libsandbox: add xattr wrappers #672566

These modify the filesystem, so don't let them do their business.

Fixes: https://bugs.gentoo.org/672566
Signed-off-by: Mike Frysinger <vapier@gentoo.org>

18 files changed, 182 insertions, 9 deletions

diff --git a/configure.ac b/configure.ac
index e16892f..96c602f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -143,6 +143,7 @@ AC_CHECK_HEADERS_ONCE(m4_flatten([
 	sys/uio.h
 	sys/user.h
 	sys/wait.h
+	sys/xattr.h
 	asm/ptrace.h
 	linux/ptrace.h
 ]))
@@ -185,6 +186,8 @@ AC_CHECK_FUNCS_ONCE(m4_flatten([
 	getcwd
 	lchown
 	linkat
+	lremovexattr
+	lsetxattr
 	lutimes
 	memmove
 	memcpy
@@ -210,10 +213,12 @@ AC_CHECK_FUNCS_ONCE(m4_flatten([
 	ptrace
 	realpath
 	remove
+	removexattr
 	renameat
 	renameat2
 	rmdir
 	setenv
+	setxattr
 	strcasecmp
 	strchr
 	strdup
diff --git a/headers.h b/headers.h
index 13e005a..605413e 100644
--- a/headers.h
+++ b/headers.h
@@ -143,6 +143,9 @@
 #ifdef HAVE_SYS_WAIT_H
 # include <sys/wait.h>
 #endif
+#ifdef HAVE_SYS_XATTR_H
+# include <sys/xattr.h>
+#endif
 
 #ifdef __ia64__ /* what a pos */
 # define ia64_fpreg FU_ia64_fpreg
diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c
index c00c92c..beaf305 100644
--- a/libsandbox/libsandbox.c
+++ b/libsandbox/libsandbox.c
@@ -676,15 +676,17 @@ static bool symlink_func(int sb_nr, int flags, const char *abs_path)
 	struct stat st;
 
