mirrors/cosmopolitan
1
0
Fork 0
mirror of https://github.com/jart/cosmopolitan.git synced 2025-01-31 11:37:35 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
cosmopolitan/tool/build/lib
History
Justine Tunney 7cf66bc161 Prevent Make from talking to public Internet 
This change introduces the nointernet() function which may be called to
prevent a process and its descendants from communicating with publicly
routable Internet addresses. GNU Make has been modified to always call
this function. In the future Landlock Make will have a way to whitelist
subnets to override this behavior, or disable it entirely. Support is
available for Linux only. Our firewall does not require root access.

Calling nointernet() will return control to the caller inside a new
process that has a SECCOMP BPF filter installed, which traps network
related system calls. Your original process then becomes a permanent
ptrace() supervisor that monitors all processes and threads descending
from the returned child. Whenever a networking system call happens the
kernel will stop the process and wakes up the monitor, which then peeks
into the child memory to read the sockaddr_in to determine if it's ok.

The downside to doing this is that there can be only one supervisor at a
time using ptrace() on a process. So this firewall won't be enabled if
you run make under strace or inside gdb. It also makes testing tricky.
2022-08-12 21:51:39 -07:00
..
abp.h Add x86_64-linux-gnu emulator 2020-08-25 04:43:42 -07:00
address.c Change license 2020-12-27 17:18:44 -08:00
address.h Add The LISP Challenge 2020-10-01 01:20:13 -07:00
alu.c Change license 2020-12-27 17:18:44 -08:00
alu.h Add minor improvements and cleanup 2020-10-27 03:39:46 -07:00
apetest.c Write tests for new APE loader and fix bugs 2022-05-22 05:45:38 -07:00
argv.c Remove garbage collector macro from header (#114) 2021-03-07 20:23:29 -08:00
argv.h Make terminal ui binaries work well everywhere 2020-10-19 06:38:31 -07:00
asmdown.c Change license 2020-12-27 17:18:44 -08:00
asmdown.h Improve documentation 2020-12-27 07:02:35 -08:00
bcd.c Change license 2020-12-27 17:18:44 -08:00
bcd.h Make improvements 2020-09-14 00:02:34 -07:00
bits.h Prevent Make from talking to public Internet 2022-08-12 21:51:39 -07:00
bitscan.c Improve signal handling and math 2021-02-25 18:33:33 -08:00
bitscan.h Make improvements 2020-09-14 00:02:34 -07:00
breakpoint.c Change license 2020-12-27 17:18:44 -08:00
breakpoint.h Add pseudoteletypewriter to emulator 2020-08-29 23:51:09 -07:00
breg.c Change license 2020-12-27 17:18:44 -08:00
buffer.c Improve ZIP filesystem and change its prefix 2021-08-22 01:11:53 -07:00
buffer.h Get binaries closer to running without an o/s 2020-11-02 19:12:47 -08:00
buildlib.mk Fold LIBC_RAND into LIBC_STDIO/TINYMATH/INTRIN 2022-08-11 12:32:00 -07:00
case.h Fix bugs and have emulator emulate itself 2020-08-31 05:17:31 -07:00
cga.c Do code cleanup use duff device linenoise i/o 2022-04-22 18:56:52 -07:00
cga.h Make more improvements 2020-09-28 01:20:34 -07:00
clmul.c Productionize new APE loader and more 2021-10-02 08:27:03 -07:00
clmul.h Productionize new APE loader and more 2021-10-02 08:27:03 -07:00
cpuid.c Productionize new APE loader and more 2021-10-02 08:27:03 -07:00
cpuid.h Make improvements 2020-09-14 00:02:34 -07:00
cvt.c Prevent Make from talking to public Internet 2022-08-12 21:51:39 -07:00
cvt.h Make improvements 2020-09-14 00:02:34 -07:00
debug.c Make numerous improvements 2021-09-28 01:52:34 -07:00
