|
@@ -2644,73 +2644,51 @@ sandbox_init_filter()
|
|
|
{
|
|
|
sandbox_cfg_t *cfg = sandbox_cfg_new();
|
|
|
|
|
|
- // TODO: mem leak
|
|
|
- sandbox_cfg_allow_openat_filename(&cfg, get_datadir_fname("cached-status"));
|
|
|
-
|
|
|
- sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("cached-certs"));
|
|
|
- sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("cached-certs.tmp"));
|
|
|
- sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("cached-consensus"));
|
|
|
- sandbox_cfg_allow_open_filename(&cfg,
|
|
|
- get_datadir_fname("unverified-consensus"));
|
|
|
- sandbox_cfg_allow_open_filename(&cfg,
|
|
|
- get_datadir_fname("cached-microdesc-consensus"));
|
|
|
- sandbox_cfg_allow_open_filename(&cfg,
|
|
|
- get_datadir_fname("cached-microdesc-consensus.tmp"));
|
|
|
- sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("cached-microdescs"));
|
|
|
- sandbox_cfg_allow_open_filename(&cfg,
|
|
|
- get_datadir_fname("cached-microdescs.tmp"));
|
|
|
- sandbox_cfg_allow_open_filename(&cfg,
|
|
|
- get_datadir_fname("cached-microdescs.new"));
|
|
|
- sandbox_cfg_allow_open_filename(&cfg,
|
|
|
- get_datadir_fname("cached-microdescs.new.tmp"));
|
|
|
- sandbox_cfg_allow_open_filename(&cfg,
|
|
|
- get_datadir_fname("unverified-microdesc-consensus"));
|
|
|
- sandbox_cfg_allow_open_filename(&cfg,
|
|
|
- get_datadir_fname("cached-descriptors"));
|
|
|
- sandbox_cfg_allow_open_filename(&cfg,
|
|
|
- get_datadir_fname("cached-descriptors.new"));
|
|
|
- sandbox_cfg_allow_open_filename(&cfg,
|
|
|
- get_datadir_fname("cached-descriptors.tmp"));
|
|
|
- sandbox_cfg_allow_open_filename(&cfg,
|
|
|
- get_datadir_fname("cached-descriptors.new.tmp"));
|
|
|
- sandbox_cfg_allow_open_filename(&cfg,
|
|
|
- get_datadir_fname("cached-descriptors.tmp.tmp"));
|
|
|
- sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("cached-extrainfo"));
|
|
|
- sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("state.tmp"));
|
|
|
- sandbox_cfg_allow_open_filename(&cfg,
|
|
|
- get_datadir_fname("unparseable-desc.tmp"));
|
|
|
- sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("unparseable-desc"));
|
|
|
+ sandbox_cfg_allow_openat_filename(&cfg,
|
|
|
+ get_datadir_fname("cached-status"), 1);
|
|
|
+
|
|
|
+ sandbox_cfg_allow_open_filename_array(&cfg, 22,
|
|
|
+ get_datadir_fname("cached-certs"), 1,
|
|
|
+ get_datadir_fname("cached-certs.tmp"), 1,
|
|
|
+ get_datadir_fname("cached-consensus"), 1,
|
|
|
+ get_datadir_fname("unverified-consensus"), 1,
|
|
|
+ get_datadir_fname("cached-microdesc-consensus"), 1,
|
|
|
+ get_datadir_fname("cached-microdesc-consensus.tmp"), 1,
|
|
|
+ get_datadir_fname("cached-microdescs"), 1,
|
|
|
+ get_datadir_fname("cached-microdescs.tmp"), 1,
|
|
|
+ get_datadir_fname("cached-microdescs.new"), 1,
|
|
|
+ get_datadir_fname("cached-microdescs.new.tmp"), 1,
|
|
|
+ get_datadir_fname("unverified-microdesc-consensus"), 1,
