⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 ptracesandbox.c

📁 文件传输协议linux 下vsftpd2.1.0.tar.gz
💻 C
📖 第 1 页 / 共 3 页
字号:
🔍
123 
    return PTRACE_SANDBOX_ERR_API_ABUSE_STOPIT;  }  if (arg < 0 || arg > 2)  {    return PTRACE_SANDBOX_ERR_API_ABUSE_STOPIT;  }  ret = ptrace_sandbox_get_arg(p_sandbox, 1, &ptr);  if (ret != 0)  {    return ret;  }  ptr += (arg * 4);  ret = ptrace_sandbox_get_long(p_sandbox, ptr, p_out);  return ret;}intptrace_sandbox_get_long(struct pt_sandbox* p_sandbox,                        unsigned long ptr,                        unsigned long* p_out){  return ptrace_sandbox_get_buf(p_sandbox, ptr, sizeof(long), (void*) p_out);}intptrace_sandbox_get_buf(struct pt_sandbox* p_sandbox,                       unsigned long ptr,                       unsigned long len,                       void* p_buf){  long pt_ret;  char* p_out = (char*) p_buf;  for (; len > 0; len -= sizeof(long))  {    errno = 0;    pt_ret = ptrace(PTRACE_PEEKDATA, p_sandbox->pid, (void*) ptr, 0);    if (pt_ret == -1 && errno != 0)    {      warn("PTRACE_GETREGS failure");      if (errno == ESRCH)      {        return PTRACE_SANDBOX_ERR_DEAD;      }      return PTRACE_SANDBOX_ERR_PTRACE;    }    if (len >= sizeof(long))    {      memcpy(p_out, &pt_ret, sizeof(long));    }    else    {      memcpy(p_out, &pt_ret, len);    }    p_out += sizeof(long);    ptr += sizeof(long);  }  return 0;}static voidsanitize_child(){  /* Ensure that if our sandbox supervisor goes down, so do we. */  int ret = prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0);  if (ret != 0)  {    _exit(3);  }}static intget_action(struct pt_sandbox* p_sandbox){  int ret;  int call;  int cs;  long pt_ret = ptrace(PTRACE_GETREGS, p_sandbox->pid, 0, &(p_sandbox->regs));  if (pt_ret != 0)  {    warn("PTRACE_GETREGS failure");    if (errno == ESRCH)    {      return PTRACE_SANDBOX_ERR_DEAD;    }    return PTRACE_SANDBOX_ERR_PTRACE;  }  /* We need to be sure that the child is attempting a syscall against the   * 32-bit syscall table, otherwise they can bypass the policy by abusing the   * fact that e.g. syscall 200 is getgid32() on 32-bit but tkill() on 64-bit.   * If the syscall instruct was int80 or sysenter, is it guaranteed to hit   * the 32-bit table. If it is syscall, the current CS selector determines   * the table. Therefore, we can check the current CS selector references a   * known system-only selector that is guaranteed 32-bit (not long mode).   */  cs = p_sandbox->regs.xcs;  if (cs != 0x73 && cs != 0x23)  {    warnx("bad CS %d", cs);    ret = PTRACE_SANDBOX_ERR_BAD_SYSCALL;    goto out;  }  call = (int) p_sandbox->regs.orig_eax;  if (call < 0 || call >= MAX_SYSCALL)  {    warnx("syscall %d out of bounds", call);    ret = PTRACE_SANDBOX_ERR_BAD_SYSCALL;    goto out;  }  if (p_sandbox->is_allowed[call] != 1)  {    syslog(LOG_LOCAL0 | LOG_DEBUG, "syscall not permitted: %d", call);    warnx("syscall not permitted: %d", call);    ret = PTRACE_SANDBOX_ERR_POLICY_SYSCALL;    goto out;  }  if (p_sandbox->validator[call])  {    ptrace_sandbox_validator_t p_validate = p_sandbox->validator[call];    int validate_ret = (*p_validate)(p_sandbox, p_sandbox->validator_arg[call]);    if (validate_ret != 0)    {      syslog(LOG_LOCAL0 | LOG_DEBUG,             "syscall validate fail: %d (%d)",             call,             validate_ret);      warnx("syscall validate failed: %d (%d)", call, validate_ret);      ret = PTRACE_SANDBOX_ERR_POLICY_ARGS;      goto out;    }  }  ret = 0;out:  memset(&p_sandbox->regs, '\0', sizeof(&p_sandbox->regs));  return ret;}voidptrace_sandbox_permit_exit(struct pt_sandbox* p_sandbox){  p_sandbox->is_allowed[__NR_exit] = 1;  