aboutsummaryrefslogtreecommitdiff
path: root/src/common/sandbox.h
Commit message (Collapse)AuthorAge
* Merge remote-tracking branch 'public/bug11970'Nick Mathewson2014-06-11
|\
| * sandbox: revamp sandbox_getaddrinfo cacheingNick Mathewson2014-05-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The old cache had problems: * It needed to be manually preloaded. (It didn't remember any address you didn't tell it to remember) * It was AF_INET only. * It looked at its cache even if the sandbox wasn't turned on. * It couldn't remember errors. * It had some memory management problems. (You can't use memcpy to copy an addrinfo safely; it has pointers in.) This patch fixes those issues, and moves to a hash table. Fixes bug 11970; bugfix on 0.2.5.1-alpha.
* | Make sandbox.c compile on armNick Mathewson2014-05-27
|/ | | | | This is a minimal set of changes for compilation; I need a more recent kernel to test this stuff.
* sandbox: Disallow options which would make us call exec()Nick Mathewson2014-05-20
| | | | | | | | | | | None of the things we might exec() can possibly run under the sanbox, so rather than crash later, we have to refuse to accept the configuration nice and early. The longer-term solution is to have an exec() helper, but wow is that risky. fixes 12043; bugfix on 0.2.5.1-alpha
* Don't allow change to ConnLimit while sandbox is activeNick Mathewson2014-04-16
|
* Clean up sandbox structures a bitNick Mathewson2014-04-16
| | | | | | Drop pindex,pindex2 as unused. Admit a type to avoid using a void*
* Drop 'fr' parameter from sandbox code.Nick Mathewson2014-04-16
| | | | | | | | | Appearently, the majority of the filenames we pass to sandbox_cfg_allow() functions are "freeable right after". So, consider _all_ of them safe-to-steal, and add a tor_strdup() in the few cases that aren't. (Maybe buggy; revise when I can test.)
* Add 'rename' to the sandboxed syscallsNick Mathewson2014-04-16
| | | | | | (If we don't restrict rename, there's not much point in restricting open, since an attacker could always use rename to make us open whatever they want.)
* Merge branch 'backtrace_squashed'Nick Mathewson2013-11-18
|\ | | | | | | | | | | | | | | | | | | Conflicts: src/common/sandbox.c src/common/sandbox.h src/common/util.c src/or/main.c src/test/include.am src/test/test.c
| * Add a sighandler-safe logging mechanismNick Mathewson2013-11-18
| | | | | | | | | | | | | | | | | | We had accidentially grown two fake ones: one for backtrace.c, and one for sandbox.c. Let's do this properly instead. Now, when we configure logs, we keep track of fds that should get told about bad stuff happening from signal handlers. There's another entry point for these that avoids using non-signal-handler-safe functions.
* | Fix osx compilation again, hopefully better this time.Nick Mathewson2013-09-11
| |
* | fixed compilation error on i386 linux by moving sandbox_cfg_t definitionCristian Toader2013-09-10
| |
* | Fix check-spacesNick Mathewson2013-09-09
| |
* | Fix compilation on OSXNick Mathewson2013-09-09
| |
* | Fix most of the --enable-gcc-warnings warnings in the sandbox codeNick Mathewson2013-09-09
| |
* | Basic compilation fixes.Nick Mathewson2013-09-09
| |
* | passing hints as a const pointer to sandbox_getaddrinfo(), also one tor_free ↵Cristian Toader2013-09-06
| | | | | | | | macro fails to compile..
* | fixed bug where sandbox_getaddrinfo() would fail when -Sandbox is 0Cristian Toader2013-09-03
| |
* | switched to a more generic way of handling the sandbox configurationCristian Toader2013-09-02
| |
* | changed how sb getaddrinfo works such that it supports storing multiple resultsCristian Toader2013-09-02
| |
* | documentation update for _array functionsCristian Toader2013-08-29
| |
* | _array filter functions now rely on final NULL parameterCristian Toader2013-08-29
| |
* | replaced boolean char with intCristian Toader2013-08-29
| |
* | small fixes in documentation and sandbox_getaddrinfo()Cristian Toader2013-08-29
| |
* | Added doxygen struct doc and replaced func() with funct(void)Cristian Toader2013-08-28
| |
* | removed PARAM_LENCristian Toader2013-08-28
| |
* | fix for getaddrinfo open syscallCristian Toader2013-08-19
| |
* | added comments for sandbox.hCristian Toader2013-08-15
| |
* | attempt to add stat64 filename filters; failed due to getaddrinfo..Cristian Toader2013-08-12
| |
* | fixed memory leak, added array filter supportCristian Toader2013-08-10
| |
* | multi-configuration support using sandbox_t structCristian Toader2013-08-05
| |
* | added execve and multi-configuration supportCristian Toader2013-08-05
| |
* | switched to a design using filters as function pointer arraysCristian Toader2013-07-30
| |
* | small filter changes; openat as separate functionCristian Toader2013-07-30
| |
* | added openat parameter filterCristian Toader2013-07-29
| |
* | Changes as suggested by nickmCristian Toader2013-07-29
| | | | | | | | | | - char* to const char* and name refactoring - workaround for accept4 syscall
* | integrated context for dynamic filtersCristian Toader2013-07-25
| |
* | initia stages of runtime dynamic filtersCristian Toader2013-07-25
| |
* | dynamic parameter filter bug fixesCristian Toader2013-07-24
| |
* | dynamic parameter filter (prototype, not tested)Cristian Toader2013-07-24
| |
* | added support for multiple parametersCristian Toader2013-07-23
| |
* | added experimental support for open syscall path paramCristian Toader2013-07-23
| |
* | added support for numeric parameters, tested with rt_sigactionCristian Toader2013-07-23
| |
* | changed paramfilter type to intptr_tCristian Toader2013-07-23
| |
* | Added getter for protected parameterCristian Toader2013-07-18
| |
* | Repair of some of the lost parameter filters historyCristian Toader2013-07-18
|/
* Add a basic seccomp2 syscall filter on LinuxCristian Toader2013-07-11
It's controlled by the new Sandbox argument. Right now, it's rather coarse-grained, it's Linux-only, and it may break some features.
generated by cgit v1.2.3 (git 2.25.4) at 2024-05-28 07:17:36 +0000