From 0ba895520444a0aac0ce70457c05cc2d0ba1885b Mon Sep 17 00:00:00 2001 From: Lauri Aarnio Date: Tue, 21 Oct 2008 14:30:43 +0300 Subject: Cpu transparency logic is now completely implemented in Lua. - "sbrsh" is now also handled by an exec postprocessor: Replaced that hard-coded logic what we had in sb_exec.c; all that is now handled by argvenvp.lua but the logic is still quite hard-coded and can't be controlled by an exec policy, yet. - "sb.getcwd()" was added to luaif.c, argvenvp.lua needs it - one more environment variable was removed (SBRSH_CONFIG) --- lua_scripts/argvenvp.lua | 145 ++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 144 insertions(+), 1 deletion(-) (limited to 'lua_scripts') diff --git a/lua_scripts/argvenvp.lua b/lua_scripts/argvenvp.lua index 886e323..0ba1890 100644 --- a/lua_scripts/argvenvp.lua +++ b/lua_scripts/argvenvp.lua @@ -207,9 +207,150 @@ end if string.match(sbox_cputransparency_method, "qemu") then cputransparency_method_is_qemu = true end +if string.match(sbox_cputransparency_method, "sbrsh") then + cputransparency_method_is_sbrsh = true +end + +function split_to_tokens(text,delim) + local results = {} + local c + for c in string.gmatch(text, delim) do + table.insert(results, c) + end + return results +end + +-- Remove selected elements from a table of strings. +-- Returns a new table containing the selected elements, or nil if none +-- was found. Original table may be modified! +function pick_and_remove_elems_from_string_table(tbl,pattern) + local res = nil + + if tbl ~= nil then + local i = #tbl + while (i > 0) do + if string.match(tbl[i], pattern) then + local elem = table.remove(tbl, i) + if res == nil then + res = {} + end + table.insert(res, elem) + end + i = i - 1 + end + end + return(res) +end + +function sb_execve_postprocess_sbrsh(rule, exec_policy, + exec_type, mapped_file, filename, argv, envp) + + local new_argv = split_to_tokens(sbox_cputransparency_method,"[^%s]+") + + if #new_argv < 1 then + sb.log("error", "Invalid sbox_cputransparency_method set"); + -- deny + return -1, mapped_file, filename, #argv, argv, #envp, envp + end + if (sbox_target_root == nil) or (sbox_target_root == "") then + sb.log("error", + "sbox_target_root not set, ".. + "unable to execute the target binary"); + return -1, mapped_file, filename, #argv, argv, #envp, envp + end + + sb.log("info", string.format("Exec:sbrsh (%s,%s,%s)", + new_argv[1], sbox_target_root, mapped_file)); + + local target_root = sbox_target_root + if not string.match(target_root, "/$") then + -- Add a trailing / + target_root = target_root.."/" + end + + local file_in_device = mapped_file; + + -- Check the file to execute; fail if the file can + -- not be located on the device + if isprefix(target_root, mapped_file) then + local trlen = string.len(target_root) + file_in_device = string.sub(file_in_device, trlen) + elseif isprefix(sbox_user_home_dir, mapped_file) then + -- no change + else + sb.log("error", string.format( + "Binary must be under target (%s) or".. + " home when using sbrsh", target_root)) + return -1, mapped_file, filename, #argv, argv, #envp, envp + end + + -- Check directory + local dir_in_device = sb.getcwd() + + if isprefix(target_root, dir_in_device) then + local trlen = string.len(target_root) + dir_in_device = string.sub(dir_in_device, trlen) + elseif isprefix(sbox_user_home_dir, dir_in_device) then + -- no change + else + sb.log("warning", string.format( + "Executing binary with bogus working".. + " directory (/tmp) because sbrsh can only".. + " see %s and %s\n", + target_root, sbox_user_home_dir)) + dir_in_device = "/tmp" + end + + local new_envp = envp + local new_filename = new_argv[1] -- first component of method + + if (sbox_sbrsh_config ~= nil) and (sbox_sbrsh_config ~= "") then + table.insert(new_argv, "--config") + table.insert(new_argv, sbox_sbrsh_config) + end + table.insert(new_argv, "--directory") + table.insert(new_argv, dir_in_device) + table.insert(new_argv, file_in_device) + + -- Append arguments for target process (skip argv[0], + -- there isn't currently any way to give that over sbrsh) + for i = 2, #argv do + table.insert(new_argv, argv[i]) + end + + -- remove libsb2 from LD_PRELOAD + local ld_preload_tbl = pick_and_remove_elems_from_string_table( + new_envp, "^LD_PRELOAD=") + if ld_preload_tbl == nil then + sb.log("debug", "LD_PRELOAD not found") + else + sb.log("debug", string.format("LD_PRELOAD was %s", + ld_preload_tbl[1])) + local ld_preload_path = string.gsub(ld_preload_tbl[1], + "^LD_PRELOAD=", "", 1) + local ld_preload_components = split_to_tokens(ld_preload_path, + "[^:]+") + -- pick & throw away libsb2.so + pick_and_remove_elems_from_string_table(ld_preload_components, + sbox_libsb2) + if #ld_preload_components > 0 then + local new_ld_preload = table.concat( + ld_preload_components, ":") + table.insert(new_envp, "LD_PRELOAD="..new_ld_preload) + sb.log("debug", "set LD_PRELOAD to "..new_ld_preload) + else + sb.log("debug", "nothing left, run without LD_PRELOAD") + end + end + + -- environment&args were changed + return 0, new_filename, filename, #new_argv, new_argv, + #new_envp, new_envp +end function sb_execve_postprocess_cpu_transparency_executable(rule, exec_policy, exec_type, mapped_file, filename, argv, envp) + sb.log("debug", "postprocessing cpu_transparency for " .. filename) if cputransparency_method_is_qemu then @@ -260,7 +401,9 @@ function sb_execve_postprocess_cpu_transparency_executable(rule, exec_policy, -- environment&args were changed return 0, new_filename, filename, #new_argv, new_argv, #new_envp, new_envp - -- FIXME: here we should have "elseif cputransparency_method_is_sbrsh".. + elseif cputransparency_method_is_sbrsh then + return sb_execve_postprocess_sbrsh(rule, exec_policy, + exec_type, mapped_file, filename, argv, envp) end -- no changes -- cgit v1.2.3