sandbox: add a pre-connect sandbox

Add a sandbox enforced before options are parsed and the connection is established to the XMPP server. This sandbox will allow network operations. The post-connect sandbox is unchanged and restricts operations to stdio. The commit just adds the infrastructure for the pre-connect sandbox.
7 years ago · c17b196053
parent 9a87cd4e1b
commit c17b196053
7 changed files with 39 additions and 2 deletions
--- a/src/xmppipe.c
+++ b/src/xmppipe.c
@ -86,6 +86,12 @@ main(int argc, char **argv)
    jid = xmppipe_getenv("XMPPIPE_USERNAME");
    pass = xmppipe_getenv("XMPPIPE_PASSWORD");

+    if (state->verbose)
+        (void)fprintf(stderr, "sandbox: init: %s\n", XMPPIPE_SANDBOX);
+
+    if (xmppipe_sandbox_init(state) < 0)
+        err(EXIT_FAILURE, "sandbox failed");
+
    while ( (ch = getopt(argc, argv, "a:b:c:dDehI:k:K:o:P:p:r:sS:u:U:vx")) != -1) {
        switch (ch) {
            case 'u':
@ -223,9 +229,9 @@ main(int argc, char **argv)
        errx(EXIT_FAILURE, "XMPP handshake failed");

    if (state->verbose)
-        (void)fprintf(stderr, "sandbox: entering %s\n", XMPPIPE_SANDBOX);
+        (void)fprintf(stderr, "sandbox: stdin: %s\n", XMPPIPE_SANDBOX);

-    if (xmppipe_sandbox_init(state) < 0)
+    if (xmppipe_sandbox_stdin(state) < 0)
        err(EXIT_FAILURE, "sandbox failed");

    if (xmppipe_stream_init(state) < 0)
--- a/src/xmppipe.h
+++ b/src/xmppipe.h
@ -120,6 +120,7 @@ void xmppipe_stanza_set_type(xmpp_stanza_t * const, const char * const);
 void xmppipe_stanza_add_child(xmpp_stanza_t *, xmpp_stanza_t *);

 int xmppipe_sandbox_init(xmppipe_state_t *state);
+int xmppipe_sandbox_stdin(xmppipe_state_t *state);
 int xmppipe_conn_fd(xmppipe_state_t *state);

 int b64_ntop(u_char const *src, size_t srclength, char *target,
--- a/src/xmppipe_sandbox_capsicum.c
+++ b/src/xmppipe_sandbox_capsicum.c
@ -25,6 +25,12 @@

    int
 xmppipe_sandbox_init(xmppipe_state_t *state)
+{
+    return 0;
+}
+
+    int
+xmppipe_sandbox_stdin(xmppipe_state_t *state)
 {
    struct rlimit rl;
    cap_rights_t policy_read;
--- a/src/xmppipe_sandbox_null.c
+++ b/src/xmppipe_sandbox_null.c
@ -17,6 +17,12 @@

    int
 xmppipe_sandbox_init(xmppipe_state_t *state)
+{
+	return 0;
+}
+
+    int
+xmppipe_sandbox_stdin(xmppipe_state_t *state)
 {
 	return 0;
 }
--- a/src/xmppipe_sandbox_pledge.c
+++ b/src/xmppipe_sandbox_pledge.c
@ -18,6 +18,12 @@

    int
 xmppipe_sandbox_init(xmppipe_state_t *state)
+{
+    return 0;
+}
+
+    int
+xmppipe_sandbox_stdin(xmppipe_state_t *state)
 {
    return pledge("stdio", NULL);
 }
--- a/src/xmppipe_sandbox_rlimit.c
+++ b/src/xmppipe_sandbox_rlimit.c
@ -20,6 +20,12 @@

    int
 xmppipe_sandbox_init(xmppipe_state_t *state)
+{
+    return 0;
+}
+
+    int
+xmppipe_sandbox_stdin(xmppipe_state_t *state)
 {
    struct rlimit rl_zero = {0};
    struct rlimit rl_nofile = {0};
--- a/src/xmppipe_sandbox_seccomp.c
+++ b/src/xmppipe_sandbox_seccomp.c
@ -75,6 +75,12 @@

    int
 xmppipe_sandbox_init(xmppipe_state_t *state)
+{
+    return 0;
+}
+
+    int
+xmppipe_sandbox_stdin(xmppipe_state_t *state)
 {
    struct sock_filter filter[] = {
        /* Ensure the syscall arch convention is as expected. */