From 5517207e61343b7c37cb3708f33285b53a6b304b Mon Sep 17 00:00:00 2001 From: David Carlier Date: Sun, 13 Jan 2019 18:08:00 +0000 Subject: Sandboxing feature from CLI pov. No resources to free with actual OS features but might be of use for later. --- src/cli/sandbox.cpp | 44 ++++++++++++++++++++++++++++++++++++++++++++ src/cli/sandbox.h | 27 +++++++++++++++++++++++++++ src/cli/tls_server.cpp | 4 +++- src/lib/utils/os_utils.cpp | 16 ---------------- src/lib/utils/os_utils.h | 8 -------- 5 files changed, 74 insertions(+), 25 deletions(-) create mode 100644 src/cli/sandbox.cpp create mode 100644 src/cli/sandbox.h diff --git a/src/cli/sandbox.cpp b/src/cli/sandbox.cpp new file mode 100644 index 000000000..90eaf8b89 --- /dev/null +++ b/src/cli/sandbox.cpp @@ -0,0 +1,44 @@ +/* +* (C) 2019 David Carlier +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include "sandbox.h" +#include + +#if defined(BOTAN_TARGET_OS_HAS_PLEDGE) + #include +#elif defined(BOTAN_TARGET_OS_HAS_CAP_ENTER) + #include +#endif + +namespace Botan_CLI { + +Sandbox::Sandbox() + { +#if defined(BOTAN_TARGET_OS_HAS_PLEDGE) + m_name = "pledge"; +#elif defined(BOTAN_TARGET_OS_HAS_CAP_ENTER) + m_name = "capsicum"; +#else + m_name = ""; +#endif + } + +bool Sandbox::init() + { +#if defined(BOTAN_TARGET_OS_HAS_PLEDGE) + const static char *opts = "stdio rpath inet error"; + return (::pledge(opts, nullptr) == 0); +#elif defined(BOTAN_TARGET_OS_HAS_CAP_ENTER) + return (::cap_enter() == 0); +#else + return true; +#endif + } + +Sandbox::~Sandbox() + { + } +} diff --git a/src/cli/sandbox.h b/src/cli/sandbox.h new file mode 100644 index 000000000..c719b8390 --- /dev/null +++ b/src/cli/sandbox.h @@ -0,0 +1,27 @@ +/* +* (C) 2019 David Carlier +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#ifndef BOTAN_SANDBOX_H_ + +#include + +namespace Botan_CLI { + +class Sandbox + { + public: + explicit Sandbox(); + bool init(); + virtual ~Sandbox(); + const std::string& name() const + { + return m_name; + } + private: + std::string m_name; + }; +} +#endif diff --git a/src/cli/tls_server.cpp b/src/cli/tls_server.cpp index 7259c091b..9ec4ff7aa 100644 --- a/src/cli/tls_server.cpp +++ b/src/cli/tls_server.cpp @@ -7,6 +7,7 @@ */ #include "cli.h" +#include "sandbox.h" #if defined(BOTAN_HAS_TLS) && defined(BOTAN_TARGET_OS_HAS_FILESYSTEM) && \ (defined(BOTAN_TARGET_OS_HAS_SOCKETS) || defined(BOTAN_TARGET_OS_HAS_WINSOCK2)) @@ -87,7 +88,7 @@ class TLS_Server final : public Command, public Botan::TLS::Callbacks output() << "Listening for new connections on " << transport << " port " << port << std::endl; - if(!Botan::OS::sandbox_start()) + if(!m_sandbox.init()) { error_output() << "Failed sandboxing\n"; return; @@ -329,6 +330,7 @@ class TLS_Server final : public Command, public Botan::TLS::Callbacks bool m_is_tcp = false; std::string m_line_buf; std::list m_pending_output; + Sandbox m_sandbox; }; BOTAN_REGISTER_COMMAND("tls_server", TLS_Server); diff --git a/src/lib/utils/os_utils.cpp b/src/lib/utils/os_utils.cpp index 9ec45a8c1..f373ece99 100644 --- a/src/lib/utils/os_utils.cpp +++ b/src/lib/utils/os_utils.cpp @@ -45,10 +45,6 @@ #include #endif -#if defined(BOTAN_TARGET_OS_CAP_ENTER) - #include -#endif - namespace Botan { // Not defined in OS namespace for historical reasons @@ -106,18 +102,6 @@ bool OS::running_in_privileged_state() #endif } -bool OS::sandbox_start() - { -#if defined(BOTAN_TARGET_OS_HAS_PLEDGE) - const static char *opts = "stdio rpath inet"; - return (::pledge(opts, nullptr) == 0); -#elif defined(BOTAN_TARGET_OS_HAS_CAP_ENTER) - return (::cap_enter() == 0); -#else - return true; -#endif - } - uint64_t OS::get_cpu_cycle_counter() { uint64_t rtc = 0; diff --git a/src/lib/utils/os_utils.h b/src/lib/utils/os_utils.h index 53471db88..37a8d3a9c 100644 --- a/src/lib/utils/os_utils.h +++ b/src/lib/utils/os_utils.h @@ -33,14 +33,6 @@ namespace OS { */ uint32_t BOTAN_TEST_API get_process_id(); -/** -* Running current context in a sandboxed manner -* Usually any sandbox solution might allow to -* adjust down the permissions but never allow -* to expand them. -*/ -bool BOTAN_TEST_API sandbox_start(); - /** * Test if we are currently running with elevated permissions * eg setuid, setgid, or with POSIX caps set. -- cgit v1.2.3