My favorites | Sign in
Project Home Wiki Issues Source
Repository:
Checkout   Browse   Changes   Clones  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
/* Copyright 2009 Google Inc. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* Author: Julien Tinnes
*
* Example program using the suid sandbox
*/
#include <unistd.h>
#include <stdlib.h>
#include <stdio.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/prctl.h>
#include <fcntl.h>

#include "libsandbox.h"

int main(void)
{

char buf[1024];
pid_t helper;
int i;
char *tests[]={".", "/", "/tmp", "0", "/0", ".."};

fprintf(stderr,
"Hi from the sandbox example program! I'm pid=%d, uid=%d, gid=%d, dumpable=%c\n",
getpid(), getuid(), getgid(), getdumpable()? 'Y' : 'N');

printf("Now asking for chroot\n");

helper=chrootme();

if (helper == -1) {
fprintf(stderr, "Asking for chroot failed\n");
return EXIT_FAILURE;
}
else
printf("Got chrooted successfully. Helper (%d) RIP.\n", helper);

printf("CWD = %s\n", getcwd(buf, sizeof(buf)) ? buf: "unknown");

if (creat("test", 0000) < 0)
printf("file creation (\"test\") failed: %m\n");
if (creat("/test", 0000) < 0)
printf("file creation (\"/test\") failed: %m\n");
for (i = 0; i < sizeof(tests) / sizeof(tests[0]);i++)
if (open(tests[i], O_RDONLY) >= 0)
printf("Opening %s: success\n", tests[i]);
else
printf("Opening %s: %m\n", tests[i]);

pause();
return 0;
}

Change log

5109ea3af727 by Julien Tinnes <j...@google.com> on Jan 3, 2012   Diff
Add proper license information
Go to: 
Project members, sign in to write a code review

Older revisions

8a101f1e3e36 by jln@google.com <j...@google.com@85d07634-2c4c-11df-af82-b5ce7a3b21f7> on Mar 21, 2011   Diff
example: one open() too many

git-svn-id: https://setuid-
sandbox.googlecode.com/svn/trunk@9
85d07634-2c4c-11df-af82-b5ce7a3b21f7
8c4585878114 by jln@google.com <j...@google.com@85d07634-2c4c-11df-af82-b5ce7a3b21f7> on Mar 21, 2011   Diff
Make use of libsandbox in example.
More tests in example

git-svn-id: https://setuid-
sandbox.googlecode.com/svn/trunk@8
...
0f59af7d7da8 by jln@google.com <j...@google.com@85d07634-2c4c-11df-af82-b5ce7a3b21f7> on Mar 21, 2011   Diff
security: CLONE_FS doesn't work
accross PID namespaces.

git-svn-id: https://setuid-
sandbox.googlecode.com/svn/trunk@6
...
All revisions of this file

File info

Size: 1851 bytes, 66 lines
Powered by Google Project Hosting