mirrors/zathura
1
0
Fork 0
mirror of https://git.pwmt.org/pwmt/zathura.git synced 2025-01-04 04:26:00 +01:00
Code Issues Projects Releases Packages Wiki Activity

Apply coding standard

Browse source 
Changes include:
- use girara_error everywhere
- two space indentation
This commit is contained in:
Sebastian Ramacher 2018-03-11 16:12:55 +01:00
parent 3e841103ea
commit 89831253f9
1 changed files with 350 additions and 355 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

73
zathura/seccomp-filters.c
View file

@ -1,5 +1,4 @@
#include "seccomp-filters.h" #include "seccomp-filters.h"
#include <stdio.h>
#ifdef WITH_SECCOMP #ifdef WITH_SECCOMP
#include <girara/log.h> #include <girara/log.h>
@ -14,10 +13,9 @@
#define DENY_RULE(call) { if (seccomp_rule_add (ctx, SCMP_ACT_KILL, SCMP_SYS(call), 0) < 0) goto out; } #define DENY_RULE(call) { if (seccomp_rule_add (ctx, SCMP_ACT_KILL, SCMP_SYS(call), 0) < 0) goto out; }
#define ALLOW_RULE(call) { if (seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS(call), 0) < 0) goto out; } #define ALLOW_RULE(call) { if (seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS(call), 0) < 0) goto out; }
int seccomp_enable_basic_filter(void){ int
seccomp_enable_basic_filter(void)
scmp_filter_ctx ctx; {
/* prevent child processes from getting more priv e.g. via setuid, capabilities, ... */ /* prevent child processes from getting more priv e.g. via setuid, capabilities, ... */
if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) { if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) {
girara_error("prctl SET_NO_NEW_PRIVS"); girara_error("prctl SET_NO_NEW_PRIVS");
@ -31,7 +29,7 @@ int seccomp_enable_basic_filter(void){
} }
/* initialize the filter */ /* initialize the filter */
ctx = seccomp_init(SCMP_ACT_ALLOW); scmp_filter_ctx ctx = seccomp_init(SCMP_ACT_ALLOW);
if (ctx == NULL) { if (ctx == NULL) {
girara_error("seccomp_init failed"); girara_error("seccomp_init failed");
return -1; return -1;
@ -105,28 +103,26 @@ int seccomp_enable_basic_filter(void){
return -1; return -1;
} }
int
int seccomp_enable_strict_filter(void){ seccomp_enable_strict_filter(void)
{
scmp_filter_ctx ctx;
/* prevent child processes from getting more priv e.g. via setuid, capabilities, ... */ /* prevent child processes from getting more priv e.g. via setuid, capabilities, ... */
if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) { if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) {
perror("prctl SET_NO_NEW_PRIVS"); girara_error("prctl SET_NO_NEW_PRIVS");
exit(EXIT_FAILURE); return -1;
} }
/* prevent escape via ptrace */ /* prevent escape via ptrace */
if (prctl(PR_SET_DUMPABLE, 0, 0, 0, 0)) { if (prctl(PR_SET_DUMPABLE, 0, 0, 0, 0)) {
perror("prctl PR_SET_DUMPABLE"); girara_error("prctl PR_SET_DUMPABLE");
exit(EXIT_FAILURE); return -1;
} }
/* initialize the filter */ /* initialize the filter */
ctx = seccomp_init(SCMP_ACT_KILL); scmp_filter_ctx ctx = seccomp_init(SCMP_ACT_KILL);
if (ctx == NULL){ if (ctx == NULL){
perror("seccomp_init failed"); girara_error("seccomp_init failed");
exit(EXIT_FAILURE); return -1;
} }
ALLOW_RULE(access); ALLOW_RULE(access);
@ -208,61 +204,66 @@ int seccomp_enable_strict_filter(void){
