Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add sandboxing with Landlock #184

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

Add sandboxing with Landlock #184

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions CPP/7zip/Bundles/Alone/makefile.list
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -191,11 +191,13 @@ SRCS=\
../../../../CPP/7zip/UI/Console/MainAr.cpp \
../../../../CPP/7zip/UI/Console/OpenCallbackConsole.cpp \
../../../../CPP/7zip/UI/Console/PercentPrinter.cpp \
../../../../CPP/7zip/UI/Console/Sandbox.cpp \
../../../../CPP/7zip/UI/Console/UpdateCallbackConsole.cpp \
../../../../CPP/7zip/UI/Console/UserInputUtils.cpp \
../../../../CPP/Common/CRC.cpp \
../../../../CPP/Common/CommandLineParser.cpp \
../../../../CPP/Common/CrcReg.cpp \
../../../../CPP/Common/C_FileIO.cpp \
../../../../CPP/Common/IntToString.cpp \
../../../../CPP/Common/ListFileUtils.cpp \
../../../../CPP/Common/MyString.cpp \
Expand Down Expand Up @@ -969,6 +971,8 @@ OpenCallbackConsole.o : ../../../../CPP/7zip/UI/Console/OpenCallbackConsole.cpp
$(CXX) $(CXXFLAGS) ../../../../CPP/7zip/UI/Console/OpenCallbackConsole.cpp
PercentPrinter.o : ../../../../CPP/7zip/UI/Console/PercentPrinter.cpp
$(CXX) $(CXXFLAGS) ../../../../CPP/7zip/UI/Console/PercentPrinter.cpp
Sandbox.o : ../../../../CPP/7zip/UI/Console/Sandbox.cpp
$(CXX) $(CXXFLAGS) ../../../../CPP/7zip/UI/Console/Sandbox.cpp
UpdateCallbackConsole.o : ../../../../CPP/7zip/UI/Console/UpdateCallbackConsole.cpp
$(CXX) $(CXXFLAGS) ../../../../CPP/7zip/UI/Console/UpdateCallbackConsole.cpp
UserInputUtils.o : ../../../../CPP/7zip/UI/Console/UserInputUtils.cpp
Expand All @@ -979,6 +983,8 @@ CommandLineParser.o : ../../../../CPP/Common/CommandLineParser.cpp
$(CXX) $(CXXFLAGS) ../../../../CPP/Common/CommandLineParser.cpp
CrcReg.o : ../../../../CPP/Common/CrcReg.cpp
$(CXX) $(CXXFLAGS) ../../../../CPP/Common/CrcReg.cpp
C_FileIO.o : ../../../../CPP/Common/C_FileIO.cpp
$(CXX) $(CXXFLAGS) ../../../../CPP/Common/C_FileIO.cpp
IntToString.o : ../../../../CPP/Common/IntToString.cpp
$(CXX) $(CXXFLAGS) ../../../../CPP/Common/IntToString.cpp
ListFileUtils.o : ../../../../CPP/Common/ListFileUtils.cpp
Expand Down Expand Up @@ -1342,11 +1348,13 @@ OBJS=\
MainAr.o \
OpenCallbackConsole.o \
PercentPrinter.o \
Sandbox.o \
UpdateCallbackConsole.o \
UserInputUtils.o \
CRC.o \
CommandLineParser.o \
CrcReg.o \
C_FileIO.o \
IntToString.o \
ListFileUtils.o \
MyString.o \
Expand Down
8 changes: 8 additions & 0 deletions CPP/7zip/Bundles/Alone7z/makefile.list
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -112,11 +112,13 @@ SRCS=\
../../../../CPP/7zip/UI/Console/MainAr.cpp \
../../../../CPP/7zip/UI/Console/OpenCallbackConsole.cpp \
../../../../CPP/7zip/UI/Console/PercentPrinter.cpp \
../../../../CPP/7zip/UI/Console/Sandbox.cpp \
../../../../CPP/7zip/UI/Console/UpdateCallbackConsole.cpp \
../../../../CPP/7zip/UI/Console/UserInputUtils.cpp \
../../../../CPP/Common/CRC.cpp \
../../../../CPP/Common/CommandLineParser.cpp \
../../../../CPP/Common/CrcReg.cpp \
../../../../CPP/Common/C_FileIO.cpp \
../../../../CPP/Common/IntToString.cpp \
../../../../CPP/Common/ListFileUtils.cpp \
../../../../CPP/Common/MyString.cpp \
Expand Down Expand Up @@ -446,6 +448,8 @@ OpenCallbackConsole.o : ../../../../CPP/7zip/UI/Console/OpenCallbackConsole.cpp
$(CXX) $(CXXFLAGS) ../../../../CPP/7zip/UI/Console/OpenCallbackConsole.cpp
