| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
| |
We can trace x32 when the host is x86_64 or x32, but x32 cannot trace
x86_64 due to limitations in the kernel interface -- all pointers get
truncated to 32bits. We'll have to add external ptrace helpers in the
future to make this work, but for now, we'll just let x86_64 code run
unchecked :(.
URL: https://bugs.gentoo.org/394179
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are a few major points we want to hit here:
- have all output from libsandbox go through portage helpers when we are
in the portage environment so that output is properly logged
- convert SB_E{info,warn,error} to sb_e{info,warn,error} to match style
of other functions and cut down on confusion
- move all abort/output helpers to libsbutil so it can be used in all
source trees and not just by libsandbox
- migrate all abort points to the centralized sb_ebort helper
Unfortunately, it's not terribly easy to untangle these into separate
patches, but hopefully this shouldn't be too messy as much of it is
mechanical: move funcs between files, and change the name of funcs
that get called.
URL: http://bugs.gentoo.org/278761
Reported-by: Mounir Lamouri <volkmar@gentoo.org>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The previous commit (libsandbox: handle dirfd in mkdir/open/unlink *at
prechecks) left a sizeof() in place but unfortunately no longer held the
same meaning. In previous code, the function had access to the buffer
decl and so could get the byte count. In the new code, the function has
access to the pointer only. So sizeof() now wrongly returns the size of
pointers rather than the length of the buffer.
Extend the new helper function to take the length of the buffer it is
given to fix this issue.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
|
| |
Ignoring the dirfd hasn't been a problem in the past as people weren't
really using it, but now that core packages are (like tar), we need to
handle things properly.
URL: http://bugs.gentoo.org/342983
Reported-by: Xake <xake@rymdraket.net>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some packages that do library tricks like sandbox override the mmap()
symbols. If their implementation ends up calling functions that sandbox
has overridden, then we can easily hit an infinite loop.
sb-fopen -> sb-malloc -> external mmap -> sb-open -> whoops!
So for the internal memory functions, make sure we call directly to the
C library's mmap() functions. This way our internal memory implementation
should be free from external forces.
URL: http://bugs.gentoo.org/290249
Reported-by: Diego E. Pettenò <flameeyes@gentoo.org>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
| |
Some arches (like ia64) return ERANGE for too long path names, so accept
that as the same way we accept ENAMETOOLONG. The BSDs also seem to do
this, so they'll get fixed as well.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
|
| |
To keep with the x* conventions, the xstrdup() func should point to the
local strdup func. This is because glibc itself may define strdup() to
something that prevents us from wrapping it safely.
URL: http://bugs.gentoo.org/265098
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Reported-by: Stelian Ionescu <stelian.ionescu-zeus@poste.it>
|
|
|
|
|
|
|
|
|
|
|
| |
Classic example of forks being used in multithreaded applications and
causing havoc with shared state (locks in this case). Make sure that
threads grabbing the sandbox lock don't screw up threads that do a fork
and then exec.
URL: http://bugs.gentoo.org/263657
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Reported-by: Ryan Hope <rmh3093@gmail.com>
|
|
|
|
|
|
|
|
|
|
| |
The make program likes to vfork() when running programs, so if it vforks
and runs a static binary, we need to make sure we clean up state in the
child so as to not make the parent angry.
URL: http://bugs.gentoo.org/264478
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Reported-by: Paul Mulders <info@mld.demon.nl>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
| |
Break out most of the QA static ELF warning code into a new eqawarn()
func. This way we can handle dynamic stuff like calling portage's eqawarn
func to handle dirty details like logging.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
| |
Dump symbols before we abort and if SANDBOX_GDB is enabled in the env,
automatically launch & attach gdb to the crashing setup.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Make sure we handle edge cases that involve symlinks and functions that
operate on symlinks. This includes newer style *at functions that can go
between operating on symlinks and operating on the linked files, and on
symlinks to files that live in explicitly denied paths.
URL: http://bugs.gentoo.org/254914
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Reported-by: Mike Auty <ikelos@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
| |
Rather than doing a buttload of strcmp's on function names, use integers.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
| |
Since all FUNCTION_SANDBOX_SAFE() need to pass up the func name, push the
usage into the macro itself rather than every wrapper file.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
| |
URL: http://bugs.gentoo.org/174233
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Reported-by: Zhixu Liu <zhixu.liu@gmail.com>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
| |
appropriate.
Signed-off-by: Martin Schlemmer <azarah@gentoo.org>
|
|
|
|
|
|
| |
libsbutil.
Signed-off-by: Martin Schlemmer <azarah@gentoo.org>
|
|
Signed-off-by: Martin Schlemmer <azarah@gentoo.org>
|