diff options
| author | Kartik K. Agaram <vc@akkartik.com> | 2021-12-24 10:39:06 -0800 |
|---|---|---|
| committer | Kartik K. Agaram <vc@akkartik.com> | 2021-12-24 10:39:06 -0800 |
| commit | e2846d9a558330c4f5e4053cd2d09c104d6beef4 (patch) | |
| tree | 4c845453409cf835b802246a0ac4b37ccbfda273 | |
| parent | 47e42241e7b50ff3a49bf379f8469dbfbf86020b (diff) | |
| download | teliva-e2846d9a558330c4f5e4053cd2d09c104d6beef4.tar.gz | |
stop futzing around and start sandboxing
| -rw-r--r-- | sandboxing/README.md | 39 | ||||
| -rw-r--r-- | sandboxing/includes | 627 | ||||
| -rw-r--r-- | sandboxing/system_includes | 220 | ||||
| -rw-r--r-- | sandboxing/unique_system_includes | 51 |
4 files changed, 937 insertions, 0 deletions
diff --git a/sandboxing/README.md b/sandboxing/README.md new file mode 100644 index 0000000..50bf0a0 --- /dev/null +++ b/sandboxing/README.md @@ -0,0 +1,39 @@ +This directory includes some working notes to audit the entire Teliva codebase +for side-effects that should be gated/sandboxed. + +Founding principle for this approach: Side-effects come from the OS. There can +be no effects visible outside a Unix process (regardless of language) if it +doesn't invoke any OS syscalls. + +## Top down + +Things to secure: +* files opened (for read/write) on file system +* what gets written to files on file system +* destinations opened (for read/write) on network + * `inet_tryconnect` // `socket_connect` + * `inet_tryaccept` // `socket_accept` +* what gets written to network + * `socket_send`, `socket_sendto` + * `socket_recv`, `socket_recvfrom` + +## Bottom up + +* `includes`: all `#include`s throughout the codebase. I assume that C the + language itself can't have any side effects that impact other programs on + the computer. + ``` + cd src + grep '#include' * */* > ../sandboxing/includes + ``` +* `system_includes`: all `#include <...>`s throughout the codebase. I assume + side-effects require going outside the codebase. `#include`s could smuggle + out of the codebase using relative paths (`../`) but I assume it's easy to + protect against this using code review. + ``` + grep '<' sandboxing/includes > sandboxing/system_includes + ``` +* `unique_system_includes`: deduped + ``` + sed 's/.*<\|>.*//g' sandboxing/system_includes |sort |uniq > sandboxing/unique_system_includes + ``` diff --git a/sandboxing/includes b/sandboxing/includes new file mode 100644 index 0000000..1ae39d0 --- /dev/null +++ b/sandboxing/includes @@ -0,0 +1,627 @@ +kilo.c:#include <assert.h> +kilo.c:#include <ncurses.h> +kilo.c:#include <stdlib.h> +kilo.c:#include <stdio.h> +kilo.c:#include <stdint.h> +kilo.c:#include <errno.h> +kilo.c:#include <string.h> +kilo.c:#include <ctype.h> +kilo.c:#include <time.h> +kilo.c:#include <sys/types.h> +kilo.c:#include <sys/time.h> +kilo.c:#include <unistd.h> +kilo.c:#include <fcntl.h> +kilo.c:#include "lua.h" +kilo.c:#include "teliva.h" +lapi.c:#include <assert.h> +lapi.c:#include <math.h> +lapi.c:#include <stdarg.h> +lapi.c:#include <string.h> +lapi.c:#include "lua.h" +lapi.c:#include "lapi.h" +lapi.c:#include "ldebug.h" +lapi.c:#include "ldo.h" +lapi.c:#include "lfunc.h" +lapi.c:#include "lgc.h" +lapi.c:#include "lmem.h" +lapi.c:#include "lobject.h" +lapi.c:#include "lstate.h" +lapi.c:#include "lstring.h" +lapi.c:#include "ltable.h" +lapi.c:#include "ltm.h" +lapi.c:#include "lundump.h" +lapi.c:#include "lvm.h" +lapi.h:#include "lobject.h" +lauxlib.c:#include <ctype.h> +lauxlib.c:#include <errno.h> +lauxlib.c:#include <stdarg.h> +lauxlib.c:#include <stdio.h> +lauxlib.c:#include <stdlib.h> +lauxlib.c:#include <string.h> +lauxlib.c:#include "lua.h" +lauxlib.c:#include "lauxlib.h" +lauxlib.h:#include <stddef.h> +lauxlib.h:#include <stdio.h> +lauxlib.h:#include "lua.h" +lbaselib.c:#include <ctype.h> +lbaselib.c:#include <ncurses.h> +lbaselib.c:#include <stdio.h> +lbaselib.c:#include <stdlib.h> +lbaselib.c:#include <string.h> +lbaselib.c:#include "lua.h" +lbaselib.c:#include "lauxlib.h" +lbaselib.c:#include "lualib.h" +lcode.c:#include <stdlib.h> +lcode.c:#include "lua.h" +lcode.c:#include "lcode.h" +lcode.c:#include "ldebug.h" +lcode.c:#include "ldo.h" +lcode.c:#include "lgc.h" +lcode.c:#include "llex.h" +lcode.c:#include "lmem.h" +lcode.c:#include "lobject.h" +lcode.c:#include "lopcodes.h" +lcode.c:#include "lparser.h" +lcode.c:#include "ltable.h" +lcode.h:#include "llex.h" +lcode.h:#include "lobject.h" +lcode.h:#include "lopcodes.h" +lcode.h:#include "lparser.h" +ldblib.c:#include <stdio.h> +ldblib.c:#include <stdlib.h> +ldblib.c:#include <string.h> +ldblib.c:#include "lua.h" +ldblib.c:#include "lauxlib.h" +ldblib.c:#include "lualib.h" +ldebug.c:#include <stdarg.h> +ldebug.c:#include <stddef.h> +ldebug.c:#include <string.h> +ldebug.c:#include "lua.h" +ldebug.c:#include "lapi.h" +ldebug.c:#include "lcode.h" +ldebug.c:#include "ldebug.h" +ldebug.c:#include "ldo.h" +ldebug.c:#include "lfunc.h" +ldebug.c:#include "lobject.h" +ldebug.c:#include "lopcodes.h" +ldebug.c:#include "lstate.h" +ldebug.c:#include "lstring.h" +ldebug.c:#include "ltable.h" +ldebug.c:#include "ltm.h" +ldebug.c:#include "lvm.h" +ldebug.h:#include "lstate.h" +ldo.c:#include <setjmp.h> +ldo.c:#include <stdio.h> +ldo.c:#include <stdlib.h> +ldo.c:#include <string.h> +ldo.c:#include "lua.h" +ldo.c:#include "ldebug.h" +ldo.c:#include "ldo.h" +ldo.c:#include "lfunc.h" +ldo.c:#include "lgc.h" +ldo.c:#include "lmem.h" +ldo.c:#include "lobject.h" +ldo.c:#include "lopcodes.h" +ldo.c:#include "lparser.h" +ldo.c:#include "lstate.h" +ldo.c:#include "lstring.h" +ldo.c:#include "ltable.h" +ldo.c:#include "ltm.h" +ldo.c:#include "lundump.h" +ldo.c:#include "lvm.h" +ldo.c:#include "lzio.h" +ldo.h:#include "lobject.h" +ldo.h:#include "lstate.h" +ldo.h:#include "lzio.h" +ldump.c:#include <stddef.h> +ldump.c:#include "lua.h" +ldump.c:#include "lobject.h" +ldump.c:#include "lstate.h" +ldump.c:#include "lundump.h" +lfunc.c:#include <stddef.h> +lfunc.c:#include "lua.h" +lfunc.c:#include "lfunc.h" +lfunc.c:#include "lgc.h" +lfunc.c:#include "lmem.h" +lfunc.c:#include "lobject.h" +lfunc.c:#include "lstate.h" +lfunc.h:#include "lobject.h" +lgc.c:#include <string.h> +lgc.c:#include "lua.h" +lgc.c:#include "ldebug.h" +lgc.c:#include "ldo.h" +lgc.c:#include "lfunc.h" +lgc.c:#include "lgc.h" +lgc.c:#include "lmem.h" +lgc.c:#include "lobject.h" +lgc.c:#include "lstate.h" +lgc.c:#include "lstring.h" +lgc.c:#include "ltable.h" +lgc.c:#include "ltm.h" +lgc.h:#include "lobject.h" +linit.c:#include "lua.h" +linit.c:#include "lualib.h" +linit.c:#include "lauxlib.h" +liolib.c:#include <errno.h> +liolib.c:#include <stdio.h> +liolib.c:#include <stdlib.h> +liolib.c:#include <string.h> +liolib.c:#include "lua.h" +liolib.c:#include "lauxlib.h" +liolib.c:#include "lualib.h" +llex.c:#include <ctype.h> +llex.c:#include <locale.h> +llex.c:#include <string.h> +llex.c:#include "lua.h" +llex.c:#include "ldo.h" +llex.c:#include "llex.h" +llex.c:#include "lobject.h" +llex.c:#include "lparser.h" +llex.c:#include "lstate.h" +llex.c:#include "lstring.h" +llex.c:#include "ltable.h" +llex.c:#include "lzio.h" +llex.h:#include "lobject.h" +llex.h:#include "lzio.h" +llimits.h:#include <limits.h> +llimits.h:#include <stddef.h> +llimits.h:#include "lua.h" +lmathlib.c:#include <stdlib.h> +lmathlib.c:#include <math.h> +lmathlib.c:#include "lua.h" +lmathlib.c:#include "lauxlib.h" +lmathlib.c:#include "lualib.h" +lmem.c:#include <stddef.h> +lmem.c:#include "lua.h" +lmem.c:#include "ldebug.h" +lmem.c:#include "ldo.h" +lmem.c:#include "lmem.h" +lmem.c:#include "lobject.h" +lmem.c:#include "lstate.h" +lmem.h:#include <stddef.h> +lmem.h:#include "llimits.h" +lmem.h:#include "lua.h" +loadlib.c:#include <stdlib.h> +loadlib.c:#include <string.h> +loadlib.c:#include "lua.h" +loadlib.c:#include "lauxlib.h" +loadlib.c:#include "lualib.h" +loadlib.c:#include <dlfcn.h> +loadlib.c:#include <windows.h> +loadlib.c:#include <mach-o/dyld.h> +lobject.c:#include <ctype.h> +lobject.c:#include <stdarg.h> +lobject.c:#include <stdio.h> +lobject.c:#include <stdlib.h> +lobject.c:#include <string.h> +lobject.c:#include "lua.h" +lobject.c:#include "ldo.h" +lobject.c:#include "lmem.h" +lobject.c:#include "lobject.h" +lobject.c:#include "lstate.h" +lobject.c:#include "lstring.h" +lobject.c:#include "lvm.h" +lobject.h:#include <stdarg.h> +lobject.h:#include "llimits.h" +lobject.h:#include "lua.h" +lopcodes.c:#include "lopcodes.h" +lopcodes.h:#include "llimits.h" +loslib.c:#include <errno.h> +loslib.c:#include <locale.h> +loslib.c:#include <stdlib.h> +loslib.c:#include <string.h> +loslib.c:#include <time.h> +loslib.c:#include "lua.h" +loslib.c:#include "lauxlib.h" +loslib.c:#include "lualib.h" +lparser.c:#include <string.h> +lparser.c:#include "lua.h" +lparser.c:#include "lcode.h" +lparser.c:#include "ldebug.h" +lparser.c:#include "ldo.h" +lparser.c:#include "lfunc.h" +lparser.c:#include "llex.h" +lparser.c:#include "lmem.h" +lparser.c:#include "lobject.h" +lparser.c:#include "lopcodes.h" +lparser.c:#include "lparser.h" +lparser.c:#include "lstate.h" +lparser.c:#include "lstring.h" +lparser.c:#include "ltable.h" +lparser.h:#include "llimits.h" +lparser.h:#include "lobject.h" +lparser.h:#include "lzio.h" +lstate.c:#include <stddef.h> +lstate.c:#include "lua.h" +lstate.c:#include "ldebug.h" +lstate.c:#include "ldo.h" +lstate.c:#include "lfunc.h" +lstate.c:#include "lgc.h" +lstate.c:#include "llex.h" +lstate.c:#include "lmem.h" +lstate.c:#include "lstate.h" +lstate.c:#include "lstring.h" +lstate.c:#include "ltable.h" +lstate.c:#include "ltm.h" +lstate.h:#include "lua.h" +lstate.h:#include "lobject.h" +lstate.h:#include "ltm.h" +lstate.h:#include "lzio.h" +lstring.c:#include <string.h> +lstring.c:#include "lua.h" +lstring.c:#include "lmem.h" +lstring.c:#include "lobject.h" +lstring.c:#include "lstate.h" +lstring.c:#include "lstring.h" +lstring.h:#include "lgc.h" +lstring.h:#include "lobject.h" +lstring.h:#include "lstate.h" +lstrlib.c:#include <ctype.h> +lstrlib.c:#include <stddef.h> +lstrlib.c:#include <stdio.h> +lstrlib.c:#include <stdlib.h> +lstrlib.c:#include <string.h> +lstrlib.c:#include "lua.h" +lstrlib.c:#include "lauxlib.h" +lstrlib.c:#include "lualib.h" +ltable.c:#include <math.h> +ltable.c:#include <string.h> +ltable.c:#include "lua.h" +ltable.c:#include "ldebug.h" +ltable.c:#include "ldo.h" +ltable.c:#include "lgc.h" +ltable.c:#include "lmem.h" +ltable.c:#include "lobject.h" +ltable.c:#include "lstate.h" +ltable.c:#include "ltable.h" +ltable.h:#include "lobject.h" +ltablib.c:#include <stddef.h> +ltablib.c:#include "lua.h" +ltablib.c:#include "lauxlib.h" +ltablib.c:#include "lualib.h" +ltm.c:#include <string.h> +ltm.c:#include "lua.h" +ltm.c:#include "lobject.h" +ltm.c:#include "lstate.h" +ltm.c:#include "lstring.h" +ltm.c:#include "ltable.h" +ltm.c:#include "ltm.h" +ltm.h:#include "lobject.h" +lua.c:#include <assert.h> +lua.c:#include <ctype.h> +lua.c:#include <fcntl.h> +lua.c:#include <locale.h> +lua.c:#include <ncurses.h> +lua.c:#include <signal.h> +lua.c:#include <stdio.h> +lua.c:#include <stdlib.h> +lua.c:#include <string.h> +lua.c:#include <time.h> +lua.c:#include <unistd.h> +lua.c:#include "lua.h" +lua.c:#include "teliva.h" +lua.c:#include "lauxlib.h" +lua.c:#include "lualib.h" +lua.h:#include <stdarg.h> +lua.h:#include <stddef.h> +lua.h:#include "luaconf.h" +lua.h:#include LUA_USER_H +luaconf.h:#include <limits.h> +luaconf.h:#include <stddef.h> +luaconf.h:#include <assert.h> +luaconf.h:#include <math.h> +luaconf.h:#include <unistd.h> +luaconf.h:#include <stdio.h> +lualib.h:#include "lua.h" +lundump.c:#include <string.h> +lundump.c:#include "lua.h" +lundump.c:#include "ldebug.h" +lundump.c:#include "ldo.h" +lundump.c:#include "lfunc.h" +lundump.c:#include "lmem.h" +lundump.c:#include "lobject.h" +lundump.c:#include "lstring.h" +lundump.c:#include "lundump.h" +lundump.c:#include "lzio.h" +lundump.h:#include "lobject.h" +lundump.h:#include "lzio.h" +lvm.c:#include <stdio.h> +lvm.c:#include <stdlib.h> +lvm.c:#include <string.h> +lvm.c:#include "lua.h" +lvm.c:#include "ldebug.h" +lvm.c:#include "ldo.h" +lvm.c:#include "lfunc.h" +lvm.c:#include "lgc.h" +lvm.c:#include "lobject.h" +lvm.c:#include "lopcodes.h" +lvm.c:#include "lstate.h" +lvm.c:#include "lstring.h" +lvm.c:#include "ltable.h" +lvm.c:#include "ltm.h" +lvm.c:#include "lvm.h" +lvm.h:#include "ldo.h" +lvm.h:#include "lobject.h" +lvm.h:#include "ltm.h" +lzio.c:#include <string.h> +lzio.c:#include "lua.h" +lzio.c:#include "llimits.h" +lzio.c:#include "lmem.h" +lzio.c:#include "lstate.h" +lzio.c:#include "lzio.h" +lzio.h:#include "lua.h" +lzio.h:#include "lmem.h" +menu.c:#include <ncurses.h> +menu.c:#include <string.h> +menu.c:#include "lua.h" +menu.c:#include "lauxlib.h" +menu.c:#include "teliva.h" +tlv.c:#include <assert.h> +tlv.c:#include <ncurses.h> +tlv.c:#include <stdio.h> +tlv.c:#include <stdlib.h> +tlv.c:#include <string.h> +tlv.c:#include <strings.h> +tlv.c:#include "lua.h" +tlv.c:#include "lauxlib.h" +lcurses/_helpers.c:#include <errno.h> +lcurses/_helpers.c:#include <grp.h> +lcurses/_helpers.c:#include <pwd.h> +lcurses/_helpers.c:#include <stdlib.h> +lcurses/_helpers.c:#include <string.h> +lcurses/_helpers.c:#include <sys/stat.h> +lcurses/_helpers.c:#include <unistd.h> +lcurses/_helpers.c:#include <ncurses.h> +lcurses/_helpers.c:#include <term.h> +lcurses/_helpers.c:#include "../lua.h" +lcurses/_helpers.c:#include "../lualib.h" +lcurses/_helpers.c:#include "../lauxlib.h" +lcurses/chstr.c:#include "_helpers.c" +lcurses/compat-5.2.c:#include <errno.h> +lcurses/compat-5.2.c:#include <string.h> +lcurses/compat-5.2.c:#include "../lua.h" +lcurses/compat-5.2.c:#include "../lauxlib.h" +lcurses/compat-5.2.c:#include "compat-5.2.h" +lcurses/compat-5.2.c:#include <limits.h> +lcurses/compat-5.2.c:#include <math.h> +lcurses/compat-5.2.h:#include <stddef.h> +lcurses/compat-5.2.h:#include <string.h> +lcurses/compat-5.2.h:#include <stdio.h> +lcurses/compat-5.2.h:#include "../lua.h" +lcurses/compat-5.2.h:#include "../lauxlib.h" +lcurses/compat-5.2.h:#include "../lualib.h" +lcurses/compat-5.2.h:#include <limits.h> +lcurses/curses.c:#include "_helpers.c" +lcurses/curses.c:#include "strlcpy.c" +lcurses/curses.c:#include "chstr.c" +lcurses/curses.c:#include "window.c" +lcurses/strlcpy.c:#include <sys/types.h> +lcurses/strlcpy.c:#include <string.h> +lcurses/window.c:#include "../teliva.h" +lcurses/window.c:#include "_helpers.c" +lcurses/window.c:#include "chstr.c" +luasec/compat.h:#include <openssl/ssl.h> +luasec/config.c:#include "compat.h" +luasec/config.c:#include "options.h" +luasec/config.c:#include "ec.h" +luasec/context.c:#include <string.h> +luasec/context.c:#include <windows.h> +luasec/context.c:#include <openssl/ssl.h> +luasec/context.c:#include <openssl/err.h> +luasec/context.c:#include <openssl/x509.h> +luasec/context.c:#include <openssl/x509v3.h> +luasec/context.c:#include <openssl/dh.h> +luasec/context.c:#include "../lua.h" +luasec/context.c:#include "../lauxlib.h" +luasec/context.c:#include "compat.h" +luasec/context.c:#include "context.h" +luasec/context.c:#include "options.h" +luasec/context.c:#include <openssl/ec.h> +luasec/context.c:#include "ec.h" +luasec/context.h:#include "../lua.h" +luasec/context.h:#include <openssl/ssl.h> +luasec/context.h:#include "compat.h" +luasec/ec.c:#include <openssl/objects.h> +luasec/ec.c:#include "ec.h" +luasec/ec.h:#include "../lua.h" +luasec/ec.h:#include <openssl/ec.h> +luasec/options.c:#include <openssl/ssl.h> +luasec/options.c:#include "options.h" +luasec/options.h:#include "compat.h" +luasec/options.lua:#include <openssl/ssl.h> +luasec/options.lua:#include "options.h" +luasec/ssl.c:#include <errno.h> +luasec/ssl.c:#include <string.h> +luasec/ssl.c:#include <winsock2.h> +luasec/ssl.c:#include <openssl/ssl.h> +luasec/ssl.c:#include <openssl/x509v3.h> +luasec/ssl.c:#include <openssl/x509_vfy.h> +luasec/ssl.c:#include <openssl/err.h> +luasec/ssl.c:#include <openssl/dh.h> +luasec/ssl.c:#include "../lua.h" +luasec/ssl.c:#include "../lauxlib.h" +luasec/ssl.c:#include "../luasocket/io.h" +luasec/ssl.c:#include "../luasocket/buffer.h" +luasec/ssl.c:#include "../luasocket/timeout.h" +luasec/ssl.c:#include "../luasocket/socket.h" +luasec/ssl.c:#include "x509.h" +luasec/ssl.c:#include "context.h" +luasec/ssl.c:#include "ssl.h" +luasec/ssl.h:#include <openssl/ssl.h> +luasec/ssl.h:#include "../lua.h" +luasec/ssl.h:#include "../luasocket/io.h" +luasec/ssl.h:#include "../luasocket/buffer.h" +luasec/ssl.h:#include "../luasocket/timeout.h" +luasec/ssl.h:#include "../luasocket/socket.h" +luasec/ssl.h:#include "compat.h" +luasec/ssl.h:#include "context.h" +luasec/x509.c:#include <stdio.h> +luasec/x509.c:#include <string.h> +luasec/x509.c:#include <ws2tcpip.h> +luasec/x509.c:#include <windows.h> +luasec/x509.c:#include <sys/types.h> +luasec/x509.c:#include <sys/socket.h> +luasec/x509.c:#include <netinet/in.h> +luasec/x509.c:#include <arpa/inet.h> +luasec/x509.c:#include <openssl/ssl.h> +luasec/x509.c:#include <openssl/x509v3.h> +luasec/x509.c:#include <openssl/evp.h> +luasec/x509.c:#include <openssl/err.h> +luasec/x509.c:#include <openssl/asn1.h> +luasec/x509.c:#include <openssl/bio.h> +luasec/x509.c:#include <openssl/bn.h> +luasec/x509.c:#include "../lua.h" +luasec/x509.c:#include "../lauxlib.h" +luasec/x509.c:#include "x509.h" +luasec/x509.h:#include <openssl/x509v3.h> +luasec/x509.h:#include "../lua.h" +luasec/x509.h:#include "compat.h" +luasocket/auxiliar.c:#include "luasocket.h" +luasocket/auxiliar.c:#include "auxiliar.h" +luasocket/auxiliar.c:#include <string.h> +luasocket/auxiliar.c:#include <stdio.h> +luasocket/auxiliar.h:#include "luasocket.h" +luasocket/buffer.c:#include "luasocket.h" +luasocket/buffer.c:#include "buffer.h" +luasocket/buffer.h:#include "luasocket.h" +luasocket/buffer.h:#include "io.h" +luasocket/buffer.h:#include "timeout.h" +luasocket/compat.c:#include "luasocket.h" +luasocket/compat.c:#include "compat.h" +luasocket/except.c:#include "luasocket.h" +luasocket/except.c:#include "except.h" +luasocket/except.c:#include <stdio.h> +luasocket/except.h:#include "luasocket.h" +luasocket/inet.c:#include "luasocket.h" +luasocket/inet.c:#include "inet.h" +luasocket/inet.c:#include <stdio.h> +luasocket/inet.c:#include <stdlib.h> +luasocket/inet.c:#include <string.h> +luasocket/inet.h:#include "luasocket.h" +luasocket/inet.h:#include "socket.h" +luasocket/inet.h:#include "timeout.h" +luasocket/io.c:#include "luasocket.h" +luasocket/io.c:#include "io.h" +luasocket/io.h:#include "luasocket.h" +luasocket/io.h:#include "timeout.h" +luasocket/luasocket.c:#include "luasocket.h" +luasocket/luasocket.c:#include "auxiliar.h" +luasocket/luasocket.c:#include "except.h" +luasocket/luasocket.c:#include "timeout.h" +luasocket/luasocket.c:#include "buffer.h" +luasocket/luasocket.c:#include "inet.h" +luasocket/luasocket.c:#include "tcp.h" +luasocket/luasocket.c:#include "udp.h" +luasocket/luasocket.c:#include "select.h" +luasocket/luasocket.h:#include "../lua.h" +luasocket/luasocket.h:#include "../lauxlib.h" +luasocket/luasocket.h:#include "compat.h" +luasocket/mime.c:#include "luasocket.h" +luasocket/mime.c:#include "mime.h" +luasocket/mime.c:#include <string.h> +luasocket/mime.c:#include <ctype.h> +luasocket/mime.h:#include "luasocket.h" +luasocket/options.c:#include "luasocket.h" +luasocket/options.c:#include "auxiliar.h" +luasocket/options.c:#include "options.h" +luasocket/options.c:#include "inet.h" +luasocket/options.c:#include <string.h> +luasocket/options.h:#include "luasocket.h" +luasocket/options.h:#include "socket.h" +luasocket/select.c:#include "luasocket.h" +luasocket/select.c:#include "socket.h" +luasocket/select.c:#include "timeout.h" +luasocket/select.c:#include "select.h" +luasocket/select.c:#include <string.h> +luasocket/serial.c:#include "luasocket.h" +luasocket/serial.c:#include "auxiliar.h" +luasocket/serial.c:#include "socket.h" +luasocket/serial.c:#include "options.h" +luasocket/serial.c:#include "unix.h" +luasocket/serial.c:#include <string.h> +luasocket/serial.c:#include <sys/un.h> +luasocket/socket.h:#include "io.h" +luasocket/socket.h:#include "wsocket.h" +luasocket/socket.h:#include "usocket.h" +luasocket/socket.h:#include "timeout.h" +luasocket/tcp.c:#include "luasocket.h" +luasocket/tcp.c:#include "auxiliar.h" +luasocket/tcp.c:#include "socket.h" +luasocket/tcp.c:#include "inet.h" +luasocket/tcp.c:#include "options.h" +luasocket/tcp.c:#include "tcp.h" +luasocket/tcp.c:#include <string.h> +luasocket/tcp.h:#include "luasocket.h" +luasocket/tcp.h:#include "buffer.h" +luasocket/tcp.h:#include "timeout.h" +luasocket/tcp.h:#include "socket.h" +luasocket/timeout.c:#include "luasocket.h" +luasocket/timeout.c:#include "auxiliar.h" +luasocket/timeout.c:#include "timeout.h" +luasocket/timeout.c:#include <stdio.h> +luasocket/timeout.c:#include <limits.h> +luasocket/timeout.c:#include <float.h> +luasocket/timeout.c:#include <windows.h> +luasocket/timeout.c:#include <time.h> +luasocket/timeout.c:#include <sys/time.h> +luasocket/timeout.h:#include "luasocket.h" +luasocket/udp.c:#include "luasocket.h" +luasocket/udp.c:#include "auxiliar.h" +luasocket/udp.c:#include "socket.h" +luasocket/udp.c:#include "inet.h" +luasocket/udp.c:#include "options.h" +luasocket/udp.c:#include "udp.h" +luasocket/udp.c:#include <string.h> +luasocket/udp.c:#include <stdlib.h> +luasocket/udp.h:#include "luasocket.h" +luasocket/udp.h:#include "timeout.h" +luasocket/udp.h:#include "socket.h" +luasocket/unix.c:#include "luasocket.h" +luasocket/unix.c:#include "unixstream.h" +luasocket/unix.c:#include "unixdgram.h" +luasocket/unix.h:#include "luasocket.h" +luasocket/unix.h:#include "buffer.h" +luasocket/unix.h:#include "timeout.h" +luasocket/unix.h:#include "socket.h" +luasocket/unixdgram.c:#include "luasocket.h" +luasocket/unixdgram.c:#include "auxiliar.h" +luasocket/unixdgram.c:#include "socket.h" +luasocket/unixdgram.c:#include "options.h" +luasocket/unixdgram.c:#include "unix.h" +luasocket/unixdgram.c:#include <string.h> +luasocket/unixdgram.c:#include <stdlib.h> +luasocket/unixdgram.c:#include <sys/un.h> +luasocket/unixdgram.h:#include "unix.h" +luasocket/unixstream.c:#include "luasocket.h" +luasocket/unixstream.c:#include "auxiliar.h" +luasocket/unixstream.c:#include "socket.h" +luasocket/unixstream.c:#include "options.h" +luasocket/unixstream.c:#include "unixstream.h" +luasocket/unixstream.c:#include <string.h> +luasocket/unixstream.c:#include <sys/un.h> +luasocket/unixstream.h:#include "unix.h" +luasocket/usocket.c:#include "luasocket.h" +luasocket/usocket.c:#include "socket.h" +luasocket/usocket.c:#include "pierror.h" +luasocket/usocket.c:#include <string.h> +luasocket/usocket.c:#include <signal.h> +luasocket/usocket.c:#include <sys/poll.h> +luasocket/usocket.h:#include <errno.h> +luasocket/usocket.h:#include <unistd.h> +luasocket/usocket.h:#include <fcntl.h> +luasocket/usocket.h:#include <sys/types.h> +luasocket/usocket.h:#include <sys/socket.h> +luasocket/usocket.h:#include <sys/time.h> +luasocket/usocket.h:#include <netdb.h> +luasocket/usocket.h:#include <signal.h> +luasocket/usocket.h:#include <netinet/in.h> +luasocket/usocket.h:#include <arpa/inet.h> +luasocket/usocket.h:#include <netinet/tcp.h> +luasocket/usocket.h:#include <net/if.h> +luasocket/usocket.h:#include <sys/poll.h> +luasocket/wsocket.c:#include "luasocket.h" +luasocket/wsocket.c:#include <string.h> +luasocket/wsocket.c:#include "socket.h" +luasocket/wsocket.c:#include "pierror.h" +luasocket/wsocket.h:#include <winsock2.h> +luasocket/wsocket.h:#include <ws2tcpip.h> diff --git a/sandboxing/system_includes b/sandboxing/system_includes new file mode 100644 index 0000000..c9ecf40 --- /dev/null +++ b/sandboxing/system_includes @@ -0,0 +1,220 @@ +kilo.c:#include <assert.h> +kilo.c:#include <ncurses.h> +kilo.c:#include <stdlib.h> +kilo.c:#include <stdio.h> +kilo.c:#include <stdint.h> +kilo.c:#include <errno.h> +kilo.c:#include <string.h> +kilo.c:#include <ctype.h> +kilo.c:#include <time.h> +kilo.c:#include <sys/types.h> +kilo.c:#include <sys/time.h> +kilo.c:#include <unistd.h> +kilo.c:#include <fcntl.h> +lapi.c:#include <assert.h> +lapi.c:#include <math.h> +lapi.c:#include <stdarg.h> +lapi.c:#include <string.h> +lauxlib.c:#include <ctype.h> +lauxlib.c:#include <errno.h> +lauxlib.c:#include <stdarg.h> +lauxlib.c:#include <stdio.h> +lauxlib.c:#include <stdlib.h> +lauxlib.c:#include <string.h> +lauxlib.h:#include <stddef.h> +lauxlib.h:#include <stdio.h> +lbaselib.c:#include <ctype.h> +lbaselib.c:#include <ncurses.h> +lbaselib.c:#include <stdio.h> +lbaselib.c:#include <stdlib.h> +lbaselib.c:#include <string.h> +lcode.c:#include <stdlib.h> +ldblib.c:#include <stdio.h> +ldblib.c:#include <stdlib.h> +ldblib.c:#include <string.h> +ldebug.c:#include <stdarg.h> +ldebug.c:#include <stddef.h> +ldebug.c:#include <string.h> +ldo.c:#include <setjmp.h> +ldo.c:#include <stdio.h> +ldo.c:#include <stdlib.h> +ldo.c:#include <string.h> +ldump.c:#include <stddef.h> +lfunc.c:#include <stddef.h> +lgc.c:#include <string.h> +liolib.c:#include <errno.h> +liolib.c:#include <stdio.h> +liolib.c:#include <stdlib.h> +liolib.c:#include <string.h> +llex.c:#include <ctype.h> +llex.c:#include <locale.h> +llex.c:#include <string.h> +llimits.h:#include <limits.h> +llimits.h:#include <stddef.h> +lmathlib.c:#include <stdlib.h> +lmathlib.c:#include <math.h> +lmem.c:#include <stddef.h> +lmem.h:#include <stddef.h> +loadlib.c:#include <stdlib.h> +loadlib.c:#include <string.h> +loadlib.c:#include <dlfcn.h> +loadlib.c:#include <windows.h> +loadlib.c:#include <mach-o/dyld.h> +lobject.c:#include <ctype.h> +lobject.c:#include <stdarg.h> +lobject.c:#include <stdio.h> +lobject.c:#include <stdlib.h> +lobject.c:#include <string.h> +lobject.h:#include <stdarg.h> +loslib.c:#include <errno.h> +loslib.c:#include <locale.h> +loslib.c:#include <stdlib.h> +loslib.c:#include <string.h> +loslib.c:#include <time.h> +lparser.c:#include <string.h> +lstate.c:#include <stddef.h> +lstring.c:#include <string.h> +lstrlib.c:#include <ctype.h> +lstrlib.c:#include <stddef.h> +lstrlib.c:#include <stdio.h> +lstrlib.c:#include <stdlib.h> +lstrlib.c:#include <string.h> +ltable.c:#include <math.h> +ltable.c:#include <string.h> +ltablib.c:#include <stddef.h> +ltm.c:#include <string.h> +lua.c:#include <assert.h> +lua.c:#include <ctype.h> +lua.c:#include <fcntl.h> +lua.c:#include <locale.h> +lua.c:#include <ncurses.h> +lua.c:#include <signal.h> +lua.c:#include <stdio.h> +lua.c:#include <stdlib.h> +lua.c:#include <string.h> +lua.c:#include <time.h> +lua.c:#include <unistd.h> +lua.h:#include <stdarg.h> +lua.h:#include <stddef.h> +luaconf.h:#include <limits.h> +luaconf.h:#include <stddef.h> +luaconf.h:#include <assert.h> +luaconf.h:#include <math.h> +luaconf.h:#include <unistd.h> +luaconf.h:#include <stdio.h> +lundump.c:#include <string.h> +lvm.c:#include <stdio.h> +lvm.c:#include <stdlib.h> +lvm.c:#include <string.h> +lzio.c:#include <string.h> +menu.c:#include <ncurses.h> +menu.c:#include <string.h> +tlv.c:#include <assert.h> +tlv.c:#include <ncurses.h> +tlv.c:#include <stdio.h> +tlv.c:#include <stdlib.h> +tlv.c:#include <string.h> +tlv.c:#include <strings.h> +lcurses/_helpers.c:#include <errno.h> +lcurses/_helpers.c:#include <grp.h> +lcurses/_helpers.c:#include <pwd.h> +lcurses/_helpers.c:#include <stdlib.h> +lcurses/_helpers.c:#include <string.h> +lcurses/_helpers.c:#include <sys/stat.h> +lcurses/_helpers.c:#include <unistd.h> +lcurses/_helpers.c:#include <ncurses.h> +lcurses/_helpers.c:#include <term.h> +lcurses/compat-5.2.c:#include <errno.h> +lcurses/compat-5.2.c:#include <string.h> +lcurses/compat-5.2.c:#include <limits.h> +lcurses/compat-5.2.c:#include <math.h> +lcurses/compat-5.2.h:#include <stddef.h> +lcurses/compat-5.2.h:#include <string.h> +lcurses/compat-5.2.h:#include <stdio.h> +lcurses/compat-5.2.h:#include <limits.h> +lcurses/strlcpy.c:#include <sys/types.h> +lcurses/strlcpy.c:#include <string.h> +luasec/compat.h:#include <openssl/ssl.h> +luasec/context.c:#include <string.h> +luasec/context.c:#include <windows.h> +luasec/context.c:#include <openssl/ssl.h> +luasec/context.c:#include <openssl/err.h> +luasec/context.c:#include <openssl/x509.h> +luasec/context.c:#include <openssl/x509v3.h> +luasec/context.c:#include <openssl/dh.h> +luasec/context.c:#include <openssl/ec.h> +luasec/context.h:#include <openssl/ssl.h> +luasec/ec.c:#include <openssl/objects.h> +luasec/ec.h:#include <openssl/ec.h> +luasec/options.c:#include <openssl/ssl.h> +luasec/options.lua:#include <openssl/ssl.h> +luasec/ssl.c:#include <errno.h> +luasec/ssl.c:#include <string.h> +luasec/ssl.c:#include <winsock2.h> +luasec/ssl.c:#include <openssl/ssl.h> +luasec/ssl.c:#include <openssl/x509v3.h> +luasec/ssl.c:#include <openssl/x509_vfy.h> +luasec/ssl.c:#include <openssl/err.h> +luasec/ssl.c:#include <openssl/dh.h> +luasec/ssl.h:#include <openssl/ssl.h> +luasec/x509.c:#include <stdio.h> +luasec/x509.c:#include <string.h> +luasec/x509.c:#include <ws2tcpip.h> +luasec/x509.c:#include <windows.h> +luasec/x509.c:#include <sys/types.h> +luasec/x509.c:#include <sys/socket.h> +luasec/x509.c:#include <netinet/in.h> +luasec/x509.c:#include <arpa/inet.h> +luasec/x509.c:#include <openssl/ssl.h> +luasec/x509.c:#include <openssl/x509v3.h> +luasec/x509.c:#include <openssl/evp.h> +luasec/x509.c:#include <openssl/err.h> +luasec/x509.c:#include <openssl/asn1.h> +luasec/x509.c:#include <openssl/bio.h> +luasec/x509.c:#include <openssl/bn.h> +luasec/x509.h:#include <openssl/x509v3.h> +luasocket/auxiliar.c:#include <string.h> +luasocket/auxiliar.c:#include <stdio.h> +luasocket/except.c:#include <stdio.h> +luasocket/inet.c:#include <stdio.h> +luasocket/inet.c:#include <stdlib.h> +luasocket/inet.c:#include <string.h> +luasocket/mime.c:#include <string.h> +luasocket/mime.c:#include <ctype.h> +luasocket/options.c:#include <string.h> +luasocket/select.c:#include <string.h> +luasocket/serial.c:#include <string.h> +luasocket/serial.c:#include <sys/un.h> +luasocket/tcp.c:#include <string.h> +luasocket/timeout.c:#include <stdio.h> +luasocket/timeout.c:#include <limits.h> +luasocket/timeout.c:#include <float.h> +luasocket/timeout.c:#include <windows.h> +luasocket/timeout.c:#include <time.h> +luasocket/timeout.c:#include <sys/time.h> +luasocket/udp.c:#include <string.h> +luasocket/udp.c:#include <stdlib.h> +luasocket/unixdgram.c:#include <string.h> +luasocket/unixdgram.c:#include <stdlib.h> +luasocket/unixdgram.c:#include <sys/un.h> +luasocket/unixstream.c:#include <string.h> +luasocket/unixstream.c:#include <sys/un.h> +luasocket/usocket.c:#include <string.h> +luasocket/usocket.c:#include <signal.h> +luasocket/usocket.c:#include <sys/poll.h> +luasocket/usocket.h:#include <errno.h> +luasocket/usocket.h:#include <unistd.h> +luasocket/usocket.h:#include <fcntl.h> +luasocket/usocket.h:#include <sys/types.h> +luasocket/usocket.h:#include <sys/socket.h> +luasocket/usocket.h:#include <sys/time.h> +luasocket/usocket.h:#include <netdb.h> +luasocket/usocket.h:#include <signal.h> +luasocket/usocket.h:#include <netinet/in.h> +luasocket/usocket.h:#include <arpa/inet.h> +luasocket/usocket.h:#include <netinet/tcp.h> +luasocket/usocket.h:#include <net/if.h> +luasocket/usocket.h:#include <sys/poll.h> +luasocket/wsocket.c:#include <string.h> +luasocket/wsocket.h:#include <winsock2.h> +luasocket/wsocket.h:#include <ws2tcpip.h> diff --git a/sandboxing/unique_system_includes b/sandboxing/unique_system_includes new file mode 100644 index 0000000..1266fb8 --- /dev/null +++ b/sandboxing/unique_system_includes @@ -0,0 +1,51 @@ +arpa/inet.h +assert.h +ctype.h +dlfcn.h +errno.h +fcntl.h +float.h +grp.h +limits.h +locale.h +mach-o/dyld.h +math.h +ncurses.h +net/if.h +netdb.h +netinet/in.h +netinet/tcp.h +openssl/asn1.h +openssl/bio.h +openssl/bn.h +openssl/dh.h +openssl/ec.h +openssl/err.h +openssl/evp.h +openssl/objects.h +openssl/ssl.h +openssl/x509.h +openssl/x509_vfy.h +openssl/x509v3.h +pwd.h +setjmp.h +signal.h +stdarg.h +stddef.h +stdint.h +stdio.h +stdlib.h +string.h +strings.h +sys/poll.h +sys/socket.h +sys/stat.h +sys/time.h +sys/types.h +sys/un.h +term.h +time.h +unistd.h +windows.h +winsock2.h +ws2tcpip.h |