Changeset 98193


Ignore:
Timestamp:
Sep 28, 2012, 5:10:50 AM (12 years ago)
Author:
jmr@…
Message:

use sandboxing to prevent writes outside workpath and distpath

Location:
trunk/base/src
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • trunk/base/src/pextlib1.0/system.c

    r98156 r98193  
    157157    }
    158158
    159 #if 0
    160159    /* check if and how we should use sandbox-exec */
    161160    sandbox = check_sandboxing(interp, &sandbox_exec_path, &profilestr);
    162 #endif
    163161
    164162    /*

  • trunk/base/src/port1.0/portsandbox.tcl

    r98156 r98193  
    3636options portsandbox_supported portsandbox_profile
    3737default portsandbox_supported {[file executable $portutil::autoconf::sandbox_exec_path]}
    38 default portsandbox_profile {[portsandbox::get_default_profile]}
     38default portsandbox_profile {}
    3939
    40 # produce a suitable profile to pass to sandbox-exec
     40# set up a suitable profile to pass to sandbox-exec, based on the target
    4141# command line usage would be:
    42 # sandbox-exec -p '(version 1) (allow default) (deny file* (subpath "/usr/local") (subpath "/Library/Frameworks"))' some-command
    43 proc portsandbox::get_default_profile {} {
    44     global os.major prefix frameworks_dir
    45     set prefix_conflict [expr {$prefix == "/usr/local" || [string match $prefix "/usr/local/*"]}]
    46     set frameworks_conflict [expr {$frameworks_dir == "/Library/Frameworks" || [string match $frameworks_dir "/Library/Frameworks/*"]}]
    47     if {$prefix_conflict && $frameworks_conflict} {
    48         return ""
     42# sandbox-exec -p '(version 1) (allow default) (deny file-write*) (allow file-write* <filter>)' some-command
     43proc portsandbox::set_profile {target} {
     44    global os.major portsandbox_profile workpath distpath altprefix
     45
     46    switch $target {
     47        activate -
     48        deactivate -
     49        load -
     50        unload {
     51            set portsandbox_profile ""
     52            return
     53        }
     54        fetch -
     55        mirror -
     56        clean {
     57            set allow_dirs [list $distpath]
     58        }
    4959    }
    50     set profile "(version 1) (allow default) (deny "
    51     if {${os.major} > 9} {
    52         append profile "file* "
    53         if {!$prefix_conflict} {
    54             append profile {(subpath "/usr/local")}
     60
     61    # TODO: remove altprefix support
     62    lappend allow_dirs $workpath $altprefix
     63
     64    set portsandbox_profile "(version 1) (allow default) (deny file-write*)"
     65    foreach dir $allow_dirs {
     66        append portsandbox_profile " (allow file-write* "
     67        if {${os.major} > 9} {
     68            append portsandbox_profile "(subpath \"${dir}\")"
     69        } else {
     70            append portsandbox_profile "(regex #\"^${dir}/\")"
    5571        }
    56         if {!$frameworks_conflict} {
    57             append profile { (subpath "/Library/Frameworks")}
    58         }
    59     } else {
    60         append profile "file-read* file-write* (regex "
    61         if {!$prefix_conflict} {
    62             append profile {#"^/usr/local/"}
    63         }
    64         if {!$frameworks_conflict} {
    65             append profile { #"^/Library/Frameworks/"}
    66         }
    67         append profile ")"
     72        append portsandbox_profile ")"
    6873    }
    69     append profile ")"
    70     return $profile
     74    append portsandbox_profile " (allow file-write-data (literal \"/dev/null\"))"
    7175}

  • trunk/base/src/port1.0/portutil.tcl

    r96538 r98193  
    13271327        set targetname [ditem_key $ditem name]
    13281328        set target [ditem_key $ditem provides]
     1329        portsandbox::set_profile $target
    13291330        global ${target}.asroot
    13301331        if { [tbool ${target}.asroot] } {
Note: See TracChangeset for help on using the changeset viewer.