├── .github └── workflows │ └── build-test-ci.yml ├── .gitignore ├── AUTHORS ├── COPYING ├── ChangeLog.0 ├── INSTALL ├── Makefile.am ├── NEWS ├── README.md ├── TODO ├── autogen.sh ├── configure.ac ├── data ├── sandbox.bashrc ├── sandbox.desktop └── sandbox.svg ├── etc ├── sandbox.conf └── sandbox.d │ └── 00default.in ├── headers.h ├── libsandbox ├── Makefile ├── libsandbox.c ├── libsandbox.h ├── local.mk ├── lock.c ├── memory.c ├── pre_check_mkdirat.c ├── pre_check_unlinkat.c ├── realpath.c ├── sb_nr.h.in ├── symbols.h.in ├── trace.c ├── trace │ ├── common.c │ ├── linux │ │ ├── aarch64.c │ │ ├── alpha.c │ │ ├── arch.c │ │ ├── arm.c │ │ ├── bfin.c │ │ ├── common.c │ │ ├── hppa.c │ │ ├── i386.c │ │ ├── ia64.c │ │ ├── powerpc.c │ │ ├── s390.c │ │ ├── sparc.c │ │ ├── syscall_info.c │ │ └── x86_64.c │ └── os.c ├── wrapper-funcs │ ├── __futimesat64.c │ ├── __futimesat_time64.c │ ├── __lutimes64.c │ ├── __lutimes_time64.c │ ├── __open64_2.c │ ├── __open_2.c │ ├── __openat64_2.c │ ├── __openat_2.c │ ├── __utime64.c │ ├── __utimensat64.c │ ├── __utimensat_time64.c │ ├── __utimes64.c │ ├── __utimes_time64.c │ ├── __wrapper_exec.c │ ├── __wrapper_simple.c │ ├── __xmknod.c │ ├── __xmknodat.c │ ├── _xmknod.c │ ├── access.c │ ├── chmod.c │ ├── chown.c │ ├── creat.c │ ├── creat64.c │ ├── execv.c │ ├── execve.c │ ├── execveat.c │ ├── execvp.c │ ├── execvpe.c │ ├── faccessat.c │ ├── fchmod.c │ ├── fchmodat.c │ ├── fchown.c │ ├── fchownat.c │ ├── fexecve.c │ ├── fopen.c │ ├── fopen64.c │ ├── fork.c │ ├── futimesat.c │ ├── getcwd.c │ ├── lchown.c │ ├── link.c │ ├── linkat.c │ ├── lremovexattr.c │ ├── lsetxattr.c │ ├── lutimes.c │ ├── mkdir.c │ ├── mkdirat.c │ ├── mkdtemp.c │ ├── mkfifo.c │ ├── mkfifoat.c │ ├── mknod.c │ ├── mknodat.c │ ├── mkostemp.c │ ├── mkostemp64.c │ ├── mkostemps.c │ ├── mkostemps64.c │ ├── mkstemp.c │ ├── mkstemp64.c │ ├── mkstemps.c │ ├── mkstemps64.c │ ├── open.c │ ├── open64.c │ ├── openat.c │ ├── openat64.c │ ├── opendir.c │ ├── popen.c │ ├── remove.c │ ├── removexattr.c │ ├── rename.c │ ├── renameat.c │ ├── renameat2.c │ ├── rmdir.c │ ├── setxattr.c │ ├── symlink.c │ ├── symlinkat.c │ ├── system.c │ ├── truncate.c │ ├── truncate64.c │ ├── unlink.c │ ├── unlinkat.c │ ├── utime.c │ ├── utimensat.c │ ├── utimes.c │ └── vfork.c ├── wrappers.c └── wrappers.h ├── libsbutil ├── Makefile ├── environment.c ├── get_sandbox_conf.c ├── get_sandbox_confd.c ├── get_sandbox_lib.c ├── get_sandbox_log.c ├── get_sandbox_rc.c ├── get_tmp_dir.c ├── include │ └── rcscripts │ │ ├── rcutil.h │ │ └── util │ │ ├── config.h │ │ ├── debug.h │ │ ├── dynbuf.h │ │ ├── file.h │ │ ├── str_list.h │ │ └── string.h ├── local.mk ├── sb_backtrace.c ├── sb_efuncs.c ├── sb_gdb.c ├── sb_memory.c ├── sb_method.c ├── sb_open.c ├── sb_printf.c ├── sb_proc.c ├── sb_read.c ├── sb_stat.c ├── sb_write.c ├── sb_write_fd.c ├── sbutil.h └── src │ ├── config.c │ ├── debug.c │ ├── dynbuf.c │ ├── file.c │ └── string.c ├── localdecls.h ├── m4 ├── ax_cflags_warn_all.m4 ├── ax_check_compile_flag.m4 ├── ax_check_link_flag.m4 ├── ax_compiler_vendor.m4 ├── ax_prepend_flag.m4 └── ax_require_defined.m4 ├── scripts ├── gen_symbol_header.awk ├── gen_symbol_version_map.awk └── gen_trace_header.awk ├── src ├── Makefile ├── environ.c ├── local.mk ├── namespaces.c ├── options.c ├── sandbox.c ├── sandbox.h └── sandbox.sh.in └── tests ├── Makefile ├── access-0.c ├── access-1.sh ├── access.at ├── atlocal.in ├── chmod-0.c ├── chmod-1.sh ├── chmod.at ├── chown-0.c ├── chown-1.sh ├── chown.at ├── creat-0.c ├── creat64-0.c ├── dlopen.c ├── execv-0.c ├── execv-1.sh ├── execv.at ├── execvp-0.c ├── faccessat-0.c ├── faccessat-1.sh ├── faccessat.at ├── faccessat_static-0.c ├── faccessat_static-1.sh ├── faccessat_static.at ├── fchmod-0.c ├── fchmod-1.sh ├── fchmod-2.sh ├── fchmod.at ├── fchmodat-0.c ├── fchmodat-1.sh ├── fchmodat.at ├── fchown-0.c ├── fchown-1.sh ├── fchown-2.sh ├── fchown.at ├── fchownat-0.c ├── fchownat-1.sh ├── fchownat-2.sh ├── fchownat.at ├── fopen-0.c ├── fopen64-0.c ├── futimesat-0.c ├── futimesat-1.sh ├── futimesat-2.sh ├── futimesat-3.sh ├── futimesat.at ├── get-group.c ├── get-user.c ├── getcwd-gnulib_tst.c ├── git-bisector.sh ├── lchown-0.c ├── lchown-1.sh ├── lchown.at ├── libsigsegv.at ├── libsigsegv_tst.c ├── link-0.c ├── link-1.sh ├── link.at ├── linkat-0.c ├── linkat-1.sh ├── linkat-2.sh ├── linkat.at ├── linkat_static-0.c ├── linkat_static-1.sh ├── linkat_static-2.sh ├── linkat_static.at ├── local.at ├── local.mk ├── lremovexattr-0.c ├── lsetxattr-0.c ├── lutimes-0.c ├── lutimes-1.sh ├── lutimes.at ├── malloc-0 ├── malloc-1.sh ├── malloc-2.sh ├── malloc.at ├── malloc_hooked_tst.c ├── malloc_mmap_tst.c ├── mkdir-0.c ├── mkdir-1.sh ├── mkdir-2.sh ├── mkdir-3.sh ├── mkdir.at ├── mkdir_static-0.c ├── mkdir_static-1.sh ├── mkdir_static.at ├── mkdirat-0.c ├── mkdirat-1.sh ├── mkdirat-2.sh ├── mkdirat-3.sh ├── mkdirat.at ├── mkdtemp-0.c ├── mkdtemp-1.sh ├── mkdtemp.at ├── mkfifo-0.c ├── mkfifo-1.sh ├── mkfifo.at ├── mkfifoat-0.c ├── mkfifoat-1.sh ├── mkfifoat.at ├── mknod-0.c ├── mknod-1.sh ├── mknod.at ├── mknodat-0.c ├── mknodat-1.sh ├── mknodat.at ├── mkostemp-0.c ├── mkostemp-1.sh ├── mkostemp.at ├── mkostemp64-0.c ├── mkostemp64-1.sh ├── mkostemp64.at ├── mkostemps-0.c ├── mkostemps-1.sh ├── mkostemps.at ├── mkostemps64-0.c ├── mkostemps64-1.sh ├── mkostemps64.at ├── mkstemp-0.c ├── mkstemp-1.sh ├── mkstemp.at ├── mkstemp64-0.c ├── mkstemp64-1.sh ├── mkstemp64.at ├── mkstemps-0.c ├── mkstemps-1.sh ├── mkstemps.at ├── mkstemps64-0.c ├── mkstemps64-1.sh ├── mkstemps64.at ├── open-0.c ├── open-1.sh ├── open-2.sh ├── open.at ├── open64-0.c ├── open_static-0.c ├── open_static-1.sh ├── open_static.at ├── openat-0.c ├── openat-1.sh ├── openat-2.sh ├── openat.at ├── openat64-0.c ├── openat_static-0.c ├── openat_static-1.sh ├── openat_static-2.sh ├── openat_static.at ├── opendir-0.c ├── opendir-1.sh ├── opendir.at ├── package.m4.in ├── pipe-fork_static_tst.c ├── pipe-fork_tst.c ├── remove-0.c ├── remove-1.sh ├── remove.at ├── removexattr-0.c ├── removexattr-1.sh ├── removexattr.at ├── rename-0.c ├── rename-1.sh ├── rename.at ├── renameat-0.c ├── renameat-1.sh ├── renameat-2.sh ├── renameat-3.sh ├── renameat.at ├── renameat2-0.c ├── renameat2-1.sh ├── renameat2-2.sh ├── renameat2-3.sh ├── renameat2.at ├── rmdir-0.c ├── rmdir-1.sh ├── rmdir-2.sh ├── rmdir.at ├── sb_printf.at ├── sb_printf_tst.c ├── sb_true.c ├── sb_true_static.c ├── script-0 ├── script-1.sh ├── script-10.sh ├── script-11.sh ├── script-12.sh ├── script-13.sh ├── script-14.sh ├── script-15.sh ├── script-16.sh ├── script-2.sh ├── script-3.sh ├── script-4.sh ├── script-5.sh ├── script-6.sh ├── script-7.sh ├── script-8.sh ├── script-9.sh ├── script.at ├── setxattr-0.c ├── setxattr-1.sh ├── setxattr.at ├── signal_static-0.c ├── signal_static-1.sh ├── signal_static.at ├── sigsuspend-zsh_static_tst.c ├── sigsuspend-zsh_tst.c ├── symlink-0.c ├── symlink-1.sh ├── symlink.at ├── symlinkat-0.c ├── symlinkat-1.sh ├── symlinkat-2.sh ├── symlinkat-3.sh ├── symlinkat.at ├── test-skel-0.c ├── tests.h ├── testsuite.at ├── trace-0 ├── trace-memory_static_tst.c ├── truncate-0.c ├── truncate64-0.c ├── unlink-0.c ├── unlink-1.sh ├── unlink.at ├── unlink_static-0.c ├── unlink_static-1.sh ├── unlink_static.at ├── unlinkat-0.c ├── unlinkat-1.sh ├── unlinkat-2.sh ├── unlinkat-3.sh ├── unlinkat-4.sh ├── unlinkat.at ├── utime-0.c ├── utimensat-0.c ├── utimensat-1.sh ├── utimensat-2.sh ├── utimensat-4.sh ├── utimensat.at ├── utimensat64-0.c ├── utimensat64-1.sh ├── utimensat64.at ├── utimensat64_static-0.c ├── utimensat64_static-1.sh ├── utimensat64_static.at ├── utimensat_static-0.c ├── utimensat_static-1.sh ├── utimensat_static-2.sh ├── utimensat_static.at ├── utimes-0.c ├── vfork-0.c ├── vfork-1.sh ├── vfork.at └── xattr-0 /.github/workflows/build-test-ci.yml: -------------------------------------------------------------------------------- 1 | # GitHub actions workflow. 2 | # https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions 3 | 4 | name: Build+Test CI 5 | 6 | on: [pull_request, push] 7 | 8 | jobs: 9 | glibc: 10 | strategy: 11 | matrix: 12 | cc: [gcc, clang] 13 | abi: [-m64, -m32] 14 | fail-fast: false 15 | runs-on: ubuntu-latest 16 | env: 17 | CC: ${{ matrix.cc }} ${{ matrix.abi }} 18 | steps: 19 | - name: Install dependencies 20 | run: | 21 | sudo apt-get update -qq 22 | sudo apt-get install build-essential gcc gcc-multilib clang automake autoconf autoconf-archive libtool pax-utils -qy 23 | 24 | - uses: actions/checkout@v4 25 | name: Checkout 26 | 27 | - name: Build 28 | run: | 29 | ./autogen.sh 30 | ./configure || { cat config.log; false; } 31 | make V=1 32 | make V=1 check || { cat tests/testsuite.log; false; } 33 | make V=1 distcheck 34 | 35 | musl: 36 | runs-on: ubuntu-latest 37 | strategy: 38 | matrix: 39 | platform: [linux/amd64, linux/386] 40 | container: 41 | image: alpine:latest 42 | options: --cap-add=SYS_PTRACE --platform=${{ matrix.platform }} 43 | steps: 44 | - name: Install dependencies 45 | run: apk add bash coreutils build-base automake autoconf autoconf-archive libtool pax-utils gawk sed 46 | 47 | - name: Checkout 48 | uses: taiki-e/checkout-action@v1 49 | 50 | - name: Build 51 | run: | 52 | ./autogen.sh 53 | ./configure || { cat config.log; false; } 54 | make V=1 55 | make V=1 check || { cat tests/testsuite.log; false; } 56 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | a.out 2 | *~ 3 | *.gch 4 | *.lo 5 | *.la 6 | *.o 7 | .deps 8 | .libs 9 | .dirstamp 10 | /Makefile 11 | /Makefile.in 12 | 13 | f 14 | f2 15 | 16 | *.save 17 | *.patch 18 | *.rej 19 | *.orig 20 | 21 | core 22 | .gdb_history 23 | .gdbinit 24 | 25 | /aclocal.m4 26 | /ar-lib 27 | /autom4te.cache/ 28 | /build/ 29 | /compile 30 | /config.cache 31 | /config.guess 32 | /config.log 33 | /config.status 34 | /config.sub 35 | /configure 36 | /configure.lineno 37 | /depcomp 38 | /install-sh 39 | /libtool 40 | /ltmain.sh 41 | /missing 42 | /sandboxconfig.h 43 | /sandboxconfig.h.in 44 | /stamp-h1 45 | 46 | /m4/libtool.m4 47 | /m4/ltoptions.m4 48 | /m4/ltsugar.m4 49 | /m4/ltversion.m4 50 | /m4/lt~obsolete.m4 51 | 52 | /ChangeLog 53 | /sandbox-*.tar* 54 | 55 | /etc/sandbox.d/00default 56 | 57 | /libsandbox/libsandbox.map 58 | /libsandbox/sb_nr.h 59 | /libsandbox/symbols.h 60 | /libsandbox/trace_syscalls*.h 61 | 62 | /src/sandbox 63 | /src/sandbox.sh 64 | 65 | /tests/*-0 66 | /tests/*_tst 67 | /tests/atconfig 68 | /tests/atlocal 69 | /tests/get-group 70 | /tests/get-user 71 | /tests/sb_true 72 | /tests/sb_true_static 73 | /tests/package.m4 74 | /tests/testsuite 75 | /tests/testsuite.dir/ 76 | /tests/testsuite.list 77 | /tests/testsuite.log 78 | -------------------------------------------------------------------------------- /AUTHORS: -------------------------------------------------------------------------------- 1 | authors, contributors, etc. 2 | listed in alphabetical order, but not a complete list 3 | 4 | Geert Bevin 5 | Nicholas Carpaski 6 | Mike Frysinger 7 | Brian Harring 8 | Brad House 9 | Ned Lud 10 | Martin Schlemmer 11 | Jason Stubbs 12 | 13 | Additional code from InstallWatch (not sure if it's still in use) 14 | Pancrazio `Ezio' de Mauro 15 | -------------------------------------------------------------------------------- /Makefile.am: -------------------------------------------------------------------------------- 1 | ACLOCAL_AMFLAGS = -I m4 2 | SIXTY_FOUR_FLAGS = -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64 3 | MAKEFLAGS = --no-print-directory 4 | AM_CPPFLAGS = \ 5 | -U_FILE_OFFSET_BITS -U_TIME_BITS \ 6 | $(SANDBOX_DEFINES) \ 7 | -I$(top_srcdir) 8 | 9 | confdir = $(sysconfdir) 10 | confddir = $(sysconfdir)/sandbox.d 11 | 12 | bin_PROGRAMS = 13 | check_PROGRAMS = 14 | dist_conf_DATA = etc/sandbox.conf 15 | confd_DATA = etc/sandbox.d/00default 16 | dist_pkgdata_DATA = data/sandbox.bashrc 17 | lib_LTLIBRARIES = 18 | noinst_LIBRARIES = 19 | 20 | CLEANFILES = 21 | DISTCLEANFILES = 22 | 23 | EXTRA_DIST = \ 24 | headers.h \ 25 | localdecls.h \ 26 | ChangeLog.0 \ 27 | data/sandbox.desktop \ 28 | data/sandbox.svg \ 29 | etc/sandbox.d/00default.in \ 30 | scripts/gen_symbol_version_map.awk \ 31 | scripts/gen_symbol_header.awk \ 32 | scripts/gen_trace_header.awk 33 | 34 | ChangeLog: 35 | touch ChangeLog 36 | 37 | dist-hook: 38 | set -e ; \ 39 | if [ -d "$(top_srcdir)/.git" ] ; then \ 40 | git --git-dir="$(top_srcdir)/.git" log > $(distdir)/ChangeLog ; \ 41 | elif [ ! -e "$(distdir)/ChangeLog" ] ; then \ 42 | if [ -e "$(top_srcdir)/ChangeLog" ] ; then \ 43 | cp "$(top_srcdir)/ChangeLog" "$(distdir)/ChangeLog" ; \ 44 | else \ 45 | touch "$(distdir)/ChangeLog" ; \ 46 | fi ; \ 47 | fi 48 | 49 | include libsandbox/local.mk 50 | include libsbutil/local.mk 51 | include src/local.mk 52 | include tests/local.mk 53 | 54 | DISTCLEANFILES += $(CLEANFILES) 55 | -------------------------------------------------------------------------------- /NEWS: -------------------------------------------------------------------------------- 1 | blah, read the ChangeLog 2 | -------------------------------------------------------------------------------- /autogen.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | 3 | # we'll generate ChangeLog when doing `make dist` 4 | touch ChangeLog 5 | 6 | # avoid ugly warnings due to mismatch between local libtool and 7 | # whatever updated version is on the host 8 | rm -f m4/*.m4 9 | 10 | # not everyone has dev-build/autoconf-archive installed 11 | has() { [[ " ${*:2} " == *" $1 "* ]] ; } 12 | import_ax() { 13 | local macro content m4 found lm4s=() 14 | content=$(sed -e '/^[[:space:]]*#/d' -e 's:\.*::' "$@") 15 | for macro in $(echo "${content}" | grep -o '\' | sort -u) ; do 16 | if ! found=$(grep -rl "AC_DEFUN(\[${macro}\]" /usr/share/aclocal/) ; then 17 | echo "error: ${macro}: unable to locate m4 definition" 18 | exit 1 19 | fi 20 | for m4 in ${found} ; do 21 | if ! has ${m4} "${m4s[@]}" "${lm4s[@]}" ; then 22 | echo "$*: ${macro}: ${m4}" 23 | lm4s+=( ${m4} ) 24 | fi 25 | done 26 | done 27 | if [[ ${#lm4s[@]} -gt 0 ]] ; then 28 | cp -v `printf '%s\n' ${lm4s[@]} | sort -u` m4/ 29 | m4s+=( "${lm4s[@]}" ) 30 | fi 31 | } 32 | m4s=() 33 | import_ax configure.ac 34 | curr=1 35 | new=0 36 | while [[ ${curr} -ne ${new} ]] ; do 37 | curr=${#m4s[@]} 38 | import_ax m4/ax_*.m4 39 | new=${#m4s[@]} 40 | done 41 | 42 | autoreconf -i -f 43 | 44 | if [[ -x ./test.sh ]] ; then 45 | exec ./test.sh "$@" 46 | fi 47 | -------------------------------------------------------------------------------- /data/sandbox.desktop: -------------------------------------------------------------------------------- 1 | [Desktop Entry] 2 | Version=1.0 3 | Name=sandbox 4 | Type=Application 5 | Comment=launch a sandboxed shell ... useful for debugging ebuilds 6 | Exec=sandbox 7 | TryExec=sandbox 8 | Icon=sandbox 9 | Categories=Development; 10 | Terminal=true 11 | -------------------------------------------------------------------------------- /etc/sandbox.d/00default.in: -------------------------------------------------------------------------------- 1 | # Default configuration for non-set values 2 | # 3 | # As stated in sandbox.conf, any value in here do not get used if the variable 4 | # is already present in the environment. All rules of the ACCESS Section 5 | # applies here. 6 | # 7 | # Also note that SANDBOX_WORKDIR is a special variable that is just set if 8 | # sandbox is run interactive (ie, no commandline options), and points to the 9 | # current directory. 10 | 11 | # Normally the whole filesystem should be readable 12 | SANDBOX_READ="/" 13 | 14 | # Finally add current directory if interactive 15 | SANDBOX_WRITE="${SANDBOX_WORKDIR}" 16 | # Needed for configure tests 17 | SANDBOX_WRITE="@prefix@/tmp/conftest:@prefix@/lib/conftest:@prefix@/lib32/conftest:@prefix@/lib64/conftest:@prefix@/tmp/cf:@prefix@/lib/cf:@prefix@/lib32/cf:@prefix@/lib64/cf" 18 | 19 | # Usually writes in /home should not cause violations 20 | SANDBOX_PREDICT="${HOME}" 21 | -------------------------------------------------------------------------------- /libsandbox/Makefile: -------------------------------------------------------------------------------- 1 | # Helper for developers. 2 | all libsandbox libsandbox.la: libsandbox/libsandbox.la ; 3 | clean: ; rm -f *.o *.l[ao] .libs/* 4 | %: ; $(MAKE) -C .. $@ 5 | -------------------------------------------------------------------------------- /libsandbox/lock.c: -------------------------------------------------------------------------------- 1 | /* lock.c - providing locking mechanisms 2 | * 3 | * Copyright 2009 Gentoo Foundation 4 | * Licensed under the GPL-2 5 | */ 6 | 7 | #include "headers.h" 8 | #include "libsandbox.h" 9 | 10 | #if defined(HAVE_PTHREAD_H) 11 | 12 | static pthread_mutex_t lock = PTHREAD_MUTEX_INITIALIZER; 13 | 14 | void sb_lock(void) 15 | { 16 | pthread_mutex_lock(&lock); 17 | } 18 | 19 | void sb_unlock(void) 20 | { 21 | pthread_mutex_unlock(&lock); 22 | } 23 | 24 | #elif defined(HAVE___SYNC_LOCK_TEST_AND_SET) 25 | 26 | static int lock = 0; 27 | 28 | void sb_lock(void) 29 | { 30 | while (__sync_lock_test_and_set(&lock, 1)) 31 | continue; 32 | } 33 | 34 | void sb_unlock(void) 35 | { 36 | __sync_lock_release(&lock); 37 | } 38 | 39 | #else 40 | # error no locking mech 41 | #endif 42 | -------------------------------------------------------------------------------- /libsandbox/pre_check_mkdirat.c: -------------------------------------------------------------------------------- 1 | /* 2 | * mkdir*() pre-check. 3 | * 4 | * Copyright 1999-2012 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #include "headers.h" 9 | #include "sbutil.h" 10 | #include "libsandbox.h" 11 | #include "wrappers.h" 12 | 13 | bool sb_mkdirat_pre_check(const char *func, const char *pathname, int dirfd) 14 | { 15 | save_errno(); 16 | 17 | if (sb_exists(dirfd, pathname, AT_SYMLINK_NOFOLLOW) >= 0) { 18 | errno = EEXIST; 19 | return false; 20 | } 21 | 22 | restore_errno(); 23 | 24 | return true; 25 | } 26 | -------------------------------------------------------------------------------- /libsandbox/pre_check_unlinkat.c: -------------------------------------------------------------------------------- 1 | /* 2 | * unlink*() pre-check. 3 | * 4 | * Copyright 1999-2012 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #include "headers.h" 9 | #include "sbutil.h" 10 | #include "libsandbox.h" 11 | #include "wrappers.h" 12 | 13 | bool sb_unlinkat_pre_check(const char *func, const char *pathname, int dirfd) 14 | { 15 | save_errno(); 16 | 17 | char canonic[PATH_MAX]; 18 | if (sb_realpathat(dirfd, pathname, canonic, sizeof(canonic), AT_SYMLINK_NOFOLLOW, false)) { 19 | if (!strcmp(canonic, "/dev/null") || !strcmp(canonic, "/dev/zero")) { 20 | errno = EACCES; 21 | sb_debug_dyn("EARLY FAIL: %s(%s): %s\n", 22 | func, canonic, strerror(errno)); 23 | return false; 24 | } 25 | } 26 | 27 | restore_errno(); 28 | 29 | return true; 30 | } 31 | -------------------------------------------------------------------------------- /libsandbox/sb_nr.h.in: -------------------------------------------------------------------------------- 1 | #define SB_NR_ACCESS_RD -1 2 | #define SB_NR_ACCESS_WR -2 3 | #define SB_NR_OPEN_RD -3 4 | #define SB_NR_OPEN_WR -4 5 | #define SB_NR_OPEN_RD_CREAT -5 6 | #define SB_NR_OPEN_WR_CREAT -6 7 | -------------------------------------------------------------------------------- /libsandbox/symbols.h.in: -------------------------------------------------------------------------------- 1 | # List of functions we wrap. 2 | # 3 | # Note that if the specific libc do not support some function, it 4 | # will not make it into symbols.h or libsandbox.map, so a non-issue. 5 | # 6 | # NB: Order is very important! For example, 'open()' should be 7 | # before 'creat()' as 'creat()' uses 'open()' ... 