Verified Commit 4bde3d79 authored by valoq's avatar valoq

seccomp implementation

parent 3093c795
......@@ -23,6 +23,10 @@ ifneq ($(WITH_SYNCTEX),0)
CPPFLAGS += -DWITH_SYNCTEX
endif
ifneq ($(WITH_SECCOMP),0)
CPPFLAGS += -DWITH_SECCOMP
endif
ifneq ($(wildcard ${VALGRIND_SUPPRESSION_FILE}),)
VALGRIND_ARGUMENTS += --suppressions=${VALGRIND_SUPPRESSION_FILE}
endif
......
......@@ -47,6 +47,10 @@ WITH_SYNCTEX ?= $(shell (${PKG_CONFIG} synctex && echo 1) || echo 0)
# To disable support for mimetype detction with libmagic set WITH_MAGIC to 0.
WITH_MAGIC ?= 1
# seccomp
# To enable support for seccomp filter set WITH_SECCOMP to 1.
WITH_SECCOMP ?= 0
# paths
PREFIX ?= /usr
MANPREFIX ?= ${PREFIX}/share/man
......@@ -116,6 +120,14 @@ LIBS += ${SYNCTEX_LIB}
endif
endif
ifneq (${WITH_SECCOMP},0)
SECCOMP_INC ?=
SECCOMP_LIB ?= -lseccomp
INCS += ${SECCOMP_INC}
LIBS += ${SECCOMP_LIB}
endif
ifneq (${PKG_CONFIG_LIBS},)
INCS += $(shell ${PKG_CONFIG} --cflags ${PKG_CONFIG_LIBS})
LIBS += $(shell ${PKG_CONFIG} --libs ${PKG_CONFIG_LIBS})
......
This diff is collapsed.
#ifndef SECCOMP_H
#define SECCOMP_H
/* basic filter */
/* this mode allows normal use */
/* only dangerous syscalls are blacklisted */
int protectedMode(void);
/* secure whitelist filter */
/* whitelist minimal syscalls only */
/* this mode does not allow to open external links or to start applications */
/* network connections are prohibited as well */
int protectedView(void);
/* strict filter before document parsing */
/* this filter is to be enabled after most of the initialisation of zathura has finished */
int strictFilter(void);
#endif
......@@ -14,6 +14,10 @@
#include "page.h"
#include "render.h"
#ifdef WITH_SECCOMP
#include "libsec.h"
#endif
struct zathura_link_s {
zathura_rectangle_t position; /**< Position of the link */
zathura_link_type_t type; /**< Link type */
......@@ -199,9 +203,14 @@ zathura_link_evaluate(zathura_t* zathura, zathura_link_t* link)
link_remote(zathura, link->target.value);
break;
case ZATHURA_LINK_URI:
#ifndef WITH_SECCOMP
if (girara_xdg_open(link->target.value) == false) {
girara_notify(zathura->ui.session, GIRARA_ERROR, _("Failed to run xdg-open."));
}
#endif
#ifdef WITH_SECCOMP
girara_notify(zathura->ui.session, GIRARA_ERROR, _("Opening external apps in protectedView Sandbox mode is not permitted"));
#endif
break;
case ZATHURA_LINK_LAUNCH:
link_launch(zathura, link);
......
......@@ -19,6 +19,11 @@
#include "synctex.h"
#endif
#ifdef WITH_SECCOMP
#include <unistd.h>
#include "libsec.h"
#endif
/* Init locale */
static void
init_locale(void)
......@@ -122,6 +127,11 @@ init_zathura(const char* config_dir, const char* data_dir,
int
main(int argc, char* argv[])
{
#ifdef WITH_SECCOMP
protectedView();
#endif
init_locale();
/* parse command line arguments */
......@@ -288,6 +298,11 @@ main(int argc, char* argv[])
goto free_and_ret;
}
#ifdef WITH_SECCOMP
/* enforce strict syscall filter before parsing the document */
strictFilter();
#endif
/* open document if passed */
if (file_idx != 0) {
if (page_number > 0) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment