From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id B487B1582EF for ; Sun, 09 Mar 2025 18:09:24 +0000 (UTC) Received: from lists.gentoo.org (bobolink.gentoo.org [140.211.166.189]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) (Authenticated sender: relay-lists.gentoo.org@gentoo.org) by smtp.gentoo.org (Postfix) with ESMTPSA id 93D8F34310B for ; Sun, 09 Mar 2025 18:09:24 +0000 (UTC) Received: from bobolink.gentoo.org (localhost [127.0.0.1]) by bobolink.gentoo.org (Postfix) with ESMTP id C46271103AC; Sun, 09 Mar 2025 18:09:19 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bobolink.gentoo.org (Postfix) with ESMTPS id B16B51103A8 for ; Sun, 09 Mar 2025 18:09:19 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 629FD3430C5 for ; Sun, 09 Mar 2025 18:09:19 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id C345C28B3 for ; Sun, 09 Mar 2025 18:09:17 +0000 (UTC) From: "Mike Gilbert" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Mike Gilbert" Message-ID: <1741462692.e21aab299a512c29bdc3f77781858c7b7471b40e.floppym@gentoo> Subject: [gentoo-commits] proj/sandbox:master commit in: libsbutil/, /, libsandbox/, src/ X-VCS-Repository: proj/sandbox X-VCS-Files: libsandbox/libsandbox.c libsandbox/libsandbox.h libsandbox/pre_check_unlinkat.c libsandbox/realpath.c libsbutil/get_sandbox_confd.c libsbutil/get_sandbox_lib.c libsbutil/get_sandbox_log.c libsbutil/get_sandbox_rc.c localdecls.h src/environ.c src/sandbox.c src/sandbox.h X-VCS-Directories: / libsbutil/ src/ libsandbox/ X-VCS-Committer: floppym X-VCS-Committer-Name: Mike Gilbert X-VCS-Revision: e21aab299a512c29bdc3f77781858c7b7471b40e X-VCS-Branch: master Date: Sun, 09 Mar 2025 18:09:17 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 85781260-ebd0-495f-97c5-b47249a45fe8 X-Archives-Hash: 6412731cfe574b58a3f9ef94bdf55236 commit: e21aab299a512c29bdc3f77781858c7b7471b40e Author: Mike Gilbert gentoo org> AuthorDate: Sat Mar 8 19:38:12 2025 +0000 Commit: Mike Gilbert gentoo org> CommitDate: Sat Mar 8 19:38:12 2025 +0000 URL: https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=e21aab29 Replace SB_PATH_MAX with PATH_MAX Most of the kernel interfaces we use are capped to PATH_MAX anyway. Signed-off-by: Mike Gilbert gentoo.org> libsandbox/libsandbox.c | 24 ++++++++++++------------ libsandbox/libsandbox.h | 2 +- libsandbox/pre_check_unlinkat.c | 2 +- libsandbox/realpath.c | 2 +- libsbutil/get_sandbox_confd.c | 2 +- libsbutil/get_sandbox_lib.c | 2 +- libsbutil/get_sandbox_log.c | 4 ++-- libsbutil/get_sandbox_rc.c | 4 ++-- localdecls.h | 13 ------------- src/environ.c | 2 +- src/sandbox.c | 2 +- src/sandbox.h | 14 +++++++------- 12 files changed, 30 insertions(+), 43 deletions(-) diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c index 402928a..18b168c 100644 --- a/libsandbox/libsandbox.c +++ b/libsandbox/libsandbox.c @@ -26,7 +26,7 @@ #define LOG_FMT_RPATH "FORMAT: R - Canonical Path\n" #define LOG_FMT_CMDLINE "FORMAT: C - Command Line\n" -char sandbox_lib[SB_PATH_MAX]; +char sandbox_lib[PATH_MAX]; typedef struct { bool show_access_violation, on, active, testing, verbose, debug; @@ -43,9 +43,9 @@ typedef struct { static sbcontext_t sbcontext; static char *cached_env_vars[MAX_DYN_PREFIXES]; -static char log_path[SB_PATH_MAX]; -static char debug_log_path[SB_PATH_MAX]; -static char message_path[SB_PATH_MAX]; +static char log_path[PATH_MAX]; +static char debug_log_path[PATH_MAX]; +static char message_path[PATH_MAX]; bool sandbox_on = true; static bool sb_init = false; static bool sb_env_init = false; @@ -229,7 +229,7 @@ static void