From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-14) on finch.gentoo.org X-Spam-Level: X-Spam-Status: No, score=-0.1 required=5.0 tests=DMARC_NONE,MAILING_LIST_MULTI autolearn=unavailable autolearn_force=no version=4.0.0 Received: from bigglesworth.mail.be.easynet.net (bigglesworth.mail.be.easynet.net [212.100.160.67]) by chiba.3jane.net (Postfix) with ESMTP id 72033EC3D for ; Sun, 2 Dec 2001 18:43:59 -0600 (CST) Received: from 213-193-176-60.adsl.easynet.be ([213.193.176.60]) by bigglesworth.mail.be.easynet.net with esmtp (Exim 3.16 #1) id 16AhCc-0003hL-00 for gentoo-dev@gentoo.org; Mon, 03 Dec 2001 01:43:22 +0100 From: Geert Bevin To: gentoo-dev@gentoo.org Content-Type: multipart/mixed; boundary="=-jAIh1NvbdIjz8ERjB8Ir" X-Mailer: Evolution/0.99.2 (Preview Release) Date: 03 Dec 2001 01:43:29 +0100 Message-Id: <1007340210.2268.0.camel@inspiron.theleaf.office> Mime-Version: 1.0 Subject: [gentoo-dev] new path sandbox version Sender: gentoo-dev-admin@gentoo.org Errors-To: gentoo-dev-admin@gentoo.org X-BeenThere: gentoo-dev@gentoo.org X-Mailman-Version: 2.0.6 Precedence: bulk Reply-To: gentoo-dev@gentoo.org List-Help: List-Post: List-Subscribe: , List-Id: Developer discussion list List-Unsubscribe: , List-Archive: X-Archives-Salt: 1edfa42d-d9d1-46aa-9b40-2486ec6feeda X-Archives-Hash: edded9bd43883239e563477425b3803b --=-jAIh1NvbdIjz8ERjB8Ir Content-Type: text/plain Content-Transfer-Encoding: 7bit Hello everyone, I've continued the work on the path sandbox. Since access holes might happen when an application resets the LD_PRELOAD variable, I've added an additional feature which can only work when the sandbox is being ran as the root user. When the sandbox is first started up by the root user, it adds the path to its glibc replacement library to the '/etc/ld.so.preload' file. Multiple root executed sandbox instances are tracked and when the last ones exits, the entry from the '/etc/ld.so.preload' file is removed. All this happens as securely as possible with the implementation of file locks and such. Due to the addition of this library to the '/etc/ld.so.preload' file, all system apps become affected by