[CVS] RPM: rpm/ CHANGES configure.ac rpm/rpmio/ rpmsm.c
RPM Package Manager, CVS Repository http://rpm5.org/cvs/ Server: rpm5.org Name: Jeff Johnson Root: /v/rpm/cvs Email: j...@rpm5.org Module: rpm Date: 16-Sep-2009 00:01:13 Branch: HEAD Handle: 2009091522011300 Modified files: rpm CHANGES configure.ac rpm/rpmio rpmsm.c Log: - spook: install spooktool next to semodule. Summary: RevisionChanges Path 1.3122 +1 -0 rpm/CHANGES 2.401 +1 -1 rpm/configure.ac 2.15+1 -1 rpm/rpmio/rpmsm.c patch -p0 <<'@@ .' Index: rpm/CHANGES $ cvs diff -u -r1.3121 -r1.3122 CHANGES --- rpm/CHANGES 14 Sep 2009 21:32:20 - 1.3121 +++ rpm/CHANGES 15 Sep 2009 22:01:13 - 1.3122 @@ -1,5 +1,6 @@ 5.2b1 -> 5.3a1 +- jbj: spook: install spooktool next to semodule. - jbj: spook: embed the "spook" DSL just like augeas (nee "augtool"). - jbj: augeas: change the DSL embedding syntax from "augtool" to "augeas". - jbj: haul out some trash. @@ . patch -p0 <<'@@ .' Index: rpm/configure.ac $ cvs diff -u -r2.400 -r2.401 configure.ac --- rpm/configure.ac 12 Sep 2009 12:33:52 - 2.400 +++ rpm/configure.ac 15 Sep 2009 22:01:13 - 2.401 @@ -1232,7 +1232,7 @@ [semanage], [semanage_handle_create], [semanage/semanage.h], [no,external:none], [], [ AC_DEFINE(WITH_SEMANAGE, 1, [Define if building with Libsemanage]) - WITH_SEMANAGE_SEMODULE="semodule" + WITH_SEMANAGE_SEMODULE="semodule spooktool" ], []) AC_SUBST(WITH_SEMANAGE_SEMODULE) @@ . patch -p0 <<'@@ .' Index: rpm/rpmio/rpmsm.c $ cvs diff -u -r2.14 -r2.15 rpmsm.c --- rpm/rpmio/rpmsm.c 15 Sep 2009 21:06:50 - 2.14 +++ rpm/rpmio/rpmsm.c 15 Sep 2009 22:01:13 - 2.15 @@ -18,7 +18,7 @@ #include "debug.h" /*...@unchecked@*/ -int _rpmsm_debug = -1; +int _rpmsm_debug = 0; /*...@unchecked@*/ /*...@relnull@*/ rpmsm _rpmsmI = NULL; @@ . __ RPM Package Managerhttp://rpm5.org CVS Sources Repositoryrpm-cvs@rpm5.org
[CVS] RPM: rpm/js/ rpmsm-js.c rpm/rpmio/ rpmsm.c rpmsm.h
RPM Package Manager, CVS Repository
http://rpm5.org/cvs/
Server: rpm5.org Name: Jeff Johnson
Root: /v/rpm/cvs Email: j...@rpm5.org
Module: rpm Date: 15-Sep-2009 23:06:50
Branch: HEAD Handle: 2009091521065000
Modified files:
rpm/js rpmsm-js.c
rpm/rpmio rpmsm.c rpmsm.h
Log:
- js: the iob buffer is freed with the rpmsm object, callers need not free.
- rpmsm: return only RPMRC_OK or RPMRC_FAIL (like all other embedded
inbterpreters).
Summary:
RevisionChanges Path
1.5 +0 -1 rpm/js/rpmsm-js.c
2.14+7 -3 rpm/rpmio/rpmsm.c
2.7 +2 -2 rpm/rpmio/rpmsm.h
patch -p0 <<'@@ .'
Index: rpm/js/rpmsm-js.c
$ cvs diff -u -r1.4 -r1.5 rpmsm-js.c
--- rpm/js/rpmsm-js.c 11 Sep 2009 20:19:07 - 1.4
+++ rpm/js/rpmsm-js.c 15 Sep 2009 21:06:50 - 1.5
@@ -246,7 +246,6 @@
*rval = JSVAL_TRUE;
else
*rval = STRING_TO_JSVAL(JS_NewStringCopyZ(cx, result));
- result = _free(result);
} else
*rval = JSVAL_FALSE;
@@ .
patch -p0 <<'@@ .'
