mirrors/zathura
1
0
Fork 0
mirror of https://git.pwmt.org/pwmt/zathura.git synced 2024-12-29 11:55:59 +01:00
Code Issues Projects Releases Packages Wiki Activity

code cleanup

Browse source
This commit is contained in:
valoq 2018-01-28 15:50:00 +01:00
parent 4bde3d793f
commit 739a18540a
Failed to generate hash of commit
5 changed files with 27 additions and 67 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
config.mk
View file

@ -121,11 +121,12 @@ endif
endif
ifneq (${WITH_SECCOMP},0)
SECCOMP_INC ?=
SECCOMP_LIB ?= -lseccomp
INCS += ${SECCOMP_INC}
LIBS += ${SECCOMP_LIB}
ifeq (${LIBSECCOMP_INC}-${LIBSECCOMP_LIB},-)
PKG_CONFIG_LIBS += libseccomp
else
INCS += ${LIBSECCOMP_INC}
LIBS += ${LIBSECCOMP_LIB}
endif
endif
ifneq (${PKG_CONFIG_LIBS},)

67
zathura/libsec.c
View file

@ -13,12 +13,10 @@
#define DENY_RULE(call) { if (seccomp_rule_add (ctx, SCMP_ACT_KILL, SCMP_SYS(call), 0) < 0) goto out; }
#define ALLOW_RULE(call) { if (seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS(call), 0) < 0) goto out; }
scmp_filter_ctx ctx;
int protectedMode(void){
int seccomp_enable_protected_mode(void){
scmp_filter_ctx ctx;
/* prevent child processes from getting more priv e.g. via setuid, capabilities, ... */
if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) {
perror("prctl SET_NO_NEW_PRIVS");
@ -37,7 +35,6 @@ int protectedMode(void){
perror("seccomp_init failed");
exit(EXIT_FAILURE);
}
DENY_RULE (_sysctl);
DENY_RULE (acct);
@ -91,7 +88,6 @@ int protectedMode(void){
DENY_RULE (uselib);
DENY_RULE (vmsplice);
/* applying filter... */
if (seccomp_load (ctx) >= 0){
/* free ctx after the filter has been loaded into the kernel */
@ -103,12 +99,13 @@ int protectedMode(void){
/* something went wrong */
seccomp_release(ctx);
return 1;
}
int protectedView(void){
int seccomp_enable_protected_view(void){
scmp_filter_ctx ctx;
/* prevent child processes from getting more priv e.g. via setuid, capabilities, ... */
if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) {
perror("prctl SET_NO_NEW_PRIVS");
@ -127,7 +124,6 @@ int protectedView(void){
perror("seccomp_init failed");
exit(EXIT_FAILURE);
}
ALLOW_RULE (access);
ALLOW_RULE (bind);
@ -210,22 +206,18 @@ int protectedView(void){
ALLOW_RULE (writev);
ALLOW_RULE (wait4); /* trying to open links should not crash the app */
/* allowed for use with container */
ALLOW_RULE (chmod);
ALLOW_RULE (link);
ALLOW_RULE (rename);
ALLOW_RULE (rename);
/* allowed for debugging: */
/* ALLOW_RULE (prctl); */
/* ALLOW_RULE (ioctl); */
/* incomplete */
/* if (seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS(fcntl), 1, */
@ -271,8 +263,6 @@ int protectedView(void){
/* SCMP_CMP(0, SCMP_CMP_EQ, PR_SET_PDEATHSIG)) < 0) */
/* goto out; */
/* when zathura is run on wayland, with X11 server available but blocked, unset the DISPLAY variable */
/* otherwise it will try to connect to X11 using inet socket protocol */
@ -288,7 +278,6 @@ int protectedView(void){
goto out;
/* TODO: avoid the need for the open syscall to be allowed with write permissions */
/* zathura needs to open files for writing to save current position */
@ -307,11 +296,7 @@ int protectedView(void){
/* goto out; */
/* ------------ experimental filters --------------- */
/* /\* this filter is susceptible to TOCTOU race conditions, providing limited use *\/ */
/* /\* allow opening only specified files identified by their file descriptors*\/ */
@ -381,12 +366,12 @@ int protectedView(void){
/* something went wrong */
seccomp_release(ctx);
return 1;
}
int strictFilter(void){
int seccomp_enable_strict_filter(void){
scmp_filter_ctx ctx;
/* prevent child processes from getting more priv e.g. via setuid, capabilities, ... */
if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) {
@ -407,7 +392,6 @@ int strictFilter(void){
exit(EXIT_FAILURE);
}
ALLOW_RULE (access);
/* ALLOW_RULE (arch_prctl); */
ALLOW_RULE (bind);
@ -487,7 +471,7 @@ int strictFilter(void){
ALLOW_RULE (writev);
ALLOW_RULE (wait4); /* trying to open links should not crash the app */
/* Special requirements for ioctl, allowed on stdout/stderr */
if (seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS(ioctl), 1,
SCMP_CMP(0, SCMP_CMP_EQ, 1)) < 0)
@ -496,8 +480,7 @@ int strictFilter(void){
SCMP_CMP(0, SCMP_CMP_EQ, 2)) < 0)
goto out;
/* needed by gtk??? (does not load content without) */
/* special restrictions for prctl, only allow PR_SET_NAME/PR_SET_PDEATHSIG */
@ -509,7 +492,6 @@ int strictFilter(void){
SCMP_CMP(0, SCMP_CMP_EQ, PR_SET_PDEATHSIG)) < 0)
goto out;
/* allowed for debugging: */
@ -530,25 +512,4 @@ int strictFilter(void){
return 1;
}
#else /* WITH_SECCOMP */
int protectedMode(void){
perror("No seccomp support compiled-in\n");
return 1;
}
int protectedView(void){
perror("No seccomp support compiled-in\n");
return 1;
}
int strictFilter(void){
perror("No seccomp support compiled-in\n");
return 1;
}
#endif /* WITH_SECCOMP */

