Archives
/
xmppipe
mirror of https://github.com/msantos/xmppipe
2
0
Fork 0
Code Issues Releases Wiki Activity
288 Commits
1 Branch
7 Tags
1.1 MiB
master
0.14.2
0.14.3
0.14.5
0.14.8
0.14.9
0.15.0
0.16.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Commit Graph

36 Commits (master)

Author SHA1 Message Date
Michael Santos 8a132c4565 build: cleanup: remove unused target 5 months ago
Michael Santos 78807f1b15 build: enable warnings 10 months ago
Michael Santos e1cbff0f14 Makefile: update static target for Ubuntu 20.04+ 2 years ago
Michael Santos 45e96e6ea9 s/XMPPIPE_RESTRICT/RESTRICT/gi 4 years ago
Michael Santos 7dda5bafcd sandbox->restrict_process 4 years ago
Michael Santos 900daefce4 makefile: remove conversion warnings 5 years ago
Michael Santos 20bfcbfa9f Makefile: add warnings 5 years ago
Michael Santos f5291fe321 makefile: fix static builds 5 years ago
Michael Santos 1e59f50dc6 Enable PIE 5 years ago
Michael Santos 3797fc4151 macosx: fix compile errors 6 years ago
Michael Santos da9d2f8e88 makefile: pass custom LDFLAGS to static build 7 years ago
Michael Santos 77c76d6626 makefile: enable full relro 7 years ago
Michael Santos f0e7ef7c4c Use -fstack-protector-strong 7 years ago
Michael Santos efd009594b makefile: fix static target 7 years ago
Michael Santos 93c6e1378b makefile: define behaviour for signed ints 7 years ago
Michael Santos ec32315684 sandbox: use the lowercase name for configuration 7 years ago
Michael Santos fa2ebb799d Use libstrophe base64 support 
Use the base64 interface in libstrophe for encoding/decoding instead of
the undocumented interfaces in libresolv.
 7 years ago
Dmitry Podgorny ef78dc7deb Replace libuuid with xmpp_uuid_gen() 
xmpp_uuid_gen() appeared in libstrophe-0.9.0 and solves issues with
libuuid across different systems.
 7 years ago
Michael Santos 41a6897bc1 Use native strtonum(3) on BSDs 7 years ago
Michael Santos 26ef980678 makefile: env vars to pass extra build flags 7 years ago
Michael Santos db0769c1fd makefile: fix static target 7 years ago
Michael Santos 3e9f34f1fb openbsd/freebsd: cc hardening flags 7 years ago
Michael Santos 140470458f makefile: ensure compile before tests 7 years ago
Michael Santos ad39d23c05 test: base64 encode/decode 7 years ago
Michael Santos 7d1fb8fdb8 makefile: add target for test 7 years ago
Michael Santos 4a440def98 Enforce sandboxing 7 years ago
Michael Santos 2bf9415683 sandbox: enable capabilities sandbox on FreeBSD 7 years ago
Michael Santos 707d7cf19d Display enforced sandbox in verbose mode 7 years ago
Michael Santos c346c863e4 sandbox: set number of allowed fd's 
The number of file descriptors enforced by setrlimit() can now be set at
compile time using a flag. The flag defaults to 0 on Linux and -1
everywhere else:

    XMPPIPE_SANDBOX=XMPPIPE_SANDBOX_RLIMIT \
    XMPPIPE_SANDBOX_RLIMIT_NOFILE=-1 \
    make

The meaning of the XMPPIPE_SANDBOX_RLIMIT_NOFILE is:

* -1 : set rlim_cur/rlim_max to the lowest allocated file desciptor

* >=0: set rlim_cur/rlim_max to this number

On some platforms, setting rlim_cur below the value of the highest
allocated fd may interfere with polling. See commit a34d5766c5 for
details.
 7 years ago
Michael Santos cc665538cb sandbox: stdio mode using pledge(2) on OpenBSD 7 years ago
Michael Santos a7d0ca7e47 Initial support for sandboxing 
Prepare for sandboxing the xmppipe process by adding a function called
after all file descriptors are allocated.

The intent of the sandbox is to limit the xmppipe process to the role
of a component in a shell pipeline: reading from stdin, reading/writing
to the XMPP socket and writing to stdout. Any activity not involved with
using stdio should force the process to exit.

The sandbox function will vary based on the capabilities of the
platform. The default sandbox function does nothing.

Limitations of the sandbox:

Probably the biggest risk is in session establishment:
* the TLS handshake
* the XML parsing

The sandbox is enforced after the TLS connection is established, i.e.,
after the file descriptor for the XMPP session is allocated and so has no
effect on the TLS handshake or the initial XMPP handshake.

Possibly an initial sandbox could be setup for the connection phase
followed by a stricter sandbox for the stdio phase.
 7 years ago
Michael Santos a7717f381e Add compiler hardening flags 8 years ago
Michael Santos a392e836a0 Compile on BSDs 
Use uuid_create(3) and uuid_to_string(3) to create the message id on
BSDs. Only tested on FreeBSD but should work on OpenBSD and NetBSD.

Add untested support for compiling on Solaris and Mac OS X:

* SmartOS has libuuid installed by default with rsyslog via pkgsrc

* Mac OS X has libuuid as part of libSystem:

http://lists.apple.com/archives/unix-porting/2009/Aug/msg00006.html
 9 years ago
Michael Santos da5fecd041 makefile: static target, link against libresolv 
libresolv is required for base64 encoding.
 9 years ago
Michael Santos 353951298e Generate a unique ID per message 
Add a ID per message. Seems to fix the duplicate messages seen with MUCs
on the Conversations android client whenever the network is switched
(e.g., from wifi to cell).

Introduce a dependency on Linux's libuuid which introduces portability
issues. However, it should be simple to add support for the BSD UUID
interface.

libuuid was used because it is a fast and simple way of generating
a unique id.  Realistically, the ID only needs to be unique within
the MUC and so could probably be replaced with an sprintf() combining
time of day, PID and a random number.
 9 years ago
Michael Santos 3d79e9fda8 Forward stdin over XMPP 9 years ago