Commit graph

25 commits

Author SHA1 Message Date
Corentin Noël
2edf0dcb3a Seccomp: Add AARCH64 support
Change-Id: I59e042b244711ef3780cee7946be78d31dca8d8d
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/90717
Tested-by: Michael Meeks <michael.meeks@collabora.com>
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
2020-03-18 22:34:54 +01:00
Miklos Vajna
b8bd1990aa Rework LOOLProtocol::tokenize() to return a StringVector object
The bulk of this commit just changes std::vector<std::string> to
StringVector when we deal with tokens from a websocket message.

The less boring part of it is the new StringVector class, which is a
wrapper around std::vector<std::string>, and provides the same API,
except that operator[] returns a string, not a string&, and this allows
returning an empty string in case that prevents reading past the end of
the underlying array.

This means in case client code forgets to check size() before invoking
operator[], we don't crash. (See the ~3 previous commits which fixed
such crashes.)

Later the ctor could be changed to take a single underlying string to
avoid lots of tiny allocations, that's not yet done in this commit.

Change-Id: I8a6082143a8ac0b65824f574b32104d7889c184f
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/89687
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
2020-02-28 16:07:56 +01:00
Corentin Noël
08aa7d9149 Seccomp: add ARM support
Change-Id: I6982c6e68da5e2211f9dad0eb88fccab27230ed9
Reviewed-on: https://gerrit.libreoffice.org/83511
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Tested-by: Michael Meeks <michael.meeks@collabora.com>
2019-11-22 18:49:00 +01:00
Andras Timar
d1ae1b36c2 typo fixes in comments and code
Change-Id: Idd98516d30d98dea18eda9bbec8ac9777063b553
2019-10-08 11:49:45 +02:00
Ashod Nakashian
00a44d6e81 wsd: flush logs before existing
This is important for when we abort with some explanation.
Often said explanation doesn't show up anywhere to be useful.

Also, issue fatal logs for abnormal exist and use SFL to log errno.

Reviewed-on: https://gerrit.libreoffice.org/57540
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
(cherry picked from commit ad7964393eadb68873b820e0a620fb40f1e1b06a)

Change-Id: Ic67064ef40ef6e93d26e5847ecd32bdd49c3cc8b
2018-10-16 20:12:23 -04:00
Ashod Nakashian
3158d4c31c wsd: always use signal-safe calls
The async-signal-safe functions to get thread-id
and thread-name, which cache the results, are
faster, cleaner, and signal-safe. No reason why
we shouldn't always use them.

Especially since it appears the logic was
inverted in Log::prefix, such that the signal
un-safe calls were made during signal-handling,
and the safe ones were called otherwise!

Instead of passing the signal-safe flag to
Log::prefix, we pass the buffer size, for
improved security.

Furthermore, reduce header dependencies
and reduce clutter.

Change-Id: I697689b2f0a290b6d8cce4babc3ac1e576141da6
2018-10-16 20:12:23 -04:00
Tor Lillqvist
57326ae27c Third parameter to prefix() is a bool
Passing syscall(SYS_gettid) as a bool is equivalent to passing true,
as far as I understand.

Change-Id: I31bb15000a9e6c95b657d58bc78df4f3da0fe687
2018-08-29 18:36:16 +03:00
Tor Lillqvist
3352603011 Avoid cast that causes gcc warning
gcc 8 warns: cast between incompatible function types from ‘void
(*)(int, siginfo_t*, void*)’ to ‘__sighandler_t’ {aka ‘void (*)(int’}
[-Werror=cast-function-type].

The struct sigaction already has an appropriately typed field
sa_sigaction in a union with the sa_handler field, so use that. (If
that is not present in some older Linux and/or glibc that we still
need to support, this commit will have to be reverted then.)

Change-Id: I67667073c89b7b22e7de1933ccaaa60868685866
2018-07-19 12:46:54 +03:00
Tor Lillqvist
72baaa231c We seemed to have just two minor ASCII art instances, actually
Change-Id: I308cda537c26b1a9976e7bcf7634c67917a30163
2018-06-08 08:42:31 +03:00
Michael Meeks
071079a6a9 seccomp: allow socket shutdown in kit process.
Change-Id: Ie11f5eb278bcba8dcf13d6f095de2ffd6d23fcb3
2018-05-18 15:16:40 +02:00
Rene Engelhard
abf489991f fix --disable-seccomp build
Change-Id: I32008de7745e106e4a633fb587f2837c59cdd541
Reviewed-on: https://gerrit.libreoffice.org/50652
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Tested-by: Michael Meeks <michael.meeks@collabora.com>
2018-03-03 12:07:07 +01:00
Pranav Kant
1353408999 loplugin:includeform
Some files weren't rewritten from the last run.