PercentPrinter.o : ../../../../CPP/7zip/UI/Console/PercentPrinter.cpp
$(CXX) $(CXXFLAGS) ../../../../CPP/7zip/UI/Console/PercentPrinter.cpp
Sandbox.o : ../../../../CPP/7zip/UI/Console/Sandbox.cpp
$(CXX) $(CXXFLAGS) ../../../../CPP/7zip/UI/Console/Sandbox.cpp
UpdateCallbackConsole.o : ../../../../CPP/7zip/UI/Console/UpdateCallbackConsole.cpp
$(CXX) $(CXXFLAGS) ../../../../CPP/7zip/UI/Console/UpdateCallbackConsole.cpp
UserInputUtils.o : ../../../../CPP/7zip/UI/Console/UserInputUtils.cpp
Expand All @@ -456,6 +460,8 @@ CommandLineParser.o : ../../../../CPP/Common/CommandLineParser.cpp
$(CXX) $(CXXFLAGS) ../../../../CPP/Common/CommandLineParser.cpp
CrcReg.o : ../../../../CPP/Common/CrcReg.cpp
$(CXX) $(CXXFLAGS) ../../../../CPP/Common/CrcReg.cpp
C_FileIO.o : ../../../../CPP/Common/C_FileIO.cpp
$(CXX) $(CXXFLAGS) ../../../../CPP/Common/C_FileIO.cpp
IntToString.o : ../../../../CPP/Common/IntToString.cpp
$(CXX) $(CXXFLAGS) ../../../../CPP/Common/IntToString.cpp
ListFileUtils.o : ../../../../CPP/Common/ListFileUtils.cpp
Expand Down Expand Up @@ -643,11 +649,13 @@ OBJS=\
MainAr.o \
OpenCallbackConsole.o \
PercentPrinter.o \
Sandbox.o \
UpdateCallbackConsole.o \
UserInputUtils.o \
CRC.o \
CommandLineParser.o \
CrcReg.o \
C_FileIO.o \
IntToString.o \
ListFileUtils.o \
MyString.o \
Expand Down
2 changes: 2 additions & 0 deletions CPP/7zip/CMAKE/7z_/CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,10 +65,12 @@ add_executable(7z_
"../../../../CPP/7zip/UI/Console/MainAr.cpp"
"../../../../CPP/7zip/UI/Console/OpenCallbackConsole.cpp"
"../../../../CPP/7zip/UI/Console/PercentPrinter.cpp"
"../../../../CPP/7zip/UI/Console/Sandbox.cpp"
"../../../../CPP/7zip/UI/Console/UpdateCallbackConsole.cpp"
"../../../../CPP/7zip/UI/Console/UserInputUtils.cpp"
"../../../../CPP/Common/CRC.cpp"
"../../../../CPP/Common/CommandLineParser.cpp"
"../../../../CPP/Common/C_FileIO.cpp"
"../../../../CPP/Common/IntToString.cpp"
"../../../../CPP/Common/ListFileUtils.cpp"
"../../../../CPP/Common/MyString.cpp"
Expand Down
2 changes: 2 additions & 0 deletions CPP/7zip/CMAKE/7za/CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -321,11 +321,13 @@ add_executable(7za
"../../../../CPP/7zip/UI/Console/MainAr.cpp"
"../../../../CPP/7zip/UI/Console/OpenCallbackConsole.cpp"
"../../../../CPP/7zip/UI/Console/PercentPrinter.cpp"
"../../../../CPP/7zip/UI/Console/Sandbox.cpp"
"../../../../CPP/7zip/UI/Console/UpdateCallbackConsole.cpp"
"../../../../CPP/7zip/UI/Console/UserInputUtils.cpp"
"../../../../CPP/Common/CRC.cpp"
"../../../../CPP/Common/CommandLineParser.cpp"
"../../../../CPP/Common/CrcReg.cpp"
"../../../../CPP/Common/C_FileIO.cpp"
"../../../../CPP/Common/IntToString.cpp"
"../../../../CPP/Common/ListFileUtils.cpp"
"../../../../CPP/Common/MyString.cpp"
Expand Down
2 changes: 2 additions & 0 deletions CPP/7zip/CMAKE/7zr/CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -147,11 +147,13 @@ add_executable(7zr
"../../../../CPP/7zip/UI/Console/MainAr.cpp"
"../../../../CPP/7zip/UI/Console/OpenCallbackConsole.cpp"
"../../../../CPP/7zip/UI/Console/PercentPrinter.cpp"
"../../../../CPP/7zip/UI/Console/Sandbox.cpp"
"../../../../CPP/7zip/UI/Console/UpdateCallbackConsole.cpp"
"../../../../CPP/7zip/UI/Console/UserInputUtils.cpp"
"../../../../CPP/Common/CRC.cpp"
"../../../../CPP/Common/CommandLineParser.cpp"
"../../../../CPP/Common/CrcReg.cpp"
