mirror of https://github.com/omar-polo/gmid.git
move all sandbox-related code to sandbox.c
while there, add capsicum for the logger process
This commit is contained in:
parent
ad5301d1a0
commit
62e001b067
16
ex.c
16
ex.c
|
@ -270,23 +270,9 @@ handle_dispatch_imsg(int fd, short ev, void *d)
|
|||
int
|
||||
executor_main(struct imsgbuf *ibuf)
|
||||
{
|
||||
struct vhost *vhost;
|
||||
struct event evs[PROC_MAX], imsgev;
|
||||
int i;
|
||||
|
||||
#ifdef __OpenBSD__
|
||||
for (vhost = hosts; vhost->domain != NULL; ++vhost) {
|
||||
/* r so we can chdir into the correct directory */
|
||||
if (unveil(vhost->dir, "rx") == -1)
|
||||
err(1, "unveil %s for domain %s",
|
||||
vhost->dir, vhost->domain);
|
||||
}
|
||||
|
||||
/* rpath to chdir into the correct directory */
|
||||
if (pledge("stdio rpath sendfd proc exec", NULL))
|
||||
err(1, "pledge");
|
||||
#endif
|
||||
|
||||
event_init();
|
||||
|
||||
if (ibuf != NULL) {
|
||||
|
@ -301,6 +287,8 @@ executor_main(struct imsgbuf *ibuf)
|
|||
event_add(&evs[i], NULL);
|
||||
}
|
||||
|
||||
sandbox_executor_process();
|
||||
|
||||
event_dispatch();
|
||||
|
||||
return 1;
|
||||
|
|
4
gmid.h
4
gmid.h
|
@ -294,7 +294,9 @@ int recv_fd(int);
|
|||
int executor_main(struct imsgbuf*);
|
||||
|
||||
/* sandbox.c */
|
||||
void sandbox(void);
|
||||
void sandbox_server_process(void);
|
||||
void sandbox_executor_process(void);
|
||||
void sandbox_logger_process(void);
|
||||
|
||||
/* utf8.c */
|
||||
int valid_multibyte_utf8(struct parser*);
|
||||
|
|
5
log.c
5
log.c
|
@ -270,10 +270,7 @@ logger_main(int fd, struct imsgbuf *ibuf)
|
|||
event_set(&imsgev, fd, EV_READ | EV_PERSIST, &handle_dispatch_imsg, ibuf);
|
||||
event_add(&imsgev, NULL);
|
||||
|
||||
#ifdef __OpenBSD__
|
||||
if (pledge("stdio", NULL) == -1)
|
||||
err(1, "pledge");
|
||||
#endif
|
||||
sandbox_logger_process();
|
||||
|
||||
event_dispatch();
|
||||
|
||||
|
|
|
@ -48,6 +48,13 @@ struct suite {
|
|||
{NULL, NULL}
|
||||
};
|
||||
|
||||
void
|
||||
sandbox_logger_process(void)
|
||||
{
|
||||
/* to make the linker happy! */
|
||||
return;
|
||||
}
|
||||
|
||||
int
|
||||
main(int argc, char **argv)
|
||||
{
|
||||
|
|
81
sandbox.c
81
sandbox.c
|
@ -21,7 +21,22 @@
|
|||
#include <sys/capsicum.h>
|
||||
|
||||
void
|
||||
sandbox()
|
||||
sandbox_server_process(void)
|
||||
{
|
||||
if (cap_enter() == -1)
|
||||
fatal("cap_enter");
|
||||
}
|
||||
|
||||
void
|
||||
sandbox_executor_process(void)
|
||||
{
|
||||
/* We cannot capsicum the executor process because it needs
|
||||
* to fork(2)+execve(2) cgi scripts */
|
||||
return;
|
||||
}
|
||||
|
||||
void
|
||||
sandbox_logger_process(void)
|
||||
{
|
||||
if (cap_enter() == -1)
|
||||
fatal("cap_enter");
|
||||
|
@ -124,7 +139,7 @@ sandbox_seccomp_catch_sigsys(void)
|
|||
#endif /* SC_DEBUG */
|
||||
|
||||
void
|
||||
sandbox()
|
||||
sandbox_server_process(void)
|
||||
{
|
||||
struct sock_filter filter[] = {
|
||||
/* load the *current* architecture */
|
||||
|
@ -239,12 +254,30 @@ sandbox()
|
|||
__func__, strerror(errno));
|
||||
}
|
||||
|
||||
void
|
||||
sandbox_executor_process(void)
|
||||
{
|
||||
/* We cannot use seccomp for the executor process because we
|
||||
* don't know what the child will do. Also, our filter will
|
||||
* be inherited so the child cannot set its own seccomp
|
||||
* policy. */
|
||||
return;
|
||||
}
|
||||
|
||||
void
|
||||
sandbox_logger_process(void)
|
||||
{
|
||||
/* To be honest, here we could use a seccomp policy to only
|
||||
* allow writev(2) and memory allocations. */
|
||||
return;
|
||||
}
|
||||
|
||||
#elif defined(__OpenBSD__)
|
||||
|
||||
#include <unistd.h>
|
||||
|
||||
void
|
||||
sandbox()
|
||||
sandbox_server_process(void)
|
||||
{
|
||||
struct vhost *h;
|
||||
|
||||
|
@ -257,12 +290,50 @@ sandbox()
|
|||
fatal("pledge");
|
||||
}
|
||||
|
||||
#else
|
||||
void
|
||||
sandbox_executor_process(void)
|
||||
{
|
||||
struct vhost *vhost;
|
||||
|
||||
for (vhost = hosts; vhost->domain != NULL; ++vhost) {
|
||||
/* r so we can chdir into the correct directory */
|
||||
if (unveil(vhost->dir, "rx") == -1)
|
||||
err(1, "unveil %s for domain %s",
|
||||
vhost->dir, vhost->domain);
|
||||
}
|
||||
|
||||
/* rpath to chdir into the correct directory */
|
||||
if (pledge("stdio rpath sendfd proc exec", NULL))
|
||||
err(1, "pledge");
|
||||
}
|
||||
|
||||
void
|
||||
sandbox()
|
||||
sandbox_logger_process(void)
|
||||
{
|
||||
if (pledge("stdio", NULL) == -1)
|
||||
err(1, "pledge");
|
||||
}
|
||||
|
||||
#else
|
||||
|
||||
#warning "No sandbox method known for this OS"
|
||||
|
||||
void
|
||||
sandbox_server_process(void)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
void
|
||||
sandbox_executor_process(void)
|
||||
{
|
||||
log_notice(NULL, "no sandbox method known for this OS");
|
||||
}
|
||||
|
||||
void
|
||||
sandbox_logger_process(void)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
|
Loading…
Reference in New Issue