Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Various improvements #46

Merged
merged 6 commits into from Nov 2, 2020
Merged

Various improvements #46

Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
b29fafb
Use for loop
madaidan Oct 31, 2020
3755ee4
Set wrapper_script at the top like everything else
madaidan Oct 31, 2020
2ba347b
Fix typo
madaidan Oct 31, 2020
5281c43
Split setup and run_program into separate command line arguments
madaidan Nov 1, 2020
1846ae5
Enable/disable W^X outside of setup
madaidan Nov 1, 2020
97939c6
Set wrapper_script later
madaidan Nov 1, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
147 changes: 84 additions & 63 deletions usr/bin/sandbox-app-launcher
View file
Open in desktop
Expand Up @@ -5,10 +5,36 @@

set -e

if [ $# -eq 0 ]; then
echo "Usage: program [OPTIONS]" >&2
exit 1
fi
while :
do
case $1 in
setup)
setup_sandbox="1"
shift
break
;;
run)
start_program="1"
shift
break
;;
help)
echo "Usage: sandbox-app-launcher [OPTION] [PROGRAM]

setup Setup the sandbox for the program.
run Execute the program within the sandbox.

Examples:
sandbox-app-launcher setup firefox
sandbox-app-launcher run firefox"
exit
;;
*)
echo "ERROR: Invalid argument. See the 'help' command for details."
exit 1
;;
esac
done

app_name="${1}"
shift 1
Expand Down Expand Up @@ -40,56 +66,64 @@ if [ "${app_name}" = "torbrowser" ]; then
app_path="${app_homedir}/.tb/tor-browser/Browser/start-tor-browser"
fi

error_handler() {
echo "
## sandbox-app-launcher BUG.
## BASH_COMMAND: ${BASH_COMMAND}
## Please report this BUG!
" >&2
if ! [ -x "${app_path}" ] && ! [ "${app_name}" = "torbrowser" ]; then
echo "ERROR: Could not find '${app_name}' in \$PATH." >&2
exit 1
}

trap "error_handler" ERR
fi

if ! [ "$(id -u)" = "0" ]; then
echo "ERROR: Must run as root." >&2
if [ "${app_name}" = "shared" ]; then
echo "ERROR: The app name cannot be 'shared'." >&2
exit 1
fi

if [ -f "/etc/sandbox-app-launcher/${app_name}.conf" ]; then
. "/etc/sandbox-app-launcher/${app_name}.conf"
fi

setup() {
if ! [ -x "${app_path}" ] && ! [ "${app_name}" = "torbrowser" ]; then
echo "ERROR: Could not find '${app_name}' in \$PATH." >&2
exit 1
fi

if [ "${app_name}" = "shared" ]; then
echo "ERROR: The app name cannot be 'shared'." >&2
exit 1
fi
## Optionally allow dynamic native code execution.
##
## This allows creating memory mappings that are both
## writable and executable, allows transitioning a
## writable memory mapping to executable and allows
## executing programs from writable directories i.e.
## violating W^X.
##
## This is generally a security issue since it allows an
## attacker to execute new arbitrary code so preventing this
## will force the attacker to use the already existing code
## (ROP/JOP) which is far more limited.
##
## Although, some things require this such as JIT engines in
## browsers so it must be optional.
if [ "${allow_dynamic_native_code_exec}" = "yes" ]; then
seccomp_filter="${auto_dir}/seccomp-filter-wx.bpf"
wrapper_dir="${wrapper_dir_wx}"
madaidan marked this conversation as resolved.
Show resolved Hide resolved
fi

if ! [ -d "${main_app_dir}" ]; then
mkdir -m 755 "${main_app_dir}"
fi
wrapper_script="${wrapper_dir}/${app_name}"

if ! [ -d "${auto_dir}" ]; then
mkdir -m 755 "${auto_dir}"
fi
error_handler() {
echo "
## sandbox-app-launcher BUG.
## BASH_COMMAND: ${BASH_COMMAND}
## Please report this BUG!
" >&2
exit 1
}

if ! [ -d "${wrapper_dir}" ]; then
mkdir -m 755 "${wrapper_dir}"
fi
trap "error_handler" ERR

if ! [ -d "${wrapper_dir_wx}" ]; then
mkdir -m 755 "${wrapper_dir_wx}"
setup() {
if ! [ "$(id -u)" = "0" ]; then
echo "ERROR: The setup must be run as root." >&2
exit 1
fi

if ! [ -d "${appdata_dir}" ]; then
mkdir -m 755 "${appdata_dir}"
fi
for dir in main_app_dir auto_dir wrapper_dir wrapper_dir_wx appdata_dir; do
if ! [ -d "${dir}" ]; then
mkdir -m 755 "${dir}"
fi
done

if ! [ -d "${shared_dir}" ]; then
mkdir -m 1777 "${shared_dir}"
Expand Down Expand Up @@ -137,28 +171,6 @@ setup() {
"${auto_dir}/seccomp-wx"
fi

## Optionally allow dynamic native code execution.
##
## This allows creating memory mappings that are both
## writable and executable, allows transitioning a
## writable memory mapping to executable and allows
## executing programs from writable directories i.e.
## violating W^X.
##
## This is generally a security issue since it allows an
## attacker to execute new arbitary code so preventing this
## will force the attacker to use the already existing code
## (ROP/JOP) which is far more limited.
##
## Although, some things require this such as JIT engines in
## browsers so it must be optional.
if [ "${allow_dynamic_native_code_exec}" = "yes" ]; then
seccomp_filter="${auto_dir}/seccomp-filter-wx.bpf"
wrapper_dir="${wrapper_dir_wx}"
fi

wrapper_script="${wrapper_dir}/${app_name}"

## Create wrapper.
rm --force "${wrapper_script}"
touch "${wrapper_script}"
Expand Down Expand Up @@ -332,5 +344,14 @@ run_program() {
killall -9 -u "${app_user}"
}

setup
run_program "${@}"
if [ "${setup_sandbox}" = "1" ]; then
setup
elif [ "${start_program}" = "1" ]; then
if [ -d "${app_homedir}" ]; then
run_program "${@}"
else
echo "ERROR: The sandbox for this program has not been set up yet. Please execute:

sudo sandbox-app-launcher setup ${app_name}"
fi
fi