8 | 9 | chmod 10 | fchmod 11 | fchmodat 12 | chown 13 | fchown 14 | fchownat 15 | open 16 | __open_2 17 | openat 18 | __openat_2 19 | creat 20 | fopen 21 | lchown 22 | link 23 | linkat 24 | mkdir 25 | mkdirat 26 | opendir 27 | mknod 28 | mknodat 29 | _xmknod 30 | __xmknod 31 | __xmknodat 32 | mkfifo 33 | mkfifoat 34 | access 35 | faccessat 36 | faccessat2 37 | remove 38 | rename 39 | renameat 40 | renameat2 41 | rmdir 42 | symlink 43 | symlinkat 44 | truncate 45 | unlink 46 | unlinkat 47 | getcwd 48 | open64 49 | __open64_2 50 | openat64 51 | __openat64_2 52 | creat64 53 | fopen64 54 | truncate64 55 | mkdtemp 56 | mkostemp 57 | mkostemp64 58 | mkostemps 59 | mkostemps64 60 | mkstemp 61 | mkstemp64 62 | mkstemps 63 | mkstemps64 64 | #execl 65 | #execle 66 | #execlp 67 | execv 68 | execve 69 | execveat 70 | execvp 71 | execvpe 72 | fexecve 73 | system 74 | popen 75 | removexattr 76 | lremovexattr 77 | setxattr 78 | lsetxattr 79 | utime 80 | __utime64 81 | utimes 82 | __utimes64 83 | __utimes_time64 84 | utimensat 85 | __utimensat64 utimensat_time64 86 | __utimensat_time64 87 | futimesat 88 | __futimesat64 89 | __futimesat_time64 90 | lutimes 91 | __lutimes64 92 | __lutimes_time64 93 | fork 94 | vfork 95 | -------------------------------------------------------------------------------- /libsandbox/trace/common.c: -------------------------------------------------------------------------------- 1 | struct syscall_entry { 2 | const int nr, sys; 3 | const char *name; 4 | }; 5 | 6 | static int trace_get_sysnum(void *vregs); 7 | static long trace_raw_ret(void *vregs); 8 | static unsigned long trace_arg(void *vregs, int num); 9 | 10 | #ifndef SB_PERSONALITIES 11 | static const struct syscall_entry syscall_table[] = { 12 | #define S(s) { SB_SYS_##s, SB_NR_##s, #s }, 13 | #include "trace_syscalls.h" 14 | #undef S 15 | { SB_NR_UNDEF, SB_NR_UNDEF, NULL }, 16 | }; 17 | # define trace_check_personality(regs) syscall_table 18 | #endif 19 | -------------------------------------------------------------------------------- /libsandbox/trace/linux/aarch64.c: -------------------------------------------------------------------------------- 1 | #define trace_reg_ret regs[0] /* x0 */ 2 | 3 | #undef trace_get_regs 4 | static long trace_get_regs(void *vregs) 5 | { 6 | struct iovec iov_regs = { 7 | .iov_base = vregs, 8 | .iov_len = sizeof(trace_regs), 9 | }; 10 | return do_ptrace(PTRACE_GETREGSET, (void *)(uintptr_t)NT_PRSTATUS, &iov_regs); 11 | } 12 | 13 | #undef trace_set_regs 14 | static long trace_set_regs(void *vregs) 15 | { 16 | struct iovec iov_regs = { 17 | .iov_base = vregs, 18 | .iov_len = sizeof(trace_regs), 19 | }; 20 | return do_ptrace(PTRACE_SETREGSET, (void *)(uintptr_t)NT_PRSTATUS, &iov_regs); 21 | } 22 | 23 | static unsigned long trace_arg(void *vregs, int num) 24 | { 25 | trace_regs *regs = vregs; 26 | if (num < 7) 27 | return regs->regs[num - 1]; /* x0 - x5 */ 28 | else 29 | return -1; 30 | } 31 | 32 | static int trace_get_sysnum(void *vregs) 33 | { 34 | int nr; 35 | struct iovec iov_nr = { 36 | .iov_base = &nr, 37 | .iov_len = sizeof(nr), 38 | }; 39 | do_ptrace(PTRACE_GETREGSET, (void *)(uintptr_t)NT_ARM_SYSTEM_CALL, &iov_nr); 40 | return nr; 41 | } 42 | 43 | static void trace_set_sysnum(void *vregs, int nr) 44 | { 45 | struct iovec iov_nr = { 46 | .iov_base = &nr, 47 | .iov_len = sizeof(nr), 48 | }; 49 | do_ptrace(PTRACE_SETREGSET, (void *)(uintptr_t)NT_ARM_SYSTEM_CALL, &iov_nr); 50 | } 51 | -------------------------------------------------------------------------------- /libsandbox/trace/linux/alpha.c: -------------------------------------------------------------------------------- 1 | #define REG_R0 0 2 | #define REG_A0 16 3 | 4 | #define trace_reg_sysnum r0 5 | 6 | static unsigned long trace_arg(void *vregs, int num) 7 | { 8 | trace_regs *regs = vregs; 9 | if (num < 7) 10 | return *(®s->r16 + num - 1); 11 | else 12 | return -1; 13 | } 14 | 15 | static long do_peekuser(long offset) 16 | { 17 | return do_ptrace(PTRACE_PEEKUSER, (void *)offset, NULL); 18 | } 19 | 20 | static long do_pokeuser(long offset, long val) 21 | { 22 | return do_ptrace(PTRACE_POKEUSER, (void *)offset, (void *)val); 23 | } 24 | 25 | #undef trace_get_regs 26 | static long trace_get_regs(void *vregs) 27 | { 28 | trace_regs *regs = vregs; 29 | size_t i; 30 | regs->r0 = do_peekuser(REG_R0); 31 | for (i = 0; i < 7; ++i) 32 | *(®s->r16 + i) = do_peekuser(REG_A0 + i); 33 | return 0; 34 | } 35 | 36 | #undef trace_set_regs 37 | static long trace_set_regs(void *vregs) 38 | { 39 | trace_regs *regs = vregs; 40 | size_t i; 41 | do_pokeuser(REG_R0, regs->r0); 42 | for (i = 0; i < 7; ++i) 43 | do_pokeuser(REG_A0 + i, *(®s->r16 + i)); 44 | return 0; 45 | } 46 | 47 | static long trace_raw_ret(void *vregs) 48 | { 49 | trace_regs *regs = vregs; 50 | return regs->r16; 51 | } 52 | 53 | static void trace_set_ret(void *vregs, int err) 54 | { 55 | /* We set r19 here, but it looks like trace_set_regs does not sync that. 56 | * Remember that {r16..r31} == {a0..a15}, so when we write out {a0..a5}, 57 | * we also write out {r16..r21} -- a3 == r19. 58 | */ 59 | trace_regs *regs = vregs; 60 | regs->r0 = err; 61 | regs->r19 = -1; 62 | trace_set_regs(regs); 63 | } 64 | -------------------------------------------------------------------------------- /libsandbox/trace/linux/arch.c: -------------------------------------------------------------------------------- 1 | #include "common.c" 2 | 3 | /* Linux uses ptrace(). We require PTRACE_SETOPTIONS so the exec tracing logic 4 | * is sane. Otherwise we need a lot of arch-specific hacks to make it work. 5 | * This should be fine for linux-2.6+ versions. 6 | */ 7 | #if !defined(HAVE_PTRACE) || !defined(HAVE_SYS_PTRACE_H) || \ 8 | !defined(HAVE_SYS_USER_H) || !defined(PTRACE_SETOPTIONS) 9 | # define SB_NO_TRACE_ARCH 10 | #elif defined(__aarch64__) 11 | # include "aarch64.c" 12 | #elif defined(__alpha__) 13 | # include "alpha.c" 14 | #elif defined(__arm__) 15 | # include "arm.c" 16 | #elif defined(__bfin__) 17 | # include "bfin.c" 18 | #elif defined(__hppa__) 19 | # include "hppa.c" 20 | #elif defined(__i386__) 21 | # include "i386.c" 22 | #elif defined(__ia64__) 23 | # include "ia64.c" 24 | #elif defined(__powerpc__) 25 | # include "powerpc.c" 26 | #elif defined(__s390__) 27 | # include "s390.c" 28 | #elif defined(__sparc__) 29 | # include "sparc.c" 30 | #elif defined(__x86_64__) 31 | # include "x86_64.c" 32 | #elif defined(HAVE_STRUCT_PTRACE_SYSCALL_INFO) 33 | # include "syscall_info.c" 34 | #else 35 | # define SB_NO_TRACE_ARCH 36 | #endif 37 | 38 | #ifdef SB_NO_TRACE_ARCH 39 | # warning "trace: sorry, no support for your architecture" 40 | # define SB_NO_TRACE 41 | #else 42 | 43 | # ifdef trace_reg_sysnum 44 | static int trace_get_sysnum(void *vregs) 45 | { 46 | trace_regs *regs = vregs; 47 | return regs->trace_reg_sysnum; 48 | } 49 | static void trace_set_sysnum(void *vregs, long nr) 50 | { 51 | trace_regs *regs = vregs; 52 | regs->trace_reg_sysnum = nr; 53 | trace_set_regs(regs); 54 | } 55 | # endif 56 | 57 | # ifdef trace_reg_ret 58 | static long trace_raw_ret(void *vregs) 59 | { 60 | trace_regs *regs = vregs; 61 | return regs->trace_reg_ret; 62 | } 63 | static void trace_set_ret(void *vregs, int err) 64 | { 65 | trace_regs *regs = vregs; 66 | regs->trace_reg_ret = -err; 67 | trace_set_regs(regs); 68 | } 69 | # endif 70 | 71 | #endif 72 | -------------------------------------------------------------------------------- /libsandbox/trace/linux/arm.c: -------------------------------------------------------------------------------- 1 | #define trace_reg_ret ARM_r0 2 | 3 | static int trace_get_sysnum(void *vregs) 4 | { 5 | trace_regs *regs = vregs; 6 | return regs->ARM_r7; 7 | } 8 | static void trace_set_sysnum(void *vregs, long nr) 9 | { 10 | trace_regs *regs = vregs; 11 | regs->ARM_r0 = nr; 12 | trace_set_regs(regs); 13 | } 14 | 15 | static unsigned long trace_arg(void *vregs, int num) 16 | { 17 | trace_regs *regs = vregs; 18 | if (num < 7) 19 | return regs->uregs[num - 1]; 20 | else 21 | return -1; 22 | } 23 | -------------------------------------------------------------------------------- /libsandbox/trace/linux/bfin.c: -------------------------------------------------------------------------------- 1 | #define trace_reg_sysnum orig_p0 2 | #define trace_reg_ret r0 3 | 4 | static unsigned long trace_arg(void *vregs, int num) 5 | { 6 | trace_regs *regs = vregs; 7 | switch (num) { 8 | case 1: return regs->r0; 9 | case 2: return regs->r1; 10 | case 3: return regs->r2; 11 | case 4: return regs->r3; 12 | case 5: return regs->r4; 13 | case 6: return regs->r5; 14 | default: return -1; 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /libsandbox/trace/linux/common.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Some arches (like hppa) don't implement PTRACE_GETREGS, while others (like 3 | * sparc) swap the meaning of "addr" and "data. What a bunch of asshats. 4 | */ 5 | #define trace_get_regs(regs) do_ptrace(PTRACE_GETREGS, NULL, regs) 6 | #define trace_set_regs(regs) do_ptrace(PTRACE_SETREGS, NULL, regs) 7 | 8 | static int trace_errno(long err) 9 | { 10 | return (err < 0 && err > -4096) ? err * -1 : 0; 11 | } 12 | 13 | static long trace_result(void *vregs, int *error) 14 | { 15 | long sr = trace_raw_ret(vregs); 16 | *error = trace_errno(sr); 17 | return *error ? -1 : sr; 18 | } 19 | -------------------------------------------------------------------------------- /libsandbox/trace/linux/hppa.c: -------------------------------------------------------------------------------- 1 | #define trace_reg_sysnum gr[20] 2 | #define trace_reg_ret gr[28] 3 | 4 | static unsigned long trace_arg(void *vregs, int num) 5 | { 6 | trace_regs *regs = vregs; 7 | switch (num) { 8 | case 1: return regs->gr[26]; 9 | case 2: return regs->gr[25]; 10 | case 3: return regs->gr[24]; 11 | case 4: return regs->gr[23]; 12 | case 5: return regs->gr[22]; 13 | case 6: return regs->gr[21]; 14 | default: return -1; 15 | } 16 | } 17 | 18 | static long do_peekuser(long offset) 19 | { 20 | return do_ptrace(PTRACE_PEEKUSER, (void *)offset, NULL); 21 | } 22 | 23 | static long do_pokeuser(long offset, long val) 24 | { 25 | return do_ptrace(PTRACE_POKEUSER, (void *)offset, (void *)val); 26 | } 27 | 28 | #undef trace_get_regs 29 | static long trace_get_regs(void *vregs) 30 | { 31 | trace_regs *regs = vregs; 32 | size_t i; 33 | for (i = 20; i < 29; ++i) 34 | regs->gr[i] = do_peekuser(i * 4); 35 | return 0; 36 | } 37 | 38 | #undef trace_set_regs 39 | static long trace_set_regs(void *vregs) 40 | { 41 | trace_regs *regs = vregs; 42 | size_t i; 43 | for (i = 20; i < 29; ++i) 44 | do_pokeuser(i * 4, regs->gr[i]); 45 | return 0; 46 | } 47 | -------------------------------------------------------------------------------- /libsandbox/trace/linux/i386.c: -------------------------------------------------------------------------------- 1 | #undef _trace_possible 2 | #define _trace_possible _trace_possible 3 | static bool _trace_possible(const void *data) 4 | { 5 | /* i386 can only trace i386 :( */ 6 | const Elf64_Ehdr *ehdr = data; 7 | return (ehdr->e_ident[EI_CLASS] == ELFCLASS32) && 8 | (ehdr->e_machine == EM_386); 9 | } 10 | 11 | #ifdef SB_PERSONALITIES 12 | static const struct syscall_entry syscall_table[] = { 13 | #define S(s) { SB_SYS_x86_##s, SB_NR_##s, #s }, 14 | #include "trace_syscalls_x86.h" 15 | #undef S 16 | { SB_NR_UNDEF, SB_NR_UNDEF, NULL }, 17 | }; 18 | # define trace_check_personality(regs) syscall_table 19 | #endif 20 | 21 | #define trace_reg_sysnum orig_eax 22 | #define trace_reg_ret eax 23 | 24 | static unsigned long trace_arg(void *vregs, int num) 25 | { 26 | trace_regs *regs = vregs; 27 | switch (num) { 28 | case 1: return regs->ebx; 29 | case 2: return regs->ecx; 30 | case 3: return regs->edx; 31 | case 4: return regs->esi; 32 | case 5: return regs->edi; 33 | case 6: return regs->ebp; 34 | default: return -1; 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /libsandbox/trace/linux/ia64.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | /* We only care about two ptrace regs, so extract them ourselves rather than 5 | * get the "full" set via GETREGS. We still need to extract the out regs by 6 | * hand either way. 7 | */ 8 | #undef trace_regs 9 | struct sb_ia64_trace_regs { 10 | unsigned long r8, r10, r15; 11 | unsigned long out[6]; 12 | }; 13 | #define trace_regs struct sb_ia64_trace_regs 14 | 15 | #define trace_reg_sysnum r15 16 | 17 | static unsigned long trace_arg(void *vregs, int num) 18 | { 19 | trace_regs *regs = vregs; 20 | if (num < 7) 21 | return regs->out[num - 1]; 22 | else 23 | return -1; 24 | } 25 | 26 | static long do_peekuser(long offset) 27 | { 28 | return do_ptrace(PTRACE_PEEKUSER, (void *)offset, NULL); 29 | } 30 | 31 | static long do_pokeuser(long offset, long val) 32 | { 33 | return do_ptrace(PTRACE_POKEUSER, (void *)offset, (void *)val); 34 | } 35 | 36 | #undef trace_get_regs 37 | static long trace_get_regs(void *vregs) 38 | { 39 | trace_regs *regs = vregs; 40 | size_t i; 41 | unsigned long *out0, cfm, sof, sol; 42 | long rbs_end; 43 | 44 | regs->r15 = do_peekuser(PT_R15); 45 | 46 | /* Here there be gremlins! */ 47 | rbs_end = do_peekuser(PT_AR_BSP); 48 | cfm = do_peekuser(PT_CFM); 49 | sof = (cfm >> 0) & 0x7f; 50 | sol = (cfm >> 7) & 0x7f; 51 | out0 = ia64_rse_skip_regs((unsigned long *)rbs_end, -sof + sol); 52 | for (i = 0; i < 7; ++i) 53 | regs->out[i] = do_peekdata((uintptr_t)ia64_rse_skip_regs(out0, i)); 54 | 55 | return 0; 56 | } 57 | 58 | #undef trace_set_regs 59 | static long trace_set_regs(void *vregs) 60 | { 61 | trace_regs *regs = vregs; 62 | /* We only support rewriting of syscall/err # currently (not args). */ 63 | do_pokeuser(PT_R8, regs->r8); 64 | do_pokeuser(PT_R10, regs->r10); 65 | do_pokeuser(PT_R15, regs->r15); 66 | return 0; 67 | } 68 | 69 | static long trace_raw_ret(void *vregs) 70 | { 71 | trace_regs *regs = vregs; 72 | return regs->r8; 73 | } 74 | 75 | static void trace_set_ret(void *vregs, int err) 76 | { 77 | trace_regs *regs = vregs; 78 | regs->r8 = err; 79 | regs->r10 = -1; 80 | trace_set_regs(regs); 81 | } 82 | -------------------------------------------------------------------------------- /libsandbox/trace/linux/powerpc.c: -------------------------------------------------------------------------------- 1 | /* 32-bit & 64-bit systems use the same syscall table, so handling 2 | * multiple personalities is simple -- nothing to do! 3 | */ 4 | 5 | #define trace_reg_sysnum gpr[0] 6 | 7 | static long trace_raw_ret(void *vregs) 8 | { 9 | trace_regs *regs = vregs; 10 | return regs->gpr[3]; 11 | } 12 | 13 | static void trace_set_ret(void *vregs, int err) 14 | { 15 | trace_regs *regs = vregs; 16 | if ((regs->trap & 0xfff0) == 0x3000) { 17 | /* ppc64 */ 18 | regs->gpr[3] = -err; 19 | } else { 20 | /* ppc32 */ 21 | regs->gpr[3] = err; 22 | regs->ccr |= 0x10000000; 23 | } 24 | trace_set_regs(regs); 25 | } 26 | 27 | static unsigned long trace_arg(void *vregs, int num) 28 | { 29 | trace_regs *regs = vregs; 30 | if (num == 1) 31 | return regs->orig_gpr3; 32 | if (num < 7) 33 | return regs->gpr[3 + num - 1]; 34 | else 35 | return -1; 36 | } 37 | -------------------------------------------------------------------------------- /libsandbox/trace/linux/syscall_info.c: -------------------------------------------------------------------------------- 1 | #undef trace_regs 2 | #define trace_regs struct ptrace_syscall_info 3 | 4 | #define trace_reg_sysnum entry.nr 5 | #define trace_reg_ret exit.rval 6 | 7 | #undef trace_get_regs 8 | #define trace_get_regs(regs) do_ptrace(PTRACE_GET_SYSCALL_INFO, (void *)(uintptr_t)sizeof(trace_regs), regs) 9 | 10 | static unsigned long trace_arg(void *vregs, int num) 11 | { 12 | trace_regs *regs = vregs; 13 | if (num < 7) 14 | return regs->entry.args[num - 1]; 15 | else 16 | return -1; 17 | } 18 | 19 | #undef trace_set_regs 20 | static long trace_set_regs(void *vregs) 21 | { 22 | sb_ewarn("sandbox: Unable to block violation\n"); 23 | return 0; 24 | } 25 | -------------------------------------------------------------------------------- /libsandbox/trace/os.c: -------------------------------------------------------------------------------- 1 | #include "common.c" 2 | 3 | #undef SB_NO_TRACE 4 | #if 0 5 | #elif defined(__linux__) 6 | # include "linux/arch.c" 7 | #else 8 | # define SB_NO_TRACE_OS 9 | #endif 10 | 11 | #ifdef SB_NO_TRACE_OS 12 | # warning "trace: sorry, no support for your OS" 13 | # define SB_NO_TRACE 14 | #endif 15 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/__futimesat64.c: -------------------------------------------------------------------------------- 1 | /* 2 | * __futimesat64() wrapper. 3 | * 4 | * Copyright 1999-2021 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | /* 9 | * NB: Reusing the 32-bit time interface isn't entirely correct as the 64-bit time interface uses a 10 | * different structure, but we never decode the time values in sandbox, so it doesn't matter to use. 11 | */ 12 | #undef WRAPPER_NR 13 | #define WRAPPER_NR SB_NR_FUTIMESAT 14 | #include "futimesat.c" 15 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/__futimesat_time64.c: -------------------------------------------------------------------------------- 1 | #include "__futimesat64.c" 2 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/__lutimes64.c: -------------------------------------------------------------------------------- 1 | /* 2 | * __lutimes64() wrapper. 3 | * 4 | * Copyright 1999-2021 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | /* 9 | * NB: Reusing the 32-bit time interface isn't entirely correct as the 64-bit time interface uses a 10 | * different structure, but we never decode the time values in sandbox, so it doesn't matter to use. 11 | */ 12 | #undef WRAPPER_NR 13 | #define WRAPPER_NR SB_NR_LUTIMES 14 | #include "lutimes.c" 15 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/__lutimes_time64.c: -------------------------------------------------------------------------------- 1 | #include "__lutimes64.c" 2 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/__open64_2.c: -------------------------------------------------------------------------------- 1 | /* 2 | * __open64_2() wrapper (_FORTIFY_SOURCE). 3 | * 4 | * Copyright 1999-2009 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #include "__open_2.c" 9 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/__open_2.c: -------------------------------------------------------------------------------- 1 | /* 2 | * __open_2() wrapper (_FORTIFY_SOURCE). 3 | * 4 | * Copyright 1999-2009 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #define WRAPPER_ARGS_PROTO const char *pathname, int flags 9 | #define WRAPPER_ARGS pathname, flags 10 | #define WRAPPER_SAFE() SB_SAFE_OPEN_INT(pathname, flags) 11 | #include "__openat_2.c" 12 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/__openat64_2.c: -------------------------------------------------------------------------------- 1 | /* 2 | * __openat64_2() wrapper (_FORTIFY_SOURCE). 3 | * 4 | * Copyright 1999-2009 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #include "__openat_2.c" 9 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/__openat_2.c: -------------------------------------------------------------------------------- 1 | /* 2 | * __openat_2() wrapper (_FORTIFY_SOURCE). 3 | * 4 | * Copyright 1999-2009 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #ifndef WRAPPER_ARGS_PROTO /* let open() use us */ 9 | # define WRAPPER_ARGS_PROTO int dirfd, const char *pathname, int flags 10 | # define WRAPPER_ARGS dirfd, pathname, flags 11 | # define WRAPPER_SAFE() SB_SAFE_OPEN_INT_AT(dirfd, pathname, flags) 12 | #else 13 | # define dirfd AT_FDCWD 14 | #endif 15 | 16 | #include "__wrapper_simple.c" 17 | 18 | #undef dirfd 19 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/__utime64.c: -------------------------------------------------------------------------------- 1 | /* 2 | * __utime64() wrapper. 3 | * 4 | * Copyright 1999-2021 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | /* 9 | * NB: Reusing the 32-bit time interface isn't entirely correct as the 64-bit time interface uses a 10 | * different structure, but we never decode the time values in sandbox, so it doesn't matter to use. 11 | */ 12 | #undef WRAPPER_NR 13 | #define WRAPPER_NR SB_NR_UTIME 14 | #include "utime.c" 15 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/__utimensat64.c: -------------------------------------------------------------------------------- 1 | /* 2 | * __utimensat64() wrapper. 