ALLOW_RULE(writev); ALLOW_RULE(writev);
ALLOW_RULE(wait4); /* trying to open links should not crash the app */ ALLOW_RULE(wait4); /* trying to open links should not crash the app */
/* Special requirements for ioctl, allowed on stdout/stderr */ /* Special requirements for ioctl, allowed on stdout/stderr */
if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(ioctl), 1, if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(ioctl), 1,
SCMP_CMP(0, SCMP_CMP_EQ, 1)) < 0) SCMP_CMP(0, SCMP_CMP_EQ, 1)) < 0) {
goto out; goto out;
}
if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(ioctl), 1, if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(ioctl), 1,
SCMP_CMP(0, SCMP_CMP_EQ, 2)) < 0) SCMP_CMP(0, SCMP_CMP_EQ, 2)) < 0) {
goto out; goto out;
}
/* needed by gtk??? (does not load content without) */ /* needed by gtk??? (does not load content without) */
/* special restrictions for prctl, only allow PR_SET_NAME/PR_SET_PDEATHSIG */ /* special restrictions for prctl, only allow PR_SET_NAME/PR_SET_PDEATHSIG */
if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(prctl), 1, if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(prctl), 1,
SCMP_CMP(0, SCMP_CMP_EQ, PR_SET_NAME)) < 0) SCMP_CMP(0, SCMP_CMP_EQ, PR_SET_NAME)) < 0) {
goto out; goto out;
}
if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(prctl), 1, if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(prctl), 1,
SCMP_CMP(0, SCMP_CMP_EQ, PR_SET_PDEATHSIG)) < 0) SCMP_CMP(0, SCMP_CMP_EQ, PR_SET_PDEATHSIG)) < 0) {
goto out; goto out;
}
/* special restrictions for open, prevent opening files for writing */ /* special restrictions for open, prevent opening files for writing */
if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open), 1, if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open), 1,
SCMP_CMP(1, SCMP_CMP_MASKED_EQ, O_WRONLY | O_RDWR, 0)) < 0) SCMP_CMP(1, SCMP_CMP_MASKED_EQ, O_WRONLY | O_RDWR, 0)) < 0) {
goto out; goto out;
}
if (seccomp_rule_add(ctx, SCMP_ACT_ERRNO (EACCES), SCMP_SYS(open), 1, if (seccomp_rule_add(ctx, SCMP_ACT_ERRNO (EACCES), SCMP_SYS(open), 1,
SCMP_CMP(1, SCMP_CMP_MASKED_EQ, O_WRONLY, O_WRONLY)) < 0) SCMP_CMP(1, SCMP_CMP_MASKED_EQ, O_WRONLY, O_WRONLY)) < 0) {
goto out; goto out;
}
if (seccomp_rule_add(ctx, SCMP_ACT_ERRNO (EACCES), SCMP_SYS(open), 1, if (seccomp_rule_add(ctx, SCMP_ACT_ERRNO (EACCES), SCMP_SYS(open), 1,
SCMP_CMP(1, SCMP_CMP_MASKED_EQ, O_RDWR, O_RDWR)) < 0) SCMP_CMP(1, SCMP_CMP_MASKED_EQ, O_RDWR, O_RDWR)) < 0) {
goto out; goto out;
}
/* special restrictions for openat, prevent opening files for writing */ /* special restrictions for openat, prevent opening files for writing */
if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat), 1, if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat), 1,
SCMP_CMP(1, SCMP_CMP_MASKED_EQ, O_WRONLY | O_RDWR, 0)) < 0) SCMP_CMP(1, SCMP_CMP_MASKED_EQ, O_WRONLY | O_RDWR, 0)) < 0) {
goto out; goto out;
}
if (seccomp_rule_add(ctx, SCMP_ACT_ERRNO (EACCES), SCMP_SYS(openat), 1, if (seccomp_rule_add(ctx, SCMP_ACT_ERRNO (EACCES), SCMP_SYS(openat), 1,
SCMP_CMP(1, SCMP_CMP_MASKED_EQ, O_WRONLY, O_WRONLY)) < 0) SCMP_CMP(1, SCMP_CMP_MASKED_EQ, O_WRONLY, O_WRONLY)) < 0) {
