Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog6
-rw-r--r--Makefile.am2
-rw-r--r--canonicalize.c2
-rw-r--r--getcwd.c4
-rw-r--r--libsandbox.c3
-rw-r--r--localdecls.h6
-rw-r--r--sandbox.h34
-rw-r--r--sandbox_futils.c40
8 files changed, 56 insertions, 41 deletions
diff --git a/ChangeLog b/ChangeLog
index 7327221..e6371bb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,12 @@
# Copyright 1999-2004 Gentoo Foundation; Distributed under the GPL v2
# $Header$
+ 23 Apr 2005; Martin Schlemmer <azarah@gentoo.org> Makefile.am, canonicalize.c,
+ getcwd.c, libsandbox.c, localdecls.h, sandbox.h, sandbox_futils.c:
+ Make sure all functions used in libsandbox.c is declared static. Define
+ SB_STATIC in localdecls.h for this. Include sandbox_futils.c rather than
+ linking with its object. Hopefully this will fix bug #90153.
+
22 Mar 2005; Martin Schlemmer <azarah@gentoo.org> libsandbox.c:
Allow lchown a symlink in write-allowed path pointing to write-denied
target.
diff --git a/Makefile.am b/Makefile.am
index 508edac..2d7dc18 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -10,7 +10,7 @@ AM_CPPFLAGS = -D_GNU_SOURCE -DPIC -fPIC -D_REENTRANT \
dist_pkgdata_DATA = sandbox.bashrc
lib_LTLIBRARIES = libsandbox.la
-libsandbox_la_SOURCES = libsandbox.c sandbox_futils.c localdecls.h
+libsandbox_la_SOURCES = libsandbox.c localdecls.h
# Do not add -nostdlib or -nostartfiles, as then our constructor
# and destructor will not be executed ...
libsandbox_la_LDFLAGS = -nodefaultlibs -lc -ldl
diff --git a/canonicalize.c b/canonicalize.c
index 79a8323..ae06368 100644
--- a/canonicalize.c
+++ b/canonicalize.c
@@ -56,7 +56,7 @@
*
*/
-static char *
+SB_STATIC char *
erealpath(const char *name, char *resolved)
{
char *rpath, *dest;
diff --git a/getcwd.c b/getcwd.c
index ee809e4..870b12e 100644
--- a/getcwd.c
+++ b/getcwd.c
@@ -229,7 +229,7 @@ extern char *alloca();
NULL, an array is allocated with `malloc'; the array is SIZE bytes long,
unless SIZE == 0, in which case it is as big as necessary. */
-GETCWD_RETURN_TYPE
+SB_STATIC GETCWD_RETURN_TYPE
__egetcwd(buf, size)
char *buf;
size_t size;
@@ -472,7 +472,7 @@ lose2:
return NULL;
}
-GETCWD_RETURN_TYPE
+SB_STATIC GETCWD_RETURN_TYPE
egetcwd(buf, size)
char *buf;
size_t size;
diff --git a/libsandbox.c b/libsandbox.c
index 1b577d4..d92bbf9 100644
--- a/libsandbox.c
+++ b/libsandbox.c
@@ -140,7 +140,7 @@ void __attribute__ ((constructor)) libsb_init(void);
void __attribute__ ((destructor)) libsb_fini(void);
/* glibc modified realpath() functions */
-static char *erealpath(const char *name, char *resolved);
+static char *erealpath(const char *, char *);
/* glibc modified getcwd() functions */
static char *egetcwd(char *, size_t);
@@ -1498,5 +1498,6 @@ static int before_syscall_open_char(const char *func, const char *file, const ch
#include "getcwd.c"
#include "canonicalize.c"
+#include "sandbox_futils.c"
