diff options
author | Mike Frysinger <vapier@gentoo.org> | 2021-10-18 02:47:59 -0400 |
---|---|---|
committer | Mike Frysinger <vapier@gentoo.org> | 2021-10-18 02:47:59 -0400 |
commit | c4bf07615cd2e2ec25a16420d8ddee2efec6f8d2 (patch) | |
tree | 17cba0cfb546f72d1657d1380e30c5c88027d8b6 /src | |
parent | libsbutil: add assert to testing code path (diff) | |
download | sandbox-c4bf07615cd2e2ec25a16420d8ddee2efec6f8d2.tar.gz sandbox-c4bf07615cd2e2ec25a16420d8ddee2efec6f8d2.tar.bz2 sandbox-c4bf07615cd2e2ec25a16420d8ddee2efec6f8d2.zip |
libsandbox: add SANDBOX_METHOD setting
This allows people to disable use of ptrace if their configuration
does not support it. This forces older sandbox behavior where we
cannot protect against static or set*id programs.
Bug: https://bugs.gentoo.org/648516
Bug: https://bugs.gentoo.org/771360
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/environ.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/environ.c b/src/environ.c index 346bc26..542dd64 100644 --- a/src/environ.c +++ b/src/environ.c @@ -195,6 +195,7 @@ static int setup_cfg_vars(struct sandbox_info_t *sandbox_info) setup_cfg_var(ENV_SANDBOX_VERBOSE); setup_cfg_var(ENV_SANDBOX_DEBUG); setup_cfg_var(ENV_NOCOLOR); + setup_cfg_var(ENV_SANDBOX_METHOD); if (-1 == setup_access_var(ENV_SANDBOX_DENY)) return -1; @@ -301,6 +302,8 @@ char **setup_environ(struct sandbox_info_t *sandbox_info) sb_setenv(&new_environ, ENV_SANDBOX_DEBUG, "0"); if (!getenv(ENV_NOCOLOR)) sb_setenv(&new_environ, ENV_NOCOLOR, "no"); + if (!getenv(ENV_SANDBOX_METHOD)) + sb_setenv(&new_environ, ENV_SANDBOX_METHOD, "any"); /* If LD_PRELOAD was not set, set it here, else do it below */ if (!have_ld_preload) sb_setenv(&new_environ, ENV_LD_PRELOAD, ld_preload_envvar); |