Skip to content

Commit f341930

Browse files
liqiang-fit2cloudliqiang-fit2cloud
committed
security: not allow to create subprocess in sandbox by default.
1 parent 74ba4ce commit f341930

File tree

1 file changed

+32
-5
lines changed

1 file changed

+32
-5
lines changed

installer/sandbox.c

Lines changed: 32 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,8 @@
1919
#include <time.h>
2020
#include <execinfo.h>
2121
#include <dlfcn.h>
22+
#include <linux/sched.h>
23+
#include <pty.h>
2224

2325
#define CONFIG_FILE ".sandbox.conf"
2426
#define KEY_BANNED_HOSTS "SANDBOX_PYTHON_BANNED_HOSTS"
@@ -160,7 +162,7 @@ static int allow_create_subprocess() {
160162
return allow_subprocess || !is_sandbox_user();
161163
}
162164
static int deny() {
163-
fprintf(stderr, "[sandbox] Permission denied to create subprocess in sandbox.\n");
165+
fprintf(stderr, "Permission denied to create subprocess.\n");
164166
_exit(1);
165167
return -1;
166168
}
@@ -218,7 +220,11 @@ int clone(int (*fn)(void *), void *child_stack, int flags, void *arg, ...) {
218220
va_end(ap);
219221
return real_clone(fn, child_stack, flags, arg, (void *)a4, (void *)a5);
220222
}
221-
223+
int clone3(struct clone_args *cl_args, size_t size) {
224+
RESOLVE_REAL(clone3);
225+
if (!allow_create_subprocess()) return deny();
226+
return real_clone3(cl_args, size);
227+
}
222228
int posix_spawn(pid_t *pid, const char *path,
223229
const posix_spawn_file_actions_t *file_actions,
224230
const posix_spawnattr_t *attrp,
@@ -264,6 +270,16 @@ int __libc_system(const char *command) {
264270
if (!allow_create_subprocess()) return deny();
265271
return real___libc_system(command);
266272
}
273+
pid_t forkpty(int *amaster, char *name, const struct termios *termp, const struct winsize *winp) {
274+
RESOLVE_REAL(forkpty);
275+
if (!allow_create_subprocess()) return deny();
276+
return real_forkpty(amaster, name, termp, winp);
277+
}
278+
pid_t __forkpty(int *amaster, char *name, const struct termios *termp, const struct winsize *winp) {
279+
RESOLVE_REAL(__forkpty);
280+
if (!allow_create_subprocess()) return deny();
281+
return real___forkpty(amaster, name, termp, winp);
282+
}
267283
long (*real_syscall)(long, ...) = NULL;
268284
long syscall(long number, ...) {
269285
RESOLVE_REAL(syscall);
@@ -276,9 +292,20 @@ long syscall(long number, ...) {
276292
long a5 = va_arg(ap, long);
277293
long a6 = va_arg(ap, long);
278294
va_end(ap);
279-
if (number == SYS_execve || number == SYS_execveat ||
280-
number == SYS_fork || number == SYS_vfork || number == SYS_clone) {
281-
if (!allow_create_subprocess()) return deny();
295+
switch (number) {
296+
case SYS_execve:
297+
case SYS_execveat:
298+
case SYS_fork:
299+
case SYS_vfork:
300+
case SYS_clone:
301+
case SYS_clone3:
302+
#ifdef SYS_posix_spawn
303+
case SYS_posix_spawn:
304+
#endif
305+
#ifdef SYS_posix_spawnp
306+
case SYS_posix_spawnp:
307+
#endif
308+
if (!allow_create_subprocess()) return deny();
282309
}
283310
return real_syscall(number, a1, a2, a3, a4, a5, a6);
284311
}

0 commit comments

Comments
 (0)