Index: rpm/rpmio/rpmsm.c
$ cvs diff -u -r2.13 -r2.14 rpmsm.c
--- rpm/rpmio/rpmsm.c 13 Sep 2009 02:55:14 - 2.13
+++ rpm/rpmio/rpmsm.c 15 Sep 2009 21:06:50 - 2.14
@@ -403,12 +403,15 @@
/*==*/
-int rpmsmRun(rpmsm sm, const char ** av, const char ** resultp)
+rpmRC rpmsmRun(rpmsm sm, const char ** av, const char ** resultp)
{
int ncmds = argvCount(av);
int rc = 0;
int i;
+if (_rpmsm_debug)
+fprintf(stderr, "--> %s(%p,%p,%p) av[0] \"%s\"\n", __FUNCTION__, sm, av,
resultp, (av ? av[0] : NULL));
+
if (sm == NULL) sm = rpmsmI();
(void) rpmiobEmpty(sm->iob);
@@ -475,6 +478,7 @@
*resultp = (rpmiobLen(sm->iob) > 0 ? rpmiobStr(sm->iob) : NULL);
if (_rpmsm_debug)
-fprintf(stderr, "<-- %s(%p) I %p rc %d\n", __FUNCTION__, sm, sm->I, rc);
-return rc;
+fprintf(stderr, "<-- %s(%p,%p,%p) av[0] \"%s\" rc %d\n", __FUNCTION__, sm,
av, resultp, (av ? av[0] : NULL), rc);
+/* XXX impedance match to OK or FAIL return codes. */
+return (rc >= 0 ? RPMRC_OK : RPMRC_FAIL);
}
@@ .
patch -p0 <<'@@ .'
Index: rpm/rpmio/rpmsm.h
$ cvs diff -u -r2.6 -r2.7 rpmsm.h
--- rpm/rpmio/rpmsm.h 11 Sep 2009 20:19:06 - 2.6
+++ rpm/rpmio/rpmsm.h 15 Sep 2009 21:06:50 - 2.7
@@ -114,9 +114,9 @@
* @param sm semanage wrapper
* @param av semanage commands
* @retval *resultp string result (malloc'd)
- * @return 0 on success, <0 on error
+ * @return RPMRC_OK on success, RPMRC_FAIL on error
*/
-int rpmsmRun(rpmsm sm, const char ** av, /*...@out@*/ const char ** resultp)
+rpmRC rpmsmRun(rpmsm sm, const char ** av, /*...@out@*/ const char **
resultp)
/*...@globals fileSystem, internalState @*/
/*...@modifies sm, *resultp, fileSystem, internalState @*/;
@@ .
__
RPM Package Managerhttp://rpm5.org
CVS Sources Repositoryrpm-cvs@rpm5.org
[CVS] RPM: rpm/rpmio/ rpmsp.c
RPM Package Manager, CVS Repository
http://rpm5.org/cvs/
Server: rpm5.org Name: Jeff Johnson
Root: /v/rpm/cvs Email: j...@rpm5.org
Module: rpm Date: 15-Sep-2009 22:59:53
Branch: HEAD Handle: 2009091520595300
Modified files:
rpm/rpmio rpmsp.c
Log:
- rpmsp: ensure that all memory is initialized on all code paths.
Summary:
RevisionChanges Path
2.4 +10 -6 rpm/rpmio/rpmsp.c
patch -p0 <<'@@ .'
Index: rpm/rpmio/rpmsp.c
$ cvs diff -u -r2.3 -r2.4 rpmsp.c
--- rpm/rpmio/rpmsp.c 10 Sep 2009 15:24:45 - 2.3
+++ rpm/rpmio/rpmsp.c 15 Sep 2009 20:59:53 - 2.4
@@ -66,8 +66,16 @@
{
rpmsp sp = rpmspGetPool(_rpmspPool);
+sp->fn = NULL;
+sp->flags = 0;
+sp->I = NULL;
+sp->DB = NULL;
+sp->F = NULL;
+sp->C = NULL;
+sp->P = NULL;
+
#if defined(WITH_SEPOL)
-sepol_handle_t *I = sp->I = sepol_handle_create();
+ { sepol_handle_t *I = sp->I = sepol_handle_create();
int xx;
if (I == NULL) {
@@ -77,10 +85,6 @@
return NULL;
}
-sp->DB = NULL;
-sp->F = NULL;
-
-sp->C = NULL;
if ((xx = sepol_context_create(SP->I, &sp->C)) < 0) {
if (_rpmsp_debug)
fprintf(stderr, "--> %s: sepol_context_create: %s\n", __FUNCTION__,
strerror(errno));/* XXX errno? */
@@ -88,7 +92,6 @@
return NULL;
}
-sp->P = NULL;
if ((xx = sepol_module_package_create(&sp->P)) < 0) {
if (_rpmsp_debug)
fprintf(stderr, "--> %s: sepol_module_package_create: %s\n", __FUNCTION__,
strerror(errno)); /* XXX errno? */
@@ -130,6 +133,7 @@
(void) fclose(fp);
}
+ }
#endif
return rpmspLink(sp);
@@ .
