wareck
/
ftpz


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264
							#ifndef VSF_PTRACESANDBOX_H
#define VSF_PTRACESANDBOX_H

/* Forward delcarations */
struct pt_sandbox;

typedef int (*ptrace_sandbox_validator_t)(struct pt_sandbox*, void*);

/* ptrace_sandbox_alloc()
 * PURPOSE
 * Allocates a ptrace sandbox object which is needed for the rest of the API.
 * RETURNS
 * NULL on failure, otherwise an opaque handle.
 * TODO
 * Only one per process supported at this time.
 */
struct pt_sandbox* ptrace_sandbox_alloc();

/* ptrace_sandbox_free()
 * PURPOSE
 * Frees the sandbox object.
 * PARAMETERS
 * p_sandbox        - the sandbox handle to free
 */
void ptrace_sandbox_free(struct pt_sandbox* p_sandbox);

/* ptrace_sandbox_launch_process()
 * PURPOSE
 * Launches a new process and attaches the sandbox to it when it stops.
 * PARAMETERS
 * p_sandbox        - the sandbox handle
 * p_func           - the function to call at the start of the new process
 * p_arg            - an argument to pass to the function
 * RETURNS
 * -1 on failure, otherwise an id for the created process. Not necessarily a
 * "pid", please treat is as opaque!
 * TODO
 * Only one call to this per sandbox object is supported at this time.
 */
int ptrace_sandbox_launch_process(struct pt_sandbox* p_sandbox,
                                  void (*p_func)(void*),
                                  void* p_arg);

/* ptrace_sandbox_run_processes()
 * PURPOSE
 * Runs sandboxed children until they exit or are killed.
 * PARAMETERS
 * p_sandbox        - the sandbox handle
 * RETURNS
 * 0 on normal exit or death of processes.
 * -1 if any process breached the policy.
 */
int ptrace_sandbox_run_processes(struct pt_sandbox* p_sandbox);

/* ptrace_sandbox_kill_processes()
 * PURPOSE
 * Safely kills off all sandboxed processes.
 * PARAMETERS
 * p_sandbox        - the sandbox handle
 */
void ptrace_sandbox_kill_processes(struct pt_sandbox* p_sandbox);

/* ptrace_sandbox_get_arg()
 * PURPOSE
 * Gets a syscall argument value for a process stopped in syscall entry.
 * PARAMETERS
 * p_sandbox        - the sandbox handle
 * arg              - the arg number to get (zero-based)
 * p_out            - the result is written here
 * RETURNS
 * 0 on success; otherwise it's a failure.
 */
int ptrace_sandbox_get_arg(struct pt_sandbox* p_sandbox,
                           int arg,
                           unsigned long* p_out);

/* ptrace_sandbox_get_socketcall_arg()
 * PURPOSE
 * Gets a syscall argument value for a process stopped in syscall entry, where
 * the system call is a socket-related one. On some architectures (e.g. i386,
 * socket calls are in fact multiplexed and store the arguments in a struct
 * in user space, hence the need for abstraction.
 * PARAMETERS
 * p_sandbox        - the sandbox handle
 * arg              - the arg number to get (zero-based)
 * p_out            - the result is written here
 * RETURNS
 * 0 on success; otherwise it's a failure.
 */
int ptrace_sandbox_get_socketcall_arg(struct pt_sandbox* p_sandbox,
                                      int arg,
                                      unsigned long* p_out);

/* ptrace_sandbox_get_long()
 * PURPOSE
 * Gets a long from the address space of the process stopped in syscall entry.
 * PARAMETERS
 * p_sandbox        - the sandbox handle
 * ptr              - the address to read the long from
 * p_out            - the result is written here
 * RETURNS
 * 0 on success; otherwise it's a failure.
 */
int ptrace_sandbox_get_long(struct pt_sandbox* p_sandbox,
                            unsigned long ptr,
                            unsigned long* p_out);

/* ptrace_sandbox_get_buf()
 * PURPOSE
 * Gets a piece of memory from the address space of the process stopped in
 * syscall entry.
 * PARAMETERS
 * p_sandbox        - the sandbox handle
 * ptr              - the address to read the buffer from
 * len              - the length of the buffer
 * p_buf            - the result is written here
 * RETURNS
 * 0 on success; otherwise it's a failure.
 */
int ptrace_sandbox_get_buf(struct pt_sandbox* p_sandbox,
                           unsigned long ptr,
                           unsigned long len,
                           void* p_buf);

/* ptrace_sandbox_attach_point()
 * PURPOSE
 * Used by the sandbox child code to stop and indicate it is ready to be
 * attached to.
 * NOTES
 * In the event of error trying to stop, the process is forcibly killed as a
 * security measure.
 */
void ptrace_sandbox_attach_point(void);

