Verified Commit 3f983e7a authored by valoq's avatar valoq

added sandbox options to zathurarc

parent c0bdd416
......@@ -13,6 +13,7 @@ check (for tests)
intltool
libmagic from file(1) (optional, for mime-type detection)
libsynctex from TeXLive (optional, for SyncTeX support)
libseccomp (optional, for sandbox support)
Sphinx (optional, for manpages and HTML documentation)
doxygen (optional, for HTML documentation)
breathe (optional, for HTML documentation)
......@@ -33,6 +34,9 @@ WITH_SQLITE=0 and sqlite support won't be available.
The use of magic to detect mime types is optional and can be disabled by setting
WITH_MAGIC=0.
The use of seccomp to create a sandboxed environment is optional and can be disabled by setting
WITH_SECCOMP=0.
If you pass these flags as a command line argument to make, you have to ensure
to pass the same flags when executing the install target.
......
......@@ -47,9 +47,9 @@ WITH_SYNCTEX ?= $(shell (${PKG_CONFIG} synctex && echo 1) || echo 0)
# To disable support for mimetype detction with libmagic set WITH_MAGIC to 0.
WITH_MAGIC ?= 1
# seccomp
# To enable support for seccomp filter set WITH_SECCOMP to 1.
WITH_SECCOMP ?= 0
# seccomp sandbox
# To disable support for seccomp filter set WITH_SECCOMP to 0.
WITH_SECCOMP ?= 1
# paths
PREFIX ?= /usr
......
......@@ -185,6 +185,8 @@ config_load_default(zathura_t* zathura)
girara_setting_add(gsession, "index-active-fg", "#232323", STRING, true, _("Index mode foreground color (active element)"), NULL, NULL);
girara_setting_add(gsession, "index-active-bg", "#9FBC00", STRING, true, _("Index mode background color (active element)"), NULL, NULL);
girara_setting_add(gsession, "sandbox", "normal", STRING, true, _("Sandbox level"), NULL, NULL);
bool_value = false;
girara_setting_add(gsession, "recolor", &bool_value, BOOLEAN, false, _("Recolor pages"), cb_setting_recolor_change, NULL);
bool_value = false;
......
This diff is collapsed.
......@@ -4,13 +4,7 @@
/* basic filter */
/* this mode allows normal use */
/* only dangerous syscalls are blacklisted */
int seccomp_enable_protected_mode(void);
/* secure whitelist filter */
/* whitelist minimal syscalls only */
/* this mode does not allow to open external links or to start applications */
/* network connections are prohibited as well */
int seccomp_enable_protected_view(void);
int seccomp_enable_basic_filter(void);
/* strict filter before document parsing */
/* this filter is to be enabled after most of the initialisation of zathura has finished */
......
......@@ -135,6 +135,10 @@ zathura_link_evaluate(zathura_t* zathura, zathura_link_t* link)
bool link_zoom = true;
girara_setting_get(zathura->ui.session, "link-zoom", &link_zoom);
/* required below to prevent opening hyperlinks in strict sandbox mode */
char* sandbox = NULL;
girara_setting_get(zathura->ui.session, "sandbox", &sandbox);
switch (link->type) {
case ZATHURA_LINK_GOTO_DEST:
if (link->target.destination_type != ZATHURA_LINK_DESTINATION_UNKNOWN) {
......@@ -203,13 +207,13 @@ zathura_link_evaluate(zathura_t* zathura, zathura_link_t* link)
link_remote(zathura, link->target.value);
break;
case ZATHURA_LINK_URI:
#ifndef WITH_SECCOMP
if (girara_xdg_open(link->target.value) == false) {
girara_notify(zathura->ui.session, GIRARA_ERROR, _("Failed to run xdg-open."));
if (g_strcmp0(sandbox, "strict") == 0) {
girara_notify(zathura->ui.session, GIRARA_ERROR, _("Opening external applications in strict sandbox mode is not permitted"));
} else {
if (girara_xdg_open(link->target.value) == false) {
girara_notify(zathura->ui.session, GIRARA_ERROR, _("Failed to run xdg-open."));
}
}
#else
girara_notify(zathura->ui.session, GIRARA_ERROR, _("Opening external apps in protectedView Sandbox mode is not permitted"));
#endif
break;
case ZATHURA_LINK_LAUNCH:
link_launch(zathura, link);
......
......@@ -127,10 +127,6 @@ int
main(int argc, char* argv[])
{
#ifdef WITH_SECCOMP
seccomp_enable_protected_view();
#endif
init_locale();
/* parse command line arguments */
......@@ -298,8 +294,20 @@ main(int argc, char* argv[])
}
#ifdef WITH_SECCOMP
/* enforce strict syscall filter before parsing the document */
seccomp_enable_strict_filter();
char* sandbox = NULL;
girara_setting_get(zathura->ui.session, "sandbox", &sandbox);
if (g_strcmp0(sandbox, "none") == 0) {
girara_debug("Sandbox deactivated.");
} else if (g_strcmp0(sandbox, "normal") == 0) {
girara_debug("Basic sandbox allowing normal operation.");
seccomp_enable_basic_filter();
} else if (g_strcmp0(sandbox, "strict") == 0) {
girara_debug("Strict sandbox preventing write and network access.");
seccomp_enable_strict_filter();
}
#endif
/* open document if passed */
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment