From 38db6ab5be80b255fe40df715adc3b5852875cdd Mon Sep 17 00:00:00 2001
From: bptato <nincsnevem662@gmail.com>
Date: Thu, 18 Apr 2024 18:30:53 +0200
Subject: sandbox: seccomp support on Linux

We use libseccomp, which is now a semi-mandatory dependency on Linux.
(You can still build without it, but only if you pass a scary long flag
to make.)

For this to work I had to disable getTimezoneOffset, which would
otherwise call localtime_r which in turn reads in some files from
/usr/share/zoneinfo.  To allow this we would have to give unrestricted
openat(2) access to buffer processes, which is unacceptable.

(Giving websites access to the local timezone is a fingerprinting vector
so if this ever gets fixed then it should be an opt-in config setting.)

This patch also includes misc fixes to buffer cloning, and fixes the
LIBEXECDIR override in the makefile so that it is actually useful.
---
 lib/quickjs/quickjs.c | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'lib')

diff --git a/lib/quickjs/quickjs.c b/lib/quickjs/quickjs.c
index 0da7e13f..fc5a0357 100644
--- a/lib/quickjs/quickjs.c
+++ b/lib/quickjs/quickjs.c
@@ -43432,6 +43432,11 @@ static const JSCFunctionListEntry js_math_obj[] = {
    between UTC time and local time 'd' in minutes */
 static int getTimezoneOffset(int64_t time)
 {
+    /* this is a fingerprinting vector, and doesn't work with seccomp
+     * anyway because the glibc localtime_r tries to openat(2) files
+     * in /usr/share/zoneinfo. */
+    return 0;
+#if 0
     time_t ti;
     int res;
 
@@ -43478,6 +43483,7 @@ static int getTimezoneOffset(int64_t time)
     }
 #endif
     return res;
+#endif
 }
 
 #if 0
-- 
cgit 1.4.1-2-gfad0