diff options
| author |   Martin Schlemmer <azarah@gentoo.org> | 2005-03-02 09:04:45 +0000 |
|---|---|---|
| committer | Martin Schlemmer <azarah@gentoo.org> | 2005-03-02 09:04:45 +0000 |
| commit | 6cf5c3ca64e594bf068ac11bb0c5bb35904706d7 (patch) | |
| tree | 3f4cf5532c52804cecd9f53f02a134938db2565e | |
| parent | Fix inverse test logic in canonicalize.c, use a strncpy. Fix gcc warning in (diff) | |
| download | sandbox-6cf5c3ca64e594bf068ac11bb0c5bb35904706d7.tar.gz sandbox-6cf5c3ca64e594bf068ac11bb0c5bb35904706d7.tar.bz2 sandbox-6cf5c3ca64e594bf068ac11bb0c5bb35904706d7.zip | |
White space fixes.
Signed-off-by: Martin Schlemmer <azarah@gentoo.org>
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | Makefile.am | 4 | ||||
| -rw-r--r-- | canonicalize.c | 8 | ||||
| -rw-r--r-- | getcwd.c | 71 | ||||
| -rw-r--r-- | libsandbox.c | 380 | ||||
| -rw-r--r-- | sandbox.c | 165 | ||||
| -rw-r--r-- | sandbox.h | 2 | ||||
| -rw-r--r-- | sandbox_futils.c | 178 |
8 files changed, 344 insertions, 470 deletions
@@ -3,7 +3,11 @@ # $Header$ 02 May 2005; Martin Schlemmer <azarah@gentoo.org> Makefile.am, canonicalize.c, - configure.in getcwd.c libsandbox.c symbols.in: + getcwd.c, libsandbox.c, sandbox.c, sandbox.h, sandbox_futils.c: + White space fixes. + + 02 May 2005; Martin Schlemmer <azarah@gentoo.org> Makefile.am, canonicalize.c, + configure.in, getcwd.c, libsandbox.c, symbols.in: Fix inverse test logic in canonicalize.c, use a strncpy. Fix gcc warning in getcwd.c. Add symbols.in and logic to Makefile.am to generate symbol versions for glibc and other libc's that use this. Update libsandbox.c to use these diff --git a/Makefile.am b/Makefile.am index c351917..17158c7 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,5 +1,5 @@ AUTOMAKE_OPTIONS = dist-bzip2 no-dist-gzip -EXTRA_DIST = sandbox.bashrc canonicalize.c libctest.c +EXTRA_DIST = sandbox.bashrc canonicalize.c libctest.c CLEANFILES = symbols.h AM_CPPFLAGS = -D_GNU_SOURCE -DPIC -fPIC -D_REENTRANT \ @@ -9,7 +9,7 @@ AM_CPPFLAGS = -D_GNU_SOURCE -DPIC -fPIC -D_REENTRANT \ dist_pkgdata_DATA = sandbox.bashrc -lib_LTLIBRARIES = libsandbox.la +lib_LTLIBRARIES = libsandbox.la nodist_EXTRA_libsandbox_la_SOURCES = symbols.h libsandbox_la_SOURCES = libsandbox.c sandbox_futils.c localdecls.h libsandbox_la_LDFLAGS = -Wc,-nostdlib -Wc,-nodefaultlibs -lc -ldl diff --git a/canonicalize.c b/canonicalize.c index bdc8141..79a8323 100644 --- a/canonicalize.c +++ b/canonicalize.c @@ -46,7 +46,7 @@ returns the name in RESOLVED. If the name cannot be resolved and RESOLVED is non-NULL, it contains the path of the first component that cannot be resolved. If the path can be resolved, RESOLVED - holds the same value as the value returned. */ + holds the same value as the value returned. */ /* Modified: 19 Aug 2002; Martin Schlemmer <azarah@gentoo.org> * @@ -56,7 +56,7 @@ * */ -char * +static char * erealpath(const char *name, char *resolved) { char *rpath, *dest; @@ -65,7 +65,7 @@ erealpath(const char *name, char *resolved) if (name == NULL) { /* As per Single Unix Specification V2 we must return an error if - either parameter is a null pointer. We extend this to allow + either parameter is a null pointer. We extend this to allow the RESOLVED parameter to be NULL in case the we are expected to allocate the room for the return value. */ __set_errno(EINVAL); @@ -110,7 +110,7 @@ erealpath(const char *name, char *resolved) while (*start == '/') ++start; - /* Find end of path component. */ + /* Find end of path component. */ for (end = start; *end && *end != '/'; ++end) /* Nothing. */ ; @@ -31,7 +31,7 @@ /* Modified: 26 July 2003; Martin Schlemmer <azarah@gentoo.org> * - * Cleaned up unneeded stuff. Add a wrapper to try and detect when + * Cleaned up unneeded stuff. Add a wrapper to try and detect when * we have a kernel whose getcwd system call do not handle directory * names longer than PATH_MAX, and if so, use our generic version. * To work truly with > PATH_MAX lengh CWDs, I had to increase the @@ -66,16 +66,16 @@ extern int errno; # define __set_errno(val) errno = (val) #endif -#ifndef NULL +#ifndef NULL # define NULL 0 #endif #if defined USGr3 && !defined DIRENT # define DIRENT -#endif /* USGr3 */ +#endif /* USGr3 */ #if defined Xenix && !defined SYSNDIR # define SYSNDIR -#endif /* Xenix */ +#endif /* Xenix */ #if defined POSIX || defined DIRENT || defined __GNU_LIBRARY__ # include <dirent.h> @@ -85,20 +85,20 @@ extern int errno; # define HAVE_D_NAMLEN # define D_NAMLEN(d) ((d)->d_namlen) # endif -#else /* not POSIX or DIRENT */ +#else /* not POSIX or DIRENT */ # define dirent direct # define D_NAMLEN(d) ((d)->d_namlen) # define HAVE_D_NAMLEN # if defined USG && !defined sgi # if defined SYSNDIR # include <sys/ndir.h> -# else /* Not SYSNDIR */ +# else /* Not SYSNDIR */ # include "ndir.h" -# endif /* SYSNDIR */ -# else /* not USG */ +# endif /* SYSNDIR */ +# else /* not USG */ # include <sys/dir.h> -# endif /* USG */ -#endif /* POSIX or DIRENT or __GNU_LIBRARY__ */ +# endif /* USG */ +#endif /* POSIX or DIRENT or __GNU_LIBRARY__ */ #if defined HAVE_UNISTD_H || defined __GNU_LIBRARY__ # include <unistd.h> @@ -108,9 +108,9 @@ extern int errno; # include <stdlib.h> # include <string.h> # define ANSI_STRING -#else /* No standard headers. */ +#else /* No standard headers. */ -# ifdef USG +# ifdef USG # include <string.h> # ifdef NEED_MEMORY_H @@ -118,13 +118,13 @@ extern int errno; # endif # define ANSI_STRING -# else /* Not USG. */ +# else /* Not USG. */ # ifdef NeXT # include <string.h> -# else /* Not NeXT. */ +# else /* Not NeXT. */ # include <strings.h> @@ -138,19 +138,19 @@ extern void bzero(); extern void bcopy(); # endif -# endif /* NeXT. */ +# endif /* NeXT. */ -# endif /* USG. */ +# endif /* USG. */ extern char *malloc(), *realloc(); extern void free(); -#endif /* Standard headers. */ +#endif /* Standard headers. */ -#ifndef ANSI_STRING +#ifndef ANSI_STRING # define memcpy(d, s, n) bcopy((s), (d), (n)) # define memmove memcpy -#endif /* Not ANSI_STRING. */ +#endif /* Not ANSI_STRING. */ #ifndef MAX # define MAX(a, b) ((a) < (b) ? (b) : (a)) @@ -165,18 +165,18 @@ extern void free(); #if !defined __alloca && !defined __GNU_LIBRARY__ -# ifdef __GNUC__ +# ifdef __GNUC__ # undef alloca # define alloca(n) __builtin_alloca (n) -# else /* Not GCC. */ +# else /* Not GCC. */ # if defined sparc || defined HAVE_ALLOCA_H # include <alloca.h> -# else /* Not sparc or HAVE_ALLOCA_H. */ +# else /* Not sparc or HAVE_ALLOCA_H. */ # ifndef _AIX extern char *alloca(); -# endif /* Not _AIX. */ -# endif /* sparc or HAVE_ALLOCA_H. */ -# endif /* GCC. */ +# endif /* Not _AIX. */ +# endif /* sparc or HAVE_ALLOCA_H. */ +# endif /* GCC. */ # define __alloca alloca @@ -189,7 +189,7 @@ extern char *alloca(); #endif #ifndef PATH_MAX -# ifdef MAXPATHLEN +# ifdef MAXPATHLEN # define PATH_MAX MAXPATHLEN # else # define PATH_MAX 1024 @@ -197,8 +197,8 @@ extern char *alloca(); #endif #if !defined STDC_HEADERS && !defined __GNU_LIBRARY__ -# undef size_t -# define size_t unsigned int +# undef size_t +# define size_t unsigned int #endif #if !