diff options
author | Jack Lloyd <[email protected]> | 2019-01-14 10:50:48 -0500 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2019-01-14 10:50:48 -0500 |
commit | 4c3016578da7b9840bb77563f4257df11c9f1de9 (patch) | |
tree | ec1e150a332256875c6243f3cc40e52980104802 /src | |
parent | aaa70832c2295b7d9007d7ab516824a73584b224 (diff) | |
parent | 5517207e61343b7c37cb3708f33285b53a6b304b (diff) |
Merge GH #1808 Add sandbox feature to CLI
Diffstat (limited to 'src')
-rw-r--r-- | src/build-data/os/freebsd.txt | 1 | ||||
-rw-r--r-- | src/build-data/os/openbsd.txt | 1 | ||||
-rw-r--r-- | src/cli/sandbox.cpp | 44 | ||||
-rw-r--r-- | src/cli/sandbox.h | 27 | ||||
-rw-r--r-- | src/cli/tls_server.cpp | 8 | ||||
-rw-r--r-- | src/lib/utils/os_utils.h | 1 |
6 files changed, 82 insertions, 0 deletions
diff --git a/src/build-data/os/freebsd.txt b/src/build-data/os/freebsd.txt index 166981c0b..abae36116 100644 --- a/src/build-data/os/freebsd.txt +++ b/src/build-data/os/freebsd.txt @@ -10,6 +10,7 @@ clock_gettime dev_random arc4random explicit_bzero +cap_enter sockets threads diff --git a/src/build-data/os/openbsd.txt b/src/build-data/os/openbsd.txt index 5ee81206e..e1a4c55eb 100644 --- a/src/build-data/os/openbsd.txt +++ b/src/build-data/os/openbsd.txt @@ -15,6 +15,7 @@ dev_random arc4random getentropy explicit_bzero +pledge sockets threads diff --git a/src/cli/sandbox.cpp b/src/cli/sandbox.cpp new file mode 100644 index 000000000..90eaf8b89 --- /dev/null +++ b/src/cli/sandbox.cpp @@ -0,0 +1,44 @@ +/* +* (C) 2019 David Carlier <[email protected]> +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include "sandbox.h" +#include <botan/build.h> + +#if defined(BOTAN_TARGET_OS_HAS_PLEDGE) + #include <unistd.h> +#elif defined(BOTAN_TARGET_OS_HAS_CAP_ENTER) + #include <sys/capsicum.h> +#endif + +namespace Botan_CLI { + +Sandbox::Sandbox() + { +#if defined(BOTAN_TARGET_OS_HAS_PLEDGE) + m_name = "pledge"; +#elif defined(BOTAN_TARGET_OS_HAS_CAP_ENTER) + m_name = "capsicum"; +#else + m_name = "<none>"; +#endif + } + +bool Sandbox::init() + { +#if defined(BOTAN_TARGET_OS_HAS_PLEDGE) + const static char *opts = "stdio rpath inet error"; + return (::pledge(opts, nullptr) == 0); +#elif defined(BOTAN_TARGET_OS_HAS_CAP_ENTER) + return (::cap_enter() == 0); +#else + return true; +#endif + } + +Sandbox::~Sandbox() + { + } +} diff --git a/src/cli/sandbox.h b/src/cli/sandbox.h new file mode 100644 index 000000000..c719b8390 --- /dev/null +++ b/src/cli/sandbox.h @@ -0,0 +1,27 @@ +/* +* (C) 2019 David Carlier <[email protected]> +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#ifndef BOTAN_SANDBOX_H_ + +#include <string> + +namespace Botan_CLI { + +class Sandbox + { + public: + explicit Sandbox(); + bool init(); + virtual ~Sandbox(); + const std::string& name() const + { + return m_name; + } + private: + std::string m_name; + }; +} +#endif diff --git a/src/cli/tls_server.cpp b/src/cli/tls_server.cpp index c8e6c58f3..9ec4ff7aa 100644 --- a/src/cli/tls_server.cpp +++ b/src/cli/tls_server.cpp @@ -7,6 +7,7 @@ */ #include "cli.h" +#include "sandbox.h" #if defined(BOTAN_HAS_TLS) && defined(BOTAN_TARGET_OS_HAS_FILESYSTEM) && \ (defined(BOTAN_TARGET_OS_HAS_SOCKETS) || defined(BOTAN_TARGET_OS_HAS_WINSOCK2)) @@ -87,6 +88,12 @@ class TLS_Server final : public Command, public Botan::TLS::Callbacks output() << "Listening for new connections on " << transport << " port " << port << std::endl; + if(!m_sandbox.init()) + { + error_output() << "Failed sandboxing\n"; + return; + } + int server_fd = make_server_socket(port); size_t clients_served = 0; @@ -323,6 +330,7 @@ class TLS_Server final : public Command, public Botan::TLS::Callbacks bool m_is_tcp = false; std::string m_line_buf; std::list<std::string> m_pending_output; + Sandbox m_sandbox; }; BOTAN_REGISTER_COMMAND("tls_server", TLS_Server); diff --git a/src/lib/utils/os_utils.h b/src/lib/utils/os_utils.h index 6ec64b2fd..37a8d3a9c 100644 --- a/src/lib/utils/os_utils.h +++ b/src/lib/utils/os_utils.h @@ -122,6 +122,7 @@ void page_prohibit_access(void* page); */ void page_allow_access(void* page); + /** * Run a probe instruction to test for support for a CPU instruction. * Runs in system-specific env that catches illegal instructions; this |