Changeset 18781 for trunk/base


Ignore:
Timestamp:
Jul 28, 2006, 10:11:10 AM (14 years ago)
Author:
pguyot (Paul Guyot)
Message:

darwintrace now reports creation of directories outside the sandbox.
It works with rb-rubygems. Cf:
http://bugzilla.opendarwin.org/show_bug.cgi?id=5491

Location:
trunk/base
Files:
6 edited

Legend:

Unmodified
Added
Removed
  • trunk/base/src/darwintracelib1.0/Makefile

    r13378 r18781  
    77include ../../Mk/dports.autoconf.mk
    88include ../../Mk/dports.tea.mk
    9 
    10 CFLAGS+=        -DDARWINTRACE_LOG_CREATE
  • trunk/base/src/darwintracelib1.0/darwintrace.c

    r18777 r18781  
    44 * All rights reserved.
    55 *
    6  * $Id: darwintrace.c,v 1.18 2006/07/28 08:14:12 pguyot Exp $
     6 * $Id: darwintrace.c,v 1.19 2006/07/28 10:11:09 pguyot Exp $
    77 *
    88 * @APPLE_BSD_LICENSE_HEADER_START@
     
    5353#include <string.h>
    5454#include <unistd.h>
     55#include <sys/types.h>
    5556#include <sys/stat.h>
    5657#include <sys/param.h>
     
    8283 * DARWINTRACE_SHOW_PROCESS: show the process id of every access
    8384 * DARWINTRACE_LOG_CREATE: log creation of files as well.
    84  * DARWINTRACE_SANDBOX: control creation, deletion and writing to files.
     85 * DARWINTRACE_SANDBOX: control creation, deletion and writing to files and dirs.
    8586 * DARWINTRACE_LOG_FULL_PATH: use F_GETPATH to log the full path.
    8687 * DARWINTRACE_DEBUG_OUTPUT: verbose output of stuff to debug darwintrace.
     
    598599}
    599600#endif
     601
     602#if DARWINTRACE_SANDBOX
     603/* Trap attempts to create directories outside the sandbox.
     604 */
     605int mkdir(const char* path, mode_t mode) {
     606#define __mkdir(x,y) syscall(SYS_mkdir, (x), (y))
     607        int result = 0;
     608        int isInSandbox = __darwintrace_is_in_sandbox(path);
     609        if (isInSandbox == 1) {
     610                dprintf("darwintrace: mkdir was allowed at %s\n", path);
     611        } else if (isInSandbox == 0) {
     612                /* outside sandbox, but sandbox is defined: forbid */
     613                /* only consider directories that do not exist. */
     614                struct stat theInfo;
     615                int err;
     616                err = lstat(path, &theInfo);
     617                if ((err == -1) && (errno == ENOENT))
     618                {
     619                        dprintf("darwintrace: mkdir was forbidden at %s\n", path);
     620                        __darwintrace_log_op("sandbox_violation", NULL, path, 0);
     621                        errno = EACCES;
     622                        result = -1;
     623                } /* otherwise, mkdir will do nothing (directory exists) or fail
     624                     (another error) */
     625        }
     626       
     627        if (result == 0) {
     628                result = __mkdir(path, mode);
     629        }
     630       
     631        return result;
     632}
     633#endif
  • trunk/base/src/port1.0/porttrace.tcl

    r18727 r18781  
    22# porttrace.tcl
    33#
    4 # $Id: porttrace.tcl,v 1.20 2006/07/25 08:50:48 pguyot Exp $
     4# $Id: porttrace.tcl,v 1.21 2006/07/28 10:11:10 pguyot Exp $
    55#
    66# Copyright (c) 2005-2006 Paul Guyot <pguyot@kallisys.net>,
     
    120120       
    121121        foreach violation [lsort $violations] {
    122                 ui_warn "A file creation/deletion/modification was attempted outside sandbox: $violation"
     122                ui_warn "A creation/deletion/modification was attempted outside sandbox: $violation"
    123123        }
    124124}
  • trunk/base/tests/trace/Makefile

    r18721 r18781  
    1010        @PORTSRC=$(PORTSRC) $(bindir)/port clean > /dev/null
    1111        @touch delete-trace
     12        @rm -f create-trace
     13        @rm -rf mkdir-trace
     14        @rm -f /tmp/hello-trace
    1215        @PORTSRC=$(PORTSRC) $(bindir)/port -t test > output 2>&1 || (cat output; exit 1)
    1316        @rm -f delete-trace
     17        @rm -f create-trace
     18        @rm -rf mkdir-trace
     19        @rm -f /tmp/hello-trace
    1420        @sed -e "s|${PWD}|PWD|g" < output > output.sed
    1521        @diff output.sed master 2>&1 | tee difference
  • trunk/base/tests/trace/Portfile

    r18728 r18781  
    1 # $Id: Portfile,v 1.4 2006/07/25 08:51:57 pguyot Exp $
     1# $Id: Portfile,v 1.5 2006/07/28 10:11:10 pguyot Exp $
    22
    33PortSystem 1.0
     
    2020
    2121test { 
    22         catch {system "rm -f create-trace && touch create-trace && rm create-trace"}
     22        catch {system "touch create-trace"}
    2323        catch {system "rm delete-trace"}
    24         catch {system "rm -f /tmp/hello-trace && touch /tmp/hello-trace && rm /tmp/hello-trace"}
     24        system "touch /tmp/hello-trace"
     25        system "rm /tmp/hello-trace"
     26        catch {system "mkdir mkdir-trace"}
     27        system "mkdir -p /usr/bin"
    2528}
  • trunk/base/tests/trace/master

    r18721 r18781  
    55--->  Building trace with target all
    66--->  Testing trace
    7 Warning: A file creation/deletion/modification was attempted outside sandbox: PWD/create-trace
    8 Warning: A file creation/deletion/modification was attempted outside sandbox: PWD/delete-trace
     7Warning: A creation/deletion/modification was attempted outside sandbox: PWD/create-trace
     8Warning: A creation/deletion/modification was attempted outside sandbox: PWD/delete-trace
     9Warning: A creation/deletion/modification was attempted outside sandbox: PWD/mkdir-trace
Note: See TracChangeset for help on using the changeset viewer.