X-Git-Url: http://mj.ucw.cz/gitweb/?a=blobdiff_plain;f=src%2Fbox.c;h=688bc5959532e56d8baaadd1f64b8f8996490bdc;hb=d99e7d3fac37d35fa3e4b688e91f40f4af4ae70f;hp=f18acff5d10143b72f90ac9ac9e3c10f7331b57b;hpb=a26f96aa285b800eb3eafe41263bfcd128d93480;p=moe.git

diff --git a/src/box.c b/src/box.c
index f18acff..688bc59 100644
--- a/src/box.c
+++ b/src/box.c
@@ -27,6 +27,7 @@
 
 #define NONRET __attribute__((noreturn))
 #define UNUSED __attribute__((unused))
+#define ARRAY_SIZE(a) (int)(sizeof(a)/sizeof(a[0]))
 
 static int filter_syscalls;		/* 0=off, 1=liberal, 2=totalitarian */
 static int timeout;			/* milliseconds */
@@ -90,13 +91,22 @@ msg(char *msg, ...)
   va_end(args);
 }
 
-static const char * const syscall_tab[] = {
+static void *
+xmalloc(size_t size)
+{
+  void *p = malloc(size);
+  if (!p)
+    die("Out of memory");
+  return p;
+}
+
+static const char * const syscall_names[] = {
 #include "syscall-table.h"
 };
-#define NUM_SYSCALLS (sizeof(syscall_tab)/sizeof(syscall_tab[0]))
+#define NUM_SYSCALLS ARRAY_SIZE(syscall_names)
 #define NUM_ACTIONS (NUM_SYSCALLS+64)
 
-enum syscall_action {
+enum action {
   SC_DEFAULT,		// Use the default action
   SC_NO,		// Always forbid
   SC_YES,		// Always permit
@@ -209,8 +219,8 @@ static unsigned char syscall_action[NUM_ACTIONS] = {
 static const char *
 syscall_name(unsigned int id, char *buf)
 {
-  if (id < NUM_SYSCALLS && syscall_tab[id])
-    return syscall_tab[id];
+  if (id < NUM_SYSCALLS && syscall_names[id])
+    return syscall_names[id];
   else
     {
       sprintf(buf, "#%d", id);
@@ -221,8 +231,8 @@ syscall_name(unsigned int id, char *buf)
 static int
 syscall_by_name(char *name)
 {
-  for (unsigned int i=0; i<sizeof(syscall_tab)/sizeof(syscall_tab[0]); i++)
-    if (syscall_tab[i] && !strcmp(syscall_tab[i], name))
+  for (unsigned int i=0; i<NUM_SYSCALLS; i++)
+    if (syscall_names[i] && !strcmp(syscall_names[i], name))
       return i;
   if (name[0] == '#')
     name++;
@@ -238,10 +248,10 @@ syscall_by_name(char *name)
 }
 
 static int
-set_action(char *a)
+set_syscall_action(char *a)
 {
   char *sep = strchr(a, '=');
-  enum syscall_action act = SC_YES;
+  enum action act = SC_YES;
   if (sep)
     {
       *sep++ = 0;
@@ -258,12 +268,77 @@ set_action(char *a)
   int sys = syscall_by_name(a);
   if (sys < 0)
     die("Unknown syscall `%s'", a);
-  if (sys >= (int)NUM_ACTIONS)
+  if (sys >= NUM_ACTIONS)
     die("Syscall `%s' out of range", a);
   syscall_action[sys] = act;
   return 1;
 }
 
+struct path_rule {
+  char *path;
+  enum action action;
+  struct path_rule *next;
+};
+
+static struct path_rule default_path_rules[] = {
+  { "/etc/", SC_YES },
+  { "/lib/", SC_YES },
+  { "/usr/lib/", SC_YES },
+  { "/opt/lib/", SC_YES },
+  { "/usr/share/zoneinfo/", SC_YES },
+  { "/usr/share/locale/", SC_YES },
+  { "/dev/null", SC_YES },
+  { "/dev/zero", SC_YES },
+  { "/proc/meminfo", SC_YES },
+  { "/proc/self/stat", SC_YES },
+  { "/proc/self/exe", SC_YES },			// Needed by FPC 2.0.x runtime
+};
+
+static struct path_rule *user_path_rules;
+static struct path_rule **last_path_rule = &user_path_rules;
+
+static int
+set_path_action(char *a)
+{
+  char *sep = strchr(a, '=');
+  enum action act = SC_YES;
+  if (sep)
+    {
+      *sep++ = 0;
+      if (!strcmp(sep, "yes"))
+	act = SC_YES;
+      else if (!strcmp(sep, "no"))
+	act = SC_NO;
+      else
+	return 0;
+    }
+
+  struct path_rule *r = xmalloc(sizeof(*r) + strlen(a));
+  r->path = (char *)(r+1);
+  strcpy(r->path, a);
+  r->action = act;
+  r->next = NULL;
+  *last_path_rule = r;
+  last_path_rule = &r->next;
+  return 1;
+}
+
+static enum action
+match_path_rule(struct path_rule *r, char *path)
+{
+  char *rr = r->path;
+  while (*rr)
+    if (*rr++ != *path++)
+      {
+	if (rr[-1] == '/' && !path[-1])
+	  break;
+	return SC_DEFAULT;
+      }
+  if (rr > r->path && rr[-1] != '/' && *path)
+    return SC_DEFAULT;
+  return r->action;
+}
+
 static void
 valid_filename(unsigned long addr)
 {
@@ -309,32 +384,34 @@ valid_filename(unsigned long addr)
   msg("[%s] ", namebuf);
   if (file_access >= 3)
     return;
+
+  // Everything in current directory is permitted
   if (!strchr(namebuf, '/') && strcmp(namebuf, ".."))
     return;
+
+  // ".." anywhere in the path is forbidden
+  enum action act = SC_DEFAULT;
+  if (strstr(namebuf, ".."))
+    act = SC_NO;
+
+  // Scan user rules
+  for (struct path_rule *r = user_path_rules; r && !act; r=r->next)
+    act = match_path_rule(r, namebuf);
+
+  // Scan built-in rules
   if (file_access >= 2)
-    {
-      if ((!strncmp(namebuf, "/etc/", 5) ||
-	   !strncmp(namebuf, "/lib/", 5) ||
-	   !strncmp(namebuf, "/usr/lib/", 9) ||
-	   !strncmp(namebuf, "/opt/lib/", 9))
-	  && !strstr(namebuf, ".."))
-	return;
-      if (!strcmp(namebuf, "/dev/null") ||
-	  !strcmp(namebuf, "/dev/zero") ||
-	  !strcmp(namebuf, "/proc/meminfo") ||
-	  !strcmp(namebuf, "/proc/self/stat") ||
-	  !strcmp(namebuf, "/proc/self/exe") ||			/* Needed by FPC 2.0.x runtime */
-	  !strncmp(namebuf, "/usr/share/zoneinfo/", 20))
-	return;
-    }
-  die("Forbidden access to file `%s'", namebuf);
+    for (int i=0; i<ARRAY_SIZE(default_path_rules) && !act; i++)
+      act = match_path_rule(&default_path_rules[i], namebuf);
+
+  if (act != SC_YES)
+    die("Forbidden access to file `%s'", namebuf);
 }
 
 static int
 valid_syscall(struct user *u)
 {
   unsigned int sys = u->regs.orig_eax;
-  enum syscall_action act = (sys < NUM_ACTIONS) ? syscall_action[sys] : SC_DEFAULT;
+  enum action act = (sys < NUM_ACTIONS) ? syscall_action[sys] : SC_DEFAULT;
 
   if (act & SC_LIBERAL)
     {
@@ -621,6 +698,8 @@ Options:\n\
 -i <file>\tRedirect stdin from <file>\n\
 -m <size>\tLimit address space to <size> KB\n\
 -o <file>\tRedirect stdout to <file>\n\
+-p <path>\tPermit access to the specified path (or subtree if it ends with a `/')\n\
+-p <path>=<act>\tDefine action for the specified path (<act>=yes/no)\n\
 -s <sys>\tPermit the specified syscall (be careful)\n\
 -s <sys>=<act>\tDefine action for the specified syscall (<act>=yes/no/file)\n\
 -t <time>\tSet run time limit (seconds, fractions allowed)\n\
@@ -637,7 +716,7 @@ main(int argc, char **argv)
   int c;
   uid_t uid;
 
-  while ((c = getopt(argc, argv, "a:c:efi:m:o:s:t:Tvw:")) >= 0)
+  while ((c = getopt(argc, argv, "a:c:efi:m:o:p:s:t:Tvw:")) >= 0)
     switch (c)
       {
       case 'a':
@@ -661,8 +740,12 @@ main(int argc, char **argv)
       case 'o':
 	redir_stdout = optarg;
 	break;
+      case 'p':
+	if (!set_path_action(optarg))
+	  usage();
+	break;
       case 's':
-	if (!set_action(optarg))
+	if (!set_syscall_action(optarg))
 	  usage();
 	break;
       case 't':