Remove c-preload compiler wrapper in favour of firejail. See #429

2025-12-27 10:33:59 -05:00 · 2019-05-16 14:30:21 -05:00
parent c327df8fc9
commit 65d9d7bc67
14 changed files with 6 additions and 221 deletions
--- a/.eslintignore
+++ b/.eslintignore
@@ -11,7 +11,6 @@ examples
 etc
 docs
 d
-c-preload

 # Autogenerated files
 lib/handlers/asm-docs.js
--- a/10
+++ b/10
@@ -28,9 +28,9 @@ debug: node-installed ## print out some useful variables
 	@echo Using npm from $(NPM)
 	@echo PATH is $(PATH)

-.PHONY: clean run test run-amazon c-preload optional-haskell-support optional-d-support optional-rust-support
+.PHONY: clean run test run-amazon optional-haskell-support optional-d-support optional-rust-support
 .PHONY: dist lint prereqs node_modules travis-dist
-prereqs: optional-haskell-support optional-d-support optional-rust-support node_modules webpack c-preload
+prereqs: optional-haskell-support optional-d-support optional-rust-support node_modules webpack
 GDC?=gdc
 DMD?=dmd
 LDC?=ldc2
@@ -77,7 +77,6 @@ webpack: $(WEBPACK)

 test: $(NODE_MODULES)  ## Runs the tests
 	$(NPM) run test
-	-$(MAKE) -C c-preload test
 	@echo Tests pass

 check: $(NODE_MODULES) test lint  ## Runs all checks required before committing
@@ -85,7 +84,7 @@ check: $(NODE_MODULES) test lint  ## Runs all checks required before committing
 clean:  ## Cleans up everything
 	rm -rf node_modules .*-updated .*-bin out static/dist static/vs
 	$(MAKE) -C d clean
-	$(MAKE) -C c-preload clean
+	$(MAKE) -C clean

 run: export NODE_ENV=LOCAL WEBPACK_ARGS="-p"
 run: prereqs  ## Runs the site normally
@@ -114,9 +113,6 @@ travis-dist: dist  ## Creates a distribution as if we were running on travis
 	mv /tmp/ce-build.tar.xz out/dist-bin/${TRAVIS_BUILD_NUMBER}.tar.xz
 	echo ${HASH} > out/dist-bin/${TRAVIS_BUILD_NUMBER}.txt