demangle.c Fold LIBC_BITS into LIBC_INTRIN 2022-08-11 12:13:18 -07:00
demangle.h Add fixes performance and static web server 2020-10-05 23:11:49 -07:00
dis.c Fold LIBC_BITS into LIBC_INTRIN 2022-08-11 12:13:18 -07:00
dis.h Add minor improvements and cleanup 2020-10-27 03:39:46 -07:00
disarg.c Fold LIBC_BITS into LIBC_INTRIN 2022-08-11 12:13:18 -07:00
diself.c Make improvements 2022-03-16 13:40:10 -07:00
disinst.c Change license 2020-12-27 17:18:44 -08:00
disspec.c Make improvements 2022-03-16 13:40:10 -07:00
divmul.c Productionize new APE loader and more 2021-10-02 08:27:03 -07:00
divmul.h Add pseudoteletypewriter to emulator 2020-08-29 23:51:09 -07:00
elfwriter.c Add atomics to chibicc 2022-06-20 03:08:00 -07:00
elfwriter.h Add atomics to chibicc 2022-06-20 03:08:00 -07:00
elfwriter_cargoculting.c Change license 2020-12-27 17:18:44 -08:00
elfwriter_yoink.c Implement tree-shaking for Python sources 2021-09-05 01:20:03 -07:00
elfwriter_zip.c Fold LIBC_RAND into LIBC_STDIO/TINYMATH/INTRIN 2022-08-11 12:32:00 -07:00
endian.h Productionize new APE loader and more 2021-10-02 08:27:03 -07:00
errnos.S Support thread local storage 2022-05-16 13:20:08 -07:00
eztls.c Fold LIBC_RAND into LIBC_STDIO/TINYMATH/INTRIN 2022-08-11 12:32:00 -07:00
eztls.h Make improvements 2022-03-16 13:40:10 -07:00
fds.c Add syscalls to Blinkenlights and fix bugs 2022-05-13 13:31:21 -07:00
fds.h Prevent Make from talking to public Internet 2022-08-12 21:51:39 -07:00
flags.c Change license 2020-12-27 17:18:44 -08:00
flags.h Add minor improvements and cleanup 2020-10-27 03:39:46 -07:00
fpu.c Prevent Make from talking to public Internet 2022-08-12 21:51:39 -07:00
fpu.h Prevent Make from talking to public Internet 2022-08-12 21:51:39 -07:00
getargs.c Add MODE=optlinux build mode (#141) 2021-10-14 19:36:49 -07:00
getargs.h Improve memory safety 2021-10-13 17:27:13 -07:00
high.c Do code cleanup use duff device linenoise i/o 2022-04-22 18:56:52 -07:00
high.h Make more improvements 2020-09-28 01:20:34 -07:00
instruction.c Change noinline to dontinline (#312) 2021-11-12 15:12:18 -08:00
interner.c Fold LIBC_BITS into LIBC_INTRIN 2022-08-11 12:13:18 -07:00
interner.h Improve Python tree-shaking 2021-09-06 19:24:10 -07:00
ioports.c Improve synchronization 2022-04-15 15:31:55 -07:00
ioports.h Add x86_64-linux-gnu emulator 2020-08-25 04:43:42 -07:00
iovs.c Change license 2020-12-27 17:18:44 -08:00
iovs.h Remove more nonstandard stuff from cosmopolitan.h 2021-03-01 00:18:23 -08:00
isnocompressext.c Fold LIBC_BITS into LIBC_INTRIN 2022-08-11 12:13:18 -07:00
isnocompressext.h Undiamond Python headers 2021-08-12 14:07:40 -07:00
javadown.c Make numerous improvements 2021-09-28 01:52:34 -07:00
javadown.h finish intellisense support and sync with upstream 2021-02-03 13:50:08 -05:00
ldbl.c Prevent Make from talking to public Internet 2022-08-12 21:51:39 -07:00
ldbl.h Prevent Make from talking to public Internet 2022-08-12 21:51:39 -07:00
lines.c Add help dialog to Blinkenlights emulator 2021-02-19 17:16:17 -08:00
lines.h Add help dialog to Blinkenlights emulator 2021-02-19 17:16:17 -08:00
loader.c Fold LIBC_BITS into LIBC_INTRIN 2022-08-11 12:13:18 -07:00
loader.h Make improvements 2020-09-14 00:02:34 -07:00
machine.c Fold LIBC_RAND into LIBC_STDIO/TINYMATH/INTRIN 2022-08-11 12:32:00 -07:00
machine.h Prevent Make from talking to public Internet 2022-08-12 21:51:39 -07:00
mda.c Remove more nonstandard stuff from cosmopolitan.h 2021-03-01 00:18:23 -08:00
mda.h Make improvements 2020-09-14 00:02:34 -07:00