3 | * 4 | * Copyright 1999-2021 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | /* 9 | * NB: Reusing the 32-bit time interface isn't entirely correct as the 64-bit time interface uses a 10 | * different structure, but we never decode the time values in sandbox, so it doesn't matter to use. 11 | */ 12 | #undef WRAPPER_NR 13 | #define WRAPPER_NR SB_NR_UTIMENSAT 14 | #include "utimensat.c" 15 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/__utimensat_time64.c: -------------------------------------------------------------------------------- 1 | #include "__utimensat64.c" 2 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/__utimes64.c: -------------------------------------------------------------------------------- 1 | /* 2 | * __utimes64() wrapper. 3 | * 4 | * Copyright 1999-2021 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | /* 9 | * NB: Reusing the 32-bit time interface isn't entirely correct as the 64-bit time interface uses a 10 | * different structure, but we never decode the time values in sandbox, so it doesn't matter to use. 11 | */ 12 | #undef WRAPPER_NR 13 | #define WRAPPER_NR SB_NR_UTIMES 14 | #include "utimes.c" 15 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/__utimes_time64.c: -------------------------------------------------------------------------------- 1 | #include "__utimes64.c" 2 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/__wrapper_simple.c: -------------------------------------------------------------------------------- 1 | /* 2 | * generic wrapper. 3 | * 4 | * Copyright 1999-2008 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #ifndef WRAPPER_ARGS_PROTO 9 | # error WRAPPER_ARGS_PROTO needs to be defined 10 | #endif 11 | #ifndef WRAPPER_ARGS_PROTO_FULL 12 | # define WRAPPER_ARGS_PROTO_FULL WRAPPER_ARGS_PROTO 13 | #endif 14 | #ifndef WRAPPER_ARGS_FULL 15 | # define WRAPPER_ARGS_FULL WRAPPER_ARGS 16 | #endif 17 | #ifndef WRAPPER_RET_TYPE 18 | # define WRAPPER_RET_TYPE int 19 | #endif 20 | #ifndef WRAPPER_RET_DEFAULT 21 | # define WRAPPER_RET_DEFAULT -1 22 | #endif 23 | #ifndef WRAPPER_PRE_CHECKS 24 | # define WRAPPER_PRE_CHECKS() true 25 | #endif 26 | #ifndef WRAPPER_SAFE_POST_EXPAND 27 | # define WRAPPER_SAFE_POST_EXPAND 28 | #endif 29 | #ifndef WRAPPER_POST_EXPAND 30 | # define WRAPPER_POST_EXPAND 31 | #endif 32 | 33 | extern WRAPPER_RET_TYPE EXTERN_NAME(WRAPPER_ARGS_PROTO); 34 | static WRAPPER_RET_TYPE (*WRAPPER_TRUE_NAME)(WRAPPER_ARGS_PROTO) = NULL; 35 | 36 | #ifndef SB_HIDDEN_FUNC 37 | # define _SB_HIDDEN_FUNC(x) sb_unwrapped_##x 38 | # define SB_HIDDEN_FUNC(x) _SB_HIDDEN_FUNC(x) 39 | #endif 40 | attribute_hidden 41 | WRAPPER_RET_TYPE SB_HIDDEN_FUNC(WRAPPER_NAME)(WRAPPER_ARGS_PROTO_FULL) 42 | { 43 | check_dlsym(WRAPPER_TRUE_NAME, WRAPPER_SYMNAME, WRAPPER_SYMVER); 44 | return WRAPPER_TRUE_NAME(WRAPPER_ARGS_FULL); 45 | } 46 | 47 | WRAPPER_RET_TYPE WRAPPER_NAME(WRAPPER_ARGS_PROTO) 48 | { 49 | WRAPPER_RET_TYPE result = WRAPPER_RET_DEFAULT; 50 | 51 | if (WRAPPER_PRE_CHECKS()) 52 | if (WRAPPER_SAFE()) { 53 | WRAPPER_SAFE_POST_EXPAND 54 | result = SB_HIDDEN_FUNC(WRAPPER_NAME)(WRAPPER_ARGS_FULL); 55 | WRAPPER_POST_EXPAND 56 | } 57 | 58 | return result; 59 | } 60 | 61 | #undef WRAPPER_ARGS_FULL 62 | #undef WRAPPER_ARGS_PROTO_FULL 63 | #undef WRAPPER_SAFE_POST_EXPAND 64 | #undef WRAPPER_POST_EXPAND 65 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/__xmknod.c: -------------------------------------------------------------------------------- 1 | /* 2 | * __xmknod() wrapper. 3 | * 4 | * Copyright 1999-2008 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #define WRAPPER_ARGS_PROTO int ver, const char *pathname, mode_t mode, dev_t *dev 9 | #define WRAPPER_ARGS ver, pathname, mode, dev 10 | #define WRAPPER_SAFE() SB_SAFE(pathname) 11 | #include "__wrapper_simple.c" 12 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/__xmknodat.c: -------------------------------------------------------------------------------- 1 | /* 2 | * __xmknodat() wrapper. 3 | * 4 | * Copyright 1999-2008 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #define WRAPPER_ARGS_PROTO int ver, int dirfd, const char *pathname, mode_t mode, dev_t *dev 9 | #define WRAPPER_ARGS ver, dirfd, pathname, mode, dev 10 | #define WRAPPER_SAFE() SB_SAFE(pathname) 11 | #include "__wrapper_simple.c" 12 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/_xmknod.c: -------------------------------------------------------------------------------- 1 | /* 2 | * _xmknod() wrapper. 3 | * 4 | * Copyright 1999-2008 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #define WRAPPER_ARGS_PROTO const int ver, const char *pathname, mode_t mode, dev_t dev 9 | #define WRAPPER_ARGS ver, pathname, mode, dev 10 | #define WRAPPER_SAFE() SB_SAFE(pathname) 11 | #include "__wrapper_simple.c" 12 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/access.c: -------------------------------------------------------------------------------- 1 | /* 2 | * access() wrapper. 3 | * 4 | * Copyright 1999-2008 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #define WRAPPER_ARGS_PROTO const char *pathname, int mode 9 | #define WRAPPER_ARGS pathname, mode 10 | #define WRAPPER_SAFE() SB_SAFE_ACCESS(pathname, mode) 11 | #include "__wrapper_simple.c" 12 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/chmod.c: -------------------------------------------------------------------------------- 1 | /* 2 | * chmod() wrapper. 3 | * 4 | * Copyright 1999-2008 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #define WRAPPER_ARGS_PROTO const char *path, mode_t mode 9 | #define WRAPPER_ARGS path, mode 10 | #define WRAPPER_SAFE() SB_SAFE(path) 11 | #include "__wrapper_simple.c" 12 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/chown.c: -------------------------------------------------------------------------------- 1 | /* 2 | * chown() wrapper. 3 | * 4 | * Copyright 1999-2008 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #define WRAPPER_ARGS_PROTO const char *path, uid_t owner, gid_t group 9 | #define WRAPPER_ARGS path, owner, group 10 | #define WRAPPER_SAFE() SB_SAFE(path) 11 | #include "__wrapper_simple.c" 12 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/creat.c: -------------------------------------------------------------------------------- 1 | /* 2 | * creat() wrapper. 3 | * 4 | * Copyright 1999-2008 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | * 7 | * Partly Copyright (C) 1998-9 Pancrazio `Ezio' de Mauro , 8 | * as some of the InstallWatch code was used. 9 | */ 10 | 11 | #define WRAPPER_ARGS_PROTO const char *pathname, mode_t mode 12 | #define WRAPPER_ARGS pathname, mode 13 | extern int EXTERN_NAME(WRAPPER_ARGS_PROTO); 14 | /* XXX: We use the open() call to simulate creat() */ 15 | /* static int (*WRAPPER_TRUE_NAME)(WRAPPER_ARGS_PROTO) = NULL; */ 16 | 17 | int WRAPPER_NAME(WRAPPER_ARGS_PROTO) 18 | { 19 | int result = -1; 20 | 21 | if (SB_SAFE(pathname)) 22 | result = sb_unwrapped_open_DEFAULT(pathname, O_CREAT | O_WRONLY | O_TRUNC, mode); 23 | 24 | return result; 25 | } 26 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/creat64.c: -------------------------------------------------------------------------------- 1 | /* 2 | * creat64() wrapper. 3 | * 4 | * Copyright 1999-2008 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #define sb_unwrapped_open_DEFAULT sb_unwrapped_open64_DEFAULT 9 | #include "creat.c" 10 | #undef sb_unwrapped_open_DEFAULT 11 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/execv.c: -------------------------------------------------------------------------------- 1 | /* 2 | * execv() wrapper. 3 | * 4 | * Copyright 1999-2008 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #define WRAPPER_ARGS_PROTO const char *path, char *const argv[] 9 | #define WRAPPER_ARGS path, argv 10 | #define EXEC_NO_PATH 11 | #include "__wrapper_exec.c" 12 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/execve.c: -------------------------------------------------------------------------------- 1 | /* 2 | * execve() wrapper. 3 | * 4 | * Copyright 1999-2008 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #define WRAPPER_ARGS_PROTO const char *path, char *const argv[], char *const envp[] 9 | #define WRAPPER_ARGS path, argv, envp 10 | #define EXEC_ARGS path, argv, my_env 11 | #define EXEC_MY_ENV 12 | #define EXEC_NO_PATH 13 | #include "__wrapper_exec.c" 14 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/execveat.c: -------------------------------------------------------------------------------- 1 | /* 2 | * execve() wrapper. 3 | * 4 | * Copyright 1999-2015 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #define WRAPPER_ARGS_PROTO int dirfd, const char *path, char *const argv[], char *const envp[], int flags 9 | #define WRAPPER_ARGS dirfd, path, argv, envp, flags 10 | #define EXEC_ARGS dirfd, path, argv, my_env, flags 11 | #define EXEC_MY_ENV 12 | #define EXEC_NO_PATH 13 | #include "__wrapper_exec.c" 14 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/execvp.c: -------------------------------------------------------------------------------- 1 | /* 2 | * execvp() wrapper. 3 | * 4 | * Copyright 1999-2008 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #define WRAPPER_ARGS_PROTO const char *path, char *const argv[] 9 | #define WRAPPER_ARGS path, argv 10 | #include "__wrapper_exec.c" 11 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/execvpe.c: -------------------------------------------------------------------------------- 1 | /* 2 | * execvpe() wrapper. 3 | * 4 | * Copyright 1999-2015 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #define WRAPPER_ARGS_PROTO const char *path, char *const argv[], char *const envp[] 9 | #define WRAPPER_ARGS path, argv, envp 10 | #define EXEC_ARGS path, argv, my_env 11 | #define EXEC_MY_ENV 12 | #include "__wrapper_exec.c" 13 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/faccessat.c: -------------------------------------------------------------------------------- 1 | /* 2 | * faccessat() wrapper. 3 | * 4 | * Copyright 1999-2008 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #define WRAPPER_ARGS_PROTO int dirfd, const char *pathname, int mode, int flags 9 | #define WRAPPER_ARGS dirfd, pathname, mode, flags 10 | #define WRAPPER_SAFE() SB_SAFE_ACCESS_AT(dirfd, pathname, mode, flags) 11 | #include "__wrapper_simple.c" 12 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/fchmod.c: -------------------------------------------------------------------------------- 1 | /* 2 | * fchmod() wrapper. 3 | * 4 | * Copyright 1999-2018 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #define WRAPPER_ARGS_PROTO int fd, mode_t mode 9 | #define WRAPPER_ARGS fd, mode 10 | #define WRAPPER_SAFE() SB_SAFE_FD(fd) 11 | #include "__wrapper_simple.c" 12 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/fchmodat.c: -------------------------------------------------------------------------------- 1 | /* 2 | * fchmodat() wrapper. 3 | * 4 | * Copyright 1999-2008 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #define WRAPPER_ARGS_PROTO int dirfd, const char *path, mode_t mode, int flags 9 | #define WRAPPER_ARGS dirfd, path, mode, flags 10 | #define WRAPPER_SAFE() SB_SAFE_AT(dirfd, path, flags) 11 | #include "__wrapper_simple.c" 12 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/fchown.c: -------------------------------------------------------------------------------- 1 | /* 2 | * fchown() wrapper. 3 | * 4 | * Copyright 1999-2018 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #define WRAPPER_ARGS_PROTO int fd, uid_t owner, gid_t group 9 | #define WRAPPER_ARGS fd, owner, group 10 | #define WRAPPER_SAFE() SB_SAFE_FD(fd) 11 | #include "__wrapper_simple.c" 12 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/fchownat.c: -------------------------------------------------------------------------------- 1 | /* 2 | * fchownat() wrapper. 3 | * 4 | * Copyright 1999-2008 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #define WRAPPER_ARGS_PROTO int dirfd, const char *path, uid_t owner, gid_t group, int flags 9 | #define WRAPPER_ARGS dirfd, path, owner, group, flags 10 | #define WRAPPER_SAFE() SB_SAFE_AT(dirfd, path, flags) 11 | #include "__wrapper_simple.c" 12 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/fexecve.c: -------------------------------------------------------------------------------- 1 | /* 2 | * fexecve() wrapper. 3 | * 4 | * Copyright 1999-2008 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #define WRAPPER_ARGS_PROTO int fd, char *const argv[], char *const envp[] 9 | #define WRAPPER_ARGS fd, argv, envp 10 | #define EXEC_ARGS fd, argv, my_env 11 | #define EXEC_MY_ENV 12 | #define EXEC_NO_FILE 13 | #include "__wrapper_exec.c" 14 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/fopen.c: -------------------------------------------------------------------------------- 1 | /* 2 | * fopen() wrapper. 3 | * 4 | * Copyright 1999-2008 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #define WRAPPER_ARGS_PROTO const char *pathname, const char *mode 9 | #define WRAPPER_ARGS pathname, mode 10 | #define WRAPPER_SAFE() SB_SAFE_OPEN_CHAR(pathname, mode) 11 | #define WRAPPER_RET_TYPE FILE * 12 | #define WRAPPER_RET_DEFAULT NULL 13 | 14 | #include "__wrapper_simple.c" 15 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/fopen64.c: -------------------------------------------------------------------------------- 1 | /* 2 | * fopen64() wrapper. 3 | * 4 | * Copyright 1999-2009 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #include "fopen.c" 9 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/fork.c: -------------------------------------------------------------------------------- 1 | /* 2 | * fork() wrapper. 3 | * 4 | * Copyright 1999-2009 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | /* We're only wrapping fork() as a poor man's pthread_atfork(). That would 9 | * require dedicated linkage against libpthread. So here we force the locks 10 | * to a consistent state before forking. #263657 11 | */ 12 | 13 | #define WRAPPER_ARGS_PROTO 14 | #define WRAPPER_ARGS 15 | #define WRAPPER_SAFE() 0 16 | #define WRAPPER_PRE_CHECKS() \ 17 | ({ \ 18 | /* pthread_atfork(sb_lock, sb_unlock, sb_unlock); */ \ 19 | sb_lock(); \ 20 | result = SB_HIDDEN_FUNC(WRAPPER_NAME)(WRAPPER_ARGS_FULL); \ 21 | sb_unlock(); \ 22 | false; \ 23 | }) 24 | #include "__wrapper_simple.c" 25 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/futimesat.c: -------------------------------------------------------------------------------- 1 | /* 2 | * futimesat() wrapper. 3 | * 4 | * Copyright 1999-2008 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #define WRAPPER_ARGS_PROTO int dirfd, const char *filename, const struct timeval times[2] 9 | #define WRAPPER_ARGS dirfd, filename, times 10 | #define WRAPPER_SAFE() SB_SAFE_AT(dirfd, filename, 0) 11 | #include "__wrapper_simple.c" 12 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/getcwd.c: -------------------------------------------------------------------------------- 1 | /* 2 | * getcwd() wrapper. 3 | * 4 | * Copyright 1999-2008 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #define WRAPPER_ARGS_PROTO char *buf, size_t size 9 | #define WRAPPER_ARGS buf, size 10 | #define WRAPPER_RET_TYPE char * 11 | #define WRAPPER_RET_DEFAULT NULL 12 | #define WRAPPER_SAFE() true 13 | /* Need to disable sandbox, as on non-linux libc's, opendir() is often 14 | * used by some getcwd() implementations and resolves to the sandbox 15 | * opendir() wrapper, causing infinite recursion and finally crashes. 16 | */ 17 | #define WRAPPER_SAFE_POST_EXPAND sandbox_on = false; 18 | #define WRAPPER_POST_EXPAND sandbox_on = true; 19 | #include "__wrapper_simple.c" 20 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/lchown.c: -------------------------------------------------------------------------------- 1 | /* 2 | * lchown() wrapper. 3 | * 4 | * Copyright 1999-2008 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #define WRAPPER_ARGS_PROTO const char *path, uid_t owner, gid_t group 9 | #define WRAPPER_ARGS path, owner, group 10 | #define WRAPPER_SAFE() SB_SAFE(path) 11 | #include "__wrapper_simple.c" 12 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/link.c: -------------------------------------------------------------------------------- 1 | /* 2 | * link() wrapper. 3 | * 4 | * Copyright 1999-2008 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #define WRAPPER_ARGS_PROTO const char *oldpath, const char *newpath 9 | #define WRAPPER_ARGS oldpath, newpath 10 | #define WRAPPER_SAFE() SB_SAFE(newpath) 11 | #include "__wrapper_simple.c" 12 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/linkat.c: -------------------------------------------------------------------------------- 1 | /* 2 | * linkat() wrapper. 3 | * 4 | * Copyright 1999-2008 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #define WRAPPER_ARGS_PROTO int olddirfd, const char *oldpath, int newdirfd, const char *newpath, int flags 9 | #define WRAPPER_ARGS olddirfd, oldpath, newdirfd, newpath, flags 10 | #define WRAPPER_SAFE() SB_SAFE_AT(newdirfd, newpath, flags) 11 | #include "__wrapper_simple.c" 12 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/lremovexattr.c: -------------------------------------------------------------------------------- 1 | /* 2 | * lremovexattr() wrapper. 3 | * 4 | * Copyright 1999-2021 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #define WRAPPER_ARGS_PROTO const char *path, const char *name 9 | #define WRAPPER_ARGS path, name 10 | #define WRAPPER_SAFE() SB_SAFE(path) 11 | #include "__wrapper_simple.c" 12 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/lsetxattr.c: -------------------------------------------------------------------------------- 1 | /* 2 | * setxattr() wrapper. 3 | * 4 | * Copyright 1999-2021 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #define WRAPPER_ARGS_PROTO const char *path, const char *name, const void *value, size_t size, int flags 9 | #define WRAPPER_ARGS path, name, value, size, flags 10 | #define WRAPPER_SAFE() SB_SAFE(path) 11 | #include "__wrapper_simple.c" 12 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/lutimes.c: -------------------------------------------------------------------------------- 1 | /* 2 | * lutimes() wrapper. 3 | * 4 | * Copyright 1999-2008 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #define WRAPPER_ARGS_PROTO const char *filename, const struct timeval times[2] 9 | #define WRAPPER_ARGS filename, times 10 | #define WRAPPER_SAFE() SB_SAFE(filename) 11 | #include "__wrapper_simple.c" 12 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/mkdir.c: -------------------------------------------------------------------------------- 1 | /* 2 | * mkdir() wrapper. 3 | * 4 | * Copyright 1999-2009 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #define WRAPPER_ARGS_PROTO const char *pathname, mode_t mode 9 | #define WRAPPER_ARGS pathname, mode 10 | #define WRAPPER_SAFE() SB_SAFE(pathname) 11 | #include "mkdirat.c" 12 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/mkdirat.c: -------------------------------------------------------------------------------- 1 | /* 2 | * mkdirat() wrapper. 3 | * 4 | * Copyright 1999-2009 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #ifndef WRAPPER_ARGS_PROTO /* let mkdir() use us */ 9 | # define WRAPPER_ARGS_PROTO int dirfd, const char *pathname, mode_t mode 10 | # define WRAPPER_ARGS dirfd, pathname, mode 11 | # define WRAPPER_SAFE() SB_SAFE_AT(dirfd, pathname, 0) 12 | #else 13 | # define dirfd AT_FDCWD 14 | #endif 15 | 16 | #define WRAPPER_PRE_CHECKS() sb_mkdirat_pre_check(STRING_NAME, pathname, dirfd) 17 | 18 | #include "__wrapper_simple.c" 19 | 20 | #undef dirfd 21 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/mkdtemp.c: -------------------------------------------------------------------------------- 1 | /* 2 | * mkdtemp() wrapper. 