init_env_entries(char **prefixes, const char *env, const char *prefi size_t offset = 0; while (token && strlen(token) > 0) { - char buf[SB_PATH_MAX]; + char buf[PATH_MAX]; if (sb_abspathat(AT_FDCWD, token, buf, sizeof(buf))) { size_t prev_offset = offset; offset = strv_append(prefixes, offset, buf); @@ -446,7 +446,7 @@ static int check_access(sbcontext_t *sbcontext, int sb_nr, const char *func, * to be here as for each process, the '/proc/self' symlink * will differ ... */ - char proc_self_fd[SB_PATH_MAX]; + char proc_self_fd[PATH_MAX]; if (realpath(sb_get_fd_dir(), proc_self_fd) && !strncmp(resolv_path, proc_self_fd, strlen(proc_self_fd))) { @@ -606,20 +606,20 @@ static int check_syscall(sbcontext_t *sbcontext, int sb_nr, const char *func, if (is_symlink_func(sb_nr)) flags |= AT_SYMLINK_NOFOLLOW; - absolute_path = abuf = malloc(SB_PATH_MAX); + absolute_path = abuf = malloc(PATH_MAX); if (!absolute_path) - absolute_path = alloca(SB_PATH_MAX); + absolute_path = alloca(PATH_MAX); - if (!sb_abspathat(dirfd, file, absolute_path, SB_PATH_MAX)) + if (!sb_abspathat(dirfd, file, absolute_path, PATH_MAX)) return 1; sb_debug_dyn("absolute_path: %s\n", absolute_path); - resolved_path = rbuf = malloc(SB_PATH_MAX); + resolved_path = rbuf = malloc(PATH_MAX); if (!resolved_path) - resolved_path = alloca(SB_PATH_MAX); + resolved_path = alloca(PATH_MAX); - if (!sb_realpathat(dirfd, file, resolved_path, SB_PATH_MAX, + if (!sb_realpathat(dirfd, file, resolved_path, PATH_MAX, flags, is_create(sb_nr))) return 1; diff --git a/libsandbox/libsandbox.h b/libsandbox/libsandbox.h index 22c5535..8902b41 100644 --- a/libsandbox/libsandbox.h +++ b/libsandbox/libsandbox.h @@ -66,7 +66,7 @@ enum sandbox_method_t get_sandbox_method(void); void *get_dlsym(const char *symname, const char *symver); -extern char sandbox_lib[SB_PATH_MAX]; +extern char sandbox_lib[PATH_MAX]; extern bool sandbox_on; struct sb_envp_ctx { diff --git a/libsandbox/pre_check_unlinkat.c b/libsandbox/pre_check_unlinkat.c index 887d8bb..7fa143a 100644 --- a/libsandbox/pre_check_unlinkat.c +++ b/libsandbox/pre_check_unlinkat.c @@ -14,7 +14,7 @@ bool sb_unlinkat_pre_check(const char *func, const char *pathname, int dirfd) { save_errno(); - char canonic[SB_PATH_MAX]; + char canonic[PATH_MAX]; if (sb_realpathat(dirfd, pathname, canonic, sizeof(canonic), AT_SYMLINK_NOFOLLOW, false)) { if (!strcmp(canonic, "/dev/null") || !strcmp(canonic, "/dev/zero")) { errno = EACCES; diff --git a/libsandbox/realpath.c b/libsandbox/realpath.c index 9c65033..559ecc1 100644 --- a/libsandbox/realpath.c +++ b/libsandbox/realpath.c @@ -89,7 +89,7 @@ static bool chase_linkfd(int linkfd, char *buf, size_t bufsiz) if (buf[0] != '/') return true; - char target[SB_PATH_MAX]; + char target[PATH_MAX]; ssize_t tlen = zreadlinkat(linkfd, "", target, sizeof(target)); int i; diff --git a/libsbutil/get_sandbox_confd.c b/libsbutil/get_sandbox_confd.c index 871af9b..133ded8 100644 --- a/libsbutil/get_sandbox_confd.c +++ b/libsbutil/get_sandbox_confd.c @@ -15,7 +15,7 @@ char *get_sandbox_confd(char *path) save_errno(); char *p; if (is_env_on(ENV_SANDBOX_TESTING) && (p = getenv("__SANDBOX_CONFD_DIR"))) - strlcpy(path, p, SB_PATH_MAX); + strlcpy(path, p, PATH_MAX); else strcpy(path, SANDBOX_CONFD_DIR); restore_errno(); diff --git a/libsbutil/get_sandbox_lib.c b/libsbutil/get_sandbox_lib.c index b64a5ac..e767845 100644 --- a/libsbutil/get_sandbox_lib.c +++ b/libsbutil/get_sandbox_lib.c @@ -26,7 +26,7 @@ void get_sandbox_lib(char *path) if (strncmp("/usr/lib", LIBSANDBOX_PATH, 8)) { void *hndl = dlopen(path, RTLD_LAZY); if (!hndl) - snprintf(path, SB_PATH_MAX, "%s/%s", LIBSANDBOX_PATH, LIB_NAME); + snprintf(path, PATH_MAX, "%s/%s", LIBSANDBOX_PATH, LIB_NAME); else dlclose(hndl); } diff --git a/libsbutil/get_sandbox_log.c b/libsbutil/get_sandbox_log.c index bdb4278..a969341 100644 --- a/libsbutil/get_sandbox_log.c +++ b/libsbutil/get_sandbox_log.c @@ -26,7 +26,7 @@ static void _get_sb_log(char *path, const char *tmpdir, const char *env, const c * about people breaking the security of the sandbox by * exporting SANDBOX_LOG=/dev/null. */ - strncpy(path, sandbox_log_env, SB_PATH_MAX); + strncpy(path, sandbox_log_env, PATH_MAX); } else { /* If running as a user w/out write access to /var/log, don't * shit ourselves. @@ -35,7 +35,7 @@ static void _get_sb_log(char *path, const char *tmpdir, const char *env, const c if (tmpdir && access(sb_log_dir, W_OK)) sb_log_dir = tmpdir; - snprintf(path, SB_PATH_MAX, "%s%s%s%s%d%s", + snprintf(path, PATH_MAX, "%s%s%s%s%d%s", sb_log_dir, prefix, (sandbox_log_env == NULL ? "" : sandbox_log_env), (sandbox_log_env == NULL ? "" : "-"), diff --git a/libsbutil/get_sandbox_rc.c b/libsbutil/get_sandbox_rc.c index a02f6f0..cb5c6c8 100644 --- a/libsbutil/get_sandbox_rc.c +++ b/libsbutil/get_sandbox_rc.c @@ -17,10 +17,10 @@ void get_sandbox_rc(char *path) { save_errno(); if (is_env_on(ENV_SANDBOX_TESTING)) - snprintf(path, SB_PATH_MAX, "%s/%s", + snprintf(path, PATH_MAX, "%s/%s", getenv("__SANDBOX_BASHRC_PATH"), BASHRC_NAME); else - snprintf(path, SB_PATH_MAX, "%s/%s", + snprintf(path, PATH_MAX, "%s/%s", SANDBOX_BASHRC_PATH, BASHRC_NAME); restore_errno(); } diff --git a/localdecls.h b/localdecls.h index 74e5049..7039814 100644 --- a/localdecls.h +++ b/localdecls.h @@ -32,19 +32,6 @@ #endif -#ifdef PATH_MAX -# define SB_PATH_MAX PATH_MAX * 2 -# if (SB_PATH_MAX >= INT_MAX) || (SB_PATH_MAX < PATH_MAX) -# undef SB_PATH_MAX -# define SB_PATH_MAX PATH_MAX + 25 -# if (SB_PATH_MAX >= INT_MAX) || (SB_PATH_MAX < PATH_MAX) -# error SB_PATH_MAX too big! -# endif -# endif -#else -# error PATH_MAX not defined! -#endif - #ifndef MAP_ANONYMOUS # define MAP_ANONYMOUS MAP_ANON #endif diff --git a/src/environ.c b/src/environ.c index 2b28c0b..b09f5aa 100644 --- a/src/environ.c +++ b/src/environ.c @@ -113,7 +113,7 @@ static int setup_access_var(const char *access_var) { rc_dynbuf_t *env_data; int count = 0; - char confd_path[SB_PATH_MAX]; + char confd_path[PATH_MAX]; char *config; char **confd_files = NULL; bool use_confd = true; diff --git a/src/sandbox.c b/src/sandbox.c index 9c3e0da..81c7ac9 100644 --- a/src/sandbox.c +++ b/src/sandbox.c @@ -39,7 +39,7 @@ static int setup_sandbox(struct sandbox_info_t *sandbox_info, bool interactive) /* Portage handle setting SANDBOX_WRITE itself. */ sandbox_info->work_dir[0] = '\0'; } else { - if (NULL == getcwd(sandbox_info->work_dir, SB_PATH_MAX)) { + if (NULL == getcwd(sandbox_info->work_dir, PATH_MAX)) { sb_pwarn("failed to get current directory"); return -1; } diff --git a/src/sandbox.h b/src/sandbox.h index cdc1b9e..e21dde3 100644 --- a/src/sandbox.h +++ b/src/sandbox.h @@ -14,13 +14,13 @@ #define __SANDBOX_H__ struct sandbox_info_t { - char sandbox_log[SB_PATH_MAX]; - char sandbox_debug_log[SB_PATH_MAX]; - char sandbox_message_path[SB_PATH_MAX]; - char sandbox_lib[SB_PATH_MAX]; - char sandbox_rc[SB_PATH_MAX]; - char work_dir[SB_PATH_MAX]; - char tmp_dir[SB_PATH_MAX]; + char sandbox_log[PATH_MAX]; + char sandbox_debug_log[PATH_MAX]; + char sandbox_message_path[PATH_MAX]; + char sandbox_lib[PATH_MAX]; + char sandbox_rc[PATH_MAX]; + char work_dir[PATH_MAX]; + char tmp_dir[PATH_MAX]; char *home_dir; };