p_sandbox->is_allowed[__NR_exit_group] = 1;}voidptrace_sandbox_permit_read(struct pt_sandbox* p_sandbox){  p_sandbox->is_allowed[__NR_read] = 1;}voidptrace_sandbox_permit_write(struct pt_sandbox* p_sandbox){  p_sandbox->is_allowed[__NR_write] = 1;}voidptrace_sandbox_permit_sigaction(struct pt_sandbox* p_sandbox){  p_sandbox->is_allowed[__NR_sigaction] = 1;  p_sandbox->is_allowed[__NR_rt_sigaction] = 1;}voidptrace_sandbox_permit_alarm(struct pt_sandbox* p_sandbox){  p_sandbox->is_allowed[__NR_alarm] = 1;}voidptrace_sandbox_permit_query_time(struct pt_sandbox* p_sandbox){  p_sandbox->is_allowed[__NR_gettimeofday] = 1;  p_sandbox->is_allowed[__NR_time] = 1;}voidptrace_sandbox_permit_mmap(struct pt_sandbox* p_sandbox){  p_sandbox->is_allowed[__NR_mmap2] = 1;  p_sandbox->validator[__NR_mmap2] = validate_mmap2;}static intvalidate_mmap2(struct pt_sandbox* p_sandbox, void* p_arg){  unsigned long arg4;  int ret = ptrace_sandbox_get_arg(p_sandbox, 3, &arg4);  (void) p_arg;  if (ret != 0)  {    return ret;  }  if (arg4 & MAP_SHARED)  {    return -1;  }  return 0;}voidptrace_sandbox_permit_mprotect(struct pt_sandbox* p_sandbox){  p_sandbox->is_allowed[__NR_mprotect] = 1;}voidptrace_sandbox_permit_file_stats(struct pt_sandbox* p_sandbox){  p_sandbox->is_allowed[__NR_stat] = 1;  p_sandbox->is_allowed[__NR_stat64] = 1;  p_sandbox->is_allowed[__NR_lstat] = 1;  p_sandbox->is_allowed[__NR_lstat64] = 1;}voidptrace_sandbox_permit_fd_stats(struct pt_sandbox* p_sandbox){  p_sandbox->is_allowed[__NR_fstat] = 1;  p_sandbox->is_allowed[__NR_fstat64] = 1;}voidptrace_sandbox_permit_getcwd(struct pt_sandbox* p_sandbox){  p_sandbox->is_allowed[__NR_getcwd] = 1;}voidptrace_sandbox_permit_chdir(struct pt_sandbox* p_sandbox){  p_sandbox->is_allowed[__NR_chdir] = 1;}voidptrace_sandbox_permit_umask(struct pt_sandbox* p_sandbox){  p_sandbox->is_allowed[__NR_umask] = 1;}voidptrace_sandbox_permit_open(struct pt_sandbox* p_sandbox, int writeable){  p_sandbox->is_allowed[__NR_open] = 1;  if (writeable == 1)  {    p_sandbox->validator[__NR_open] = validate_open_default;  }  else  {    p_sandbox->validator[__NR_open] = validate_open_readonly;  }}static intvalidate_open_default(struct pt_sandbox* p_sandbox, void* p_arg){  unsigned long arg2;  int ret = ptrace_sandbox_get_arg(p_sandbox, 1, &arg2);  (void) p_arg;  if (ret != 0)  {    return ret;  }  if (arg2 & (O_ASYNC | O_DIRECT | O_SYNC))  {    return -1;  }  return 0;}static intvalidate_open_readonly(struct pt_sandbox* p_sandbox, void* p_arg){  unsigned long arg2;  int ret = validate_open_default(p_sandbox, p_arg);  if (ret != 0)  {    return ret;  }  ret = ptrace_sandbox_get_arg(p_sandbox, 1, &arg2);  if (ret != 0)  {    return ret;  }  if ((arg2 & O_ACCMODE) != O_RDONLY)  {    return -1;  }  return 0;}voidptrace_sandbox_permit_close(struct pt_sandbox* p_sandbox){  p_sandbox->is_allowed[__NR_close] = 1;}voidptrace_sandbox_permit_getdents(struct pt_sandbox* p_sandbox){  p_sandbox->is_allowed[__NR_getdents] = 1;  p_sandbox->is_allowed[__NR_getdents64] = 1;}voidptrace_sandbox_permit_fcntl(struct pt_sandbox* p_sandbox){  p_sandbox->is_allowed[__NR_fcntl] = 1;  p_sandbox->validator[__NR_fcntl] = validate_fcntl;  p_sandbox->is_allowed[__NR_fcntl64] = 1;  p_sandbox->validator[__NR_fcntl64] = validate_fcntl;}static intvalidate_fcntl(struct pt_sandbox* p_sandbox, void* p_arg){  unsigned long arg2;  unsigned long arg3;  int ret = ptrace_sandbox_get_arg(p_sandbox, 1, &arg2);  (void) p_arg;  if (ret != 0)  {    return ret;  }  ret = ptrace_sandbox_get_arg(p_sandbox, 2, &arg3);  if (ret != 0)  {    return ret;  }  if (arg2 != F_GETFL &&      arg2 != F_SETFL &&      arg2 != F_SETOWN &&      arg2 != F_SETLK &&      