libsandbox: use ptrace on apps that interpose their own allocator

If an app installs its own memory allocator by overriding the internal
glibc symbols, then we can easily hit a loop that cannot be broken: the
dlsym functions can attempt to allocate memory, and sandbox relies on
them to find the "real" functions.  So when someone calls a symbol that
the sandbox protects, we call dlsym, and that calls malloc, which calls
back into the app, and their allocator might use another symbol such as
open ... which is protected by the sandbox.  So we hit the loop like:
  -> open -> libsandbox:open -> dlsym -> malloc -> open ->
     libsandbox:open -> dlsym -> malloc -> ...

Change the exec checking logic to scan the ELF instead.  If it exports
these glibc symbols, then we have to assume it can trigger a loop, so
scrub the sandbox environment to prevent us from being loaded.  Then we
use the out-of-process tracer (i.e. ptrace).  This should generally be
as robust anyways ... if it's not, that's a bug we want to fix as this
is the same code used for static apps.

URL: http://crbug.com/586444
Reported-by: Ryo Hashimoto <hashimoto@chromium.org>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>

1 files changed, 1 insertions, 1 deletions

diff --git a/libsandbox/libsandbox.h b/libsandbox/libsandbox.h
index 596084d..63882e7 100644
--- a/libsandbox/libsandbox.h
+++ b/libsandbox/libsandbox.h
@@ -56,7 +56,7 @@ void *get_dlsym(const char *symname, const char *symver);
 
 extern char sandbox_lib[SB_PATH_MAX];
 extern bool sandbox_on;
-char **sb_check_envp(char **envp, size_t *mod_cnt);
+char **sb_check_envp(char **envp, size_t *mod_cnt, bool insert);
 void sb_cleanup_envp(char **envp, size_t mod_cnt);
 extern pid_t trace_pid;