[Libreoffice-commits] online.git: common/Seccomp.cpp common/Seccomp.hpp configure.ac kit/ForKit.cpp kit/Kit.cpp
Andras Timar
andras.timar at collabora.com
Mon Jul 3 09:43:19 UTC 2017
common/Seccomp.cpp | 16 ++++++++++++++--
common/Seccomp.hpp | 2 ++
configure.ac | 17 ++++++++++++++---
kit/ForKit.cpp | 6 +++---
kit/Kit.cpp | 2 +-
5 files changed, 34 insertions(+), 9 deletions(-)
New commits:
commit ad8bffa04a9fd104342d245100ba419b69f7e8ba
Author: Andras Timar <andras.timar at collabora.com>
Date: Fri Jun 30 12:10:38 2017 +0200
configure option to disable SECCOMP
Change-Id: I8120674b60d388a3f85190631469a112c4af9266
Reviewed-on: https://gerrit.libreoffice.org/39408
Reviewed-by: Michael Meeks <michael.meeks at collabora.com>
Tested-by: Michael Meeks <michael.meeks at collabora.com>
diff --git a/common/Seccomp.cpp b/common/Seccomp.cpp
index c8ac7b39..3fbc3aed 100644
--- a/common/Seccomp.cpp
+++ b/common/Seccomp.cpp
@@ -12,12 +12,13 @@
*/
#include "config.h"
-
#include <dlfcn.h>
#include <ftw.h>
#include <linux/audit.h>
#include <linux/filter.h>
+#if DISABLE_SECCOMP == 0
#include <linux/seccomp.h>
+#endif
#include <malloc.h>
#include <signal.h>
#include <sys/capability.h>
@@ -42,6 +43,7 @@
# error "Platform does not support seccomp filtering yet - unsafe."
#endif
+#if DISABLE_SECCOMP == 0
extern "C" {
static void handleSysSignal(int /* signal */,
@@ -73,6 +75,7 @@ static void handleSysSignal(int /* signal */,
}
} // extern "C"
+#endif
namespace Seccomp {
@@ -80,6 +83,7 @@ bool lockdown(Type type)
{
(void)type; // so far just the kit.
+#if DISABLE_SECCOMP == 0
#define ACCEPT_SYSCALL(name) \
BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_##name, 0, 1), \
BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW)
@@ -214,8 +218,16 @@ bool lockdown(Type type)
LOG_TRC("Install seccomp filter successfully.");
return true;
+#else // DISABLE_SECCOMP == 0
+ LOG_WRN("Warning this code was compiled without seccomp enabled, this setup is not recommended for production.");
+ return true;
+#endif // DISABLE_SECCOMP == 0
}
+} // namespace Seccomp
+
+namespace Rlimit {
+
bool handleSetrlimitCommand(const std::vector<std::string>& tokens)
{
if (tokens.size() == 3 && tokens[0] == "setconfig")
@@ -276,6 +288,6 @@ bool handleSetrlimitCommand(const std::vector<std::string>& tokens)
return false;
}
-} // namespace Seccomp
+} // namespace Rlimit
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/common/Seccomp.hpp b/common/Seccomp.hpp
index f6d1a130..5098c1c7 100644
--- a/common/Seccomp.hpp
+++ b/common/Seccomp.hpp
@@ -14,7 +14,9 @@ namespace Seccomp {
/// Lock-down a process hard - @returns true on success.
bool lockdown(Type type);
+};
+namespace Rlimit {
/// Handles setconfig command with limit_... subcommands.
/// Returns true iff it handled the command, regardless of success/failure.
bool handleSetrlimitCommand(const std::vector<std::string>& tokens);
diff --git a/configure.ac b/configure.ac
index 4da3f4e9..45a4160f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -52,6 +52,10 @@ AC_ARG_ENABLE([debug],
AS_HELP_STRING([--enable-debug],
[Enable debugging, link with debugging version of Poco libraries]))
+AC_ARG_ENABLE([seccomp],
+ AS_HELP_STRING([--disable-seccomp],
+ [Disable use of linux/seccomp.h header when kernel on target system does not support it.
+ Beware of the security consequences!]))
AC_ARG_WITH([lokit-path],
AS_HELP_STRING([--with-lokit-path=<path>],
[Path to the "include" directory with the LibreOfficeKit headers]))
@@ -267,9 +271,16 @@ AC_CHECK_HEADERS([LibreOfficeKit/LibreOfficeKit.h],
AC_CHECK_HEADERS([Poco/Net/WebSocket.h],
[],
[AC_MSG_ERROR([header Poco/Net/WebSocket.h not found, perhaps you want to use --with-poco-includes])])
-AC_CHECK_HEADERS([linux/seccomp.h],
- [],
- [AC_MSG_ERROR([critical security header linux/seccomp.h not found.])])
+DISABLE_SECCOMP=
+if test "$enable_seccomp" != "no"; then
+ AC_CHECK_HEADERS([linux/seccomp.h],
+ [],
+ [AC_MSG_ERROR([critical security header linux/seccomp.h not found. If kernel on target system does not support SECCOMP, you can use --disable-seccomp, but mind the security consequences.])])
+ AC_DEFINE([DISABLE_SECCOMP],0,[Whether to disable SECCOMP])
+else
+ AC_DEFINE([DISABLE_SECCOMP],1,[Whether to disable SECCOMP])
+fi
+
AC_MSG_CHECKING([POCO version])
AC_COMPILE_IFELSE([AC_LANG_SOURCE([
diff --git a/kit/ForKit.cpp b/kit/ForKit.cpp
index fa95321d..5dde307f 100644
--- a/kit/ForKit.cpp
+++ b/kit/ForKit.cpp
@@ -113,8 +113,8 @@ public:
}
else if (tokens.size() == 3 && tokens[0] == "setconfig")
{
- // Currently onlly rlimit entries are supported.
- if (!Seccomp::handleSetrlimitCommand(tokens))
+ // Currently only rlimit entries are supported.
+ if (!Rlimit::handleSetrlimitCommand(tokens))
{
LOG_ERR("Unknown setconfig command: " << message);
}
@@ -442,7 +442,7 @@ int main(int argc, char** argv)
{
const auto pair = LOOLProtocol::split(cmdLimit, ':');
std::vector<std::string> tokensLimit = { "setconfig", pair.first, pair.second };
- if (!Seccomp::handleSetrlimitCommand(tokensLimit))
+ if (!Rlimit::handleSetrlimitCommand(tokensLimit))
{
LOG_ERR("Unknown rlimits command: " << cmdLimit);
}
diff --git a/kit/Kit.cpp b/kit/Kit.cpp
index 64898ef8..8036503b 100644
--- a/kit/Kit.cpp
+++ b/kit/Kit.cpp
@@ -1927,7 +1927,7 @@ void lokit_main(const std::string& childRoot,
else if (tokens.size() == 3 && tokens[0] == "setconfig")
{
// Currently onlly rlimit entries are supported.
- if (!Seccomp::handleSetrlimitCommand(tokens))
+ if (!Rlimit::handleSetrlimitCommand(tokens))
{
LOG_ERR("Unknown setconfig command: " << message);
}
More information about the Libreoffice-commits
mailing list