[98193] trunk/base/src

jmr at macports.org jmr at macports.org
Thu Sep 27 22:10:50 PDT 2012 

Revision: 98193
          http://trac.macports.org//changeset/98193
Author:   jmr at macports.org
Date:     2012-09-27 22:10:50 -0700 (Thu, 27 Sep 2012)
Log Message:
-----------
use sandboxing to prevent writes outside workpath and distpath

Modified Paths:
--------------
    trunk/base/src/pextlib1.0/system.c
    trunk/base/src/port1.0/portsandbox.tcl
    trunk/base/src/port1.0/portutil.tcl

Modified: trunk/base/src/pextlib1.0/system.c
===================================================================
--- trunk/base/src/pextlib1.0/system.c	2012-09-28 04:07:10 UTC (rev 98192)
+++ trunk/base/src/pextlib1.0/system.c	2012-09-28 05:10:50 UTC (rev 98193)
@@ -156,10 +156,8 @@
         }
     }
 
-#if 0
     /* check if and how we should use sandbox-exec */
     sandbox = check_sandboxing(interp, &sandbox_exec_path, &profilestr);
-#endif
 
     /*
      * Fork a child to run the command, in a popen() like fashion -

Modified: trunk/base/src/port1.0/portsandbox.tcl
===================================================================
--- trunk/base/src/port1.0/portsandbox.tcl	2012-09-28 04:07:10 UTC (rev 98192)
+++ trunk/base/src/port1.0/portsandbox.tcl	2012-09-28 05:10:50 UTC (rev 98193)
@@ -35,37 +35,41 @@
 
 options portsandbox_supported portsandbox_profile
 default portsandbox_supported {[file executable $portutil::autoconf::sandbox_exec_path]}
-default portsandbox_profile {[portsandbox::get_default_profile]}
+default portsandbox_profile {}
 
-# produce a suitable profile to pass to sandbox-exec
+# set up a suitable profile to pass to sandbox-exec, based on the target
 # command line usage would be:
-# sandbox-exec -p '(version 1) (allow default) (deny file* (subpath "/usr/local") (subpath "/Library/Frameworks"))' some-command
-proc portsandbox::get_default_profile {} {
-    global os.major prefix frameworks_dir
-    set prefix_conflict [expr {$prefix == "/usr/local" || [string match $prefix "/usr/local/*"]}]
-    set frameworks_conflict [expr {$frameworks_dir == "/Library/Frameworks" || [string match $frameworks_dir "/Library/Frameworks/*"]}]
-    if {$prefix_conflict && $frameworks_conflict} {
-        return ""
-    }
-    set profile "(version 1) (allow default) (deny "
-    if {${os.major} > 9} {
-        append profile "file* "
-        if {!$prefix_conflict} {
-            append profile {(subpath "/usr/local")}
+# sandbox-exec -p '(version 1) (allow default) (deny file-write*) (allow file-write* <filter>)' some-command
+proc portsandbox::set_profile {target} {
+    global os.major portsandbox_profile workpath distpath altprefix
+
+    switch $target {
+        activate -
+        deactivate -
+        load -
+        unload {
+            set portsandbox_profile ""
+            return
         }
-        if {!$frameworks_conflict} {
-            append profile { (subpath "/Library/Frameworks")}
+        fetch -
+        mirror -
+        clean {
+            set allow_dirs [list $distpath]
         }
-    } else {
-        append profile "file-read* file-write* (regex "
-        if {!$prefix_conflict} {
-            append profile {#"^/usr/local/"}
+    }
+
+    # TODO: remove altprefix support
+    lappend allow_dirs $workpath $altprefix
+
+    set portsandbox_profile "(version 1) (allow default) (deny file-write*)"
+    foreach dir $allow_dirs {
+        append portsandbox_profile " (allow file-write* "
+        if {${os.major} > 9} {
+            append portsandbox_profile "(subpath \"${dir}\")"
+        } else {
+            append portsandbox_profile "(regex #\"^${dir}/\")"
         }
-        if {!$frameworks_conflict} {
-            append profile { #"^/Library/Frameworks/"}
-        }
-        append profile ")"
+        append portsandbox_profile ")"
     }
-    append profile ")"
-    return $profile
+    append portsandbox_profile " (allow file-write-data (literal \"/dev/null\"))"
 }

Modified: trunk/base/src/port1.0/portutil.tcl
===================================================================
--- trunk/base/src/port1.0/portutil.tcl	2012-09-28 04:07:10 UTC (rev 98192)
+++ trunk/base/src/port1.0/portutil.tcl	2012-09-28 05:10:50 UTC (rev 98193)
@@ -1326,6 +1326,7 @@
     if {$procedure != ""} {
         set targetname [ditem_key $ditem name]
         set target [ditem_key $ditem provides]
+        portsandbox::set_profile $target
         global ${target}.asroot
         if { [tbool ${target}.asroot] } {
             elevateToRoot $targetname
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/macports-changes/attachments/20120927/16f1ac1c/attachment-0001.html>

More information about the macports-changes mailing list