// vim:noexpandtab noai:cindent ai
diff --git a/localdecls.h b/localdecls.h
index 0a27b50..f328062 100644
--- a/localdecls.h
+++ b/localdecls.h
@@ -40,4 +40,10 @@
# error PATH_MAX not defined!
#endif
+#ifndef OUTSIDE_LIBSANDBOX
+# define SB_STATIC static
+#else
+# define SB_STATIC
+#endif
+
#endif
diff --git a/sandbox.h b/sandbox.h
index 6c79952..1c66871 100644
--- a/sandbox.h
+++ b/sandbox.h
@@ -10,6 +10,8 @@
#ifndef __SANDBOX_H__
#define __SANDBOX_H__
+#include "localdecls.h"
+
/* Uncomment below to use flock instead of fcntl (POSIX way) to lock/unlock files */
/* #define USE_FLOCK */
@@ -46,22 +48,22 @@
#define DEFAULT_BEEP_COUNT 3
-char *get_sandbox_path(char *argv0);
-char *get_sandbox_lib(char *sb_path);
-char *get_sandbox_pids_file(void);
-char *get_sandbox_rc(char *sb_path);
-char *get_sandbox_log();
-char *sb_dirname(const char *path);
-int file_getmode(char *mode);
-long file_tell(int fp);
-int file_lock(int fd, int lock, char *filename);
-int file_unlock(int fd);
-int file_locktype(char *mode);
-int file_open(char *filename, char *mode, int perm_specified, ...);
-void file_close(int fd);
-long file_length(int fd);
-int file_truncate(int fd);
-int file_exist(char *filename, int checkmode);
+SB_STATIC char *get_sandbox_path(char *argv0);
+SB_STATIC char *get_sandbox_lib(char *sb_path);
+SB_STATIC char *get_sandbox_pids_file(void);
+SB_STATIC char *get_sandbox_rc(char *sb_path);
+SB_STATIC char *get_sandbox_log();
+SB_STATIC char *sb_dirname(const char *path);
+SB_STATIC int file_getmode(char *mode);
+SB_STATIC long file_tell(int fp);
+SB_STATIC int file_lock(int fd, int lock, char *filename);
+SB_STATIC int file_unlock(int fd);
+SB_STATIC int file_locktype(char *mode);
+SB_STATIC int file_open(char *filename, char *mode, int perm_specified, ...);
+SB_STATIC void file_close(int fd);
+SB_STATIC long file_length(int fd);
+SB_STATIC int file_truncate(int fd);
+SB_STATIC int file_exist(char *filename, int checkmode);
#endif
diff --git a/sandbox_futils.c b/sandbox_futils.c
index b9ea29f..b77f550 100644
--- a/sandbox_futils.c
+++ b/sandbox_futils.c
@@ -31,13 +31,13 @@
#include "config.h"
/* BEGIN Prototypes */
-int file_security_check(char *filename);
+SB_STATIC int file_security_check(char *filename);
/* END Prototypes */
/* glibc modified getcwd() functions */
-char *egetcwd(char *, size_t);
+SB_STATIC char *egetcwd(char *, size_t);
-char *get_sandbox_path(char *argv0)
+SB_STATIC char *get_sandbox_path(char *argv0)
{
char path[255];
char *cwd = NULL;
@@ -60,7 +60,7 @@ char *get_sandbox_path(char *argv0)
return (sb_dirname(path));
}
-char *get_sandbox_lib(char *sb_path)
+SB_STATIC char *get_sandbox_lib(char *sb_path)
{
char path[255];
@@ -75,7 +75,7 @@ char *get_sandbox_lib(char *sb_path)
return (strdup(path));
}
-char *get_sandbox_pids_file(void)
+SB_STATIC char *get_sandbox_pids_file(void)
{
if (0 < getenv("SANDBOX_PIDS_FILE")) {
return (strdup(getenv("SANDBOX_PIDS_FILE")));
@@ -83,7 +83,7 @@ char *get_sandbox_pids_file(void)
return (strdup(PIDS_FILE));
}
-char *get_sandbox_rc(char *sb_path)
+SB_STATIC char *get_sandbox_rc(char *sb_path)
{
char path[255];
@@ -94,7 +94,7 @@ char *get_sandbox_rc(char *sb_path)
