From patchwork Fri Sep 23 17:24:16 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Petr Lautrbach <plautrba@redhat.com>
X-Patchwork-Id: 9348519
Return-Path: <selinux-bounces@tycho.nsa.gov>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	7E61B601C2 for <patchwork-selinux@patchwork.kernel.org>;
	Fri, 23 Sep 2016 17:26:33 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6F2D72A234
	for <patchwork-selinux@patchwork.kernel.org>;
	Fri, 23 Sep 2016 17:26:33 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 63F092AD56; Fri, 23 Sep 2016 17:26:33 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=2.0 tests=BAYES_00 autolearn=ham
	version=3.3.1
Received: from emsm-gh1-uea10.nsa.gov (emsm-gh1-uea10.nsa.gov [8.44.101.8])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 97DD12A234
	for <patchwork-selinux@patchwork.kernel.org>;
	Fri, 23 Sep 2016 17:26:32 +0000 (UTC)
X-IronPort-AV: E=Sophos;i="5.30,382,1470700800"; d="scan'208";a="17918029"
IronPort-PHdr: =?us-ascii?q?9a23=3AF9HhFBz/DkP+ox7XCy+O+j09IxM/srCxBDY+r6Qd?=
	=?us-ascii?q?0e8UIJqq85mqBkHD//Il1AaPBtSBraobwLOO7+jJYi8p2d65qncMcZhBBVcuqP?=
	=?us-ascii?q?49uEgeOvODElDxN/XwbiY3T4xoXV5h+GynYwAOQJ6tL2PbrnD61zMOABK3bVMz?=
	=?us-ascii?q?fbWvXNaNxJ3vi6ibwN76W01wnj2zYLd/fl2djD76kY0ou7ZkMbs70RDTo3FFKK?=
	=?us-ascii?q?x8zGJsIk+PzV6nvp/jtKN592xsn95pt4sZCeSpN5g/GKdVCDUgLnAd+NzgtR6F?=
	=?us-ascii?q?SxCGoHQbTDY4iB1NVjDI8Auyep7srjHwv+F9kH2COcTrUao+UBy44qtrQQOugy?=
	=?us-ascii?q?ACYW1quFrLg9B92foI6CmqoAZylsuNOIw=3D?=
X-IPAS-Result: =?us-ascii?q?A2FNBQAMZeVX/wHyM5BdHAEBBAEBCgEBgzsBAQEBAR6BU7p?=
	=?us-ascii?q?1I4dpTAEBAQEBAQEBAgECWyeCMgQDEwWCEQIEAQI3FCAOAwkBARcpCAgDAS0MC?=
	=?us-ascii?q?REOCwUYBIgqvSkBJIY3iGoRAWiFEgWZdo9eCol9hW6QZ1SDGRyBUnCFNHiBJwE?=
	=?us-ascii?q?BAQ?=
Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1])
	by emsm-gh1-uea10.nsa.gov with ESMTP; 23 Sep 2016 17:26:29 +0000
Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u8NHQQ1u016214;
	Fri, 23 Sep 2016 13:26:27 -0400
Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil
	[144.51.242.1])
	by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id
	u8NHP197197676 for <selinux@prometheus.infosec.tycho.ncsc.mil>;
	Fri, 23 Sep 2016 13:25:01 -0400
Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u8NHP1ks016040
	for <selinux@tycho.nsa.gov>; Fri, 23 Sep 2016 13:25:01 -0400
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: 
 A1CAAQCFZOVXhxy3hNFdHAYMgz0BAQEBAYFxpSmRQ4QThh4CgWJMAQIBAQEBAQITAQEBCgsJCRmFEQIBA3kQUT0aGYhLvRwBAQEHJ4Y3iWSFEgWZdo9eCo9rkGeDbRELgVI8NIdTAQEB
X-IPAS-Result: 
 A1CAAQCFZOVXhxy3hNFdHAYMgz0BAQEBAYFxpSmRQ4QThh4CgWJMAQIBAQEBAQITAQEBCgsJCRmFEQIBA3kQUT0aGYhLvRwBAQEHJ4Y3iWSFEgWZdo9eCo9rkGeDbRELgVI8NIdTAQEB
X-IronPort-AV: E=Sophos;i="5.30,382,1470715200"; d="scan'208";a="5725733"
Received: from emsm-gh1-uea10.corp.nsa.gov (HELO emsm-gh1-uea10.nsa.gov)
	([10.208.41.36])
	by goalie.tycho.ncsc.mil with ESMTP; 23 Sep 2016 13:25:00 -0400
IronPort-PHdr: =?us-ascii?q?9a23=3AcsUz8xETCh8jYoGsbcHaM51GYnF86YWxBRYc798d?=
	=?us-ascii?q?s5kLTJ75pMuwAkXT6L1XgUPTWs2DsrQf2rCQ6/+rADRcqb+681k6OKRWUBEEjc?=
	=?us-ascii?q?hE1ycBO+WiTXPBEfjxciYhF95DXlI2t1uyMExSBdqsLwaK+i760zceF13FOBZv?=
	=?us-ascii?q?IaytQ8iJ3p7xj7/5osWPKyxzxxOFKYtoKxu3qQiD/uI3uqBFbpgL9x3Sv3FTcP?=
