From 8022def6f05bf40e1c6e0fd15d77ed0ecf5c3406 Mon Sep 17 00:00:00 2001 From: Cristian Toader Date: Mon, 29 Jul 2013 16:30:39 +0300 Subject: [PATCH] added openat parameter filter --- src/common/sandbox.c | 19 ++++++++++++++----- src/common/sandbox.h | 4 +++- src/common/util.c | 4 +++- src/or/main.c | 2 ++ 4 files changed, 22 insertions(+), 7 deletions(-) diff --git a/src/common/sandbox.c b/src/common/sandbox.c index 2e8467d7c1..efadeca84e 100644 --- a/src/common/sandbox.c +++ b/src/common/sandbox.c @@ -117,7 +117,6 @@ static int filter_nopar_gen[] = { SCMP_SYS(mprotect), SCMP_SYS(mremap), SCMP_SYS(munmap), - SCMP_SYS(openat), SCMP_SYS(poll), SCMP_SYS(prctl), SCMP_SYS(read), @@ -158,7 +157,7 @@ static int filter_nopar_gen[] = { }; const char* -sandbox_intern_string(char *param) +sandbox_intern_string(const char *param) { int i, filter_size; sandbox_cfg_t *elem; @@ -228,15 +227,25 @@ prot_strdup(char* str) int sandbox_cfg_allow_open_filename(sandbox_cfg_t **cfg, char *file) { - sandbox_cfg_t *elem = (sandbox_cfg_t*) malloc(sizeof(sandbox_cfg_t)); + sandbox_cfg_t *elem = NULL; + intptr_t prot_str = (intptr_t) prot_strdup((char*) file); + elem = (sandbox_cfg_t*) malloc(sizeof(sandbox_cfg_t)); elem->syscall = SCMP_SYS(open); elem->pindex = 0; elem->ptype = PARAM_PTR; - elem->param = (intptr_t) prot_strdup((char*) file); + elem->param = prot_str; elem->prot = 1; + elem->next = filter_dynamic; + filter_dynamic = elem; - // fifo + // also allow openat + elem = (sandbox_cfg_t*) malloc(sizeof(sandbox_cfg_t)); + elem->syscall = SCMP_SYS(openat); + elem->pindex = 1; + elem->ptype = PARAM_PTR; + elem->param = prot_str; + elem->prot = 1; elem->next = filter_dynamic; filter_dynamic = elem; diff --git a/src/common/sandbox.h b/src/common/sandbox.h index 9acf8c4a97..104d832bc1 100644 --- a/src/common/sandbox.h +++ b/src/common/sandbox.h @@ -29,7 +29,9 @@ */ #ifdef __linux__ +#ifndef __USE_GNU #define __USE_GNU +#endif #include #define MAX_PARAM_LEN 64 @@ -80,7 +82,7 @@ typedef struct pfd_elem sandbox_cfg_t; void sandbox_set_debugging_fd(int fd); int tor_global_sandbox(void); -const char* sandbox_intern_string(char *param); +const char* sandbox_intern_string(const char *param); sandbox_cfg_t * sandbox_cfg_new(); int sandbox_cfg_allow_open_filename(sandbox_cfg_t **cfg, char *file); diff --git a/src/common/util.c b/src/common/util.c index 651554ed23..75462b68a1 100644 --- a/src/common/util.c +++ b/src/common/util.c @@ -24,6 +24,7 @@ #include "torint.h" #include "container.h" #include "address.h" +#include "../common/sandbox.h" #ifdef _WIN32 #include @@ -3042,6 +3043,7 @@ smartlist_t * tor_listdir(const char *dirname) { smartlist_t *result; + const char *prot_dname = sandbox_intern_string(dirname); #ifdef _WIN32 char *pattern=NULL; TCHAR tpattern[MAX_PATH] = {0}; @@ -3085,7 +3087,7 @@ tor_listdir(const char *dirname) #else DIR *d; struct dirent *de; - if (!(d = opendir(dirname))) + if (!(d = opendir(prot_dname))) return NULL; result = smartlist_new(); diff --git a/src/or/main.c b/src/or/main.c index 269d3fd9ba..d50f239e67 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -2644,6 +2644,8 @@ sandbox_init_filter() { sandbox_cfg_t *cfg = sandbox_cfg_new(); + sandbox_cfg_allow_open_filename(&cfg, + get_datadir_fname("cached-status")); sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("cached-certs")); sandbox_cfg_allow_open_filename(&cfg,