3 | * 4 | * Copyright 1999-2011 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #define WRAPPER_ARGS_PROTO char *template 9 | #define WRAPPER_ARGS template 10 | #define WRAPPER_RET_TYPE char * 11 | #define WRAPPER_RET_DEFAULT NULL 12 | #define WRAPPER_SAFE() SB_SAFE(template) 13 | #include "__wrapper_simple.c" 14 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/mkfifo.c: -------------------------------------------------------------------------------- 1 | /* 2 | * mkfifo() wrapper. 3 | * 4 | * Copyright 1999-2008 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #define WRAPPER_ARGS_PROTO const char *pathname, mode_t mode 9 | #define WRAPPER_ARGS pathname, mode 10 | #define WRAPPER_SAFE() SB_SAFE(pathname) 11 | #include "__wrapper_simple.c" 12 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/mkfifoat.c: -------------------------------------------------------------------------------- 1 | /* 2 | * mkfifoat() wrapper. 3 | * 4 | * Copyright 1999-2008 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #define WRAPPER_ARGS_PROTO int dirfd, const char *pathname, mode_t mode 9 | #define WRAPPER_ARGS dirfd, pathname, mode 10 | #define WRAPPER_SAFE() SB_SAFE_AT(dirfd, pathname, 0) 11 | #include "__wrapper_simple.c" 12 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/mknod.c: -------------------------------------------------------------------------------- 1 | /* 2 | * mknod() wrapper. 3 | * 4 | * Copyright 1999-2008 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #define WRAPPER_ARGS_PROTO const char *pathname, mode_t mode, dev_t dev 9 | #define WRAPPER_ARGS pathname, mode, dev 10 | #define WRAPPER_SAFE() SB_SAFE(pathname) 11 | #include "__wrapper_simple.c" 12 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/mknodat.c: -------------------------------------------------------------------------------- 1 | /* 2 | * mknodat() wrapper. 3 | * 4 | * Copyright 1999-2008 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #define WRAPPER_ARGS_PROTO int dirfd, const char *pathname, mode_t mode, dev_t dev 9 | #define WRAPPER_ARGS dirfd, pathname, mode, dev 10 | #define WRAPPER_SAFE() SB_SAFE_AT(dirfd, pathname, 0) 11 | #include "__wrapper_simple.c" 12 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/mkostemp.c: -------------------------------------------------------------------------------- 1 | /* 2 | * mkostemp() wrapper. 3 | * 4 | * Copyright 1999-2011 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #define WRAPPER_ARGS_PROTO char *template, int flags 9 | #define WRAPPER_ARGS template, flags 10 | #define WRAPPER_SAFE() SB_SAFE(template) 11 | #include "__wrapper_simple.c" 12 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/mkostemp64.c: -------------------------------------------------------------------------------- 1 | /* 2 | * mkostemp64() wrapper. 3 | * 4 | * Copyright 1999-2011 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #include "mkostemp.c" 9 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/mkostemps.c: -------------------------------------------------------------------------------- 1 | /* 2 | * mkostemps() wrapper. 3 | * 4 | * Copyright 1999-2011 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #define WRAPPER_ARGS_PROTO char *template, int suffixlen, int flags 9 | #define WRAPPER_ARGS template, suffixlen, flags 10 | #define WRAPPER_SAFE() SB_SAFE(template) 11 | #include "__wrapper_simple.c" 12 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/mkostemps64.c: -------------------------------------------------------------------------------- 1 | /* 2 | * mkostemps64() wrapper. 3 | * 4 | * Copyright 1999-2011 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #include "mkostemps.c" 9 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/mkstemp.c: -------------------------------------------------------------------------------- 1 | /* 2 | * mkstemp() wrapper. 3 | * 4 | * Copyright 1999-2011 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #define WRAPPER_ARGS_PROTO char *template 9 | #define WRAPPER_ARGS template 10 | #define WRAPPER_SAFE() SB_SAFE(template) 11 | #include "__wrapper_simple.c" 12 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/mkstemp64.c: -------------------------------------------------------------------------------- 1 | /* 2 | * mkstemp64() wrapper. 3 | * 4 | * Copyright 1999-2011 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #include "mkstemp.c" 9 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/mkstemps.c: -------------------------------------------------------------------------------- 1 | /* 2 | * mkstemps() wrapper. 3 | * 4 | * Copyright 1999-2011 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #define WRAPPER_ARGS_PROTO char *template, int suffixlen 9 | #define WRAPPER_ARGS template, suffixlen 10 | #define WRAPPER_SAFE() SB_SAFE(template) 11 | #include "__wrapper_simple.c" 12 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/mkstemps64.c: -------------------------------------------------------------------------------- 1 | /* 2 | * mkstemps64() wrapper. 3 | * 4 | * Copyright 1999-2011 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #include "mkstemps.c" 9 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/open.c: -------------------------------------------------------------------------------- 1 | /* 2 | * open() wrapper. 3 | * 4 | * Copyright 1999-2008 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #define _WRAPPER_ARGS_PROTO const char *pathname, int flags 9 | #define WRAPPER_ARGS_PROTO _WRAPPER_ARGS_PROTO, ... 10 | #define WRAPPER_ARGS_PROTO_FULL _WRAPPER_ARGS_PROTO, mode_t mode 11 | #define WRAPPER_ARGS pathname, flags 12 | #define WRAPPER_ARGS_FULL WRAPPER_ARGS, mode 13 | #define WRAPPER_SAFE() SB_SAFE_OPEN_INT(pathname, flags) 14 | #include "openat.c" 15 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/open64.c: -------------------------------------------------------------------------------- 1 | /* 2 | * open64() wrapper. 3 | * 4 | * Copyright 1999-2008 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #include "open.c" 9 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/openat.c: -------------------------------------------------------------------------------- 1 | /* 2 | * openat() wrapper. 3 | * 4 | * Copyright 1999-2009 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #ifndef WRAPPER_ARGS_PROTO /* let open() use us */ 9 | # define _WRAPPER_ARGS_PROTO int dirfd, const char *pathname, int flags 10 | # define WRAPPER_ARGS_PROTO _WRAPPER_ARGS_PROTO, ... 11 | # define WRAPPER_ARGS_PROTO_FULL _WRAPPER_ARGS_PROTO, mode_t mode 12 | # define WRAPPER_ARGS dirfd, pathname, flags 13 | # define WRAPPER_ARGS_FULL WRAPPER_ARGS, mode 14 | # define WRAPPER_SAFE() SB_SAFE_OPEN_INT_AT(dirfd, pathname, flags) 15 | #else 16 | # define dirfd AT_FDCWD 17 | #endif 18 | 19 | #define WRAPPER_SAFE_POST_EXPAND \ 20 | int mode = 0; \ 21 | if (flags & (O_CREAT | O_TMPFILE)) { \ 22 | va_list ap; \ 23 | va_start(ap, flags); \ 24 | mode = va_arg(ap, int); \ 25 | va_end(ap); \ 26 | } 27 | 28 | #include "__wrapper_simple.c" 29 | 30 | #undef dirfd 31 | #undef _WRAPPER_ARGS_PROTO 32 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/openat64.c: -------------------------------------------------------------------------------- 1 | /* 2 | * openat64() wrapper. 3 | * 4 | * Copyright 1999-2008 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #include "openat.c" 9 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/opendir.c: -------------------------------------------------------------------------------- 1 | /* 2 | * opendir() wrapper. 3 | * 4 | * Copyright 1999-2008 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #define WRAPPER_ARGS_PROTO const char *name 9 | #define WRAPPER_ARGS name 10 | #define WRAPPER_SAFE() SB_SAFE(name) 11 | #define WRAPPER_RET_TYPE DIR * 12 | #define WRAPPER_RET_DEFAULT NULL 13 | 14 | #include "__wrapper_simple.c" 15 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/popen.c: -------------------------------------------------------------------------------- 1 | /* 2 | * popen() wrapper. 3 | * 4 | * Copyright 1999-2008 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #define WRAPPER_ARGS_PROTO const char *command, const char *type 9 | #define WRAPPER_ARGS command, type 10 | #define WRAPPER_RET_TYPE FILE * 11 | #define WRAPPER_RET_DEFAULT NULL 12 | #define EXEC_NO_FILE 13 | #include "__wrapper_exec.c" 14 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/remove.c: -------------------------------------------------------------------------------- 1 | /* 2 | * remove() wrapper. 3 | * 4 | * Copyright 1999-2009 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #define WRAPPER_ARGS_PROTO const char *pathname 9 | #define WRAPPER_ARGS pathname 10 | #define WRAPPER_SAFE() SB_SAFE(pathname) 11 | #define WRAPPER_PRE_CHECKS() sb_unlinkat_pre_check(STRING_NAME, pathname, AT_FDCWD) 12 | #include "__wrapper_simple.c" 13 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/removexattr.c: -------------------------------------------------------------------------------- 1 | /* 2 | * removexattr() wrapper. 3 | * 4 | * Copyright 1999-2021 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #define WRAPPER_ARGS_PROTO const char *path, const char *name 9 | #define WRAPPER_ARGS path, name 10 | #define WRAPPER_SAFE() SB_SAFE(path) 11 | #include "__wrapper_simple.c" 12 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/rename.c: -------------------------------------------------------------------------------- 1 | /* 2 | * rename() wrapper. 3 | * 4 | * Copyright 1999-2008 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #define WRAPPER_ARGS_PROTO const char *oldpath, const char *newpath 9 | #define WRAPPER_ARGS oldpath, newpath 10 | #define WRAPPER_SAFE() SB_SAFE(oldpath) && SB_SAFE(newpath) 11 | #include "__wrapper_simple.c" 12 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/renameat.c: -------------------------------------------------------------------------------- 1 | /* 2 | * renameat() wrapper. 3 | * 4 | * Copyright 1999-2008 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #define WRAPPER_ARGS_PROTO int olddirfd, const char *oldpath, int newdirfd, const char *newpath 9 | #define WRAPPER_ARGS olddirfd, oldpath, newdirfd, newpath 10 | #define WRAPPER_SAFE() (SB_SAFE_AT(olddirfd, oldpath, 0) && SB_SAFE_AT(newdirfd, newpath, 0)) 11 | #include "__wrapper_simple.c" 12 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/renameat2.c: -------------------------------------------------------------------------------- 1 | /* 2 | * renameat2() wrapper. 3 | * 4 | * Copyright 1999-2021 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #define WRAPPER_ARGS_PROTO int olddirfd, const char *oldpath, int newdirfd, const char *newpath, unsigned int flags 9 | #define WRAPPER_ARGS olddirfd, oldpath, newdirfd, newpath, flags 10 | #define WRAPPER_SAFE() (SB_SAFE_AT(olddirfd, oldpath, 0) && SB_SAFE_AT(newdirfd, newpath, 0)) 11 | #include "__wrapper_simple.c" 12 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/rmdir.c: -------------------------------------------------------------------------------- 1 | /* 2 | * rmdir() wrapper. 3 | * 4 | * Copyright 1999-2008 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #define WRAPPER_ARGS_PROTO const char *pathname 9 | #define WRAPPER_ARGS pathname 10 | #define WRAPPER_SAFE() SB_SAFE(pathname) 11 | #include "__wrapper_simple.c" 12 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/setxattr.c: -------------------------------------------------------------------------------- 1 | /* 2 | * setxattr() wrapper. 3 | * 4 | * Copyright 1999-2021 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #define WRAPPER_ARGS_PROTO const char *path, const char *name, const void *value, size_t size, int flags 9 | #define WRAPPER_ARGS path, name, value, size, flags 10 | #define WRAPPER_SAFE() SB_SAFE(path) 11 | #include "__wrapper_simple.c" 12 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/symlink.c: -------------------------------------------------------------------------------- 1 | /* 2 | * symlink() wrapper. 3 | * 4 | * Copyright 1999-2008 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #define WRAPPER_ARGS_PROTO const char *oldpath, const char *newpath 9 | #define WRAPPER_ARGS oldpath, newpath 10 | #define WRAPPER_SAFE() SB_SAFE(newpath) 11 | #include "__wrapper_simple.c" 12 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/symlinkat.c: -------------------------------------------------------------------------------- 1 | /* 2 | * symlinkat() wrapper. 3 | * 4 | * Copyright 1999-2008 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #define WRAPPER_ARGS_PROTO const char *oldpath, int newdirfd, const char *newpath 9 | #define WRAPPER_ARGS oldpath, newdirfd, newpath 10 | #define WRAPPER_SAFE() SB_SAFE_AT(newdirfd, newpath, 0) 11 | #include "__wrapper_simple.c" 12 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/system.c: -------------------------------------------------------------------------------- 1 | /* 2 | * system() wrapper. 3 | * 4 | * Copyright 1999-2008 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #define WRAPPER_ARGS_PROTO const char *command 9 | #define WRAPPER_ARGS command 10 | #define EXEC_NO_FILE 11 | #include "__wrapper_exec.c" 12 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/truncate.c: -------------------------------------------------------------------------------- 1 | /* 2 | * truncate() wrapper. 3 | * 4 | * Copyright 1999-2008 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #ifndef WRAPPER_ARGS_PROTO 9 | # define WRAPPER_ARGS_PROTO const char *path, off_t length 10 | #endif 11 | #define WRAPPER_ARGS path, length 12 | #define WRAPPER_SAFE() SB_SAFE(path) 13 | #include "__wrapper_simple.c" 14 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/truncate64.c: -------------------------------------------------------------------------------- 1 | /* 2 | * truncate64() wrapper. 3 | * 4 | * Copyright 1999-2008 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #define WRAPPER_ARGS_PROTO const char *path, off64_t length 9 | #include "truncate.c" 10 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/unlink.c: -------------------------------------------------------------------------------- 1 | /* 2 | * unlink() wrapper. 3 | * 4 | * Copyright 1999-2009 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #define WRAPPER_ARGS_PROTO const char *pathname 9 | #define WRAPPER_ARGS pathname 10 | #define WRAPPER_SAFE() SB_SAFE(pathname) 11 | #include "unlinkat.c" 12 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/unlinkat.c: -------------------------------------------------------------------------------- 1 | /* 2 | * unlinkat() wrapper. 3 | * 4 | * Copyright 1999-2009 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #ifndef WRAPPER_ARGS_PROTO /* let unlink() use us */ 9 | # define WRAPPER_ARGS_PROTO int dirfd, const char *pathname, int flags 10 | # define WRAPPER_ARGS dirfd, pathname, flags 11 | # define WRAPPER_SAFE() SB_SAFE_AT(dirfd, pathname, flags) 12 | #else 13 | # define dirfd AT_FDCWD 14 | #endif 15 | 16 | #define WRAPPER_PRE_CHECKS() sb_unlinkat_pre_check(STRING_NAME, pathname, dirfd) 17 | 18 | #include "__wrapper_simple.c" 19 | 20 | #undef dirfd 21 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/utime.c: -------------------------------------------------------------------------------- 1 | /* 2 | * utime() wrapper. 3 | * 4 | * Copyright 1999-2008 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #define WRAPPER_ARGS_PROTO const char *filename, const struct utimbuf *times 9 | #define WRAPPER_ARGS filename, times 10 | #define WRAPPER_SAFE() SB_SAFE(filename) 11 | #include "__wrapper_simple.c" 12 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/utimensat.c: -------------------------------------------------------------------------------- 1 | /* 2 | * utimensat() wrapper. 3 | * 4 | * Copyright 1999-2008 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #define WRAPPER_ARGS_PROTO int dirfd, const char *filename, const struct timespec times[2], int flags 9 | #define WRAPPER_ARGS dirfd, filename, times, flags 10 | #define WRAPPER_SAFE() SB_SAFE_AT(dirfd, filename, flags) 11 | #include "__wrapper_simple.c" 12 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/utimes.c: -------------------------------------------------------------------------------- 1 | /* 2 | * utimes() wrapper. 3 | * 4 | * Copyright 1999-2008 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #define WRAPPER_ARGS_PROTO const char *filename, const struct timeval times[2] 9 | #define WRAPPER_ARGS filename, times 10 | #define WRAPPER_SAFE() SB_SAFE(filename) 11 | #include "__wrapper_simple.c" 12 | -------------------------------------------------------------------------------- /libsandbox/wrapper-funcs/vfork.c: -------------------------------------------------------------------------------- 1 | /* 2 | * vfork() wrapper. 3 | * 4 | * Copyright 1999-2021 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | /* We're only wrapping vfork() as a poor man's pthread_atfork(). That would 9 | * require dedicated linkage against libpthread. So here we force the locks 10 | * to a consistent state before forking. 11 | * 12 | * We also implement vfork() as fork() because sandbox does not meet vfork() 13 | * requirements bet ween vfork()/exec("some-static-bianary") because we launch 14 | * ptrace in the middle. 15 | */ 16 | 17 | #define WRAPPER_ARGS_PROTO 18 | #define WRAPPER_ARGS 19 | #define WRAPPER_SAFE() 0 20 | #define WRAPPER_PRE_CHECKS() \ 21 | ({ \ 22 | /* pthread_atfork(sb_lock, sb_unlock, sb_unlock); */ \ 23 | sb_lock(); \ 24 | result = sb_unwrapped_fork_DEFAULT(WRAPPER_ARGS_FULL); \ 25 | sb_unlock(); \ 26 | false; \ 27 | }) 28 | #include "__wrapper_simple.c" 29 | -------------------------------------------------------------------------------- /libsandbox/wrappers.c: -------------------------------------------------------------------------------- 1 | /* 2 | * wrappers.c 3 | * 4 | * Function wrapping functions. 5 | * 6 | * Copyright 1999-2008 Gentoo Foundation 7 | * Licensed under the GPL-2 8 | * 9 | * Partly Copyright (C) 1998-9 Pancrazio `Ezio' de Mauro , 10 | * as some of the InstallWatch code was used. 11 | */ 12 | 13 | #undef _FILE_OFFSET_BITS 14 | #undef _TIME_BITS 15 | #define _LARGEFILE64_SOURCE 16 | 17 | #include "headers.h" 18 | #include "sbutil.h" 19 | #include "libsandbox.h" 20 | #include "wrappers.h" 21 | 22 | #if !defined(BROKEN_RTLD_NEXT) && defined(HAVE_RTLD_NEXT) 23 | # define USE_RTLD_NEXT 24 | #endif 25 | 26 | static void *libc_handle; 27 | 28 | static void load_libc_handle(void) 29 | { 30 | save_errno(); /* #260765 */ 31 | libc_handle = dlopen(LIBC_VERSION, RTLD_LAZY); 32 | restore_errno(); 33 | 34 | if (!libc_handle) { 35 | fprintf(stderr, "libsandbox: Can't dlopen libc: %s\n", 36 | dlerror()); 37 | exit(EXIT_FAILURE); 38 | } 39 | } 40 | 41 | void *get_dlsym(const char *symname, const char *symver) 42 | { 43 | void *symaddr; 44 | 45 | if (!libc_handle) { 46 | #ifdef USE_RTLD_NEXT 47 | libc_handle = RTLD_NEXT; 48 | try_again: ; 49 | #else 50 | load_libc_handle(); 51 | #endif 52 | } 53 | 54 | if (NULL == symver) 55 | symaddr = dlsym(libc_handle, symname); 56 | else 57 | symaddr = dlvsym(libc_handle, symname, symver); 58 | 59 | if (!symaddr) { 60 | #ifdef USE_RTLD_NEXT 61 | /* Maybe RTLD_NEXT is broken for some screwed up reason as 62 | * can be seen with some specific glibc/kernel versions. 63 | * Recover dynamically so that we can be deployed easily 64 | * via binpkgs and upgrades #202765 #206678 65 | */ 66 | if (libc_handle == RTLD_NEXT) { 67 | load_libc_handle(); 68 | goto try_again; 69 | } 70 | #endif 71 | 72 | fprintf(stderr, "libsandbox: Can't resolve %s: %s\n", 73 | symname, dlerror()); 74 | exit(EXIT_FAILURE); 75 | } 76 | 77 | return symaddr; 78 | } 79 | 80 | /* Macro to check if a wrapper is defined, if not 81 | * then try to resolve it again. 82 | */ 83 | #define check_dlsym(_name, _symname, _symver) \ 84 | { \ 85 | if (NULL == _name) \ 86 | _name = get_dlsym(_symname, _symver); \ 87 | } 88 | 89 | /* Need to include the function wrappers here, as they are needed below */ 90 | #include "symbols.h" 91 | -------------------------------------------------------------------------------- /libsandbox/wrappers.h: -------------------------------------------------------------------------------- 1 | /* 2 | * wrappers.h 3 | * 4 | * Function wrapping functions. 