__
RPM Package Managerhttp://rpm5.org
CVS Sources Repositoryrpm-cvs@rpm5.org
[CVS] RPM: rpm/tools/ .cvsignore
RPM Package Manager, CVS Repository http://rpm5.org/cvs/ Server: rpm5.org Name: Jeff Johnson Root: /v/rpm/cvs Email: j...@rpm5.org Module: rpm Date: 15-Sep-2009 21:19:58 Branch: HEAD Handle: 2009091519195800 Modified files: rpm/tools .cvsignore Log: - ignore newly built executables. Summary: RevisionChanges Path 1.35+3 -0 rpm/tools/.cvsignore patch -p0 <<'@@ .' Index: rpm/tools/.cvsignore $ cvs diff -u -r1.34 -r1.35 .cvsignore --- rpm/tools/.cvsignore 10 Sep 2009 15:32:59 - 1.34 +++ rpm/tools/.cvsignore 15 Sep 2009 19:19:58 - 1.35 @@ -7,6 +7,7 @@ *.gcno augtool convertdb1 +chroot cp db_tool debugedit @@ -21,6 +22,8 @@ rpmkey rpmrepo rpmspecdump +sandbox semodule +spooktool txar wget @@ . __ RPM Package Managerhttp://rpm5.org CVS Sources Repositoryrpm-cvs@rpm5.org
[CVS] RPM: rpm/tools/ Makefile.am chroot.c cp.c
RPM Package Manager, CVS Repository
http://rpm5.org/cvs/
Server: rpm5.org Name: Jeff Johnson
Root: /v/rpm/cvs Email: j...@rpm5.org
Module: rpm Date: 15-Sep-2009 21:18:48
Branch: HEAD Handle: 2009091519184800
Modified files:
rpm/tools Makefile.am chroot.c cp.c
Log:
- chroot: add RPMIO fertishism and install into /usr/lib/rpm/bin.
Summary:
RevisionChanges Path
2.137 +9 -8 rpm/tools/Makefile.am
1.2 +107 -147 rpm/tools/chroot.c
2.17+1 -1 rpm/tools/cp.c
patch -p0 <<'@@ .'
Index: rpm/tools/Makefile.am
$ cvs diff -u -r2.136 -r2.137 Makefile.am
--- rpm/tools/Makefile.am 15 Sep 2009 15:18:37 - 2.136
+++ rpm/tools/Makefile.am 15 Sep 2009 19:18:48 - 2.137
@@ -48,16 +48,19 @@
pkgbindir = @USRLIBRPM@/bin
pkgbin_PROGRAMS =\
- @WITH_AUGEAS_AUGTOOL@ cp find grep mtree @WITH_SEMANAGE_SEMODULE@ wget \
+ @WITH_AUGEAS_AUGTOOL@ chroot cp find grep mtree
@WITH_SEMANAGE_SEMODULE@ wget \
rpmcache rpmdigest rpmrepo rpmspecdump \
rpmcmp rpmdeps @WITH_KEYUTILS_RPMKEY@ @WITH_LIBELF_DEBUGEDIT@
dist_man_MANS = rpmgrep.1
augtool_SOURCES =augtool.c
-augtool_LDADD = $(RPM_LDADD_COMMON) -lreadline
+augtool_LDADD = $(RPMIO_LDADD_COMMON)
+
+chroot_SOURCES = chroot.c
+chroot_LDADD = $(RPMIO_LDADD_COMMON)
cp_SOURCES = cp.c
-cp_LDADD = $(RPM_LDADD_COMMON)
+cp_LDADD = $(RPMIO_LDADD_COMMON)
debugedit_SOURCES = debugedit.c hashtab.c
debugedit_LDADD =$(RPM_LDADD_COMMON)
@@ -91,13 +94,13 @@
rpmspecdump_LDADD = $(RPMBUILD_LDADD_COMMON)
semodule_SOURCES = semodule.c
-semodule_LDADD = $(RPM_LDADD_COMMON)
+semodule_LDADD = $(RPMIO_LDADD_COMMON)
sandbox_SOURCES =sandbox.c
-sandbox_LDADD = $(RPM_LDADD_COMMON)