-c-preload:  ## Makes the (dreadful, to be deprecated soon) preload hooks
-	$(MAKE) -C c-preload
-
 install-git-hooks:  ## Install git hooks that will ensure code is linted and tests are run before allowing a check in
 	ln -sf $(shell pwd)/etc/scripts/pre-commit .git/hooks/pre-commit
 .PHONY: install-git-hooks
--- a/c-preload/.gitignore
+++ b/c-preload/.gitignore
@@ -1 +0,0 @@
-libpreload.so
--- a/c-preload/Makefile
+++ b/c-preload/Makefile
@@ -1,27 +0,0 @@
-ifeq (FreeBSD,$(shell uname -s))
-    LDL :=
-else
-    LDL := -ldl
-endif
-
-all: libpreload.so
-
-libpreload.so: preload.c
-	$(CC) -std=c99 -shared -O1 -fPIC $^ -o $@ $(LDL)
-
-.PHONY: test clean
-test: libpreload.so
-	-@rm -f /tmp/allowed
-	cat tests/testfile | ./compiler-wrapper g++ -std=c++0x -S -o /tmp/allowed -x c++ -
-	@if [ ! -s /tmp/allowed ]; then echo "/tmp/allowed should exist"; false; fi
-	-@rm -f /tmp/allowed
-	cat tests/bad-includes | ./compiler-wrapper g++ -std=c++0x -S -o /tmp/allowed -x c++ - 2>&1 | grep denied
-	cat tests/bad-includes2 | ./compiler-wrapper g++ -std=c++0x -S -o /tmp/allowed -x c++ - 2>&1 | grep denied
-	cat tests/bad-includes3 | ./compiler-wrapper g++ -std=c++0x -S -o /tmp/allowed -x c++ - 2>&1 | grep denied
-	@if [ -s /tmp/allowed ]; then echo "/tmp/allowed should not exist"; false; fi
-	-@rm -f not-allowed
-	cat tests/testfile | ./compiler-wrapper g++ -std=c++0x -S -o not-allowed -x c++ - 2>&1 | grep denied
-	@if [ -e not-allowed ]; then echo "not-allowed should not exist"; false; fi
-
-clean:
-	rm -f libpreload.so
--- a/c-preload/compiler-wrapper
+++ b/c-preload/compiler-wrapper
@@ -1,21 +0,0 @@
-#!/bin/bash
-
-DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
-
-export LD_PRELOAD=${DIR}/libpreload.so
-export ALLOWED_FOR_CREATE=/tmp:/dev/null
-export ALLOWED_FOR_READ=/usr/local/include:/usr/include:/usr/lib:/lib:/lib64:/usr/msp430:/usr/arm-linux-gnueabi:/tmp:/opt/:/celibs/:/dev/urandom:/etc/lsb-release:/etc/debian_version:/proc/cpuinfo:/proc/self:/proc/self/maps:/usr/arm-linux-gnueabihf:/usr/aarch64-linux-gnu:/usr/powerpc-linux-gnu/include:/usr/lib/x86_64-linux-gnu:/usr/mips-linux-gnu:/usr/mipsel-linux-gnu:/usr/mips64-linux-gnuabi64:/usr/mips64el-linux-gnuabi64:/gcc-explorer:/compiler-explorer:/usr/glibc-compat/lib
-export DENIED=/proc/self/cwd:/proc/self/root:/proc/self/exe
-# Wine configuration
-export DISPLAY=
-export WINEPREFIX=/tmp/wine
-export WINEDLLOVERRIDES="vcruntime140=b"
-mkdir -p /tmp/wine
-ALLOWED_FOR_READ=${ALLOWED_FOR_READ}:/usr/share/fonts:/etc/passwd
-
-# Last-gasp limits
-ulimit -m $((512 * 1024)) # RSS limit in K
-ulimit -t 10 # CPU time in seconds
-# No longer limits virtual RAM. upsets WINE and maybe related to hangs running rustc?
-
-"$@"
--- a/c-preload/preload.c
+++ b/c-preload/preload.c
@@ -1,146 +0,0 @@
-// Copyright (c) 2012-2017, Matt Godbolt
-// All rights reserved.
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions are met:
-//
-//     * Redistributions of source code must retain the above copyright notice,
-//       this list of conditions and the following disclaimer.
-//     * Redistributions in binary form must reproduce the above copyright
-//       notice, this list of conditions and the following disclaimer in the
-//       documentation and/or other materials provided with the distribution.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
-// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-// POSSIBILITY OF SUCH DAMAGE.
-
-#define _GNU_SOURCE
-#include <dlfcn.h>
-#include <stdio.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <errno.h>
-#include <limits.h>
-#include <stdlib.h>
-#include <string.h>
-#include <libgen.h>
-
-#ifndef O_CREAT
-#define O_CREAT 0100
-#endif
-
-// OS X et al doesn't have this. Rather than optionally replace it, I'd rather
-// run using this substitute function all the time.
-static const char *my_strchrnul(const char *s, int c) {
-    const char *ptr = strchr(s, c);
-    if (!ptr)
-        ptr = s + strlen(s);
-    return ptr;
-}
-
-static int allowed_match(const char* path, const char* okpath, const char *denypath,
-                         int debug) {
-    char resolvedBuf[PATH_MAX];
-    const char* resolved = path;
-    if (!strncmp(resolved, "/proc/self", 10)) {
-        // Leave references to /proc/self.* alone as its real path is different
-        // each time.
-    } else {
-        resolved = realpath(path, resolvedBuf);
-        if (resolved == NULL) {
-            return 0;
-        }
-    }
-
-    while (*denypath) {