5 | * 6 | * Copyright 1999-2009 Gentoo Foundation 7 | * Licensed under the GPL-2 8 | */ 9 | 10 | #ifndef __WRAPPERS_H__ 11 | #define __WRAPPERS_H__ 12 | 13 | /* Wrapper for internal use of functions in libsandbox. Should really 14 | * autogenerate this header ... 15 | */ 16 | #define sb_unwrapped_access sb_unwrapped_access_DEFAULT 17 | attribute_hidden int sb_unwrapped_access (const char *, int); 18 | #define sb_unwrapped_faccessat sb_unwrapped_faccessat_DEFAULT 19 | attribute_hidden int sb_unwrapped_faccessat (int, const char *, int, int); 20 | #define sb_unwrapped_getcwd sb_unwrapped_getcwd_DEFAULT 21 | attribute_hidden char *sb_unwrapped_getcwd (char *, size_t); 22 | #ifdef HAVE_OPEN64 23 | #define sb_unwrapped_open sb_unwrapped_open64_DEFAULT 24 | #else 25 | #define sb_unwrapped_open sb_unwrapped_open_DEFAULT 26 | #endif 27 | attribute_hidden int sb_unwrapped_open (const char *, int, mode_t); 28 | #ifdef HAVE_OPENAT64 29 | #define sb_unwrapped_openat sb_unwrapped_openat64_DEFAULT 30 | #else 31 | #define sb_unwrapped_openat sb_unwrapped_openat_DEFAULT 32 | #endif 33 | attribute_hidden int sb_unwrapped_openat (int dirfd, const char *path, int flags, mode_t mode); 34 | #define sb_unwrapped_popen sb_unwrapped_popen_DEFAULT 35 | attribute_hidden FILE *sb_unwrapped_popen (const char *, const char *); 36 | 37 | attribute_hidden bool sb_fopen_pre_check (const char *func, const char *pathname, const char *mode); 38 | attribute_hidden bool sb_fopen64_pre_check (const char *func, const char *pathname, const char *mode); 39 | attribute_hidden bool sb_mkdirat_pre_check (const char *func, const char *pathname, int dirfd); 40 | attribute_hidden bool sb_opendir_pre_check (const char *func, const char *name); 41 | attribute_hidden bool sb_unlinkat_pre_check (const char *func, const char *pathname, int dirfd); 42 | attribute_hidden bool sb_common_at_pre_check(const char *func, const char **pathname, int dirfd, 43 | char *dirfd_path, size_t dirfd_path_len); 44 | 45 | #endif 46 | -------------------------------------------------------------------------------- /libsbutil/Makefile: -------------------------------------------------------------------------------- 1 | # Helper for developers. 2 | all libsbutil libsbutil.la: libsbutil/libsbutil.la ; 3 | clean: ; rm -f *.o *.l[ao] .libs/* 4 | %: ; $(MAKE) -C .. $@ 5 | -------------------------------------------------------------------------------- /libsbutil/environment.c: -------------------------------------------------------------------------------- 1 | /* 2 | * environment.c 3 | * 4 | * Environment utility functions. 5 | * 6 | * Copyright 1999-2012 Gentoo Foundation 7 | * Licensed under the GPL-2 8 | */ 9 | 10 | #include "headers.h" 11 | #include "sbutil.h" 12 | 13 | static const char * const true_values[] = { 14 | "1", "true", "yes", NULL, 15 | }; 16 | 17 | static const char * const false_values[] = { 18 | "0", "false", "no", NULL, 19 | }; 20 | 21 | static bool val_is_in(const char *val, const char * const values[]) 22 | { 23 | size_t i = 0; 24 | 25 | while (values[i]) 26 | if (!strcasecmp(val, values[i++])) 27 | return true; 28 | 29 | return false; 30 | } 31 | 32 | static bool env_is_in(const char *env, const char * const values[], bool *set) 33 | { 34 | const char *val; 35 | 36 | if (unlikely(!env)) 37 | return (*set = false); 38 | 39 | val = getenv(env); 40 | *set = (val != NULL); 41 | if (unlikely(!*set)) 42 | return false; 43 | 44 | return val_is_in(val, values); 45 | } 46 | 47 | bool is_val_on(const char *val) 48 | { 49 | return val_is_in(val, true_values); 50 | } 51 | bool is_val_off(const char *val) 52 | { 53 | return val_is_in(val, false_values); 54 | } 55 | 56 | bool is_env_set_on(const char *env, bool *set) 57 | { 58 | return env_is_in(env, true_values, set); 59 | } 60 | bool is_env_on(const char *env) 61 | { 62 | bool set; 63 | return is_env_set_on(env, &set); 64 | } 65 | 66 | bool is_env_set_off(const char *env, bool *set) 67 | { 68 | return env_is_in(env, false_values, set); 69 | } 70 | bool is_env_off(const char *env) 71 | { 72 | bool set; 73 | return is_env_set_off(env, &set); 74 | } 75 | -------------------------------------------------------------------------------- /libsbutil/get_sandbox_conf.c: -------------------------------------------------------------------------------- 1 | /* 2 | * get_sandbox_conf.c 3 | * 4 | * Util functions. 5 | * 6 | * Copyright 1999-2008 Gentoo Foundation 7 | * Licensed under the GPL-2 8 | */ 9 | 10 | #include "headers.h" 11 | #include "sbutil.h" 12 | 13 | char *get_sandbox_conf(void) 14 | { 15 | char *ret = SANDBOX_CONF_FILE; 16 | save_errno(); 17 | if (is_env_on(ENV_SANDBOX_TESTING)) 18 | ret = getenv("__SANDBOX_CONF_FILE"); 19 | restore_errno(); 20 | return ret; 21 | } 22 | -------------------------------------------------------------------------------- /libsbutil/get_sandbox_confd.c: -------------------------------------------------------------------------------- 1 | /* 2 | * get_sandbox_confd.c 3 | * 4 | * Util functions. 5 | * 6 | * Copyright 1999-2009 Gentoo Foundation 7 | * Licensed under the GPL-2 8 | */ 9 | 10 | #include "headers.h" 11 | #include "sbutil.h" 12 | 13 | char *get_sandbox_confd(char *path) 14 | { 15 | save_errno(); 16 | char *p; 17 | if (is_env_on(ENV_SANDBOX_TESTING) && (p = getenv("__SANDBOX_CONFD_DIR"))) 18 | strlcpy(path, p, PATH_MAX); 19 | else 20 | strcpy(path, SANDBOX_CONFD_DIR); 21 | restore_errno(); 22 | return path; 23 | } 24 | -------------------------------------------------------------------------------- /libsbutil/get_sandbox_lib.c: -------------------------------------------------------------------------------- 1 | /* 2 | * get_sandbox_lib.c 3 | * 4 | * Util functions. 5 | * 6 | * Copyright 1999-2008 Gentoo Foundation 7 | * Licensed under the GPL-2 8 | * 9 | * Some parts might have Copyright: 10 | * Copyright (C) 2002 Brad House 11 | */ 12 | 13 | #include "headers.h" 14 | #include "sbutil.h" 15 | 16 | /* Always let the dynamic loader do the searching rather than hard coding the 17 | * full path. This way, things like multilib, testing, local runs work easier. 18 | * 19 | * Make an exception for non-standard setups (i.e. prefix) where libsandbox is 20 | * installed into a path that is not in ld.so.conf. 21 | */ 22 | void get_sandbox_lib(char *path) 23 | { 24 | save_errno(); 25 | strcpy(path, LIB_NAME); 26 | if (strncmp("/usr/lib", LIBSANDBOX_PATH, 8)) { 27 | void *hndl = dlopen(path, RTLD_LAZY); 28 | if (!hndl) 29 | snprintf(path, PATH_MAX, "%s/%s", LIBSANDBOX_PATH, LIB_NAME); 30 | else 31 | dlclose(hndl); 32 | } 33 | restore_errno(); 34 | } 35 | -------------------------------------------------------------------------------- /libsbutil/get_sandbox_log.c: -------------------------------------------------------------------------------- 1 | /* 2 | * get_sandbox_log.c 3 | * 4 | * Util functions. 5 | * 6 | * Copyright 1999-2008 Gentoo Foundation 7 | * Licensed under the GPL-2 8 | * 9 | * Some parts might have Copyright: 10 | * Copyright (C) 2002 Brad House 11 | */ 12 | 13 | #include "headers.h" 14 | #include "sbutil.h" 15 | 16 | static void _get_sb_log(char *path, const char *tmpdir, const char *env, const char *prefix) 17 | { 18 | char *sandbox_log_env = NULL; 19 | 20 | save_errno(); 21 | 22 | sandbox_log_env = getenv(env); 23 | 24 | if (sandbox_log_env) { 25 | /* If the env is viable, roll with it. We aren't really 26 | * about people breaking the security of the sandbox by 27 | * exporting SANDBOX_LOG=/dev/null. 28 | */ 29 | strncpy(path, sandbox_log_env, PATH_MAX); 30 | } else { 31 | /* If running as a user w/out write access to /var/log, don't 32 | * shit ourselves. 33 | */ 34 | const char *sb_log_dir = SANDBOX_LOG_LOCATION; 35 | if (tmpdir && access(sb_log_dir, W_OK)) 36 | sb_log_dir = tmpdir; 37 | 38 | snprintf(path, PATH_MAX, "%s%s%s%s%d%s", 39 | sb_log_dir, prefix, 40 | (sandbox_log_env == NULL ? "" : sandbox_log_env), 41 | (sandbox_log_env == NULL ? "" : "-"), 42 | getpid(), LOG_FILE_EXT); 43 | } 44 | 45 | restore_errno(); 46 | } 47 | 48 | void get_sandbox_log(char *path, const char *tmpdir) 49 | { 50 | _get_sb_log(path, tmpdir, ENV_SANDBOX_LOG, LOG_FILE_PREFIX); 51 | } 52 | 53 | void get_sandbox_debug_log(char *path, const char *tmpdir) 54 | { 55 | _get_sb_log(path, tmpdir, ENV_SANDBOX_DEBUG_LOG, DEBUG_LOG_FILE_PREFIX); 56 | } 57 | 58 | void get_sandbox_message_path(char *path) 59 | { 60 | _get_sb_log(path, NULL, ENV_SANDBOX_MESSAGE_PATH, DEBUG_LOG_FILE_PREFIX); 61 | } 62 | -------------------------------------------------------------------------------- /libsbutil/get_sandbox_rc.c: -------------------------------------------------------------------------------- 1 | /* 2 | * get_sandbox_rc.c 3 | * 4 | * Util functions. 5 | * 6 | * Copyright 1999-2008 Gentoo Foundation 7 | * Licensed under the GPL-2 8 | * 9 | * Some parts might have Copyright: 10 | * Copyright (C) 2002 Brad House 11 | */ 12 | 13 | #include "headers.h" 14 | #include "sbutil.h" 15 | 16 | void get_sandbox_rc(char *path) 17 | { 18 | save_errno(); 19 | if (is_env_on(ENV_SANDBOX_TESTING)) 20 | snprintf(path, PATH_MAX, "%s/%s", 21 | getenv("__SANDBOX_BASHRC_PATH"), BASHRC_NAME); 22 | else 23 | snprintf(path, PATH_MAX, "%s/%s", 24 | SANDBOX_BASHRC_PATH, BASHRC_NAME); 25 | restore_errno(); 26 | } 27 | -------------------------------------------------------------------------------- /libsbutil/get_tmp_dir.c: -------------------------------------------------------------------------------- 1 | /* 2 | * get_tmp_dir.c 3 | * 4 | * Util functions. 5 | * 6 | * Copyright 1999-2008 Gentoo Foundation 7 | * Licensed under the GPL-2 8 | * 9 | * Some parts might have Copyright: 10 | * Copyright (C) 2002 Brad House 11 | */ 12 | 13 | #include "headers.h" 14 | #include "sbutil.h" 15 | 16 | int get_tmp_dir(char *path) 17 | { 18 | save_errno(); 19 | 20 | if (NULL == realpath(getenv(ENV_TMPDIR) ? : TMPDIR, path)) 21 | if (NULL == realpath(TMPDIR, path)) 22 | return -1; 23 | 24 | restore_errno(); 25 | 26 | return 0; 27 | } 28 | -------------------------------------------------------------------------------- /libsbutil/include/rcscripts/rcutil.h: -------------------------------------------------------------------------------- 1 | /* 2 | * rcutil.h 3 | * 4 | * Util defines. 5 | * 6 | * Copyright 1999-2008 Gentoo Foundation 7 | * Copyright 2004-2007 Martin Schlemmer 8 | */ 9 | 10 | #ifndef __RCUTIL_H__ 11 | #define __RCUTIL_H__ 12 | 13 | #include "rcscripts/util/debug.h" 14 | #include "rcscripts/util/string.h" 15 | #include "rcscripts/util/file.h" 16 | #include "rcscripts/util/config.h" 17 | #include "rcscripts/util/dynbuf.h" 18 | 19 | #include "rcscripts/util/str_list.h" /* used by libsandbox/execve wrapper */ 20 | 21 | #include "sbutil.h" 22 | 23 | #endif /* __RCUTIL_H__ */ 24 | -------------------------------------------------------------------------------- /libsbutil/include/rcscripts/util/config.h: -------------------------------------------------------------------------------- 1 | /* 2 | * config.h 3 | * 4 | * Miscellaneous config related macro's and functions. 5 | * 6 | * Copyright 1999-2008 Gentoo Foundation 7 | * Copyright 2004-2007 Martin Schlemmer 8 | * Licensed under the GPL-2 9 | */ 10 | 11 | #ifndef __RC_CONFIG_H__ 12 | #define __RC_CONFIG_H__ 13 | 14 | #include 15 | 16 | /* The following return a pointer on success, or NULL with errno set on error. 17 | * If it returned NULL, but errno is not set, then there was no error, but 18 | * there is nothing to return. */ 19 | /* rc_get_cnf_entry() will get the last config entry (ala bash variable 20 | * assignment rules) if 'sep' equals NULL, else it will concat all values 21 | * together seperated by 'sep'. */ 22 | char *rc_get_cnf_entry (const char *pathname, const char *entry, 23 | const char *sep); 24 | 25 | #endif /* __RC_CONFIG_H__ */ 26 | -------------------------------------------------------------------------------- /libsbutil/include/rcscripts/util/dynbuf.h: -------------------------------------------------------------------------------- 1 | /* 2 | * dynbuf.h 3 | * 4 | * Dynamic allocated buffers. 5 | * 6 | * Copyright 1999-2008 Gentoo Foundation 7 | * Copyright 2004-2007 Martin Schlemmer 8 | * Licensed under the GPL-2 9 | */ 10 | 11 | #ifndef __RC_DYNBUF_H__ 12 | #define __RC_DYNBUF_H__ 13 | 14 | typedef struct 15 | { 16 | char *data; /* Actual data */ 17 | size_t length; /* Length of data block */ 18 | size_t rd_index; /* Current read index */ 19 | size_t wr_index; /* Current write index */ 20 | bool file_map; /* File mapped as dynbuf */ 21 | } rc_dynbuf_t; 22 | 23 | rc_dynbuf_t *rc_dynbuf_new (void); 24 | 25 | rc_dynbuf_t *rc_dynbuf_new_mmap_file (const char *name); 26 | 27 | void rc_dynbuf_free (rc_dynbuf_t *dynbuf); 28 | 29 | int rc_dynbuf_write (rc_dynbuf_t *dynbuf, const char *buf, size_t length); 30 | 31 | int rc_dynbuf_write_fd (rc_dynbuf_t *dynbuf, int fd, size_t length); 32 | 33 | int rc_dynbuf_sprintf (rc_dynbuf_t *dynbuf, const char *format, ...); 34 | 35 | int rc_dynbuf_read (rc_dynbuf_t *dynbuf, char *buf, size_t length); 36 | 37 | int rc_dynbuf_read_fd (rc_dynbuf_t *dynbuf, int fd, size_t length); 38 | 39 | char *rc_dynbuf_read_line (rc_dynbuf_t *dynbuf); 40 | 41 | int rc_dynbuf_replace_char (rc_dynbuf_t *dynbuf, const char old, const char new); 42 | 43 | bool rc_dynbuf_read_eof (rc_dynbuf_t *dynbuf); 44 | 45 | bool rc_check_dynbuf (rc_dynbuf_t *dynbuf); 46 | bool __rc_check_arg_dynbuf (rc_dynbuf_t *dynbuf, const char *file, const char *func, size_t line); 47 | 48 | #define rc_check_arg_dynbuf(_dynbuf) \ 49 | __rc_check_arg_dynbuf (_dynbuf, __FILE__, __func__, __LINE__) 50 | 51 | #endif /* __RC_DYNBUF_H__ */ 52 | -------------------------------------------------------------------------------- /libsbutil/include/rcscripts/util/file.h: -------------------------------------------------------------------------------- 1 | /* 2 | * file.h 3 | * 4 | * Miscellaneous file related macro's and functions. 5 | * 6 | * Copyright 1999-2008 Gentoo Foundation 7 | * Copyright 2004-2007 Martin Schlemmer 8 | * Licensed under the GPL-2 9 | */ 10 | 11 | #ifndef __RC_FILE_H__ 12 | #define __RC_FILE_H__ 13 | 14 | #include 15 | 16 | /* The following functions do not care about errors - they only return 17 | * TRUE if 'pathname' exist, and is the type requested, or else FALSE. 18 | * This is only if pathname is valid ... */ 19 | bool rc_file_exists (const char *pathname); 20 | bool rc_is_file (const char *pathname, bool follow_link); 21 | bool rc_is_dir (const char *pathname, bool follow_link); 22 | 23 | /* The following functions do not care about errors - it only returns 24 | * the size/mtime of 'pathname' if it exists, and is the type requested, 25 | * or else 0. */ 26 | int64_t rc_get_size (const char *pathname, bool follow_link); 27 | 28 | /* The following return a pointer on success, or NULL with errno set on error. 29 | * If it returned NULL, but errno is not set, then there was no error, but 30 | * there is nothing to return. */ 31 | char **rc_ls_dir (const char *pathname, bool hidden, bool sort); 32 | 33 | /* Below two functions (rc_file_map and rc_file_unmap) are from 34 | * udev-050 (udev_utils.c). Please see misc.c for copyright info. 35 | * (Some are slightly modified, please check udev for originals.) */ 36 | int rc_file_map (const char *filename, char **buf, size_t * bufsize); 37 | void rc_file_unmap (char *buf, size_t bufsize); 38 | 39 | #endif /* __RC_FILE_H__ */ 40 | -------------------------------------------------------------------------------- /libsbutil/include/rcscripts/util/string.h: -------------------------------------------------------------------------------- 1 | /* 2 | * string.h 3 | * 4 | * Miscellaneous string related macro's and functions. 5 | * 6 | * Copyright 1999-2008 Gentoo Foundation 7 | * Copyright 2004-2007 Martin Schlemmer 8 | * Licensed under the GPL-2 9 | */ 10 | 11 | #ifndef __RC_STRING_H__ 12 | #define __RC_STRING_H__ 13 | 14 | /* Concat two paths adding '/' if needed. Memory will be allocated 15 | * with the malloc() call. */ 16 | char *rc_strcatpaths (const char *pathname1, const char *pathname2); 17 | 18 | #endif /* __RC_STRING_H__ */ 19 | -------------------------------------------------------------------------------- /libsbutil/local.mk: -------------------------------------------------------------------------------- 1 | noinst_LIBRARIES += %D%/libsbutil.a 2 | 3 | %C%_libsbutil_a_CPPFLAGS = \ 4 | $(AM_CPPFLAGS) \ 5 | $(SIXTY_FOUR_FLAGS) \ 6 | -I$(top_srcdir)/%D% \ 7 | -I$(top_srcdir)/%D%/include \ 8 | -I$(top_srcdir)/%D%/gnulib 9 | %C%_libsbutil_a_CFLAGS = -fPIC 10 | %C%_libsbutil_a_SOURCES = \ 11 | %D%/sbutil.h \ 12 | %D%/get_sandbox_conf.c \ 13 | %D%/get_sandbox_confd.c \ 14 | %D%/get_sandbox_lib.c \ 15 | %D%/get_sandbox_rc.c \ 16 | %D%/get_sandbox_log.c \ 17 | %D%/get_tmp_dir.c \ 18 | %D%/environment.c \ 19 | %D%/sb_backtrace.c \ 20 | %D%/sb_efuncs.c \ 21 | %D%/sb_gdb.c \ 22 | %D%/sb_method.c \ 23 | %D%/sb_open.c \ 24 | %D%/sb_read.c \ 25 | %D%/sb_stat.c \ 26 | %D%/sb_write.c \ 27 | %D%/sb_write_fd.c \ 28 | %D%/sb_printf.c \ 29 | %D%/sb_proc.c \ 30 | %D%/sb_memory.c \ 31 | %D%/include/rcscripts/rcutil.h \ 32 | %D%/include/rcscripts/util/str_list.h \ 33 | %D%/include/rcscripts/util/debug.h \ 34 | %D%/src/debug.c \ 35 | %D%/include/rcscripts/util/string.h \ 36 | %D%/src/string.c \ 37 | %D%/include/rcscripts/util/file.h \ 38 | %D%/src/file.c \ 39 | %D%/include/rcscripts/util/config.h \ 40 | %D%/src/config.c \ 41 | %D%/include/rcscripts/util/dynbuf.h \ 42 | %D%/src/dynbuf.c 43 | -------------------------------------------------------------------------------- /libsbutil/sb_backtrace.c: -------------------------------------------------------------------------------- 1 | /* 2 | * sb_backtrace.c 3 | * 4 | * Need to keep in a dedicated file so libsandbox can override. 5 | * 6 | * Copyright 1999-2012 Gentoo Foundation 7 | * Licensed under the GPL-2 8 | */ 9 | 10 | #include "headers.h" 11 | #include "sbutil.h" 12 | 13 | void __sb_dump_backtrace(void) 14 | { 15 | } 16 | -------------------------------------------------------------------------------- /libsbutil/sb_gdb.c: -------------------------------------------------------------------------------- 1 | /* 2 | * sb_gdb.c 3 | * 4 | * Helpers for autolaunching gdb. 5 | * 6 | * Copyright 1999-2012 Gentoo Foundation 7 | * Licensed under the GPL-2 8 | */ 9 | 10 | #include "headers.h" 11 | #include "sbutil.h" 12 | 13 | static int __sb_connect_gdb(void *vpid) 14 | { 15 | char pid[10]; 16 | snprintf(pid, sizeof(pid), "%i", (pid_t)(uintptr_t)vpid); 17 | unsetenv(ENV_LD_PRELOAD); 18 | return /*sb_unwrapped_*/execlp("gdb", "gdb", 19 | "--quiet", 20 | "--pid", pid, 21 | "-ex", "set _gdb_poller = 0", 22 | "-ex", "fin", 23 | "-ex", "bt full", 24 | "-ex", "echo \\n", 25 | "-ex", "f", 26 | NULL); 27 | } 28 | 29 | #define STACK_SIZE 4096 30 | 31 | #ifndef HAVE_CLONE 32 | # ifdef HAVE___CLONE2 33 | /* Hrm, maybe they have clone2 */ 34 | # define clone(fn, stack, flags, arg) \ 35 | __clone2(fn, stack, STACK_SIZE, flags, arg, NULL, NULL, NULL) 36 | # else 37 | /* Fake it with fork() ... not as safe, but not much else we can do */ 38 | static int fake_clone(int (*fn)(void *), void *child_stack, int flags, void *arg) 39 | { 40 | pid_t pid = fork(); 41 | switch (pid) { 42 | case 0: 43 | _exit(fn(arg)); 44 | default: 45 | return pid; 46 | } 47 | } 48 | # define clone(...) fake_clone(__VA_ARGS__) 49 | # endif 50 | #endif 51 | 52 | void sb_gdb(void) 53 | { 54 | char stack[STACK_SIZE * 2]; 55 | pid_t pid = getpid(); 56 | /* Put the child stack in the middle so we don't have to worry about 57 | * the direction of growth. Most grown down, but some grow up!@ 58 | */ 59 | if (clone(__sb_connect_gdb, stack + STACK_SIZE, 0, (void *)(uintptr_t)pid) != -1) { 60 | volatile int _gdb_poller = 1; 61 | while (_gdb_poller); 62 | } 63 | } 64 | 65 | #ifndef NDEBUG 66 | void sb_maybe_gdb(void) 67 | { 68 | if (is_env_on("SANDBOX_GDB")) { 69 | sb_einfo("attempting to autolaunch gdb; please wait ...