+sandbox_LDADD = $(RPMIO_LDADD_COMMON)
spooktool_SOURCES = spooktool.c
-spooktool_LDADD =$(RPM_LDADD_COMMON)
+spooktool_LDADD =$(RPMIO_LDADD_COMMON)
wget_SOURCES = rpmwget.c
wget_LDADD = $(RPMIO_LDADD_COMMON)
@@ -117,7 +120,6 @@
##
## XAR <-> RPM package converter
##
-
if WITH_XAR
pkgbin_PROGRAMS += txar
txar_SOURCES = txar.c
@@ -128,7 +130,6 @@
##
## provide Berkeley-DB tools
##
-
if WITH_DB_INTERNAL
if WITH_DB_TOOLS_INTEGRATED
pkgbin_PROGRAMS += db_tool
@@ .
patch -p0 <<'@@ .'
Index: rpm/tools/chroot.c
$ cvs diff -u -r1.1 -r1.2 chroot.c
--- rpm/tools/chroot.c15 Sep 2009 17:53:42 - 1.1
+++ rpm/tools/chroot.c15 Sep 2009 19:18:48 - 1.2
@@ -27,161 +27,121 @@
* SUCH DAMAGE.
*/
-#if 0
-#ifndef lint
-static const char copyright[] =
-"@(#) Copyright (c) 1988, 1993\n\
- The Regents of the University of California. All rights reserved.\n";
-#endif /* not lint */
-
-#ifndef lint
-static char sccsid[] = "@(#)chroot.c 8.1 (Berkeley) 6/9/93";
-#endif /* not lint */
+#include "system.h"
+
+#include
+#include
+#include
+
+#include "debug.h"
+
+static char * user; /* user to switch to before running program */
+static char * group; /* group to switch to ... */
+static char * grouplist; /* group list to switch to ... */
+
+/*...@unchecked@*/ /*...@observer@*/
+static struct poptOption optionsTable[] = {
+ { "user",'u', POPT_ARG_STRING, &user, 0,
+N_("Set primary USER"), N_("USER") },
+ { "group",'g', POPT_ARG_STRING,&group, 0,
+N_("Set primary GROUP"), N_("GROUP") },
+ { "groups",'G', POPT_ARG_STRING, &grouplist, 0,
+N_("Set primary GROUPS"), N_("GROUPS") },
+
+#ifdef NOTYET
+ POPT_AUTOALIAS
+ POPT_AUTOHELP
#endif
-#include
-__FBSDID("$FreeBSD: src/usr.sbin/chroot/chroot.c,v 1.12 2009/06/19 15:58:24
brooks Exp $");
-#include
+ { NULL, (char)-1, POPT_ARG_INCLUDE_TABLE, NULL, 0,
+"\
+Usage: chroot [-g group] [-G group,group,...] [-u user] newroot [command]\n\
+", NULL },
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-
-static void usage(void);
-
-char *user; /* user to switch to before running program */
-char *group; /* group to switch to ... */
-char *grouplist; /* group list to switch to ... */
+
[CVS] RPM: rpm/tools/ chroot.c
RPM Package Manager, CVS Repository
http://rpm5.org/cvs/
Server: rpm5.org Name: Jeff Johnson
Root: /v/rpm/cvs Email: j...@rpm5.org
Module: rpm Date: 15-Sep-2009 19:53:42
Branch: HEAD Handle: 2009091517534200
Added files:
rpm/tools chroot.c
Log:
- swipe a copy of FreeBSD chroot.c (lest I forget).
Summary:
RevisionChanges Path
1.1 +187 -0 rpm/tools/chroot.c
patch -p0 <<'@@ .'
