diff options
| author |   cvs-fast-export <cvs-fast-export> | 2003-02-22 19:51:43 +0000 |
|---|---|---|
| committer | cvs-fast-export <cvs-fast-export> | 2003-02-22 19:51:43 +0000 |
| commit | 6629e0cc8e78d40019531139b11c9a58a26aab2b (patch) | |
| tree | cd037301b7e67e23016e6e1908d374d25f2b5d2e | |
| parent | make rsync retry on exit(10) -- connection refused (diff) | |
| download | portage-cvs-portage_2_0_47_r3.tar.gz portage-cvs-portage_2_0_47_r3.tar.bz2 portage-cvs-portage_2_0_47_r3.zip | |
Synthetic commit for incomplete tag portage_2_0_47_r3portage_2_0_47_r3
| -rw-r--r-- | src/sandbox-1.1/ChangeLog | 30 | ||||
| -rw-r--r-- | src/sandbox-1.1/sandbox.c | 366 |
2 files changed, 175 insertions, 221 deletions
diff --git a/src/sandbox-1.1/ChangeLog b/src/sandbox-1.1/ChangeLog index 16c8301..9a4b834 100644 --- a/src/sandbox-1.1/ChangeLog +++ b/src/sandbox-1.1/ChangeLog @@ -1,30 +1,18 @@ # ChangeLog for Path Sandbox # Copyright 2002 Gentoo Technologies, Inc.; Distributed under the GPL v2 -# $Header: /local/data/ulm/cvs/history/var/cvsroot/gentoo-src/portage/src/sandbox-1.1/Attic/ChangeLog,v 1.13 2003/02/22 15:59:15 azarah Exp $ +# $Header: /local/data/ulm/cvs/history/var/cvsroot/gentoo-src/portage/src/sandbox-1.1/Attic/ChangeLog,v 1.12 2003/02/22 13:44:52 carpaski Exp $ - 22 Feb 2003; Martin Schlemmer <azarah@gentoo.org> sandbox.c : + 22 Feb 2003; Nicholas Jones <carpaski@gentoo.org> Makefile: Changed the LD + to CC for hppa. - Some /etc/ld.so.preload fixes. Just changed the #if defines to cover all - operations releated to preload, as well as only try to modify ld.so.preload - if we can. Also modify to write the pid to /tmp/sandboxpids.tmp even when - not using ld.so.preload. Fix to not write this instance of sandbox's pid - to /tmp/sandboxpids.tmp on exit if this is not the last sandbox running. + 22 Feb 2003; Nicholas Jones <carpaski@gentoo.org> create-localdecls: killed + the previous changes I made. - 22 Feb 2003; Nicholas Jones <carpaski@gentoo.org> Makefile : - - Changed the LD to CC for hppa. - - 22 Feb 2003; Nicholas Jones <carpaski@gentoo.org> create-localdecls : - - Killed the previous changes I made. + 17 Feb 2003; Nicholas Jones <carpaski@gentoo.org> create-localdecls: Added + parisc to BROKEN_RTLD_ARCHLIST to see if it we can fix the relocation probs. - 17 Feb 2003; Nicholas Jones <carpaski@gentoo.org> create-localdecls : - - Added parisc to BROKEN_RTLD_ARCHLIST to see if it we can fix the relocation probs. - - 09 Jan 2003; J Robert Ray <jrray@gentoo.org> sandbox.c : - - Don't segfault if $HOME isn't set, set $HOME to "/" instead. Fixes bug 10868. + 09 Jan 2003; J Robert Ray <jrray@gentoo.org> sandbox.c : Don't segfault if + $HOME isn't set, set $HOME to "/" instead. Fixes bug 10868. 16 Dec 2002; Martin Schlemmer <azarah@gentoo.org> create-localdecls : diff --git a/src/sandbox-1.1/sandbox.c b/src/sandbox-1.1/sandbox.c index 70476a3..621faec 100644 --- a/src/sandbox-1.1/sandbox.c +++ b/src/sandbox-1.1/sandbox.c @@ -1,17 +1,17 @@ /* -** Path sandbox for the gentoo linux portage package system, initially -** based on the ROCK Linux Wrapper for getting a list of created files +** Path sandbox for the gentoo linux portage package system, initially +** based on the ROCK Linux Wrapper for getting a list of created files ** ** to integrate with bash, bash should have been built like this ** ** ./configure --prefix=<prefix> --host=<host> --without-gnu-malloc ** ** it's very important that the --enable-static-link option is NOT specified -** -** Copyright (C) 2001 Geert