|
|
|
+ get_datadir_fname("cached-descriptors"), 1,
|
|
|
+ get_datadir_fname("cached-descriptors.new"), 1,
|
|
|
+ get_datadir_fname("cached-descriptors.tmp"), 1,
|
|
|
+ get_datadir_fname("cached-descriptors.new.tmp"), 1,
|
|
|
+ get_datadir_fname("cached-descriptors.tmp.tmp"), 1,
|
|
|
+ get_datadir_fname("cached-extrainfo"), 1,
|
|
|
+ get_datadir_fname("state.tmp"), 1,
|
|
|
+ get_datadir_fname("unparseable-desc.tmp"), 1,
|
|
|
+ get_datadir_fname("unparseable-desc"), 1,
|
|
|
+ "/dev/srandom", 0,
|
|
|
+ "/dev/urandom", 0
|
|
|
+ );
|
|
|
|
|
|
// orport
|
|
|
if (server_mode(get_options())) {
|
|
|
- sandbox_cfg_allow_open_filename(&cfg,
|
|
|
- get_datadir_fname2("keys", "secret_id_key"));
|
|
|
- sandbox_cfg_allow_open_filename(&cfg,
|
|
|
- get_datadir_fname2("keys", "secret_onion_key"));
|
|
|
- sandbox_cfg_allow_open_filename(&cfg,
|
|
|
- get_datadir_fname2("keys", "secret_onion_key_ntor"));
|
|
|
- sandbox_cfg_allow_open_filename(&cfg,
|
|
|
- get_datadir_fname2("keys", "secret_onion_key_ntor.tmp"));
|
|
|
- sandbox_cfg_allow_open_filename(&cfg,
|
|
|
- get_datadir_fname2("keys", "secret_id_key.old"));
|
|
|
- sandbox_cfg_allow_open_filename(&cfg,
|
|
|
- get_datadir_fname2("keys", "secret_onion_key.old"));
|
|
|
- sandbox_cfg_allow_open_filename(&cfg,
|
|
|
- get_datadir_fname2("keys", "secret_onion_key_ntor.old"));
|
|
|
- sandbox_cfg_allow_open_filename(&cfg,
|
|
|
- get_datadir_fname2("keys", "secret_onion_key.tmp"));
|
|
|
-
|
|
|
- sandbox_cfg_allow_open_filename(&cfg, get_datadir_fname("fingerprint"));
|
|
|
- sandbox_cfg_allow_open_filename(&cfg,
|
|
|
- get_datadir_fname("cached-consensus.tmp"));
|
|
|
- sandbox_cfg_allow_open_filename(&cfg,
|
|
|
- get_datadir_fname("cached-consensus"));
|
|
|
-
|
|
|
- sandbox_cfg_allow_open_filename(&cfg, "/etc/resolv.conf");
|
|
|
- sandbox_cfg_allow_open_filename(&cfg, "/dev/srandom");
|
|
|
- sandbox_cfg_allow_open_filename(&cfg, "/dev/urandom");
|
|
|
- sandbox_cfg_allow_open_filename(&cfg, "/dev/random");
|
|
|
-
|
|
|
+ sandbox_cfg_allow_open_filename_array(&cfg, 13,
|
|
|
+ get_datadir_fname2("keys", "secret_id_key"), 1,
|
|
|
+ get_datadir_fname2("keys", "secret_onion_key"), 1,
|
|
|
+ get_datadir_fname2("keys", "secret_onion_key_ntor"), 1,
|
|
|
+ get_datadir_fname2("keys", "secret_onion_key_ntor.tmp"), 1,
|
|
|
+ get_datadir_fname2("keys", "secret_id_key.old"), 1,
|
|
|
+ get_datadir_fname2("keys", "secret_onion_key.old"), 1,
|
|
|
+ get_datadir_fname2("keys", "secret_onion_key_ntor.old"), 1,
|
|
|
+ get_datadir_fname2("keys", "secret_onion_key.tmp"), 1,
|
|
|
+ get_datadir_fname("fingerprint"), 1,
|
|
|
+ get_datadir_fname("cached-consensus"), 1,
|
|
|
+ get_datadir_fname("cached-consensus.tmp"), 1,
|
|
|
+ "/etc/resolv.conf", 0,
|
|
|
+ "/dev/random", 0
|
|
|
+ );
|
|
|
}
|
|
|
|
|
|
sandbox_cfg_allow_execve(&cfg, "/usr/local/bin/tor");
|