diff options
| author |   Mike Frysinger <vapier@gentoo.org> | 2013-02-22 22:03:08 -0500 |
|---|---|---|
| committer | Mike Frysinger <vapier@gentoo.org> | 2013-02-24 23:17:28 -0500 |
| commit | d8b21b35fd536af8411975ad05eab85f89e84a2e (patch) | |
| tree | 51aca3066603474d8b8b17d09b4cad1dbad89d4a | |
| parent | add a new message env var (diff) | |
| download | sandbox-d8b21b35fd536af8411975ad05eab85f89e84a2e.tar.gz sandbox-d8b21b35fd536af8411975ad05eab85f89e84a2e.tar.bz2 sandbox-d8b21b35fd536af8411975ad05eab85f89e84a2e.zip | |
libsandbox: fix early var init
In commit 5498907383c7f1654188b6a0d02d8b03112a28c3, we tried to fix
handling of ELFs that had their own constructors. Unfortunately,
this broke use cases like `env -i` that screw with the environment
before we get a chance to extract our settings.
URL: http://bugs.gentoo.org/404013
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
| -rw-r--r-- | TODO | 2 | ||||
| -rw-r--r-- | libsandbox/libsandbox.c | 33 |
2 files changed, 27 insertions, 8 deletions
@@ -25,3 +25,5 @@ handle multiple processing writing to log simultaneously doesnt seem to work quite right: echo $(./vfork-0 ./mkdir_static-0 2>&1) + +handle env var modification inside of traced apps diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c index 0ec5fe1..5d9a796 100644 --- a/libsandbox/libsandbox.c +++ b/libsandbox/libsandbox.c @@ -50,6 +50,7 @@ static char debug_log_path[SB_PATH_MAX]; static char message_path[SB_PATH_MAX]; bool sandbox_on = true; static bool sb_init = false; +static bool sb_env_init = false; int (*sbio_open)(const char *, int, mode_t) = sb_unwrapped_open; FILE *(*sbio_popen)(const char *, const char *) = sb_unwrapped_popen; @@ -62,6 +63,29 @@ static void init_env_entries(char ***, int *, const char *, const char *, int); const char *sbio_message_path; const char sbio_fallback_path[] = "/dev/tty"; +/* We need to initialize these vars before main(). This is to handle programs + * (like `env`) that will clear the environment before making any syscalls + * other than execve(). At that point, trying to get the settings is too late. + * However, we might still need to init the env vars in the syscall wrapper for + * programs that have their own constructors. #404013 + */ +__attribute__((constructor)) +void libsb_init(void) +{ + if (sb_env_init) + /* Ah, we already saw a syscall */ + return; + sb_env_init = true; + + /* Get the path and name to this library */ + get_sandbox_lib(sandbox_lib); + + get_sandbox_log(log_path, NULL); + get_sandbox_debug_log(debug_log_path, NULL); + get_sandbox_message_path(message_path); + sbio_message_path = message_path; +} + /* resolve_dirfd_path - get the path relative to a dirfd * * return value: @@ -937,14 +961,7 @@ bool before_syscall(int dirfd, int sb_nr, const char *func, const char *file, in sb_lock(); if (!sb_init) { - /* Get the path and name to this library */ - get_sandbox_lib(sandbox_lib); - - get_sandbox_log(log_path, NULL); - get_sandbox_debug_log(debug_log_path, NULL); - get_sandbox_message_path(message_path); - sbio_message_path = message_path; - + libsb_init(); init_context(&sbcontext); sb_init = true; } |