diff --git a/README.md b/README.md index 868f2ad..a4fca10 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,13 @@ -qssb (quite simple sandbox) -=========================== -qssb.h is a simple header only library for easy sandboxing of -applications. +qssb.h (quite simple sandbox) +============================= +qssb.h is a simple header only library that provides an interface +to sandbox applications. Using Seccomp and Linux Namespaces for that +purpose requires some knowledge of annoying details which this library +aims to abstract away as much as possible. -It aims to provide an interface to avoid the annoying details that -using Seccomp and Linux Namespaces requires. +Status +====== +No release yet, API is unstable. Features ======== @@ -13,11 +16,25 @@ privileges, isolating the application from the network, etc. Requirements ============ -Kernel x.y.z. +Kernel >=3.17 +sys/capabilities.h header. Depending on your system, libcap +might be needed for this. -Status -====== -No release yet, API is unstable. + + +FAQ +=== + +Does the process need to be priviliged to utilize the library? +---------------------------------------------------------------- +No. + +It doesn't work on Debian! +-------------------------- +You can thank a Debian-specific patch for that. In the future, +the library may check against that. Execute +echo 1 > /proc/sys/kernel/unprivileged_userns_clone to disable that +patch for now. Documentation ============= @@ -30,7 +47,7 @@ Real world project: cgit sandboxed: https://git.quitesimple.org/cgitsb Contributing ============ -Contributations are very welcome. Options: +Contributions are very welcome. Options: 1) Pull-Request: github.com/quitesimpleorg/qssb 2) Mail to qssb at quitesimple.org with instructions on where to pull the changes. diff --git a/qssb.h b/qssb.h index cb1db6f..1a445ed 100644 --- a/qssb.h +++ b/qssb.h @@ -140,7 +140,18 @@ int random_string(char *buffer, size_t buffer_length) static int mkdir_structure(const char *p, mode_t mode) { char path[PATH_MAX] = { 0 }; - snprintf(path, sizeof(path), "%s/", p); + int res = snprintf(path, sizeof(path), "%s/", p); + if(res < 0) + { + QSSB_LOG_ERROR("qssb: mkdir_strucutre: error during path concatination\n"); + return -EINVAL; + } + if(res >= PATH_MAX) + { + QSSB_LOG_ERROR("qssb: mkdir_structure: path concatination truncated\n"); + return -EINVAL; + } + char *begin = path; char *end = begin+1; @@ -193,7 +204,17 @@ static int mount_to_chroot(const char *chroot_target_path, char **paths, unsigne while(path != NULL) { char path_inside_chroot[PATH_MAX]; - snprintf(path_inside_chroot, sizeof(path_inside_chroot), "%s/%s", chroot_target_path, path); + int written = snprintf(path_inside_chroot, sizeof(path_inside_chroot), "%s/%s", chroot_target_path, path); + if(written < 0) + { + QSSB_LOG_ERROR("qssb: mount_to_chroot: Error during path concatination\n"); + return -EINVAL; + } + if(written >= PATH_MAX) + { + QSSB_LOG_ERROR("qssb: mount_to_chroot: path concatination truncated\n"); + return -EINVAL; + } int ret = mkdir_structure(path_inside_chroot, 0700); if(ret < 0) { @@ -404,7 +425,17 @@ int qssb_enable_policy(struct qssb_policy *policy) char random_str[17]; if(random_string(random_str, sizeof(random_str)) == 16) { - snprintf(target_dir, sizeof(target_dir), "%s/.sandbox_%" PRIdMAX "_%s", QSSB_TEMP_DIR, (intmax_t)getpid(), random_str); + int res = snprintf(target_dir, sizeof(target_dir), "%s/.sandbox_%" PRIdMAX "_%s", QSSB_TEMP_DIR, (intmax_t)getpid(), random_str); + if(res < 0) + { + QSSB_LOG_ERROR("qssb: qssb_enable_policy: error during path concatination\n"); + return -EINVAL; + } + if(res >= PATH_MAX) + { + QSSB_LOG_ERROR("qssb: qssb_enable_policy: path concatination truncated\n"); + return -EINVAL; + } policy->chroot_target_path = target_dir; } else