diff options
| author | Nick Mathewson <nickm@torproject.org> | 2014-05-20 12:21:31 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2014-05-20 12:21:31 -0400 |
| commit | 465982012c69e78986d421604d27afd6ecbe70f6 (patch) | |
| tree | 02c03e62472fdcd57a732dbbdeda5e04e183bac5 /src/common/sandbox.h | |
| parent | f87071f49efb47a2d52583730c29ba287e620227 (diff) | |
| download | tor-465982012c69e78986d421604d27afd6ecbe70f6.tar.gz tor-465982012c69e78986d421604d27afd6ecbe70f6.zip | |
sandbox: Disallow options which would make us call exec()
None of the things we might exec() can possibly run under the
sanbox, so rather than crash later, we have to refuse to accept the
configuration nice and early.
The longer-term solution is to have an exec() helper, but wow is
that risky.
fixes 12043; bugfix on 0.2.5.1-alpha
Diffstat (limited to 'src/common/sandbox.h')
| -rw-r--r-- | src/common/sandbox.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/common/sandbox.h b/src/common/sandbox.h index c40f5e0d1f..b57215285e 100644 --- a/src/common/sandbox.h +++ b/src/common/sandbox.h @@ -198,6 +198,7 @@ int sandbox_cfg_allow_openat_filename(sandbox_cfg_t **cfg, char *file); */ int sandbox_cfg_allow_openat_filename_array(sandbox_cfg_t **cfg, ...); +#if 0 /** * Function used to add a execve allowed filename to a supplied configuration. * The (char*) specifies the path to the allowed file; that pointer is stolen. @@ -211,6 +212,7 @@ int sandbox_cfg_allow_execve(sandbox_cfg_t **cfg, const char *com); * one must be NULL. */ int sandbox_cfg_allow_execve_array(sandbox_cfg_t **cfg, ...); +#endif /** * Function used to add a stat/stat64 allowed filename to a configuration. |