	=?us-ascii?q?5Xz247bXianhL7+9vitMU7q3cY6Lod8JtbXKH7ebkoZaBJBzQhdWYu7YvksgeQ?=
	=?us-ascii?q?YxGI4y4kX3kM2j5BHhTf5hjxXt+lqi/zq/Zn0iCyJ8D6TbkoHz+l6vE4G1fTlC?=
	=?us-ascii?q?4bOmthoynsgctqgfcDrQ=3D=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0GoAQAMZeVXhxy3hNFdHAYMGRgNgn8BA?=
	=?us-ascii?q?QEBAYFxpSmRQ4QThh4CgWJMAQEBAQEBAQECAQIQAQEBCgsJCRkvgjIYghgCAQN?=
	=?us-ascii?q?5EFE9GhmIS70dAQEBBwIBJIY3iWSFEgWZdo9eCo9rkGeDbRELgVI8NIdTAQEB?=
X-IPAS-Result: =?us-ascii?q?A0GoAQAMZeVXhxy3hNFdHAYMGRgNgn8BAQEBAYFxpSmRQ4Q?=
	=?us-ascii?q?Thh4CgWJMAQEBAQEBAQECAQIQAQEBCgsJCRkvgjIYghgCAQN5EFE9GhmIS70dA?=
	=?us-ascii?q?QEBBwIBJIY3iWSFEgWZdo9eCo9rkGeDbRELgVI8NIdTAQEB?=
X-IronPort-AV: E=Sophos;i="5.30,382,1470700800"; d="scan'208";a="17917893"
Received: from mx1.redhat.com ([209.132.183.28])
	by emsm-gh1-uea10.nsa.gov with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
	23 Sep 2016 17:24:23 +0000
Received: from int-mx14.intmail.prod.int.phx2.redhat.com
	(int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 02DAD3138
	for <selinux@tycho.nsa.gov>; Fri, 23 Sep 2016 17:24:23 +0000 (UTC)
Received: from hulk.com ([10.40.3.79])
	by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with
	ESMTP id u8NHOKNs007824; Fri, 23 Sep 2016 13:24:22 -0400
From: Petr Lautrbach <plautrba@redhat.com>
To: selinux@tycho.nsa.gov
Subject: [PATCH 2/2] sandbox: create a new session for sandboxed processes
Date: Fri, 23 Sep 2016 19:24:16 +0200
Message-Id: <20160923172416.25050-2-plautrba@redhat.com>
In-Reply-To: <20160923172416.25050-1-plautrba@redhat.com>
References: <20160923172416.25050-1-plautrba@redhat.com>
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16
	(mx1.redhat.com [10.5.110.25]); Fri, 23 Sep 2016 17:24:23 +0000 (UTC)
X-BeenThere: selinux@tycho.nsa.gov
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Security-Enhanced Linux \(SELinux\) mailing list"
	<selinux.tycho.nsa.gov>
List-Post: <mailto:selinux@tycho.nsa.gov>
List-Help: <mailto:selinux-request@tycho.nsa.gov?subject=help>
MIME-Version: 1.0
Errors-To: selinux-bounces@tycho.nsa.gov
Sender: "Selinux" <selinux-bounces@tycho.nsa.gov>
X-Virus-Scanned: ClamAV using ClamSMTP

It helps to prevent sandboxed processes to inject arbitrary commands
into the parent.

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
 policycoreutils/sandbox/sandbox | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/policycoreutils/sandbox/sandbox b/policycoreutils/sandbox/sandbox
index 9cc13c2..07c340c 100644
--- a/policycoreutils/sandbox/sandbox
+++ b/policycoreutils/sandbox/sandbox
@@ -471,10 +471,15 @@ sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-
                     cmds += ["--"] + self.__paths
                 return subprocess.Popen(cmds).wait()
 
-            selinux.setexeccon(self.__execcon)
-            rc = subprocess.Popen(self.__cmds).wait()
-            selinux.setexeccon(None)
-            return rc
+            pid = os.fork()
+            if pid == 0:
+                rc = os.setsid()
+                if rc:
+                    return rc
+                selinux.setexeccon(self.__execcon)
+                os.execv(self.__cmds[0], self.__cmds)
+            rc = os.waitpid(pid, 0)
+            return os.WEXITSTATUS(rc[1])
 
         finally:
             for i in self.__paths: