Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorMike Frysinger <vapier@gentoo.org>2021-10-18 02:47:59 -0400
committerMike Frysinger <vapier@gentoo.org>2021-10-18 02:47:59 -0400
commitc4bf07615cd2e2ec25a16420d8ddee2efec6f8d2 (patch)
tree17cba0cfb546f72d1657d1380e30c5c88027d8b6 /src
parentlibsbutil: add assert to testing code path (diff)
downloadsandbox-c4bf07615cd2e2ec25a16420d8ddee2efec6f8d2.tar.gz
sandbox-c4bf07615cd2e2ec25a16420d8ddee2efec6f8d2.tar.bz2
sandbox-c4bf07615cd2e2ec25a16420d8ddee2efec6f8d2.zip
libsandbox: add SANDBOX_METHOD setting
This allows people to disable use of ptrace if their configuration does not support it. This forces older sandbox behavior where we cannot protect against static or set*id programs. Bug: https://bugs.gentoo.org/648516 Bug: https://bugs.gentoo.org/771360 Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Diffstat (limited to 'src')
-rw-r--r--src/environ.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/src/environ.c b/src/environ.c
index 346bc26..542dd64 100644
--- a/src/environ.c
+++ b/src/environ.c
@@ -195,6 +195,7 @@ static int setup_cfg_vars(struct sandbox_info_t *sandbox_info)
setup_cfg_var(ENV_SANDBOX_VERBOSE);
setup_cfg_var(ENV_SANDBOX_DEBUG);
setup_cfg_var(ENV_NOCOLOR);
+ setup_cfg_var(ENV_SANDBOX_METHOD);
if (-1 == setup_access_var(ENV_SANDBOX_DENY))
return -1;
@@ -301,6 +302,8 @@ char **setup_environ(struct sandbox_info_t *sandbox_info)
sb_setenv(&new_environ, ENV_SANDBOX_DEBUG, "0");
if (!getenv(ENV_NOCOLOR))
sb_setenv(&new_environ, ENV_NOCOLOR, "no");
+ if (!getenv(ENV_SANDBOX_METHOD))
+ sb_setenv(&new_environ, ENV_SANDBOX_METHOD, "any");
/* If LD_PRELOAD was not set, set it here, else do it below */
if (!have_ld_preload)
sb_setenv(&new_environ, ENV_LD_PRELOAD, ld_preload_envvar);