alip’in günlüğü

I decided to write a blog entry about my porting efforts of sydbox to IA64.
Thanks to ahf who gave me access to an IA64 box, i started porting sydbox to IA64.

All ptrace() related stuff of sydbox resides in trace.c.
So that’s the file we’re interested in. For x86 and x86_64 architectures
everything was so easy, just fill in some registry values and it’s all done. For IA64, however, additional hackery is needed.

First problem, you can’t include both sys/ptrace.h and linux/ptrace.h due to redefinition errors. This is easy to solve, I added an autoconf check:

AC_CHECK_TYPES([struct pt_all_user_regs, struct ia64_fpreg],,,[#include <sys/ptrace.h>])

This one exports two defines to config.h namely HAVE_STRUCT_IA64_FPREG and
HAVE_STRUCT_PT_ALL_USER_REGS, using this two defines it’s possible to include both files using some preprocessor hacks:

#include <sys/ptrace.h>
/* We need additional hackery on IA64 to include linux/ptrace.h to avoid
 * redefinition errors.
 */
#if defined(IA64)
#ifdef HAVE_STRUCT_IA64_FPREG
#define ia64_fpreg XXX_ia64_fpreg
#endif // HAVE_STRUCT_IA64_FPREG
#ifdef HAVE_STRUCT_PT_ALL_USER_REGS
#define pt_all_user_regs XXX_pt_all_user_regs
#endif // HAVE_STRUCT_PT_ALL_USER_REGS
#include <linux/ptrace.h>
#undef ia64_fpreg
#undef pt_all_user_regs
#endif // defined(IA64)

and problem solved.

The second problem is figuring out how to get system call number, this is easy too. PT_R15 is the registry we need.

The third problem is getting and setting the return value of system calls. On IA64 the registry PT_R10 has the return value of the system call. One last thing is the errno. The errno should reside in the PT_R8 registry and it should be positive unlike x86 and x86_64 where return value of the system call is the negated errno.

So far so good, the last problem is getting and setting arguments of functions. This is a bit too long to explain, interested readers are encouraged to look at the trace_ia64_peek function in trace.c.

sydbox-0.1_beta8 is released.

• Exit when eldest child exits and add a command line flag –wait-all to wait for all children before exiting.
• Fix /proc/self substitution.
• Add configuration file variable main.allow_proc_pid and allow /proc/PID depending on that variable. This defaults to true because allowing /proc/PID is required for some programs to work reliably.
• Path sandboxing can now be disabled using the configuration file or –disable-sandbox-path command line option. Previously this was only possible using /dev/sydbox/{on,off} magic commands.
• Configuration file changes, make sure to merge your configuration file.

tarball: sydbox-0.1_beta8.tar.bz2
sign: sydbox-0.1_beta8.tar.bz2.asc
sha1sum: 09d44475bc2697423f40aab97b9d575ff8ffb346

sydbox-0.1_beta7 is released.

• Fix magic stat problems on x86
• Fix segfaults caused by wrong handling of the list of children.

tarball: sydbox-0.1_beta7.tar.bz2
sign: sydbox-0.1_beta7.tar.bz2.asc
sha1sum: 512b890ded05b59866fd6826f2f4af2a7b5366ec

sydbox-0.1_beta5 is released.

• Implement /dev/sydbox/{un,}ban_exec. paludis-sydbox branch makes use of these magic commands to ban execve() calls in metadata phase.
• When shell_expand() returns empty string, it was added to the pathlist resulting every path prefix check to be allowed, this is now fixed.

tarball: sydbox-0.1_beta5.tar.bz2
sha1sum: 2b02bc204148f94bb79b7a5b190f1d2069394ecb

Running external commands in the metadata phase of exheres/ebuild is obviously
a bad idea because this phase is used to generate caches.

Ciaranm has come up with an idea to generate sydbox access violations when execve() family functions are called in the metadata phase. This was rather easy to
implement.

I’ve added two sydbox magic commands, namely /dev/sydbox/ban_exec and /dev/sydbox/unban_exec. Writing to the former file sets the flag to ban all execve() calls and writing to the latter unsets the flag.

A small example looks like:

#!/bin/sh

/bin/true # This call succeeds.
:>/dev/sydbox/ban_exec
/bin/true # This call fails with EACCES.
:>/dev/sydbox/unban_exec
/bin/true # This call succeeds.

The last thing to do was to add support to paludis. I’ve amended my sydbox support commit and added support to ban execve() calls in the metadata phase. If you’re using my paludis-sydbox branch, make sure to use sydbox-scm and not 0.1_beta4. I think I’ll release 0.1_beta5 with only this change but I have school tomorrow and I won’t have internet access for two days.

sydbox-0.1_beta4 is released.

• Use an lstat(2) wrapper which tries hard to avoid ENAMETOOLONG issues.
• Handle /proc/self correctly when resolving paths.

tarball: sydbox-0.1_beta4.tar.bz2
sha1sum: ebc650689267539e22da1c1dc2aec818b29382c6

sydbox-0.1_beta3 is released.

• Fixed event handling and inheritance of sandbox data. Sydbox behaves correctly now when a child calls fork(), vfork() or clone().

tarball: sydbox-0.1_beta3.tar.bz2
sha1sum: 7ace8ee1463e3b76543c401334e7f6666547b97b

sydbox-0.1_beta2 has been released.

• Canonicalize filenames by default. This was previously only done in paranoid mode. This makes sydbox stricter (expect more testsuites to fail).

tarball: sydbox-0.1_beta2.tar.bz2
sha1sum: 34cef23db6d81a34b27617c07e5c3f67128ca99d

sydbox-0.1_beta has been released.

• Fix bogus access violations. As an example sydbox would throw an
  access violation in a simple case like

  $ mkdir -p /var/tmp/paludis

  because of mkdir(“/var”, …) being called. This is now fixed.

• Use glib’s key file format for configuration file. This kills the dependency on dev-libs/confuse. Being a crucial system tool we’re trying to keep the dependencies as few as possible.

tarball: sydbox-0.1_beta.tar.bz2
sha1sum: 492a140d9472695fac0de5040aa2fb7ed5832c48