36 #include <sys/procdesc.h>
37 #include <sys/socket.h>
59 bool is_executable_file(
int fd);
75 if (!is_executable_file(fd))
return NULL;
87 binary *bin = binary_alloc();
88 if (bin == NULL)
return NULL;
90 bin->entry_point = name;
98 code->spawn = &capsicum_spawn;
99 code->platform_specific = binary_wrap(bin);
105 extern char **environ;
111 binary *bin = binary_unwrap(sandbox_code->platform_specific);
112 if (bin == NULL)
return NULL;
118 int capstart_binary = capstart();
119 if (capstart_binary < 0)
return NULL;
129 int arg_fd =
argsfd(args);
130 if ((arg_fd < 0) && (errno != 0)) {
131 warn(
"Failed to transcribe arguments");
139 if (socketpair(PF_LOCAL, SOCK_SEQPACKET, 0, (
int*) &sockets) != 0) {
140 warn(
"Failed to create sandbox communication socket");
145 pid_t child = pdfork(&child_pd, 0);
148 warn(
"Failed to fork sandbox process");
157 if (recv(sockets[0], &data,
sizeof(data), 0) < 0)
158 err(1,
"Error receiving from sandbox");
159 printf(
"Received something from sandbox: '%c'\n", data);
171 if (asprintf(arg + 0,
"sandbox") <= 0)
return NULL;
172 if (asprintf(arg + 1,
"%d", bin->fd) <= 0)
return NULL;
173 if (asprintf(arg + 2,
"%s", bin->entry_point) <= 0)
return NULL;
174 if (asprintf(arg + 3,
"%d", arg_fd) <= 0)
return NULL;
175 if (asprintf(arg + 4,
"%d", sockets[1]) <= 0)
return NULL;
178 char *
const *argv = arg;
183 fexecve(capstart_binary, argv, environ);
197 bin = open(
"../capstart/capstart", O_RDONLY | O_EXEC);
198 if (bin < 0) err(1,
"unable to find 'capstart' binary");
205 #define HAS(haystack, needle) ((haystack & needle) == needle)
208 is_executable_file(
int fd)
211 if (fstat(fd, &sb))
return 0;
214 if (!HAS(sb.st_mode, S_IFREG))
return 0;
218 HAS(sb.st_mode, S_IXUSR) ||
219 HAS(sb.st_mode, S_IXGRP) ||
220 HAS(sb.st_mode, S_IXOTH)
222 if (!executable)
return 0;