the sandbox. To prevent this from having an effect, the sandbox checks for the SANDBOX_ON environmental variable and only becomes functional if its present. To be able to implement this I've removed the prior shell wrapper and implemented everything in c. To test this out, just cd in the archive dir, run 'make' and './sandbox'. Note that the sandbox only works with dynamically linked executables and since bash in gentoo is currently statically linked, it's calls aren't traced at all. Tomorrow I'm performing some tests to examine how a dynamically linked bash could potentially interfere with library upgrades in gentoo (as requested by Daniel). Please test this out and provide feedback, Geert Bevin -- Geert Bevin the Leaf sprl/bvba "Use what you need" Pierre Theunisstraat 1/47 http://www.theleaf.be 1030 Brussels gbevin@theleaf.be Tel & Fax +32 2 241 19 98 --=-jAIh1NvbdIjz8ERjB8Ir Content-Type: application/x-bzip Content-Disposition: attachment; filename=sandbox-20011203.tar.bz2 Content-Transfer-Encoding: base64 QlpoOTFBWSZTWZ6Aw8kAOHd/zP/7gYB///+/f//f7v/v//4QAAIAAAEACGAlfvnvqKodDFQ8e19v r3svOrNdpA6Wxq+3eNId3i729Pd46c9vp98x93fHsfMPVD7t9j4fHoN3bt7nbspzTNeg6BJr3t6N AB3MKo6vuu7r7cegenoaF9n06pX3NX14ShAgCEyehqZU/QU9TYKekbDTUagPUAAaDQ00ANAEkIBB BoJpTCmh6mamT0m0TJoyaABoAAGgZNABIJKCao00ZNBiAyABkAGmgaAGg0AAAaASaUIgQkzUYptT J6RhoTQyaaDQDQNAAA0DQABEpBTTSGmnojCeiNA9TIaPSGgANA0NAABoAAESRAgCaaARMNNTTJo1 TxI9INGyjQAAAaaA0ND2J/vI+bg8J0pYZG0kpIhMVVDSs0yZNcWiVDIZ1WHu+GGFX52TLNIkTzNJ EqkVgJBQLEFVhBVLMVKiqKJqQt5O6wCAgwAPKESIBOIYFqBFCqASktAlhUEKSDaSJCkEhlhLKiBW kQGijQRf0I64hiGIYiAtsCQECZskhfV+GwMMKyREIrRKSIwhRIGCwhJSREVFUgRZGGLWMFCLGIsX 4cYwESIgqsU4QagiAncuYra1MhMI2MxpEGpmUKYpQRiJaXLcNIMgJCMBQMBgxiVERJAoMAOkDo6m lAsSUQEAldYKInKYwZkyqxyWLMMmCKyCQVhFBLYSoxgkEYIKsWYshRUAcG1JAuLUDDMJMIBVQZIJ hUgWJiMBpSiQokUCAkEgkEYrAIknyu4LuMlhxtTryUrqYFW0NYkaZFesPCIKXYRSLs0lF1SmBltW tBdaGMVZTKAiOeTY22u/xbwQNW7ELwOAoGNKxUTRvgptnJcAYgN22AchsiukGTURbJEa0MG7W02f O5pBFrSyt5NqtTNuzYirY3qSN6aoa0tVZGadrw1aYstthHtBddJcOjrT4ilKx7gyKyBax3ii4ENF xGGkwq64zkgqya0LBSJx5QVmxTaSE0jeIyqsMMEM35q6Zs2CLXq62rrDATRMhuhXbRDyuU5SDghq GhEn3GVizcvFU0kwzMmCFvnnYY20Qx0xd9JhpBU0QbnI5gO+P8/R1AxsXdIc+iwFiLSGTgikWCqo