Bevin, Uwyn, http://www.uwyn.com -** Distributed under the terms of the GNU General Public License, v2 or later -** Author : Geert Bevin <gbevin@uwyn.com> -** $Header: /local/data/ulm/cvs/history/var/cvsroot/gentoo-src/portage/src/sandbox-1.1/Attic/sandbox.c,v 1.9 2003/02/22 15:59:15 azarah Exp $ +** +** Copyright (C) 2001 Geert Bevin, Uwyn, http://www.uwyn.com +** Distributed under the terms of the GNU General Public License, v2 or later +** Author : Geert Bevin <gbevin@uwyn.com> +** $Header: /local/data/ulm/cvs/history/var/cvsroot/gentoo-src/portage/src/sandbox-1.1/Attic/sandbox.c,v 1.8 2003/01/10 05:54:46 jrray Exp $ */ #define _GNU_SOURCE @@ -66,10 +66,9 @@ int load_active_pids(int fd, int **pids) while (1) { /* Find new line */ ptr2 = strchr(ptr, '\n'); - if (ptr2 == NULL) - break; /* No more PIDs */ + if (ptr2 == NULL) break; /* No more PIDs */ - /* Clear the \n. And ptr should have a null-terminated decimal string */ + /* clear the \n. And ptr should have a null-terminated decimal string */ ptr2[0] = 0; my_pid = atoi(ptr); @@ -85,9 +84,7 @@ int load_active_pids(int fd, int **pids) ptr = ptr2 + 1; } - if (data) - free(data); - data = NULL; + if (data) free(data); return num_pids; } @@ -121,12 +118,11 @@ int load_preload_libs(int fd, char ***preloads) /* Find new line */ ptr2 = strchr(ptr, '\n'); - /* Clear the \n. And ptr should have a null-terminated decimal string + /* clear the \n. And ptr should have a null-terminated decimal string * Don't break from the loop though because the last line may not * terminated with a \n */ - if (NULL != ptr2) - ptr2[0] = 0; + if (NULL != ptr2) ptr2[0] = 0; /* If listing does not match our libname, add it to the array */ if ((strlen(ptr)) && (NULL == strstr(ptr, LIB_NAME))) { @@ -135,16 +131,13 @@ int load_preload_libs(int fd, char ***preloads) num_entries++; } - if (NULL == ptr2) - break; /* No more PIDs */ + if (NULL == ptr2) break; /* No more PIDs */ /* Put ptr past the NULL we just wrote */ ptr = ptr2 + 1; } - if (data) - free(data); - data = NULL; + if (data) free(data); return num_entries; } @@ -164,14 +157,13 @@ void cleanup() #endif - /* Remove this sandbox's bash pid from the global pids + /* remove this sandbox's bash pid from the global pids * file if it has rights to adapt the ld.so.preload file */ if ((1 == preload_adaptable) && (0 == cleaned_up)) { cleaned_up = 1; success = 1; - if (print_debug) - printf("Cleaning up pids file.\n"); + if (print_debug) printf("Cleaning up pids file.\n"); /* Stat the PIDs file, make sure it exists and is a regular file */ if (file_exist(PIDS_FILE, 1) <= 0) { @@ -195,19 +187,18 @@ void cleanup() #ifdef USE_LD_SO_PRELOAD /* clean the /etc/ld.so.preload file if no other sandbox - * processes are running anymore */ + * processes are running anymore */ if (1 == num_of_pids) { success = 1; - if (print_debug) - printf("Cleaning up /etc/ld.so.preload.\n"); - + if (print_debug) printf("Cleaning up /etc/ld.so.preload.\n"); + preload_file = file_open("/etc/ld.so.preload", "r+", 0); if (-1 != preload_file) { /* Load all the preload libraries into an array */ num_of_preloads = load_preload_libs(preload_file, &preload_array); //printf("num preloads: %d\r\n", num_of_preloads); - /* Clear file */ + /* Clear file */ file_truncate(preload_file); /* store the other preload libraries back into the /etc/ld.so.preload file */ @@ -222,13 +213,12 @@ void cleanup() } } - /* Free memory used to store preload array */ + /* Free memory used to store preload array */ for (i = 0; i < num_of_preloads; i++) { if (preload_array[i]) free(preload_array[i]); preload_array[i] = NULL; } - if (preload_array) - free(preload_array); + if (preload_array) free(preload_array); preload_array = NULL; file_close(preload_file); @@ -242,14 +232,11 @@ void cleanup() /* if pids are still running, write only the running pids back to the file */ if(num_of_pids > 1) { for (i = 0; i < num_of_pids; i++) { - if (pids_array[i] != getpid()) { - sprintf(pid_string, "%d\n", pids_array[i]); - - if (write(pids_file, pid_string, strlen(pid_string)) != strlen(pid_string)) { - perror(">>> pids file write"); - success = 0; - break; - } + sprintf(pid_string, "%d\n", pids_array[i]); + if (write(pids_file, pid_string, strlen(pid_string)) != strlen(pid_string)) { + perror(">>> pids file write"); + success = 0; + break; } } @@ -264,13 +251,15 @@ void cleanup() unlink(PIDS_FILE); } - if (pids_array != NULL) + if (pids_array != NULL) { free(pids_array); - pids_array = NULL; + pids_array = NULL; + } } - if (0 == success) + if (0 == success) { return; + } } void stop(int signum) @@ -378,8 +367,9 @@ int print_sandbox_log(char *sandbox_log) char *buffer = NULL; sandbox_log_file=file_open(sandbox_log, "r", 0); - if (-1 == sandbox_log_file) + if (-1 == sandbox_log_file) { return 0; + } len = file_length(sandbox_log_file); buffer = (char *)malloc((len + 1)*sizeof(char)); @@ -391,21 +381,21 @@ int print_sandbox_log(char *sandbox_log) printf("\e[31;01mLOG FILE = \"%s\"\033[0m\n", sandbox_log); printf("\n"); printf("%s", buffer); - if (buffer) - free(buffer); - buffer = NULL; + if (buffer) free(buffer); buffer = NULL; printf("\e[31;01m--------------------------------------------------------------------------------\033[0m\n"); beep_count_env = getenv(ENV_SANDBOX_BEEP); - if (beep_count_env) + if (beep_count_env) { beep_count = atoi(beep_count_env); - else + } else { beep_count = DEFAULT_BEEP_COUNT; + } for (i = 0; i < beep_count; i++) { fputc('\a', stderr); - if (i < beep_count -1) + if (i < beep_count -1) { sleep(1); + } } return 1; } @@ -420,10 +410,8 @@ int spawn_shell(char *argv_bash[]) long len = 0; while (1) { - if (NULL == argv_bash[i]) - break; - if (NULL != sh) - len = strlen(sh); + if (NULL == argv_bash[i]) break; + if (NULL != sh) len = strlen(sh); sh = (char *)realloc(sh, len+strlen(argv_bash[i]) + 5); if (first) { sh[0] = 0; @@ -438,12 +426,10 @@ int spawn_shell(char *argv_bash[]) } printf("%s\n", sh); ret = system(sh); - if (sh) - free(sh); + if (sh) free(sh); sh = NULL; - if (-1 == ret) - return 0; + if (-1 == ret) return 0; return 1; #else @@ -464,8 +450,7 @@ int spawn_shell(char *argv_bash[]) return 0; } ret = waitpid(pid, &status, 0); - if ((-1 == ret) || (status > 0)) - return 0; + if ((-1 == ret) || (status > 0)) return 0; # endif return 1; #endif @@ -474,9 +459,7 @@ int spawn_shell(char *argv_bash[]) int main(int argc, char** argv) { int i = 0, success = 1; -#ifdef USE_LD_SO_PRELOAD int preload_file = -1; -#endif int sandbox_log_presence = 0; int sandbox_log_file = -1; int pids_file = -1; @@ -506,11 +489,12 @@ int main(int argc, char** argv) #endif /* Only print info if called with no arguments .... */ - if (argc < 2) + if (argc < 2) { print_debug = 1; + } + + if (print_debug) printf("========================== Gentoo linux path sandbox ===========================\n"); - if (print_debug) - printf("========================== Gentoo linux path sandbox ===========================\n"); /* check if a sandbox is already running */ if (NULL != getenv(ENV_SANDBOX_ON)) { @@ -519,34 +503,29 @@ int main(int argc, char** argv) } else { /* determine the location of all the sandbox support files */ - if (print_debug) - printf("Detection of the support files.