/kcgi

Permalink
Switch branches/tags
VERSION_0_10_7 VERSION_0_10_6 VERSION_0_10_5 VERSION_0_10_4 VERSION_0_10_3 VERSION_0_10_2 VERSION_0_10_1 VERSION_0_10_0 VERSION_0_9_9 VERSION_0_9_8 VERSION_0_9_7 VERSION_0_9_6 VERSION_0_9_5 VERSION_0_9_4 VERSION_0_9_3 VERSION_0_9_2 VERSION_0_9_1 VERSION_0_9_0 VERSION_0_8_5 VERSION_0_8_4 VERSION_0_8_3 VERSION_0_8_2 VERSION_0_8_1 VERSION_0_7_8 VERSION_0_7_7 VERSION_0_7_6 VERSION_0_7_5 VERSION_0_7_4 VERSION_0_7_3 VERSION_0_7_1 VERSION_0_7_0 VERSION_0_6_4 VERSION_0_6_3 VERSION_0_6_2 VERSION_0_6_1 VERSION_0_6 VERSION_0_5_9 VERSION_0_5_8 VERSION_0_5_7 VERSION_0_5_6 VERSION_0_5_5 VERSION_0_5_4 VERSION_0_5_3 VERSION_0_5_2 VERSION_0_5_1 VERSION_0_5 VERSION_0_4_4 VERSION_0_4_3 VERSION_0_4_2 VERSION_0_4_0 VERSION_0_3_3 VERSION_0_3_2 VERSION_0_2_6 VERSION_0_2_3 VERSION_0_2_2 VERSION_0_2_1 VERSION_0_1_17 VERSION_0_1_15 VERSION_0_1_14 VERSION_0_1_13 VERSION_0_1_12 VERSION_0_1_11 VERSION_0_1_10 VERSION_0_1_9 VERSION_0_1_7 VERSION_0_1_6 VERSION_0_1_5 VERSION_0_1_4 VERSION_0_1_3 VERSION_0
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
Raw Blame History
199 lines (173 sloc) 4.71 KB
/* $Id$ */
/*
* Copyright (c) 2014 Baptiste Daroussin <bapt@freebsd.org>
* Copyright (c) 2015--2016 Kristaps Dzonsons <kristaps@bsd.lv>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "config.h"
#if HAVE_CAPSICUM
#include <sys/resource.h>
#include <sys/capability.h>
#include <assert.h>
#include <unistd.h>
#include <errno.h>
#include <stdarg.h>
#include <stdlib.h>
#include "kcgi.h"
#include "extern.h"
static int
ksandbox_capsicum_init_control(void *arg,
int worker, int fdfiled, int fdaccept)
{
int rc;
struct rlimit rl_zero;
cap_rights_t rights;
cap_rights_init(&rights);
if (-1 != fdaccept) {
/*
* If we have old-style accept FastCGI sockets, then
* mark us as accepting on it.
*/
cap_rights_init(&rights,
CAP_EVENT, CAP_FCNTL, CAP_ACCEPT);
if (cap_rights_limit(fdaccept, &rights) < 0 &&
errno != ENOSYS) {
XWARN("cap_rights_limit: accept socket");
return(0);
}
} else {
/* New-style descriptor-passing socket. */
assert(-1 != fdfiled);
cap_rights_init(&rights, CAP_EVENT,
CAP_FCNTL, CAP_READ, CAP_WRITE);
if (cap_rights_limit(fdfiled, &rights) < 0 &&
errno != ENOSYS) {
XWARN("cap_rights_limit: descriptor socket");
return(0);
}
}
/* Always pass through write-only stderr. */
cap_rights_init(&rights, CAP_WRITE, CAP_FSTAT);
if (cap_rights_limit(STDERR_FILENO, &rights) < 0 &&
errno != ENOSYS) {
XWARN("cap_rights_limit: STDERR_FILENO");
return(0);
}
/* Interface to worker. */
cap_rights_init(&rights, CAP_EVENT,
CAP_FCNTL, CAP_READ, CAP_WRITE);
if (cap_rights_limit(worker, &rights) < 0 &&
errno != ENOSYS) {
XWARN("cap_rights_limit: internal socket");
return(0);
}
rl_zero.rlim_cur = rl_zero.rlim_max = 0;
if (-1 == setrlimit(RLIMIT_FSIZE, &rl_zero)) {
XWARNX("setrlimit: rlimit_fsize");
return(0);
} else if (-1 == setrlimit(RLIMIT_NPROC, &rl_zero)) {
XWARNX("setrlimit: rlimit_nproc");
return(0);
}
rc = cap_enter();
if (0 != rc && errno != ENOSYS) {
XWARN("cap_enter");
rc = 0;
} else
rc = 1;
return(rc);
}
static int
ksandbox_capsicum_init_worker(void *arg, int fd1, int fd2)
{
int rc;
struct rlimit rl_zero;
cap_rights_t rights;
cap_rights_init(&rights);
/*
* Test for EBADF because STDIN_FILENO is usually closed by the
* caller.
*/
cap_rights_init(&rights, CAP_EVENT, CAP_READ, CAP_FSTAT);
if (cap_rights_limit(STDIN_FILENO, &rights) < 0 &&
errno != ENOSYS && errno != EBADF) {
XWARN("cap_rights_limit: STDIN_FILENO");
return(0);
}
cap_rights_init(&rights, CAP_EVENT, CAP_WRITE, CAP_FSTAT);
if (cap_rights_limit(STDERR_FILENO, &rights) < 0 &&
errno != ENOSYS) {
XWARN("cap_rights_limit: STDERR_FILENO");
return(0);
}
cap_rights_init(&rights, CAP_EVENT, CAP_READ, CAP_WRITE, CAP_FSTAT);
if (-1 != fd1 && cap_rights_limit(fd1, &rights) < 0 &&
errno != ENOSYS) {
XWARN("cap_rights_limit: internal socket");
return(0);
}
if (-1 != fd2 && cap_rights_limit(fd2, &rights) < 0 &&
errno != ENOSYS) {
XWARN("cap_rights_limit: internal socket");
return(0);
}
rl_zero.rlim_cur = rl_zero.rlim_max = 0;
if (-1 == setrlimit(RLIMIT_NOFILE, &rl_zero)) {
XWARNX("setrlimit: rlimit_fsize");
return(0);
} else if (-1 == setrlimit(RLIMIT_FSIZE, &rl_zero)) {
XWARNX("setrlimit: rlimit_fsize");
return(0);
} else if (-1 == setrlimit(RLIMIT_NPROC, &rl_zero)) {
XWARNX("setrlimit: rlimit_nproc");
return(0);
}
rc = cap_enter();
if (0 != rc && errno != ENOSYS) {
XWARN("cap_enter");
rc = 0;
} else
rc = 1;
return(rc);
}
int
ksandbox_capsicum_init_child(void *arg,
enum sandtype type, int fd1, int fd2,
int fdfiled, int fdaccept)
{
int rc;
switch (type) {
case (SAND_WORKER):
rc = ksandbox_capsicum_init_worker(arg, fd1, fd2);
break;
case (SAND_CONTROL_OLD):
assert(-1 == fd2);
rc = ksandbox_capsicum_init_control
(arg, fd1, fdfiled, fdaccept);
break;
case (SAND_CONTROL_NEW):
assert(-1 == fd2);
rc = ksandbox_capsicum_init_control
(arg, fd1, fdfiled, fdaccept);
break;
default:
abort();
}
if ( ! rc)
XWARNX("capsicum sandbox failure");
return(rc);
}
#else
int dummy;
#endif