1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
|
Patch from Kevin F. Quinn at https://bugs.gentoo.org/show_bug.cgi?id=135745
Already applied in sandbox svn
Makes sandboxed open() calls return the normal error conditions if the
file in question does not exist, without causing a sandbox violation.
This allows programs to use open() to test for file existance, regardless
of read-write flags. This is not revealing any further information about
the backing system because this data was already available through stat().
Index: src/libsandbox.c
===================================================================
--- src/libsandbox.c.orig
+++ src/libsandbox.c
@@ -80,6 +80,9 @@
#define FUNCTION_SANDBOX_SAFE_ACCESS(_func, _path, _flags) \
((0 == is_sandbox_on()) || (1 == before_syscall_access(_func, _path, _flags)))
+#define FUNCTION_SANDBOX_FAIL_OPEN_INT(_func, _path, _flags) \
+ ((0 == is_sandbox_on()) || (1 == before_syscall_open_int(_func, _path, _flags)))
+
#define FUNCTION_SANDBOX_SAFE_OPEN_INT(_func, _path, _flags) \
((0 == is_sandbox_on()) || (1 == before_syscall_open_int(_func, _path, _flags)))
@@ -388,6 +391,16 @@ static FILE * (*true_ ## _name) (const c
FILE *_name(const char *pathname, const char *mode) \
{ \
FILE *result = NULL; \
+ int my_errno = errno; \
+ struct stat st; \
+\
+ if (mode!=NULL && mode[0]=='r') { \
+ /* If we're trying to read, fail normally if file does not stat */\
+ if (-1 == stat(pathname, &st)) { \
+ return NULL; \
+ } \
+ } \
+ errno = my_errno; \
\
if FUNCTION_SANDBOX_SAFE_OPEN_CHAR("fopen", pathname, mode) { \
check_dlsym(_name); \
@@ -561,12 +574,20 @@ int _name(const char *pathname, int flag
va_list ap; \
int mode = 0; \
int result = -1; \
+ int my_errno = errno; \
+ struct stat st; \
\
if (flags & O_CREAT) { \
va_start(ap, flags); \
mode = va_arg(ap, int); \
va_end(ap); \
+ } else { \
+ /* If we're not trying to create, fail normally if file does not stat */\
+ if (-1 == stat(pathname, &st)) { \
+ return -1; \
+ } \
} \
+ errno = my_errno; \
\
if FUNCTION_SANDBOX_SAFE_OPEN_INT("open", pathname, flags) { \
check_dlsym(_name); \
@@ -726,6 +747,16 @@ static FILE * (*true_ ## _name) (const c
FILE *_name(const char *pathname, const char *mode) \
{ \
FILE *result = NULL; \
+ int my_errno = errno; \
+ struct stat64 st; \
+\
+ if (mode!=NULL && mode[0]=='r') { \
+ /* If we're trying to read, fail normally if file does not stat */\
+ if (-1 == stat64(pathname, &st)) { \
+ return NULL; \
+ } \
+ } \
+ errno = my_errno; \
\
if FUNCTION_SANDBOX_SAFE_OPEN_CHAR("fopen64", pathname, mode) { \
check_dlsym(_name); \
@@ -746,12 +777,20 @@ int _name(const char *pathname, int flag
va_list ap; \
int mode = 0; \
int result = -1; \
+ int my_errno = errno; \
+ struct stat64 st; \
\
if (flags & O_CREAT) { \
va_start(ap, flags); \
mode = va_arg(ap, int); \
va_end(ap); \
+ } else { \
+ /* If we're not trying to create, fail normally if file does not stat */\
+ if (-1 == stat64(pathname, &st)) { \
+ return -1; \
+ } \
} \
+ errno = my_errno; \
\
if FUNCTION_SANDBOX_SAFE_OPEN_INT("open64", pathname, flags) { \
check_dlsym(_name); \
|
GitWeb