Add 'rename' to the sandboxed syscalls

(If we don't restrict rename, there's not much point in restricting open, since an attacker could always use rename to make us open whatever they want.)
author: Nick Mathewson <nickm@torproject.org> 2014-03-28 03:51:50 -0400
committer: Nick Mathewson <nickm@torproject.org> 2014-04-16 22:03:08 -0400
commit: cbfb8e703ed9c7e31848ebf959ac7a4cf27b4a64 (patch)
tree: 63c352b5287e9f57ed91b2950d4fec9d5cf1c864 /src/common/sandbox.h
parent: 3802e32c7d94c599546069d8246636b0d3a4ad10 (diff)
download: tor-cbfb8e703ed9c7e31848ebf959ac7a4cf27b4a64.tar.gz
tor-cbfb8e703ed9c7e31848ebf959ac7a4cf27b4a64.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/src/common/sandbox.h b/src/common/sandbox.h
index d64d427d3e..b15f31cc41 100644
--- a/src/common/sandbox.h
+++ b/src/common/sandbox.h
@@ -67,8 +67,12 @@ typedef struct smp_param {
 
   /** parameter index. */
   int pindex;
+  /** parameter index, second one. */
+  int pindex2;
   /** parameter value. */
   intptr_t value;
+  /** parameter value, second argument. */
+  intptr_t value2;
 
   /**  parameter flag (0 = not protected, 1 = protected). */
   int prot;
@@ -174,6 +178,9 @@ sandbox_cfg_t * sandbox_cfg_new(void);
 int sandbox_cfg_allow_open_filename(sandbox_cfg_t **cfg, char *file,
     int fr);
 
+/**DOCDOC*/
+int sandbox_cfg_allow_rename(sandbox_cfg_t **cfg, char *file1, char *file2);
+
 /** Function used to add a series of open allowed filenames to a supplied
  * configuration.
  *  @param cfg  sandbox configuration.
author	Nick Mathewson <nickm@torproject.org>	2014-03-28 03:51:50 -0400
committer	Nick Mathewson <nickm@torproject.org>	2014-04-16 22:03:08 -0400
commit	cbfb8e703ed9c7e31848ebf959ac7a4cf27b4a64 (patch)
tree	63c352b5287e9f57ed91b2950d4fec9d5cf1c864 /src/common/sandbox.h
parent	3802e32c7d94c599546069d8246636b0d3a4ad10 (diff)
download	tor-cbfb8e703ed9c7e31848ebf959ac7a4cf27b4a64.tar.gz tor-cbfb8e703ed9c7e31848ebf959ac7a4cf27b4a64.zip