__STDC__ && !defined const @@ -225,7 +225,7 @@ extern char *alloca(); /* Get the pathname of the current working directory, and put it in SIZE bytes of BUF. Returns NULL if the directory couldn't be determined or - SIZE was too small. If successful, returns BUF. In GNU, if BUF is + SIZE was too small. If successful, returns BUF. In GNU, if BUF is NULL, an array is allocated with `malloc'; the array is SIZE bytes long, unless SIZE == 0, in which case it is as big as necessary. */ @@ -385,7 +385,7 @@ size_t size; char name[dotlist + dotsize - dotp + 1 + _D_ALLOC_NAMLEN(d)]; #ifdef HAVE_MEMPCPY char *tmp = mempcpy(name, dotp, - dotlist + dotsize - dotp); + dotlist + dotsize - dotp); *tmp++ = '/'; strcpy(tmp, d->d_name); #else @@ -434,10 +434,9 @@ size_t size; /* Move current contents up to the end of the buffer. This is guaranteed to be non-overlapping. */ - pathp = - memcpy(tmp + allocated - - (path + oldsize - pathp), - tmp + (pathp - path), path + oldsize - pathp); + pathp = memcpy(tmp + allocated - + (path + oldsize - pathp), + tmp + (pathp - path), path + oldsize - pathp); path = tmp; } } @@ -459,7 +458,7 @@ size_t size; memmove(path, pathp, path + allocated - pathp); - /* Restore errno on successful return. */ + /* Restore errno on successful return. */ __set_errno(prev_errno); return path; @@ -505,4 +504,4 @@ size_t size; return tmpbuf; } -// vim:expandtab noai:cindent ai +// vim:noexpandtab noai:cindent ai diff --git a/libsandbox.c b/libsandbox.c index 3b8b364..89689ff 100644 --- a/libsandbox.c +++ b/libsandbox.c @@ -83,13 +83,13 @@ /* Macros to check if a function should be executed */ #define FUNCTION_SANDBOX_SAFE(func, path) \ - ((0 == is_sandbox_on()) || (1 == before_syscall(func, path))) + ((0 == is_sandbox_on()) || (1 == before_syscall(func, path))) #define FUNCTION_SANDBOX_SAFE_INT(func, path, flags) \ - ((0 == is_sandbox_on()) || (1 == before_syscall_open_int(func, path, flags))) + ((0 == is_sandbox_on()) || (1 == before_syscall_open_int(func, path, flags))) #define FUNCTION_SANDBOX_SAFE_CHAR(func, path, mode) \ - ((0 == is_sandbox_on()) || (1 == before_syscall_open_char(func, path, mode))) + ((0 == is_sandbox_on()) || (1 == before_syscall_open_char(func, path, mode))) /* Macro to check if a wrapper is defined, if not * then try to resolve it again. */ @@ -251,13 +251,13 @@ static void *get_dlsym(const char *symname, const char *symver) if (NULL == libc_handle) { #ifdef BROKEN_RTLD_NEXT - libc_handle = dlopen(LIBC_VERSION, RTLD_LAZY); + libc_handle = dlopen(LIBC_VERSION, RTLD_LAZY); if (!libc_handle) { printf("libsandbox.so: Can't dlopen libc: %s\n", dlerror()); abort(); } #else - libc_handle = RTLD_NEXT; + libc_handle = RTLD_NEXT; #endif } @@ -275,7 +275,7 @@ static void *get_dlsym(const char *symname, const char *symver) void __attribute__ ((destructor)) my_fini(void) { - free(sandbox_pids_file); + free(sandbox_pids_file); } void __attribute__ ((constructor)) my_init(void) @@ -291,7 +291,7 @@ void __attribute__ ((constructor)) my_init(void) /* Get the path and name to this library */ tmp_string = get_sandbox_lib("/"); - strncpy(sandbox_lib, tmp_string, sizeof(sandbox_lib)-1); + strncpy(sandbox_lib, tmp_string, sizeof(sandbox_lib) - 1); if (tmp_string) free(tmp_string); tmp_string = NULL; @@ -302,10 +302,7 @@ void __attribute__ ((constructor)) my_init(void) errno = old_errno; } - - -static int -canonicalize(const char *path, char *resolved_path) +static int canonicalize(const char *path, char *resolved_path) { int old_errno = errno; char *retval; @@ -379,8 +376,7 @@ int chmod(const char *path, mode_t mode) return result; } -int -chown(const char *path, uid_t owner, gid_t group) +int chown(const char *path, uid_t owner, gid_t group) { int result = -1; char canonic[SB_PATH_MAX]; @@ -396,8 +392,7 @@ chown(const char *path, uid_t owner, gid_t group) return result; } -int -creat(const char *pathname, mode_t mode) +int creat(const char *pathname, mode_t mode) { /* Is it a system call? */ int result = -1; @@ -414,8 +409,7 @@ creat(const char *pathname, mode_t mode) return result; } -FILE * -fopen(const char *pathname, const char *mode) +FILE *fopen(const char *pathname, const char *mode) { FILE *result = NULL; char canonic[SB_PATH_MAX]; @@ -431,8 +425,7 @@ fopen(const char *pathname, const char *mode) return result; } -int -lchown(const char *path, uid_t owner, gid_t group) +int lchown(const char *path, uid_t owner, gid_t group) { int result = -1; char canonic[SB_PATH_MAX]; @@ -448,8 +441,7 @@ lchown(const char *path, uid_t owner, gid_t group) return result; } -int -link(const char *oldpath, const char *newpath) +int link(const char *oldpath, const char *newpath) { int result = -1; char old_canonic[SB_PATH_MAX], new_canonic[SB_PATH_MAX]; @@ -466,8 +458,7 @@ link(const char *oldpath, const char *newpath) return result; } -int -mkdir(const char *pathname, mode_t mode) +int mkdir(const char *pathname, mode_t mode) // returns 0 success, or -1 if an error occurred { int result = -1, my_errno = errno; @@ -479,7 +470,7 @@ mkdir(const char *pathname, mode_t mode) /* Check if the directory exist, return EEXIST rather than failing */ if (0 == lstat(canonic, &st)) { errno = EEXIST; - return -1; + return -1; } errno = my_errno; @@ -492,8 +483,7 @@ mkdir(const char *pathname, mode_t mode) return result; } -DIR * -opendir(const char *name) +DIR *opendir(const char *name) { DIR *result = NULL; char canonic[SB_PATH_MAX]; @@ -511,8 +501,7 @@ opendir(const char *name) #ifdef WRAP_MKNOD -int -__xmknod(const char *pathname, mode_t mode, dev_t dev) +int __xmknod(const char *pathname, mode_t mode, dev_t dev) { int result = -1; char canonic[SB_PATH_MAX]; @@ -530,8 +519,7 @@ __xmknod(const char *pathname, mode_t mode, dev_t dev) #endif -int -open(const char *pathname, int flags, ...) +int open(const char *pathname, int flags, ...) { /* Eventually, there is a third parameter: it's mode_t mode */ va_list ap; @@ -559,8 +547,7 @@ open(const char *pathname, int flags, ...) return result; } -int -rename(const char *oldpath, const char *newpath) +int rename(const char *oldpath, const char *newpath) { int result = -1; char old_canonic[SB_PATH_MAX], new_canonic[SB_PATH_MAX]; @@ -569,7 +556,7 @@ rename(const char *oldpath, const char *newpath) canonicalize_int(newpath, new_canonic); if (FUNCTION_SANDBOX_SAFE("rename", old_canonic) && - FUNCTION_SANDBOX_SAFE("rename", new_canonic)) { + FUNCTION_SANDBOX_SAFE("rename", new_canonic)) { check_dlsym(rename); result = true_rename(oldpath, newpath); } @@ -577,8 +564,7 @@ rename(const char *oldpath, const char *newpath) return result; } -int -rmdir(const char *pathname) +int rmdir(const char *pathname) { int result = -1; char canonic[SB_PATH_MAX]; @@ -594,8 +580,7 @@ rmdir(const char *pathname) return result; } -int -symlink(const char *oldpath, const char *newpath) +int symlink(const char *oldpath, const char *newpath) { int result = -1; char old_canonic[SB_PATH_MAX], new_canonic[SB_PATH_MAX]; @@ -612,8 +597,7 @@ symlink(const char *oldpath, const char *newpath) return result; } -int -truncate(const char *path, TRUNCATE_T length) +int truncate(const char *path, TRUNCATE_T length) { int result = -1; char canonic[SB_PATH_MAX]; @@ -629,8 +613,7 @@ truncate(const char *path, TRUNCATE_T length) return result; } -int -unlink(const char *pathname) +int unlink(const char *pathname) { int result = -1; char canonic[SB_PATH_MAX]; @@ -648,8 +631,7 @@ unlink(const char *pathname) #if (GLIBC_MINOR >= 1) -int -creat64(const char *pathname, __mode_t mode) +int creat64(const char *pathname, __mode_t mode) { /* Is it a system call? */ int result = -1; @@ -666,8 +648,7 @@ creat64(const char *pathname, __mode_t mode) return result; } -FILE * -fopen64(const char *pathname, const char *mode) +FILE *fopen64(const char *pathname, const