Commit message (Collapse)AuthorAgeFilesLines
* delete unused sandbox env varsMike Frysinger2013-02-245-19/+3
| | | | | | Nothing uses or cares about these vars, so punt them. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* environ: add a new is_env_var helper for checking var namesMike Frysinger2013-02-243-13/+16
| | | | | | | This is laying the ground work for processing more vars in the future than just LD_PRELOAD. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* environ: merge is_env_{on,off} into a single fileMike Frysinger2013-02-244-46/+46
| | | | | | Start a centralized place for environment related helper funcs. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* libsandbox: add some likely/unlikely settingsMike Frysinger2013-02-241-7/+5
| | | | Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* libsandbox: reject "" paths with *at funcs before checking the dirfd ↵Mike Frysinger2013-02-241-0/+34
| | | | | | | | | | | | | | [missing file] When it comes to processing errors, an empty path is checked before an invalid dirfd. Make sure sandbox matches that behavior for the random testsuites out there that look for this. Forgot to `git add` in the previous commit :/. URL: https://bugs.gentoo.org/346929 Reported-by: Marien Zwart <marienz@gentoo.org> Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* libsandbox: reject "" paths with *at funcs before checking the dirfdMike Frysinger2012-12-2411-35/+44
| | | | | | | | | | When it comes to processing errors, an empty path is checked before an invalid dirfd. Make sure sandbox matches that behavior for the random testsuites out there that look for this. URL: https://bugs.gentoo.org/346929 Reported-by: Marien Zwart <marienz@gentoo.org> Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* libsandbox: handle open(O_NOFOLLOW)Mike Frysinger2012-12-245-1/+14
| | | | | | | | | We don't check for O_NOFOLLOW in the open wrappers, so we end up returning the wrong error when operating on broken symlinks. URL: https://bugs.gentoo.org/413441 Reported-by: Marien Zwart <marienz@gentoo.org> Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* tests: expand usage stringsMike Frysinger2012-12-2429-36/+70
| | | | | | | Makes it easier to quickly figure out how to run a helper test without having to resort to existing usage or the code itself. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* libsandbox: fall back to tracing set*id programsMike Frysinger2012-12-241-5/+18
| | | | | | | | | | | | | | If we are non-root and run a set*id program, the ldso will ignore our LD_PRELOAD (rightly so). Unfortunately, this opens up the ability to run set*id apps that modify things and sandbox cannot catch it. Instead, force ptracing of these ELFs. While the kernel will disallow the set*id aspect when running, for the most part, that shouldn't be a problem if it was already safe. URL: http://bugs.gentoo.org/442172 Reported-by: Nikoli <nikoli@lavabit.com> Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* sb_gdb: improve gdb integrationMike Frysinger2012-12-245-20/+80
| | | | | | | | | | | | | | | | Add a dedicated entry point for connecting gdb to make it easy to connect gdb at arbitrary points (ala printf style debugging). This also smooths a lot of the common steps when automatically launching gdb such as making sure the process is closer to the crash point when the user takes over control of gdb. Finally, switch to using clone rather than fork since the latter relies on the C lib's fork which implicitly can grab locks. If we're crashing in the middle of a func that already holds those locks, the fork call will hang indefinitely on us. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* sb_efuncs: fix usage of portage handlersMike Frysinger2012-12-241-7/+17
| | | | | | | | | | | | | | | | | | | | The previous change forgot to actually enable the portage helpers. This meant violation output would always get sent to /dev/tty rather than to portage's logging facilities. Enable the helper logic while also fixing a logic error with va_args (you can't re-use the same va_args). Also, in order to use these with code that watches over SIGCHLD via sigaction, we need to use sigaction ourselves to ignore that signal. This might be racy with threaded apps that fork & watch SIGCHLD. Testing in the larger world will show whether we need to revisit how we communicate with the PM. URL: http://bugs.gentoo.org/431638 Reported-by: Michael Weiser <michael@weiser.dinsnail.net> Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* sandbox: allow log files to fallback to tmpdirMike Frysinger2012-12-244-12/+19
| | | | | | | | Since non-root users typically do not have write access to /var/log, allow it to fallback to standard tmpdirs. This makes testing locally a lot easier. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* sb_efunc: deleteMike Frysinger2012-12-241-25/+0
| | | | | | Completely unused. GOOD BYE. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* tests: disable tostop on controlling terminalMike Frysinger2012-11-261-0/+3
| | | | | | | If this flag is set, then the tests get all hung up. Clear it in case someone has it active on their terminal. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* update ax_*.m4 files from upstreamMike Frysinger2012-11-266-1/+462
| | | | Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* sb_efuncs: fix NOCOLOR handlingMike Frysinger2012-11-231-2/+5
| | | | | | | Need to set the colors to "" rather than NULL so we don't print out "(null)" where the colors normally would be. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* require at least automake 1.12Mike Frysinger2012-11-232-6/+6
| | | | | | Keeps me from chasing down warnings that differ between 1.11 and 1.12. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* sandbox.desktop: drop .svg from Icon fieldMike Frysinger2012-11-171-1/+1
| | | | | | URL: http://bugs.gentoo.org/443672 Reported-by: Petteri Räty <betelgeuse@gentoo.org> Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* add a configure option to control pch usageMike Frysinger2012-11-172-8/+29
| | | | | | | | | Mostly for testing purposes. This also tweaks the dependency to fix a warning when generating the headers.h.pch in subdirs when the toplevel headers.h.pch already exists. URL: http://bugs.gentoo.org/425524 Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* require at least automake 1.11.6Mike Frysinger2012-11-171-1/+1
| | | | | | We use AM_PROG_AR which was added after 1.11.1 at some point. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* fix generating autotools when no autoconf-archive is missingMike Frysinger2012-11-171-1/+1
| | | | | | Make sure lm4s is an array even when unset. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* libsandbox: use process_vm_readv if availableMike Frysinger2012-08-123-0/+31
| | | | | | | Should speed up loading of strings from remote processes as we only have to do (usually) one syscall to extract the whole string in one shot. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* libsandbox: fix hppa trace codeMike Frysinger2012-07-061-2/+2
| | | | | | URL: https://bugs.gentoo.org/425062 Reported-by: Jeroen Roovers <jer@gentoo.org> Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* bump to sandbox-2.7Mike Frysinger2012-07-031-1/+1
| | | | Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* libsandbox: add x32 ABI supportv2.6Mike Frysinger2012-07-037-12/+78
| | | | | | | | | | | We can trace x32 when the host is x86_64 or x32, but x32 cannot trace x86_64 due to limitations in the kernel interface -- all pointers get truncated to 32bits. We'll have to add external ptrace helpers in the future to make this work, but for now, we'll just let x86_64 code run unchecked :(. URL: https://bugs.gentoo.org/394179 Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* libsandbox: migrate to get/set regs interface for everyoneMike Frysinger2012-07-039-103/+80
| | | | | | | | | | Newer ports (like x32) limit what is available via the peek/poke user interface, and instead are pushing people to use the single get/set regs interface. Since this also simplifies the code a bit (by forcing all ports to use this), and cuts down on the number of syscalls that we have to make, switch everyone over to it. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* include stdint.h/inttypes.h tooMike Frysinger2012-07-032-0/+8
| | | | | | These contain useful defines which we sometimes want to leverage. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* precompile headers.h to speed up build slightlyMike Frysinger2012-07-039-13/+39
| | | | | | | Since all system headers are included by way of headers.h, we can pre-compile this to speed up the build up a bit. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* sb_printf: expand feature set slightly and fix testingMike Frysinger2012-07-024-14/+52
| | | | | | | | | | This adds support for signed ll, unsigned z, l, and ll, hex l, and ll, ignores the # for hex output since this is what we do implicitly already. As for testing, looks like during the autogeneration of testsuite.list.at, the sb_printf test was lost. Restore it so it gets run again. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* tests: enable color/parallel by defaultMike Frysinger2012-06-242-0/+3
| | | | Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* libsandbox: do not leak file handles from tracing checksMike Frysinger2012-06-231-3/+7
| | | | | | | Make sure we use O_CLOEXEC, and clean things up before forking off a tracing process. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* libsandbox: regenerate trace headers when autotools changeMike Frysinger2012-06-231-1/+1
| | | | | | | | | If you re-run configure with different settings, the trace headers might be out of date. Have the generated headers depend on the Makefile so that when this situation does come up, we force sanity. This step is fairly quick, so shouldn't be a big deal. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* libsandbox: handle broken kernel headersMike Frysinger2012-06-232-0/+13
| | | | | | | | Sometimes the struct in asm/ptrace.h is too small for what the kernel actually writes. Check to see which struct is larger (the one that the kernel declares or the C library declares), and use that. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* libsandbox: kill off SB_MEM_DEBUGMike Frysinger2012-06-231-17/+0
| | | | | | | | The mcheck/mtrace logic assumes we're using glibc's memory allocator, but that hasn't been true for sometime (we use our own based on mmap and such), so this code no longer serves a purpose. Punt it. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* significantly overhaul output helpersMike Frysinger2012-06-2324-315/+415
