Commits
Commit:
534afd0ddcba7c3d2f8478e89db026010c6190c5
From:
Omar Polo <op@omarpolo.com>
Date:
Wed Oct 5 15:10:44 2022 UTC
make the various strings in the config fixed-length will help in future restructuring to have fixed-size objects.
Commit:
760009951357d4c36991c4c6a62db973289b32d9
From:
Omar Polo <op@omarpolo.com>
Date:
Tue Sep 6 16:40:38 2022 UTC
optionally disable the sandbox on some systems The FreeBSD and Linux' sandbox can't deal with `fastcgi' and `proxy' configuration rules: new sockets needs to be opened and it's either impossible (the former) or a huge pain in the arse (the latter). The sandbox is still always used in case only static files are served.
Commit:
1ab7c96bb305e818b5dfa3b525d5ff635ad12a0a
From:
Omar Polo <op@omarpolo.com>
Date:
Tue Sep 6 16:24:45 2022 UTC
gc sandbox_executor_process
Commit:
d29a2ee2246e1b1b0c5222a823820e42422c894e
From:
Omar Polo <op@omarpolo.com>
Date:
Tue Sep 6 16:11:09 2022 UTC
get rid of the CGI support I really want to get rid of the `executor' process hack for CGI scripts and its escalation to allow fastcgi and proxying to work on non-OpenBSD. This drops the CGI support and the `executor' process entirely and is the first step towards gmid 2.0. It also allows to have more secure defaults. On non-OpenBSD systems this means that the sandbox will be deactivated as soon as fastcgi or proxying are used: you can't open sockets under FreeBSD' capsicum(4) and I don't want to go thru the pain of making it work under linux' seccomp/landlock. Patches are always welcome however. For folks using CGI scripts (hey, I'm one of you!) not all hope is lost: fcgiwrap or OpenBSD' slowcgi(8) are ways to run CGI scripts as they were FastCGI applications. fixes for the documentation and to the non-OpenBSD sandboxes will follow.
Commit:
e5d82d9472513ef742dbb0b5ac451337625feb58
From:
Omar Polo <op@omarpolo.com>
Date:
Sat Mar 19 11:02:42 2022 UTC
const-ify some tables matches found with % grep -R '=[ ]*{' . | fgrep -v const
Commit:
4f0e893cd3889acb8e3d40d359610749189adc25
From:
Omar Polo <op@omarpolo.com>
Date:
Sun Feb 13 16:20:27 2022 UTC
tightens seccomp filter: allow only openat(O_RDONLY) be more strict and allow an openat only with the O_RDONLY flag. This is kind of redundant with landlock, but still good to have. Landlock is not yet widely available and won't kill the process upon policy violation; furthermore, landlock can be disabled at boot time. tested on GNU and musl libc on arch and alpine amd64.
Commit:
94c5f99ab038efafa5f5a841d8092a995d9ee03c
From:
Omar Polo <op@omarpolo.com>
Date:
Sun Feb 13 15:32:10 2022 UTC
sort syscalls in seccomp filter
Commit:
d0e0be1e43e6628e6215e1803c7a2415dd58c9bd
From:
Tobias Berger <tobi.berger13@gmail.com>
Via:
omar-polo <op@omarpolo.com>
Date:
Sun Feb 13 14:29:33 2022 UTC
Allow Arch-Armv7 syscalls in sandbox.c
Commit:
98c6f8de41647ba565dcbdaccf876277b404161e
From:
Omar Polo <op@omarpolo.com>
Date:
Thu Feb 10 22:29:51 2022 UTC
fix landlock usage Mickaël Salaün, the landlock author, pointed out the same error on the got implementation. The assumption that not listed access capabilities are implicitly denied is completely wrong: > In a nutshell, the ruleset's handled_access_fs is required for > backward and forward compatibility (i.e. the kernel and user space may > not know each other's supported restrictions), hence the need to be > explicit about the denied-by-default access rights.
Commit:
63bf54b646f65a798b56905313ed15cd97a32fbf
From:
Max <vdrummer@posteo.net>
Date:
Sat Dec 11 09:08:50 2021 UTC
[seccomp] allow ugetrlimit(2), needed by glibc on armv7l
Commit:
4842c72d9f3f45478cb641e15a3272e541fb8a18
From:
Omar Polo <op@omarpolo.com>
Date:
Mon Oct 18 10:05:55 2021 UTC
fmt
Commit:
5eb3fc905f5e3bd2f2d586fb1e0ceda879500b3e
From:
Omar Polo <op@omarpolo.com>
Date:
Sat Oct 9 18:54:41 2021 UTC
don't work around a missing -Wno-unused-parameter It's been there for a long time, and it's frankly annoying to pretend to use parameters. Most of the time, they're there to satisfy an interface and nothings more.
Commit:
f7ee799023657126a89134cd64ab6a7638b4d1bf
From:
Omar Polo <op@omarpolo.com>
Date:
Sat Oct 2 17:20:10 2021 UTC
enforce PR_SET_NO_NEW_PRIVS in the logger process otherwise landlock will refuse to enable itself and the logger process dies.
Commit:
0c66b6ad55416d9fca326c04b038784a9e59a84e
From:
Omar Polo <op@omarpolo.com>
Date:
Sun Sep 26 20:01:32 2021 UTC
forgot include
Commit:
6f27d2595ae350dc6f9ce226d079370645dbff03
From:
Omar Polo <op@omarpolo.com>
Date:
Sun Sep 26 20:00:38 2021 UTC
[seccomp] allow ioctl(FIONREAD) it's needed by bufferevent_read
Omar Polo