char *mode) { FILE *result = NULL; char canonic[SB_PATH_MAX]; @@ -677,14 +658,13 @@ fopen64(const char *pathname, const char *mode) if FUNCTION_SANDBOX_SAFE_CHAR ("fopen64", canonic, mode) { check_dlsym(fopen64); - result = true_fopen(pathname, mode); + result = true_fopen64(pathname, mode); } return result; } -int -open64(const char *pathname, int flags, ...) +int open64(const char *pathname, int flags, ...) { /* Eventually, there is a third parameter: it's mode_t mode */ va_list ap; @@ -709,8 +689,7 @@ open64(const char *pathname, int flags, ...) return result; } -int -truncate64(const char *path, __off64_t length) +int truncate64(const char *path, __off64_t length) { int result = -1; char canonic[SB_PATH_MAX]; @@ -726,14 +705,13 @@ truncate64(const char *path, __off64_t length) return result; } -#endif /* GLIBC_MINOR >= 1 */ +#endif /* GLIBC_MINOR >= 1 */ /* * Exec Wrappers */ -int -execve(const char *filename, char *const argv[], char *const envp[]) +int execve(const char *filename, char *const argv[], char *const envp[]) { int old_errno = errno; int result = -1; @@ -765,20 +743,20 @@ execve(const char *filename, char *const argv[], char *const envp[]) /* Or LD_PRELOAD is not set, and this is the last loop */ ((strstr(envp[count], "LD_PRELOAD=") != envp[count]) && (NULL == envp[count + 1]))) { - int i = 0; + int i = 0; int add_ldpreload = 0; const int max_envp_len = strlen(envp[count]) + strlen(sandbox_lib) + 1; - /* Fail safe ... */ - if (max_envp_len > 4096) { - fprintf(stderr, "sandbox: max_envp_len too big!\n"); - errno = ENOMEM; - return result; - } + /* Fail safe ... */ + if (max_envp_len > 4096) { + fprintf(stderr, "sandbox: max_envp_len too big!\n"); + errno = ENOMEM; + return result; + } - /* Calculate envp size */ + /* Calculate envp size */ my_env = (char **)envp; - do + do env_len++; while (NULL != *my_env++); @@ -787,12 +765,12 @@ execve(const char *filename, char *const argv[], char *const envp[]) add_ldpreload = 1; my_env = (char **)calloc(env_len + add_ldpreload, sizeof(char *)); - if (NULL == my_env) { - errno = ENOMEM; - return result; - } - /* Copy envp to my_env */ - do + if (NULL == my_env) { + errno = ENOMEM; + return result; + } + /* Copy envp to my_env */ + do /* Leave a space for LD_PRELOAD if needed */ my_env[i + add_ldpreload] = envp[i]; while (NULL != envp[i++]); @@ -800,19 +778,19 @@ execve(const char *filename, char *const argv[], char *const envp[]) /* Add 'LD_PRELOAD=' to the beginning of our new string */ snprintf(tmp_str, max_envp_len, "LD_PRELOAD=%s", sandbox_lib); - /* LD_PRELOAD already have variables other than sandbox_lib, - * thus we have to add sandbox_lib seperated via a whitespace. */ + /* LD_PRELOAD already have variables other than sandbox_lib, + * thus we have to add sandbox_lib seperated via a whitespace. */ if (0 == add_ldpreload) { snprintf(&(tmp_str[strlen(tmp_str)]), max_envp_len - strlen(tmp_str) + 1, " %s", &(envp[count][strlen("LD_PRELOAD=")])); - } + } - /* Valid string? */ - tmp_str[max_envp_len] = '\0'; + /* Valid string? */ + tmp_str[max_envp_len] = '\0'; - /* Ok, replace my_env[count] with our version that contains - * sandbox_lib ... */ + /* Ok, replace my_env[count] with our version that contains + * sandbox_lib ... */ if (1 == add_ldpreload) /* We reserved a space for LD_PRELOAD above */ my_env[0] = tmp_str; @@ -835,7 +813,7 @@ execve(const char *filename, char *const argv[], char *const envp[]) free(my_env); my_env = NULL; } - } + } errno = old_errno; @@ -852,8 +830,7 @@ execve(const char *filename, char *const argv[], char *const envp[]) * (not really needed, but good example) */ extern int fclose(FILE *); static int (*true_fclose) (FILE *) = NULL; -int -fclose(FILE * file) +int fclose(FILE * file) { int result = -1; @@ -863,10 +840,9 @@ fclose(FILE * file) return result; } -#endif /* GLIBC_MINOR == 1 */ +#endif /* GLIBC_MINOR == 1 */ -static void -init_context(sbcontext_t * context) +static void init_context(sbcontext_t * context) { context->show_access_violation = 1; context->deny_prefixes = NULL; @@ -881,8 +857,7 @@ init_context(sbcontext_t * context) context->num_write_denied_prefixes = 0; } -static int -is_sandbox_pid() +static int is_sandbox_pid() { int old_errno = errno; int result = 0; @@ -924,8 +899,7 @@ is_sandbox_pid() return result; } -static void -clean_env_entries(char ***prefixes_array, int *prefixes_num) +static void clean_env_entries(char ***prefixes_array, int *prefixes_num) { int old_errno = errno; int i = 0; @@ -946,16 +920,13 @@ clean_env_entries(char ***prefixes_array, int *prefixes_num) errno = old_errno; } -static void -init_env_entries(char ***prefixes_array, int *prefixes_num, char *env, int warn) +static void init_env_entries(char ***prefixes_array, int *prefixes_num, char *env, int warn) { int old_errno = errno; char *prefixes_env = getenv(env); if (NULL == prefixes_env) { - fprintf(stderr, - "Sandbox error : the %s environmental variable should be defined.\n", - env); + fprintf(stderr, "Sandbox error : the %s environmental variable should be defined.\n", env); } else { char *buffer = NULL; int prefixes_env_length = strlen(prefixes_env); @@ -971,8 +942,7 @@ init_env_entries(char ***prefixes_array, int *prefixes_num, char *env, int warn) } if (num_delimiters > 0) { - *prefixes_array = - (char **) malloc((num_delimiters + 1) * sizeof (char *)); + *prefixes_array = (char **)malloc((num_delimiters + 1) * sizeof(char *)); buffer = strndupa(prefixes_env, prefixes_env_length); #ifdef REENTRANT_STRTOK @@ -996,7 +966,7 @@ init_env_entries(char ***prefixes_array, int *prefixes_num, char *env, int warn) prefix = NULL; } } else if (prefixes_env_length > 0) { - (*prefixes_array) = (char **) malloc(sizeof (char *)); + (*prefixes_array) = (char **)malloc(sizeof(char *)); (*prefixes_array)[(*prefixes_num)++] = filter_path(prefixes_env); } @@ -1005,11 +975,10 @@ init_env_entries(char ***prefixes_array, int *prefixes_num, char *env, int warn) errno = old_errno; } -static char * -filter_path(const char *path) +static char *filter_path(const char *path) { int old_errno = errno; - char *filtered_path = (char *) malloc(SB_PATH_MAX * sizeof (char)); + char *filtered_path = (char *)malloc(SB_PATH_MAX * sizeof(char)); canonicalize_ptr(path, filtered_path); @@ -1018,8 +987,7 @@ filter_path(const char *path) return filtered_path; } -static int -check_access(sbcontext_t * sbcontext, const char *func, const char *path) +static int check_access(sbcontext_t * sbcontext, const char *func, const char *path) { int old_errno = errno; int result = -1; @@ -1036,8 +1004,8 @@ check_access(sbcontext_t * sbcontext, const char *func, const char *path) return 0; } - if ((0 == strncmp(filtered_path, "/etc/ld.so.preload", 18)) - && (is_sandbox_pid())) { + if ((0 == strncmp(filtered_path, "/etc/ld.so.preload", 18)) && + (is_sandbox_pid())) { result = 1; } @@ -1046,9 +1014,8 @@ check_access(sbcontext_t * sbcontext, const char *func, const char *path) for (i = 0; i < sbcontext->num_deny_prefixes; i++) { if (NULL != sbcontext->deny_prefixes[i]) { if (0 == strncmp(filtered_path, - sbcontext-> - deny_prefixes[i], - strlen(sbcontext->deny_prefixes[i]))) { + sbcontext->deny_prefixes[i], + strlen(sbcontext->deny_prefixes[i]))) { result = 0; break; } @@ -1058,61 +1025,54 @@ check_access(sbcontext_t * sbcontext, const char *func, const char *path) if (-1 == result) { if ((NULL != sbcontext->read_prefixes) && - ((0 == strncmp(func, "open_rd", 