mirrors/zathura
1
0
Fork 0
mirror of https://git.pwmt.org/pwmt/zathura.git synced 2025-01-01 07:46:00 +01:00
Code Issues Projects Releases Packages Wiki Activity

code cleanup

Browse source
This commit is contained in:
valoq 2018-01-28 15:50:00 +01:00
parent 4bde3d793f
commit 739a18540a
Failed to generate hash of commit
5 changed files with 27 additions and 67 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
config.mk
View file

@ -121,11 +121,12 @@ endif
endif
ifneq (${WITH_SECCOMP},0)
SECCOMP_INC ?=
SECCOMP_LIB ?= -lseccomp
INCS += ${SECCOMP_INC}
LIBS += ${SECCOMP_LIB}
ifeq (${LIBSECCOMP_INC}-${LIBSECCOMP_LIB},-)
PKG_CONFIG_LIBS += libseccomp
else
INCS += ${LIBSECCOMP_INC}
LIBS += ${LIBSECCOMP_LIB}
endif
endif
ifneq (${PKG_CONFIG_LIBS},)

55
zathura/libsec.c
View file

@ -13,11 +13,9 @@
#define DENY_RULE(call) { if (seccomp_rule_add (ctx, SCMP_ACT_KILL, SCMP_SYS(call), 0) < 0) goto out; }
#define ALLOW_RULE(call) { if (seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS(call), 0) < 0) goto out; }
scmp_filter_ctx ctx;
int seccomp_enable_protected_mode(void){
int protectedMode(void){
scmp_filter_ctx ctx;
/* prevent child processes from getting more priv e.g. via setuid, capabilities, ... */
if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) {
@ -38,7 +36,6 @@ int protectedMode(void){
exit(EXIT_FAILURE);
}
DENY_RULE (_sysctl);
DENY_RULE (acct);
DENY_RULE (add_key);
@ -91,7 +88,6 @@ int protectedMode(void){
DENY_RULE (uselib);
DENY_RULE (vmsplice);
/* applying filter... */
if (seccomp_load (ctx) >= 0){
/* free ctx after the filter has been loaded into the kernel */
@ -103,11 +99,12 @@ int protectedMode(void){
/* something went wrong */
seccomp_release(ctx);
return 1;
}
int protectedView(void){
int seccomp_enable_protected_view(void){
scmp_filter_ctx ctx;
/* prevent child processes from getting more priv e.g. via setuid, capabilities, ... */
if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) {
@ -128,7 +125,6 @@ int protectedView(void){
exit(EXIT_FAILURE);
}
ALLOW_RULE (access);
ALLOW_RULE (bind);
ALLOW_RULE (brk);
@ -210,22 +206,18 @@ int protectedView(void){
ALLOW_RULE (writev);
ALLOW_RULE (wait4); /* trying to open links should not crash the app */
/* allowed for use with container */
ALLOW_RULE (chmod);
ALLOW_RULE (link);
ALLOW_RULE (rename);
/* allowed for debugging: */
/* ALLOW_RULE (prctl); */
/* ALLOW_RULE (ioctl); */
/* incomplete */
/* if (seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS(fcntl), 1, */
@ -272,8 +264,6 @@ int protectedView(void){
/* goto out; */
/* when zathura is run on wayland, with X11 server available but blocked, unset the DISPLAY variable */
/* otherwise it will try to connect to X11 using inet socket protocol */
@ -288,7 +278,6 @@ int protectedView(void){
goto out;
/* TODO: avoid the need for the open syscall to be allowed with write permissions */
/* zathura needs to open files for writing to save current position */
@ -307,12 +296,8 @@ int protectedView(void){
/* goto out; */
/* ------------ experimental filters --------------- */
/* /\* this filter is susceptible to TOCTOU race conditions, providing limited use *\/ */
/* /\* allow opening only specified files identified by their file descriptors*\/ */
@ -381,12 +366,12 @@ int protectedView(void){
/* something went wrong */
seccomp_release(ctx);
return 1;
}
int strictFilter(void){
int seccomp_enable_strict_filter(void){
scmp_filter_ctx ctx;
/* prevent child processes from getting more priv e.g. via setuid, capabilities, ... */
if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) {
@ -407,7 +392,6 @@ int strictFilter(void){
exit(EXIT_FAILURE);
}
ALLOW_RULE (access);
/* ALLOW_RULE (arch_prctl); */
ALLOW_RULE (bind);
@ -497,7 +481,6 @@ int strictFilter(void){
goto out;
/* needed by gtk??? (does not load content without) */
/* special restrictions for prctl, only allow PR_SET_NAME/PR_SET_PDEATHSIG */
@ -510,7 +493,6 @@ int strictFilter(void){
goto out;
/* allowed for debugging: */
/* ALLOW_RULE (prctl); */
@ -530,25 +512,4 @@ int strictFilter(void){
return 1;
}
#else /* WITH_SECCOMP */
int protectedMode(void){
perror("No seccomp support compiled-in\n");
return 1;
}
int protectedView(void){
perror("No seccomp support compiled-in\n");
return 1;
}
int strictFilter(void){
perror("No seccomp support compiled-in\n");
return 1;
}
#endif /* WITH_SECCOMP */

6
zathura/libsec.h
View file

@ -4,16 +4,16 @@
/* basic filter */
/* this mode allows normal use */
/* only dangerous syscalls are blacklisted */
int protectedMode(void);
int seccomp_enable_protected_mode(void);
/* secure whitelist filter */
/* whitelist minimal syscalls only */
/* this mode does not allow to open external links or to start applications */
/* network connections are prohibited as well */
int protectedView(void);
int seccomp_enable_protected_view(void);
/* strict filter before document parsing */
/* this filter is to be enabled after most of the initialisation of zathura has finished */
int strictFilter(void);
int seccomp_enable_strict_filter(void);
#endif

3
zathura/links.c
View file

@ -207,8 +207,7 @@ zathura_link_evaluate(zathura_t* zathura, zathura_link_t* link)
if (girara_xdg_open(link->target.value) == false) {
girara_notify(zathura->ui.session, GIRARA_ERROR, _("Failed to run xdg-open."));
}
#endif
#ifdef WITH_SECCOMP
#else
girara_notify(zathura->ui.session, GIRARA_ERROR, _("Opening external apps in protectedView Sandbox mode is not permitted"));
#endif
break;

5
zathura/main.c
View file

@ -20,7 +20,6 @@
#endif
#ifdef WITH_SECCOMP
#include <unistd.h>
#include "libsec.h"
#endif
@ -129,7 +128,7 @@ main(int argc, char* argv[])
{
#ifdef WITH_SECCOMP
protectedView();
seccomp_enable_protected_view();
#endif
init_locale();
@ -300,7 +299,7 @@ main(int argc, char* argv[])
#ifdef WITH_SECCOMP
/* enforce strict syscall filter before parsing the document */
strictFilter();
seccomp_enable_strict_filter();
#endif
/* open document if passed */