summaryrefslogtreecommitdiff
path: root/sandbox-systrace.c
diff options
context:
space:
mode:
Diffstat (limited to 'sandbox-systrace.c')
-rw-r--r--sandbox-systrace.c56
1 files changed, 28 insertions, 28 deletions
diff --git a/sandbox-systrace.c b/sandbox-systrace.c
index 5a39f4fe1..2d16a627f 100644
--- a/sandbox-systrace.c
+++ b/sandbox-systrace.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sandbox-systrace.c,v 1.4 2011/07/29 14:42:45 djm Exp $ */ 1/* $OpenBSD: sandbox-systrace.c,v 1.6 2012/06/30 14:35:09 markus Exp $ */
2/* 2/*
3 * Copyright (c) 2011 Damien Miller <djm@mindrot.org> 3 * Copyright (c) 2011 Damien Miller <djm@mindrot.org>
4 * 4 *
@@ -24,12 +24,14 @@
24#include <sys/ioctl.h> 24#include <sys/ioctl.h>
25#include <sys/syscall.h> 25#include <sys/syscall.h>
26#include <sys/socket.h> 26#include <sys/socket.h>
27#include <sys/wait.h>
27 28
28#include <dev/systrace.h> 29#include <dev/systrace.h>
29 30
30#include <errno.h> 31#include <errno.h>
31#include <fcntl.h> 32#include <fcntl.h>
32#include <limits.h> 33#include <limits.h>
34#include <signal.h>
33#include <stdarg.h> 35#include <stdarg.h>
34#include <stdio.h> 36#include <stdio.h>
35#include <stdlib.h> 37#include <stdlib.h>
@@ -58,6 +60,7 @@ static const struct sandbox_policy preauth_policy[] = {
58 { SYS_madvise, SYSTR_POLICY_PERMIT }, 60 { SYS_madvise, SYSTR_POLICY_PERMIT },
59 { SYS_mmap, SYSTR_POLICY_PERMIT }, 61 { SYS_mmap, SYSTR_POLICY_PERMIT },
60 { SYS_mprotect, SYSTR_POLICY_PERMIT }, 62 { SYS_mprotect, SYSTR_POLICY_PERMIT },
63 { SYS_mquery, SYSTR_POLICY_PERMIT },
61 { SYS_poll, SYSTR_POLICY_PERMIT }, 64 { SYS_poll, SYSTR_POLICY_PERMIT },
62 { SYS_munmap, SYSTR_POLICY_PERMIT }, 65 { SYS_munmap, SYSTR_POLICY_PERMIT },
63 { SYS_read, SYSTR_POLICY_PERMIT }, 66 { SYS_read, SYSTR_POLICY_PERMIT },
@@ -68,26 +71,21 @@ static const struct sandbox_policy preauth_policy[] = {
68}; 71};
69 72
70struct ssh_sandbox { 73struct ssh_sandbox {
71 int child_sock;
72 int parent_sock;
73 int systrace_fd; 74 int systrace_fd;
74 pid_t child_pid; 75 pid_t child_pid;
76 void (*osigchld)(int);
75}; 77};
76 78
77struct ssh_sandbox * 79struct ssh_sandbox *
78ssh_sandbox_init(void) 80ssh_sandbox_init(void)
79{ 81{
80 struct ssh_sandbox *box; 82 struct ssh_sandbox *box;
81 int s[2];
82 83
83 debug3("%s: preparing systrace sandbox", __func__); 84 debug3("%s: preparing systrace sandbox", __func__);
84 box = xcalloc(1, sizeof(*box)); 85 box = xcalloc(1, sizeof(*box));
85 if (socketpair(AF_UNIX, SOCK_STREAM, 0, s) == -1)
86 fatal("%s: socketpair: %s", __func__, strerror(errno));
87 box->child_sock = s[0];
88 box->parent_sock = s[1];
89 box->systrace_fd = -1; 86 box->systrace_fd = -1;
90 box->child_pid = 0; 87 box->child_pid = 0;
88 box->osigchld = signal(SIGCHLD, SIG_IGN);
91 89
92 return box; 90 return box;
93} 91}
@@ -95,35 +93,38 @@ ssh_sandbox_init(void)
95void 93void
96ssh_sandbox_child(struct ssh_sandbox *box) 94ssh_sandbox_child(struct ssh_sandbox *box)
97{ 95{