7)) || - (0 == strncmp(func, "popen", 5)) || - (0 == strncmp(func, "opendir", 7)) || - (0 == strncmp(func, "system", 6)) || - (0 == strncmp(func, "execl", 5)) || - (0 == strncmp(func, "execlp", 6)) || - (0 == strncmp(func, "execle", 6)) || - (0 == strncmp(func, "execv", 5)) || - (0 == strncmp(func, "execvp", 6)) || - (0 == strncmp(func, "execve", 6)) - ) - ) { + ((0 == strncmp(func, "open_rd", 7)) || + (0 == strncmp(func, "popen", 5)) || + (0 == strncmp(func, "opendir", 7)) || + (0 == strncmp(func, "system", 6)) || + (0 == strncmp(func, "execl", 5)) || + (0 == strncmp(func, "execlp", 6)) || + (0 == strncmp(func, "execle", 6)) || + (0 == strncmp(func, "execv", 5)) || + (0 == strncmp(func, "execvp", 6)) || + (0 == strncmp(func, "execve", 6)))) { for (i = 0; i < sbcontext->num_read_prefixes; i++) { if (NULL != sbcontext->read_prefixes[i]) { if (0 == strncmp(filtered_path, - sbcontext-> - read_prefixes[i], - strlen(sbcontext->read_prefixes[i]))) { + sbcontext->read_prefixes[i], + strlen(sbcontext->read_prefixes[i]))) { result = 1; break; } } } } else if ((NULL != sbcontext->write_prefixes) && - ((0 == strncmp(func, "open_wr", 7)) || - (0 == strncmp(func, "creat", 5)) || - (0 == strncmp(func, "creat64", 7)) || - (0 == strncmp(func, "mkdir", 5)) || - (0 == strncmp(func, "mknod", 5)) || - (0 == strncmp(func, "mkfifo", 6)) || - (0 == strncmp(func, "link", 4)) || - (0 == strncmp(func, "symlink", 7)) || - (0 == strncmp(func, "rename", 6)) || - (0 == strncmp(func, "utime", 5)) || - (0 == strncmp(func, "utimes", 6)) || - (0 == strncmp(func, "unlink", 6)) || - (0 == strncmp(func, "rmdir", 5)) || - (0 == strncmp(func, "chown", 5)) || - (0 == strncmp(func, "lchown", 6)) || - (0 == strncmp(func, "chmod", 5)) || - (0 == strncmp(func, "truncate", 8)) || - (0 == strncmp(func, "ftruncate", 9)) || - (0 == strncmp(func, "truncate64", 10)) || - (0 == strncmp(func, "ftruncate64", 11)) - ) - ) { + ((0 == strncmp(func, "open_wr", 7)) || + (0 == strncmp(func, "creat", 5)) || + (0 == strncmp(func, "creat64", 7)) || + (0 == strncmp(func, "mkdir", 5)) || + (0 == strncmp(func, "mknod", 5)) || + (0 == strncmp(func, "mkfifo", 6)) || + (0 == strncmp(func, "link", 4)) || + (0 == strncmp(func, "symlink", 7)) || + (0 == strncmp(func, "rename", 6)) || + (0 == strncmp(func, "utime", 5)) || + (0 == strncmp(func, "utimes", 6)) || + (0 == strncmp(func, "unlink", 6)) || + (0 == strncmp(func, "rmdir", 5)) || + (0 == strncmp(func, "chown", 5)) || + (0 == strncmp(func, "lchown", 6)) || + (0 == strncmp(func, "chmod", 5)) || + (0 == strncmp(func, "truncate", 8)) || + (0 == strncmp(func, "ftruncate", 9)) || + (0 == strncmp(func, "truncate64", 10)) || + (0 == strncmp(func, "ftruncate64", 11)))) { struct stat tmp_stat; for (i = 0; i < sbcontext->num_write_denied_prefixes; i++) { if (NULL != sbcontext->write_denied_prefixes[i]) { - if (0 == - strncmp(filtered_path, - sbcontext-> - write_denied_prefixes - [i], strlen(sbcontext->write_denied_prefixes[i]))) { + if (0 == strncmp(filtered_path, + sbcontext->write_denied_prefixes[i], + strlen(sbcontext->write_denied_prefixes[i]))) { result = 0; break; } @@ -1122,9 +1082,7 @@ check_access(sbcontext_t * sbcontext, const char *func, const char *path) if (-1 == result) { for (i = 0; i < sbcontext->num_write_prefixes; i++) { if (NULL != sbcontext->write_prefixes[i]) { - if (0 == - strncmp - (filtered_path, + if (0 == strncmp(filtered_path, sbcontext->write_prefixes[i], strlen(sbcontext->write_prefixes[i]))) { result = 1; @@ -1145,11 +1103,8 @@ check_access(sbcontext_t * sbcontext, const char *func, const char *path) if (-1 == result) { for (i = 0; i < sbcontext->num_predict_prefixes; i++) { if (NULL != sbcontext->predict_prefixes[i]) { - if (0 == - strncmp - (filtered_path, - sbcontext-> - predict_prefixes[i], + if (0 == strncmp(filtered_path, + sbcontext->predict_prefixes[i], strlen(sbcontext->predict_prefixes[i]))) { sbcontext->show_access_violation = 0; result = 0; @@ -1177,8 +1132,7 @@ check_access(sbcontext_t * sbcontext, const char *func, const char *path) return result; } -static int -check_syscall(sbcontext_t * sbcontext, const char *func, const char *file) +static int check_syscall(sbcontext_t * sbcontext, const char *func, const char *file) { int old_errno = errno; int result = 1; @@ -1197,12 +1151,12 @@ check_syscall(sbcontext_t * sbcontext, const char *func, const char *file) init_wrappers(); if ('/' == file[0]) { - absolute_path = (char *) malloc((strlen(file) + 1) * sizeof (char)); + absolute_path = (char *)malloc((strlen(file) + 1) * sizeof(char)); sprintf(absolute_path, "%s", file); } else { - tmp_buffer = (char *) malloc(SB_PATH_MAX * sizeof (char)); + tmp_buffer = (char *)malloc(SB_PATH_MAX * sizeof(char)); egetcwd(tmp_buffer, SB_PATH_MAX - 1); - absolute_path = (char *) malloc((strlen(tmp_buffer) + 1 + strlen(file) + 1) * sizeof (char)); + absolute_path = (char *)malloc((strlen(tmp_buffer) + 1 + strlen(file) + 1) * sizeof(char)); sprintf(absolute_path, "%s/%s", tmp_buffer, file); if (tmp_buffer) free(tmp_buffer); @@ -1214,38 +1168,27 @@ check_syscall(sbcontext_t * sbcontext, const char *func, const char *file) debug_log_path = getenv("SANDBOX_DEBUG_LOG"); if (((NULL == log_path) || - (0 != strncmp(absolute_path, log_path, strlen(log_path)))) && - ((NULL == debug_log_env) || - (NULL == debug_log_path) || - (0 != strncmp(absolute_path, debug_log_path, strlen(debug_log_path)))) - && (0 == check_access(sbcontext, func, absolute_path)) - ) { + (0 != strncmp(absolute_path, log_path, strlen(log_path)))) && + ((NULL == debug_log_env) || + (NULL == debug_log_path) || + (0 != strncmp(absolute_path, debug_log_path, strlen(debug_log_path)))) && + (0 == check_access(sbcontext, func, absolute_path))) { if (1 == sbcontext->show_access_violation) { - fprintf(stderr, - "\e[31;01mACCESS DENIED\033[0m %s:%*s%s\n", - func, (int) (10 - strlen(func)), "", absolute_path); + fprintf(stderr, "\e[31;01mACCESS DENIED\033[0m %s:%*s%s\n", + func, (int)(10 - strlen(func)), "", absolute_path); if (NULL != log_path) { - sprintf(buffer, "%s:%*s%s\n", func, (int) (10 - strlen(func)), "", - absolute_path); + sprintf(buffer, "%s:%*s%s\n", func, (int)(10 - strlen(func)), "", absolute_path); // log_path somehow gets corrupted. figuring out why would be good. dpath = strdup(log_path); - if ((0 == lstat(log_path, &log_stat)) - && (0 == S_ISREG(log_stat.st_mode)) - ) { - fprintf(stderr, - "\e[31;01mSECURITY BREACH\033[0m %s already exists and is not a regular file.\n", - dpath); + if ((0 == lstat(log_path, &log_stat)) && + (0 == S_ISREG(log_stat.st_mode))) { + fprintf(stderr, "\e[31;01mSECURITY BREACH\033[0m %s already exists and is not a regular file.\n", dpath); } else if (0 == check_access(sbcontext, "open_wr", dpath)) { unsetenv("SANDBOX_LOG"); - fprintf(stderr, - "\e[31;01mSECURITY BREACH\033[0m SANDBOX_LOG %s isn't allowed via SANDBOX_WRITE\n", - dpath); + fprintf(stderr, "\e[31;01mSECURITY BREACH\033[0m SANDBOX_LOG %s isn't allowed via SANDBOX_WRITE\n", dpath); } else { - log_file = true_open(dpath, - O_APPEND | O_WRONLY - | O_CREAT, - S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); + log_file = true_open(dpath, O_APPEND | O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); if (log_file >= 0) { write(log_file, buffer, strlen(buffer)); close(log_file); @@ -1259,27 +1202,22 @@ check_syscall(sbcontext_t * sbcontext, const char *func, const char *file) } else if (NULL != debug_log_env) { if (NULL != debug_log_path) { if (0 != strncmp(absolute_path, debug_log_path, strlen(debug_log_path))) { - sprintf(buffer, "%s:%*s%s\n", func, (int) (10 - strlen(func)), "", - absolute_path); + sprintf(buffer, "%s:%*s%s\n", func, (int)(10 - strlen(func)), "", absolute_path); //debug_log_path somehow gets corupted, same thing as log_path above. dpath = strdup(debug_log_path); if ((0 == lstat(debug_log_path, &debug_log_stat)) - && (0 == S_ISREG(debug_log_stat.st_mode)) - ) { - fprintf(stderr, - "\e[31;01mSECURITY BREACH\033[0m %s already exists and is not a regular file.