From 2b8b95c186881a5abe295efba52d54ee7b8f4979 Mon Sep 17 00:00:00 2001 From: Mike Frysinger Date: Sun, 20 Dec 2009 21:13:40 -0500 Subject: libsandbox: catch calls to remove() People rarely use this, but all it takes is one lame package. URL: http://bugs.gentoo.org/297684 Reported-by: Pacho Ramos Signed-off-by: Mike Frysinger --- libsandbox/libsandbox.c | 2 ++ libsandbox/symbols.h.in | 1 + libsandbox/wrapper-funcs/remove.c | 12 ++++++++++++ tests/Makefile.am | 1 + tests/remove-0.c | 12 ++++++++++++ tests/remove-1.sh | 7 +++++++ tests/remove.at | 1 + tests/testsuite.at | 2 ++ tests/unlink-1.sh | 7 +++++++ tests/unlink.at | 1 + 10 files changed, 46 insertions(+) create mode 100644 libsandbox/wrapper-funcs/remove.c create mode 100644 tests/remove-0.c create mode 100755 tests/remove-1.sh create mode 100644 tests/remove.at create mode 100755 tests/unlink-1.sh create mode 100644 tests/unlink.at diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c index 70c30b2..fd3d2ea 100644 --- a/libsandbox/libsandbox.c +++ b/libsandbox/libsandbox.c @@ -637,6 +637,7 @@ static bool symlink_func(int sb_nr, int flags, const char *abs_path) if (!(sb_nr == SB_NR_UNLINK || sb_nr == SB_NR_UNLINKAT || sb_nr == SB_NR_LCHOWN || + sb_nr == SB_NR_REMOVE || sb_nr == SB_NR_RENAME || sb_nr == SB_NR_SYMLINK)) { @@ -736,6 +737,7 @@ static int check_access(sbcontext_t *sbcontext, int sb_nr, const char *func, sb_nr == SB_NR_MKNOD || sb_nr == SB_NR_MKNODAT || sb_nr == SB_NR_OPEN_WR || + sb_nr == SB_NR_REMOVE || sb_nr == SB_NR_RENAME || sb_nr == SB_NR_RENAMEAT || sb_nr == SB_NR_RMDIR || diff --git a/libsandbox/symbols.h.in b/libsandbox/symbols.h.in index b674b5e..cf33e72 100644 --- a/libsandbox/symbols.h.in +++ b/libsandbox/symbols.h.in @@ -31,6 +31,7 @@ mkfifo mkfifoat access faccessat +remove rename renameat rmdir diff --git a/libsandbox/wrapper-funcs/remove.c b/libsandbox/wrapper-funcs/remove.c new file mode 100644 index 0000000..10b3c0e --- /dev/null +++ b/libsandbox/wrapper-funcs/remove.c @@ -0,0 +1,12 @@ +/* + * remove() wrapper. + * + * Copyright 1999-2009 Gentoo Foundation + * Licensed under the GPL-2 + */ + +#define WRAPPER_ARGS_PROTO const char *pathname +#define WRAPPER_ARGS pathname +#define WRAPPER_SAFE() SB_SAFE(pathname) +#define WRAPPER_PRE_CHECKS() sb_unlinkat_pre_check(STRING_NAME, pathname, AT_FDCWD) +#include "__wrapper_simple.c" diff --git a/tests/Makefile.am b/tests/Makefile.am index 6405bc6..5f9702c 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -43,6 +43,7 @@ check_PROGRAMS = \ openat_static-0 \ openat64-0 \ opendir-0 \ + remove-0 \ rename-0 \ renameat-0 \ signal_static-0 \ diff --git a/tests/remove-0.c b/tests/remove-0.c new file mode 100644 index 0000000..1e9444f --- /dev/null +++ b/tests/remove-0.c @@ -0,0 +1,12 @@ +#define FUNC remove +#define SFUNC "remove" +#define FUNC_STR "\"%s\"" +#define FUNC_IMP path +#define ARG_CNT 1 +#define ARG_USE "" + +#define process_args() \ + s = argv[i++]; \ + char *path = s; + +#include "test-skel-0.c" diff --git a/tests/remove-1.sh b/tests/remove-1.sh new file mode 100755 index 0000000..89c2a7e --- /dev/null +++ b/tests/remove-1.sh @@ -0,0 +1,7 @@ +#!/bin/sh +# make sure we catch openat with relative path +[ "${at_xfail}" = "yes" ] && exit 77 # see trace-0 + +export SANDBOX_LOG=$PWD/sb.log +remove-0 -1 f +test -e sb.log diff --git a/tests/remove.at b/tests/remove.at new file mode 100644 index 0000000..081d7d2 --- /dev/null +++ b/tests/remove.at @@ -0,0 +1 @@ +SB_CHECK(1) diff --git a/tests/testsuite.at b/tests/testsuite.at index 846dc80..ca0f09c 100644 --- a/tests/testsuite.at +++ b/tests/testsuite.at @@ -26,6 +26,7 @@ sb_inc([open]) sb_inc([open_static]) sb_inc([openat]) sb_inc([openat_static]) +sb_inc([remove]) sb_inc([rename]) sb_inc([renameat]) sb_inc([sb_printf]) @@ -33,6 +34,7 @@ sb_inc([script]) sb_inc([signal_static]) sb_inc([symlink]) sb_inc([symlinkat]) +sb_inc([unlink]) sb_inc([utimensat]) sb_inc([utimensat_static]) sb_inc([vfork]) diff --git a/tests/unlink-1.sh b/tests/unlink-1.sh new file mode 100755 index 0000000..74d4403 --- /dev/null +++ b/tests/unlink-1.sh @@ -0,0 +1,7 @@ +#!/bin/sh +# make sure we catch openat with relative path +[ "${at_xfail}" = "yes" ] && exit 77 # see trace-0 + +export SANDBOX_LOG=$PWD/sb.log +unlink-0 -1 f +test -e sb.log diff --git a/tests/unlink.at b/tests/unlink.at new file mode 100644 index 0000000..081d7d2 --- /dev/null +++ b/tests/unlink.at @@ -0,0 +1 @@ +SB_CHECK(1) -- cgit v1.2.3-18-g5258