Index: rpm/tools/chroot.c
$ cvs diff -u -r0 -r1.1 chroot.c
--- /dev/null 2009-09-15 19:45:28 +0200
+++ chroot.c 2009-09-15 19:53:42 +0200
@@ -0,0 +1,187 @@
+/*
+ * Copyright (c) 1988, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *notice, this list of conditions and the following disclaimer in the
+ *documentation and/or other materials provided with the distribution.
+ * 4. Neither the name of the University nor the names of its contributors
+ *may be used to endorse or promote products derived from this software
+ *without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if 0
+#ifndef lint
+static const char copyright[] =
+"@(#) Copyright (c) 1988, 1993\n\
+ The Regents of the University of California. All rights reserved.\n";
+#endif /* not lint */
+
+#ifndef lint
+static char sccsid[] = "@(#)chroot.c 8.1 (Berkeley) 6/9/93";
+#endif /* not lint */
+#endif
+#include
+__FBSDID("$FreeBSD: src/usr.sbin/chroot/chroot.c,v 1.12 2009/06/19 15:58:24
brooks Exp $");
+
+#include
+
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+
+static void usage(void);
+
+char *user; /* user to switch to before running program */
+char *group; /* group to switch to ... */
+char *grouplist; /* group list to switch to ... */
+
+int
+main(argc, argv)
+ int argc;
+ char *argv[];
+{
+ struct group*gp;
+ struct passwd *pw;
+ char*endp, *p;
+ const char *shell;
+ gid_t gid, *gidlist;
+ uid_t uid;
+ int ch, gids;
+ longngroups_max;
+
+ gid = 0;
+ uid = 0;
+ while ((ch = getopt(argc, argv, "G:g:u:")) != -1) {
+ switch(ch) {
+ case 'u':
+ user = optarg;
+ if (*user == '\0')
+ usage();
+ break;
+ case 'g':
+ group = optarg;
+ if (*group == '\0')
+ usage();
+ break;
+ case 'G':
+ grouplist = optarg;
+ if (*grouplist == '\0')
+ usage();
+ break;
+ case '?':
+ default:
+ usage();
+ }
+ }
+ argc -= optind;
+ argv += optind;
+
+ if (argc < 1)
+ usage();
+
+ if (group != NULL) {
+ if (isdigit((unsigned char)*group)) {
+ gid = (gid_t)strtoul(group, &endp, 0);
+ if (*endp != '\0')
+ goto getgroup;
+ } else {
+ getgroup:
+ if ((gp = getgrnam
[CVS] RPM: rpm/tools/ sandbox.c
RPM Package Manager, CVS Repository
http://rpm5.org/cvs/
Server: rpm5.org Name: Jeff Johnson
Root: /v/rpm/cvs Email: j...@rpm5.org
Module: rpm Date: 15-Sep-2009 19:38:17
Branch: HEAD Handle: 2009091517381700
Modified files:
rpm/tools sandbox.c
Log:
- sandbox: rip out c99 and other "stuff".
Summary:
RevisionChanges Path
2.2 +308 -310 rpm/tools/sandbox.c
patch -p0 <<'@@ .'
Index: rpm/tools/sandbox.c
$ cvs diff -u -r2.1 -r2.2 sandbox.c
--- rpm/tools/sandbox.c 15 Sep 2009 15:18:37 - 2.1
+++ rpm/tools/sandbox.c 15 Sep 2009 17:38:17 - 2.2
@@ -1,356 +1,354 @@
-// Copyright (c) 2009 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
+/*
+ * Copyright (c) 2009 The Chromium Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ *
+ * http://code.google.com/p/chromium/wiki/LinuxSUIDSandbox
+ */
-// http://code.google.com/p/chromium/wiki/LinuxSUIDSandbox
+#include "system.h"
-#define _GNU_SOURCE
#include
-#include
-#include
#include
-#include
#include
-#include
-#include
-#include
#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-/* - #include "suid_unsafe_environment_variables.h" */
-static const char* kSUIDUnsafeEnvironmentVariables[] = {
- "LD_AOUT_LIBRARY_PATH",
- "LD_AOUT_PRELOAD",
- "GCONV_PATH",
- "GETCONF_DIR",
- "HOSTALIASES",
- "LD_AUDIT",
- "LD_DEBUG",
- "LD_DEBUG_OUTPUT",
- "LD_DYNAMIC_WEAK",
- "LD_LIBRARY_PATH",
- "LD_ORIGIN_PATH",
- "LD_PRELOAD",
- "LD_PROFILE",
- "LD_SHOW_AUXV",
- "LD_USE_LOAD_BIAS",
- "LOCALDOMAIN",
- "LOCPATH",
- "MALLOC_TRACE",
- "NIS_PATH",
- "NLSPATH",
- "RESOLV_HOST_CONF",
- "RES_OPTIONS",
- "TMPDIR",
- "TZDIR",
- NULL,
-};
-
-// Return a malloc allocated string containing the 'saved' environment
variable
-// name for a given environment variable.