\n", + && (0 == S_ISREG(debug_log_stat.st_mode))) { + fprintf(stderr, "\e[31;01mSECURITY BREACH\033[0m %s already exists and is not a regular file.\n", debug_log_path); } else if (0 == check_access(sbcontext, "open_wr", dpath)) { unsetenv("SANDBOX_DEBUG"); unsetenv("SANDBOX_DEBUG_LOG"); - fprintf(stderr, - "\e[31;01mSECURITY BREACH\033[0m SANDBOX_DEBUG_LOG %s isn't allowed by SANDBOX_WRITE.\n", + fprintf(stderr, "\e[31;01mSECURITY BREACH\033[0m SANDBOX_DEBUG_LOG %s isn't allowed by SANDBOX_WRITE.\n", dpath); - } else { - debug_log_file = - true_open(dpath, - O_APPEND | O_WRONLY | - O_CREAT, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); + } else { + debug_log_file = true_open(dpath, O_APPEND | O_WRONLY | + O_CREAT, S_IRUSR | S_IWUSR | + S_IRGRP | S_IROTH); if (debug_log_file >= 0) { write(debug_log_file, buffer, strlen(buffer)); close(debug_log_file); @@ -1288,9 +1226,8 @@ check_syscall(sbcontext_t * sbcontext, const char *func, const char *file) free(dpath); } } else { - fprintf(stderr, - "\e[32;01mACCESS ALLOWED\033[0m %s:%*s%s\n", - func, (int) (10 - strlen(func)), "", absolute_path); + fprintf(stderr, "\e[32;01mACCESS ALLOWED\033[0m %s:%*s%s\n", + func, (int)(10 - strlen(func)), "", absolute_path); } } @@ -1303,8 +1240,7 @@ check_syscall(sbcontext_t * sbcontext, const char *func, const char *file) return result; } -static int -is_sandbox_on() +static int is_sandbox_on() { int old_errno = errno; @@ -1317,26 +1253,22 @@ is_sandbox_on() * Azarah (3 Aug 2002) */ if ((NULL != getenv("SANDBOX_ON")) && - (0 == strncmp(getenv("SANDBOX_ON"), "1", 1)) && - (NULL != getenv("SANDBOX_ACTIVE")) && - (0 == strncmp(getenv("SANDBOX_ACTIVE"), "armedandready", 13)) - ) { + (0 == strncmp(getenv("SANDBOX_ON"), "1", 1)) && + (NULL != getenv("SANDBOX_ACTIVE")) && + (0 == strncmp(getenv("SANDBOX_ACTIVE"), "armedandready", 13))) { errno = old_errno; - return 1; } else { errno = old_errno; - return 0; } } -static int -before_syscall(const char *func, const char *file) +static int before_syscall(const char *func, const char *file) { int old_errno = errno; int result = 1; - sbcontext_t sbcontext; + static sbcontext_t sbcontext; if (!strlen(file)) { /* The file/directory does not exist */ @@ -1347,22 +1279,24 @@ before_syscall(const char *func, const char *file) init_context(&sbcontext); init_env_entries(&(sbcontext.deny_prefixes), - &(sbcontext.num_deny_prefixes), "SANDBOX_DENY", 1); + &(sbcontext.num_deny_prefixes), "SANDBOX_DENY", 1); init_env_entries(&(sbcontext.read_prefixes), - &(sbcontext.num_read_prefixes), "SANDBOX_READ", 1); + &(sbcontext.num_read_prefixes), "SANDBOX_READ", 1); init_env_entries(&(sbcontext.write_prefixes), - &(sbcontext.num_write_prefixes), "SANDBOX_WRITE", 1); + &(sbcontext.num_write_prefixes), "SANDBOX_WRITE", 1); init_env_entries(&(sbcontext.predict_prefixes), - &(sbcontext.num_predict_prefixes), "SANDBOX_PREDICT", 1); + &(sbcontext.num_predict_prefixes), "SANDBOX_PREDICT", 1); result = check_syscall(&sbcontext, func, file); - clean_env_entries(&(sbcontext.deny_prefixes), &(sbcontext.num_deny_prefixes)); - clean_env_entries(&(sbcontext.read_prefixes), &(sbcontext.num_read_prefixes)); + clean_env_entries(&(sbcontext.deny_prefixes), + &(sbcontext.num_deny_prefixes)); + clean_env_entries(&(sbcontext.read_prefixes), + &(sbcontext.num_read_prefixes)); clean_env_entries(&(sbcontext.write_prefixes), - &(sbcontext.num_write_prefixes)); + &(sbcontext.num_write_prefixes)); clean_env_entries(&(sbcontext.predict_prefixes), - &(sbcontext.num_predict_prefixes)); + &(sbcontext.num_predict_prefixes)); errno = old_errno; @@ -1373,8 +1307,7 @@ before_syscall(const char *func, const char *file) return result; } -static int -before_syscall_open_int(const char *func, const char *file, int flags) +static int before_syscall_open_int(const char *func, const char *file, int flags) { if ((flags & O_WRONLY) || (flags & O_RDWR)) { return before_syscall("open_wr", file); @@ -1383,12 +1316,11 @@ before_syscall_open_int(const char *func, const char *file, int flags) } } -static int -before_syscall_open_char(const char *func, const char *file, const char *mode) +static int before_syscall_open_char(const char *func, const char *file, const char *mode) { if (*mode == 'r' && ((strcmp(mode, "r") == 0) || - /* The strspn accept args are known non-writable modifiers */ - (strlen(++mode) == strspn(mode, "xbtmc")))) { + /* The strspn accept args are known non-writable modifiers */ + (strlen(++mode) == strspn(mode, "xbtmc")))) { return before_syscall("open_rd", file); } else { return before_syscall("open_wr", file); @@ -1398,4 +1330,4 @@ before_syscall_open_char(const char *func, const char *file, const char *mode) #include "getcwd.c" #include "canonicalize.c" -// vim:expandtab noai:cindent ai +// vim:noexpandtab noai:cindent ai @@ -38,9 +38,8 @@ int cleaned_up = 0; int print_debug = 0; int stop_called = 0; -/* Read pids file, and load active pids into an array. Return number of pids in array */ -int -load_active_pids(int fd, int **pids) +/* Read pids file, and load active pids into an array. Return number of pids in array */ +int load_active_pids(int fd, int **pids) { char *data = NULL; char *ptr = NULL, *ptr2 = NULL; @@ -53,7 +52,7 @@ load_active_pids(int fd, int **pids) len = file_length(fd); /* Allocate and zero datablock to read pids file */ - data = (char *) malloc((len + 1) * sizeof (char)); + data = (char *)malloc((len + 1) * sizeof(char)); memset(data, 0, len + 1); /* Start at beginning of file */ @@ -69,7 +68,7 @@ load_active_pids(int fd, int **pids) /* Find new line */ ptr2 = strchr(ptr, '\n'); if (ptr2 == NULL) - break; /* No more PIDs */ + break; /* No more PIDs */ /* Clear the \n. And ptr should have a null-terminated decimal string */ ptr2[0] = 0; @@ -78,7 +77,7 @@ load_active_pids(int fd, int **pids) /* If the PID is still alive, add it to our array */ if ((0 != my_pid) && (0 == kill(my_pid, 0))) { - pids[0] = (int *) realloc(pids[0], (num_pids + 1) * sizeof (int)); + pids[0] = (int *)realloc(pids[0], (num_pids + 1) * sizeof(int)); pids[0][num_pids] = my_pid; num_pids++; } @@ -95,8 +94,7 @@ load_active_pids(int fd, int **pids) } /* Read ld.so.preload file, and loads dirs into an array. Return number of entries in array */ -int -load_preload_libs(int fd, char ***preloads) +int load_preload_libs(int fd, char ***preloads) { char *data = NULL; char *ptr = NULL, *ptr2 = NULL; @@ -108,7 +106,7 @@ load_preload_libs(int fd, char ***preloads) len = file_length(fd); /* Allocate and zero datablock to read pids file */ - data = (char *) malloc((len + 1) * sizeof (char)); + data = (char *)malloc((len + 1) * sizeof(char)); memset(data, 0, len + 1); /* Start at beginning of file */ @@ -133,14 +131,13 @@ load_preload_libs(int fd, char ***preloads) /* If listing does not match our libname, add it to the array */ if ((strlen(ptr)) && (NULL == strstr(ptr, LIB_NAME))) { - preloads[0] = - (char **) realloc(preloads[0], (num_entries + 1) * sizeof (char **)); + preloads[0] = (char **)realloc(preloads[0], (num_entries + 1) * sizeof(char **)); preloads[0][num_entries] = strdup(ptr); num_entries++; } if (NULL == ptr2) - break; /* No more PIDs */ + break; /* No more PIDs */ /* Put ptr past the NULL we just wrote */ ptr = ptr2 + 1; @@ -153,8 +150,7 @@ load_preload_libs(int fd, char ***preloads) return num_entries; } -void -cleanup() +void cleanup() { int i = 0; int success = 1; @@ -221,10 +217,7 @@ cleanup() if (num_of_preloads > 0) { for (i = 0; i < num_of_preloads; i++) { sprintf(preload_entry, "%s\n", preload_array[i]); - if (write - (preload_file, - preload_entry, - strlen(preload_entry)) != strlen(preload_entry)) { + if (write(preload_file, preload_entry, strlen(preload_entry)) != strlen(preload_entry)) { perror(">>> /etc/ld.so.preload file write"); success = 0; break; @@ -256,8 +249,7 @@ cleanup() if (pids_array[i] != getpid()) { sprintf(pid_string, "%d\n", pids_array[i]); - if (write(pids_file, pid_string, strlen(pid_string)) != - strlen(pid_string)) { + if (write(pids_file, pid_string, strlen(pid_string)) != strlen(pid_string)) { perror(">>> pids file write"); success = 0; break; @@ -286,38 +278,35 @@ cleanup() return; } -void -stop(int signum) +void stop(int signum) { if (stop_called == 0) { stop_called = 1; printf("Caught signal %d in pid %d\r\n", signum, getpid()); - cleanup(); + cleanup(); } else { fprintf(stderr, "Pid %d alreadly caught signal and is still cleaning up\n", getpid()); } } -void -setenv_sandbox_write(char *home_dir, char *portage_tmp_dir, char *var_tmp_dir, - char *tmp_dir) +void setenv_sandbox_write(char *home_dir, char *portage_tmp_dir, char *var_tmp_dir, char *tmp_dir) { char buf[1024]; - + /* bzero out entire buffer then append trailing 0 */ memset(buf, 0, sizeof(buf)); if (!getenv(ENV_SANDBOX_WRITE)) { /* these could go into make.globals later on */ snprintf(buf, sizeof(buf), - "%s:%s/.gconfd/lock:%s/.bash_history:", \ - "/dev/zero:/dev/fd/:/dev/null:/dev/pts/:" \ - "/dev/vc/:/dev/tty:/tmp/:" \ - "/dev/shm/ngpt:/var/log/scrollkeeper.log:" \ - "/usr/tmp/conftest:/usr/lib/conftest:" \ - "/usr/lib32/conftest:/usr/lib64/conftest:" \ - "/usr/tmp/cf:/usr/lib/cf:/usr/lib32/cf:/usr/lib64/cf", - home_dir, home_dir); + "%s:%s/.gconfd/lock:%s/.bash_history:", + "/dev/zero:/dev/fd/:/dev/null:/dev/pts/:" + "/dev/vc/:/dev/tty:/tmp/:" + "/dev/shm/ngpt:/var/log/scrollkeeper.log:" + "/usr/tmp/conftest:/usr/lib/conftest:" + "/usr/lib32/conftest:/usr/lib64/conftest:" + "/usr/tmp/cf:/usr/lib/cf:/usr/lib32/cf:/usr/lib64/cf", + home_dir, home_dir); if (NULL == portage_tmp_dir) { strncat(buf, tmp_dir, sizeof(buf)); @@ -337,8 +326,7 @@ setenv_sandbox_write(char *home_dir, char *portage_tmp_dir, char *var_tmp_dir, } } -void -setenv_sandbox_predict(char *home_dir) +void setenv_sandbox_predict(char *home_dir) { char buf[1024]; @@ -346,23 +334,22 @@ setenv_sandbox_predict(char *home_dir) if (!getenv(ENV_SANDBOX_PREDICT)) { /* these should go into make.globals later on */ - snprintf(buf, sizeof(buf), "%s/.:" \ - "/usr/lib/python2.0/:" \ - "/usr/lib/python2.1/:" \ - "/usr/lib/python2.2/:" \ - "/usr/lib/python2.3/:" \ - "/usr/lib/python2.4/:" \ - "/usr/lib/python2.5/:" \ - "/usr/lib/python3.0/:", - home_dir); + snprintf(buf, sizeof(buf), "%s/.:" + "/usr/lib/python2.0/:" + "/usr/lib/python2.1/:" + "/usr/lib/python2.2/:" + "/usr/lib/python2.3/:" + "/usr/lib/python2.4/:" + "/usr/lib/python2.5/:" + "/usr/lib/python3.0/:", + home_dir); buf[sizeof(buf) - 1] = '\0'; setenv(ENV_SANDBOX_PREDICT, buf, 1); } } -int -print_sandbox_log(char *sandbox_log) +int print_sandbox_log(char *sandbox_log) { int sandbox_log_file = -1; char *beep_count_env = NULL; @@ -375,26 +362,29 @@ print_sandbox_log(char *sandbox_log) return 0; len = file_length(sandbox_log_file); - buffer = (char *) malloc((len + 1) * sizeof (char)); + buffer = (char *)malloc((len + 1) * sizeof(char)); memset(buffer, 0, len + 1); read(sandbox_log_file, buffer, len); file_close(sandbox_log_file); - color = ( (getenv("NOCOLOR") != NULL) ? 0 : 1); + color = ((getenv("NOCOLOR") != NULL) ? 0 : 1); - if (color) printf("\e[31;01m"); + if (color) + printf("\e[31;01m"); printf("--------------------------- ACCESS VIOLATION SUMMARY ---------------------------"); - if (color) printf("\033[0m"); - if (color) printf("\e[31;01m"); + if (color) + printf("\033[0m"); + if (color) + printf("\e[31;01m"); printf("\nLOG FILE = \"%s\"", sandbox_log); - if (color) printf("\033[0m"); + if (color) + printf("\033[0m"); printf("\n\n"); printf("%s", buffer); if (buffer) free(buffer); buffer = NULL; - printf - ("\e[31;01m--------------------------------------------------------------------------------\033[0m\n"); + printf("\e[31;01m--------------------------------------------------------------------------------\033[0m\n"); beep_count_env = getenv(ENV_SANDBOX_BEEP); if (beep_count_env) @@ -410,8 +400,7 @@ print_sandbox_log(char *sandbox_log) return 1; } -int -spawn_shell(char *argv_bash[]) +int spawn_shell(char *argv_bash[]) { #ifdef USE_SYSTEM_SHELL int i = 0; @@ -425,7 +414,7 @@ spawn_shell(char *argv_bash[]) break; if (NULL != sh) len = strlen(sh); - sh = (char *) realloc(sh, len + strlen(argv_bash[i]) + 5); + sh = (char *)realloc(sh, len + strlen(argv_bash[i]) + 5); if (first) { sh[0] = 0; first = 0; @@ -472,8 +461,7 @@ spawn_shell(char *argv_bash[]) #endif } -int -main(int argc, char **argv) +int main(int argc, char **argv) { int i = 0, success = 1; #ifdef USE_LD_SO_PRELOAD @@ -513,13 +501,12 @@ main(int argc, char **argv) print_debug = 1; if (print_debug) - printf - ("========================== Gentoo linux path sandbox ===========================\n"); + printf("========================== Gentoo linux path sandbox ===========================\n"); /* check if a sandbox is already running */ if (NULL != getenv(ENV_SANDBOX_ON)) { - fprintf(stderr, - "Not launching a new sandbox instance\nAnother one is already running in this process hierarchy.\n"); + fprintf(stderr, "Not launching a new sandbox instance\n"); + fprintf(stderr, "Another one is already running in this process hierarchy.\n"); exit(1); } else { @@ -558,14 +545,12 @@ main(int argc, char **argv) #ifndef SB_HAVE_64BIT_ARCH if (file_exist(sandbox_lib, 0) <= 0) { - fprintf(stderr, "Could not open the sandbox library at '%s'.\n", - sandbox_lib); + fprintf(stderr, "Could not open the sandbox library at '%s'.\n", sandbox_lib); return -1; - } + } #endif if (file_exist(sandbox_rc, 0) <= 0) { - fprintf(stderr, "Could not open the sandbox rc file at '%s'.\n", - sandbox_rc); + fprintf(stderr, "Could not open the sandbox rc file at '%s'.