\n\n"); 70 | sb_gdb(); 71 | } 72 | } 73 | #endif 74 | -------------------------------------------------------------------------------- /libsbutil/sb_method.c: -------------------------------------------------------------------------------- 1 | /* 2 | * sb_method.c 3 | * 4 | * Util functions for sandbox method settings. 5 | * 6 | * Copyright 2021 Gentoo Foundation 7 | * Licensed under the GPL-2 8 | */ 9 | 10 | #include "headers.h" 11 | #include "sbutil.h" 12 | 13 | sandbox_method_t parse_sandbox_method(const char *method) 14 | { 15 | if (method == NULL || streq(method, "") || streq(method, "any")) 16 | return SANDBOX_METHOD_ANY; 17 | 18 | if (streq(method, "preload")) 19 | return SANDBOX_METHOD_PRELOAD; 20 | 21 | return SANDBOX_METHOD_ANY; 22 | } 23 | 24 | const char *str_sandbox_method(sandbox_method_t method) 25 | { 26 | switch (method) { 27 | case SANDBOX_METHOD_PRELOAD: 28 | return "preload"; 29 | case SANDBOX_METHOD_ANY: 30 | return "any"; 31 | default: 32 | return ""; 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /libsbutil/sb_open.c: -------------------------------------------------------------------------------- 1 | /* 2 | * sb_open.c 3 | * 4 | * IO functions. 5 | * 6 | * Copyright 1999-2008 Gentoo Foundation 7 | * Licensed under the GPL-2 8 | */ 9 | 10 | #include "headers.h" 11 | #include "sbutil.h" 12 | 13 | /* General purpose function to _reliably_ open a file 14 | * 15 | * Returns the file descriptor or -1 on error (and errno set) 16 | */ 17 | 18 | int sb_open(const char *path, int flags, mode_t mode) 19 | { 20 | int fd; 21 | 22 | do { 23 | fd = sbio_open(path, flags, mode); 24 | } while ((-1 == fd) && (EINTR == errno)); 25 | 26 | if ((-1 != fd) && (0 != errno)) 27 | /* Do not trigger debugging */ 28 | errno = 0; 29 | 30 | if (-1 == fd) 31 | DBG_MSG("Failed to open file '%s'!\n", path); 32 | 33 | return fd; 34 | } 35 | -------------------------------------------------------------------------------- /libsbutil/sb_proc.c: -------------------------------------------------------------------------------- 1 | /* 2 | * funcs for poking around /proc 3 | * 4 | * Copyright 1999-2012 Gentoo Foundation 5 | * Licensed under the GPL-2 6 | */ 7 | 8 | #include "headers.h" 9 | #include "sbutil.h" 10 | 11 | const char sb_fd_dir[] = 12 | #if defined(SANDBOX_PROC_SELF_FD) 13 | "/proc/self/fd" 14 | #elif defined(SANDBOX_DEV_FD) 15 | "/dev/fd" 16 | #else 17 | # error "how do i access a proc's fd/ tree ?" 18 | #endif 19 | ; 20 | 21 | const char *sb_get_cmdline(pid_t pid) 22 | { 23 | #if !defined(SANDBOX_PROC_1_CMDLINE) && !defined(SANDBOX_PROC_SELF_CMDLINE) && !defined(SANDBOX_PROC_dd_CMDLINE) 24 | # error "how do i access a proc's cmdline ?" 25 | #endif 26 | static char path[256]; 27 | if (!pid) 28 | pid = getpid(); 29 | sprintf(path, "/proc/%i/cmdline", pid); 30 | return path; 31 | } 32 | -------------------------------------------------------------------------------- /libsbutil/sb_read.c: -------------------------------------------------------------------------------- 1 | /* 2 | * sb_write.c 3 | * 4 | * IO functions. 5 | * 6 | * Copyright 1999-2008 Gentoo Foundation 7 | * Licensed under the GPL-2 8 | */ 9 | 10 | #include "headers.h" 11 | #include "sbutil.h" 12 | 13 | /* General purpose function to _reliably_ read from a file. 14 | * 15 | * Returns total read bytes or -1 on error. 16 | */ 17 | 18 | size_t sb_read(int fd, void *buf, size_t count) 19 | { 20 | ssize_t n; 21 | size_t accum = 0; 22 | 23 | do { 24 | n = read(fd, buf + accum, count - accum); 25 | 26 | if (n > 0) { 27 | accum += n; 28 | continue; 29 | } 30 | 31 | if (n < 0) { 32 | if (EINTR == errno) { 33 | /* Reset errno to not trigger DBG_MSG */ 34 | errno = 0; 35 | continue; 36 | } 37 | 38 | DBG_MSG("Failed to read from fd=%i!\n", fd); 39 | return -1; 40 | } 41 | 42 | /* Found EOF */ 43 | break; 44 | } while (accum < count); 45 | 46 | return accum; 47 | } 48 | -------------------------------------------------------------------------------- /libsbutil/sb_stat.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2023 Gentoo Authors 3 | * Distributed under the terms of the GNU General Public License v2 4 | */ 5 | 6 | #include "headers.h" 7 | #include "sbutil.h" 8 | 9 | /* Wrapper for faccessat to work around buggy behavior on musl */ 10 | int sb_exists(int dirfd, const char *pathname, int flags) 11 | { 12 | struct stat buf; 13 | 14 | if (sbio_faccessat(dirfd, pathname, F_OK, flags|AT_EACCESS) == 0) 15 | return 0; 16 | 17 | /* musl's faccessat gives EINVAL when the kernel does not support 18 | * faccessat2 and AT_SYMLINK_NOFOLLOW is set. 19 | * https://www.openwall.com/lists/musl/2023/06/19/1 */ 20 | if (errno != EINVAL) 21 | return -1; 22 | 23 | return fstatat(dirfd, pathname, &buf, flags); 24 | } 25 | 26 | int sb_fstat(int fd, mode_t *mode, int64_t *size) 27 | { 28 | struct stat buf; 29 | if(fstat(fd, &buf)) 30 | return -1; 31 | *mode = buf.st_mode; 32 | *size = buf.st_size; 33 | return 0; 34 | } 35 | -------------------------------------------------------------------------------- /libsbutil/sb_write.c: -------------------------------------------------------------------------------- 1 | /* 2 | * sb_write.c 3 | * 4 | * IO functions. 5 | * 6 | * Copyright 1999-2008 Gentoo Foundation 7 | * Licensed under the GPL-2 8 | */ 9 | 10 | #include "headers.h" 11 | #include "sbutil.h" 12 | 13 | /* General purpose function to _reliably_ write to a file 14 | * 15 | * If returned value is less than count, there was a fatal 16 | * error and value tells how many bytes were actually written 17 | */ 18 | 19 | size_t sb_write(int fd, const void *buf, size_t count) 20 | { 21 | ssize_t n; 22 | size_t accum = 0; 23 | 24 | do { 25 | n = write(fd, buf + accum, count - accum); 26 | if (n < 0) { 27 | if (EINTR == errno) { 28 | /* Reset errno to not trigger DBG_MSG */ 29 | errno = 0; 30 | continue; 31 | } 32 | 33 | DBG_MSG("Failed to write to fd=%i!\n", fd); 34 | break; 35 | } 36 | 37 | accum += n; 38 | } while (accum < count); 39 | 40 | return accum; 41 | } 42 | -------------------------------------------------------------------------------- /libsbutil/sb_write_fd.c: -------------------------------------------------------------------------------- 1 | /* 2 | * helper for sucking up a file and writing it to a fd. 3 | * good for copying the contents of small status files 4 | * into a log file. 5 | * 6 | * Copyright 1999-2012 Gentoo Foundation 7 | * Licensed under the GPL-2 8 | */ 9 | 10 | #include "headers.h" 11 | #include "sbutil.h" 12 | 13 | int sb_copy_file_to_fd(const char *file, int ofd) 14 | { 15 | char buf[128]; 16 | int ret = -1; 17 | 18 | int ifd = sb_open(file, O_RDONLY|O_CLOEXEC, 0); 19 | if (ifd == -1) 20 | return ret; 21 | 22 | while (1) { 23 | size_t len = sb_read(ifd, buf, sizeof(buf)); 24 | if (len == -1) 25 | goto error; 26 | else if (!len) 27 | break; 28 | size_t i; 29 | for (i = 0; i < len; ++i) 30 | if (!buf[i]) 31 | buf[i] = ' '; 32 | if (sb_write(ofd, buf, len) != len) 33 | goto error; 34 | } 35 | 36 | ret = 0; 37 | error: 38 | close(ifd); 39 | return ret; 40 | } 41 | -------------------------------------------------------------------------------- /libsbutil/src/string.c: -------------------------------------------------------------------------------- 1 | /* 2 | * string.c 3 | * 4 | * Miscellaneous macro's and functions. 5 | * 6 | * Copyright 1999-2008 Gentoo Foundation 7 | * Copyright 2004-2007 Martin Schlemmer 8 | * Licensed under the GPL-2 9 | */ 10 | 11 | #include "headers.h" 12 | #include "rcscripts/rcutil.h" 13 | 14 | char * 15 | rc_strcatpaths (const char *pathname1, const char *pathname2) 16 | { 17 | char *new_path = NULL; 18 | int lenght; 19 | 20 | if ((!check_arg_str (pathname1)) || (!check_arg_str (pathname2))) 21 | return 0; 22 | 23 | /* Lenght of pathname1 + lenght of pathname2 + '/' if needed */ 24 | lenght = strlen (pathname1) + strlen (pathname2) + 2; 25 | /* lenght + '\0' */ 26 | new_path = xmalloc (lenght); 27 | 28 | snprintf (new_path, lenght, "%s%s%s", pathname1, 29 | (pathname1[strlen (pathname1) - 1] != '/') ? "/" : "", 30 | pathname2); 31 | 32 | return new_path; 33 | } 34 | -------------------------------------------------------------------------------- /m4/ax_check_link_flag.m4: -------------------------------------------------------------------------------- 1 | # =========================================================================== 2 | # https://www.gnu.org/software/autoconf-archive/ax_check_link_flag.html 3 | # =========================================================================== 4 | # 5 | # SYNOPSIS 6 | # 7 | # AX_CHECK_LINK_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS], [INPUT]) 8 | # 9 | # DESCRIPTION 10 | # 11 | # Check whether the given FLAG works with the linker or gives an error. 12 | # (Warnings, however, are ignored) 13 | # 14 | # ACTION-SUCCESS/ACTION-FAILURE are shell commands to execute on 15 | # success/failure. 16 | # 17 | # If EXTRA-FLAGS is defined, it is added to the linker's default flags 18 | # when the check is done. The check is thus made with the flags: "LDFLAGS 19 | # EXTRA-FLAGS FLAG". This can for example be used to force the linker to 20 | # issue an error when a bad flag is given. 21 | # 22 | # INPUT gives an alternative input source to AC_LINK_IFELSE. 23 | # 24 | # NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. Please keep this 25 | # macro in sync with AX_CHECK_{PREPROC,COMPILE}_FLAG. 26 | # 27 | # LICENSE 28 | # 29 | # Copyright (c) 2008 Guido U. Draheim 30 | # Copyright (c) 2011 Maarten Bosmans 31 | # 32 | # Copying and distribution of this file, with or without modification, are 33 | # permitted in any medium without royalty provided the copyright notice 34 | # and this notice are preserved. This file is offered as-is, without any 35 | # warranty. 36 | 37 | #serial 6 38 | 39 | AC_DEFUN([AX_CHECK_LINK_FLAG], 40 | [AC_PREREQ(2.64)dnl for _AC_LANG_PREFIX and AS_VAR_IF 41 | AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_ldflags_$4_$1])dnl 42 | AC_CACHE_CHECK([whether the linker accepts $1], CACHEVAR, [ 43 | ax_check_save_flags=$LDFLAGS 44 | LDFLAGS="$LDFLAGS $4 $1" 45 | AC_LINK_IFELSE([m4_default([$5],[AC_LANG_PROGRAM()])], 46 | [AS_VAR_SET(CACHEVAR,[yes])], 47 | [AS_VAR_SET(CACHEVAR,[no])]) 48 | LDFLAGS=$ax_check_save_flags]) 49 | AS_VAR_IF(CACHEVAR,yes, 50 | [m4_default([$2], :)], 51 | [m4_default([$3], :)]) 52 | AS_VAR_POPDEF([CACHEVAR])dnl 53 | ])dnl AX_CHECK_LINK_FLAGS 54 | -------------------------------------------------------------------------------- /m4/ax_prepend_flag.m4: -------------------------------------------------------------------------------- 1 | # =========================================================================== 2 | # https://www.gnu.org/software/autoconf-archive/ax_prepend_flag.html 3 | # =========================================================================== 4 | # 5 | # SYNOPSIS 6 | # 7 | # AX_PREPEND_FLAG(FLAG, [FLAGS-VARIABLE]) 8 | # 9 | # DESCRIPTION 10 | # 11 | # FLAG is added to the front of the FLAGS-VARIABLE shell variable, with a 12 | # space added in between. 13 | # 14 | # If FLAGS-VARIABLE is not specified, the current language's flags (e.g. 15 | # CFLAGS) is used. FLAGS-VARIABLE is not changed if it already contains 16 | # FLAG. If FLAGS-VARIABLE is unset in the shell, it is set to exactly 17 | # FLAG. 18 | # 19 | # NOTE: Implementation based on AX_APPEND_FLAG. 20 | # 21 | # LICENSE 22 | # 23 | # Copyright (c) 2008 Guido U. Draheim 24 | # Copyright (c) 2011 Maarten Bosmans 25 | # Copyright (c) 2018 John Zaitseff 26 | # 27 | # Copying and distribution of this file, with or without modification, are 28 | # permitted in any medium without royalty provided the copyright notice 29 | # and this notice are preserved. This file is offered as-is, without any 30 | # warranty. 31 | 32 | #serial 2 33 | 34 | AC_DEFUN([AX_PREPEND_FLAG], 35 | [dnl 36 | AC_PREREQ(2.64)dnl for _AC_LANG_PREFIX and AS_VAR_SET_IF 37 | AS_VAR_PUSHDEF([FLAGS], [m4_default($2,_AC_LANG_PREFIX[FLAGS])]) 38 | AS_VAR_SET_IF(FLAGS,[ 39 | AS_CASE([" AS_VAR_GET(FLAGS) "], 40 | [*" $1 "*], [AC_RUN_LOG([: FLAGS already contains $1])], 41 | [ 42 | FLAGS="$1 $FLAGS" 43 | AC_RUN_LOG([: FLAGS="$FLAGS"]) 44 | ]) 45 | ], 46 | [ 47 | AS_VAR_SET(FLAGS,[$1]) 48 | AC_RUN_LOG([: FLAGS="$FLAGS"]) 49 | ]) 50 | AS_VAR_POPDEF([FLAGS])dnl 51 | ])dnl AX_PREPEND_FLAG 52 | -------------------------------------------------------------------------------- /m4/ax_require_defined.m4: -------------------------------------------------------------------------------- 1 | # =========================================================================== 2 | # https://www.gnu.org/software/autoconf-archive/ax_require_defined.html 3 | # =========================================================================== 4 | # 5 | # SYNOPSIS 6 | # 7 | # AX_REQUIRE_DEFINED(MACRO) 8 | # 9 | # DESCRIPTION 10 | # 11 | # AX_REQUIRE_DEFINED is a simple helper for making sure other macros have 12 | # been defined and thus are available for use. This avoids random issues 13 | # where a macro isn't expanded. Instead the configure script emits a 14 | # non-fatal: 15 | # 16 | # ./configure: line 1673: AX_CFLAGS_WARN_ALL: command not found 17 | # 18 | # It's like AC_REQUIRE except it doesn't expand the required macro. 19 | # 20 | # Here's an example: 21 | # 22 | # AX_REQUIRE_DEFINED([AX_CHECK_LINK_FLAG]) 23 | # 24 | # LICENSE 25 | # 26 | # Copyright (c) 2014 Mike Frysinger 27 | # 28 | # Copying and distribution of this file, with or without modification, are 29 | # permitted in any medium without royalty provided the copyright notice 30 | # and this notice are preserved. This file is offered as-is, without any 31 | # warranty. 32 | 33 | #serial 2 34 | 35 | AC_DEFUN([AX_REQUIRE_DEFINED], [dnl 36 | m4_ifndef([$1], [m4_fatal([macro ]$1[ is not defined; is a m4 file missing?])]) 37 | ])dnl AX_REQUIRE_DEFINED 38 | -------------------------------------------------------------------------------- /scripts/gen_trace_header.awk: -------------------------------------------------------------------------------- 1 | # Read the symbols list and create regexs to use for processing readelf output. 2 | function read_symbols() { 3 | COUNT = 0; 4 | while ((getline line < SYMBOLS_FILE) > 0) { 5 | if (line ~ /^ *#/ || line ~ /^$/) 6 | continue; 7 | nfields = split(line, fields); 8 | symbol = fields[1]; 9 | syscall = nfields > 1 ? fields[2] : symbol; 10 | 11 | c = ++COUNT 12 | SYMBOLS[c] = symbol; 13 | SYSCALLS[c] = syscall; 14 | } 15 | } 16 | 17 | BEGIN { 18 | read_symbols(); 19 | 20 | if (MODE == "gen") { 21 | for (x in SYSCALLS) { 22 | print "SB_" SYMBOLS[x] " = SYS_" SYSCALLS[x]; 23 | } 24 | exit(0); 25 | } 26 | } 27 | 28 | function out(name, syscall, val) 29 | { 30 | uname = toupper(name) 31 | syscall_define = "SB_SYS" syscall_prefix "_" uname 32 | print "#define " syscall_define " " val; 33 | if (name == syscall) 34 | print "S(" uname ")"; 35 | else 36 | print "{ " syscall_define ", SB_NR_" uname ", \"" uname "\" },"; 37 | } 38 | 39 | { 40 | # found: SB_func = 41 | # not found: SB_func = SYS_func 42 | if ($1 !~ /^SB_/) 43 | next; 44 | if ($3 ~ /^SYS_/) 45 | next; 46 | 47 | sub(/^SB_/, "", $1); 48 | name = $1 49 | # accept everything after the "=" in case it's either 50 | # a straight number or an expression (a syscall base) 51 | sub(/^[^=]*= /, ""); 52 | 53 | syscall = ""; 54 | for (i = 1; i <= COUNT; ++i) { 55 | if (SYMBOLS[i] == name) { 56 | FOUND[i] = 1; 57 | syscall = SYSCALLS[i]; 58 | break; 59 | } 60 | } 61 | 62 | out(name, syscall, $0); 63 | } 64 | 65 | END { 66 | if (MODE != "gen") { 67 | for (x in SYMBOLS) { 68 | if (!FOUND[x]) 69 | out(SYMBOLS[x], SYSCALLS[x], "SB_NR_UNDEF"); 70 | } 71 | } 72 | } 73 | -------------------------------------------------------------------------------- /src/Makefile: -------------------------------------------------------------------------------- 1 | # Helper for developers. 2 | all sandbox: src/sandbox ; 3 | clean: ; rm -f *.o *.l[ao] .libs/* sandbox 4 | %: ; $(MAKE) -C .. $@ 5 | -------------------------------------------------------------------------------- /src/local.mk: -------------------------------------------------------------------------------- 1 | bin_PROGRAMS += %D%/sandbox 2 | 3 | %C%_sandbox_CPPFLAGS = \ 4 | $(AM_CPPFLAGS) \ 5 | $(SIXTY_FOUR_FLAGS) \ 6 | -I$(top_srcdir)/libsbutil \ 7 | -I$(top_srcdir)/libsbutil/include 8 | 9 | %C%_sandbox_LDADD = libsbutil/libsbutil.a $(LIBDL) 10 | %C%_sandbox_SOURCES = \ 11 | %D%/environ.c \ 12 | %D%/namespaces.c \ 13 | %D%/options.c \ 14 | %D%/sandbox.h \ 15 | %D%/sandbox.c 16 | -------------------------------------------------------------------------------- /src/sandbox.h: -------------------------------------------------------------------------------- 1 | /* 2 | * sandbox.h 3 | * 4 | * Main sandbox related functions. 5 | * 6 | * Copyright 1999-2008 Gentoo Foundation 7 | * Licensed under the GPL-2 8 | * 9 | * Some parts might have Copyright: 10 | * Copyright (C) 2002 Brad House 11 | */ 12 | 13 | #ifndef __SANDBOX_H__ 14 | #define __SANDBOX_H__ 15 | 16 | struct sandbox_info_t { 17 | char sandbox_log[PATH_MAX]; 18 | char sandbox_debug_log[PATH_MAX]; 19 | char sandbox_message_path[PATH_MAX]; 20 | char sandbox_lib[PATH_MAX]; 21 | char sandbox_rc[PATH_MAX]; 22 | char work_dir[PATH_MAX]; 23 | char tmp_dir[PATH_MAX]; 24 | char *home_dir; 25 | }; 26 | 27 | extern char **setup_environ(struct sandbox_info_t *sandbox_info); 28 | 29 | extern bool sb_get_cnf_bool(const char *, bool); 30 | 31 | #ifdef __linux__ 32 | extern pid_t setup_namespaces(void); 33 | #else 34 | #define setup_namespaces() fork() 35 | #endif 36 | 37 | #define sb_warn(fmt, args...) fprintf(stderr, "%s:%s " fmt "\n", "sandbox", __func__, ## args) 38 | #define sb_pwarn(fmt, args...) sb_warn(fmt ": %s\n", ## args, strerror(errno)) 39 | #define _sb_err(func, fmt, args...) do { sb_##func(fmt, ## args); exit(EXIT_FAILURE); } while (0) 40 | #define sb_err(fmt, args...) _sb_err(warn, fmt, ## args) 41 | #define sb_perr(fmt, args...) _sb_err(pwarn, fmt, ## args) 42 | 43 | /* Option parsing related code */ 44 | extern void parseargs(int argc, char *argv[]); 45 | extern int opt_use_namespaces; 46 | extern int opt_use_ns_cgroup; 47 | extern int opt_use_ns_ipc; 48 | extern int opt_use_ns_mnt; 49 | extern int opt_use_ns_net; 50 | extern int opt_use_ns_pid; 51 | extern int opt_use_ns_sysv; 52 | extern int opt_use_ns_time; 53 | extern int opt_use_ns_user; 54 | extern int opt_use_ns_uts; 55 | extern bool opt_use_bash; 56 | 57 | #endif 58 | -------------------------------------------------------------------------------- /src/sandbox.sh.in: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # quick wrapper to run local sandbox with local libsandbox 3 | dir=${0%/*} 4 | export LD_LIBRARY_PATH="@abs_top_builddir@/libsandbox/.libs" 5 | export __SANDBOX_BASHRC_PATH="@abs_top_srcdir@/data" 6 | export __SANDBOX_CONF_FILE="@abs_top_srcdir@/etc/sandbox.conf" 7 | export __SANDBOX_CONFD_DIR="@abs_top_builddir@/etc/sandbox.d" 8 | export __SANDBOX_TESTING=yes 9 | if [ -x "${dir}"/sandbox ] ; then 10 | exec "${dir}"/sandbox "$@" 11 | else 12 | exec sandbox "$@" 13 | fi 14 | -------------------------------------------------------------------------------- /tests/Makefile: -------------------------------------------------------------------------------- 1 | # Helper for developers. 2 | all: tests ; 3 | clean: clean-checkPROGRAMS ; rm -f *.o *.l[ao] .libs/* 4 | %: ; $(MAKE) -C .. $@ 5 | -------------------------------------------------------------------------------- /tests/access-0.c: -------------------------------------------------------------------------------- 1 | #define FUNC access 2 | #define SFUNC "access" 3 | #define FUNC_STR "\"%s\", %x" 4 | #define FUNC_IMP file, mode 5 | #define ARG_CNT 2 6 | #define ARG_USE " " 7 | 8 | #define process_args() \ 9 | s = argv[i++]; \ 10 | const char *file = f_get_file(s); \ 11 | \ 12 | s = argv[i++]; \ 13 | int mode = access_mode(s); 14 | 15 | #include "test-skel-0.c" 16 | -------------------------------------------------------------------------------- /tests/access-1.