diff options
| author |   Mike Frysinger <vapier@gentoo.org> | 2021-10-18 18:06:39 -0400 |
|---|---|---|
| committer | Mike Frysinger <vapier@gentoo.org> | 2021-11-02 20:05:25 -0400 |
| commit | ba41b3b01c573a4f942605142a5a0d2f08b4c799 (patch) | |
| tree | d1adbadd648af1039d5ecdff435220903bf91749 /tests | |
| parent | bump to sandbox-3.0 (diff) | |
| download | sandbox-ba41b3b01c573a4f942605142a5a0d2f08b4c799.tar.gz sandbox-ba41b3b01c573a4f942605142a5a0d2f08b4c799.tar.bz2 sandbox-ba41b3b01c573a4f942605142a5a0d2f08b4c799.zip | |
libsandbox: fix ptracing children
The ptrace logic was largely built around the assumption of execing a
single static binary and that's it. But there's nothing stopping it
from also forking & creating children. Today, that means children do
not get tracked for problems.
One major known issue is that the sandbox env is frozen upon launch.
So once we switch to ptrace mode, it's not possible for traced code
to disable sandboxing or otherwise reconfigure it. Currently that
shouldn't be a big deal as we assume the main execution environment
(i.e. bash) is dynamic, and that's where the env will be tweaked,
but we'll have to address this before we can deploy ptrace more.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/fork-follow_static_tst.c | 1 | ||||
| -rw-r--r-- | tests/fork-follow_tst.c | 34 | ||||
| -rw-r--r-- | tests/local.mk | 2 | ||||
| -rwxr-xr-x | tests/script-17.sh | 17 | ||||
| -rw-r--r-- | tests/script.at | 3 |
5 files changed, 56 insertions, 1 deletions
diff --git a/tests/fork-follow_static_tst.c b/tests/fork-follow_static_tst.c new file mode 100644 index 0000000..363384e --- /dev/null +++ b/tests/fork-follow_static_tst.c @@ -0,0 +1 @@ +#include "fork-follow_tst.c" diff --git a/tests/fork-follow_tst.c b/tests/fork-follow_tst.c new file mode 100644 index 0000000..2e3bb95 --- /dev/null +++ b/tests/fork-follow_tst.c @@ -0,0 +1,34 @@ +/* + * Make sure violations in children are caught. + */ + +#include "tests.h" + +int main(int argc, char *argv[]) +{ + if (argc != 3) { + printf("usage: %s <number forks> <path to remove>\n", argv[0]); + exit(1); + } + + int i, forks = atoi(argv[1]); + const char *path = argv[2]; + + for (i = 0; i < forks; ++i) { + pid_t pid = fork(); + if (pid < 0) + errp("unable to fork"); + + if (pid > 0) { + /* parent -- wait for child */ + int status; + if (waitpid(pid, &status, 0) == pid) + exit(WEXITSTATUS(status)); + errp("waitpid failed"); + } + /* child -- keep looping */ + } + + /* final child -- try to create the path */ + exit(creat(path, 0666) < 0 ? 0 : 1); +} diff --git a/tests/local.mk b/tests/local.mk index 86a8a65..046cf6f 100644 --- a/tests/local.mk +++ b/tests/local.mk @@ -87,6 +87,8 @@ check_PROGRAMS += \ %D%/utimes-0 \ %D%/vfork-0 \ \ + %D%/fork-follow_tst \ + %D%/fork-follow_static_tst \ %D%/getcwd-gnulib_tst \ %D%/libsigsegv_tst \ %D%/malloc_hooked_tst \ diff --git a/tests/script-17.sh b/tests/script-17.sh new file mode 100755 index 0000000..a8a8f51 --- /dev/null +++ b/tests/script-17.sh @@ -0,0 +1,17 @@ +#!/bin/sh +# Make sure forked children are caught. Historically, dynamic worked fine, but +# static missed forks. +[ "${at_xfail}" = "yes" ] && exit 77 # see script-0 + +# Setup scratch path. +mkdir subdir +adddeny "${PWD}/subdir" + +for child in 0 1 2 3 4 5 ; do + fork-follow_tst ${child} subdir/dyn${child} || exit $? +done +for child in 0 1 2 3 4 5 ; do + fork-follow_static_tst ${child} subdir/static${child} || exit $? +done + +exit 0 diff --git a/tests/script.at b/tests/script.at index f1119ef..037d27e 100644 --- a/tests/script.at +++ b/tests/script.at @@ -13,4 +13,5 @@ SB_CHECK(12) SB_CHECK(13) SB_CHECK(14) SB_CHECK(15) -SB_CHECK(16)
\ No newline at end of file +SB_CHECK(16) +SB_CHECK(17) |