Archives
/
xmppipe
mirror of https://github.com/msantos/xmppipe
2
0
Fork 0
Code Issues Releases Wiki Activity

sandbox->restrict_process

Browse Source
master
Michael Santos 4 years ago
parent fa88bc9f6d
commit 7dda5bafcd
10 changed files with 45 additions and 44 deletions
Show Stats Download Patch File Download Diff File

18
Makefile
Unescape Escape View File

@ -12,8 +12,8 @@ ifeq ($(UNAME_SYS), Linux)
-Wstrict-prototypes -Wmissing-prototypes \
-pie -fPIE \
-fno-strict-aliasing
XMPPIPE_SANDBOX ?= seccomp
XMPPIPE_SANDBOX_RLIMIT_NOFILE ?= 0
XMPPIPE_RESTRICT_PROCESS ?= seccomp
XMPPIPE_RESTRICT_PROCESS_RLIMIT_NOFILE ?= 0
LDFLAGS ?= -Wl,-z,relro,-z,now -Wl,-z,noexecstack
else ifeq ($(UNAME_SYS), FreeBSD)
CFLAGS ?= -DHAVE_STRTONUM \
@ -21,7 +21,7 @@ else ifeq ($(UNAME_SYS), FreeBSD)
-Wformat -Werror=format-security \
-pie -fPIE \
-fno-strict-aliasing
XMPPIPE_SANDBOX ?= capsicum
XMPPIPE_RESTRICT_PROCESS ?= capsicum
LDFLAGS ?= -Wl,-z,relro,-z,now -Wl,-z,noexecstack
else ifeq ($(UNAME_SYS), OpenBSD)
CFLAGS ?= -DHAVE_STRTONUM \
@ -29,7 +29,7 @@ else ifeq ($(UNAME_SYS), OpenBSD)
-Wformat -Werror=format-security \
-pie -fPIE \
-fno-strict-aliasing
XMPPIPE_SANDBOX ?= pledge
XMPPIPE_RESTRICT_PROCESS ?= pledge
LDFLAGS ?= -Wl,-z,relro,-z,now -Wl,-z,noexecstack
else ifeq ($(UNAME_SYS), SunOS)
else ifeq ($(UNAME_SYS), Darwin)
@ -39,15 +39,15 @@ else ifeq ($(UNAME_SYS), Darwin)
-fno-strict-aliasing
endif
XMPPIPE_SANDBOX ?= rlimit
XMPPIPE_SANDBOX_RLIMIT_NOFILE ?= -1
XMPPIPE_RESTRICT_PROCESS ?= rlimit
XMPPIPE_RESTRICT_PROCESS_RLIMIT_NOFILE ?= -1
XMPPIPE_CFLAGS ?= -g -Wall
CFLAGS += $(XMPPIPE_CFLAGS) \
-fwrapv \
-DXMPPIPE_SANDBOX=\"$(XMPPIPE_SANDBOX)\" \
-DXMPPIPE_SANDBOX_$(XMPPIPE_SANDBOX) \
-DXMPPIPE_SANDBOX_RLIMIT_NOFILE=$(XMPPIPE_SANDBOX_RLIMIT_NOFILE)
-DXMPPIPE_RESTRICT_PROCESS=\"$(XMPPIPE_RESTRICT_PROCESS)\" \
-DXMPPIPE_RESTRICT_PROCESS_$(XMPPIPE_RESTRICT_PROCESS) \
-DXMPPIPE_RESTRICT_PROCESS_RLIMIT_NOFILE=$(XMPPIPE_RESTRICT_PROCESS_RLIMIT_NOFILE)
LDFLAGS += $(XMPPIPE_LDFLAGS)

1
src/strtonum.c
Unescape Escape View File

@ -23,6 +23,7 @@
#include <errno.h>
#include <limits.h>
#include <stdlib.h>
#include "strtonum.h"
#define INVALID 1

