diff options
| author |   Sergei Trofimovich <slyfox@gentoo.org> | 2019-12-25 00:39:13 +0000 |
|---|---|---|
| committer |   Michał Górny <mgorny@gentoo.org> | 2020-05-31 09:38:28 +0200 |
| commit | 24fd102c99763502a7ab0d1f6f26632673216371 (patch) | |
| tree | 1303807819ea617e56985908a27ec26a06d378b8 /tests | |
| parent | libsandbox/libsandbox.c: add errno output for internal sandbox violations (diff) | |
| download | sandbox-24fd102c99763502a7ab0d1f6f26632673216371.tar.gz sandbox-24fd102c99763502a7ab0d1f6f26632673216371.tar.bz2 sandbox-24fd102c99763502a7ab0d1f6f26632673216371.zip | |
check_syscall(): turn internal sandbox violation into denywrite
In #590084 test suite performed to list files in a deleted directory:
$ sandbox 'mkdir /tmp/zzz; cd /tmp/zzz; rmdir /tmp/zzz; ls'
* sandbox-2.18/libsandbox/libsandbox.c:check_syscall():974: failure (No such file or directory):
* ISE: opendir(.)
abs_path: (null)
res_path: (null)
Another reproducer is to create file outside deleted directory relative
to that directory:
$ sandbox 'mkdir /tmp/zzz; cd /tmp/zzz; rmdir /tmp/zzz; touch ../foo'
* sandbox-2.18/libsandbox/libsandbox.c:check_syscall():974: failure (No such file or directory):
* ISE: open_wr(../foo)
abs_path: (null)
res_path: (null)
sandbox can't validate safety of any of these operations as kernel does not
provide a mechanism to resolve '.' back to an absolute path.
As it's a rare condition let's turn it into a sandbox violation instead
of internal sandbox error and link to the bug with details in the error message.
Report after the change looks like:
$ ./sandbox.sh 'mkdir /tmp/zzz; cd /tmp/zzz; rmdir /tmp/zzz; touch ../foo'
* ACCESS DENIED: open_wr: '../foo' (from deleted directory, see https://bugs.gentoo.org/590084)
* ACCESS DENIED: utimensat: '../foo' (from deleted directory, see https://bugs.gentoo.org/590084)
touch: cannot touch '../foo': Permission denied
Reported-by: Mike Gilbert
Bug: https://bugs.gentoo.org/590084
Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
Signed-off-by: Michał Górny <mgorny@gentoo.org>
Diffstat (limited to 'tests')
| -rwxr-xr-x | tests/script-16.sh | 11 | ||||
| -rw-r--r-- | tests/script.at | 1 |
2 files changed, 12 insertions, 0 deletions
diff --git a/tests/script-16.sh b/tests/script-16.sh new file mode 100755 index 0000000..c668cfa --- /dev/null +++ b/tests/script-16.sh @@ -0,0 +1,11 @@ +#!/bin/sh + +addwrite $PWD + +mkdir -p to-be/deleted +cd to-be/deleted +rmdir ../deleted + +# In https://bugs.gentoo.org/590084 sanbox should deny +# access here and touch should fail: +! touch ../foo diff --git a/tests/script.at b/tests/script.at index 8837bda..f1119ef 100644 --- a/tests/script.at +++ b/tests/script.at @@ -13,3 +13,4 @@ SB_CHECK(12) SB_CHECK(13) SB_CHECK(14) SB_CHECK(15) +SB_CHECK(16)
\ No newline at end of file |