Initial support for sandboxing

Prepare for sandboxing the xmppipe process by adding a function called
after all file descriptors are allocated.

The intent of the sandbox is to limit the xmppipe process to the role
of a component in a shell pipeline: reading from stdin, reading/writing
to the XMPP socket and writing to stdout. Any activity not involved with
using stdio should force the process to exit.

The sandbox function will vary based on the capabilities of the
platform. The default sandbox function does nothing.

Limitations of the sandbox:

Probably the biggest risk is in session establishment:
* the TLS handshake
* the XML parsing

The sandbox is enforced after the TLS connection is established, i.e.,
after the file descriptor for the XMPP session is allocated and so has no
effect on the TLS handshake or the initial XMPP handshake.

Possibly an initial sandbox could be setup for the connection phase
followed by a stricter sandbox for the stdio phase.

Makefile

@@ -10,6 +10,9 @@ else ifeq ($(UNAME_SYS), Darwin)
 	LDFLAGS += -lresolv
 endif
 
+XMPPIPE_SANDBOX ?= XMPPIPE_SANDBOX_NULL
+CFLAGS += -D$(XMPPIPE_SANDBOX)
+
 all:
 	$(CC) -g -Wall $(CFLAGS) -o xmppipe src/*.c $(LDFLAGS) -lstrophe
 

src/xmppipe.c

@@ -221,6 +221,10 @@ main(int argc, char **argv)
     if (xmppipe_connect_init(state) < 0)
         errx(EXIT_FAILURE, "XMPP handshake failed");
 
+    if (xmppipe_sandbox_init(state) < 0) {
+        err(EXIT_FAILURE, "sandbox failed");
+    }
+
     if (xmppipe_stream_init(state) < 0)
         errx(EXIT_FAILURE, "enabling stream management failed");
 

src/xmppipe.h

@@ -1,4 +1,4 @@
-/* Copyright (c) 2015, Michael Santos <michael.santos@gmail.com>
+/* Copyright (c) 2015-2017, Michael Santos <michael.santos@gmail.com>
  *
  * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -117,6 +117,8 @@ void xmppipe_stanza_set_text(xmpp_stanza_t *, const char * const);
 void xmppipe_stanza_set_type(xmpp_stanza_t * const, const char * const);
 void xmppipe_stanza_add_child(xmpp_stanza_t *, xmpp_stanza_t *);
 
+int xmppipe_sandbox_init(xmppipe_state_t *state);
+
 int b64_ntop(u_char const *src, size_t srclength, char *target,
         size_t targsize);
 int b64_pton(char const *src, u_char *target, size_t targsize);

src/xmppipe_sandbox_null.c

@@ -0,0 +1,23 @@
+/* Copyright (c) 2017, Michael Santos <michael.santos@gmail.com>
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#ifdef XMPPIPE_SANDBOX_NULL
+#include "xmppipe.h"
+
+    int
+xmppipe_sandbox_init(xmppipe_state_t *state)
+{
+	return 0;
+}
+#endif