6
zathura/libsec.h
View file

@ -4,16 +4,16 @@
/* basic filter */
/* this mode allows normal use */
/* only dangerous syscalls are blacklisted */
int protectedMode(void);
int seccomp_enable_protected_mode(void);
/* secure whitelist filter */
/* whitelist minimal syscalls only */
/* this mode does not allow to open external links or to start applications */
/* network connections are prohibited as well */
int protectedView(void);
int seccomp_enable_protected_view(void);
/* strict filter before document parsing */
/* this filter is to be enabled after most of the initialisation of zathura has finished */
int strictFilter(void);
int seccomp_enable_strict_filter(void);
#endif

5
zathura/links.c
View file

@ -207,9 +207,8 @@ zathura_link_evaluate(zathura_t* zathura, zathura_link_t* link)
if (girara_xdg_open(link->target.value) == false) {
girara_notify(zathura->ui.session, GIRARA_ERROR, _("Failed to run xdg-open."));
}
#endif
#ifdef WITH_SECCOMP
girara_notify(zathura->ui.session, GIRARA_ERROR, _("Opening external apps in protectedView Sandbox mode is not permitted"));
#else
girara_notify(zathura->ui.session, GIRARA_ERROR, _("Opening external apps in protectedView Sandbox mode is not permitted"));
#endif
break;
case ZATHURA_LINK_LAUNCH:

5
zathura/main.c
View file

@ -20,7 +20,6 @@
#endif
#ifdef WITH_SECCOMP
#include <unistd.h>
#include "libsec.h"
#endif
@ -129,7 +128,7 @@ main(int argc, char* argv[])
{
#ifdef WITH_SECCOMP
protectedView();
seccomp_enable_protected_view();
#endif
init_locale();
@ -300,7 +299,7 @@ main(int argc, char* argv[])
#ifdef WITH_SECCOMP
/* enforce strict syscall filter before parsing the document */
strictFilter();
seccomp_enable_strict_filter();
#endif
/* open document if passed */