diff options
| author |   Mike Frysinger <vapier@gentoo.org> | 2009-02-15 00:28:09 -0500 |
|---|---|---|
| committer | Mike Frysinger <vapier@gentoo.org> | 2009-02-15 00:28:09 -0500 |
| commit | 41621f114dcf879c45ae982c8c9796c4b050d4db (patch) | |
| tree | 5c93506cd0920afbb866d9d9941e8ec35497039e /libsandbox | |
| parent | libsandbox: simplify clean_env_entries a bit (diff) | |
| download | sandbox-41621f114dcf879c45ae982c8c9796c4b050d4db.tar.gz sandbox-41621f114dcf879c45ae982c8c9796c4b050d4db.tar.bz2 sandbox-41621f114dcf879c45ae982c8c9796c4b050d4db.zip | |
libsandbox: make sure all mknod symbols are wrapped
The mknodat() symbol on glibc is rewritten to __xmknodat(), so we need to
wrap that and check for all of them in the check_access() code.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Diffstat (limited to 'libsandbox')
| -rw-r--r-- | libsandbox/libsandbox.c | 3 | ||||
| -rw-r--r-- | libsandbox/symbols.h.in | 1 | ||||
| -rw-r--r-- | libsandbox/wrapper-funcs/__xmknodat.c | 11 |
3 files changed, 15 insertions, 0 deletions
diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c index 77cb3f6..ffda996 100644 --- a/libsandbox/libsandbox.c +++ b/libsandbox/libsandbox.c @@ -561,7 +561,10 @@ static int check_access(sbcontext_t *sbcontext, int sb_nr, const char *func, con sb_nr == SB_NR_CREAT64 || sb_nr == SB_NR_MKDIR || sb_nr == SB_NR_MKNOD || + sb_nr == SB_NR_MKNODAT || + sb_nr == SB_NR__XMKNOD || sb_nr == SB_NR___XMKNOD || + sb_nr == SB_NR___XMKNODAT || sb_nr == SB_NR_MKFIFO || sb_nr == SB_NR_LINK || sb_nr == SB_NR_SYMLINK || diff --git a/libsandbox/symbols.h.in b/libsandbox/symbols.h.in index ab79f17..deb7b60 100644 --- a/libsandbox/symbols.h.in +++ b/libsandbox/symbols.h.in @@ -24,6 +24,7 @@ mknod mknodat _xmknod __xmknod +__xmknodat mkfifo mkfifoat access diff --git a/libsandbox/wrapper-funcs/__xmknodat.c b/libsandbox/wrapper-funcs/__xmknodat.c new file mode 100644 index 0000000..97e4689 --- /dev/null +++ b/libsandbox/wrapper-funcs/__xmknodat.c @@ -0,0 +1,11 @@ +/* + * __xmknodat() wrapper. + * + * Copyright 1999-2008 Gentoo Foundation + * Licensed under the GPL-2 + */ + +#define WRAPPER_ARGS_PROTO int ver, int dirfd, const char *pathname, mode_t mode, dev_t *dev +#define WRAPPER_ARGS ver, dirfd, pathname, mode, dev +#define WRAPPER_SAFE() FUNCTION_SANDBOX_SAFE(pathname) +#include "__wrapper_simple.c" |