diff options
Diffstat (limited to 'src/spawn.c')
| -rw-r--r-- | src/spawn.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/src/spawn.c b/src/spawn.c index 7a5736c..9816975 100644 --- a/src/spawn.c +++ b/src/spawn.c @@ -30,6 +30,10 @@ #include <windows.h> #endif +#ifdef HAVE_SYS_CAPSICUM_H +#include <sys/capsicum.h> +#endif + #include "sciteco.h" #include "interface.h" #include "undo.h" @@ -268,6 +272,20 @@ teco_state_execute_done(teco_machine_main_t *ctx, const teco_string_t *str, GErr g_autoptr(GIOChannel) stdin_chan = NULL, stdout_chan = NULL; g_auto(GStrv) argv = NULL, envp = NULL; +#ifdef HAVE_CAP_GETMODE + /* + * If we don't explicitly check for sandboxing, glib could assert + * internally and we want to detect all unexpected assertions + * in "infinite monkey"-style tests. + */ + u_int sandbox_mode; + if (G_UNLIKELY(cap_getmode(&sandbox_mode) || sandbox_mode)) { + g_set_error(error, TECO_ERROR, TECO_ERROR_FAILED, + "Forbidden in Capsicum sandbox"); + goto gerror; + } +#endif + if (!str->len || teco_string_contains(str, '\0')) { g_set_error(error, TECO_ERROR, TECO_ERROR_FAILED, "Command line must not be empty or contain null-bytes"); |