"../../../../CPP/Common/C_FileIO.cpp"
"../../../../CPP/Common/IntToString.cpp"
"../../../../CPP/Common/ListFileUtils.cpp"
"../../../../CPP/Common/MyString.cpp"
Expand Down
2 changes: 2 additions & 0 deletions CPP/7zip/PREMAKE/premake4.lua
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -332,11 +332,13 @@ solution "p7zip"
"../../../../CPP/7zip/UI/Console/MainAr.cpp",
"../../../../CPP/7zip/UI/Console/OpenCallbackConsole.cpp",
"../../../../CPP/7zip/UI/Console/PercentPrinter.cpp",
"../../../../CPP/7zip/UI/Console/Sandbox.cpp",
"../../../../CPP/7zip/UI/Console/UpdateCallbackConsole.cpp",
"../../../../CPP/7zip/UI/Console/UserInputUtils.cpp",
"../../../../CPP/Common/CRC.cpp",
"../../../../CPP/Common/CommandLineParser.cpp",
"../../../../CPP/Common/CrcReg.cpp",
"../../../../CPP/Common/C_FileIO.cpp",
"../../../../CPP/Common/IntToString.cpp",
"../../../../CPP/Common/ListFileUtils.cpp",
"../../../../CPP/Common/MyString.cpp",
Expand Down
2 changes: 2 additions & 0 deletions CPP/7zip/QMAKE/7z_/7z_.pro
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,10 +77,12 @@ SOURCES += \
../../../../CPP/7zip/UI/Console/MainAr.cpp \
../../../../CPP/7zip/UI/Console/OpenCallbackConsole.cpp \
../../../../CPP/7zip/UI/Console/PercentPrinter.cpp \
../../../../CPP/7zip/UI/Console/Sandbox.cpp \
../../../../CPP/7zip/UI/Console/UpdateCallbackConsole.cpp \
../../../../CPP/7zip/UI/Console/UserInputUtils.cpp \
../../../../CPP/Common/CRC.cpp \
../../../../CPP/Common/CommandLineParser.cpp \
../../../../CPP/Common/C_FileIO.cpp \
../../../../CPP/Common/IntToString.cpp \
../../../../CPP/Common/ListFileUtils.cpp \
../../../../CPP/Common/MyString.cpp \
Expand Down
2 changes: 2 additions & 0 deletions CPP/7zip/QMAKE/7za/7za.pro
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -335,11 +335,13 @@ SOURCES += \
../../../../CPP/7zip/UI/Console/MainAr.cpp \
../../../../CPP/7zip/UI/Console/OpenCallbackConsole.cpp \
../../../../CPP/7zip/UI/Console/PercentPrinter.cpp \
../../../../CPP/7zip/UI/Console/Sandbox.cpp \
../../../../CPP/7zip/UI/Console/UpdateCallbackConsole.cpp \
../../../../CPP/7zip/UI/Console/UserInputUtils.cpp \
../../../../CPP/Common/CRC.cpp \
../../../../CPP/Common/CommandLineParser.cpp \
../../../../CPP/Common/CrcReg.cpp \
../../../../CPP/Common/C_FileIO.cpp \
../../../../CPP/Common/IntToString.cpp \
../../../../CPP/Common/ListFileUtils.cpp \
../../../../CPP/Common/MyString.cpp \
Expand Down
2 changes: 2 additions & 0 deletions CPP/7zip/QMAKE/7zr/7zr.pro
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -161,11 +161,13 @@ SOURCES += \
../../../../CPP/7zip/UI/Console/MainAr.cpp \
../../../../CPP/7zip/UI/Console/OpenCallbackConsole.cpp \
../../../../CPP/7zip/UI/Console/PercentPrinter.cpp \
../../../../CPP/7zip/UI/Console/Sandbox.cpp \
../../../../CPP/7zip/UI/Console/UpdateCallbackConsole.cpp \
../../../../CPP/7zip/UI/Console/UserInputUtils.cpp \
../../../../CPP/Common/CRC.cpp \
../../../../CPP/Common/CommandLineParser.cpp \
../../../../CPP/Common/CrcReg.cpp \
../../../../CPP/Common/C_FileIO.cpp \
../../../../CPP/Common/IntToString.cpp \
../../../../CPP/Common/ListFileUtils.cpp \
../../../../CPP/Common/MyString.cpp \
Expand Down
50 changes: 50 additions & 0 deletions CPP/7zip/UI/Common/Extract.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,56 @@ using namespace NWindows;
using namespace NFile;
using namespace NDir;

// Base directories according to options.OutputDir examples:
// - "/f*" => /
// - "/*" => /
// - "" => ./
// - "/f/" => /f
// - "/f/*" => /f
// - "/f/*/*" => /f
// - "/tmp/x/*/y" => /tmp
FString GetOutputBaseDir(
const CExtractOptions &options)
{
// TODO: make -oX and -so mutually exclusive to avoid useless dir creation and then access error
if (options.StdOutMode)
return FString();

FString baseDir = options.OutputDir;

// Removes everything after the first mask, if any.
int end = baseDir.Find(FSTRING_ANY_MASK);
if (end > 0) {
baseDir.ReleaseBuf_SetEnd(end);

// Removes the left part of the mask, if any.
end = baseDir.ReverseFind(FCHAR_PATH_SEPARATOR);
if (end < 0)
baseDir = FString();
else if (end == 0)
baseDir.ReleaseBuf_SetEnd(1);
else
baseDir.ReleaseBuf_SetEnd(end);
}

// Looks for the deepest existing directory to sandbox as much as possible
// before trying to make directories.
NFind::CFileInfo fi;
while (!baseDir.IsEmpty() && baseDir != FCHAR_PATH_SEPARATOR && !(fi.Find(baseDir) && fi.IsDir()))
{
end = baseDir.ReverseFind(FCHAR_PATH_SEPARATOR);
if (end == -1)
baseDir = FString();
else if (end > 0)
baseDir = baseDir.Left(end);
}

if (baseDir.IsEmpty())
return FTEXT(".") FSTRING_PATH_SEPARATOR;

return baseDir;
}

static HRESULT DecompressArchive(
CCodecs *codecs,
const CArchiveLink &arcLink,
Expand Down
4 changes: 4 additions & 0 deletions CPP/7zip/UI/Common/Extract.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -91,4 +91,8 @@ HRESULT Extract(
UString &errorMessage,
CDecompressStat &st);

// Returns the existing directory where the archive should be extracted, or an empty Fstring if stdout is used.
FString GetOutputBaseDir(
const CExtractOptions &options);

#endif
2 changes: 2 additions & 0 deletions CPP/7zip/UI/Console/Main.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -909,6 +909,8 @@ int Main2(
eo.Properties = options.Properties;
#endif

ecs->OutputDir = GetOutputBaseDir(eo);

UString errorMessage;
CDecompressStat stat;
CHashBundle hb;
Expand Down
6 changes: 6 additions & 0 deletions CPP/7zip/UI/Console/OpenCallbackConsole.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@

#include "ConsoleClose.h"
#include "UserInputUtils.h"
#include "Sandbox.h"

static HRESULT CheckBreak2()
{
Expand All @@ -19,6 +20,11 @@ HRESULT COpenCallbackConsole::Open_CheckBreak()

HRESULT COpenCallbackConsole::Open_SetTotal(const UInt64 *files, const UInt64 *bytes)
{
Sandbox sb;
sb.ErrorStream = _se;
sb.WritableDir = &OutputDir;
sb.Enforce();

if (!MultiArcMode && NeedPercents())
{
if (files)
Expand Down
1 change: 1 addition & 0 deletions CPP/7zip/UI/Console/OpenCallbackConsole.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ class COpenCallbackConsole: public IOpenCallbackUI
public:

bool MultiArcMode;
FString OutputDir;

void ClosePercents()
{
Expand Down
Loading