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # We should not trigger sandbox on write requests with access() 3 | 4 | addwrite $PWD 5 | 6 | access-0 -1 rwx / || exit 1 7 | test ! -e sandbox.log 8 | -------------------------------------------------------------------------------- /tests/access.at: -------------------------------------------------------------------------------- 1 | SB_CHECK(1) 2 | -------------------------------------------------------------------------------- /tests/atlocal.in: -------------------------------------------------------------------------------- 1 | # only exported things work in test scripts 2 | 3 | export abs_top_srcdir abs_top_builddir abs_srcdir abs_builddir 4 | export AWK="@AWK@" 5 | export HOST="@host@" 6 | 7 | if ! ${at_clean} ; then 8 | export SB_UID=$(./get-user) 9 | export SB_GID=$(./get-group) 10 | fi 11 | 12 | export at_xfail 13 | 14 | # portage likes to do `addpredict /` ... we dont need/want 15 | # that garbage messing up our env 16 | export SANDBOX_PREDICT=${SANDBOX_PREDICT%:/} 17 | 18 | if [ "${AUTOTEST_PATH}" = "tests" ] ; then 19 | AUTOTEST_PATH="src:tests" 20 | fi 21 | 22 | export SANDBOX_VERBOSE=0 23 | 24 | # If the terminal has this flag set, the tests get all messed up. 25 | stty -tostop 2>/dev/null || : 26 | 27 | # Some tests want this internal path. 28 | for devfd in /proc/self/fd /dev/fd ; do 29 | [ -e "${devfd}" ] && break 30 | done 31 | 32 | # GNU make likes to leak fds when using jobservers (i.e. using -j). 33 | case "${MAKEFLAGS}" in 34 | *--jobserver-auth=*) 35 | flags=${MAKEFLAGS#*--jobserver-auth=} 36 | flags=${flags%% *} 37 | for fd in $(echo "${flags}" | tr ',' ' ') ; do 38 | if [ -e "${devfd}/${fd}" ] ; then 39 | eval "exec ${fd}>&-" 40 | fi 41 | done 42 | ;; 43 | esac 44 | 45 | # This script must finish with ($? == 0) else the autotest runner gets upset. 46 | : 47 | -------------------------------------------------------------------------------- /tests/chmod-0.c: -------------------------------------------------------------------------------- 1 | #define FUNC chmod 2 | #define SFUNC "chmod" 3 | #define FUNC_STR "\"%s\", %o" 4 | #define FUNC_IMP file, mode 5 | #define ARG_CNT 2 6 | #define ARG_USE " " 7 | 8 | #define process_args() \ 9 | s = argv[i++]; \ 10 | const char *file = f_get_file(s); \ 11 | \ 12 | s = argv[i++]; \ 13 | mode_t mode = sscanf_mode_t(s); 14 | 15 | #include "test-skel-0.c" 16 | -------------------------------------------------------------------------------- /tests/chmod-1.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # make sure symlinks with chmod() work properly 3 | 4 | addwrite $PWD 5 | 6 | rm -rf deny link 7 | ( 8 | set -e 9 | mkdir deny 10 | touch deny/file 11 | ln -s deny/file link 12 | ) || exit 1 13 | 14 | # this *should not* trigger a sandbox violation 15 | chmod-0 0 link 0666 || exit 1 16 | 17 | # this *should* trigger a sandbox violation 18 | adddeny $PWD/deny 19 | chmod-0 -1 link 0666 || exit 1 20 | test -s sandbox.log 21 | -------------------------------------------------------------------------------- /tests/chmod.at: -------------------------------------------------------------------------------- 1 | SB_CHECK(1) 2 | -------------------------------------------------------------------------------- /tests/chown-0.c: -------------------------------------------------------------------------------- 1 | #define FUNC chown 2 | #define SFUNC "chown" 3 | #define FUNC_STR "\"%s\", %i, %i" 4 | #define FUNC_IMP file, uid, gid 5 | #define ARG_CNT 3 6 | #define ARG_USE " " 7 | 8 | #define process_args() \ 9 | s = argv[i++]; \ 10 | const char *file = f_get_file(s); \ 11 | \ 12 | s = argv[i++]; \ 13 | uid_t uid = atoi(s); \ 14 | \ 15 | s = argv[i++]; \ 16 | gid_t gid = atoi(s); 17 | 18 | #include "test-skel-0.c" 19 | -------------------------------------------------------------------------------- /tests/chown-1.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # make sure symlinks with chown() work properly 3 | 4 | addwrite $PWD 5 | 6 | rm -rf deny link 7 | ( 8 | set -e 9 | mkdir deny 10 | touch deny/file 11 | ln -s deny/file link 12 | ) || exit 1 13 | 14 | # this *should not* trigger a sandbox violation 15 | chown-0 0 link ${SB_UID} ${SB_GID} || exit 1 16 | 17 | # this *should* trigger a sandbox violation 18 | adddeny $PWD/deny 19 | chown-0 -1 link ${SB_UID} ${SB_GID} || exit 1 20 | test -s sandbox.log 21 | -------------------------------------------------------------------------------- /tests/chown.at: -------------------------------------------------------------------------------- 1 | SB_CHECK(1) 2 | -------------------------------------------------------------------------------- /tests/creat-0.c: -------------------------------------------------------------------------------- 1 | #define FUNC creat 2 | #define SFUNC "creat" 3 | #define FUNC_STR "\"%s\", %o" 4 | #define FUNC_IMP file, mode 5 | #define ARG_CNT 2 6 | #define ARG_USE " " 7 | 8 | #define process_args() \ 9 | s = argv[i++]; \ 10 | const char *file = f_get_file(s); \ 11 | \ 12 | s = argv[i++]; \ 13 | mode_t mode = sscanf_mode_t(s); 14 | 15 | #include "test-skel-0.c" 16 | -------------------------------------------------------------------------------- /tests/creat64-0.c: -------------------------------------------------------------------------------- 1 | #define CONFIG HAVE_CREAT64 2 | #define _FILE_OFFSET_BITS 64 3 | #include "creat-0.c" 4 | -------------------------------------------------------------------------------- /tests/execv-0.c: -------------------------------------------------------------------------------- 1 | /* 2 | * A simple wrapper for execv that validates environment 3 | * is not corrupted by wrapper: https://bugs.gentoo.org/669702 4 | */ 5 | 6 | #define _GNU_SOURCE /* for environ */ 7 | #include 8 | #include "tests.h" 9 | 10 | int main(int argc, char *argv[]) 11 | { 12 | char* execv_argv[] = {"nope", (char*)NULL,}; 13 | char* execv_environ[] = {"FOO=1", (char*)NULL,}; 14 | environ = execv_environ; 15 | execv("./does/not/exist", execv_argv); 16 | if (environ != execv_environ) { 17 | fprintf(stderr, "environ was changed unexpectedly by execv wrapper\n"); 18 | return 1; 19 | } 20 | return 0; 21 | } 22 | -------------------------------------------------------------------------------- /tests/execv-1.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Make sure execv run does not corrup 'environ' of caller process: 3 | # https://bugs.gentoo.org/669702 4 | timeout -s KILL 10 execv-0 5 | -------------------------------------------------------------------------------- /tests/execv.at: -------------------------------------------------------------------------------- 1 | SB_CHECK(1) 2 | -------------------------------------------------------------------------------- /tests/execvp-0.c: -------------------------------------------------------------------------------- 1 | /* 2 | * A simple wrapper for execvp. Useful when most host programs don't match 3 | * the ABI of the active libsandbox.so (e.g. 64bit vs 32bit). 4 | */ 5 | 6 | #include "tests.h" 7 | 8 | int main(int argc, char *argv[]) 9 | { 10 | if (argc < 2) { 11 | printf("usage: execvp [argv0 [argvN] ...]\n"); 12 | return 0; 13 | } 14 | return execvp(argv[1], argv + 2); 15 | } 16 | -------------------------------------------------------------------------------- /tests/faccessat-0.c: -------------------------------------------------------------------------------- 1 | #define CONFIG HAVE_FACCESSAT 2 | #define FUNC faccessat 3 | #define SFUNC "faccessat" 4 | #define FUNC_STR "%i, \"%s\", %x, %x" 5 | #define FUNC_IMP dirfd, file, mode, flags 6 | #define ARG_CNT 4 7 | #define ARG_USE " " 8 | 9 | #define process_args() \ 10 | s = argv[i++]; \ 11 | int dirfd = at_get_fd(s); \ 12 | \ 13 | s = argv[i++]; \ 14 | const char *file = f_get_file(s); \ 15 | \ 16 | s = argv[i++]; \ 17 | int mode = access_mode(s); \ 18 | \ 19 | s = argv[i++]; \ 20 | int flags = at_get_flags(s); 21 | 22 | #include "test-skel-0.c" 23 | -------------------------------------------------------------------------------- /tests/faccessat-1.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | addwrite "$PWD/file" 4 | faccessat-0 0 'file:O_RDWR|O_CREAT:0666' '' rw AT_EMPTY_PATH 5 | exec 9 " 8 | 9 | #define process_args() \ 10 | s = argv[i++]; \ 11 | int dirfd = at_get_fd(s); \ 12 | \ 13 | s = argv[i++]; \ 14 | const char *file = f_get_file(s); \ 15 | \ 16 | s = argv[i++]; \ 17 | mode_t mode = sscanf_mode_t(s); \ 18 | \ 19 | s = argv[i++]; \ 20 | int flags = at_get_flags(s); 21 | 22 | #include "test-skel-0.c" 23 | -------------------------------------------------------------------------------- /tests/fchmodat-1.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # make sure symlinks with fchmodat() work properly 3 | 4 | addwrite $PWD 5 | 6 | rm -rf deny link 7 | ( 8 | set -e 9 | mkdir deny 10 | touch deny/file 11 | ln -s deny/file link 12 | ) || exit 1 13 | 14 | # this *should not* trigger a sandbox violation 15 | fchmodat-0 0 AT_FDCWD link 0666 0 || exit 1 16 | 17 | # this *should* trigger a sandbox violation 18 | adddeny $PWD/deny 19 | fchmodat-0 -1 AT_FDCWD link 0666 0 || exit 1 20 | test -s sandbox.log 21 | -------------------------------------------------------------------------------- /tests/fchmodat.at: -------------------------------------------------------------------------------- 1 | SB_CHECK(1) 2 | -------------------------------------------------------------------------------- /tests/fchown-0.c: -------------------------------------------------------------------------------- 1 | /* 2 | * https://bugs.gentoo.org/599706 3 | * 4 | */ 5 | 6 | #include "headers.h" 7 | 8 | int main(int argc, char *argv[]) 9 | { 10 | if (argc < 3) 11 | return -2; 12 | 13 | uid_t uid = atoi(argv[1]); 14 | gid_t gid = atoi(argv[2]); 15 | /* The sandbox catches this: 16 | * 17 | * int fd = open(argv[3], O_RDWR); 18 | * 19 | * And it /should/ catch this: 20 | * 21 | * int fd = open(argv[3], O_RDONLY); 22 | * 23 | * ...but the latter only works when /proc/self/fd/%i 24 | * is available. 25 | */ 26 | #ifdef SANDBOX_PROC_SELF_FD 27 | int fd = open(argv[3], O_RDONLY); 28 | #else 29 | int fd = open(argv[3], O_RDWR); 30 | #endif 31 | int fchown_result = fchown(fd, uid, gid); 32 | close(fd); 33 | return fchown_result; 34 | } 35 | -------------------------------------------------------------------------------- /tests/fchown-1.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # https://bugs.gentoo.org/599706 4 | # 5 | 6 | addwrite $PWD 7 | rm -f deny || exit 1 8 | touch deny || exit 1 9 | adddeny $PWD/deny 10 | 11 | # The sandbox doesn't log anything when it returns a junk file 12 | # descriptor? It doesn't look like we can test the contents of 13 | # sandbox.log here... instead, we just have to count on fchown 14 | # failing, which it does if you use O_RDWR, and it *should* if you use 15 | # O_RDONLY (because that won't stop the change of ownership). 16 | fchown-0 ${SB_UID} ${SB_GID} $PWD/deny && exit 1 17 | 18 | exit 0 19 | -------------------------------------------------------------------------------- /tests/fchown-2.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Ensure that fchown() doesn't trigger spurious violations in the most 4 | # basic of cases. 5 | # 6 | addwrite $PWD 7 | 8 | # This should not trigger a violation. 9 | rm -f file 10 | touch file 11 | fchown-0 ${SB_UID} ${SB_GID} file || exit 1 12 | -------------------------------------------------------------------------------- /tests/fchown.at: -------------------------------------------------------------------------------- 1 | SB_CHECK(1) 2 | SB_CHECK(2) 3 | -------------------------------------------------------------------------------- /tests/fchownat-0.c: -------------------------------------------------------------------------------- 1 | #define CONFIG HAVE_FCHOWNAT 2 | #define FUNC fchownat 3 | #define SFUNC "fchownat" 4 | #define FUNC_STR "%i, \"%s\", %i, %i, %x" 5 | #define FUNC_IMP dirfd, file, uid, gid, flags 6 | #define ARG_CNT 5 7 | #define ARG_USE " " 8 | 9 | #define process_args() \ 10 | s = argv[i++]; \ 11 | int dirfd = at_get_fd(s); \ 12 | \ 13 | s = argv[i++]; \ 14 | const char *file = f_get_file(s); \ 15 | \ 16 | s = argv[i++]; \ 17 | uid_t uid = atoi(s); \ 18 | \ 19 | s = argv[i++]; \ 20 | gid_t gid = atoi(s); \ 21 | \ 22 | s = argv[i++]; \ 23 | int flags = at_get_flags(s); 24 | 25 | #include "test-skel-0.c" 26 | -------------------------------------------------------------------------------- /tests/fchownat-1.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # make sure symlinks with fchownat(AT_SYMLINK_NOFOLLOW) work properly 3 | 4 | addwrite $PWD 5 | 6 | rm -rf deny link 7 | ( 8 | set -e 9 | mkdir deny 10 | touch deny/file 11 | ln -s deny/file link 12 | ) || exit 1 13 | 14 | adddeny $PWD/deny 15 | 16 | # this should not fail 17 | exec fchownat-0 0 AT_FDCWD link ${SB_UID} ${SB_GID} AT_SYMLINK_NOFOLLOW 18 | -------------------------------------------------------------------------------- /tests/fchownat-2.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # make sure symlinks with fchownat() work properly 3 | 4 | addwrite $PWD 5 | 6 | rm -rf deny link 7 | ( 8 | set -e 9 | mkdir deny 10 | touch deny/file 11 | ln -s deny/file link 12 | ) || exit 1 13 | 14 | # this *should not* trigger a sandbox violation 15 | fchownat-0 0 AT_FDCWD link ${SB_UID} ${SB_GID} 0 || exit 1 16 | 17 | # this *should* trigger a sandbox violation 18 | adddeny $PWD/deny 19 | fchownat-0 -1 AT_FDCWD link ${SB_UID} ${SB_GID} 0 || exit 1 20 | test -s sandbox.log 21 | -------------------------------------------------------------------------------- /tests/fchownat.at: -------------------------------------------------------------------------------- 1 | SB_CHECK(1) 2 | SB_CHECK(2) 3 | -------------------------------------------------------------------------------- /tests/fopen-0.c: -------------------------------------------------------------------------------- 1 | #define FUNC fopen 2 | #define SFUNC "fopen" 3 | #define FUNC_STR "\"%s\", \"%s\"" 4 | #define FUNC_IMP file, mode 5 | #define ARG_CNT 2 6 | #define ARG_USE " " 7 | 8 | #define process_args() \ 9 | s = argv[i++]; \ 10 | const char *file = f_get_file(s); \ 11 | \ 12 | s = argv[i++]; \ 13 | char *mode = s; 14 | 15 | #include "test-skel-0.c" 16 | -------------------------------------------------------------------------------- /tests/fopen64-0.c: -------------------------------------------------------------------------------- 1 | #define CONFIG HAVE_FOPEN64 2 | #define _FILE_OFFSET_BITS 64 3 | #include "fopen-0.c" 4 | -------------------------------------------------------------------------------- /tests/futimesat-0.c: -------------------------------------------------------------------------------- 1 | #define CONFIG HAVE_FUTIMESAT 2 | #define FUNC futimesat 3 | #define SFUNC "futimesat" 4 | #define FUNC_STR "%i, \"%s\", %p" 5 | #define FUNC_IMP dirfd, file, times 6 | #define ARG_CNT 3 7 | #define ARG_USE " " 8 | 9 | #define process_args() \ 10 | s = argv[i++]; \ 11 | int dirfd = at_get_fd(s); \ 12 | \ 13 | s = argv[i++]; \ 14 | const char *file = f_get_file(s); \ 15 | \ 16 | s = argv[i++]; \ 17 | const struct timeval *times = NULL; 18 | 19 | #include "test-skel-0.c" 20 | -------------------------------------------------------------------------------- /tests/futimesat-1.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # basic functionality check 3 | 4 | addwrite $PWD 5 | 6 | touch -r / file || exit 1 7 | futimesat-0 0 AT_FDCWD . NULL || exit 1 8 | futimesat-0 0 AT_FDCWD file NULL || exit 1 9 | [ file -nt / ] 10 | -------------------------------------------------------------------------------- /tests/futimesat-2.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # basic functionality check (violations are caught) 3 | 4 | adddeny $PWD 5 | futimesat-0 -1,EACCES AT_FDCWD . NULL || exit 1 6 | test -s sandbox.log 7 | -------------------------------------------------------------------------------- /tests/futimesat-3.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # make sure NULL filename is handled correctly 3 | 4 | addwrite $PWD 5 | 6 | exec futimesat-0 0 'f:O_WRONLY|O_CREAT:0666' NULL NULL 7 | -------------------------------------------------------------------------------- /tests/futimesat.at: -------------------------------------------------------------------------------- 1 | SB_CHECK(1) 2 | SB_CHECK(2) 3 | SB_CHECK(3) 4 | -------------------------------------------------------------------------------- /tests/get-group.c: -------------------------------------------------------------------------------- 1 | #include "tests.h" 2 | 3 | static int usage(int status) 4 | { 5 | fputs( 6 | "Usage: get-group [args]\n" 7 | " `get-group` return current gid\n" 8 | " `get-group file` return gid of file\n" 9 | " `get-group -group` return gid of group name\n" 10 | , status ? stderr : stdout 11 | ); 12 | return status; 13 | } 14 | 15 | int main(int argc, char *argv[]) 16 | { 17 | switch (argc) { 18 | case 1: 19 | printf("%i\n", getgid()); 20 | return 0; 21 | 22 | case 2: 23 | if (!strcmp(argv[1], "-h")) 24 | return usage(0); 25 | 26 | if (*argv[1] == '-') { 27 | const char *name = argv[1] + 1; 28 | struct group *grp = getgrnam(name); 29 | if (!grp) 30 | errp("getgrnam(%s) failed", name); 31 | printf("%i\n", grp->gr_gid); 32 | } else { 33 | const char *file = argv[1]; 34 | struct stat st; 35 | if (lstat(file, &st)) 36 | errp("lstat(%s) failed", file); 37 | printf("%i\n", st.st_gid); 38 | } 39 | return 0; 40 | } 41 | 42 | return usage(1); 43 | } 44 | -------------------------------------------------------------------------------- /tests/get-user.c: -------------------------------------------------------------------------------- 1 | #include "tests.h" 2 | 3 | static int usage(int status) 4 | { 5 | fputs( 6 | "Usage: get-user [args]\n" 7 | " `get-user` return current uid\n" 8 | " `get-user file` return uid of file\n" 9 | " `get-user -user` return uid of user name\n" 10 | , status ? stderr : stdout 11 | ); 12 | return status; 13 | } 14 | 15 | int main(int argc, char *argv[]) 16 | { 17 | switch (argc) { 18 | case 1: 19 | printf("%i\n", getuid()); 20 | return 0; 21 | 22 | case 2: 23 | if (!strcmp(argv[1], "-h")) 24 | return usage(0); 25 | 26 | if (*argv[1] == '-') { 27 | const char *name = argv[1] + 1; 28 | struct passwd *pwd = getpwnam(name); 29 | if (!pwd) 30 | errp("getpwnam(%s) failed", name); 31 | printf("%i\n", pwd->pw_uid); 32 | } else { 33 | const char *file = argv[1]; 34 | struct stat st; 35 | if (lstat(file, &st)) 36 | errp("lstat(%s) failed", file); 37 | printf("%i\n", st.st_uid); 38 | } 39 | return 0; 40 | } 41 | 42 | return usage(1); 43 | } 44 | -------------------------------------------------------------------------------- /tests/git-bisector.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | if [ $# -ne 3 ] ; then 4 | echo "Usage: $0 [... more opts to git bisect ...]" 5 | exit 1 6 | fi 7 | 8 | script=$1 9 | shift 10 | if [ ! -x "$script" ] ; then 11 | echo "Script is not executable: $script" 12 | exit 1 13 | fi 14 | 15 | set -e 16 | cd "${0%/*}/.." 17 | 18 | cp "$script" git-run-sandbox.sh 19 | rm -f config.cache 20 | make="make -s -j" 21 | cat << EOF > git-run.sh 22 | #!/bin/sh 23 | ./autogen.sh 24 | # Newer versions of sandbox can run configure for us. 25 | # Should drop old support around Jan 2023. 26 | if sandbox --help | grep -q -e--run-configure ; then 27 | sandbox --run-configure -q -C 28 | else 29 | ./configure -q -C $(sandbox -V | tail -n1) 30 | fi 31 | ${make} clean 32 | ${make} 33 | opt= 34 | # Older versions of sandbox implied -c all the time. 35 | if ./src/sandbox.sh --help | grep -q -e--bash ; then 36 | opt="-c" 37 | fi 38 | ./src/sandbox.sh ${opt} . ./data/sandbox.bashrc \; . ./git-run-sandbox.sh 39 | EOF 40 | chmod a+rx git-run.sh 41 | 42 | git bisect start "$@" 43 | exec git bisect run ./git-run.sh 44 | -------------------------------------------------------------------------------- /tests/lchown-0.c: -------------------------------------------------------------------------------- 1 | #define FUNC lchown 2 | #define SFUNC "lchown" 3 | #define FUNC_STR "\"%s\", %i, %i" 4 | #define FUNC_IMP file, uid, gid 5 | #define ARG_CNT 3 6 | #define ARG_USE " " 7 | 8 | #define process_args() \ 9 | s = argv[i++]; \ 10 | const char *file = f_get_file(s); \ 11 | \ 12 | s = argv[i++]; \ 13 | uid_t uid = atoi(s); \ 14 | \ 15 | s = argv[i++]; \ 16 | gid_t gid = atoi(s); 17 | 18 | #include "test-skel-0.c" 19 | -------------------------------------------------------------------------------- /tests/lchown-1.