From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 07B981382C5 for ; Thu, 11 Mar 2021 08:04:52 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 5B287E0969; Thu, 11 Mar 2021 08:04:51 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 474F9E0969 for ; Thu, 11 Mar 2021 08:04:51 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 50CDE340DDE for ; Thu, 11 Mar 2021 08:04:46 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 819DA590 for ; Thu, 11 Mar 2021 08:04:43 +0000 (UTC) From: "Sergei Trofimovich" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sergei Trofimovich" Message-ID: <1615449784.f43378e14396fe5fad05bff13a73483740205881.slyfox@gentoo> Subject: [gentoo-commits] proj/sandbox:master commit in: libsandbox/wrapper-funcs/, libsandbox/ X-VCS-Repository: proj/sandbox X-VCS-Files: libsandbox/symbols.h.in libsandbox/wrapper-funcs/vfork.c X-VCS-Directories: libsandbox/wrapper-funcs/ libsandbox/ X-VCS-Committer: slyfox X-VCS-Committer-Name: Sergei Trofimovich X-VCS-Revision: f43378e14396fe5fad05bff13a73483740205881 X-VCS-Branch: master Date: Thu, 11 Mar 2021 08:04:43 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 5720c956-3ff0-4bed-a45f-4cee429231e4 X-Archives-Hash: 2a6b85b59c9b2ad42579ff9fcf84a303 commit: f43378e14396fe5fad05bff13a73483740205881 Author: Sergei Trofimovich gentoo org> AuthorDate: Sat Mar 6 09:02:32 2021 +0000 Commit: Sergei Trofimovich gentoo org> CommitDate: Thu Mar 11 08:03:04 2021 +0000 URL: https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=f43378e1 libsandbox: implement vfork() via fork() sandbox turns vfork()/exec("/sbin/ldconfig") into vfork()/ptrace()+fork()/exec("/sbin/ldconfig"). It happens because "/sbin/ldconfig" is a static binary and can't be inspected via LD_PRELOAD and sandbox falls back to fork()+ptrace() vfork() imposes very strong requirements on what could happen between vfork() and exec(). Above sandbox behaviour violates it. vfork() is specified in a way that it can always can be substituted for fork(). This change does exactly that. Reported-by: Michał Górny Bug: https://bugs.gentoo.org/774054 Signed-off-by: Sergei Trofimovich gentoo.org> libsandbox/symbols.h.in | 1 + libsandbox/wrapper-funcs/vfork.c | 28 ++++++++++++++++++++++++++++ 2 files changed, 29 insertions(+) diff --git a/libsandbox/symbols.h.in b/libsandbox/symbols.h.in index bdbce08..0154c2a 100644 --- a/libsandbox/symbols.h.in +++ b/libsandbox/symbols.h.in @@ -74,3 +74,4 @@ utimensat futimesat lutimes fork +vfork diff --git a/libsandbox/wrapper-funcs/vfork.c b/libsandbox/wrapper-funcs/vfork.c new file mode 100644 index 0000000..b28e74c --- /dev/null +++ b/libsandbox/wrapper-funcs/vfork.c @@ -0,0 +1,28 @@ +/* + * vfork() wrapper. + * + * Copyright 1999-2021 Gentoo Foundation + * Licensed under the GPL-2 + */ + +/* We're only wrapping vfork() as a poor man's pthread_atfork(). That would + * require dedicated linkage against libpthread. So here we force the locks + * to a consistent state before forking. + * + * We also implement vfork() as fork() because sandbox does not meet vfork() + * requirements bet ween vfork()/exec("some-static-bianary") because we launch + * ptrace in the middle. + */ + +#define WRAPPER_ARGS_PROTO +#define WRAPPER_ARGS +#define WRAPPER_SAFE() 0 +#define WRAPPER_PRE_CHECKS() \ +({ \ + /* pthread_atfork(sb_lock, sb_unlock, sb_unlock); */ \ + sb_lock(); \ + result = sb_unwrapped_fork_DEFAULT(WRAPPER_ARGS_FULL); \ + sb_unlock(); \ + false; \ +}) +#include "__wrapper_simple.c"