return (strdup(path));
}
-char *get_sandbox_log()
+SB_STATIC char *get_sandbox_log()
{
char path[255];
char *sandbox_log_env = NULL;
@@ -111,7 +111,7 @@ char *get_sandbox_log()
}
/* Obtain base directory name. Do not allow trailing / */
-char *sb_dirname(const char *path)
+SB_STATIC char *sb_dirname(const char *path)
{
char *ret = NULL;
char *ptr = NULL;
@@ -152,7 +152,7 @@ char *sb_dirname(const char *path)
}
/*
-char* dirname(const char* path)
+SB_STATIC char* dirname(const char* path)
{
char* base = NULL;
unsigned int length = 0;
@@ -176,7 +176,7 @@ char* dirname(const char* path)
}*/
/* Convert text (string) modes to integer values */
-int file_getmode(char *mode)
+SB_STATIC int file_getmode(char *mode)
{
int mde = 0;
if (0 == strcasecmp(mode, "r+")) {
@@ -198,13 +198,13 @@ int file_getmode(char *mode)
}
/* Get current position in file */
-long file_tell(int fp)
+SB_STATIC long file_tell(int fp)
{
return (lseek(fp, 0L, SEEK_CUR));
}
/* lock the file, preferrably the POSIX way */
-int file_lock(int fd, int lock, char *filename)
+SB_STATIC int file_lock(int fd, int lock, char *filename)
{
int err;
#ifdef USE_FLOCK
@@ -230,7 +230,7 @@ int file_lock(int fd, int lock, char *filename)
}
/* unlock the file, preferrably the POSIX way */
-int file_unlock(int fd)
+SB_STATIC int file_unlock(int fd)
{
#ifdef USE_FLOCK
if (flock(fd, LOCK_UN) < 0) {
@@ -255,7 +255,7 @@ int file_unlock(int fd)
/* Auto-determine from how the file was opened, what kind of lock to lock
* the file with
*/
-int file_locktype(char *mode)
+SB_STATIC int file_locktype(char *mode)
{
#ifdef USE_FLOCK
if (NULL != (strchr(mode, 'w')) || (NULL != strchr(mode, '+'))
@@ -273,7 +273,7 @@ int file_locktype(char *mode)
/* Use standard fopen style modes to open the specified file. Also auto-determines and
* locks the file either in shared or exclusive mode depending on opening mode
*/
-int file_open(char *filename, char *mode, int perm_specified, ...)
+SB_STATIC int file_open(char *filename, char *mode, int perm_specified, ...)
{
int fd;
char error[250];
@@ -338,7 +338,7 @@ int file_open(char *filename, char *mode, int perm_specified, ...)
}
/* Close and unlock file */
-void file_close(int fd)
+SB_STATIC void file_close(int fd)
{
if (-1 != fd) {
file_unlock(fd);
@@ -347,7 +347,7 @@ void file_close(int fd)
}
/* Return length of file */
-long file_length(int fd)
+SB_STATIC long file_length(int fd)
{
long pos, len;
pos = file_tell(fd);
@@ -357,7 +357,7 @@ long file_length(int fd)
}
/* Zero out file */
-int file_truncate(int fd)
+SB_STATIC int file_truncate(int fd)
{
lseek(fd, 0L, SEEK_SET);
if (ftruncate(fd, 0) < 0) {
@@ -368,7 +368,7 @@ int file_truncate(int fd)
}
/* Check to see if a file exists Return: 1 success, 0 file not found, -1 error */
-int file_exist(char *filename, int checkmode)
+SB_STATIC int file_exist(char *filename, int checkmode)
{
struct stat mystat;
@@ -402,7 +402,7 @@ int file_exist(char *filename, int checkmode)
return 1;
}
-int file_security_check(char *filename)
+SB_STATIC int file_security_check(char *filename)
{ /* 0 == fine, >0 == problem */
struct stat stat_buf;
struct group *group_buf;