15
src/xmppipe.c
Unescape Escape View File

@ -97,8 +97,8 @@ int main(int argc, char **argv) {
jid = xmppipe_getenv("XMPPIPE_USERNAME");
pass = xmppipe_getenv("XMPPIPE_PASSWORD");
if (xmppipe_sandbox_init(state) < 0)
err(EXIT_FAILURE, "sandbox failed");
if (xmppipe_restrict_process_init(state) < 0)
err(EXIT_FAILURE, "restrict_process failed");
while ((ch = getopt_long(argc, argv, "a:b:c:dDeF:hI:k:K:o:P:p:r:sS:u:U:vx",
long_options, NULL)) != -1) {
@ -264,10 +264,11 @@ int main(int argc, char **argv) {
errx(EXIT_FAILURE, "XMPP handshake failed");
if (state->verbose)
(void)fprintf(stderr, "sandbox: stdin: %s\n", XMPPIPE_SANDBOX);
(void)fprintf(stderr, "restrict_process: stdin: %s\n",
XMPPIPE_RESTRICT_PROCESS);
if (xmppipe_sandbox_stdin(state) < 0)
err(EXIT_FAILURE, "sandbox failed");
if (xmppipe_restrict_process_stdin(state) < 0)
err(EXIT_FAILURE, "restrict_process failed");
if (xmppipe_stream_init(state) < 0)
errx(EXIT_FAILURE, "enabling stream management failed");
@ -555,8 +556,8 @@ static long long xmppipe_strtonum(xmppipe_state_t *state, const char *nptr,
}
static void usage(xmppipe_state_t *state) {
(void)fprintf(stderr, "%s %s (using %s sandbox)\n", __progname,
XMPPIPE_VERSION, XMPPIPE_SANDBOX);
(void)fprintf(stderr, "%s %s (using %s mode process restriction)\n",
__progname, XMPPIPE_VERSION, XMPPIPE_RESTRICT_PROCESS);
(void)fprintf(
stderr,
"usage: %s [OPTIONS]\n"

4
src/xmppipe.h
Unescape Escape View File

@ -166,8 +166,8 @@ void xmppipe_stanza_set_text(xmpp_stanza_t *, const char *const);
void xmppipe_stanza_set_type(xmpp_stanza_t *const, const char *const);
void xmppipe_stanza_add_child(xmpp_stanza_t *, xmpp_stanza_t *);
int xmppipe_sandbox_init(xmppipe_state_t *state);
int xmppipe_sandbox_stdin(xmppipe_state_t *state);
int xmppipe_restrict_process_init(xmppipe_state_t *state);
int xmppipe_restrict_process_stdin(xmppipe_state_t *state);
int xmppipe_conn_fd(xmppipe_state_t *state);
int b64_ntop(u_char const *src, size_t srclength, char *target,

2
src/xmppipe_fmt.c
Unescape Escape View File

@ -12,8 +12,8 @@
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "xmppipe.h"
#include "errno.h"
#include "xmppipe.h"
static unsigned char rfc3986[256];

6
src/xmppipe_sandbox_capsicum.c → src/xmppipe_restrict_process_capsicum.c
Unescape Escape View File

@ -12,7 +12,7 @@
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#ifdef XMPPIPE_SANDBOX_capsicum
#ifdef XMPPIPE_RESTRICT_PROCESS_capsicum
#include <sys/capability.h>
#include <sys/param.h>
#include <sys/resource.h>
@ -23,13 +23,13 @@
#include "xmppipe.h"
int xmppipe_sandbox_init(xmppipe_state_t *state) {
int xmppipe_restrict_process_init(xmppipe_state_t *state) {
struct rlimit rl = {0};
return setrlimit(RLIMIT_NPROC, &rl);
}
int xmppipe_sandbox_stdin(xmppipe_state_t *state) {
int xmppipe_restrict_process_stdin(xmppipe_state_t *state) {
struct rlimit rl = {0};
cap_rights_t policy_read;
cap_rights_t policy_write;

6
src/xmppipe_sandbox_null.c → src/xmppipe_restrict_process_null.c
Unescape Escape View File

@ -12,10 +12,10 @@
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#ifdef XMPPIPE_SANDBOX_null
#ifdef XMPPIPE_RESTRICT_PROCESS_null
#include "xmppipe.h"
int xmppipe_sandbox_init(xmppipe_state_t *state) { return 0; }
int xmppipe_restrict_process_init(xmppipe_state_t *state) { return 0; }
int xmppipe_sandbox_stdin(xmppipe_state_t *state) { return 0; }
int xmppipe_restrict_process_stdin(xmppipe_state_t *state) { return 0; }
#endif

6
src/xmppipe_sandbox_pledge.c → src/xmppipe_restrict_process_pledge.c
Unescape Escape View File

@ -12,15 +12,15 @@
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#ifdef XMPPIPE_SANDBOX_pledge
#ifdef XMPPIPE_RESTRICT_PROCESS_pledge
#include "xmppipe.h"
#include <unistd.h>
int xmppipe_sandbox_init(xmppipe_state_t *state) {
int xmppipe_restrict_process_init(xmppipe_state_t *state) {
return pledge("stdio inet dns rpath", NULL);
}
int xmppipe_sandbox_stdin(xmppipe_state_t *state) {
int xmppipe_restrict_process_stdin(xmppipe_state_t *state) {
return pledge("stdio", NULL);
}
#endif