\n", sandbox_rc); return -1; } #ifdef USE_LD_SO_PRELOAD @@ -584,7 +569,7 @@ main(int argc, char **argv) preload_file = file_open("/etc/ld.so.preload", "r+", 1, 0644); if (-1 == preload_file) { preload_adaptable = 0; -/* exit(1);*/ +/* exit(1);*/ } } else { /* Avoid permissions warnings if we're not root */ @@ -603,18 +588,15 @@ main(int argc, char **argv) for (i = 0; i < num_of_preloads + 1; i++) { /* First entry should be our sandbox library */ if (0 == i) { - if (write - (preload_file, sandbox_lib, - strlen(sandbox_lib)) != strlen(sandbox_lib)) { + if (write(preload_file, sandbox_lib, strlen(sandbox_lib)) != strlen(sandbox_lib)) { perror(">>> /etc/ld.so.preload file write"); success = 0; break; } } else { /* Output all other preload entries */ - if (write - (preload_file, preload_array[i - 1], - strlen(preload_array[i - 1])) != strlen(preload_array[i - 1])) { + if (write(preload_file, preload_array[i - 1], + strlen(preload_array[i - 1])) != strlen(preload_array[i - 1])) { perror(">>> /etc/ld.so.preload file write"); success = 0; break; @@ -659,7 +641,7 @@ main(int argc, char **argv) setenv(ENV_SANDBOX_LOG, sandbox_log, 1); snprintf(sandbox_debug_log, sizeof(sandbox_debug_log), "%s%s%s", - DEBUG_LOG_FILE_PREFIX, pid_string, LOG_FILE_EXT); + DEBUG_LOG_FILE_PREFIX, pid_string, LOG_FILE_EXT); setenv(ENV_SANDBOX_DEBUG_LOG, sandbox_debug_log, 1); home_dir = getenv("HOME"); @@ -673,9 +655,10 @@ main(int argc, char **argv) * this, access is denied to /var/tmp, hurtin' ebuilds. */ - { char *e; + { + char *e; e = getenv("PORTAGE_TMPDIR"); - if ( e && ( strlen(e) < sizeof(portage_tmp_dir)-1 ) && (strlen(e) > 1) ) + if (e && (strlen(e) < sizeof(portage_tmp_dir) - 1) && (strlen(e) > 1)) realpath(e, portage_tmp_dir); } @@ -702,7 +685,7 @@ main(int argc, char **argv) if (NULL != portage_tmp_dir) chdir(portage_tmp_dir); - argv_bash = (char **) malloc(6 * sizeof (char *)); + argv_bash = (char **)malloc(6 * sizeof(char *)); argv_bash[0] = strdup("/bin/bash"); argv_bash[1] = strdup("-rcfile"); argv_bash[2] = strdup(sandbox_rc); @@ -712,7 +695,7 @@ main(int argc, char **argv) else argv_bash[3] = strdup(run_str); /* "-c" */ - argv_bash[4] = NULL; /* strdup(run_arg); */ + argv_bash[4] = NULL; /* strdup(run_arg); */ argv_bash[5] = NULL; if (argc >= 2) { @@ -722,9 +705,7 @@ main(int argc, char **argv) else len = strlen(argv_bash[4]); - argv_bash[4] = - (char *) realloc(argv_bash[4], - (len + strlen(argv[i]) + 2) * sizeof (char)); + argv_bash[4] = (char *)realloc(argv_bash[4], (len + strlen(argv[i]) + 2) * sizeof(char)); if (0 == len) argv_bash[4][0] = 0; @@ -775,8 +756,7 @@ main(int argc, char **argv) else sprintf(pid_string, "%d\n", pids_array[i]); - if (write(pids_file, pid_string, strlen(pid_string)) != - strlen(pid_string)) { + if (write(pids_file, pid_string, strlen(pid_string)) != strlen(pid_string)) { perror(">>> pids file write"); success = 0; break; @@ -801,8 +781,7 @@ main(int argc, char **argv) /* STARTING PROTECTED ENVIRONMENT */ if (print_debug) { printf("The protected environment has been started.\n"); - printf - ("--------------------------------------------------------------------------------\n"); + printf("--------------------------------------------------------------------------------\n"); } if (print_debug) @@ -831,8 +810,7 @@ main(int argc, char **argv) cleanup(); if (print_debug) { - printf - ("========================== Gentoo linux path sandbox ===========================\n"); + printf("========================== Gentoo linux path sandbox ===========================\n"); printf("The protected environment has been shut down.\n"); } @@ -849,8 +827,7 @@ main(int argc, char **argv) sandbox_log_file = -1; } else if (print_debug) { - printf - ("--------------------------------------------------------------------------------\n"); + printf("--------------------------------------------------------------------------------\n"); } if ((sandbox_log_presence) || (!success)) @@ -860,4 +837,4 @@ main(int argc, char **argv) } } -// vim:expandtab noai:cindent ai +// vim:noexpandtab noai:cindent ai @@ -65,4 +65,4 @@ int file_exist(char *filename, int checkmode); #endif -// vim:expandtab noai:cindent ai +// vim:noexpandtab noai:cindent ai diff --git a/sandbox_futils.c b/sandbox_futils.c index 8bdd6a8..b9ea29f 100644 --- a/sandbox_futils.c +++ b/sandbox_futils.c @@ -34,12 +34,10 @@ int file_security_check(char *filename); /* END Prototypes */ - /* glibc modified getcwd() functions */ char *egetcwd(char *, size_t); -char * -get_sandbox_path(char *argv0) +char *get_sandbox_path(char *argv0) { char path[255]; char *cwd = NULL; @@ -47,11 +45,11 @@ get_sandbox_path(char *argv0) memset(path, 0, sizeof(path)); /* ARGV[0] specifies full path */ if (argv0[0] == '/') { - strncpy(path, argv0, sizeof(path)-1); + strncpy(path, argv0, sizeof(path) - 1); /* ARGV[0] specifies relative path */ } else { - egetcwd(cwd, sizeof(path)-2); + egetcwd(cwd, sizeof(path) - 2); snprintf(path, sizeof(path), "%s/%s", cwd, argv0); if (cwd) free(cwd); @@ -62,15 +60,14 @@ get_sandbox_path(char *argv0) return (sb_dirname(path)); } -char * -get_sandbox_lib(char *sb_path) +char *get_sandbox_lib(char *sb_path) { char path[255]; #ifdef SB_HAVE_64BIT_ARCH - snprintf(path, sizeof(path), "%s", LIB_NAME); + snprintf(path, sizeof(path), "%s", LIB_NAME); #else - snprintf(path, sizeof(path), "%s/%s", LIBSANDBOX_PATH,LIB_NAME); + snprintf(path, sizeof(path), "%s/%s", LIBSANDBOX_PATH, LIB_NAME); if (file_exist(path, 0) <= 0) { snprintf(path, sizeof(path), "%s%s", sb_path, LIB_NAME); } @@ -78,8 +75,7 @@ get_sandbox_lib(char *sb_path) return (strdup(path)); } -char * -get_sandbox_pids_file(void) +char *get_sandbox_pids_file(void) { if (0 < getenv("SANDBOX_PIDS_FILE")) { return (strdup(getenv("SANDBOX_PIDS_FILE"))); @@ -87,8 +83,7 @@ get_sandbox_pids_file(void) return (strdup(PIDS_FILE)); } -char * -get_sandbox_rc(char *sb_path) +char *get_sandbox_rc(char *sb_path) { char path[255]; @@ -99,8 +94,7 @@ get_sandbox_rc(char *sb_path) return (strdup(path)); } -char * -get_sandbox_log() +char *get_sandbox_log() { char path[255]; char *sandbox_log_env = NULL; @@ -110,16 +104,14 @@ get_sandbox_log() */ sandbox_log_env = getenv(ENV_SANDBOX_LOG); - snprintf(path, sizeof(path)-1, "%s%s%s%d%s", LOG_FILE_PREFIX, - ( sandbox_log_env == NULL ? "" : sandbox_log_env ), - ( sandbox_log_env == NULL ? "" : "-" ), - getpid(), LOG_FILE_EXT); + snprintf(path, sizeof(path) - 1, "%s%s%s%d%s", LOG_FILE_PREFIX, + (sandbox_log_env == NULL ? "" : sandbox_log_env), + (sandbox_log_env == NULL ? "" : "-"), getpid(), LOG_FILE_EXT); return (strdup(path)); } /* Obtain base directory name. Do not allow trailing / */ -char * -sb_dirname(const char *path) +char *sb_dirname(const char *path) { char *ret = NULL; char *ptr = NULL; @@ -142,7 +134,7 @@ sb_dirname(const char *path) /* Remove any trailing slash */ for (i = loc - 1; i >= 0; i--) { if (path[i] != '/') { - cut_len = i + 1; /* make cut_len the length of the string to keep */ + cut_len = i + 1; /* make cut_len the length of the string to keep */ break; } } @@ -152,7 +144,7 @@ sb_dirname(const char *path) return (strdup("")); /* Allocate memory, and return the directory */ - ret = (char *) malloc((cut_len + 1) * sizeof (char)); + ret = (char *)malloc((cut_len + 1) * sizeof(char)); memcpy(ret, path, cut_len); ret[cut_len] = 0; @@ -184,8 +176,7 @@ char* dirname(const char* path) }*/ /* Convert text (string) modes to integer values */ -int -file_getmode(char *mode) +int file_getmode(char *mode) { int mde = 0; if (0 == strcasecmp(mode, "r+")) { @@ -207,15 +198,13 @@ file_getmode(char *mode) } /* Get current position in file */ -long -file_tell(int fp) +long file_tell(int fp) { return (lseek(fp, 0L, SEEK_CUR)); } /* lock the file, preferrably the POSIX way */ -int -file_lock(int fd, int lock, char *filename) +int file_lock(int fd, int lock, char *filename) { int err; #ifdef USE_FLOCK @@ -241,8 +230,7 @@ file_lock(int fd, int lock, char *filename) } /* unlock the file, preferrably the POSIX way */ -int -file_unlock(int fd) +int file_unlock(int fd) { #ifdef USE_FLOCK if (flock(fd, LOCK_UN) < 0) { @@ -267,17 +255,16 @@ file_unlock(int fd) /* Auto-determine from