Blame
Date:
Thu May 19 07:32:26 2022 UTC
Message:
don't include linux/prctl.h can conflict with sys/prctl.h, spotted while trying to build on alpine linux.
001
2021-03-12
op
/*
002
2021-03-12
op
* Copyright (c) 2021 Omar Polo <op@omarpolo.com>
003
2021-03-12
op
*
004
2021-03-12
op
* Permission to use, copy, modify, and distribute this software for any
005
2021-03-12
op
* purpose with or without fee is hereby granted, provided that the above
006
2021-03-12
op
* copyright notice and this permission notice appear in all copies.
007
2021-03-12
op
*
008
2021-03-12
op
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
009
2021-03-12
op
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
010
2021-03-12
op
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
011
2021-03-12
op
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
012
2021-03-12
op
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
013
2021-03-12
op
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
014
2021-03-12
op
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
015
2021-03-12
op
*/
016
2021-03-12
op
017
2021-10-08
op
#include "compat.h"
018
2021-10-08
op
019
2022-04-24
op
#include <limits.h>
020
2022-04-24
op
021
2021-10-07
op
#include "fs.h"
022
2021-03-15
op
#include "telescope.h"
023
2021-03-12
op
024
2021-03-12
op
#ifdef __OpenBSD__
025
2021-03-12
op
026
2021-10-08
op
# include <errno.h>
027
2021-03-14
op
# include <stdlib.h>
028
2021-03-14
op
# include <string.h>
029
2021-03-13
op
# include <unistd.h>
030
2021-03-13
op
031
2021-03-12
op
void
032
2021-07-12
op
sandbox_net_process(void)
033
2021-03-12
op
{
034
2021-03-12
op
if (pledge("stdio inet dns", NULL) == -1)
035
2021-03-12
op
err(1, "pledge");
036
2021-03-12
op
}
037
2021-03-12
op
038
2021-03-14
op
void
039
2021-03-14
op
sandbox_ui_process(void)
040
2021-03-14
op
{
041
2021-03-14
op
char path[PATH_MAX];
042
2021-03-14
op
043
2021-05-17
op
if (unveil("/tmp", "rwc") == -1)
044
2021-10-08
op
err(1, "unveil(/tmp)");
045
2021-03-14
op
046
2021-03-14
op
strlcpy(path, getenv("HOME"), sizeof(path));
047
2021-03-14
op
strlcat(path, "/Downloads", sizeof(path));
048
2021-10-08
op
if (unveil(path, "rwc") == -1 && errno != ENOENT)
049
2021-10-07
op
err(1, "unveil(%s)", path);
050
2021-03-14
op
051
2021-10-07
op
if (unveil(config_path_base, "rwc") == -1)
052
2021-10-07
op
err(1, "unveil(%s)", config_path_base);
053
2021-03-14
op
054
2021-10-07
op
if (unveil(data_path_base, "rwc") == -1)
055
2021-10-07
op
err(1, "unveil(%s)", data_path_base);
056
2021-10-07
op
057
2021-10-07
op
if (unveil(cache_path_base, "rwc") == -1)
058
2021-10-07
op
err(1, "unveil(%s)", cache_path_base);
059
2021-10-07
op
060
2022-04-24
op
if (pledge("stdio rpath wpath cpath unix tty", NULL) == -1)
061
2021-03-14
op
err(1, "pledge");
062
2021-03-14
op
}
063
2021-03-14
op
064
2021-10-08
op
#elif HAVE_LINUX_LANDLOCK_H
065
2021-10-08
op
066
2021-10-08
op
#include <linux/landlock.h>
067
2021-10-08
op
068
2021-10-08
op
#include <sys/prctl.h>
069
2021-10-08
op
#include <sys/stat.h>
070
2021-10-08
op
#include <sys/syscall.h>
071
2021-10-08
op
072
2021-10-08
op
#include <errno.h>
073
2021-10-08
op
#include <fcntl.h>
074
2021-10-08
op
#include <stdlib.h>
075
2021-10-08
op
#include <string.h>
076
2021-10-08
op
#include <unistd.h>
077
2021-10-08
op
078
2021-10-08
op
/*
079
2021-10-08
op
* What's the deal with landlock? While distro with linux >= 5.13
080
2021-10-08
op
* have the struct declarations, libc wrappers are missing. The
081
2021-10-08
op
* sample landlock code provided by the authors includes these "shims"
082
2021-10-08
op
* in their example for the landlock API until libc provides them.