yKiigsCdm7dVR5YIGy+TqUipdhV6EFdlYjFGZlXgVDZJNxPx89n645xs5qFJ7lsVytWMYp8eQEx+ PMypFeNUDJhpcTIVqJHuPyKy4MQxeClIwcAo4uN8UKTKeBDIcjLjwHzyS4B0nXblRWWImN1vIBYI OMFF7eFoqqMGKqqKaIash4LLITGQasgJ+2fKkNSnHE86dRhhtgbY80ZagyW2FC8N6YkE0mA+LY7G A7HqDhQ4sWhIqIp7pTFhOBcKOqMkwXBPS98GHghG4gBtPxQSCZRgm5u8fP+cxroOSZtN9oo1iISI nMGQUkdEpA8EDYwYA7UvvWHJLNXQ6tjjciOf+jI9XqfvCVVXxdUybwpvMQEOMVBx0n5+PjNvN7TW muMQkEj8obtiLBS7KxYIbCUkDqEBGApDwu2ZLJkVGUmR4HCnhPmPGafnex/bjoVFgLBoCTkMgf76 HxHh5kwQnepRFTOdN5LFMsYZ0+m6FFGGarvkIdTLs1cvDJt7TIUT0ljCurN7IIkFw1niQj/MnoCG KoMldt0tCKtHpbgAqfBHk8YhZvMdPIEpJFQaQzlFYVBlDIT2KVeYppHX4RTxHpypIXQ80EhHqH9B fhKlzFCEJj0hMfxINx5AEGOggYRTjEUenCMDGDxmY5on7FpmJTpXQg5ec9Xids6O6t4nzujIED3B QZHsp2mZwNZfZYvscMqyqvkm7J8Tfe8TWNQUcM24Tjc4yrHtmB+ixVs2zy7qmRIru361WZZZBVKb DMzlBvKM7PD6Df6t+5MwWEBDiE1SWLath9dxMoDAiIKLEFRdBvrRto7TuHHY4nZdUztmcq0SIfB7 hMozbnpkFrJI77kymMpRIk2FtiCA4hTllcsTx3DhKiIiIioqLW4aKKvA1JSjNtgQpxV5e5vw1uG4 ZOXhJGhtnXhgvPRphZSGGKo6QmNq+xItYFVhWbMcmahYMoUjkgmMgg4fJggZmkWeTNLkxmWKLtvw hRkcXdmEBcx0MsqvfsHdtXXDFVzJcZEbjHLQ4034VX3Lgy3a74exRw5lxRhk3Om/WunUsPN017wB cwxSqRQZBgEMhFBF+EjcUyaStYR7CVVXgbEFpSLniJPTs0GqsI4Ai5HCFhhkOSRhg5i4mGNRPJA0 yThVNs6Yk31QwjiNeiF0HgGSzKsS74sczjQ56p6Dd0G0BIGXdW2WHE4w9sVtQpIecnNzWSJFaAu8 m1izyEOIlbSyq1+IPPhgJofncq1D8NKBZfPgmKDdKMEpyeRzEO9MiaR0cjr7we4REYiIrN+DuiIi MDIGRbKA3Ynhh65uoZDw5ZWcHG6MT4SOleXTfOZNyCBQUUSm+FTNsi12Cx6OeTcmzaReeU8aTwM3 VnNWCZaRhaPmRJ92rcGLamdtfHu2PDOD2KoxsqqiKOGYlWM5CLtxVcMoK8qYx2haNlQwSM8nsYMj P5ZypSix7uTkIbNnSv9fBYzK+uhEYENgh0Zy3veQikyoWKltmQrae2EMabWIvtuc2uersOHC5OXu 14X2+n+Z5HA705G+hyHZTURBjx5YNNVS8LmMORWkaMsm9f0Z3vTTVWPtY+Z55yJudqEJey2PE5rx nqPnFaHvUwMwBBGKsiiowYSo+mBYkIJaFomv8av2CjYUaUDEEhW7HvKC07fYWtHYU/kSyaEWESGJ l5XLGRgWZ4h85606E7MRPnPK5hLHaCQgBDyBZF0InIyFZePU6HstSkyvkmWES+D7PobfIUBK6PtP wyG2qh+AlSQJ40QhwI5CBv5v0cEOZBMiEYyQIFdXAzvy07MnrgSYj1BCxx6L6XHlLXOoBWV2aZ3C SteqCTGBj2KG3FtNoOUitizNazBcJGvYqnOAMHqkyN5UiY5aLllMqJkWJkFTtxxAOOw2XYYMWS6O ZNs5eEpudVwNmdJnXIcPVsIkpHr9Tv+zeWPQv0tOjBG0QMw4ocnhiuOGpH5NlHXC2028W/WtzQcy hNvV05cNTo7vF4exx8U3RREX0efdxDKooJjq6Vs1XO8WtDhm8osP5Tvt1ucYl77nufgvC9M5UAF5 