Perlbot/perlbuut
1
0
Fork 0
mirror of https://github.com/perlbot/perlbuut synced 2025-06-07 17:55:42 -04:00
Code Issues Releases Wiki Activity

Ruby works now. I need to replace the use of glob() since it has size limits

Browse source
This commit is contained in:
Ryan Voots 2017-05-06 06:45:06 -04:00
parent c4d914c308
commit b285d3a659
2 changed files with 10 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
bin/testeval.sh
View file

@ -1,15 +1,11 @@
#!/bin/bash #!/bin/bash
read -r -d '' CODE <<'EOC' read -r -d '' CODE <<'EOC'
perl5.5 BEGIN {$ENV{TMPDIR}="/tmp"}; use File::Temp; File::Temp->new().""; ruby print "Hello World";
EOC EOC
echo -------- echo --------
echo $CODE echo $CODE
echo -------- echo --------
rm -f ./jail/noseccomp echo $CODE | sudo strace -f -o killed.log timeout 30 /home/ryan/perl5/perlbrew/perls/perlbot-inuse/bin/perl5* ./bin/test_eval.pl
echo $CODE | sudo strace -f -ojail/killed.log /home/ryan/perl5/perlbrew/perls/perlbot-inuse/bin/perl5* ./bin/test_eval.pl
touch ./jail/noseccomp
echo $CODE | sudo strace -f -ojail/alive.log /home/ryan/perl5/perlbrew/perls/perlbot-inuse/bin/perl5* ./bin/test_eval.pl
rm -f ./jail/noseccomp

13
lib/EvalServer/Seccomp.pm
View file

@ -28,7 +28,7 @@ my ($O_DIRECTORY, $O_CLOEXEC, $O_NOCTTY, $O_NOFOLLOW) = (00200000, 02000000, 000
# TODO this needs some accessors to make it easier to define rulesets # TODO this needs some accessors to make it easier to define rulesets
our %rule_sets = ( our %rule_sets = (
default => { default => {
include => ['time_calls', 'file_readonly', 'stdio', 'exec_wrapper', 'file_write', 'file_tty'], include => ['time_calls', 'file_readonly', 'stdio', 'exec_wrapper', 'file_write', 'file_tty', 'file_opendir'],
rules => [{syscall => 'mmap'}, rules => [{syscall => 'mmap'},
{syscall => 'munmap'}, {syscall => 'munmap'},
{syscall => 'mremap'}, {syscall => 'mremap'},
@ -89,12 +89,13 @@ our %rule_sets = (
], ],
}, },
file_opendir => { file_opendir => {
permute => {open_modes => [$O_DIRECTORY]}, rules => [{syscall => 'getdents'},
rules => [{syscall => 'getdents'}], {syscall => 'open', rules => [['1', '==', $O_DIRECTORY|&POSIX::O_RDONLY|&POSIX::O_NONBLOCK|$O_CLOEXEC]]},
],
include => ['file_open'], include => ['file_open'],
}, },
file_tty => { file_tty => {
permute => {open_modes => [$O_NOCTTY, ]}, permute => {open_modes => [$O_NOCTTY]},
include => ['file_open'], include => ['file_open'],
}, },
file_readonly => { file_readonly => {
@ -279,11 +280,13 @@ sub build_seccomp {
croak "Permutation on syscall rule without actual permutation specified" if (!@perm_on); croak "Permutation on syscall rule without actual permutation specified" if (!@perm_on);
my $glob_string = join '__', map { "{".join(",", @{$full_permute{$_}})."}" } @perm_on; my $glob_string = join '__', map { "{".join(",", @{$full_permute{$_}})."}" } @perm_on;
my @globs = grep {defined $_ && $_ ne ''} glob $glob_string;
die "Too many permute options for syscall $syscall" unless (@globs >= 1);
for my $g_value (glob $glob_string) { for my $g_value (glob $glob_string) {
my %pvals; my %pvals;
@pvals{@perm_on} = split /__/, $g_value; @pvals{@perm_on} = split /__/, $g_value;
push @{$comp_rules{$syscall}}, push @{$comp_rules{$syscall}},
[map { [map {
my @r = @$_; my @r = @$_;