083
2021-10-08
op
*
084
2021-10-08
op
* Linux is such a mess sometimes. /rant
085
2021-10-08
op
*/
086
2021-10-08
op
087
2021-10-08
op
#ifndef landlock_create_ruleset
088
2021-10-08
op
static inline int
089
2021-10-08
op
landlock_create_ruleset(const struct landlock_ruleset_attr *attr, size_t size,
090
2021-10-08
op
__u32 flags)
091
2021-10-08
op
{
092
2021-10-08
op
return syscall(__NR_landlock_create_ruleset, attr, size, flags);
093
2021-10-08
op
}
094
2021-10-08
op
#endif
095
2021-10-08
op
096
2021-10-08
op
#ifndef landlock_add_rule
097
2021-10-08
op
static inline int
098
2021-10-08
op
landlock_add_rule(int ruleset_fd, enum landlock_rule_type type,
099
2021-10-08
op
const void *attr, __u32 flags)
100
2021-10-08
op
{
101
2021-10-08
op
return syscall(__NR_landlock_add_rule, ruleset_fd, type, attr, flags);
102
2021-10-08
op
}
103
2021-10-08
op
#endif
104
2021-10-08
op
105
2021-10-08
op
#ifndef landlock_restrict_self
106
2021-10-08
op
static inline int
107
2021-10-08
op
landlock_restrict_self(int ruleset_fd, __u32 flags)
108
2021-10-08
op
{
109
2021-10-08
op
return syscall(__NR_landlock_restrict_self, ruleset_fd, flags);
110
2021-10-08
op
}
111
2021-10-08
op
#endif
112
2021-10-08
op
113
2021-10-08
op
static int
114
2021-10-08
op
open_landlock(void)
115
2021-10-08
op
{
116
2021-11-29
op
int fd;
117
2021-10-08
op
struct landlock_ruleset_attr attr = {
118
2022-02-10
op
.handled_access_fs = LANDLOCK_ACCESS_FS_EXECUTE |
119
2022-02-10
op
LANDLOCK_ACCESS_FS_READ_FILE |
120
2022-02-10
op
LANDLOCK_ACCESS_FS_READ_DIR |
121
2022-02-10
op
LANDLOCK_ACCESS_FS_WRITE_FILE |
122
2022-02-10
op
LANDLOCK_ACCESS_FS_REMOVE_DIR |
123
2022-02-10
op
LANDLOCK_ACCESS_FS_REMOVE_FILE |
124
2022-02-10
op
LANDLOCK_ACCESS_FS_MAKE_CHAR |
125
2022-02-10
op
LANDLOCK_ACCESS_FS_MAKE_DIR |
126
2022-02-10
op
LANDLOCK_ACCESS_FS_MAKE_REG |
127
2022-02-10
op
LANDLOCK_ACCESS_FS_MAKE_SOCK |
128
2022-02-10
op
LANDLOCK_ACCESS_FS_MAKE_FIFO |
129
2022-02-10
op
LANDLOCK_ACCESS_FS_MAKE_BLOCK |
130
2022-02-10
op
LANDLOCK_ACCESS_FS_MAKE_SYM,
131
2021-10-08
op
};
132
2021-10-08
op
133
2021-11-29
op
fd = landlock_create_ruleset(&attr, sizeof(attr), 0);
134
2021-11-29
op
if (fd == -1) {
135
2021-11-29
op
switch (errno) {
136
2021-11-29
op
case ENOSYS:
137
2021-11-29
op
case EOPNOTSUPP:
138
2021-11-29
op
return -1;
139
2021-11-29
op
default:
140
2021-11-29
op
err(1, "can't create landlock ruleset");
141
2021-11-29
op
}
142
2021-11-29
op
}
143
2021-11-29
op
return fd;
144
2021-10-08
op
}
145
2021-10-08
op
146
2021-10-08
op
static int
147
2021-10-08
op
landlock_unveil(int landlock_fd, const char *path, int perms)
148
2021-10-08
op
{
149
2021-10-08
op