ZjsLBDOad9ExjvBowdcOiEHuaNQWJUTTjsq5qCekdoC/FwG1CvG5XLie8YtMAR0ZBC4LkWgyslL0 eb9uOrprxs6avla22zoWQ7WTLDIzvJljbgtDy9rflzkS2p0kurXxzOdbmrBjoZR2im6WTNvfDWy0 iSyYqxY13vpMp2Fejfe/XE2BAN8LaqlqD4EVe9M5sYyTMbYIKxRBYZsComB0UwarW5Zynht5kRWs hz6cdiK1xKN9ArEAoopI4EBHDFAOEcCB7eLJ4p3kFhFm4godOJDyHkziFS/vNF4TyQPtwM8BQysM 9C73FyFufmyem/gRxY6StfnjRYbpumHS4aeYtcI9DA8UTb34kqyGA38bb7Glj2ORhlrfm9+ozyDy C4eU09Ml83cHM5GXARBltdSNEwjCVwyqd0xE0ATQHI9NjUNmvYYLNEsOj0GSn2iNzR1bzN3TnkZt fe6JlTKSNHssqzTHpGpinMY4iO6wpZYob9b4u7TqGbqLEI8YdL7OsTPDYkasru5132Cw2pY5+Eh6 jGiJ+Cr9H1z3TnUdamblV8u575uYhB5DkOgITI6A5YYjY90cgadpzcGLbxTQUU5Z9IVihVMoYq3U qLmfyj4HKXJpBRI2z6rcraGojTNGSylKSirKACE4TAIL2jycsEHY8gzsg/48deMfL8ZOrZg/R1nQ +Zmw6zNpfotvMj3jXj3m/hPxDB4kkoEzVIPGhA1vP2IlE6Sp7U1SrlWtpxqy5WUZdzjbBg5PmSnw 1aCWagsFXnkX0S1aAjvSUDo+rMLwe38fxf4uiaPwGZZH6yWrBI3wVRSQkB9sCj8AXtkHriO/xg59 sqOe+oKKzJLjCqpbq3QaFOkhmFHUVv1lO5HXf2xDUOQiKoogqse5g6j6GPMOoDc86bACmA7IxjFM hQqCE7MCfp7cHMNOHq6SXNKsPx0UYM0a+UmDO5AbgYGBgoaWL66PrBLUjWLP5mcleAI5CcZBEb0W s1U6KItaKXpeETw2GaSkyT0KJSxLyrgJhl78kWZZTKyCiLJxLeoTJ00954G4ROTiMq6+Gri2a+ya D3zegvMIe5IEYEIvQKxlMQo605IUnXhVyJijTwvpOWatnmbFQTFCgJMtMMlr67Vxo20g9RQasMdQ 5EWwLID6equO9MNZFCG6oWNNpVpsmQ4pcNpmRmjSr1llpSXFjCu2JsrPpaU2Zpjw6dIteV4UFWhK lSfB3nLYhB2WGD6y+6XPRt4kCPvg0gIKwFkiADAAWARUkX+VLEIMGBQQlolFAC2UQqC0Y0WULbRB qvvbfZvYdpuG0kIIegU6wG4SwtPECWBAkAW0UyCAEPQfcsO4apeI4GvYHEQOl9iFZ7M4/J0jymMY /ZPw4p6jNQKEgkHvEw0PzgxxBbipBg6FxrBsMMgIVQZrVsjI4BdjoZszdEwQkcx9xdG8xyopZJlp yr7+6kLAGRqHAyMIewDmy4odMhxhDDn8CBFTiWOKTm5GP4oXU3LitiRYbINszZkhEwQbRUNxt55H NHi0FGAAHVqbiW3rykCUy33HB+Z7XVZIkLIogNSImmuTdhmPzjp3CkmCoWLmDw47jq4vUQTd0Zgb 3HE5ncUOx4DHegPhXFbmLMbLI46qRyGA5kjstqnU5G8wHeNovQWYxUyDW5sEjuD/CYRvLrIuMWDu RQmMMLqXLFC3gmbI4pi0OMOFzkD1kLqbDgAaozNio5IvBDE0d461R10eiAmLhUzMWjHMc/D2HpL2 mty9nd4eqEwp0RpocDkcwQqL3j7UNlon0BPqJe+lkJbJSoE8onktEqUp8SGBfGIwGTDDTEQXxgw1 a/iLl1YkxcRjCqSdaoH4pzjrdQYv4O7jpOUQaiOV1e5+4946jK6u4QCMDZbIFWigmB1U+o6ycgqe mcvlxm8rY3KNtw1iJU1lejf77lp1zi5tUkZJGEJEJISaYeFNZtDtGuGeMDtjULcExRIgkioqigxU RVFVGeCeecJzm8JqJ7RuTiEwfik51iCvVy6VqXJcYFPgJrk9lWvVuqqucLm20pS0qW2pdE9ucQN5 zB5k6HDb27bjAioiMREYxekEIETAHUp0SSRC0DhVENHUPxTqAcWH40Iq8XxhkUddxwKoOt2mPE3m