\n"); + if (print_debug) printf("Detection of the support files.\n"); /* Generate base sandbox path */ tmp_string = get_sandbox_path(argv[0]); strncpy(sandbox_dir, tmp_string, 254); - if (tmp_string) - free(tmp_string); + if (tmp_string) free(tmp_string); tmp_string = NULL; strcat(sandbox_dir, "/"); /* Generate sandbox lib path */ tmp_string = get_sandbox_lib(sandbox_dir); strncpy(sandbox_lib, tmp_string, 254); - if (tmp_string) - free(tmp_string); + if (tmp_string) free(tmp_string); tmp_string = NULL; /* Generate sandbox bashrc path */ tmp_string = get_sandbox_rc(sandbox_dir); strncpy(sandbox_rc, tmp_string, 254); - if (tmp_string) - free(tmp_string); + if (tmp_string) free(tmp_string); tmp_string = NULL; /* verify the existance of required files */ - if (print_debug) - printf("Verification of the required files.\n"); + if (print_debug) printf("Verification of the required files.\n"); if (file_exist(sandbox_lib, 0) <= 0) { fprintf(stderr, "Could not open the sandbox library at '%s'.\n", sandbox_lib); @@ -558,8 +537,8 @@ int main(int argc, char** argv) #ifdef USE_LD_SO_PRELOAD /* ensure that the /etc/ld.so.preload file contains an entry for the sandbox lib */ - if (print_debug) - printf("Setting up the ld.so.preload file.\n"); + if (print_debug) printf("Setting up the ld.so.preload file.\n"); +#endif /* check if the /etc/ld.so.preload is a regular file */ if (file_exist("/etc/ld.so.preload", 1) < 0) { @@ -568,76 +547,69 @@ int main(int argc, char** argv) } if (getuid() == 0) { - /* Our r+ also will create the file if it doesn't exist */ - preload_file=file_open("/etc/ld.so.preload", "r+", 1, 0644); - if (-1 == preload_file) { - preload_adaptable = 0; -/* exit(1);*/ - } + /* Our r+ also will create the file if it doesn't exist */ + preload_file=file_open("/etc/ld.so.preload", "r+", 1, 0644); + if (-1 == preload_file) { + preload_adaptable = 0; + /* exit(1);*/ + } } else { - /* Avoid permissions warnings if we're not root */ - preload_adaptable = 0; + /* avoid permissions warnings if we're not root */ + preload_adaptable = 0; } - /* Only update /etc/ld.so.preload if we can write to it ... */ - if (1 == preload_adaptable) { - /* Load entries of preload table */ - num_of_preloads = load_preload_libs(preload_file, &preload_array); +#ifdef USE_LD_SO_PRELOAD + /* Load entries of preload table */ + num_of_preloads = load_preload_libs(preload_file, &preload_array); - /* Zero out our ld.so.preload file */ - file_truncate(preload_file); + /* Zero out our ld.so.preload file */ + file_truncate(preload_file); - /* Write contents of preload file */ - for (i = 0; i < num_of_preloads + 1; i++) { - /* First entry should be our sandbox library */ - if (0 == i) { - if (write(preload_file, sandbox_lib, strlen(sandbox_lib)) != strlen(sandbox_lib)) { - perror(">>> /etc/ld.so.preload file write"); - success = 0; - break; - } - } else { - /* Output all other preload entries */ - if (write(preload_file, preload_array[i - 1], strlen(preload_array[i - 1])) != strlen(preload_array[i - 1])) { - perror(">>> /etc/ld.so.preload file write"); - success = 0; - break; - } + /* Write contents of preload file */ + for (i = 0; i < num_of_preloads + 1; i++) { + /* First entry should be our sandbox library */ + if (0 == i) { + if (write(preload_file, sandbox_lib, strlen(sandbox_lib)) != strlen(sandbox_lib)) { + perror(">>> /etc/ld.so.preload file write"); + success = 