| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The erealpath function modifies the storage buffer given to it in place
and can misbehave if both the source and destination buffers point to the
same storage in memory. So fix the one case where we were doing this in
the canonicalize() function and add some run time checks to make sure this
doesn't crop up again.
URL: http://bugs.gentoo.org/292050
Reported-by: Hongjiu Zhang <voidprayer@gmail.com>
Reported-by: Fredric Johansson <johansson_fredric@hotmail.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
When tracing static processes, the original implementation included code
that would always swallow SIGCHLD. Much has changed since then, and it
doesn't seem to be needed anymore, and it is certainly breaking a few
packages. So drop it, add some tests, and if it causes a regression in
the future, we can look at it then (with an actual test case).
URL: http://bugs.gentoo.org/289963
Reported-by: Joeri Capens <joeri@capens.net>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
| |
URL: http://bugs.gentoo.org/293632
Reported-by: Raúl Porcel <armin76@gentoo.org>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
| |
People rarely use this, but all it takes is one lame package.
URL: http://bugs.gentoo.org/297684
Reported-by: Pacho Ramos <pacho@gentoo.org>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some packages that do library tricks like sandbox override the mmap()
symbols. If their implementation ends up calling functions that sandbox
has overridden, then we can easily hit an infinite loop.
sb-fopen -> sb-malloc -> external mmap -> sb-open -> whoops!
So for the internal memory functions, make sure we call directly to the
C library's mmap() functions. This way our internal memory implementation
should be free from external forces.
URL: http://bugs.gentoo.org/290249
Reported-by: Diego E. Pettenò <flameeyes@gentoo.org>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
The commit 0a539b142f24 tried to fix RTLD_NEXT issues seen under certain
kernel/glibc combos, but in reality all it did was force dlopening of the
C library for every symbol lookup. So rewrite the code to handle things
on the fly as needed -- if RTLD_NEXT returned a bum symbol, load the C
library and try again.
URL: http://bugs.gentoo.org/202765
URL: http://bugs.gentoo.org/206678
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
| |
The ptrace code skipped one too many arguments when decoding the utimensat
syscall which caused random utils to fail with garbage paths.
URL: http://bugs.gentoo.org/288227
Reported-by: RB <aoz.syn@gmail.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When attempting to access anonymous pipes/sockets/etc..., we should let
the access go through rather than rejecting the patch because we aren't
able to access it. There is no backing file after all which means there
is nothing for sandbox to check against.
While this was noticed with an anonymous pipe, the logic applies to any
anonymous fd such as sockets or whatever the kernel throws at us.
URL: http://bugs.gentoo.org/288863
Reported-by: Marcin Mirosław <bug@mejor.pl>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
| |
The SB_WRITE() macro makes using sb_write() confusing, so convert the two
small users and kill it off.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
| |
The autotool build system already adds PIC where needed, so don't force
our own -D/-f options.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
| |
For systems that lack *at() funcs, make sure we still include the
pre-checks as we use these functions in the non-at version.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
| |
This should fix building on really on Linux systems.
URL: http://bugs.gentoo.org/255019
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Reported-by: Jeremy Olexa <darkside@gentoo.org>
|
|
|
|
|
|
|
| |
The code that tries to recover from unreadable paths relies on relative
access to the paths in question, and we can't rely on that when tracing.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
| |
The utimensat() function can operate on file fd's directly when the path
is NULL, not just relative directory fd's. So tackle that use case.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
| |
If the user has core dumping enabled, then we may get a dump notice from
the traced child. Since this is fine by us, let it go through.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
|
| |
The normal wrapped functions go through some "pre checks" where certain
normal conditions are not flagged as problematic. The static tracing
lacked those pre checks though.
URL: http://bugs.gentoo.org/265885
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Reported-by: Daniel Robbins <drobbins@funtoo.org>
|
|
|
|
|
|
| |
URL: http://bugs.gentoo.org/271260
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Reported-by: T Chan <something-bz@sodium.serveirc.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
If we receive a notice that the child got a signal we don't care about,
make sure we tell it to continue on with the signal info so we don't go
filtering all signals the child may receive. Otherwise we break test code
like that in glibc which exercises the ability of a child to catch and
process signals properly.
URL: http://bugs.gentoo.org/265072
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Reported-by: Nick Fortino <nfortino@gmail.com>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
| |
Some arches (like ia64) return ERANGE for too long path names, so accept
that as the same way we accept ENAMETOOLONG. The BSDs also seem to do
this, so they'll get fixed as well.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
| |
No need to regen symbols.h every time a wrapper file is updated. Automake
will take care of dependencies and rebuild wrappers.c as needed.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
|
| |
To keep with the x* conventions, the xstrdup() func should point to the
local strdup func. This is because glibc itself may define strdup() to
something that prevents us from wrapping it safely.
URL: http://bugs.gentoo.org/265098
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Reported-by: Stelian Ionescu <stelian.ionescu-zeus@poste.it>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Classic example of forks being used in multithreaded applications and
causing havoc with shared state (locks in this case). Make sure that
threads grabbing the sandbox lock don't screw up threads that do a fork
and then exec.
URL: http://bugs.gentoo.org/263657
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Reported-by: Ryan Hope <rmh3093@gmail.com>
|
|
|
|
|
|
|
|
|
|
| |
The make program likes to vfork() when running programs, so if it vforks
and runs a static binary, we need to make sure we clean up state in the
child so as to not make the parent angry.
URL: http://bugs.gentoo.org/264478
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Reported-by: Paul Mulders <info@mld.demon.nl>
|
|
|
|
|
|
|
|
| |
If an exec func is used that searches $PATH, we need to do the search as
well so that we don't miss out on binaries or denied locations that are
run without a full path.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
| |
If we're tracing a proc and it dies while checking a func, just back out
cleanly since it isn't like it can cause a violation at that point.
URL: http://bugs.gentoo.org/264478
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Reported-by: Paul Mulders <info@mld.demon.nl>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
| |
The code attempted to account for the PEEK requests returning -1 in the
normal case via errno, but the logic was incorrect. This ended up
flagging some successful ptrace() calls when the data returned was -1.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
| |
Some hardened systems disable /proc/#/ access when the process in question
is not owned by the current user.
URL: http://bugs.gentoo.org/264476
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Reported-by: Andreas Westin <forsaken@forsaken.se>
|
|
|
|
|
|
|
|
|
| |
Initial support for tracing non-default personalities. For example,
tracing a 32bit binary from a 64bit environment.
URL: http://bugs.gentoo.org/264399
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Reported-by: Patrick Lauer <patrick@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
When trying to deal with simple paths like ".." in an unreadable tree,
the realpath code would scan back too far with pointers and crash.
mkdir -p a/b
cd a/b
chmod a-rx ..
ls ..
<boom>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
| |
Looks like I made a typo when adding support for ptrace.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
| |
Ignore SIGCHLD (in case the static app made some children), and in the
case of unknown signals, simply warn rather than aborting so more stuff
"just works" (well, ignoring the additional warnings).
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
| |
Some code expect that when an *at() func is given a bad fd, the errno
value be set to EBADF (like glibc). So convert some of the common errno
values of failed readlink() to what would have gone down if we called the
actual *at() function.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
| |
Add some more *at functions to the main checking code.
URL: http://bugs.gentoo.org/264320
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Reported-by: Harald van Dijk <truedfx@gentoo.org>
|
|
|
|
|
|
| |
Handle /proc differences (fd/cmdline/etc...) across systems.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
| |
Break out most of the QA static ELF warning code into a new eqawarn()
func. This way we can handle dynamic stuff like calling portage's eqawarn
func to handle dirty details like logging.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|