-static inline char* SandboxSavedEnvironmentVariable(const char* envvar) {
- const size_t envvar_len = strlen(envvar);
- const size_t saved_envvarlen = envvar_len + 1 /* NUL terminator */ +
- 8 /* strlen("SANDBOX_") */;
- char* const saved_envvar = (char*) malloc(saved_envvarlen);
- if (!saved_envvar)
-return NULL;
-
- memcpy(saved_envvar, "SANDBOX_", 8);
- memcpy(saved_envvar + 8, envvar, envvar_len);
- saved_envvar[8 + envvar_len] = 0;
-
- return saved_envvar;
-}
-/* - */
+#include "debug.h"
#if !defined(CLONE_NEWPID)
#define CLONE_NEWPID 0x2000
#endif
-#if defined(LINUX_SANDBOX_CHROME_PATH)
-static const char kChromeBinary[] = LINUX_SANDBOX_CHROME_PATH;
-#endif
+static char tempdirTemplate[] = "/tmp/rpm-sandbox-chroot-XX";
-static const char kSandboxDescriptorEnvironmentVarName[] = "SBX_D";
+static void _err(int code, const char *msg, ...)
+ __attribute__((noreturn, format(printf, 2, 3)));
-// These are the magic byte values which the sandboxed process uses to
request
-// that it be chrooted.
-static const char kMsgChrootMe = 'C';
-static const char kMsgChrootSuccessful = 'O';
-
-static void FatalError(const char *msg, ...)
-__attribute__((noreturn, format(printf,1,2)));
-
-static void FatalError(const char *msg, ...) {
- va_list ap;
- va_start(ap, msg);
-
- vfprintf(stderr, msg, ap);
- fprintf(stderr, ": %s\n", strerror(errno));
- fflush(stderr);
- exit(1);
+static void
+_err(int code, const char *fmt, ...)
+{
+FILE * fp = stderr;
+va_list ap;
+va_start(ap, fmt);
+if (fmt != NULL) {
+ vfprintf(fp, fmt, ap);
+ fprintf(fp, ": ");
+}
+fprintf(fp, "%s\n", strerror(errno));
+va_end(ap);
+exit(code);
}
-static int CloneChrootHelperProcess() {
- int sv[2];
- if (socketpair(AF_UNIX, SOCK_STREAM, 0, sv) == -1) {
-perror("socketpair");
-return -1;
- }
-
- // We create a temp directory for our chroot. Nobody should ever write into
- // it, so it's root:root mode 000.
- char kTempDirectoryTemplate[] = "/tmp/chrome-sandbox-chroot-XX";
- const char* temp_dir = mkdtemp(kTempDirectoryTemplate);
- if (!temp_dir) {
-perror("Failed to create temp directory for chroot");
-return -1;
- }
-
- const int chroot_d
[CVS] RPM: rpm/tools/ Makefile.am sandbox.c
RPM Package Manager, CVS Repository
http://rpm5.org/cvs/
Server: rpm5.org Name: Jeff Johnson
Root: /v/rpm/cvs Email: j...@rpm5.org
Module: rpm Date: 15-Sep-2009 17:18:38
Branch: HEAD Handle: 2009091515183700
Added files:
rpm/tools sandbox.c
Modified files:
rpm/tools Makefile.am
Log:
- swipe a copy og sandbox.c from Google chromium.
Summary:
RevisionChanges Path
2.136 +4 -1 rpm/tools/Makefile.am
2.1 +356 -0 rpm/tools/sandbox.c
patch -p0 <<'@@ .'