0; + break; } - /* Don't forget the return character after each line! */ - if (1 != write(preload_file, "\n", 1)) { + } else { + /* Output all other preload entries */ + if (write(preload_file, preload_array[i - 1], strlen(preload_array[i - 1])) != strlen(preload_array[i - 1])) { perror(">>> /etc/ld.so.preload file write"); success = 0; break; } } - - for (i = 0; i < num_of_preloads; i++) { - if (preload_array[i]) - free(preload_array[i]); - preload_array[i] = NULL; + /* Don't forget the return character after each line! */ + if (1 != write(preload_file, "\n", 1)) { + perror(">>> /etc/ld.so.preload file write"); + success = 0; + break; } - if (preload_array) - free(preload_array); - num_of_preloads = 0; - preload_array = NULL; } + for (i = 0; i < num_of_preloads; i++) { + if (preload_array[i]) free(preload_array[i]); + preload_array[i] = NULL; + } + if (preload_array) free(preload_array); + num_of_preloads = 0; + preload_array = NULL; +#endif + /* That's all we needed to do with the preload file */ - if (0 < preload_file) - file_close(preload_file); + file_close(preload_file); preload_file = -1; -#endif - + /* set up the required environment variables */ - if (print_debug) - printf("Setting up the required environment variables.\n"); + if (print_debug) printf("Setting up the required environment variables.\n"); /* Generate sandbox log full path */ tmp_string=get_sandbox_log(); strncpy(sandbox_log, tmp_string, 254); - if (tmp_string) - free(tmp_string); + if (tmp_string) free(tmp_string); tmp_string = NULL; setenv(ENV_SANDBOX_LOG, sandbox_log, 1); @@ -647,8 +619,8 @@ int main(int argc, char** argv) home_dir = getenv("HOME"); if (!home_dir) { - home_dir = "/tmp"; - setenv("HOME", home_dir, 1); + home_dir = "/"; + setenv("HOME", "/", 1); } /* drobbins: we need to expand these paths using realpath() so that PORTAGE_TMPDIR @@ -664,11 +636,13 @@ int main(int argc, char** argv) setenv(ENV_SANDBOX_LIB, sandbox_lib, 1); setenv("LD_PRELOAD", sandbox_lib, 1); - if (!getenv(ENV_SANDBOX_DENY)) + if (!getenv(ENV_SANDBOX_DENY)) { setenv(ENV_SANDBOX_DENY, LD_PRELOAD_FILE, 1); + } - if (!getenv(ENV_SANDBOX_READ)) + if (!getenv(ENV_SANDBOX_READ)) { setenv(ENV_SANDBOX_READ, "/", 1); + } /* Set up Sandbox Write path */ setenv_sandbox_write(home_dir, portage_tmp_dir, var_tmp_dir, tmp_dir); @@ -677,36 +651,29 @@ int main(int argc, char** argv) setenv(ENV_SANDBOX_ON, "1", 0); /* if the portage temp dir was present, cd into it */ - if (NULL != portage_tmp_dir) + if (NULL != portage_tmp_dir) { chdir(portage_tmp_dir); + } argv_bash=(char **)malloc(6 * sizeof(char *)); argv_bash[0] = strdup("/bin/bash"); argv_bash[1] = strdup("-rcfile"); argv_bash[2] = strdup(sandbox_rc); - - if (argc < 2) + if (argc < 2) { argv_bash[3] = NULL; - else + } else { argv_bash[3] = strdup(run_str); /* "-c" */ - + } argv_bash[4] = NULL; /* strdup(run_arg); */ argv_bash[5] = NULL; if (argc >= 2) { for (i = 1; i< argc; i++) { - if (NULL == argv_bash[4]) - len = 0; - else - len = strlen(argv_bash[4]); - + if (NULL == argv_bash[4]) len = 0; + else len = strlen(argv_bash[4]); argv_bash[4]=(char *)realloc(argv_bash[4], (len + strlen(argv[i]) + 2) * sizeof(char)); - - if (0 == len) - argv_bash[4][0] = 0; - if (1 != i) - strcat(argv_bash[4], " "); - + if (0 == len) argv_bash[4][0] = 0; + if (1 != i) strcat(argv_bash[4], " "); strcat(argv_bash[4], argv[i]); } } @@ -748,51 +715,51 @@ int main(int argc, char** argv) setenv("SANDBOX_ACTIVE", "armedandready", 1); - /* Load our PID into PIDs file */ - success = 1; - if (file_exist(PIDS_FILE, 1) < 