w/lUDfBkQGCRAzDNJQ2QrYcDU0GUD/JMQsfg7CzKcPYOh9wbQYZgSuGBkOLkcdigUSMwihC6oNjE vCDrLIdflCRFDALmRgwDpOxDwAwThQKMg6seQZrC+XYJcgQIBEgEUHSqRm6tHPMMUA1WdC5vyLFc hQxbNyAajZd2skkGoEiSJxo1Nwo5vYP3EVMi+BxCx4ZGsNEA3MiJ1HxB7yfB3KswJ77B7aM+UZMa xKjBGAVRkJed+uIZc9LtpGDsgWg0bwglYe7hc7nVgUS424BwZt3ZcCSgsEHLYVz73eUFNmJIPRKk kUXzElyU80kDvwOoZBWKxu+wa01MxAJBIVAoLJkGGeh1KhxWBjiQO+RQDMBFmZkDUoZ1pGoG4N61 gPmM4O0KWAmJoZKrQGCDaJoxjc9Cc3m23HE7IdQ9YQSUtDbnyld6qc0U0c4E4wAQwGvNENoIpA9N AbKIyFQn1GOQG6pE57jpQ2OwZGcTcZWF6DsqkIY8oSwW8QDCXAtY2ZTCkdd5sIx3k8ZnBxqgWGFJ hhygcy4CLFazPhCBCmAkEbESMJEC6MQxxFErM3IMU2G3nifl/MBgQGPEIRcao/MTrtkbFoOwJGRI 4+rKxEOQwcP72HGNpAnlYeQ29uOwzJIkJGEFTmU4dYgeyXPaWLHbhaT3UtouvDAyIp8lzoxHJBgO UCwlUR4mZmB0WoE0U7oYmDWZnYzzGbHS7m8pGKgbDCyYTBiNOO3OYDULbsdNvUNt9h38ZmiinM06 LsIfMgibKgyLFCdCz1bGhiuVChiSNApk4zMGTYu/UGooOOehYSaS51Eo0EswQ0YetwiEFZOTd0yY CdDAQozFiSLVo2xNmwx/KYZaxTIE0Aiv4jIKBCLjSF34gUcDgJYcy8lA8it5gY4lzg45dyByUD1B 5SIFMR5hgKAbg9wzDgyDgiJdEwdR1HE6QMdwZhKQF9j84/e65ruppanZ4iOCOQDvdDcbBkmcZblF CF8oAXFCtpU+kzKHLZR3jkB2AWaA7QMe43MgENBrM9RgeQlycUZaBPmoKTYJ+hTTVAy+Vsbn0PoM MyUQxT1j68v++vG0RzXcCdwJvfmLCUCQSYgh1b0zDQO4hc8iMXDblOdwGTBuUAm3kvYKMVDr0gtz 3qhn+LDCMFVdIeobgBiHPuHgh9YTv7AezpRQfVthIHuPdfuv9ak8/X49/0lkQfCNBaltJLEIJINg CCU0biqoi2+r4jQOOgnbPQaV6gMwLOs1menmzA9KJABqFEQgMIkfORXAVGB4yCaFCdB8/vpLAYok cywyij6MPns3U0YcoUbR0aTCABckSRDW7kA74RRSUgnF7E6TDM1hmAVBMgQT1joTobG68eYFA3ED v/HFQ8sSoiFo0KxZBGB82BLVVJghJHoGFIEEfgRQIRRuJcoJE+3CDewYBG8rqLvYYGBwOg0GwYjT XkGJVr2Q5STmhENdXHcQviNwIDUEGlRfwgaGYaaEhIEiQIDuO8oFDE0OwDLWe3gD3ThD5CCpzokR wknRi5/Rl2xtRrvtu7v92/Y4ZJzneKb3itbWd3pBE6fOtfJJPbKPPr4DY3kCSO8g5He65DBAD1Nj 5fI7ksBkG1PpXCkkk9wWMHXedioqqiixOYT10J1+IYbnY4UTANR7nKQx2gbQtdHrCPdJayeqJVyi KeTa4S0aIK6mHpNYLXqNYdZ0G8WQYQMbK8wj0py5GpCRiyBDdqLw+ncYmYWMkKmzihDOqIwZABgO 5HqDBMKWkdEIRvU7gxNKKYmEZCW5FgtBhdhmFgNRXvIYje5thxNfCjIc6QojvrOwGgkWEHK+Bhyv hRBcwfwl3ZsD4TQD3otMA2AJ77m4APOwfaRGogwIJvlEEag0QdQWW/JQ1dfgV4V7tAOiGuEhpbmZ uQNjhQ2ConHz6DmXN4cTr7M8KtQZENgbWOcKIiScosGAlkBfcdimLoQhJ1iVidQscB0MxQwL7Kk6 NaDiRWOaD1gdup2HE+4z2KbWB2mjb9i4YQIRSWAlH95QrveE5n8JUCXcweNk1mitooBIiQ1l9e4z GMMHLCUGu0kmhlH0tnwIja/ZyOlEII2NNrCHAiIRIpSrjS4jCIxkGjKYJGDkzmlmYvVoxmjnxj89 