = 0; \
@@ -60,4 +33,5 @@ static inline bool PRE_CHECK_FUNC(WRAPPER_NAME)(_WRAPPER_ARGS_PROTO)
#include "__wrapper_simple.c"
+#undef dirfd
#undef _WRAPPER_ARGS_PROTO
diff --git a/libsandbox/wrapper-funcs/openat64_pre_check.c b/libsandbox/wrapper-funcs/openat64_pre_check.c
new file mode 100644
index 0000000..67dc0dc
--- /dev/null
+++ b/libsandbox/wrapper-funcs/openat64_pre_check.c
@@ -0,0 +1,12 @@
+/*
+ * open*64*() pre-check.
+ *
+ * Copyright 1999-2009 Gentoo Foundation
+ * Licensed under the GPL-2
+ */
+
+#include "__64_pre.h"
+#define sb_openat_pre_check sb_openat64_pre_check
+#include "openat_pre_check.c"
+#undef sb_openat_pre_check
+#include "__64_post.h"
diff --git a/libsandbox/wrapper-funcs/openat_pre_check.c b/libsandbox/wrapper-funcs/openat_pre_check.c
new file mode 100644
index 0000000..7f5e823
--- /dev/null
+++ b/libsandbox/wrapper-funcs/openat_pre_check.c
@@ -0,0 +1,28 @@
+/*
+ * open*() pre-check.
+ *
+ * Copyright 1999-2009 Gentoo Foundation
+ * Licensed under the GPL-2
+ */
+
+bool sb_openat_pre_check(const char *func, const char *pathname, int dirfd, int flags)
+{
+ if (!(flags & O_CREAT)) {
+ /* If we're not trying to create, fail normally if
+ * file does not stat
+ */
+ if (dirfd == AT_FDCWD || pathname[0] == '/') {
+ struct stat st;
+ save_errno();
+ if (-1 == stat(pathname, &st)) {
+ if (is_env_on(ENV_SANDBOX_DEBUG))
+ SB_EINFO("EARLY FAIL", " %s(%s): %s\n",
+ func, pathname, strerror(errno));
+ return false;
+ }
+ restore_errno();
+ }
+ }
+
+ return true;
+}
diff --git a/libsandbox/wrapper-funcs/unlink.c b/libsandbox/wrapper-funcs/unlink.c
index 79cab10..4f26de1 100644
--- a/libsandbox/wrapper-funcs/unlink.c
+++ b/libsandbox/wrapper-funcs/unlink.c
@@ -1,13 +1,11 @@
/*
* unlink() wrapper.
*
- * Copyright 1999-2008 Gentoo Foundation
+ * Copyright 1999-2009 Gentoo Foundation
* Licensed under the GPL-2
*/
#define WRAPPER_ARGS_PROTO const char *pathname
#define WRAPPER_ARGS pathname
#define WRAPPER_SAFE() SB_SAFE(pathname)
-#define sb_unlinkat_pre_check sb_unlink_pre_check
#include "unlinkat.c"
-#undef sb_unlinkat_pre_check
diff --git a/libsandbox/wrapper-funcs/unlinkat.c b/libsandbox/wrapper-funcs/unlinkat.c
index 4ef4a3b..34bce72 100644
--- a/libsandbox/wrapper-funcs/unlinkat.c
+++ b/libsandbox/wrapper-funcs/unlinkat.c
@@ -1,7 +1,7 @@
/*
* unlinkat() wrapper.
*
- * Copyright 1999-2008 Gentoo Foundation
+ * Copyright 1999-2009 Gentoo Foundation
* Licensed under the GPL-2
*/
@@ -9,38 +9,12 @@
# define WRAPPER_ARGS_PROTO int dirfd, const char *pathname, int flags
# define WRAPPER_ARGS dirfd, pathname, flags
# define WRAPPER_SAFE() SB_SAFE_AT(dirfd, pathname, flags)
+#else
+# define dirfd AT_FDCWD
#endif
-static inline bool sb_unlinkat_pre_check(WRAPPER_ARGS_PROTO)
-{
- char canonic[SB_PATH_MAX];
-
- save_errno();
-
- if (-1 == canonicalize(pathname, canonic))
- /* see comments in check_syscall() */
- if (ENAMETOOLONG != errno)
- goto error;
-
- /* XXX: Hack to make sure sandboxed process cannot remove
- * a device node, bug #79836. */
- if (0 == strcmp(canonic, "/dev/null") ||
- 0 == strcmp(canonic, "/dev/zero"))
- {
- errno = EACCES;
- goto error;
- }
-
- restore_errno();
-
- return true;
-
- error:
- if (is_env_on(ENV_SANDBOX_DEBUG))
- SB_EINFO("EARLY FAIL", " %s(%s): %s\n",
- STRING_NAME, pathname, strerror(errno));
- return false;
-}
-#define WRAPPER_PRE_CHECKS() sb_unlinkat_pre_check(WRAPPER_ARGS)
+#define WRAPPER_PRE_CHECKS() sb_unlinkat_pre_check(STRING_NAME, pathname, dirfd)
#include "__wrapper_simple.c"
+
+#undef dirfd
diff --git a/libsandbox/wrapper-funcs/unlinkat_pre_check.c b/libsandbox/wrapper-funcs/unlinkat_pre_check.c
new file mode 100644
index 0000000..961c31f
--- /dev/null
+++ b/libsandbox/wrapper-funcs/unlinkat_pre_check.c
@@ -0,0 +1,38 @@
+/*
+ * unlink*() pre-check.
+ *
+ * Copyright 1999-2009 Gentoo Foundation
+ * Licensed under the GPL-2
+ */
+
+bool sb_unlinkat_pre_check(const char *func, const char *pathname, int dirfd)
+{
+ char canonic[SB_PATH_MAX];
+
+ save_errno();
+
+ /* XXX: need to check pathname with dirfd */
+ if (-1 == canonicalize(pathname, canonic))
+ /* see comments in check_syscall() */
+ if (ENAMETOOLONG != errno)
+ goto error;
+
+ /* XXX: Hack to make sure sandboxed process cannot remove
+ * a device node, bug #79836. */
+ if (0 == strcmp(canonic, "/dev/null") ||
+ 0 == strcmp(canonic, "/dev/zero"))
+ {
+ errno = EACCES;
+ goto error;
+ }
+
+ restore_errno();
+
+ return true;
+
+ error:
+ if (is_env_on(ENV_SANDBOX_DEBUG))
+ SB_EINFO("EARLY FAIL", " %s(%s): %s\n",
+ func, pathname, strerror(errno));
+ return false;
+}