From patchwork Sun May 29 23:39:14 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Etienne Champetier X-Patchwork-Id: 627556 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2001:1868:205::9]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3rHx9d3Fbhz9t43 for ; Mon, 30 May 2016 09:41:57 +1000 (AEST) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b=sU+9hHbh; dkim-atps=neutral Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux)) id 1b7AJI-00080R-9t; Sun, 29 May 2016 23:39:56 +0000 Received: from mail-wm0-x241.google.com ([2a00:1450:400c:c09::241]) by bombadil.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat Linux)) id 1b7AJA-0007w7-GY for lede-dev@lists.infradead.org; Sun, 29 May 2016 23:39:50 +0000 Received: by mail-wm0-x241.google.com with SMTP id a136so17615750wme.0 for ; Sun, 29 May 2016 16:39:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=q7STnsJw89H6R3er45I8eINb0iulDCPemW5ejD/5Npo=; b=sU+9hHbhsnCpvWETfIz2KTexzpFR2AA1iISYGF8WedJAxczweOfBH0+WfGtjQOnFyt EEnVo83pidjVrQ8Er+tD3GcMqx4EolXI5OI3Gbn7EVSO8IUG1bc4CKD29DH+iANjOF/a lHp30YlXhvIXeosvYusGF5ZPhlhgKuLSemoEE8x+22LySBMTHxSVPcg5D0uSaHy0St8V /Ba63f388TOYhw27nVbDy4pERlbCEz/YM+0muZFpMGnccubZq8x3G15qcvXy5icPnQFk xn5qOAZKsFY32TcF9a5e9Cfk/cN1vWEeHWDgIxqjz/ScDO9an3vnZXRW+wnjNWnPQAah 8aDw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=q7STnsJw89H6R3er45I8eINb0iulDCPemW5ejD/5Npo=; b=B8v5WGi5INgIWPSKUY5piGNNHqudE3PeHSdLMcQzt8moH3Aetf84oLJmyoi/+3Nhzh XqHquWlBPBUv/gOs6Oi3/WWGd+hwFRVgWhq807vk1nUWmFnyNuhgZ7RWwBHpRcJAw2+1 jDT7emKr/bfEGm+Dcz1NofnoZ5wmDcpCiJ65AGuHjg6hdaFWV0laetj6h6v/biA8rqsu q/k0/hrVOZ37mTQY2+7+PGsjpHJrKPvcPnXyrH6Yp/oVMKhfMRz1cGvGxDP9B+cjn1wg qZFZTPQVLcNuC+iGJD3jYpyL1I7CswbyI+qfdyvj9UcgcjGmX2fTopkEry1XD3ddUZn9 umuQ== X-Gm-Message-State: ALyK8tL3X18Z0eEuQ37hVTo37vmuF7BNuoMbCLNaxZEWmKcLVatc70Niuvc+9Td3LEaofQ== X-Received: by 10.28.223.132 with SMTP id w126mr7786928wmg.72.1464565167381; Sun, 29 May 2016 16:39:27 -0700 (PDT) Received: from ubuntu1404.lxcnattst (ns623510.ovh.net. [5.135.134.9]) by smtp.gmail.com with ESMTPSA id 124sm20721292wml.12.2016.05.29.16.39.26 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sun, 29 May 2016 16:39:26 -0700 (PDT) From: Etienne CHAMPETIER To: lede-dev@lists.infradead.org Date: Sun, 29 May 2016 23:39:14 +0000 Message-Id: <1464565158-18043-3-git-send-email-champetier.etienne@gmail.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1464565158-18043-1-git-send-email-champetier.etienne@gmail.com> References: <1464565158-18043-1-git-send-email-champetier.etienne@gmail.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20160529_163948_779358_ED24AC03 X-CRM114-Status: UNSURE ( 9.63 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -2.7 (--) X-Spam-Report: SpamAssassin version 3.4.0 on bombadil.infradead.org summary: Content analysis details: (-2.7 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low trust [2a00:1450:400c:c09:0:0:0:241 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (champetier.etienne[at]gmail.com) -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid Subject: [LEDE-DEV] [PATCH procd 3/7] jail: call build_envp() just before execve() X-BeenThere: lede-dev@lists.infradead.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Etienne CHAMPETIER MIME-Version: 1.0 Sender: "Lede-dev" Errors-To: lede-dev-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Signed-off-by: Etienne CHAMPETIER --- jail/jail.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/jail/jail.c b/jail/jail.c index 95d6237..e86ee14 100644 --- a/jail/jail.c +++ b/jail/jail.c @@ -230,10 +230,6 @@ and will only drop capabilities/apply seccomp filter.\n\n"); static int exec_jail(void) { - char **envp = build_envp(opts.seccomp); - if (!envp) - exit(EXIT_FAILURE); - if (opts.capabilities && drop_capabilities(opts.capabilities)) exit(EXIT_FAILURE); @@ -242,6 +238,10 @@ static int exec_jail(void) exit(EXIT_FAILURE); } + char **envp = build_envp(opts.seccomp); + if (!envp) + exit(EXIT_FAILURE); + INFO("exec-ing %s\n", *opts.jail_argv); execve(*opts.jail_argv, opts.jail_argv, envp); /* we get there only if execve fails */