goto out; goto out;
}
if (seccomp_rule_add(ctx, SCMP_ACT_ERRNO (EACCES), SCMP_SYS(openat), 1, if (seccomp_rule_add(ctx, SCMP_ACT_ERRNO (EACCES), SCMP_SYS(openat), 1,
SCMP_CMP(1, SCMP_CMP_MASKED_EQ, O_RDWR, O_RDWR)) < 0) SCMP_CMP(1, SCMP_CMP_MASKED_EQ, O_RDWR, O_RDWR)) < 0) {
goto out; goto out;
}
/* allowed for debugging: */ /* allowed for debugging: */
/* ALLOW_RULE (prctl); */ /* ALLOW_RULE (prctl); */
/* ALLOW_RULE (ioctl); */ /* ALLOW_RULE (ioctl); */
/* TODO: test fcntl rules */ /* TODO: test fcntl rules */
/* if (seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS(fcntl), 1, */ /* if (seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS(fcntl), 1, */
/* SCMP_CMP(0, SCMP_CMP_EQ, F_GETFL)) < 0) */ /* SCMP_CMP(0, SCMP_CMP_EQ, F_GETFL)) < 0) */
@ -297,11 +298,9 @@ int seccomp_enable_strict_filter(void){
/* SCMP_CMP(0, SCMP_CMP_EQ, PR_SET_PDEATHSIG)) < 0) */ /* SCMP_CMP(0, SCMP_CMP_EQ, PR_SET_PDEATHSIG)) < 0) */
/* goto out; */ /* goto out; */
/* when zathura is run on wayland, with X11 server available but blocked, unset the DISPLAY variable */ /* when zathura is run on wayland, with X11 server available but blocked, unset the DISPLAY variable */
/* otherwise it will try to connect to X11 using inet socket protocol */ /* otherwise it will try to connect to X11 using inet socket protocol */
/* ------------ experimental filters --------------- */ /* ------------ experimental filters --------------- */
/* /\* this filter is susceptible to TOCTOU race conditions, providing limited use *\/ */ /* /\* this filter is susceptible to TOCTOU race conditions, providing limited use *\/ */
@ -313,7 +312,6 @@ int seccomp_enable_strict_filter(void){
/* SCMP_CMP(SCMP_CMP_EQ, fd)) < 0) /\* or < 1 ??? *\/ */ /* SCMP_CMP(SCMP_CMP_EQ, fd)) < 0) /\* or < 1 ??? *\/ */
/* goto out; */ /* goto out; */
/* /\* restricting write access *\/ */ /* /\* restricting write access *\/ */
/* /\* allow stdin *\/ */ /* /\* allow stdin *\/ */
@ -332,7 +330,6 @@ int seccomp_enable_strict_filter(void){
/* SCMP_CMP(0, SCMP_CMP_EQ, 2)) < 0 ) */ /* SCMP_CMP(0, SCMP_CMP_EQ, 2)) < 0 ) */
/* goto out; */ /* goto out; */
/* /\* restrict writev (write a vector) access *\/ */ /* /\* restrict writev (write a vector) access *\/ */
/* this does not seem reliable but it surprisingly is. investigate more */ /* this does not seem reliable but it surprisingly is. investigate more */
/* if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(writev), 1, */ /* if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(writev), 1, */
@ -357,10 +354,8 @@ int seccomp_enable_strict_filter(void){
/* fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0 */ /* fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0 */
/* fcntl(3, F_SETFD, FD_CLOEXEC) = 0 */ /* fcntl(3, F_SETFD, FD_CLOEXEC) = 0 */
/* ------------------ end of experimental filters ------------------ */ /* ------------------ end of experimental filters ------------------ */
/* applying filter... */ /* applying filter... */
if (seccomp_load(ctx) >= 0) { if (seccomp_load(ctx) >= 0) {
/* free ctx after the filter has been loaded into the kernel */ /* free ctx after the filter has been loaded into the kernel */