StarMirror/sandboxed-api
1
0
Fork 0
mirror of https://github.com/google/sandboxed-api.git synced 2024-03-22 13:11:30 +08:00
Code Issues Projects Releases Wiki Activity
8e5771b007
sandboxed-api/oss-internship-2020/libarchive/ld_preload_example
History
Christian Blichmann dbaf95c724 Move utility code into sandboxed_api/util 
This change should make it less confusing where utility code comes from.
Having it in two places made sense when we were debating whether to publish
Sandbox2 separately, but not any longer.

Follow-up changes will move `sandbox2/util.h` and rename the remaining
`sandbox2/util` folder.

PiperOrigin-RevId: 351601640
Change-Id: I6256845261f610e590c25e2c59851cc51da2d778
2021-01-13 09:25:52 -08:00
..
CMakeLists.txt Move utility code into sandboxed_api/util 2021-01-13 09:25:52 -08:00
minitar_main.cc Implemented requested changes 2020-10-09 13:52:17 +00:00
minitar.cc Implemented requested changes 2020-10-09 13:52:17 +00:00
minitar.h Merge pull request #65 from andreimedar:libarchive 2020-11-19 07:53:41 -08:00
README.md Merge pull request #65 from andreimedar:libarchive 2020-11-19 07:53:41 -08:00
sapi_minitar.cc Merge pull request #65 from andreimedar:libarchive 2020-11-19 07:53:41 -08:00

README.md

Sandboxing the minitar example (only the extraction function) using LD_PRELOAD

Description

Using LD_PRELOAD we can create our own functions with the same signatures as the ones from the libarchive that are called in the original code and call those instead. This example only implements the extract part of the original tool.

Structure

  • minitar_main.cc - the original main function.
  • minitar.cc and minitar.h - original functions called from main, built into a shared library.
  • The three files mentioned above are taken from the original minitar example. The only difference to the code is that the main function was separated from the rest in order to build a shared library so that when LD_PRELOAD is used we can call our custom functions.
  • sapi_minitar.cc - libarchive functions with our own implementation, built into a shared library which will be used with LD_PRELOAD.

Most of the functions simply convert the arguments to sapi::v objects and calls the sandboxed version of the function. Also, there is a custom extract implementation that also created the sandbox object. If the sandbox could be created without special arguments then this would not be needed and could be done inside of the first function called. However, in our case, the sandbox requires the file path and so we do this in the create function where we have access to that path. Aftert this, we call the original function (the "next" function symbol).

Files changed from the original libarchive sandboxed version

The only changes are in the root CMakeLists.txt:

  • add_subdirectory(ld_preload_example) to add this current folder to the build process.

  • set(CMAKE_POSITION_INDEPENDENT_CODE TRUE) to make sure that shared libraries are built with position independent code.

Usage

LD_PRELOAD= build/ld_preload_example/libminitar_preload.so build/ld_preload_example/minitar_original -xvf archive_file

Instead of the x option, t can be used as well only to print the archive entries.