arg2 != F_SETLKW &&      arg2 != F_SETLK64 &&      arg2 != F_SETLKW64 &&      arg2 != F_SETFD &&      arg2 != F_GETFD)  {    syslog(LOG_LOCAL0 | LOG_DEBUG, "fcntl not permitted: %ld", arg2);    warnx("fcntl not permitted: %ld", arg2);    return -1;  }  if (arg2 == F_SETFL && (arg3 & (O_ASYNC | O_DIRECT)))  {    return -2;  }  if (arg2 == F_SETOWN && (int) arg3 != p_sandbox->pid)  {    return -3;  }  return 0;}voidptrace_sandbox_permit_sendfile(struct pt_sandbox* p_sandbox){  p_sandbox->is_allowed[__NR_sendfile] = 1;  p_sandbox->is_allowed[__NR_sendfile64] = 1;}voidptrace_sandbox_permit_seek(struct pt_sandbox* p_sandbox){  p_sandbox->is_allowed[__NR_lseek] = 1;  p_sandbox->is_allowed[__NR__llseek] = 1;}voidptrace_sandbox_permit_select(struct pt_sandbox* p_sandbox){  p_sandbox->is_allowed[__NR_select] = 1;  p_sandbox->is_allowed[__NR__newselect] = 1;}voidptrace_sandbox_permit_unlink(struct pt_sandbox* p_sandbox){  p_sandbox->is_allowed[__NR_unlink] = 1;}voidptrace_sandbox_permit_mkdir(struct pt_sandbox* p_sandbox){  p_sandbox->is_allowed[__NR_mkdir] = 1;}voidptrace_sandbox_permit_rmdir(struct pt_sandbox* p_sandbox){  p_sandbox->is_allowed[__NR_rmdir] = 1;}voidptrace_sandbox_permit_rename(struct pt_sandbox* p_sandbox){  p_sandbox->is_allowed[__NR_rename] = 1;}voidptrace_sandbox_permit_utime(struct pt_sandbox* p_sandbox){  p_sandbox->is_allowed[__NR_utime] = 1;  p_sandbox->is_allowed[__NR_utimes] = 1;}voidptrace_sandbox_permit_sigreturn(struct pt_sandbox* p_sandbox){  p_sandbox->is_allowed[__NR_sigreturn] = 1;}voidptrace_sandbox_permit_recv(struct pt_sandbox* p_sandbox){  install_socketcall(p_sandbox);  p_sandbox->is_socketcall_allowed[SYS_RECV] = 1;}static voidinstall_socketcall(struct pt_sandbox* p_sandbox){  p_sandbox->is_allowed[__NR_socketcall] = 1;  p_sandbox->validator[__NR_socketcall] = validate_socketcall;}static intvalidate_socketcall(struct pt_sandbox* p_sandbox, void* p_arg){  unsigned long arg1;  int ret = ptrace_sandbox_get_arg(p_sandbox, 0, &arg1);  (void) p_arg;  if (ret != 0)  {    return ret;  }  if (arg1 < 1 || arg1 >= NPROTO)  {    return -1;  }  if (p_sandbox->is_socketcall_allowed[arg1] != 1)  {    syslog(LOG_LOCAL0 | LOG_DEBUG, "socketcall not permitted: %ld", arg1);    warnx("socketcall not permitted: %ld", arg1);    return -2;  }  if (p_sandbox->socketcall_validator[arg1])  {    ptrace_sandbox_validator_t p_val = p_sandbox->socketcall_validator[arg1];    ret = (*p_val)(p_sandbox, p_sandbox->socketcall_validator_arg[arg1]);    if (ret != 0)    {      syslog(LOG_LOCAL0 | LOG_DEBUG,             "socketcall validate fail: %ld (%d)",             arg1,             ret);      warnx("socketcall validate fail: %ld (%d)", arg1, ret);      return -3;    }  }  return 0;}voidptrace_sandbox_permit_readlink(struct pt_sandbox* p_sandbox){  p_sandbox->is_allowed[__NR_readlink] = 1;}voidptrace_sandbox_permit_brk(struct pt_sandbox* p_sandbox){  p_sandbox->is_allowed[__NR_brk] = 1;}voidptrace_sandbox_permit_sleep(struct pt_sandbox* p_sandbox){  p_sandbox->is_allowed[__NR_nanosleep] = 1;}voidptrace_sandbox_permit_fchmod(struct pt_sandbox* p_sandbox){  p_sandbox->is_allowed[__NR_fchmod] = 1;}voidptrace_sandbox_permit_chmod(struct pt_sandbox* p_sandbox){  p_sandbox->is_allowed[__NR_chmod] = 1;}voidptrace_sandbox_permit_fchown(struct pt_sandbox* p_sandbox){  p_sandbox->is_allowed[__NR_fchown] = 1;  p_sandbox->is_allowed[__NR_fchown32] = 1;}voidptrace_sandbox_permit_mremap(struct pt_sandbox* p_sandbox){  p_sandbox->is_allowed[__NR_mremap] = 1;}voidptrace_sandbox_permit_ftruncate(struct pt_sandbox* p_sandbox){  p_sandbox->is_allowed[__NR_ftruncate] = 1;
123

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -