aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Frysinger <vapier@gentoo.org>2009-12-21 02:13:40 (GMT)
committerMike Frysinger <vapier@gentoo.org>2009-12-21 02:13:40 (GMT)
commit2b8b95c186881a5abe295efba52d54ee7b8f4979 (patch)
treea816b987ca247c6b1997f8918c3ad71e634df551
parenttests: make signal code a bit more flexible (diff)
downloadsandbox-2b8b95c186881a5abe295efba52d54ee7b8f4979.zip
sandbox-2b8b95c186881a5abe295efba52d54ee7b8f4979.tar.gz
sandbox-2b8b95c186881a5abe295efba52d54ee7b8f4979.tar.bz2
libsandbox: catch calls to remove()
People rarely use this, but all it takes is one lame package. URL: http://bugs.gentoo.org/297684 Reported-by: Pacho Ramos <pacho@gentoo.org> Signed-off-by: Mike Frysinger <vapier@gentoo.org>
-rw-r--r--libsandbox/libsandbox.c2
-rw-r--r--libsandbox/symbols.h.in1
-rw-r--r--libsandbox/wrapper-funcs/remove.c12
-rw-r--r--tests/Makefile.am1
-rw-r--r--tests/remove-0.c12
-rwxr-xr-xtests/remove-1.sh7
-rw-r--r--tests/remove.at1
-rw-r--r--tests/testsuite.at2
-rwxr-xr-xtests/unlink-1.sh7
-rw-r--r--tests/unlink.at1
10 files changed, 46 insertions, 0 deletions
diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c
index 70c30b2..fd3d2ea 100644
--- a/libsandbox/libsandbox.c
+++ b/libsandbox/libsandbox.c
@@ -637,6 +637,7 @@ static bool symlink_func(int sb_nr, int flags, const char *abs_path)
if (!(sb_nr == SB_NR_UNLINK ||
sb_nr == SB_NR_UNLINKAT ||
sb_nr == SB_NR_LCHOWN ||
+ sb_nr == SB_NR_REMOVE ||
sb_nr == SB_NR_RENAME ||
sb_nr == SB_NR_SYMLINK))
{
@@ -736,6 +737,7 @@ static int check_access(sbcontext_t *sbcontext, int sb_nr, const char *func,
sb_nr == SB_NR_MKNOD ||
sb_nr == SB_NR_MKNODAT ||
sb_nr == SB_NR_OPEN_WR ||
+ sb_nr == SB_NR_REMOVE ||
sb_nr == SB_NR_RENAME ||
sb_nr == SB_NR_RENAMEAT ||
sb_nr == SB_NR_RMDIR ||
diff --git a/libsandbox/symbols.h.in b/libsandbox/symbols.h.in
index b674b5e..cf33e72 100644
--- a/libsandbox/symbols.h.in
+++ b/libsandbox/symbols.h.in
@@ -31,6 +31,7 @@ mkfifo
mkfifoat
access
faccessat
+remove
rename
renameat
rmdir
diff --git a/libsandbox/wrapper-funcs/remove.c b/libsandbox/wrapper-funcs/remove.c
new file mode 100644
index 0000000..10b3c0e
--- /dev/null
+++ b/libsandbox/wrapper-funcs/remove.c
@@ -0,0 +1,12 @@
+/*
+ * remove() wrapper.
+ *
+ * Copyright 1999-2009 Gentoo Foundation
+ * Licensed under the GPL-2
+ */
+
+#define WRAPPER_ARGS_PROTO const char *pathname
+#define WRAPPER_ARGS pathname
+#define WRAPPER_SAFE() SB_SAFE(pathname)
+#define WRAPPER_PRE_CHECKS() sb_unlinkat_pre_check(STRING_NAME, pathname, AT_FDCWD)
+#include "__wrapper_simple.c"
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 6405bc6..5f9702c 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -43,6 +43,7 @@ check_PROGRAMS = \
openat_static-0 \
openat64-0 \
opendir-0 \
+ remove-0 \
rename-0 \
renameat-0 \
signal_static-0 \
diff --git a/tests/remove-0.c b/tests/remove-0.c
new file mode 100644
index 0000000..1e9444f
--- /dev/null
+++ b/tests/remove-0.c
@@ -0,0 +1,12 @@
+#define FUNC remove
+#define SFUNC "remove"
+#define FUNC_STR "\"%s\""
+#define FUNC_IMP path
+#define ARG_CNT 1
+#define ARG_USE "<path>"
+
+#define process_args() \
+ s = argv[i++]; \
+ char *path = s;
+
+#include "test-skel-0.c"
diff --git a/tests/remove-1.sh b/tests/remove-1.sh
new file mode 100755
index 0000000..89c2a7e
--- /dev/null
+++ b/tests/remove-1.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+# make sure we catch openat with relative path
+[ "${at_xfail}" = "yes" ] && exit 77 # see trace-0
+
+export SANDBOX_LOG=$PWD/sb.log
+remove-0 -1 f
+test -e sb.log
diff --git a/tests/remove.at b/tests/remove.at
new file mode 100644
index 0000000..081d7d2
--- /dev/null
+++ b/tests/remove.at
@@ -0,0 +1 @@
+SB_CHECK(1)
diff --git a/tests/testsuite.at b/tests/testsuite.at
index 846dc80..ca0f09c 100644
--- a/tests/testsuite.at
+++ b/tests/testsuite.at
@@ -26,6 +26,7 @@ sb_inc([open])
sb_inc([open_static])
sb_inc([openat])
sb_inc([openat_static])
+sb_inc([remove])
sb_inc([rename])
sb_inc([renameat])
sb_inc([sb_printf])
@@ -33,6 +34,7 @@ sb_inc([script])
sb_inc([signal_static])
sb_inc([symlink])
sb_inc([symlinkat])
+sb_inc([unlink])
sb_inc([utimensat])
sb_inc([utimensat_static])
sb_inc([vfork])
diff --git a/tests/unlink-1.sh b/tests/unlink-1.sh
new file mode 100755
index 0000000..74d4403
--- /dev/null
+++ b/tests/unlink-1.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+# make sure we catch openat with relative path
+[ "${at_xfail}" = "yes" ] && exit 77 # see trace-0
+
+export SANDBOX_LOG=$PWD/sb.log
+unlink-0 -1 f
+test -e sb.log
diff --git a/tests/unlink.at b/tests/unlink.at
new file mode 100644
index 0000000..081d7d2
--- /dev/null
+++ b/tests/unlink.at
@@ -0,0 +1 @@
+SB_CHECK(1)