improving socket support to a point where libevent's httpd runs!

Author: Fabrice Desclaux and myself

Makefile

@@ -5,9 +5,9 @@ BINARIES=sandbox.so
 
 .PHONY: all clean
 
-all: $(BINARIES)
+all: $(BINARIES) sizeof.py
 
-sandbox.so: companion.o common.o helper.o jail.o inject.o
+sandbox.so: companion.o common.o helper.o jail.o inject.o preload.o
 	gcc -shared -WI,soname,$@.1 -o $@ $^ -lc -ldl -lrt
 
 clean:
@@ -16,3 +16,6 @@ clean:
 check: companion.o
 	@echo "Checking there is no stack usage..."
 	@objdump -D $< |(grep -E '\<(esp|ebp|call|ret|push|pop)\>' && exit 1; exit 0)
+
+sizeof.py: t/sizeof
+	$< > $@

README.org

@@ -9,7 +9,7 @@ seccomp-nurse
 :  $ git clone git://github.com/nbareil/seccomp-nurse.git
 :  $ cd seccomp-nurse/
 :  $ make
-:  $ ./sanbdox -- /usr/bin/pdftotext ~/resume.pdf /tmp/resume.txt
+:  $ ./sandbox -- /usr/bin/pdftotext ~/resume.pdf /tmp/resume.txt
 
   Easy, isn't it?
 
@@ -19,7 +19,7 @@ seccomp-nurse
 
   - =clone()= (so =fork()= and threads) will *never* be supported
 
-  - =socket()= not supported (yet?)
+  - =socket()=: *work in progress*!
 
   - =exec*()= will *never* be supported
 

companion.s

@@ -28,7 +28,6 @@ execute_syscall_end:
         jmp loop_read
 
 out:
-        int3
         jmp fatal
 
 /**
@@ -46,6 +45,7 @@ execute_syscall:
         movl  8(%edi), %ecx
         movl 12(%edi), %edx
         movl 16(%edi), %esi
+        movl 24(%edi), %ebp
         movl 20(%edi), %edi
         int $0x80
 

constants.py

@@ -0,0 +1,19 @@
+
+SYS_SOCKET      = 1
+SYS_BIND        = 2
+SYS_CONNECT     = 3
+SYS_LISTEN      = 4
+SYS_ACCEPT      = 5
+SYS_GETSOCKNAME = 6
+SYS_GETPEERNAME = 7
+SYS_SOCKETPAIR  = 8
+SYS_SEND        = 9
+SYS_RECV        = 10
+SYS_SENDTO      = 11
+SYS_RECVFROM    = 12
+SYS_SHUTDOWN    = 13
+SYS_SETSOCKOPT  = 14
+SYS_GETSOCKOPT  = 15
+SYS_SENDMSG     = 16
+SYS_RECVMSG     = 17
+SYS_ACCEPT4     = 18