[tracker/tracker-1.8] libtracker-common: Whitelist dup/dup2/dup3



commit acb664286086e6bded91f10b1a1911bf921b34f8
Author: Carlos Garnacho <carlosg gnome org>
Date:   Sat Dec 17 15:45:21 2016 +0100

    libtracker-common: Whitelist dup/dup2/dup3
    
    dup2/3 have special requirements, as they can close underlying
    fds, they are not allowed on stdin/out/err.

 src/libtracker-common/tracker-seccomp.c |    9 +++++++++
 1 files changed, 9 insertions(+), 0 deletions(-)
---
diff --git a/src/libtracker-common/tracker-seccomp.c b/src/libtracker-common/tracker-seccomp.c
index e00fe14..c46dfa6 100644
--- a/src/libtracker-common/tracker-seccomp.c
+++ b/src/libtracker-common/tracker-seccomp.c
@@ -129,6 +129,7 @@ tracker_seccomp_init (void)
        ALLOW_RULE (fadvise64);
        ALLOW_RULE (write);
        ALLOW_RULE (writev);
+       ALLOW_RULE (dup);
        /* Needed by some GStreamer modules doing crazy stuff, less
         * scary thanks to the restriction below about sockets being
         * local.
@@ -179,6 +180,14 @@ tracker_seccomp_init (void)
                              SCMP_CMP(1, SCMP_CMP_MASKED_EQ, O_RDWR, O_RDWR)) < 0)
                goto out;
 
+       /* Special requirements for dup2/dup3, no fiddling with stdin/out/err */
+       if (seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS(dup2), 1,
+                             SCMP_CMP(1, SCMP_CMP_GT, 2)) < 0)
+               goto out;
+       if (seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS(dup3), 1,
+                             SCMP_CMP(1, SCMP_CMP_GT, 2)) < 0)
+               goto out;
+
        g_debug ("Loading seccomp rules.");
 
        if (seccomp_load (ctx) >= 0)


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]