struct landlock_path_beneath_attr pb;
150
2021-10-08
op
int err, saved_errno;
151
2021-10-08
op
152
2021-10-08
op
pb.allowed_access = perms;
153
2021-10-08
op
154
2021-10-08
op
if ((pb.parent_fd = open(path, O_PATH)) == -1)
155
2021-10-08
op
return -1;
156
2021-10-08
op
157
2021-10-08
op
err = landlock_add_rule(landlock_fd, LANDLOCK_RULE_PATH_BENEATH,
158
2021-10-08
op
&pb, 0);
159
2021-10-08
op
saved_errno = errno;
160
2021-10-08
op
close(pb.parent_fd);
161
2021-10-08
op
errno = saved_errno;
162
2021-10-08
op
return err ? -1 : 0;
163
2021-10-08
op
}
164
2021-10-08
op
165
2021-10-08
op
static int
166
2021-10-08
op
landlock_apply(int fd)
167
2021-10-08
op
{
168
2021-10-08
op
int r, saved_errno;
169
2021-10-08
op
170
2021-10-08
op
if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) == -1)
171
2021-10-08
op
err(1, "%s: prctl(PR_SET_NO_NEW_PRIVS)", __func__);
172
2021-10-08
op
173
2021-10-08
op
r = landlock_restrict_self(fd, 0);
174
2021-10-08
op
saved_errno = errno;
175
2021-10-08
op
close(fd);
176
2021-10-08
op
errno = saved_errno;
177
2021-10-08
op
return r ? -1 : 0;
178
2021-10-08
op
}
179
2021-10-08
op
180
2021-10-08
op
static int
181
2021-10-08
op
landlock_no_fs(void)
182
2021-10-08
op
{
183
2021-10-08
op
int fd;
184
2021-10-08
op
185
2021-11-29
op
/*
186
2021-11-29
op
* XXX: landlock disabled at runtime, pretend everything's
187
2021-11-29
op
* good.
188
2021-11-29
op
*/
189
2021-10-08
op
if ((fd = open_landlock()) == -1)
190
2021-11-29
op
return 0;
191
2021-10-08
op
192
2021-10-08
op
return landlock_apply(fd);
193
2021-10-08
op
}
194
2021-10-08
op
195
2021-10-08
op
void
196
2021-10-08
op
sandbox_net_process(void)
197
2021-10-08
op
{
198
2021-11-27
op
/*
199
2021-11-27
op
* We don't know what paths are required for the TLS stack.
200
2021-11-27
op
* Yes, it sucks.
201
2021-11-27
op
*/
202
2021-10-08
op
return;
203
2021-10-08
op
}
204
2021-10-08
op
205
2021-10-08
op
void
206
2021-10-08
op
sandbox_ui_process(void)
207
2021-10-08
op
{
208
2021-11-29
op
/*
209
2022-04-24
op
* Needs to be able to read files *and* execute programs,
210
2022-04-24
op
* can't be sandboxed.
211
2021-11-29
op
*/
212
2022-04-24
op
return;
213
2021-10-08
op
}
214
2021-10-08
op
215
2021-03-13
op
#else
216
2021-03-13
op
217
2021-03-13
op
#warning "No sandbox for this OS"
218
2021-03-13
op
219
2021-03-13
op
void
220
2021-07-12
op
sandbox_net_process(void)
221
2021-03-13
op
{
222
2021-03-13
op
return;
223
2021-03-13
op
}
224
2021-03-13
op
225
2021-03-14
op
void
226
2021-03-14
op
sandbox_ui_process(void)
227
2021-03-14
op
{
228
2021-03-14
op
return;
229
2021-03-14
op
}
230
2021-03-14
op
231
2021-03-12
op
#endif
Omar Polo