cleanup and manpage

2024-11-10 20:53:46 +01:00 · 2018-03-11 12:21:13 +01:00 · 2018-03-11 12:21:13 +01:00 · 5a66aa92c0
commit 5a66aa92c0
parent 3f983e7ae2
4 changed files with 35 additions and 10 deletions
--- a/doc/man/zathurarc.5.rst
+++ b/doc/man/zathurarc.5.rst
@ -1044,6 +1044,16 @@ Define the background color of the selected element in index mode.
 * Value type: String
 * Default value: #9FBC00

+sandbox
+^^^^^^^
+Defines the sandbox mode to use for the seccomp syscall filter. Possible
+values are "none", "normal" and "strict". If "none" is used, the sandbox
+will be disabled. The use of "normal" will provide minimal protection and
+allow normal use of seccomp with support for all features. The "strict" mode
+is a read only sandbox that is intended for viewing documents only.
+
+* Value type: String
+* Default value: normal

 SEE ALSO
 ========
--- a/zathura/libsec.c
+++ b/zathura/libsec.c
@ -19,21 +19,21 @@ int seccomp_enable_basic_filter(void){
 
    /* prevent child processes from getting more priv e.g. via setuid, capabilities, ... */
    if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) {
-        perror("prctl SET_NO_NEW_PRIVS");
-        exit(EXIT_FAILURE);
+        girara_error("prctl SET_NO_NEW_PRIVS");
+        return -1;
    }

    /* prevent escape via ptrace */
    if(prctl (PR_SET_DUMPABLE, 0, 0, 0, 0)){
-        perror("prctl PR_SET_DUMPABLE");
-        exit(EXIT_FAILURE);
+        girara_error("prctl PR_SET_DUMPABLE");
+        return -1;
    }

    /* initialize the filter */
    ctx = seccomp_init(SCMP_ACT_ALLOW);
    if (ctx == NULL){
-	perror("seccomp_init failed");
-        exit(EXIT_FAILURE);
+        girara_error("seccomp_init failed");
+        return -1;
    }
    
    DENY_RULE (_sysctl);
@ -101,7 +101,7 @@ int seccomp_enable_basic_filter(void){
  out:
    /* something went wrong */
    seccomp_release(ctx);
-    return 1;
+    return -1;
 }


@ -370,7 +370,7 @@ int seccomp_enable_strict_filter(void){
  out:
    /* something went wrong */
    seccomp_release(ctx);
-    return 1;
+    return -1;
 }

 #endif /* WITH_SECCOMP */
--- a/zathura/links.c
+++ b/zathura/links.c
@ -221,6 +221,7 @@ zathura_link_evaluate(zathura_t* zathura, zathura_link_t* link)
    default:
      break;
  }
+  g_free(sandbox);
 }

 void
--- a/zathura/main.c
+++ b/zathura/main.c
@ -302,11 +302,25 @@ main(int argc, char* argv[])
    girara_debug("Sandbox deactivated.");
  } else if (g_strcmp0(sandbox, "normal") == 0)  {
    girara_debug("Basic sandbox allowing normal operation.");
-    seccomp_enable_basic_filter();
+    ret = seccomp_enable_basic_filter();
+    if (ret){
+      goto free_and_ret;
+    }
  } else if (g_strcmp0(sandbox, "strict") == 0) {
    girara_debug("Strict sandbox preventing write and network access.");
-    seccomp_enable_strict_filter();
+    ret = seccomp_enable_strict_filter();
+    if (ret){
+      goto free_and_ret;
+    }
+  } else {
+    girara_error("Invalid sandbox option");
+    ret = -1;
+    goto free_and_ret;
  }
+  
+
+
+  g_free(sandbox);

 #endif