Merge remote-tracking branch 'ctoader/gsoc-cap-stage2'

Conflicts: src/common/sandbox.c
author: Nick Mathewson <nickm@torproject.org> 2013-09-13 12:31:41 -0400
committer: Nick Mathewson <nickm@torproject.org> 2013-09-13 12:31:41 -0400
commit: e0b2cd061bd62fc790d434b2da7ecc51ed100904 (patch)
tree: 0bdd72522895a018e4fc9765df0f3067eff940a1 /src/or
parent: dffc5c3f240e7734e85a427b951c4e493c85906c (diff)
parent: 7cf1b9cc33ab2ba13d84e08105699dd1f39dae1d (diff)
download: tor-e0b2cd061bd62fc790d434b2da7ecc51ed100904.tar.gz
tor-e0b2cd061bd62fc790d434b2da7ecc51ed100904.zip
4 files changed, 112 insertions, 7 deletions
diff --git a/src/or/config.c b/src/or/config.c
index 37b42e891a..17d6728851 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -6301,7 +6301,8 @@ remove_file_if_very_old(const char *fname, time_t now)
 #define VERY_OLD_FILE_AGE (28*24*60*60)
   struct stat st;
 
-  if (stat(fname, &st)==0 && st.st_mtime < now-VERY_OLD_FILE_AGE) {
+  if (stat(sandbox_intern_string(fname), &st)==0 &&
+      st.st_mtime < now-VERY_OLD_FILE_AGE) {
     char buf[ISO_TIME_LEN+1];
     format_local_iso_time(buf, st.st_mtime);
     log_notice(LD_GENERAL, "Obsolete file %s hasn't been modified since %s. "
diff --git a/src/or/dns.c b/src/or/dns.c
index f2b7eecc3f..62ee4f372d 100644
--- a/src/or/dns.c
+++ b/src/or/dns.c
@@ -24,6 +24,7 @@
 #include "relay.h"
 #include "router.h"
 #include "ht.h"
+#include "../common/sandbox.h"
 #ifdef HAVE_EVENT2_DNS_H
 #include <event2/event.h>
 #include <event2/dns.h>
@@ -1443,13 +1444,14 @@ configure_nameservers(int force)
   const or_options_t *options;
   const char *conf_fname;
   struct stat st;
-  int r;
+  int r, flags;
   options = get_options();
   conf_fname = options->ServerDNSResolvConfFile;
 #ifndef _WIN32
   if (!conf_fname)
     conf_fname = "/etc/resolv.conf";
 #endif
+  flags = DNS_OPTIONS_ALL;
 
   if (!the_evdns_base) {
     if (!(the_evdns_base = evdns_base_new(tor_libevent_get_base(), 0))) {
@@ -1477,7 +1479,7 @@ configure_nameservers(int force)
 
   evdns_set_log_fn(evdns_log_cb);
   if (conf_fname) {
-    if (stat(conf_fname, &st)) {
+    if (stat(sandbox_intern_string(conf_fname), &st)) {
       log_warn(LD_EXIT, "Unable to stat resolver configuration in '%s': %s",
                conf_fname, strerror(errno));
       goto err;
@@ -1491,9 +1493,14 @@ configure_nameservers(int force)
       evdns_base_search_clear(the_evdns_base);
       evdns_base_clear_nameservers_and_suspend(the_evdns_base);
     }
+    if (flags & DNS_OPTION_HOSTSFILE) {
+      flags ^= DNS_OPTION_HOSTSFILE;
+      evdns_base_load_hosts(the_evdns_base,
+          sandbox_intern_string("/etc/resolv.conf"));
+    }
     log_info(LD_EXIT, "Parsing resolver configuration in '%s'", conf_fname);
-    if ((r = evdns_base_resolv_conf_parse(the_evdns_base,
-                                          DNS_OPTIONS_ALL, conf_fname))) {
+    if ((r = evdns_base_resolv_conf_parse(the_evdns_base, flags,
+        sandbox_intern_string(conf_fname)))) {
       log_warn(LD_EXIT, "Unable to parse '%s', or no nameservers in '%s' (%d)",
                conf_fname, conf_fname, r);
       goto err;
diff --git a/src/or/main.c b/src/or/main.c
index 40e8377a97..fa112437fe 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -2655,6 +2655,95 @@ find_flashcard_path(PWCHAR path, size_t size)
 }
 #endif
 