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # make sure symlinks with lchown() work properly 3 | 4 | addwrite $PWD 5 | 6 | rm -rf deny link 7 | ( 8 | set -e 9 | mkdir deny 10 | touch deny/file 11 | ln -s deny/file link 12 | ) || exit 1 13 | 14 | adddeny $PWD/deny 15 | 16 | # this should not fail 17 | exec lchown-0 0 link ${SB_UID} ${SB_GID} 18 | -------------------------------------------------------------------------------- /tests/lchown.at: -------------------------------------------------------------------------------- 1 | SB_CHECK(1) 2 | -------------------------------------------------------------------------------- /tests/libsigsegv.at: -------------------------------------------------------------------------------- 1 | AT_SETUP(libsigsegv) 2 | 3 | AT_SB_CHECK([libsigsegv_tst], [0], [dnl 4 | starting overflow ... caught segv ... OVERFLOW: OK! 5 | ],[ignore]) 6 | 7 | AT_CLEANUP 8 | -------------------------------------------------------------------------------- /tests/libsigsegv_tst.c: -------------------------------------------------------------------------------- 1 | /* distilled from m4: 2 | * $ echo 'define(a,a(a))a' | m4 3 | * 4 | * Basically, we use libsigsegv to install segfault and overflow handlers. 5 | * Then we overflow the stack. The segfault handler should be called. Then 6 | * we return, libsigsegv detects the overflow and then calls the overflow 7 | * handler. 8 | */ 9 | 10 | #include "tests.h" 11 | 12 | #define WRITE(msg) ({ ssize_t w = write(1, msg, sizeof(msg) - 1); w; }) 13 | 14 | #if defined(HAVE_SIGSEGV_H) && defined(HAVE_LIBSIGSEGV) 15 | #include 16 | 17 | static int segv_handler(void *address, int serious) 18 | { 19 | WRITE("caught segv ... "); 20 | if (!serious) 21 | return 0; 22 | WRITE("FAIL: wtf, it's serious!"); 23 | _exit(1); 24 | } 25 | 26 | 27 | static void overflow_handler(int emergency, stackoverflow_context_t context) 28 | { 29 | WRITE("OVERFLOW: OK!\n"); 30 | _exit(0); 31 | } 32 | 33 | static union 34 | { 35 | char buffer[SIGSTKSZ]; 36 | long double ld; 37 | long l; 38 | void *p; 39 | } alternate_signal_stack; 40 | 41 | int recursive(int i) 42 | { 43 | char stack_fatty[1024]; 44 | int ret = sprintf(stack_fatty, "%i", i); 45 | if (i <= 0) 46 | return i + ret; 47 | else 48 | return recursive(i + ret); 49 | } 50 | 51 | int main(int argc, char *argv[]) 52 | { 53 | int ret; 54 | 55 | ret = stackoverflow_install_handler(overflow_handler, 56 | alternate_signal_stack.buffer, sizeof alternate_signal_stack.buffer); 57 | if (ret) 58 | err("stackoverflow_install_handler() failed"); 59 | 60 | ret = sigsegv_install_handler(segv_handler); 61 | if (ret) 62 | err("sigsegv_install_handler() failed"); 63 | 64 | WRITE("starting overflow ... "); 65 | recursive(argc); 66 | return 0; 67 | } 68 | 69 | #else 70 | 71 | int main() 72 | { 73 | WRITE("starting overflow ... "); 74 | WRITE("caught segv ... "); 75 | WRITE("OVERFLOW: OK!\n"); 76 | return 0; 77 | } 78 | 79 | #endif 80 | -------------------------------------------------------------------------------- /tests/link-0.c: -------------------------------------------------------------------------------- 1 | #define FUNC link 2 | #define SFUNC "link" 3 | #define FUNC_STR "\"%s\", \"%s\"" 4 | #define FUNC_IMP oldpath, newpath 5 | #define ARG_CNT 2 6 | #define ARG_USE "(old) (new)" 7 | 8 | #define process_args() \ 9 | s = argv[i++]; \ 10 | char *oldpath = s; \ 11 | \ 12 | s = argv[i++]; \ 13 | char *newpath = s; 14 | 15 | #include "test-skel-0.c" 16 | -------------------------------------------------------------------------------- /tests/link-1.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # basic functionality check 3 | 4 | addwrite $PWD 5 | 6 | touch file || exit 1 7 | link-0 0 file link || exit 1 8 | [ -e file -a -e link ] 9 | -------------------------------------------------------------------------------- /tests/link.at: -------------------------------------------------------------------------------- 1 | SB_CHECK(1) 2 | -------------------------------------------------------------------------------- /tests/linkat-0.c: -------------------------------------------------------------------------------- 1 | #define CONFIG HAVE_LINKAT 2 | #define FUNC linkat 3 | #define SFUNC "linkat" 4 | #define FUNC_STR "%i, \"%s\", %i, \"%s\", %x" 5 | #define FUNC_IMP olddirfd, oldpath, newdirfd, newpath, flags 6 | #define ARG_CNT 5 7 | #define ARG_USE "(old) (old) (new) (new) " 8 | 9 | #define process_args() \ 10 | s = argv[i++]; \ 11 | int olddirfd = at_get_fd(s); \ 12 | \ 13 | s = argv[i++]; \ 14 | char *oldpath = s; \ 15 | \ 16 | s = argv[i++]; \ 17 | int newdirfd = at_get_fd(s); \ 18 | \ 19 | s = argv[i++]; \ 20 | char *newpath = s; \ 21 | \ 22 | s = argv[i++]; \ 23 | int flags = at_get_flags(s); 24 | 25 | #include "test-skel-0.c" 26 | -------------------------------------------------------------------------------- /tests/linkat-1.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # basic functionality check 3 | 4 | addwrite $PWD 5 | 6 | touch file || exit 1 7 | linkat-0 0 AT_FDCWD file AT_FDCWD link 0 || exit 1 8 | [ -e file -a -e link ] 9 | -------------------------------------------------------------------------------- /tests/linkat-2.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # basic functionality check (violations are caught) 3 | 4 | addwrite $PWD 5 | touch file || exit 1 6 | 7 | adddeny $PWD 8 | linkat-0 -1,EACCES AT_FDCWD file AT_FDCWD file-linked 0 || exit 1 9 | test -s sandbox.log 10 | -------------------------------------------------------------------------------- /tests/linkat.at: -------------------------------------------------------------------------------- 1 | SB_CHECK(1) 2 | SB_CHECK(2) 3 | -------------------------------------------------------------------------------- /tests/linkat_static-0.c: -------------------------------------------------------------------------------- 1 | #include "linkat-0.c" 2 | -------------------------------------------------------------------------------- /tests/linkat_static-1.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # basic functionality check 3 | [ "${at_xfail}" = "yes" ] && exit 77 # see trace-0 4 | 5 | addwrite $PWD 6 | 7 | touch file || exit 1 8 | linkat_static-0 0 AT_FDCWD file AT_FDCWD link 0 || exit 1 9 | [ -e file -a -e link ] 10 | -------------------------------------------------------------------------------- /tests/linkat_static-2.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # basic functionality check (violations are caught) 3 | [ "${at_xfail}" = "yes" ] && exit 77 # see trace-0 4 | 5 | addwrite $PWD 6 | touch file || exit 1 7 | 8 | adddeny $PWD 9 | # we cant check exit status as ptrace code kills child 10 | linkat-0 -1,EACCES AT_FDCWD file AT_FDCWD file-linked 0 #|| exit 1 11 | test -s sandbox.log 12 | -------------------------------------------------------------------------------- /tests/linkat_static.at: -------------------------------------------------------------------------------- 1 | SB_CHECK(1) 2 | SB_CHECK(2) 3 | -------------------------------------------------------------------------------- /tests/local.at: -------------------------------------------------------------------------------- 1 | dnl Start with write access to parent dir to force tests to declare 2 | dnl explicit deny paths when they want to test that behavior. That 3 | dnl way we get same result when run under an implicit write path like 4 | dnl any of the tempdirs. Same goes for predict access, but this is 5 | dnl due to the default PM test env having that predict. 6 | m4_defun([SB_RUN],[\ 7 | env \ 8 | SANDBOX_LOG="$PWD/sandbox.log" \ 9 | sandbox.sh -c \ 10 | addpredict / \; \ 11 | addwrite "${PWD%/*}" \; \ 12 | set -x \; \ 13 | ]) 14 | 15 | m4_defun([AT_SB_CHECK],[AT_CHECK([SB_RUN $1],[$2],[$3],[$4],[$5],[$6])]) 16 | 17 | m4_defun([SB_CHECK],[dnl 18 | AT_SETUP([SB_SECTION/$1]) 19 | AT_KEYWORDS([SB_SECTION]) 20 | m4_bmatch(SB_SECTION, 21 | [_static$], [AT_KEYWORDS([static])], 22 | [^script$], [], 23 | [AT_KEYWORDS([dynamic])]) 24 | AT_XFAIL_IF([( 25 | ]SB_SECTION[-0 >/dev/null ; test $? -eq 77 && exit 0 26 | if expr ]SB_SECTION[ : .*_static >/dev/null ; then 27 | trace-0 ; test $? -eq 77 && exit 0 28 | fi 29 | exit 1 30 | )]) 31 | AT_SB_CHECK( 32 | [. $abs_top_srcdir/tests/]SB_SECTION[-$1.sh], 33 | m4_ifval($4,$4,[0]), 34 | m4_ifval($2,$2,[ignore]), 35 | m4_ifval($3,$3,[ignore])) 36 | AT_CLEANUP]) 37 | -------------------------------------------------------------------------------- /tests/lremovexattr-0.c: -------------------------------------------------------------------------------- 1 | #define FUNC lremovexattr 2 | #define SFUNC "lremovexattr" 3 | #define FUNC_STR "\"%s\", \"%s\"" 4 | #define FUNC_IMP path, name 5 | #define ARG_CNT 2 6 | #define ARG_USE " " 7 | 8 | #define process_args() \ 9 | s = argv[i++]; \ 10 | char *path = s; \ 11 | \ 12 | s = argv[i++]; \ 13 | char *name = s; 14 | 15 | #include "test-skel-0.c" 16 | -------------------------------------------------------------------------------- /tests/lsetxattr-0.c: -------------------------------------------------------------------------------- 1 | #define FUNC lsetxattr 2 | #define SFUNC "lsetxattr" 3 | #define FUNC_STR "\"%s\", \"%s\", \"%s\", %zu, %i" 4 | #define FUNC_IMP path, name, value, size, flags 5 | #define ARG_CNT 5 6 | #define ARG_USE " " 7 | 8 | #define process_args() \ 9 | s = argv[i++]; \ 10 | char *path = s; \ 11 | \ 12 | s = argv[i++]; \ 13 | char *name = s; \ 14 | \ 15 | s = argv[i++]; \ 16 | char *value = s; \ 17 | \ 18 | s = argv[i++]; \ 19 | size_t size = atoi(s); \ 20 | \ 21 | s = argv[i++]; \ 22 | int flags = atoi(s); 23 | 24 | #include "test-skel-0.c" 25 | -------------------------------------------------------------------------------- /tests/lutimes-0.c: -------------------------------------------------------------------------------- 1 | #define CONFIG HAVE_LUTIMES 2 | #define FUNC lutimes 3 | #define SFUNC "lutimes" 4 | #define FUNC_STR "\"%s\", %p" 5 | #define FUNC_IMP file, times 6 | #define ARG_CNT 2 7 | #define ARG_USE " " 8 | 9 | #define process_args() \ 10 | s = argv[i++]; \ 11 | const char *file = f_get_file(s); \ 12 | \ 13 | s = argv[i++]; \ 14 | const struct timeval *times = NULL; 15 | 16 | #include "test-skel-0.c" 17 | -------------------------------------------------------------------------------- /tests/lutimes-1.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | addwrite "${PWD}" 4 | 5 | sym="lutimes-1.sym" 6 | ln -s /bad/path "${sym}" 7 | 8 | lutimes-0 0 "${sym}" NULL || exit 1 9 | lutimes-0 -1,EACCES /bin/sh NULL || exit 1 10 | -------------------------------------------------------------------------------- /tests/lutimes.at: -------------------------------------------------------------------------------- 1 | SB_CHECK(1) 2 | -------------------------------------------------------------------------------- /tests/malloc-0: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # make sure `timeout` is available. 3 | if timeout --help >/dev/null ; then 4 | exit 0 5 | else 6 | exit 77 7 | fi 8 | -------------------------------------------------------------------------------- /tests/malloc-1.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Since the malloc binary is in the target ABI, make sure the exec is 3 | # launched from the same ABI so the same libsandbox.so is used. 4 | timeout -s KILL 10 execvp-0 malloc_mmap_tst malloc_mmap_tst 5 | -------------------------------------------------------------------------------- /tests/malloc-2.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Since the malloc binary is in the target ABI, make sure the exec is 3 | # launched from the same ABI so the same libsandbox.so is used. 4 | timeout -s KILL 10 execvp-0 malloc_hooked_tst malloc_hooked_tst 5 | -------------------------------------------------------------------------------- /tests/malloc.at: -------------------------------------------------------------------------------- 1 | SB_CHECK(1) 2 | SB_CHECK(2) 3 | -------------------------------------------------------------------------------- /tests/malloc_hooked_tst.c: -------------------------------------------------------------------------------- 1 | /* Make sure programs that override malloc don't mess us up: 2 | * 3 | * libsandbox's __attribute__((constructor)) libsb_init -> 4 | * libsandbox's malloc() -> 5 | * dlsym("mmap") -> 6 | * glibc's libdl calls malloc -> 7 | * tcmalloc's internal code calls open -> 8 | * libsandbox's open wrapper is hit -> 9 | * libsandbox tries to initialize itself (since it never finished originally) -> 10 | * libsandbox's malloc() -> 11 | * dlsym() -> deadlock 12 | * https://crbug.com/586444 13 | */ 14 | 15 | #include "headers.h" 16 | 17 | static void *malloc_hook(size_t size, const void *caller) 18 | { 19 | int urandom_fd = open("/dev/urandom", O_RDONLY); 20 | close(urandom_fd); 21 | return NULL; 22 | } 23 | 24 | void *(*__malloc_hook)(size_t, const void *) = &malloc_hook; 25 | 26 | static void *thread_start(void *arg) 27 | { 28 | return arg; 29 | } 30 | 31 | int main(int argc, char *argv[]) 32 | { 33 | /* Make sure we reference some pthread symbols, although we don't 34 | * really want to execute it -- our malloc is limited. */ 35 | if (argc < 0) { 36 | pthread_t tid; 37 | pthread_create(&tid, NULL, thread_start, NULL); 38 | } 39 | 40 | /* Trigger malloc! */ 41 | if (malloc(100)) {} 42 | 43 | return 0; 44 | } 45 | -------------------------------------------------------------------------------- /tests/malloc_mmap_tst.c: -------------------------------------------------------------------------------- 1 | /* Make sure programs that override mmap don't mess us up. #290249 */ 2 | 3 | #include "headers.h" 4 | 5 | /* A few basic stubs that do nothing. */ 6 | void *mmap(void *addr, size_t length, int prot, int flags, int fd, off_t offset) 7 | { 8 | errno = ENOMEM; 9 | return MAP_FAILED; 10 | } 11 | int munmap(void *addr, size_t length) 12 | { 13 | errno = ENOMEM; 14 | return -1; 15 | } 16 | 17 | int main(int argc, char *argv[]) 18 | { 19 | /* Don't loop forever. */ 20 | alarm(10); 21 | 22 | /* Make sure we do an operation to trigger the sandbox. */ 23 | open("/dev/null", 0); 24 | 25 | return 0; 26 | } 27 | -------------------------------------------------------------------------------- /tests/mkdir-0.c: -------------------------------------------------------------------------------- 1 | #define FUNC mkdir 2 | #define SFUNC "mkdir" 3 | #define FUNC_STR "\"%s\", %o" 4 | #define FUNC_IMP path, mode 5 | #define ARG_CNT 2 6 | #define ARG_USE " " 7 | 8 | #define process_args() \ 9 | s = argv[i++]; \ 10 | char *path = s; \ 11 | \ 12 | s = argv[i++]; \ 13 | mode_t mode = sscanf_mode_t(s); 14 | 15 | #include "test-skel-0.c" 16 | -------------------------------------------------------------------------------- /tests/mkdir-1.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # make sure `mkdir` works in an unreadable dir as non-root. 3 | # based on mkdir/p-3 test from coreutils. 4 | 5 | [ ${SB_UID} -eq 0 ] && exit 77 6 | 7 | addwrite $PWD 8 | 9 | chmod -R a+rwx base 2>/dev/null 10 | rm -rf base 11 | 12 | set -e 13 | 14 | mkdir -p base/d 15 | cd base/d 16 | chmod a-r . 17 | chmod a-rx .. 18 | 19 | mkdir-0 0 a 0777 20 | mkdir-0 0 a/b 0777 21 | 22 | chmod a+rx .. 23 | chmod a+r . 24 | 25 | exit 0 26 | -------------------------------------------------------------------------------- /tests/mkdir-2.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # make sure `mkdir -p /var` does not trigger sb violations 3 | # since the paths should already exist 4 | exec mkdir-0 -1,EEXIST / 0777 5 | -------------------------------------------------------------------------------- /tests/mkdir-3.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # make sure we cannot break out via a symlink in a dir that is 3 | # otherwise not readable as non-root 4 | 5 | [ ${SB_UID} -eq 0 ] && exit 77 6 | 7 | addwrite $PWD 8 | 9 | chmod -R a+rwx base 2>/dev/null 10 | rm -rf base 11 | 12 | set -e 13 | 14 | mkdir -p base/d 15 | cd base/d 16 | chmod a-r . 17 | chmod a-rx .. 18 | ln -s / root 19 | 20 | # this should trigger a sb violation 21 | SANDBOX_PREDICT="" 22 | (mkdir-0 -1 root/aksdfjasdfjaskdfjasdfla 0777) 23 | 24 | chmod a+rx .. 25 | chmod a+r . 26 | 27 | test -s "${SANDBOX_LOG}" 28 | 29 | exit 0 30 | -------------------------------------------------------------------------------- /tests/mkdir.at: -------------------------------------------------------------------------------- 1 | SB_CHECK(1) 2 | SB_CHECK(2) 3 | SB_CHECK(3) 4 | -------------------------------------------------------------------------------- /tests/mkdir_static-0.c: -------------------------------------------------------------------------------- 1 | #include "mkdir-0.c" 2 | -------------------------------------------------------------------------------- /tests/mkdir_static-1.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # traced funcs need to go through wrapper pre-checks too #265885 3 | [ "${at_xfail}" = "yes" ] && exit 77 # see trace-0 4 | 5 | exec mkdir_static-0 -1,EEXIST / 0755 6 | -------------------------------------------------------------------------------- /tests/mkdir_static.at: -------------------------------------------------------------------------------- 1 | SB_CHECK(1) 2 | -------------------------------------------------------------------------------- /tests/mkdirat-0.c: -------------------------------------------------------------------------------- 1 | #define CONFIG HAVE_MKDIRAT 2 | #define FUNC mkdirat 3 | #define SFUNC "mkdirat" 4 | #define FUNC_STR "%i, \"%s\", %o" 5 | #define FUNC_IMP dirfd, path, mode 6 | #define ARG_CNT 3 7 | #define ARG_USE " " 8 | 9 | #define process_args() \ 10 | s = argv[i++]; \ 11 | int dirfd = at_get_fd(s); \ 12 | \ 13 | s = argv[i++]; \ 14 | char *path = s; \ 15 | \ 16 | s = argv[i++]; \ 17 | mode_t mode = sscanf_mode_t(s); 18 | 19 | #include "test-skel-0.c" 20 | -------------------------------------------------------------------------------- /tests/mkdirat-1.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # basic functionality check 3 | 4 | addwrite $PWD 5 | 6 | exec mkdirat-0 0 AT_FDCWD dir 0777 7 | -------------------------------------------------------------------------------- /tests/mkdirat-2.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # verify dirfd handling in pre-checks #342983 3 | 4 | addwrite $PWD 5 | 6 | # create a dir named "one" in $PWD, then try to create 7 | # a dir named "one" in "one/". so ultimately we will 8 | # have "one/one/". if the dirfd is ignored, sandbox 9 | # will return too soon saying "one" already exists. 10 | mkdir one 11 | exec mkdirat-0 0 one:O_DIRECTORY one 0 12 | -------------------------------------------------------------------------------- /tests/mkdirat-3.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # verify mkdirat("") returns ENOENT in various ways #346929 3 | 4 | set -e 5 | mkdirat-0 -1,ENOENT .:O_DIRECTORY '' 0 6 | 7 | mkdirat-0 -1,ENOENT .:O_DIRECTORY 'foo/..' 0 8 | 9 | mkdirat-0 -1,ENOENT -3 '' 0 10 | -------------------------------------------------------------------------------- /tests/mkdirat.at: -------------------------------------------------------------------------------- 1 | SB_CHECK(1) 2 | SB_CHECK(2) 3 | SB_CHECK(3) 4 | -------------------------------------------------------------------------------- /tests/mkdtemp-0.c: -------------------------------------------------------------------------------- 1 | #define CONFIG HAVE_MKDTEMP 2 | #define FUNC mkdtemp 3 | #define SFUNC "mkdtemp" 4 | #define FUNC_STR "\"%s\"" 5 | #define FUNC_IMP template 6 | #define ARG_CNT 1 7 | #define ARG_USE "