Merge GH #1808 Add sandbox feature to CLI

6 files changed, 82 insertions, 0 deletions

diff --git a/src/build-data/os/freebsd.txt b/src/build-data/os/freebsd.txt
index 166981c0b..abae36116 100644
--- a/src/build-data/os/freebsd.txt
+++ b/src/build-data/os/freebsd.txt
@@ -10,6 +10,7 @@ clock_gettime
 dev_random
 arc4random
 explicit_bzero
+cap_enter
 
 sockets
 threads
diff --git a/src/build-data/os/openbsd.txt b/src/build-data/os/openbsd.txt
index 5ee81206e..e1a4c55eb 100644
--- a/src/build-data/os/openbsd.txt
+++ b/src/build-data/os/openbsd.txt
@@ -15,6 +15,7 @@ dev_random
 arc4random
 getentropy
 explicit_bzero
+pledge
 
 sockets
 threads
diff --git a/src/cli/sandbox.cpp b/src/cli/sandbox.cpp
new file mode 100644
index 000000000..90eaf8b89
--- /dev/null
+++ b/src/cli/sandbox.cpp
@@ -0,0 +1,44 @@
+/*
+* (C) 2019 David Carlier <[email protected]>
+*
+* Botan is released under the Simplified BSD License (see license.txt)
+*/
+
+#include "sandbox.h"
+#include <botan/build.h>
+
+#if defined(BOTAN_TARGET_OS_HAS_PLEDGE)
+  #include <unistd.h>
+#elif defined(BOTAN_TARGET_OS_HAS_CAP_ENTER)
+  #include <sys/capsicum.h>
+#endif
+
+namespace Botan_CLI {
+
+Sandbox::Sandbox()
+   {
+#if defined(BOTAN_TARGET_OS_HAS_PLEDGE)
+   m_name = "pledge";
+#elif defined(BOTAN_TARGET_OS_HAS_CAP_ENTER)
+   m_name = "capsicum";
+#else
+   m_name = "<none>";
+#endif
+   }
+
+bool Sandbox::init()
+   {
+#if defined(BOTAN_TARGET_OS_HAS_PLEDGE)
+   const static char *opts = "stdio rpath inet error";
+   return (::pledge(opts, nullptr) == 0);
+#elif defined(BOTAN_TARGET_OS_HAS_CAP_ENTER)
+   return (::cap_enter() == 0);
+#else
+   return true;
+#endif
+   }
+
+Sandbox::~Sandbox()
+   {
+   }
+}
diff --git a/src/cli/sandbox.h b/src/cli/sandbox.h
new file mode 100644
index 000000000..c719b8390
--- /dev/null
+++ b/src/cli/sandbox.h
@@ -0,0 +1,27 @@
+/*
+* (C) 2019 David Carlier <[email protected]>
+*
+* Botan is released under the Simplified BSD License (see license.txt)
+*/
+
+#ifndef BOTAN_SANDBOX_H_
+
+#include <string>
+
+namespace Botan_CLI {
+
+class Sandbox
+   {
+   public:
+	   explicit Sandbox();
+	   bool init();
+	   virtual ~Sandbox();
+	   const std::string& name() const
+              {
+              return m_name;
+	      } 
+   private:
+	   std::string m_name;
+   };
+}
+#endif
diff --git a/src/cli/tls_server.cpp b/src/cli/tls_server.cpp
index c8e6c58f3..9ec4ff7aa 100644
--- a/src/cli/tls_server.cpp
+++ b/src/cli/tls_server.cpp
@@ -7,6 +7,7 @@
 */
 
 #include "cli.h"
+#include "sandbox.h"
 
 #if defined(BOTAN_HAS_TLS) && defined(BOTAN_TARGET_OS_HAS_FILESYSTEM) && \
    (defined(BOTAN_TARGET_OS_HAS_SOCKETS) || defined(BOTAN_TARGET_OS_HAS_WINSOCK2))
@@ -87,6 +88,12 @@ class TLS_Server final : public Command, public Botan::TLS::Callbacks
 
          output() << "Listening for new connections on " << transport << " port " << port << std::endl;
 
+	 if(!m_sandbox.init())
+            {
+            error_output() << "Failed sandboxing\n";
+	    return;
+	    }
+
          int server_fd = make_server_socket(port);
          size_t clients_served = 0;
 
@@ -323,6 +330,7 @@ class TLS_Server final : public Command, public Botan::TLS::Callbacks
       bool m_is_tcp = false;
       std::string m_line_buf;
       std::list<std::string> m_pending_output;
+      Sandbox m_sandbox;
    };
 
 BOTAN_REGISTER_COMMAND("tls_server", TLS_Server);
diff --git a/src/lib/utils/os_utils.h b/src/lib/utils/os_utils.h
index 6ec64b2fd..37a8d3a9c 100644
--- a/src/lib/utils/os_utils.h
+++ b/src/lib/utils/os_utils.h
@@ -122,6 +122,7 @@ void page_prohibit_access(void* page);
 */
 void page_allow_access(void* page);
 
+
 /**
 * Run a probe instruction to test for support for a CPU instruction.
 * Runs in system-specific env that catches illegal instructions; this