 	/* These funcs always operate on symlinks */
-	if (!(sb_nr == SB_NR_UNLINK   ||
-	      sb_nr == SB_NR_UNLINKAT ||
-	      sb_nr == SB_NR_LCHOWN   ||
-	      sb_nr == SB_NR_REMOVE   ||
-	      sb_nr == SB_NR_RENAME   ||
-	      sb_nr == SB_NR_RENAMEAT ||
-	      sb_nr == SB_NR_RENAMEAT2||
-	      sb_nr == SB_NR_RMDIR    ||
-	      sb_nr == SB_NR_SYMLINK  ||
+	if (!(sb_nr == SB_NR_UNLINK       ||
+	      sb_nr == SB_NR_UNLINKAT     ||
+	      sb_nr == SB_NR_LCHOWN       ||
+	      sb_nr == SB_NR_LREMOVEXATTR ||
+	      sb_nr == SB_NR_LSETXATTR    ||
+	      sb_nr == SB_NR_REMOVE       ||
+	      sb_nr == SB_NR_RENAME       ||
+	      sb_nr == SB_NR_RENAMEAT     ||
+	      sb_nr == SB_NR_RENAMEAT2    ||
+	      sb_nr == SB_NR_RMDIR        ||
+	      sb_nr == SB_NR_SYMLINK      ||
 	      sb_nr == SB_NR_SYMLINKAT))
 	{
 		/* These funcs sometimes operate on symlinks */
@@ -776,6 +778,8 @@ static int check_access(sbcontext_t *sbcontext, int sb_nr, const char *func,
 	    sb_nr == SB_NR_LCHOWN      ||
 	    sb_nr == SB_NR_LINK        ||
 	    sb_nr == SB_NR_LINKAT      ||
+	    sb_nr == SB_NR_LREMOVEXATTR||
+	    sb_nr == SB_NR_LSETXATTR   ||
 	    sb_nr == SB_NR_LUTIMES     ||
 	    sb_nr == SB_NR_MKDIR       ||
 	    sb_nr == SB_NR_MKDIRAT     ||
@@ -794,10 +798,12 @@ static int check_access(sbcontext_t *sbcontext, int sb_nr, const char *func,
 	    sb_nr == SB_NR_MKSTEMPS64  ||
 	    sb_nr == SB_NR_OPEN_WR     ||
 	    sb_nr == SB_NR_REMOVE      ||
+	    sb_nr == SB_NR_REMOVEXATTR ||
 	    sb_nr == SB_NR_RENAME      ||
 	    sb_nr == SB_NR_RENAMEAT    ||
 	    sb_nr == SB_NR_RENAMEAT2   ||
 	    sb_nr == SB_NR_RMDIR       ||
+	    sb_nr == SB_NR_SETXATTR    ||
 	    sb_nr == SB_NR_SYMLINK     ||
 	    sb_nr == SB_NR_SYMLINKAT   ||
 	    sb_nr == SB_NR_TRUNCATE    ||
diff --git a/libsandbox/symbols.h.in b/libsandbox/symbols.h.in
index 954d5ae..0fe6eca 100644
--- a/libsandbox/symbols.h.in
+++ b/libsandbox/symbols.h.in
@@ -69,6 +69,10 @@ execvpe
 fexecve
 system
 popen
+removexattr
+lremovexattr
+setxattr
+lsetxattr
 utime
 utimes
 utimensat
diff --git a/libsandbox/wrapper-funcs/lremovexattr.c b/libsandbox/wrapper-funcs/lremovexattr.c
new file mode 100644
index 0000000..bfcb931
--- /dev/null
+++ b/libsandbox/wrapper-funcs/lremovexattr.c
@@ -0,0 +1,11 @@
+/*
+ * lremovexattr() wrapper.
+ *
+ * Copyright 1999-2021 Gentoo Foundation
+ * Licensed under the GPL-2
+ */
+
+#define WRAPPER_ARGS_PROTO const char *path, const char *name
+#define WRAPPER_ARGS path, name
+#define WRAPPER_SAFE() SB_SAFE(path)
+#include "__wrapper_simple.c"
diff --git a/libsandbox/wrapper-funcs/lsetxattr.c b/libsandbox/wrapper-funcs/lsetxattr.c
new file mode 100644
index 0000000..2369e51
--- /dev/null
+++ b/libsandbox/wrapper-funcs/lsetxattr.c
@@ -0,0 +1,11 @@
+/*
+ * setxattr() wrapper.
+ *
+ * Copyright 1999-2021 Gentoo Foundation
+ * Licensed under the GPL-2
+ */
+
+#define WRAPPER_ARGS_PROTO const char *path, const char *name, const void *value, size_t size, int flags
+#define WRAPPER_ARGS path, name, value, size, flags
+#define WRAPPER_SAFE() SB_SAFE(path)
+#include "__wrapper_simple.c"
diff --git a/libsandbox/wrapper-funcs/removexattr.c b/libsandbox/wrapper-funcs/removexattr.c
new file mode 100644
index 0000000..4e33fe6
--- /dev/null
+++ b/libsandbox/wrapper-funcs/removexattr.c
@@ -0,0 +1,11 @@
+/*
+ * removexattr() wrapper.
+ *
+ * Copyright 1999-2021 Gentoo Foundation
+ * Licensed under the GPL-2
+ */
+
+#define WRAPPER_ARGS_PROTO const char *path, const char *name
+#define WRAPPER_ARGS path, name
+#define WRAPPER_SAFE() SB_SAFE(path)
+#include "__wrapper_simple.c"
diff --git a/libsandbox/wrapper-funcs/setxattr.c b/libsandbox/wrapper-funcs/setxattr.c
new file mode 100644
index 0000000..2369e51
--- /dev/null
+++ b/libsandbox/wrapper-funcs/setxattr.c
@@ -0,0 +1,11 @@
+/*
+ * setxattr() wrapper.
+ *
+ * Copyright 1999-2021 Gentoo Foundation
+ * Licensed under the GPL-2
+ */
+
+#define WRAPPER_ARGS_PROTO const char *path, const char *name, const void *value, size_t size, int flags
+#define WRAPPER_ARGS path, name, value, size, flags
+#define WRAPPER_SAFE() SB_SAFE(path)
+#include "__wrapper_simple.c"
diff --git a/tests/Makefile.am b/tests/Makefile.am
index e47c996..846a8f6 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -30,6 +30,8 @@ check_PROGRAMS = \
 	link-0 \
 	linkat-0 \
 	linkat_static-0 \
+	lremovexattr-0 \
+	lsetxattr-0 \
 	lutimes-0 \
 	mkdtemp-0 \
 	mkdir-0 \
@@ -55,10 +57,12 @@ check_PROGRAMS = \
 	openat64-0 \
 	opendir-0 \
 	remove-0 \
+	removexattr-0 \
 	rename-0 \
 	renameat-0 \
 	renameat2-0 \
 	rmdir-0 \
+	setxattr-0 \
 	signal_static-0 \
 	symlink-0 \
 	symlinkat-0 \
diff --git a/tests/lremovexattr-0.c b/tests/lremovexattr-0.c
new file mode 100644
index 0000000..4abdfff
--- /dev/null
+++ b/tests/lremovexattr-0.c
@@ -0,0 +1,15 @@
+#define FUNC removexattr
+#define SFUNC "removexattr"
+#define FUNC_STR "\"%s\", \"%s\""
+#define FUNC_IMP path, name
+#define ARG_CNT 2
+#define ARG_USE "<path> <name>"
+
+#define process_args() \
+	s = argv[i++]; \
+	char *path = s; \
+	\
+	s = argv[i++]; \
+	char *name = s;
+
+#include "test-skel-0.c"
diff --git a/tests/lsetxattr-0.c b/tests/lsetxattr-0.c
new file mode 100644
index 0000000..b1ed475
--- /dev/null
+++ b/tests/lsetxattr-0.c
@@ -0,0 +1,24 @@
+#define FUNC lsetxattr
+#define SFUNC "lsetxattr"
+#define FUNC_STR "\"%s\", \"%s\", \"%s\", %zu, %i"
+#define FUNC_IMP path, name, value, size, flags
+#define ARG_CNT 5
+#define ARG_USE "<path> <name> <value> <size> <flags>"
+
+#define process_args() \
+	s = argv[i++]; \
+	char *path = s; \
+	\
+	s = argv[i++]; \
+	char *name = s; \
+	\
+	s = argv[i++]; \
+	char *value = s; \
+	\
+	s = argv[i++]; \
+	size_t size = atoi(s); \
+	\
+	s = argv[i++]; \
+	int flags = atoi(s);
+
+#include "test-skel-0.c"
diff --git a/tests/removexattr-0.c b/tests/removexattr-0.c
new file mode 100644
index 0000000..4abdfff
--- /dev/null
+++ b/tests/removexattr-0.c
@@ -0,0 +1,15 @@
+#define FUNC removexattr
+#define SFUNC "removexattr"
+#define FUNC_STR "\"%s\", \"%s\""
+#define FUNC_IMP path, name
+#define ARG_CNT 2
+#define ARG_USE "<path> <name>"
+
+#define process_args() \
+	s = argv[i++]; \
+	char *path = s; \
+	\
+	s = argv[i++]; \
+	char *name = s;
+
+#include "test-skel-0.c"
diff --git a/tests/removexattr-1.sh b/tests/removexattr-1.sh
new file mode 100755
index 0000000..327f4dd
--- /dev/null
+++ b/tests/removexattr-1.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+# Make sure we catch removexattr.
+[ "${at_xfail}" = "yes" ] && exit 77 # see trace-0
+xattr-0 ; ret=$? ; [ ${ret} -eq 0 ] || exit ${ret}
+
+# Set it to something to make sure it works.
+touch f
+setxattr-0 0 f user.sandbox test 4 0 || exit 1
+
+# Try to remove it and get rejected.
+adddeny "${PWD}"
+removexattr-0 0 f user.sandbox
+test -e sandbox.log
diff --git a/tests/removexattr.at b/tests/removexattr.at
new file mode 100644
index 0000000..081d7d2
--- /dev/null
+++ b/tests/removexattr.at
@@ -0,0 +1 @@
+SB_CHECK(1)
diff --git a/tests/setxattr-0.c b/tests/setxattr-0.c
new file mode 100644
index 0000000..2717b85
--- /dev/null
+++ b/tests/setxattr-0.c
@@ -0,0 +1,24 @@
+#define FUNC setxattr
+#define SFUNC "setxattr"
+#define FUNC_STR "\"%s\", \"%s\", \"%s\", %zu, %i"
+#define FUNC_IMP path, name, value, size, flags
+#define ARG_CNT 5
+#define ARG_USE "<path> <name> <value> <size> <flags>"
+
+#define process_args() \
+	s = argv[i++]; \
+	char *path = s; \
+	\
+	s = argv[i++]; \
+	char *name = s; \
+	\
+	s = argv[i++]; \
+	char *value = s; \
+	\
+	s = argv[i++]; \
+	size_t size = atoi(s); \
+	\
+	s = argv[i++]; \
+	int flags = atoi(s);
+
+#include "test-skel-0.c"
diff --git a/tests/setxattr-1.sh b/tests/setxattr-1.sh
new file mode 100755
index 0000000..6bbe1df
--- /dev/null
+++ b/tests/setxattr-1.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+# Make sure we catch setxattr.
+[ "${at_xfail}" = "yes" ] && exit 77 # see trace-0
+xattr-0 ; ret=$? ; [ ${ret} -eq 0 ] || exit ${ret}
+
+# Set it to something to make sure it works.
+touch f
+setxattr-0 0 f user.sandbox test 4 0 || exit 1
+
+# Try to set it again and get rejected.
+adddeny "${PWD}"
+setxattr-0 0 f user.sandbox test 4 0
+test -e sandbox.log
diff --git a/tests/setxattr.at b/tests/setxattr.at
new file mode 100644
index 0000000..081d7d2
--- /dev/null
+++ b/tests/setxattr.at
@@ -0,0 +1 @@
+SB_CHECK(1)
diff --git a/tests/tests.h b/tests/tests.h
index 22733ca..610388d 100644
--- a/tests/tests.h
+++ b/tests/tests.h
@@ -73,6 +73,7 @@ const value_pair tbl_errno[] = {
 	PAIR(EMLINK)
 	PAIR(ENAMETOOLONG)
 	PAIR(ENOBUFS)
+	PAIR(ENODATA)
 	PAIR(ENODEV)
 	PAIR(ENOENT)
 	PAIR(ENOEXEC)