-        const char* end = my_strchrnul(denypath, ':');
-        if (strncmp(denypath, resolved, end - denypath) == 0) goto deny;
-        denypath = end;
-        while (*denypath == ':') ++denypath;
-    }
-
-    while (*okpath) {
-        const char* end = my_strchrnul(okpath, ':');
-        if (strncmp(okpath, resolved, end - okpath) == 0) return 1;
-        okpath = end;
-        while (*okpath == ':') ++okpath;
-    }
-
-deny:
-    if (debug) {
-        fprintf(stderr, "Access to \"%s\" denied by compiler-explorer policy\n", path);
-    }
-    errno = EACCES;
-    return 0;
-}
-
-static int allowed_env(const char* pathname, const char* envvar) {
-    const char* okpath = getenv(envvar);
-    if (okpath == NULL) {
-       errno = EINVAL;
-       return 0;
-    }
-    const char* denypath = getenv("DENIED");
-    if (denypath == NULL) denypath = "";
-
-    int debug = getenv("PRELOAD_DEBUG") ? 1 : 0;
-
-    // Check file name first
-    if (allowed_match(pathname, okpath, denypath, debug)) return 1;
-
-    // Check directory name
-    char* dirpathbuf = strdup(pathname);
-    char* dirpath = dirname(dirpathbuf);
-    int dir_ok = allowed_match(dirpath, okpath, denypath, debug);
-    free(dirpathbuf);
-
-    return dir_ok;
-}
-
-static int allowed(const char* pathname, int flags) {
-    if (flags & O_CREAT)
-        return allowed_env(pathname, "ALLOWED_FOR_CREATE");
-    else
-        return allowed_env(pathname, "ALLOWED_FOR_READ");
-}
-
-int open(const char *pathname, int flags, mode_t mode) {
-    static int (*real_open)(const char*, int, mode_t) = NULL;
-    if (!real_open) real_open = dlsym(RTLD_NEXT, "open");
-
-    if (!allowed(pathname, flags)) {
-        return -1;
-    }
-
-    return real_open(pathname, flags, mode);
-}
-
-int creat(const char *pathname, mode_t mode) {
-    static int (*real_creat)(const char*, mode_t) = NULL;
-    if (!real_creat) real_creat = dlsym(RTLD_NEXT, "creat");
-
-    if (!allowed(pathname, O_CREAT)) {
-        return -1;
-    }
-
-    return real_creat(pathname, mode);
-}
-
-FILE* fopen(const char* name, const char* mode) {
-    static FILE* (*real_fopen)(const char*, const char*) = NULL;
-    if (!real_fopen) real_fopen = dlsym(RTLD_NEXT, "fopen");
-
-    if (!allowed(name, (mode[0] == 'r') ? 0 : O_CREAT)) {
-        return NULL;
-    }
-
-    return real_fopen(name, mode);
-}
--- a/c-preload/tests/bad-includes
+++ b/c-preload/tests/bad-includes
@@ -1,2 +0,0 @@
-#define DOTDOTFILE "../../../etc/shadow"
-#include DOTDOTFILE
--- a/c-preload/tests/bad-includes2
+++ b/c-preload/tests/bad-includes2
@@ -1 +0,0 @@
-#include "/proc/self/cwd/../../../../../../../../../../../../etc/passwd"
--- a/c-preload/tests/bad-includes3
+++ b/c-preload/tests/bad-includes3
@@ -1 +0,0 @@
-#include "/proc/self/root/etc/passwd"
--- a/c-preload/tests/testfile
+++ b/c-preload/tests/testfile
@@ -1,6 +0,0 @@
-// I am a test C++ program
-#include <cstdint>
-
-int foo() {
-    return 1;
-}
--- a/etc/config/compiler-explorer.amazon.properties
+++ b/etc/config/compiler-explorer.amazon.properties
@@ -4,7 +4,6 @@ cookieDomainRe=godbolt\.org|compiler-explorer\.com
 cookiePolicyEnabled=true
 privacyPolicyEnabled=true
 compileTimeoutMs=20000
-compiler-wrapper=./c-preload/compiler-wrapper
 max-asm-size=67108864
 staticMaxAgeSecs=30
 cacheConfig=InMemory(25);S3(storage.godbolt.org,cache,us-east-1)
--- a/etc/config/compiler-explorer.beta.properties
+++ b/etc/config/compiler-explorer.beta.properties
@@ -3,5 +3,3 @@ httpRoot=/beta
 urlShortenService=none
 storageSolution=s3
 motdUrl=https://s3.dualstack.us-east-1.amazonaws.com/compiler-explorer/motd/motd-beta.json
-# TODO - when we deploy new version to master, we need to move this to the amazon properties
-compiler-wrapper=
--- a/etc/config/execution.amazon.properties
+++ b/etc/config/execution.amazon.properties
@@ -1,4 +1,5 @@
 sandboxType=firejail
-wine=/opt/wine-devel/bin/wine64
-wineServer=/opt/wine-devel/bin/wineserver
+executionType=firejail
+wine=/usr/bin/wine64-stable
+wineServer=/usr/bin/wineserver-stable
 firejail=/usr/local/bin/firejail
--- a/etc/config/execution.beta.properties
+++ b/etc/config/execution.beta.properties
@@ -1,5 +1,2 @@
 sandboxType=firejail
 executionType=firejail
-# TODO - when we deploy new version to master, we need to move this to the amazon properties
-wine=/usr/bin/wine64-stable
-wineServer=/usr/bin/wineserver-stable
				`@@ -1 +0,0 @@`
				`#include "/proc/self/cwd/../../../../../../../../../../../../etc/passwd"`