| | | | | | | | | | | | | | | | | | | | There are a few major points we want to hit here: - have all output from libsandbox go through portage helpers when we are in the portage environment so that output is properly logged - convert SB_E{info,warn,error} to sb_e{info,warn,error} to match style of other functions and cut down on confusion - move all abort/output helpers to libsbutil so it can be used in all source trees and not just by libsandbox - migrate all abort points to the centralized sb_ebort helper Unfortunately, it's not terribly easy to untangle these into separate patches, but hopefully this shouldn't be too messy as much of it is mechanical: move funcs between files, and change the name of funcs that get called. URL: http://bugs.gentoo.org/278761 Reported-by: Mounir Lamouri <volkmar@gentoo.org> Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* use m4_flatten to make multiline lists easier to handleMike Frysinger2012-06-231-95/+95
| | | | Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* TODO: drop old entries, and add logging onesMike Frysinger2012-06-231-6/+4
| | | | Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* tests: always bubble up exit code regardless of log existenceMike Frysinger2012-06-2319-40/+21
| | | | | | | | | | | | To simplify testing, do not mung exit(0) to exit(1) just because the log file exists. In many of our tests, we will be doing things to generate a log file, but we explicitly test for exit values ourselves. This is also needed to make log file handling more resilient where we get the name at startup, but don't allow live env changes after that. The changing of the log name to sb.log on the fly no longer works. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* tests: move disabling of sandbox verbose to common initMike Frysinger2012-06-235-4/+2
| | | | | | | | Since none of our tests care about the verbose output, move the disable to a common location so we don't have to do it on a more fine grained basis. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* libsandbox: create more defines for gcc attributesMike Frysinger2012-06-233-6/+8
| | | | Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* update ax_*.m4 files from upstreamMike Frysinger2012-06-236-180/+178
| | | | Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* sandbox: drop beep supportMike Frysinger2012-06-235-25/+1
| | | | | | | | Almost no one has beep support turned on anymore, and ebeep in the main tree has been deprecated (meaning it wasn't found useful while building packages). So punt support for it from sandbox too. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* libsandbox: add uninstall target to fix distcheckMike Frysinger2012-06-231-0/+4
| | | | | | Newer distcheck runs uninstall which is apparently broken. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* libsandbox: add missing close to logfile fdMike Frysinger2012-03-071-2/+5
| | | | | | When we log a lot, we end up leaking fd's, so make sure to clean them. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* libsandbox: mark internal fds with O_CLOEXECMike Frysinger2012-03-072-2/+6
| | | | | | We don't want to bleed these across forks/execs. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* tests: add static unlink testsMike Frysinger2012-03-064-0/+13
| | | | | | | | | Make sure that when we trace static apps, their bad syscalls don't get a chance to actually complete. URL: http://bugs.gentoo.org/406543 Reported-by: Marijn Schouten <hkbst@gentoo.org> Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* libsandbox: set syscall error rather than killing on violationsMike Frysinger2012-03-067-18/+65
| | | | | | | | | | | | | | | If we kill the app, then the syscall that we flagged as a violation will complete, and our entire purpose has failed -- to prevent modifications to the protected paths. Instead, set the syscall number to an invalid one, continue the syscall, then set the syscall return value (which will become the errno) after the syscall finishes. This way the bad syscall isn't actually executed, and we let the app continue to run like normal. URL: http://bugs.gentoo.org/406543 Reported-by: Marijn Schouten <hkbst@gentoo.org> Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* libsandbox: add likely/unlikely supportMike Frysinger2012-03-061-0/+3
| | | | Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* libsandbox: push down constructor initMike Frysinger2012-03-054-49/+8
| | | | | | | | | | | | | | Since every consumer of sb_open gets a copy of the sbio_open data, push the init of this into the .data section of the respective consumers to avoid the runtime overhead. This just leaves sandbox_lib setup in the constructor function, but that is only needed by the execve wrapper, so push down init of that to the existing sb_init logic which happens before our execve wrapper gets used. URL: http://bugs.gentoo.org/404013 Reported-by: Mike Gilbert <floppym@gentoo.org> Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* tests: note that testsuite.list.at is generatedMike Frysinger2012-03-051-1/+2
| | | | Signed-off-by: Mike Frysinger <vapier@gentoo.org>