diff options
Diffstat (limited to 'src/libconnect')
-rw-r--r-- | src/libconnect/Makefile.in | 25 | ||||
-rw-r--r-- | src/libconnect/libconnect.c | 66 |
2 files changed, 91 insertions, 0 deletions
diff --git a/src/libconnect/Makefile.in b/src/libconnect/Makefile.in new file mode 100644 index 000000000..5b7a8d0f1 --- /dev/null +++ b/src/libconnect/Makefile.in | |||
@@ -0,0 +1,25 @@ | |||
1 | PREFIX=@prefix@ | ||
2 | VERSION=@PACKAGE_VERSION@ | ||
3 | NAME=@PACKAGE_NAME@ | ||
4 | HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@ | ||
5 | |||
6 | H_FILE_LIST = $(sort $(wildcard *.[h])) | ||
7 | C_FILE_LIST = $(sort $(wildcard *.c)) | ||
8 | OBJS = $(C_FILE_LIST:.c=.o) | ||
9 | BINOBJS = $(foreach file, $(OBJS), $file) | ||
10 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIC -Wformat -Wformat-security | ||
11 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now | ||
12 | |||
13 | all: libconnect.so | ||
14 | |||
15 | %.o : %.c $(H_FILE_LIST) | ||
16 | $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@ | ||
17 | |||
18 | libconnect.so: $(OBJS) | ||
19 | $(CC) $(LDFLAGS) -shared -fPIC -z relro -o $@ $(OBJS) -ldl | ||
20 | |||
21 | |||
22 | clean:; rm -f $(OBJS) libconnect.so | ||
23 | |||
24 | distclean: clean | ||
25 | rm -fr Makefile | ||
diff --git a/src/libconnect/libconnect.c b/src/libconnect/libconnect.c new file mode 100644 index 000000000..18c4d81f5 --- /dev/null +++ b/src/libconnect/libconnect.c | |||
@@ -0,0 +1,66 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2014-2016 Firejail Authors | ||
3 | * | ||
4 | * This file is part of firejail project | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or modify | ||
7 | * it under the terms of the GNU General Public License as published by | ||
8 | * the Free Software Foundation; either version 2 of the License, or | ||
9 | * (at your option) any later version. | ||
10 | * | ||
11 | * This program is distributed in the hope that it will be useful, | ||
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
14 | * GNU General Public License for more details. | ||
15 | * | ||
16 | * You should have received a copy of the GNU General Public License along | ||
17 | * with this program; if not, write to the Free Software Foundation, Inc., | ||
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | ||
19 | */ | ||
20 | #define _GNU_SOURCE | ||
21 | #include <stdio.h> | ||
22 | #include <stdlib.h> | ||
23 | #include <string.h> | ||
24 | #include <dlfcn.h> | ||
25 | #include <sys/types.h> | ||
26 | #include <unistd.h> | ||
27 | #include <sys/socket.h> | ||
28 | #include <netinet/in.h> | ||
29 | #include <arpa/inet.h> | ||
30 | #include <sys/un.h> | ||
31 | #include <sys/stat.h> | ||
32 | #include <dirent.h> | ||
33 | #include <errno.h> | ||
34 | |||
35 | //#define DEBUG | ||
36 | |||
37 | //static int check_sockaddr(int sockfd, const char *call, const struct sockaddr *addr, int rv) { | ||
38 | static int check_sockaddr(const struct sockaddr *addr) { | ||
39 | if (addr->sa_family == AF_UNIX) { | ||
40 | struct sockaddr_un *a = (struct sockaddr_un *) addr; | ||
41 | if (a->sun_path[0] == '\0' && strstr(a->sun_path + 1, "X11-unix")) { | ||
42 | // printf("@%s\n", a->sun_path + 1); | ||
43 | errno = ENOENT; | ||
44 | return -1; | ||
45 | } | ||
46 | } | ||
47 | |||
48 | return 0; | ||
49 | } | ||
50 | |||
51 | // | ||
52 | // syscalls | ||
53 | // | ||
54 | |||
55 | // connect | ||
56 | typedef int (*orig_connect_t)(int sockfd, const struct sockaddr *addr, socklen_t addrlen); | ||
57 | static orig_connect_t orig_connect = NULL; | ||
58 | int connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen) { | ||
59 | if (!orig_connect) | ||
60 | orig_connect = (orig_connect_t)dlsym(RTLD_NEXT, "connect"); | ||
61 | |||
62 | if (check_sockaddr(addr) == -1) | ||
63 | return -1; | ||
64 | |||
65 | return orig_connect(sockfd, addr, addrlen); | ||
66 | } | ||