aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAvatar Ali Polatel <alip@exherbo.org> 2012-08-13 16:44:55 +0300
committerAvatar Ali Polatel <alip@exherbo.org> 2012-08-13 16:44:55 +0300
commitdb08e1df36ca22f30c1b7f23f76d8a58c87888ac (patch)
treefb22bf758ab8f0518febb35cfe849b35c757ad6e
parent74db029d910bcb913a6caa8b8f2e5ddc231000cd (diff)
downloadsydbox-db08e1df36ca22f30c1b7f23f76d8a58c87888ac.tar.gz
sydbox-db08e1df36ca22f30c1b7f23f76d8a58c87888ac.tar.xz
magic API version, don't recognize invalid strings as magic
-rw-r--r--src/syd-path.c12
-rw-r--r--src/syd-path.h8
-rw-r--r--src/syd-syscall.c15
3 files changed, 29 insertions, 6 deletions
diff --git a/src/syd-path.c b/src/syd-path.c
index ffcee17..4f9d3ac 100644
--- a/src/syd-path.c
+++ b/src/syd-path.c
@@ -54,11 +54,21 @@ static char *shell_expand(const char * const str)
return output;
}
-inline bool path_magic_dir(const char *path)
+inline bool path_magic_prefix(const char *path)
{
return (0 == strncmp(path, CMD_PATH, sizeof(CMD_PATH) - 2));
}
+inline bool path_magic_dir(const char *path)
+{
+ return (0 == strncmp(path, CMD_DIR, sizeof(CMD_DIR)));
+}
+
+inline bool path_magic_api_match(const char *path)
+{
+ return (0 == strncmp(path, CMD_API_VERSION, sizeof(CMD_API_VERSION)));
+}
+
inline bool path_magic_on(const char *path)
{
return (0 == strncmp(path, CMD_ON, sizeof(CMD_ON)));
diff --git a/src/syd-path.h b/src/syd-path.h
index 47f423f..2252b98 100644
--- a/src/syd-path.h
+++ b/src/syd-path.h
@@ -25,7 +25,9 @@
#include <glib.h>
-#define CMD_PATH "/dev/sydbox/"
+#define CMD_DIR "/dev/sydbox"
+#define CMD_PATH CMD_DIR"/"
+#define CMD_API_VERSION CMD_PATH"0"
#define CMD_ON CMD_PATH"on"
#define CMD_OFF CMD_PATH"off"
#define CMD_TOGGLE CMD_PATH"toggle"
@@ -55,8 +57,12 @@
#define CMD_NET_WHITELIST_CONNECT CMD_PATH"net/whitelist/connect/"
#define CMD_NET_UNWHITELIST_CONNECT CMD_PATH"net/unwhitelist/connect/"
+bool path_magic_prefix(const char *path);
+
bool path_magic_dir(const char *path);
+bool path_magic_api_match(const char *path);
+
bool path_magic_on(const char *path);
bool path_magic_off(const char *path);
diff --git a/src/syd-syscall.c b/src/syd-syscall.c
index f13ce93..18743f4 100644
--- a/src/syd-syscall.c
+++ b/src/syd-syscall.c
@@ -323,12 +323,21 @@ static void syscall_magic_stat(struct tchild *child, struct checkdata *data)
struct sydbox_addr *addr;
g_debug("checking if stat(\"%s\") is magic", path);
- if (G_LIKELY(!path_magic_dir(path))) {
+ if (G_LIKELY(!path_magic_prefix(path))) {
g_debug("stat(\"%s\") not magic", path);
return;
}
- if (path_magic_on(path)) {
+ if (path_magic_dir(path)) {
+ data->result = RS_MAGIC;
+ }
+ else if (path_magic_api_match(path)) {
+ data->result = RS_MAGIC;
+ }
+ else if (child->sandbox->path && path_magic_enabled(path)) {
+ data->result = RS_MAGIC;
+ }
+ else if (path_magic_on(path)) {
data->result = RS_MAGIC;
child->sandbox->path = true;
g_info("path sandboxing is now enabled for child %i", child->pid);
@@ -552,8 +561,6 @@ static void syscall_magic_stat(struct tchild *child, struct checkdata *data)
}
g_strfreev(expaddr);
}
- else if (child->sandbox->path || !path_magic_enabled(path))
- data->result = RS_MAGIC;
if (data->result == RS_MAGIC) {
g_debug("stat(\"%s\") is magic, encoding stat buffer", path);