0) { - success = 0; - fprintf(stderr, ">>> %s is not a regular file", PIDS_FILE); - } else { - pids_file = file_open(PIDS_FILE, "r+", 1, 0644); - if (-1 == pids_file) + + /* Load our PID into PIDs file if environment is adaptable */ + if (preload_adaptable) { + success = 1; + if (file_exist(PIDS_FILE, 1) < 0) { success = 0; - } - if (1 == success) { - /* Grab still active pids */ - num_of_pids = load_active_pids(pids_file, &pids_array); - - /* Zero out file */ - file_truncate(pids_file); - - /* Output active pids, and append our pid */ - for (i = 0; i < num_of_pids + 1; i++) { - /* Time for our entry */ - if (i == num_of_pids) - sprintf(pid_string, "%d\n", getpid()); - else - sprintf(pid_string, "%d\n", pids_array[i]); - - if (write(pids_file, pid_string, strlen(pid_string)) != strlen(pid_string)) { - perror(">>> pids file write"); - success = 0; - break; + fprintf(stderr, ">>> pids file is not a regular file"); + } else { + pids_file=file_open(PIDS_FILE, "r+", 1, 0644); + if (-1 == pids_file) { + success = 0; + } else { + /* Grab still active pids */ + num_of_pids = load_active_pids(pids_file, &pids_array); + + /* Zero out file */ + file_truncate(pids_file); + + /* Output active pids, and append our pid */ + for (i = 0; i < num_of_pids + 1; i++) { + /* Time for our entry */ + if (i == num_of_pids) { + sprintf(pid_string, "%d\n", getpid()); + } else { + sprintf(pid_string, "%d\n", pids_array[i]); + } + if (write(pids_file, pid_string, strlen(pid_string)) != strlen(pid_string)) { + perror(">>> /etc/ld.so.preload file write"); + success = 0; + break; + } } - } - /* Clean pids_array */ - if (pids_array) - free(pids_array); - pids_array = NULL; - num_of_pids = 0; + /* Clean pids_array */ + if (pids_array) free(pids_array); + pids_array = NULL; + num_of_pids = 0; - /* We're done with the pids file */ - file_close(pids_file); + /* We're done with the pids file */ + file_close(pids_file); + } } /* Something went wrong, bail out */ - if (0 == success) { - perror(">>> pids file write"); - exit(1); + if (success == 0) + exit(1); } /* STARTING PROTECTED ENVIRONMENT */ @@ -801,28 +768,25 @@ int main(int argc, char** argv) printf("--------------------------------------------------------------------------------\n"); } - if (print_debug) - printf("Shell being started in forked process.\n"); + if (print_debug) printf("Shell being started in forked process.\n"); /* Start Bash */ if (!spawn_shell(argv_bash)) { - if (print_debug) - fprintf(stderr, ">>> shell process failed to spawn\n"); + if (print_debug) fprintf(stderr, ">>> shell process failed to spawn\n"); success = 0; } /* Free bash stuff */ for (i = 0; i < 6; i++) { - if (argv_bash[i]) - free(argv_bash[i]); - argv_bash[i] = NULL; + if (argv_bash[i]) free(argv_bash[i]); + argv_bash[i] = NULL; } - if (argv_bash) - free(argv_bash); + if (argv_bash) free(argv_bash); argv_bash = NULL; - if (print_debug) + if (print_debug) { printf("Cleaning up sandbox process\n"); + } cleanup(); @@ -834,23 +798,25 @@ int main(int argc, char** argv) if (file_exist(sandbox_log, 0)) { sandbox_log_presence = 1; success = 1; - if (!print_sandbox_log(sandbox_log)) + if (!print_sandbox_log(sandbox_log)) { success = 0; + } #if 0 - if (!success) + if (!success) { exit(1); + } #endif - sandbox_log_file = -1; } else if (print_debug) { printf("--------------------------------------------------------------------------------\n"); } - if ((sandbox_log_presence) || (!success)) + if ((sandbox_log_presence) || (!success)) { return 1; - else + } else { return 0; + } } } |