10
src/xmppipe_sandbox_rlimit.c → src/xmppipe_restrict_process_rlimit.c
Unescape Escape View File

@ -12,23 +12,23 @@
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#ifdef XMPPIPE_SANDBOX_rlimit
#ifdef XMPPIPE_RESTRICT_PROCESS_rlimit
#include <sys/resource.h>
#include <sys/time.h>
#include "xmppipe.h"
int xmppipe_sandbox_init(xmppipe_state_t *state) {
int xmppipe_restrict_process_init(xmppipe_state_t *state) {
struct rlimit rl_zero = {0};
return setrlimit(RLIMIT_NPROC, &rl_zero);
}
int xmppipe_sandbox_stdin(xmppipe_state_t *state) {
int xmppipe_restrict_process_stdin(xmppipe_state_t *state) {
struct rlimit rl = {0};
rl.rlim_cur = XMPPIPE_SANDBOX_RLIMIT_NOFILE;
rl.rlim_max = XMPPIPE_SANDBOX_RLIMIT_NOFILE;
rl.rlim_cur = XMPPIPE_RESTRICT_PROCESS_RLIMIT_NOFILE;
rl.rlim_max = XMPPIPE_RESTRICT_PROCESS_RLIMIT_NOFILE;
if (rl.rlim_cur == (rlim_t)-1) {
int fd = xmppipe_conn_fd(state);

21
src/xmppipe_sandbox_seccomp.c → src/xmppipe_restrict_process_seccomp.c
Unescape Escape View File

@ -12,7 +12,7 @@
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#ifdef XMPPIPE_SANDBOX_seccomp
#ifdef XMPPIPE_RESTRICT_PROCESS_seccomp
#include <errno.h>
#include <linux/audit.h>
#include <linux/filter.h>
@ -23,16 +23,16 @@
#include "xmppipe.h"
/* macros from openssh-7.2/sandbox-seccomp-filter.c */
/* macros from openssh-7.2/restrict_process-seccomp-filter.c */
/* Linux seccomp_filter sandbox */
/* Linux seccomp_filter restrict_process */
#define SECCOMP_FILTER_FAIL SECCOMP_RET_KILL
/* Use a signal handler to emit violations when debugging */
#ifdef SANDBOX_SECCOMP_FILTER_DEBUG
#ifdef RESTRICT_PROCESS_SECCOMP_FILTER_DEBUG
#undef SECCOMP_FILTER_FAIL
#define SECCOMP_FILTER_FAIL SECCOMP_RET_TRAP
#endif /* SANDBOX_SECCOMP_FILTER_DEBUG */
#endif /* RESTRICT_PROCESS_SECCOMP_FILTER_DEBUG */
/* Simple helpers to avoid manual errors (but larger BPF programs). */
#define SC_DENY(_nr, _errno) \
@ -47,10 +47,9 @@
BPF_STMT(BPF_LD + BPF_W + BPF_ABS, \
offsetof(struct seccomp_data, args[(_arg_nr)])), \
BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, (_arg_val), 0, 1), \
BPF_STMT( \
BPF_RET + BPF_K, SECCOMP_RET_ALLOW), /* reload syscall number; all \
rules expect it in \
accumulator */ \
BPF_STMT(BPF_RET + BPF_K, SECCOMP_RET_ALLOW), /* reload syscall number; \
all rules expect it in \
accumulator */ \
BPF_STMT(BPF_LD + BPF_W + BPF_ABS, offsetof(struct seccomp_data, nr))
/*
@ -74,7 +73,7 @@
#define SECCOMP_AUDIT_ARCH 0
#endif
int xmppipe_sandbox_init(xmppipe_state_t *state) {
int xmppipe_restrict_process_init(xmppipe_state_t *state) {
struct sock_filter filter[] = {
/* Ensure the syscall arch convention is as expected. */
BPF_STMT(BPF_LD + BPF_W + BPF_ABS, offsetof(struct seccomp_data, arch)),
@ -305,7 +304,7 @@ int xmppipe_sandbox_init(xmppipe_state_t *state) {
return prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog);
}
int xmppipe_sandbox_stdin(xmppipe_state_t *state) {
int xmppipe_restrict_process_stdin(xmppipe_state_t *state) {
struct sock_filter filter[] = {
/* Ensure the syscall arch convention is as expected. */
BPF_STMT(BPF_LD + BPF_W + BPF_ABS, offsetof(struct seccomp_data, arch)),
Write Preview
Loading…
Cancel
Save