/* POLICY EDIT: permits exit() and exit_group() */
void ptrace_sandbox_permit_exit(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits read() */
void ptrace_sandbox_permit_read(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits write() */
void ptrace_sandbox_permit_write(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits sigaction() and rt_sigaction() */
void ptrace_sandbox_permit_sigaction(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits alarm() */
void ptrace_sandbox_permit_alarm(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits time() and gettimeofday() */
void ptrace_sandbox_permit_query_time(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits mmap2() (but not the MAP_SHARED flag) */
void ptrace_sandbox_permit_mmap(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits mprotect() */
void ptrace_sandbox_permit_mprotect(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits stat(), stat64(), lstat(), lstat64() */
void ptrace_sandbox_permit_file_stats(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits fstat(), fstat64() */
void ptrace_sandbox_permit_fd_stats(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits getcwd() */
void ptrace_sandbox_permit_getcwd(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits chdir() */
void ptrace_sandbox_permit_chdir(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits umask() */
void ptrace_sandbox_permit_umask(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits open(), except O_ASYNC and O_DIRECT. Only O_RDONLY
 * allowed unless writeable is 1
 */
void ptrace_sandbox_permit_open(struct pt_sandbox* p_sandbox, int writeable);
/* POLICY EDIT: permits close() */
void ptrace_sandbox_permit_close(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits getdents(), getdents64() */
void ptrace_sandbox_permit_getdents(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits fcntl(), fcntl64() for file locking, safe F_SETFL flag
 * setting (no O_ASYNC, O_DIRECT), F_SETOWN for your own pid and F_SETFD.
 */
void ptrace_sandbox_permit_fcntl(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits sendfile(), sendfile64() */
void ptrace_sandbox_permit_sendfile(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits lseek(), llseek() */
void ptrace_sandbox_permit_seek(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits select(), newselect() */
void ptrace_sandbox_permit_select(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits unlink() */
void ptrace_sandbox_permit_unlink(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits mkdir() */
void ptrace_sandbox_permit_mkdir(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits rmdir() */
void ptrace_sandbox_permit_rmdir(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits rename() */
void ptrace_sandbox_permit_rename(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits utime(), utimes() */
void ptrace_sandbox_permit_utime(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits sigreturn() */
void ptrace_sandbox_permit_sigreturn(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits recv() */
void ptrace_sandbox_permit_recv(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits readlink() */
void ptrace_sandbox_permit_readlink(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits brk() */
void ptrace_sandbox_permit_brk(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits nanosleep() */
void ptrace_sandbox_permit_sleep(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits fchmod() */
void ptrace_sandbox_permit_fchmod(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits chmod() */
void ptrace_sandbox_permit_chmod(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits fchown(), fchown32() */
void ptrace_sandbox_permit_fchown(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits mremap() */
void ptrace_sandbox_permit_mremap(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits ftruncate(), ftruncate64() */
void ptrace_sandbox_permit_ftruncate(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits socket() */
void ptrace_sandbox_permit_socket(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: set validator for socket() */
void ptrace_sandbox_set_socket_validator(struct pt_sandbox* p_sandbox,
                                         ptrace_sandbox_validator_t val,
                                         void* p_arg);
/* POLICY EDIT: permits bind() */
void ptrace_sandbox_permit_bind(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: set validator for bind() */
void ptrace_sandbox_set_bind_validator(struct pt_sandbox* p_sandbox,
                                       ptrace_sandbox_validator_t val,
                                       void* p_arg);
/* POLICY EDIT: permits connect() */
void ptrace_sandbox_permit_connect(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: set validator for connect() */
void ptrace_sandbox_set_connect_validator(struct pt_sandbox* p_sandbox,
                                          ptrace_sandbox_validator_t val,
                                          void* p_arg);
/* POLICY EDIT: permits listen() */
void ptrace_sandbox_permit_listen(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits accept() */
void ptrace_sandbox_permit_accept(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: permits setsockopt() */
void ptrace_sandbox_permit_setsockopt(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: set validator for setsockopt() */
void ptrace_sandbox_set_setsockopt_validator(struct pt_sandbox* p_sandbox,
                                             ptrace_sandbox_validator_t val,
                                             void* p_arg);
/* POLICY EDIT: permits getsockopt() */
void ptrace_sandbox_permit_getsockopt(struct pt_sandbox* p_sandbox);
/* POLICY EDIT: set validator for getsockopt() */
void ptrace_sandbox_set_getsockopt_validator(struct pt_sandbox* p_sandbox,
                                             ptrace_sandbox_validator_t val,
                                             void* p_arg);
/* POLICY EDIT: permits shutdown() */
void ptrace_sandbox_permit_shutdown(struct pt_sandbox* p_sandbox);

/* The traced process is unexpectedly dead; probably an external SIGKILL */
#define PTRACE_SANDBOX_ERR_DEAD              -1
/* An unexpected error from ptrace() */
#define PTRACE_SANDBOX_ERR_PTRACE            -2
/* An unexpected error from waitpid() */
#define PTRACE_SANDBOX_ERR_WAITPID           -3
/* An unexpected waitpid() status was returned */
#define PTRACE_SANDBOX_ERR_WAIT_STATUS       -4
/* A syscall not in the policy was attempted */
#define PTRACE_SANDBOX_ERR_POLICY_SYSCALL    -5
/* A "bad" syscall was attemped: out-of-bounds, 64-bit in a 32-bit child etc. */
#define PTRACE_SANDBOX_ERR_BAD_SYSCALL       -6
/* Bad arguments to a generally accepted syscall */
#define PTRACE_SANDBOX_ERR_POLICY_ARGS       -7
/* Abuse of our API */
#define PTRACE_SANDBOX_ERR_API_ABUSE_STOPIT  -8

#endif /* VSF_PTRACESANDBOX_H */