Index: rpm/tools/Makefile.am
$ cvs diff -u -r2.135 -r2.136 Makefile.am
--- rpm/tools/Makefile.am 12 Sep 2009 21:30:56 - 2.135
+++ rpm/tools/Makefile.am 15 Sep 2009 15:18:37 - 2.136
@@ -22,7 +22,7 @@
EXTRA_DIST = hashtab.h
-EXTRA_PROGRAMS = augtool debugedit rpmkey semodule spooktool
+EXTRA_PROGRAMS = augtool debugedit rpmkey sandbox semodule spooktool
RPMMISC_LDADD_COMMON = \
$(top_builddir)/misc/librpmmisc.la \
@@ -93,6 +93,9 @@
semodule_SOURCES = semodule.c
semodule_LDADD = $(RPM_LDADD_COMMON)
+sandbox_SOURCES =sandbox.c
+sandbox_LDADD = $(RPM_LDADD_COMMON)
+
spooktool_SOURCES = spooktool.c
spooktool_LDADD =$(RPM_LDADD_COMMON)
@@ .
patch -p0 <<'@@ .'
Index: rpm/tools/sandbox.c
$ cvs diff -u -r0 -r2.1 sandbox.c
--- /dev/null 2009-09-15 17:15:29 +0200
+++ sandbox.c 2009-09-15 17:18:38 +0200
@@ -0,0 +1,356 @@
+// Copyright (c) 2009 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// http://code.google.com/p/chromium/wiki/LinuxSUIDSandbox
+
+#define _GNU_SOURCE
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+
+/* - #include "suid_unsafe_environment_variables.h" */
+static const char* kSUIDUnsafeEnvironmentVariables[] = {
+ "LD_AOUT_LIBRARY_PATH",
+ "LD_AOUT_PRELOAD",
+ "GCONV_PATH",
+ "GETCONF_DIR",
+ "HOSTALIASES",
+ "LD_AUDIT",
+ "LD_DEBUG",
+ "LD_DEBUG_OUTPUT",
+ "LD_DYNAMIC_WEAK",
+ "LD_LIBRARY_PATH",
+ "LD_ORIGIN_PATH",
+ "LD_PRELOAD",
+ "LD_PROFILE",
+ "LD_SHOW_AUXV",
+ "LD_USE_LOAD_BIAS",
+ "LOCALDOMAIN",
+ "LOCPATH",
+ "MALLOC_TRACE",
+ "NIS_PATH",
+ "NLSPATH",
+ "RESOLV_HOST_CONF",
+ "RES_OPTIONS",
+ "TMPDIR",
+ "TZDIR",
+ NULL,
+};
+
+// Return a malloc allocated string containing the 'saved' environment
variable
+// name for a given environment variable.
+static inline char* SandboxSavedEnvironmentVariable(const char* envvar) {
+ const size_t envvar_len = strlen(envvar);
+ const size_t saved_envvarlen = envvar_len + 1 /* NUL terminator */ +
+ 8 /* strlen("SANDBOX_") */;
+ char* const saved_envvar = (char*) malloc(saved_envvarlen);
+ if (!saved_envvar)
+return NULL;
+
+ memcpy(saved_envvar, "SANDBOX_", 8);
+ memcpy(saved_envvar + 8, envvar, envvar_len);
+ saved_envvar[8 + envvar_len] = 0;
+
+ return saved_envvar;
+}
+/* - */
+
+#if !defined(CLONE_NEWPID)
+#define CLONE_NEWPID 0x2000
+#endif
+
+#if defined(LINUX_SANDBOX_CHROME_PATH)
+static const char kChromeBinary[] = LINUX_SANDBOX_CHROME_PATH;
+#endif
+
+static const char kSandboxDescriptorEnvironmentVarName[] = "SBX_D";
+
+// These are the magic byte values which the sandboxed process uses to
request
+// that it be chrooted.
+static const char kMsgChrootMe = 'C';
+static const char kMsgChrootSuccessful = 'O';
+
+static void FatalError(const char *msg, ...)
+__attribute__((noreturn, format(printf,1,2)));
+
+static void FatalError(const char *msg, ...) {
+ va_list ap;
+ va_start(ap, msg);
+
+ vfprintf(stderr, msg, ap);
+ fprintf(stderr, ": %s\n", strerror(errno));
+ fflush(stderr);
+ exit(1);
+}
+
+static int CloneChrootHelperProcess() {
+ int sv[2];
+ if (socketpair(AF_UNIX, SOCK_STREAM, 0, sv) == -1) {
+perror("socketpair");
+return -1;
+ }
+
+ // We create a temp directory for our chroot. Nobody should ever write into
+ // it, so it's root:root mode 000.
+ char kTempDirectoryTemplate[] = "/tmp/chrome-sandbox-chroot-XX";
+ const char* temp_dir = mkdtemp(kTempDirectoryTemplate);