how the file was opened, what kind of lock to lock * the file with */ -int -file_locktype(char *mode) +int file_locktype(char *mode) { #ifdef USE_FLOCK if (NULL != (strchr(mode, 'w')) || (NULL != strchr(mode, '+')) - || (NULL != strchr(mode, 'a'))) + || (NULL != strchr(mode, 'a'))) return (LOCK_EX); return (LOCK_SH); #else if (NULL != (strchr(mode, 'w')) || (NULL != strchr(mode, '+')) - || (NULL != strchr(mode, 'a'))) + || (NULL != strchr(mode, 'a'))) return (F_WRLCK); return (F_RDLCK); #endif @@ -286,8 +273,7 @@ file_locktype(char *mode) /* Use standard fopen style modes to open the specified file. Also auto-determines and * locks the file either in shared or exclusive mode depending on opening mode */ -int -file_open(char *filename, char *mode, int perm_specified, ...) +int file_open(char *filename, char *mode, int perm_specified, ...) { int fd; char error[250]; @@ -295,7 +281,7 @@ file_open(char *filename, char *mode, int perm_specified, ...) int perm; char *group = NULL; struct group *group_struct; - + file_security_check(filename); if (perm_specified) { @@ -331,8 +317,8 @@ file_open(char *filename, char *mode, int perm_specified, ...) } /* Only lock the file if opening succeeded */ if (-1 != fd) { - if(file_security_check(filename) != 0) { - /* Security violation occured between the last check and the */ + if (file_security_check(filename) != 0) { + /* Security violation occured between the last check and the */ /* creation of the file. As SpanKY pointed out there is a race */ /* condition here, so if there is a problem here we'll mesg and */ /* bail out to avoid it until we can work and test a better fix. */ @@ -352,8 +338,7 @@ file_open(char *filename, char *mode, int perm_specified, ...) } /* Close and unlock file */ -void -file_close(int fd) +void file_close(int fd) { if (-1 != fd) { file_unlock(fd); @@ -362,8 +347,7 @@ file_close(int fd) } /* Return length of file */ -long -file_length(int fd) +long file_length(int fd) { long pos, len; pos = file_tell(fd); @@ -373,8 +357,7 @@ file_length(int fd) } /* Zero out file */ -int -file_truncate(int fd) +int file_truncate(int fd) { lseek(fd, 0L, SEEK_SET); if (ftruncate(fd, 0) < 0) { @@ -385,8 +368,7 @@ file_truncate(int fd) } /* Check to see if a file exists Return: 1 success, 0 file not found, -1 error */ -int -file_exist(char *filename, int checkmode) +int file_exist(char *filename, int checkmode) { struct stat mystat; @@ -396,7 +378,7 @@ file_exist(char *filename, int checkmode) /* file doesn't exist */ if (ENOENT == errno) { return 0; - } else { /* permission denied or other error */ + } else { /* permission denied or other error */ perror(">>> stat file"); return -1; } @@ -410,7 +392,7 @@ file_exist(char *filename, int checkmode) /* file does not exist */ if (ENOENT == errno) { return 0; - } else { /* permission denied or other error */ + } else { /* permission denied or other error */ perror(">>> stat file"); return -1; } @@ -420,95 +402,75 @@ file_exist(char *filename, int checkmode) return 1; } -int file_security_check(char *filename) { /* 0 == fine, >0 == problem */ +int file_security_check(char *filename) +{ /* 0 == fine, >0 == problem */ struct stat stat_buf; struct group *group_buf; struct passwd *passwd_buf; - + passwd_buf = getpwnam("portage"); group_buf = getgrnam("portage"); - if((lstat(filename, &stat_buf) == -1) && (errno == ENOENT)) { + if ((lstat(filename, &stat_buf) == -1) && (errno == ENOENT)) { /* Doesn't exist. */ return 0; - } - else { - if((stat_buf.st_nlink) > 1) { /* Security: We are handlinked... */ - if(unlink(filename)) { - fprintf(stderr, - "Unable to delete file in security violation (hardlinked): %s\n", - filename); + } else { + if ((stat_buf.st_nlink) > 1) { /* Security: We are handlinked... */ + if (unlink(filename)) { + fprintf(stderr, "Unable to delete file in security violation (hardlinked): %s\n", filename); exit(127); } - fprintf(stderr, - "File in security violation (hardlinked): %s\n", - filename); + fprintf(stderr, "File in security violation (hardlinked): %s\n", filename); return 1; - } - else if(S_ISLNK(stat_buf.st_mode)) { /* Security: We are a symlink? */ - fprintf(stderr, - "File in security violation (symlink): %s\n", - filename); + } else if (S_ISLNK(stat_buf.st_mode)) { /* Security: We are a symlink? */ + fprintf(stderr, "File in security violation (symlink): %s\n", filename); exit(127); - } - else if(0 == S_ISREG(stat_buf.st_mode)) { /* Security: special file */ - fprintf(stderr, - "File in security violation (not regular): %s\n", - filename); + } else if (0 == S_ISREG(stat_buf.st_mode)) { /* Security: special file */ + fprintf(stderr, "File in security violation (not regular): %s\n", filename); exit(127); - } - else if(stat_buf.st_mode & S_IWOTH) { /* Security: We are o+w? */ - if(unlink(filename)) { - fprintf(stderr, - "Unable to delete file in security violation (world write): %s\n", - filename); + } else if (stat_buf.st_mode & S_IWOTH) { /* Security: We are o+w? */ + if (unlink(filename)) { + fprintf(stderr, "Unable to delete file in security violation (world write): %s\n", filename); exit(127); } - fprintf(stderr, - "File in security violation (world write): %s\n", - filename); + fprintf(stderr, "File in security violation (world write): %s\n", filename); return 1; - } - else if( - !((stat_buf.st_uid == 0) || (stat_buf.st_uid == getuid()) || ((passwd_buf!=NULL) && (stat_buf.st_uid == passwd_buf->pw_uid))) || - !((stat_buf.st_gid == 0) || (stat_buf.st_gid == getgid()) || ((group_buf !=NULL) && (stat_buf.st_gid == group_buf->gr_gid))) - ) { /* Security: Owner/Group isn't right. */ - + } else + if (!((stat_buf.st_uid == 0) || (stat_buf.st_uid == getuid()) || + ((passwd_buf != NULL) && (stat_buf.st_uid == passwd_buf->pw_uid))) || + !((stat_buf.st_gid == 0) || (stat_buf.st_gid == getgid()) || + ((group_buf != NULL) && (stat_buf.st_gid == group_buf->gr_gid)))) { + /* Security: Owner/Group isn't right. */ + /* uid = 0 or myuid or portage */ /* gid = 0 or mygid or portage */ - - if(0) { - fprintf(stderr, "--1: %d,%d,%d,%d\n--2: %d,%d,%d,%d\n", + if (0) { + fprintf(stderr, "--1: %d,%d,%d,%d\n--2: %d,%d,%d,%d\n", (stat_buf.st_uid == 0), (stat_buf.st_uid == getuid()), - (passwd_buf!=NULL), - (passwd_buf!=NULL)? (stat_buf.st_uid == passwd_buf->pw_uid) : -1, - - (stat_buf.st_gid == 0), + (passwd_buf != NULL), + (passwd_buf != NULL) ? (stat_buf.st_uid == passwd_buf->pw_uid) : -1, + (stat_buf.st_gid == 0), (stat_buf.st_gid == getgid()), - (group_buf !=NULL), - (group_buf !=NULL)? (stat_buf.st_gid == group_buf->gr_gid) : -1); + (group_buf != NULL), + (group_buf != NULL) ? (stat_buf.st_gid == group_buf->gr_gid) : -1); } - + /* manpage: "The return value may point to static area" */ /* DO NOT ACTUALLY FREE THIS... It'll segfault. */ /* if(passwd_buf != NULL) { free(passwd_buf); } */ /* if(group_buf != NULL) { free(group_buf); } */ - - if(unlink(filename)) { - fprintf(stderr, - "Unable to delete file in security violation (bad owner/group): %s\n", - filename); + + if (unlink(filename)) { + fprintf(stderr, "Unable to delete file in security violation (bad owner/group): %s\n", filename); exit(127); } - fprintf(stderr, - "File in security violation (bad owner/group): %s\n", - filename); + fprintf(stderr, "File in security violation (bad owner/group): %s\n", filename); return 1; } - } /* Stat */ + } /* Stat */ return 0; } -// vim:expandtab noai:cindent ai +// vim:noexpandtab noai:cindent ai |