Sanitize stdio in the sandbox process instead of the wrapper

Doing it in the wrapper messes with Electron applications that want to be able to utilize stdin. Should fix #29.
refi64 · Apr 21, 2023 · 0d88cfc · 0d88cfc
1 parent 64f6ccf
commit 0d88cfc
Show file tree

Hide file tree

Showing 2 changed files with 74 additions and 5 deletions.
diff --git a/src/sandbox/main.cc b/src/sandbox/main.cc
@@ -3,6 +3,9 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include <fcntl.h>
+#include <stdio.h>
+
 #include <algorithm>
 #include <iostream>
 #include <vector>
@@ -17,6 +20,68 @@
 using namespace zypak;
 using namespace zypak::sandbox;
 
+bool MakeStdinNull() {
+  unique_fd stdin_fd(open("/dev/null", O_RDONLY));
+  if (stdin_fd.invalid()) {
+    Errno() << "Failed to open /dev/null";
+    return false;
+  } else if (dup2(stdin_fd.get(), 0) == -1) {
+    Errno() << "Failed to dup2(/dev/null, 0)";
+    return false;
+  }
+
+  return true;
+}
+
+bool RunCatOnFd(int fd) {
+  int fds[2] = {-1, -1};
+  if (pipe(fds) == -1) {
+    Errno() << "pipe()";
+    return false;
+  }
+
+  unique_fd rd = fds[0];
+  unique_fd wr = fds[1];
+
+  pid_t pid = fork();
+  if (pid == -1) {
+    Errno() << "Failed to fork";
+    return false;
+  } else if (pid == 0) {
+    wr.reset();
+
+    if (dup2(rd.get(), STDIN_FILENO) == -1) {
+      Errno() << "Failed to dup2(reader, STDIN_FILENO)";
+      return false;
+    }
+
+    if (fd != STDOUT_FILENO) {
+      if (dup2(STDOUT_FILENO, fd) == -1) {
+        Errno() << "Failed to dup2(STDOUT_FILENO, " << fd << ")";
+        return false;
+      }
+    }
+
+    execlp("cat", "cat", NULL);
+    Errno() << "Failed to exec cat";
+  }
+
+  rd.reset();
+  if (dup2(wr.get(), fd) == -1) {
+    Errno() << "dup2(writer, " << fd << ")";
+    return false;
+  }
+
+  return true;
+}
+
+bool SanitizeStdio() {
+  // http://crbug.com/376567
+  // We do it here instead of in a wrapper script so that Electron apps that want to mess with stdin
+  // still can.
+  return MakeStdinNull() && RunCatOnFd(STDOUT_FILENO) && RunCatOnFd(STDERR_FILENO);
+}
+
 int main(int argc, char** argv) {
   DebugContext::instance()->set_name("zypak-sandbox");
   DebugContext::instance()->LoadFromEnvironment();
@@ -35,6 +100,15 @@ int main(int argc, char** argv) {
     Debug() << "XXX ignoring --adjust-oom-score " << args[1] << ' ' << args[2];
     return 0;
   } else {
+    if (!SanitizeStdio()) {
+      Log() << "Failed to sanitize stdio, quitting...";
+      return 1;
+    }
+
+    ZYPAK_ASSERT(!isatty(STDIN_FILENO), << "stdin is a TTY");
+    ZYPAK_ASSERT(!isatty(STDOUT_FILENO), << "stdout is a TTY");
+    ZYPAK_ASSERT(!isatty(STDERR_FILENO), << "stderr is a TTY");
+
     if (Env::Test(Env::kZypakZygoteStrategySpawn)) {
       if (!spawn_strategy::RunSpawnStrategy(std::move(args))) {
         return 1;

diff --git a/zypak-wrapper.sh b/zypak-wrapper.sh
@@ -9,9 +9,4 @@ else
   export ZYPAK_LIB="$self_dir/../lib"
 fi
 
-# http://crbug.com/376567
-exec < /dev/null
-exec > >(exec cat)
-exec 2> >(exec cat >&2)
-
 exec "$ZYPAK_BIN/zypak-helper" host - "$@"