blob: c8d1109078cedc9f8318cd3df0754b2a44a8728b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
try out tracing on *BSD and Solaris
trace static children of static children
cache results of filesystem checks
review erealpath vs realpath usage
wrappers for execl{,l,p} ... unfortunately, we'll probably have to basically
reimplement the functions (building up argv[] and then call the execv* ver)
erealpath() might deref symlinks when working with unreadable paths as non-root
even when working on funcs that do not deref funcs themselves ... this isnt a
real big issue though
threaded apps conflict with shared state:
- sandbox_lib
- sandbox_on
- trace_pid
- etc...
handle multiple processing writing to log simultaneously
- could move log to a fifo that the main sandbox process would consume
- not that big of a deal as log generally only gets written with failures
doesnt seem to work quite right:
echo $(./vfork-0 ./mkdir_static-0 2>&1)
handle env var modification inside of traced apps
messaging still needs a little work. consider:
- user is running as root
- user does `emerge foo`
- emerge's stderr is connected to root's tty
- FEATURES=userpriv is enabled so portage drops root
- sandbox starts up and sets message path to its stderr
- that path is owned by root only
- attempts to open it by path fail with permission denied
really only way around this would be to have sandbox set up
a named pipe in $T and set the message path to that. then
it would poll that for data and take care of writing it to
its open stderr.
|
GitWeb