memory.c Add syscalls to Blinkenlights and fix bugs 2022-05-13 13:31:21 -07:00
memory.h Refactor some Blinkenlights code 2021-03-03 13:09:06 -08:00
memorymalloc.c Add syscalls to Blinkenlights and fix bugs 2022-05-13 13:31:21 -07:00
message.c Make numerous improvements 2021-09-28 01:52:34 -07:00
modrm.c Remove undefined behaviors 2021-05-16 11:16:28 -07:00
modrm.h Perform some code cleanup 2021-02-27 10:33:32 -08:00
op101.c Improve logger API (#262) 2021-09-03 21:14:26 -07:00
op101.h Add minor improvements and cleanup 2020-10-27 03:39:46 -07:00
panel.c Fold LIBC_BITS into LIBC_INTRIN 2022-08-11 12:13:18 -07:00
panel.h Add minor improvements and cleanup 2020-10-27 03:39:46 -07:00
persist.c Work around Landlock output inode in compile.com 2022-08-09 07:55:44 -07:00
persist.h finish intellisense support and sync with upstream 2021-02-03 13:50:08 -05:00
pml4t.c Improve system call support on NT 2022-04-07 20:30:04 -07:00
pml4t.h Fix missing header include 2020-11-07 00:05:25 -08:00
pml4tfmt.c WIP: Correct all typos (#498) 2022-07-20 14:01:15 -07:00
psk.c Unbloat the build 2022-08-11 00:15:29 -07:00
psk.h Secure the testing infrastructure 2021-08-07 13:22:35 -07:00
pty.c Fold LIBC_BITS into LIBC_INTRIN 2022-08-11 12:13:18 -07:00
pty.h Import C++ Standard Template Library 2022-03-22 06:41:54 -07:00
pun.h Prevent Make from talking to public Internet 2022-08-12 21:51:39 -07:00
reset.c Make numerous improvements 2021-09-28 01:52:34 -07:00
signal.c Prevent Make from talking to public Internet 2022-08-12 21:51:39 -07:00
signal.h Prevent Make from talking to public Internet 2022-08-12 21:51:39 -07:00
sse.c Prevent Make from talking to public Internet 2022-08-12 21:51:39 -07:00
sse.h Make more improvements 2020-09-28 01:20:34 -07:00
ssefloat.c Prevent Make from talking to public Internet 2022-08-12 21:51:39 -07:00
ssefloat.h Add chibicc 2020-12-06 16:20:21 -08:00
ssemov.c Make improvements 2022-04-24 10:06:05 -07:00
ssemov.h Make improvements 2020-09-14 00:02:34 -07:00
stack.c WIP: Correct all typos (#498) 2022-07-20 14:01:15 -07:00
stack.h Get binaries closer to running without an o/s 2020-11-02 19:12:47 -08:00
stats.c Change license 2020-12-27 17:18:44 -08:00
stats.h Add minor improvements and cleanup 2020-10-27 03:39:46 -07:00
string.c Remove more nonstandard stuff from cosmopolitan.h 2021-03-01 00:18:23 -08:00
string.h Make improvements 2020-09-14 00:02:34 -07:00
stripcomponents.c Experiment with making Python go faster 2021-08-18 21:57:11 -07:00
stripcomponents.h Undiamond Python headers 2021-08-12 14:07:40 -07:00
syscall.c Prevent Make from talking to public Internet 2022-08-12 21:51:39 -07:00
syscall.h Make improvements 2020-09-14 00:02:34 -07:00
throw.c Make numerous improvements 2021-09-28 01:52:34 -07:00
throw.h Add chibicc 2020-12-06 16:20:21 -08:00
time.c Improve synchronization 2022-04-15 15:31:55 -07:00
time.h Get binaries closer to running without an o/s 2020-11-02 19:12:47 -08:00
word.c Make major improvements to redbean and libraries 2021-04-18 12:34:15 -07:00
word.h Fix bugs and have emulator emulate itself 2020-08-31 05:17:31 -07:00
xlat.c Prevent Make from talking to public Internet 2022-08-12 21:51:39 -07:00
xlat.h Prevent Make from talking to public Internet 2022-08-12 21:51:39 -07:00
xlaterrno.c Make numerous improvements 2021-09-28 01:52:34 -07:00
xlaterrno.h Prevent Make from talking to public Internet 2022-08-12 21:51:39 -07:00
xmmtype.c Change license 2020-12-27 17:18:44 -08:00
xmmtype.h Add tool for viewing memory 2020-11-06 20:20:10 -08:00