+static void
+init_addrinfo(void)
+{
+  char hname[256];
+
+  // host name to sandbox
+  gethostname(hname, sizeof(hname));
+  sandbox_add_addrinfo(hname);
+}
+
+static sandbox_cfg_t*
+sandbox_init_filter(void)
+{
+  sandbox_cfg_t *cfg = sandbox_cfg_new();
+
+  sandbox_cfg_allow_openat_filename(&cfg,
+      get_datadir_fname("cached-status"), 1);
+
+  sandbox_cfg_allow_open_filename_array(&cfg,
+      get_datadir_fname("cached-certs"), 1,
+      get_datadir_fname("cached-certs.tmp"), 1,
+      get_datadir_fname("cached-consensus"), 1,
+      get_datadir_fname("unverified-consensus"), 1,
+      get_datadir_fname("unverified-consensus.tmp"), 1,
+      get_datadir_fname("cached-microdesc-consensus"), 1,
+      get_datadir_fname("cached-microdesc-consensus.tmp"), 1,
+      get_datadir_fname("cached-microdescs"), 1,
+      get_datadir_fname("cached-microdescs.tmp"), 1,
+      get_datadir_fname("cached-microdescs.new"), 1,
+      get_datadir_fname("cached-microdescs.new.tmp"), 1,
+      get_datadir_fname("unverified-microdesc-consensus"), 1,
+      get_datadir_fname("cached-descriptors"), 1,
+      get_datadir_fname("cached-descriptors.new"), 1,
+      get_datadir_fname("cached-descriptors.tmp"), 1,
+      get_datadir_fname("cached-descriptors.new.tmp"), 1,
+      get_datadir_fname("cached-descriptors.tmp.tmp"), 1,
+      get_datadir_fname("cached-extrainfo"), 1,
+      get_datadir_fname("state.tmp"), 1,
+      get_datadir_fname("unparseable-desc.tmp"), 1,
+      get_datadir_fname("unparseable-desc"), 1,
+      "/dev/srandom", 0,
+      "/dev/urandom", 0,
+      "/dev/random", 0,
+      NULL, 0
+  );
+
+  sandbox_cfg_allow_stat_filename_array(&cfg,
+      get_datadir_fname(NULL), 1,
+      get_datadir_fname("lock"), 1,
+      get_datadir_fname("state"), 1,
+      get_datadir_fname("router-stability"), 1,
+      get_datadir_fname("cached-extrainfo.new"), 1,
+      NULL, 0
+  );
+
+  // orport
+  if (server_mode(get_options())) {
+    sandbox_cfg_allow_open_filename_array(&cfg,
+        get_datadir_fname2("keys", "secret_id_key"), 1,
+        get_datadir_fname2("keys", "secret_onion_key"), 1,
+        get_datadir_fname2("keys", "secret_onion_key_ntor"), 1,
+        get_datadir_fname2("keys", "secret_onion_key_ntor.tmp"), 1,
+        get_datadir_fname2("keys", "secret_id_key.old"), 1,
+        get_datadir_fname2("keys", "secret_onion_key.old"), 1,
+        get_datadir_fname2("keys", "secret_onion_key_ntor.old"), 1,
+        get_datadir_fname2("keys", "secret_onion_key.tmp"), 1,
+        get_datadir_fname2("keys", "secret_id_key.tmp"), 1,
+        get_datadir_fname("fingerprint"), 1,
+        get_datadir_fname("fingerprint.tmp"), 1,
+        get_datadir_fname("cached-consensus"), 1,
+        get_datadir_fname("cached-consensus.tmp"), 1,
+        "/etc/resolv.conf", 0,
+        NULL, 0
+    );
+
+    sandbox_cfg_allow_stat_filename_array(&cfg,
+        get_datadir_fname("keys"), 1,
+        get_datadir_fname("stats/dirreq-stats"), 1,
+        NULL, 0
+    );
+  }
+
+  sandbox_cfg_allow_execve(&cfg, "/usr/local/bin/tor");
+
+  init_addrinfo();
+
+  return cfg;
+}
+
 /** Main entry point for the Tor process.  Called from main(). */
 /* This function is distinct from main() only so we can link main.c into
  * the unittest binary without conflicting with the unittests' main. */
@@ -2723,10 +2812,18 @@ tor_main(int argc, char *argv[])
     return -1;
 
   if (get_options()->Sandbox) {
-    if (tor_global_sandbox()) {
+    sandbox_cfg_t* cfg = sandbox_init_filter();
+
+    if (sandbox_init(cfg)) {
       log_err(LD_BUG,"Failed to create syscall sandbox filter");
       return -1;
     }
+
+    // registering libevent rng
+#ifdef HAVE_EVUTIL_SECURE_RNG_SET_URANDOM_DEVICE_FILE
+    evutil_secure_rng_set_urandom_device_file(
+        (char*) sandbox_intern_string("/dev/urandom"));
+#endif
   }
 
   switch (get_options()->command) {
diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index 46da17e03b..2b894277cc 100644
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -37,7 +37,7 @@
 #include "routerlist.h"
 #include "routerparse.h"
 #include "routerset.h"
-
+#include "../common/sandbox.h"
 // #define DEBUG_ROUTERLIST
 
 /****************************************************************************/
author	Nick Mathewson <nickm@torproject.org>	2013-09-13 12:31:41 -0400
committer	Nick Mathewson <nickm@torproject.org>	2013-09-13 12:31:41 -0400
commit	e0b2cd061bd62fc790d434b2da7ecc51ed100904 (patch)
tree	0bdd72522895a018e4fc9765df0f3067eff940a1 /src/or
parent	dffc5c3f240e7734e85a427b951c4e493c85906c (diff)
parent	7cf1b9cc33ab2ba13d84e08105699dd1f39dae1d (diff)
download	tor-e0b2cd061bd62fc790d434b2da7ecc51ed100904.tar.gz tor-e0b2cd061bd62fc790d434b2da7ecc51ed100904.zip