98 char whatever = 0;
99
100 close(box->parent_sock);
101 /* Signal parent that we are ready */
102 debug3("%s: ready", __func__); 96 debug3("%s: ready", __func__);
103 if (atomicio(vwrite, box->child_sock, &whatever, 1) != 1) 97 signal(SIGCHLD, box->osigchld);
104 fatal("%s: write: %s", __func__, strerror(errno)); 98 if (kill(getpid(), SIGSTOP) != 0)
105 /* Wait for parent to signal for us to go */ 99 fatal("%s: kill(%d, SIGSTOP)", __func__, getpid());
106 if (atomicio(read, box->child_sock, &whatever, 1) != 1)
107 fatal("%s: read: %s", __func__, strerror(errno));
108 debug3("%s: started", __func__); 100 debug3("%s: started", __func__);
109 close(box->child_sock);
110} 101}
111 102
112static void 103static void
113ssh_sandbox_parent(struct ssh_sandbox *box, pid_t child_pid, 104ssh_sandbox_parent(struct ssh_sandbox *box, pid_t child_pid,
114 const struct sandbox_policy *allowed_syscalls) 105 const struct sandbox_policy *allowed_syscalls)
115{ 106{
116 int dev_systrace, i, j, found; 107 int dev_systrace, i, j, found, status;
117 char whatever = 0; 108 pid_t pid;
118 struct systrace_policy policy; 109 struct systrace_policy policy;
119 110
111 /* Wait for the child to send itself a SIGSTOP */
120 debug3("%s: wait for child %ld", __func__, (long)child_pid); 112 debug3("%s: wait for child %ld", __func__, (long)child_pid);
113 do {
114 pid = waitpid(child_pid, &status, WUNTRACED);
115 } while (pid == -1 && errno == EINTR);
116 signal(SIGCHLD, box->osigchld);
117 if (!WIFSTOPPED(status)) {
118 if (WIFSIGNALED(status))
119 fatal("%s: child terminated with signal %d",
120 __func__, WTERMSIG(status));
121 if (WIFEXITED(status))
122 fatal("%s: child exited with status %d",
123 __func__, WEXITSTATUS(status));
124 fatal("%s: child not stopped", __func__);
125 }
126 debug3("%s: child %ld stopped", __func__, (long)child_pid);
121 box->child_pid = child_pid; 127 box->child_pid = child_pid;
122 close(box->child_sock);
123 /* Wait for child to signal that it is ready */
124 if (atomicio(read, box->parent_sock, &whatever, 1) != 1)
125 fatal("%s: read: %s", __func__, strerror(errno));
126 debug3("%s: child %ld ready", __func__, (long)child_pid);
127 128
128 /* Set up systracing of child */ 129 /* Set up systracing of child */
129 if ((dev_systrace = open("/dev/systrace", O_RDONLY)) == -1) 130 if ((dev_systrace = open("/dev/systrace", O_RDONLY)) == -1)
@@ -174,9 +175,8 @@ ssh_sandbox_parent(struct ssh_sandbox *box, pid_t child_pid,
174 175
175 /* Signal the child to start running */ 176 /* Signal the child to start running */
176 debug3("%s: start child %ld", __func__, (long)child_pid); 177 debug3("%s: start child %ld", __func__, (long)child_pid);
177 if (atomicio(vwrite, box->parent_sock, &whatever, 1) != 1) 178 if (kill(box->child_pid, SIGCONT) != 0)
178 fatal("%s: write: %s", __func__, strerror(errno)); 179 fatal("%s: kill(%d, SIGCONT)", __func__, box->child_pid);
179 close(box->parent_sock);
180} 180}
181 181
182void 182void