Change-Id: I8c5beadaf2cf9b367158abe6f0a5460fa3054521
2017-12-21 20:09:03 +05:30
Aron Budea
f6ec965dff rlimits: Friendlier and more precise logging of numbers
Unlimited settings were logged as huge numbers.
In two cases settings were logged via LOG_SYS (and as errors)
instead of LOG_INF.

Change-Id: I1da493c0126ecf9d2382956ac1e60e57988696ee
Reviewed-on: https://gerrit.libreoffice.org/44731
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
2017-11-23 21:15:39 +01:00
Miklos Vajna
7ab856b196 common, wsd: clean up redundant casts
Change-Id: Iad7e2417c6b1a154f6ad21839b841ca452e835c5
2017-10-24 09:23:54 +02:00
Jan Holesovsky
262916363d rlimits: The fsize and nofile need more tweaking...
Change-Id: Ifdb4d24f103f54fd286b8ffa715c0a61c2cff94f
2017-10-06 15:42:53 +02:00
Marco Cecchetti
e015c83957 fixed wrong logging text
Change-Id: Ife3bdf05e15a9f11227c37eec6af0719cd8b2e5a
Reviewed-on: https://gerrit.libreoffice.org/43033
Reviewed-by: Marco Cecchetti <mrcekets@gmail.com>
Tested-by: Marco Cecchetti <mrcekets@gmail.com>
(cherry picked from commit 8f9cff124763285e0bb7cc98d96770b98367eafb)
Reviewed-on: https://gerrit.libreoffice.org/43034
2017-10-02 10:55:27 +02:00
Marco Cecchetti
ee6e64528d wsd: support for FSIZE and NOFILE system limits
The routine for handling the configuration for the max file size
limit, was wrongly using NOFILE. Now we handle both limits correctly.

Change-Id: Ie8b63617286f66af6d4eb1b35b9e4f4b28f3c2a6
Reviewed-on: https://gerrit.libreoffice.org/42803
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
Reviewed-on: https://gerrit.libreoffice.org/42811
Reviewed-by: Marco Cecchetti <mrcekets@gmail.com>
Tested-by: Marco Cecchetti <mrcekets@gmail.com>
2017-09-26 17:40:31 +02:00
Jan Holesovsky
057fd10881 No need to scare people too much.
Change-Id: I2b598b3363a73c352bda2cb6bbf0c0d208456456
Reviewed-on: https://gerrit.libreoffice.org/41291
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
2017-08-18 15:39:16 +02:00
Andras Timar
ad8bffa04a configure option to disable SECCOMP
Change-Id: I8120674b60d388a3f85190631469a112c4af9266
Reviewed-on: https://gerrit.libreoffice.org/39408
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Tested-by: Michael Meeks <michael.meeks@collabora.com>
2017-07-03 11:43:01 +02:00
Ashod Nakashian
44d8876f27 Remove data rlimit
Seems to have no effect, so gone in
favor of RLIMIT_AS (virtual memeory).

Change-Id: I210879ec9285f420c9f9839cdabf45c42d865fb3
Reviewed-on: https://gerrit.libreoffice.org/38720
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
2017-06-13 06:27:12 +02:00
Ashod Nakashian
92d29b1ce7 wsd: support setting process rlimits
Change-Id: I7117e6843d2ebc919d7d2303cc593de888cc54b1
Reviewed-on: https://gerrit.libreoffice.org/38672
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
2017-06-12 06:17:21 +02:00
Jan Holesovsky
2a2d863321 Fix build with older kernel versions.
Change-Id: I28fc6687a42ac428413d644e9fd55870cd5936fa
2017-05-02 17:24:44 +02:00
Michael Meeks
31818b7dd6 Trap rather than kill from seccomp and log invalid syscalls.
Change-Id: I319c10776476fea865dd7a95921f1b08b689e09f
2017-04-28 19:06:20 +01:00
Michael Meeks
bc31103a5d Seccomp: filter more syscalls.
Change-Id: I2cc203d48e4592c5f182e675383e96a13b87bc36
2017-04-28 17:55:14 +01:00
Michael Meeks
7f4f752667 Initial seccomp work.
Add a list of unhelpful looking system calls to improve containment.

Change-Id: I2e4bf3e0a6a752d427299728663d17120586bb10
2017-04-28 14:26:21 +01:00