aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2019-01-14 10:50:48 -0500
committerJack Lloyd <[email protected]>2019-01-14 10:50:48 -0500
commit4c3016578da7b9840bb77563f4257df11c9f1de9 (patch)
treeec1e150a332256875c6243f3cc40e52980104802 /src
parentaaa70832c2295b7d9007d7ab516824a73584b224 (diff)
parent5517207e61343b7c37cb3708f33285b53a6b304b (diff)
Merge GH #1808 Add sandbox feature to CLI
Diffstat (limited to 'src')
-rw-r--r--src/build-data/os/freebsd.txt1
-rw-r--r--src/build-data/os/openbsd.txt1
-rw-r--r--src/cli/sandbox.cpp44
-rw-r--r--src/cli/sandbox.h27
-rw-r--r--src/cli/tls_server.cpp8
-rw-r--r--src/lib/utils/os_utils.h1
6 files changed, 82 insertions, 0 deletions
diff --git a/src/build-data/os/freebsd.txt b/src/build-data/os/freebsd.txt
index 166981c0b..abae36116 100644
--- a/src/build-data/os/freebsd.txt
+++ b/src/build-data/os/freebsd.txt
@@ -10,6 +10,7 @@ clock_gettime
dev_random
arc4random
explicit_bzero
+cap_enter
sockets
threads
diff --git a/src/build-data/os/openbsd.txt b/src/build-data/os/openbsd.txt
index 5ee81206e..e1a4c55eb 100644
--- a/src/build-data/os/openbsd.txt
+++ b/src/build-data/os/openbsd.txt
@@ -15,6 +15,7 @@ dev_random
arc4random
getentropy
explicit_bzero
+pledge
sockets
threads
diff --git a/src/cli/sandbox.cpp b/src/cli/sandbox.cpp
new file mode 100644
index 000000000..90eaf8b89
--- /dev/null
+++ b/src/cli/sandbox.cpp
@@ -0,0 +1,44 @@
+/*
+* (C) 2019 David Carlier <[email protected]>
+*
+* Botan is released under the Simplified BSD License (see license.txt)
+*/
+
+#include "sandbox.h"
+#include <botan/build.h>
+
+#if defined(BOTAN_TARGET_OS_HAS_PLEDGE)
+ #include <unistd.h>
+#elif defined(BOTAN_TARGET_OS_HAS_CAP_ENTER)
+ #include <sys/capsicum.h>
+#endif
+
+namespace Botan_CLI {
+
+Sandbox::Sandbox()
+ {
+#if defined(BOTAN_TARGET_OS_HAS_PLEDGE)
+ m_name = "pledge";
+#elif defined(BOTAN_TARGET_OS_HAS_CAP_ENTER)
+ m_name = "capsicum";
+#else
+ m_name = "<none>";
+#endif
+ }
+
+bool Sandbox::init()
+ {
+#if defined(BOTAN_TARGET_OS_HAS_PLEDGE)
+ const static char *opts = "stdio rpath inet error";
+ return (::pledge(opts, nullptr) == 0);
+#elif defined(BOTAN_TARGET_OS_HAS_CAP_ENTER)
+ return (::cap_enter() == 0);
+#else
+ return true;
+#endif
+ }
+
+Sandbox::~Sandbox()
+ {
+ }
+}
diff --git a/src/cli/sandbox.h b/src/cli/sandbox.h
new file mode 100644
index 000000000..c719b8390
--- /dev/null
+++ b/src/cli/sandbox.h
@@ -0,0 +1,27 @@
+/*
+* (C) 2019 David Carlier <[email protected]>
+*
+* Botan is released under the Simplified BSD License (see license.txt)
+*/
+
+#ifndef BOTAN_SANDBOX_H_
+
+#include <string>
+
+namespace Botan_CLI {
+
+class Sandbox
+ {
+ public:
+ explicit Sandbox();
+ bool init();
+ virtual ~Sandbox();
+ const std::string& name() const
+ {
+ return m_name;
+ }
+ private:
+ std::string m_name;
+ };
+}
+#endif
diff --git a/src/cli/tls_server.cpp b/src/cli/tls_server.cpp
index c8e6c58f3..9ec4ff7aa 100644
--- a/src/cli/tls_server.cpp
+++ b/src/cli/tls_server.cpp
@@ -7,6 +7,7 @@
*/
#include "cli.h"
+#include "sandbox.h"
#if defined(BOTAN_HAS_TLS) && defined(BOTAN_TARGET_OS_HAS_FILESYSTEM) && \
(defined(BOTAN_TARGET_OS_HAS_SOCKETS) || defined(BOTAN_TARGET_OS_HAS_WINSOCK2))
@@ -87,6 +88,12 @@ class TLS_Server final : public Command, public Botan::TLS::Callbacks
output() << "Listening for new connections on " << transport << " port " << port << std::endl;
+ if(!m_sandbox.init())
+ {
+ error_output() << "Failed sandboxing\n";
+ return;
+ }
+
int server_fd = make_server_socket(port);
size_t clients_served = 0;
@@ -323,6 +330,7 @@ class TLS_Server final : public Command, public Botan::TLS::Callbacks
bool m_is_tcp = false;
std::string m_line_buf;
std::list<std::string> m_pending_output;
+ Sandbox m_sandbox;
};
BOTAN_REGISTER_COMMAND("tls_server", TLS_Server);
diff --git a/src/lib/utils/os_utils.h b/src/lib/utils/os_utils.h
index 6ec64b2fd..37a8d3a9c 100644
--- a/src/lib/utils/os_utils.h
+++ b/src/lib/utils/os_utils.h
@@ -122,6 +122,7 @@ void page_prohibit_access(void* page);
*/
void page_allow_access(void* page);
+
/**
* Run a probe instruction to test for support for a CPU instruction.
* Runs in system-specific env that catches illegal instructions; this