Perlbot/perlbuut
1
0
Fork 0
mirror of https://github.com/perlbot/perlbuut synced 2025-06-07 16:45:40 -04:00
Code Issues Releases Wiki Activity

Allow basic IO::Async to work

Browse source
This commit is contained in:
Ryan Voots 2016-10-18 17:16:52 -07:00
parent 5eb713a1d3
commit a0b16eb284
3 changed files with 20 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

0
bin/mountjail.sh Normal file → Executable file
View file

15
bin/testeval.sh Executable file
View file

@ -0,0 +1,15 @@
#!/bin/bash
read -r -d '' CODE <<'EOC'
perl use IO::Async::Loop; my $loop = IO::Async::Loop->really_new; my $foo; $loop->timeout_future(after => 1.5)->on_done(sub { $foo = 42 })->get; $foo
EOC
echo --------
echo $CODE
echo --------
rm -f ./jail/noseccomp
echo $CODE | sudo strace -okilled.log /home/ryan/perl5/perlbrew/perls/perl-blead/bin/perl ./lib/eval.pl
touch ./jail/noseccomp
echo $CODE | sudo strace -oalive.log /home/ryan/perl5/perlbrew/perls/perl-blead/bin/perl ./lib/eval.pl
rm -f ./jail/noseccomp

7
lib/eval.pl
View file

@ -64,6 +64,9 @@ sub get_seccomp {
$rule_add->(mremap => );
$rule_add->(mprotect =>);
# Allow select, might need to have some kind of restriction on it? probably fine
$rule_add->(select => );
# These are the allowed modes on open, allow that to work in any combo
my ($O_DIRECTORY, $O_CLOEXEC, $O_NOCTTY) = (00200000, 02000000, 00000400);
my @allowed_open_modes = (&POSIX::O_RDONLY, &POSIX::O_NONBLOCK, $O_DIRECTORY, $O_CLOEXEC, $O_NOCTTY);
@ -93,13 +96,13 @@ sub get_seccomp {
# 4352 ioctl(4, TCGETS, 0x7ffd10963820) = -1 ENOTTY (Inappropriate ioctl for device)
$rule_add->(ioctl => [1, '==', 0x5401]); # This happens on opened files for some reason? wtf
my @blind_syscalls = qw/read exit exit_group brk lseek fstat fcntl stat rt_sigaction rt_sigprocmask geteuid getuid getcwd close getdents getgid getegid getgroups lstat nanosleep/;
my @blind_syscalls = qw/read exit exit_group brk lseek fstat fcntl stat rt_sigaction rt_sigprocmask geteuid getuid getcwd close getdents getgid getegid getgroups lstat nanosleep getrlimit/;
for my $syscall (@blind_syscalls) {
$rule_add->($syscall);
}
$seccomp->load;
$seccomp->load unless -e './noseccomp';
}
no warnings;