RBAUA75w05gbsDdAyMN6Fo0zjlTMNqaOBRTMl0jUTTPaLbzFItiCbYJ5CVWFhKEtign8xA00lZDL IOYUhcLxKCCCQKbia4L4EsOmIYFxCEALgHMY5FgLwClpYOYCZYAUintLCfzxTmJlms3A4GIQDGGE iJFRFGMgzkJWRGRFkYlklABfi1YQwNh6eI+vV8f2be6dd0ek4xcODGS1aUOhOkknQSD6h2gQ7x5w tGejpCxhagL+y6kmklkEoBPYoLrimkjES3dIgXAdinIHH7QzKH3ofKbQPaDoJyEgJkBk+J38EDAh 64GhAiRwN8FkTJiEFAgsbqC04uzMDMM7vwzecvKX2DmMtTA1H5DXYyQ1mNiz5iJZEJuKJnBHARQR +8R4RD1mZW3rkwOT2BQtA+oZT6FAvJDVcR95MhjFU8gPLx5aKZBUMzhAh4vP7vozcucYhAbTtECd ch4iegI1qNSs2iw2wYRBFTTHqOtVXrbZrfs2M0YM/ubl9FV8KulM0lGfB4obSHSxeQ2NLNCkP1Sc DVhgYs1U6Z6UTNEgIhFCEuYtiDytpA5IZd6DsXxjBseue6eVADDCeSBQ0i7W4UX6hAKk7hOBjozl OzO7DiaHWW0O+kkiXOnrRWr16ULAagUk0yy125EpM8rjF49rIBlIaAcjnlmYWlh7ACegHAC1LD1q ExGIIoIeISxjq+2HoMrGAIUT00T5oaLZyM6RBzbNvgtYMtTItYLxvZg/WOJrdD9xw94TExQDXs4Q 7ANE4Hib85dBMGFGBDiESqKJCAmaQuU0i3v5EwBsKRES4DnibdtjA5OcMWgQ4kEEvEBZzmOaYWDB J5oPL10lEiE6IDR6CMIVACPT4AbxBegJO87EE95kVcE2gvPMALl1DUdGWgdwLBJrI1yMg5Iia9in JwTkbkMVQxxM11KBpu1pdRXVFtBuaIOz9cS5g0JYTehahIGmSloEGqmJKUuTYndXm1mQWI+jA2+g AM58TFoTA92k1xWxidaGD+QRDmZa7jH3WmkGbjNLbbLxNKMVxJCMto47DEoxMNR8CFDvgYLKgbto SkNsNW5xs5wyKw7UKbN0aSFBISRYEEgJBxiiuQibzMmjJVJEu/3P/3dzci8ndAqQhCvKegC12WvN bxUH0Bx6VA7jvGBT5gbWIGrsomQ4lOSYUvdWv0xhmifL2mC2ZiFay3gXhxS04Sj4m6KJR2rv6pY3 nj9nZyxFHm9HEACESgqrpoG3w32O1jfr6CkSTSmuhv7ZnnySYO8Fg3DKZ1LIhAVGSJVd1E502Ngr kEQNRLbCB6YBIpiwcThWZ8APoX6U+L3H1P1fZxdM9prDwVCHh3cgeFw6UOpBuqWG8AxAfUMTCiCf Qc3RcJIgXfOe47zFxtHxAAhWmLbIjiQkLFzLMlQESHVhhEwtMUMvMlOEUXmN7E8lDPMc37ET1Rkz fUQqT4ccRKxjKw4KkUcTS8SqKQxEgGcYbTO2JVyzZDMSMcw1lyAzGSRNiaFzywHEuQULqhnQruPI o5xgEViqLAwRIcjPUaNDd+BmDijXrmJbifgU1hgC4HvCxQxi0QWQmCr1EEA+Y/QbzIuhvKCiGZpt MH2xx2XrFZOcRciUmhzDyJA5hNoYRqvSzcfyjRCJUkFyg8y/n+S+M4mQbqd0OB1F7lzEggmLIEuo PAyROT+AelQg3OAHEuKpQxhVL8wxK+8cilE4odSD3A6ET/4PxG11ia6HRR3QGyod4GvViglBiUhk H3GB6j1UNRN0YPOZlgyH5AB4UN1aqX/Edf/I5lMCc6Jh95nwnGq2BzWQGR3wa7gs2gRr+lm4xddw Vzqu4SIoioE6HgDbU1Ekh2EqoanXCKieo/k546kPaO4T1pidYorzSHZDK8rgxhPTHOdoqixVJFj1 m5wO7E8ghEUSUQgkiJ7yAHQI2EQiFEBsZHU+J5jsU9eSaGeE8B6Z8iXi7bFugOEMgiwYg+NlJfMT xEJsDNMy4CG9TrBOkSCHaj8yt9G+JhQwhoDhDC4t2AhjlFJtIux2CpFwBMNy7ldyG5dyG4NzuDc6 tUA1JEC6ZIIiLqqmiaQZDo9OoI/+LuSKcKEhPQGHkg== --=-jAIh1NvbdIjz8ERjB8Ir--