| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
When glibc is compiled with optimization and higher _FORTIFY_SOURCE
levels, the headers redirect dynamic calls to the open*() functions to the
__open*_2() functions. The latter provides runtime checking. But this
means we also need to wrap the latter forms in order to get sandbox
checking on the open() functions.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
|
| |
Since there doesn't seem to be a use for wrapping the __XXX weak symbols,
and things aren't using these in normal glibc/uClibc code, stop attempting
to handle them. This should work around the FreeBSD infinite recursion
issue as well (their getcwd() calls __getcwd(), both of which are public
symbols).
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
| |
Rework the shell code slightly so a missed grep does not trigger the -e.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
| |
The configure scripts will try hard to set up AWK as GNU awk which is what
we want/need in the sb_printf test.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
| |
Some systems use sighandler_t while others use sig_t. Add a configure
check so that we can assume sighandler_t is always available.
URL: http://bugs.gentoo.org/259507
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Reported-by: Javier Villavicencio <the_paya@gentoo.org>
|
|
|
|
|
|
|
|
| |
Not everyone has the autoconf-archive package installed, so have the
autogen.sh script automatically update the local copies and include them
in the tree.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
| |
Since the main sandbox code maintains state with global variables (like
sbcontext), make sure we use a pthread mutex to prevent multiple threads
from corrupting each other. In the non-threaded case this shouldn't be
a problem as the C library provides redirection stubs in its own code.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
| |
In case we want to access a standard function unwrapped, create hidden
functions that do just that. This creates a standard for most functions
of the form sb_unwrapped_foo().
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
| |
Remove some of the ugly indirection in the WRAPPER_PRE_CHECKS() defines so
it operates like a normal C function -- much easier to work with those.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
| |
No point in saving/restoring the errno value if we don't make any C lib
function calls.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
| |
If the symbol lookup function failed, then we abort. If the lookup
worked, then errno is not touched. In either case, there is no need to
save/restore the errno value.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
| |
AC_CHECK_DECL will always create the relevant define and only differ in
the actual value (0 or 1).
URL: http://bugs.gentoo.org/258365
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Reported-by: Javier Villavicencio <the_paya@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
| |
The longest wrapped symbol name has hit the hard limit of 10 chars, so
rather than manually bump it up, calculate it on the fly with the awk
scripts.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
| |
The mknodat() symbol on glibc is rewritten to __xmknodat(), so we need to
wrap that and check for all of them in the check_access() code.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
| |
If lstat() worked, it won't clear errno for us, so we have to do it. Also
unify the error code paths.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
| |
No point to allocating cached_env_vars dynamically since we allocate it
once during init and it's only 4 pointers. Stick it into the bss instead.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
| |
The core libsandbox code was checking for ENAMETOOLONG when working with
getcwd() and doing the right thing, but it never passed this error back up
to the caller. This would make some tests (like the getcwd tests in many
gnulib/autotool based packages like coreutils) to keep on trying since it
did not detect the expected failure conditions. So now when we hit the
ENAMETOOLONG error, we pass this specific error back up to the caller.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
| |
As Maximilian points out, the internal memory funcs in libsandbox are
already called by the x*() type funcs which means error checking occurs at
the higher level. So we don't want to do it at the inner level either as
that will lose the real file/location where the memory allocation occured.
URL: http://bugs.gentoo.org/257179
Signed-off-by: Maximilian Grothusmann <maxi-gentoo@own-hero.de>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
| |
Since the autotest framework automatically creates private dirs for each
test, we don't need to do it ourself.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
| |
The sandbox.sh file is generated now, so do not mark it as a dist target.
To make this kind of error easier to figure out in the future, have all
sandbox errors related to files include the full filename that is causing
an error.
URL: http://bugs.gentoo.org/258690
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Reported-by: Alexis Ballier <aballier@gentoo.org>
|
|
|
|
|
|
|
| |
Not all systems implement the full range of functions we wrap, so we
shouldn't require them in the test suite either.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
| |
If the SIGHUP signal is already set to SIG_IGN, then do not replace it
with our own handler as most likely this means the user is using `nohup`.
As for the other signals, check the return value and warn if something
weird happens (like they aren't all set to SIG_DFL).
URL: http://bugs.gentoo.org/217898
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Reported-by: Ken Bloom <kbloom@gmail.com>
|
|
|
|
|
|
|
|
|
| |
Also fix common script execution code to remove debug "moo" string and
disable pointless sleep code in sandbox.
URL: http://bugs.gentoo.org/139591
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Reported-by: Ciaran McCreesh <ciaran.mccreesh@googlemail.com>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
| |
URL: http://bugs.gentoo.org/258365
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Reported-by: Dan Coats <admin@easyshellz.com>
|
|
|
|
|
|
|
|
|
| |
Make sure we source the local sandbox.{bashrc,conf} and we always make the
helper functions available when testing even if we aren't interactive. Now
we can run `make check` and test the local version of sandbox even when we
are running under another sandbox env.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
| |
Let real funcs do their magic even before predicted paths.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
| |
The optimize changes added after 1.3.2 were not entirely correct. The
sandbox /proc/self/fd check was changed to check for the dir itself rather
than allowing all paths that started with the dir. So let's comment more
about what's going on and fix it up.
URL: http://bugs.gentoo.org/257418
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Reported-by: Ryan Hill <dirtyepic@gentoo.org>
|
|
|
|
|
|
|
|
|
| |
The optimize changes added after 1.3.2 were not entirely correct. The
sandbox log dir check was changed to check for the dir itself rather than
blacklisting all paths that started with the dir. So let's comment more
about what's going on and fix it up.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
| |
Some helper scripts for automating git bisection, and add a test case for
/dev/fd/ regression.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
| |
A "typedef" was missing when declaring the sandbox_info_t struct resulting
in a large unused "sandbox_info_t" object showing up everywhere. Normally
this isn't a problem (other than resource waste), but some systems don't
like multiply defined objects even if they're in the .bss section.
URL: http://bugs.gentoo.org/258031
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Reported-by: Timo Kamph <timo@kamph.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
|
| |
A very common bug (apparently) is for .py[co] files to fall out of sync
with their .py source files. Rather than trigger a hard failure, let's
just whine about it. Once python itself gets sorted out, we can drop
this.
URL: http://bugs.gentoo.org/256953
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
| |
The size argument to backtrace() is the number of elements, not the number
of bytes.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
| |
Ignore symbols that are not functions, or do not have the proper binding
and/or visibility for us to override.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
| |
Some systems define psignal() in siginfo.h, so use it when available.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
| |
Support --version-script and -M flags for passing version scripts.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|