From e2846d9a558330c4f5e4053cd2d09c104d6beef4 Mon Sep 17 00:00:00 2001 From: "Kartik K. Agaram" Date: Fri, 24 Dec 2021 10:39:06 -0800 Subject: stop futzing around and start sandboxing --- sandboxing/README.md | 39 +++ sandboxing/includes | 627 ++++++++++++++++++++++++++++++++++++++ sandboxing/system_includes | 220 +++++++++++++ sandboxing/unique_system_includes | 51 ++++ 4 files changed, 937 insertions(+) create mode 100644 sandboxing/README.md create mode 100644 sandboxing/includes create mode 100644 sandboxing/system_includes create mode 100644 sandboxing/unique_system_includes diff --git a/sandboxing/README.md b/sandboxing/README.md new file mode 100644 index 0000000..50bf0a0 --- /dev/null +++ b/sandboxing/README.md @@ -0,0 +1,39 @@ +This directory includes some working notes to audit the entire Teliva codebase +for side-effects that should be gated/sandboxed. + +Founding principle for this approach: Side-effects come from the OS. There can +be no effects visible outside a Unix process (regardless of language) if it +doesn't invoke any OS syscalls. + +## Top down + +Things to secure: +* files opened (for read/write) on file system +* what gets written to files on file system +* destinations opened (for read/write) on network + * `inet_tryconnect` // `socket_connect` + * `inet_tryaccept` // `socket_accept` +* what gets written to network + * `socket_send`, `socket_sendto` + * `socket_recv`, `socket_recvfrom` + +## Bottom up + +* `includes`: all `#include`s throughout the codebase. I assume that C the + language itself can't have any side effects that impact other programs on + the computer. + ``` + cd src + grep '#include' * */* > ../sandboxing/includes + ``` +* `system_includes`: all `#include <...>`s throughout the codebase. I assume + side-effects require going outside the codebase. `#include`s could smuggle + out of the codebase using relative paths (`../`) but I assume it's easy to + protect against this using code review. + ``` + grep '<' sandboxing/includes > sandboxing/system_includes + ``` +* `unique_system_includes`: deduped + ``` + sed 's/.*<\|>.*//g' sandboxing/system_includes |sort |uniq > sandboxing/unique_system_includes + ``` diff --git a/sandboxing/includes b/sandboxing/includes new file mode 100644 index 0000000..1ae39d0 --- /dev/null +++ b/sandboxing/includes @@ -0,0 +1,627 @@ +kilo.c:#include +kilo.c:#include +kilo.c:#include +kilo.c:#include +kilo.c:#include +kilo.c:#include +kilo.c:#include +kilo.c:#include +kilo.c:#include +kilo.c:#include +kilo.c:#include +kilo.c:#include +kilo.c:#include +kilo.c:#include "lua.h" +kilo.c:#include "teliva.h" +lapi.c:#include +lapi.c:#include +lapi.c:#include +lapi.c:#include +lapi.c:#include "lua.h" +lapi.c:#include "lapi.h" +lapi.c:#include "ldebug.h" +lapi.c:#include "ldo.h" +lapi.c:#include "lfunc.h" +lapi.c:#include "lgc.h" +lapi.c:#include "lmem.h" +lapi.c:#include "lobject.h" +lapi.c:#include "lstate.h" +lapi.c:#include "lstring.h" +lapi.c:#include "ltable.h" +lapi.c:#include "ltm.h" +lapi.c:#include "lundump.h" +lapi.c:#include "lvm.h" +lapi.h:#include "lobject.h" +lauxlib.c:#include +lauxlib.c:#include +lauxlib.c:#include +lauxlib.c:#include +lauxlib.c:#include +lauxlib.c:#include +lauxlib.c:#include "lua.h" +lauxlib.c:#include "lauxlib.h" +lauxlib.h:#include +lauxlib.h:#include +lauxlib.h:#include "lua.h" +lbaselib.c:#include +lbaselib.c:#include +lbaselib.c:#include +lbaselib.c:#include +lbaselib.c:#include +lbaselib.c:#include "lua.h" +lbaselib.c:#include "lauxlib.h" +lbaselib.c:#include "lualib.h" +lcode.c:#include +lcode.c:#include "lua.h" +lcode.c:#include "lcode.h" +lcode.c:#include "ldebug.h" +lcode.c:#include "ldo.h" +lcode.c:#include "lgc.h" +lcode.c:#include "llex.h" +lcode.c:#include "lmem.h" +lcode.c:#include "lobject.h" +lcode.c:#include "lopcodes.h" +lcode.c:#include "lparser.h" +lcode.c:#include "ltable.h" +lcode.h:#include "llex.h" +lcode.h:#include "lobject.h" +lcode.h:#include "lopcodes.h" +lcode.h:#include "lparser.h" +ldblib.c:#include +ldblib.c:#include +ldblib.c:#include +ldblib.c:#include "lua.h" +ldblib.c:#include "lauxlib.h" +ldblib.c:#include "lualib.h" +ldebug.c:#include +ldebug.c:#include +ldebug.c:#include +ldebug.c:#include "lua.h" +ldebug.c:#include "lapi.h" +ldebug.c:#include "lcode.h" +ldebug.c:#include "ldebug.h" +ldebug.c:#include "ldo.h" +ldebug.c:#include "lfunc.h" +ldebug.c:#include "lobject.h" +ldebug.c:#include "lopcodes.h" +ldebug.c:#include "lstate.h" +ldebug.c:#include "lstring.h" +ldebug.c:#include "ltable.h" +ldebug.c:#include "ltm.h" +ldebug.c:#include "lvm.h" +ldebug.h:#include "lstate.h" +ldo.c:#include +ldo.c:#include +ldo.c:#include +ldo.c:#include +ldo.c:#include "lua.h" +ldo.c:#include "ldebug.h" +ldo.c:#include "ldo.h" +ldo.c:#include "lfunc.h" +ldo.c:#include "lgc.h" +ldo.c:#include "lmem.h" +ldo.c:#include "lobject.h" +ldo.c:#include "lopcodes.h" +ldo.c:#include "lparser.h" +ldo.c:#include "lstate.h" +ldo.c:#include "lstring.h" +ldo.c:#include "ltable.h" +ldo.c:#include "ltm.h" +ldo.c:#include "lundump.h" +ldo.c:#include "lvm.h" +ldo.c:#include "lzio.h" +ldo.h:#include "lobject.h" +ldo.h:#include "lstate.h" +ldo.h:#include "lzio.h" +ldump.c:#include +ldump.c:#include "lua.h" +ldump.c:#include "lobject.h" +ldump.c:#include "lstate.h" +ldump.c:#include "lundump.h" +lfunc.c:#include +lfunc.c:#include "lua.h" +lfunc.c:#include "lfunc.h" +lfunc.c:#include "lgc.h" +lfunc.c:#include "lmem.h" +lfunc.c:#include "lobject.h" +lfunc.c:#include "lstate.h" +lfunc.h:#include "lobject.h" +lgc.c:#include +lgc.c:#include "lua.h" +lgc.c:#include "ldebug.h" +lgc.c:#include "ldo.h" +lgc.c:#include "lfunc.h" +lgc.c:#include "lgc.h" +lgc.c:#include "lmem.h" +lgc.c:#include "lobject.h" +lgc.c:#include "lstate.h" +lgc.c:#include "lstring.h" +lgc.c:#include "ltable.h" +lgc.c:#include "ltm.h" +lgc.h:#include "lobject.h" +linit.c:#include "lua.h" +linit.c:#include "lualib.h" +linit.c:#include "lauxlib.h" +liolib.c:#include +liolib.c:#include +liolib.c:#include +liolib.c:#include +liolib.c:#include "lua.h" +liolib.c:#include "lauxlib.h" +liolib.c:#include "lualib.h" +llex.c:#include +llex.c:#include +llex.c:#include +llex.c:#include "lua.h" +llex.c:#include "ldo.h" +llex.c:#include "llex.h" +llex.c:#include "lobject.h" +llex.c:#include "lparser.h" +llex.c:#include "lstate.h" +llex.c:#include "lstring.h" +llex.c:#include "ltable.h" +llex.c:#include "lzio.h" +llex.h:#include "lobject.h" +llex.h:#include "lzio.h" +llimits.h:#include +llimits.h:#include +llimits.h:#include "lua.h" +lmathlib.c:#include +lmathlib.c:#include +lmathlib.c:#include "lua.h" +lmathlib.c:#include "lauxlib.h" +lmathlib.c:#include "lualib.h" +lmem.c:#include +lmem.c:#include "lua.h" +lmem.c:#include "ldebug.h" +lmem.c:#include "ldo.h" +lmem.c:#include "lmem.h" +lmem.c:#include "lobject.h" +lmem.c:#include "lstate.h" +lmem.h:#include +lmem.h:#include "llimits.h" +lmem.h:#include "lua.h" +loadlib.c:#include +loadlib.c:#include +loadlib.c:#include "lua.h" +loadlib.c:#include "lauxlib.h" +loadlib.c:#include "lualib.h" +loadlib.c:#include +loadlib.c:#include +loadlib.c:#include +lobject.c:#include +lobject.c:#include +lobject.c:#include +lobject.c:#include +lobject.c:#include +lobject.c:#include "lua.h" +lobject.c:#include "ldo.h" +lobject.c:#include "lmem.h" +lobject.c:#include "lobject.h" +lobject.c:#include "lstate.h" +lobject.c:#include "lstring.h" +lobject.c:#include "lvm.h" +lobject.h:#include +lobject.h:#include "llimits.h" +lobject.h:#include "lua.h" +lopcodes.c:#include "lopcodes.h" +lopcodes.h:#include "llimits.h" +loslib.c:#include +loslib.c:#include +loslib.c:#include +loslib.c:#include +loslib.c:#include +loslib.c:#include "lua.h" +loslib.c:#include "lauxlib.h" +loslib.c:#include "lualib.h" +lparser.c:#include +lparser.c:#include "lua.h" +lparser.c:#include "lcode.h" +lparser.c:#include "ldebug.h" +lparser.c:#include "ldo.h" +lparser.c:#include "lfunc.h" +lparser.c:#include "llex.h" +lparser.c:#include "lmem.h" +lparser.c:#include "lobject.h" +lparser.c:#include "lopcodes.h" +lparser.c:#include "lparser.h" +lparser.c:#include "lstate.h" +lparser.c:#include "lstring.h" +lparser.c:#include "ltable.h" +lparser.h:#include "llimits.h" +lparser.h:#include "lobject.h" +lparser.h:#include "lzio.h" +lstate.c:#include +lstate.c:#include "lua.h" +lstate.c:#include "ldebug.h" +lstate.c:#include "ldo.h" +lstate.c:#include "lfunc.h" +lstate.c:#include "lgc.h" +lstate.c:#include "llex.h" +lstate.c:#include "lmem.h" +lstate.c:#include "lstate.h" +lstate.c:#include "lstring.h" +lstate.c:#include "ltable.h" +lstate.c:#include "ltm.h" +lstate.h:#include "lua.h" +lstate.h:#include "lobject.h" +lstate.h:#include "ltm.h" +lstate.h:#include "lzio.h" +lstring.c:#include +lstring.c:#include "lua.h" +lstring.c:#include "lmem.h" +lstring.c:#include "lobject.h" +lstring.c:#include "lstate.h" +lstring.c:#include "lstring.h" +lstring.h:#include "lgc.h" +lstring.h:#include "lobject.h" +lstring.h:#include "lstate.h" +lstrlib.c:#include +lstrlib.c:#include +lstrlib.c:#include +lstrlib.c:#include +lstrlib.c:#include +lstrlib.c:#include "lua.h" +lstrlib.c:#include "lauxlib.h" +lstrlib.c:#include "lualib.h" +ltable.c:#include +ltable.c:#include +ltable.c:#include "lua.h" +ltable.c:#include "ldebug.h" +ltable.c:#include "ldo.h" +ltable.c:#include "lgc.h" +ltable.c:#include "lmem.h" +ltable.c:#include "lobject.h" +ltable.c:#include "lstate.h" +ltable.c:#include "ltable.h" +ltable.h:#include "lobject.h" +ltablib.c:#include +ltablib.c:#include "lua.h" +ltablib.c:#include "lauxlib.h" +ltablib.c:#include "lualib.h" +ltm.c:#include +ltm.c:#include "lua.h" +ltm.c:#include "lobject.h" +ltm.c:#include "lstate.h" +ltm.c:#include "lstring.h" +ltm.c:#include "ltable.h" +ltm.c:#include "ltm.h" +ltm.h:#include "lobject.h" +lua.c:#include +lua.c:#include +lua.c:#include +lua.c:#include +lua.c:#include +lua.c:#include +lua.c:#include +lua.c:#include +lua.c:#include +lua.c:#include +lua.c:#include +lua.c:#include "lua.h" +lua.c:#include "teliva.h" +lua.c:#include "lauxlib.h" +lua.c:#include "lualib.h" +lua.h:#include +lua.h:#include +lua.h:#include "luaconf.h" +lua.h:#include LUA_USER_H +luaconf.h:#include +luaconf.h:#include +luaconf.h:#include +luaconf.h:#include +luaconf.h:#include +luaconf.h:#include +lualib.h:#include "lua.h" +lundump.c:#include +lundump.c:#include "lua.h" +lundump.c:#include "ldebug.h" +lundump.c:#include "ldo.h" +lundump.c:#include "lfunc.h" +lundump.c:#include "lmem.h" +lundump.c:#include "lobject.h" +lundump.c:#include "lstring.h" +lundump.c:#include "lundump.h" +lundump.c:#include "lzio.h" +lundump.h:#include "lobject.h" +lundump.h:#include "lzio.h" +lvm.c:#include +lvm.c:#include +lvm.c:#include +lvm.c:#include "lua.h" +lvm.c:#include "ldebug.h" +lvm.c:#include "ldo.h" +lvm.c:#include "lfunc.h" +lvm.c:#include "lgc.h" +lvm.c:#include "lobject.h" +lvm.c:#include "lopcodes.h" +lvm.c:#include "lstate.h" +lvm.c:#include "lstring.h" +lvm.c:#include "ltable.h" +lvm.c:#include "ltm.h" +lvm.c:#include "lvm.h" +lvm.h:#include "ldo.h" +lvm.h:#include "lobject.h" +lvm.h:#include "ltm.h" +lzio.c:#include +lzio.c:#include "lua.h" +lzio.c:#include "llimits.h" +lzio.c:#include "lmem.h" +lzio.c:#include "lstate.h" +lzio.c:#include "lzio.h" +lzio.h:#include "lua.h" +lzio.h:#include "lmem.h" +menu.c:#include +menu.c:#include +menu.c:#include "lua.h" +menu.c:#include "lauxlib.h" +menu.c:#include "teliva.h" +tlv.c:#include +tlv.c:#include +tlv.c:#include +tlv.c:#include +tlv.c:#include +tlv.c:#include +tlv.c:#include "lua.h" +tlv.c:#include "lauxlib.h" +lcurses/_helpers.c:#include +lcurses/_helpers.c:#include +lcurses/_helpers.c:#include +lcurses/_helpers.c:#include +lcurses/_helpers.c:#include +lcurses/_helpers.c:#include +lcurses/_helpers.c:#include +lcurses/_helpers.c:#include +lcurses/_helpers.c:#include +lcurses/_helpers.c:#include "../lua.h" +lcurses/_helpers.c:#include "../lualib.h" +lcurses/_helpers.c:#include "../lauxlib.h" +lcurses/chstr.c:#include "_helpers.c" +lcurses/compat-5.2.c:#include +lcurses/compat-5.2.c:#include +lcurses/compat-5.2.c:#include "../lua.h" +lcurses/compat-5.2.c:#include "../lauxlib.h" +lcurses/compat-5.2.c:#include "compat-5.2.h" +lcurses/compat-5.2.c:#include +lcurses/compat-5.2.c:#include +lcurses/compat-5.2.h:#include +lcurses/compat-5.2.h:#include +lcurses/compat-5.2.h:#include +lcurses/compat-5.2.h:#include "../lua.h" +lcurses/compat-5.2.h:#include "../lauxlib.h" +lcurses/compat-5.2.h:#include "../lualib.h" +lcurses/compat-5.2.h:#include +lcurses/curses.c:#include "_helpers.c" +lcurses/curses.c:#include "strlcpy.c" +lcurses/curses.c:#include "chstr.c" +lcurses/curses.c:#include "window.c" +lcurses/strlcpy.c:#include +lcurses/strlcpy.c:#include +lcurses/window.c:#include "../teliva.h" +lcurses/window.c:#include "_helpers.c" +lcurses/window.c:#include "chstr.c" +luasec/compat.h:#include +luasec/config.c:#include "compat.h" +luasec/config.c:#include "options.h" +luasec/config.c:#include "ec.h" +luasec/context.c:#include +luasec/context.c:#include +luasec/context.c:#include +luasec/context.c:#include +luasec/context.c:#include +luasec/context.c:#include +luasec/context.c:#include +luasec/context.c:#include "../lua.h" +luasec/context.c:#include "../lauxlib.h" +luasec/context.c:#include "compat.h" +luasec/context.c:#include "context.h" +luasec/context.c:#include "options.h" +luasec/context.c:#include +luasec/context.c:#include "ec.h" +luasec/context.h:#include "../lua.h" +luasec/context.h:#include +luasec/context.h:#include "compat.h" +luasec/ec.c:#include +luasec/ec.c:#include "ec.h" +luasec/ec.h:#include "../lua.h" +luasec/ec.h:#include +luasec/options.c:#include +luasec/options.c:#include "options.h" +luasec/options.h:#include "compat.h" +luasec/options.lua:#include +luasec/options.lua:#include "options.h" +luasec/ssl.c:#include +luasec/ssl.c:#include +luasec/ssl.c:#include +luasec/ssl.c:#include +luasec/ssl.c:#include +luasec/ssl.c:#include +luasec/ssl.c:#include +luasec/ssl.c:#include +luasec/ssl.c:#include "../lua.h" +luasec/ssl.c:#include "../lauxlib.h" +luasec/ssl.c:#include "../luasocket/io.h" +luasec/ssl.c:#include "../luasocket/buffer.h" +luasec/ssl.c:#include "../luasocket/timeout.h" +luasec/ssl.c:#include "../luasocket/socket.h" +luasec/ssl.c:#include "x509.h" +luasec/ssl.c:#include "context.h" +luasec/ssl.c:#include "ssl.h" +luasec/ssl.h:#include +luasec/ssl.h:#include "../lua.h" +luasec/ssl.h:#include "../luasocket/io.h" +luasec/ssl.h:#include "../luasocket/buffer.h" +luasec/ssl.h:#include "../luasocket/timeout.h" +luasec/ssl.h:#include "../luasocket/socket.h" +luasec/ssl.h:#include "compat.h" +luasec/ssl.h:#include "context.h" +luasec/x509.c:#include +luasec/x509.c:#include +luasec/x509.c:#include +luasec/x509.c:#include +luasec/x509.c:#include +luasec/x509.c:#include +luasec/x509.c:#include +luasec/x509.c:#include +luasec/x509.c:#include +luasec/x509.c:#include +luasec/x509.c:#include +luasec/x509.c:#include +luasec/x509.c:#include +luasec/x509.c:#include +luasec/x509.c:#include +luasec/x509.c:#include "../lua.h" +luasec/x509.c:#include "../lauxlib.h" +luasec/x509.c:#include "x509.h" +luasec/x509.h:#include +luasec/x509.h:#include "../lua.h" +luasec/x509.h:#include "compat.h" +luasocket/auxiliar.c:#include "luasocket.h" +luasocket/auxiliar.c:#include "auxiliar.h" +luasocket/auxiliar.c:#include +luasocket/auxiliar.c:#include +luasocket/auxiliar.h:#include "luasocket.h" +luasocket/buffer.c:#include "luasocket.h" +luasocket/buffer.c:#include "buffer.h" +luasocket/buffer.h:#include "luasocket.h" +luasocket/buffer.h:#include "io.h" +luasocket/buffer.h:#include "timeout.h" +luasocket/compat.c:#include "luasocket.h" +luasocket/compat.c:#include "compat.h" +luasocket/except.c:#include "luasocket.h" +luasocket/except.c:#include "except.h" +luasocket/except.c:#include +luasocket/except.h:#include "luasocket.h" +luasocket/inet.c:#include "luasocket.h" +luasocket/inet.c:#include "inet.h" +luasocket/inet.c:#include +luasocket/inet.c:#include +luasocket/inet.c:#include +luasocket/inet.h:#include "luasocket.h" +luasocket/inet.h:#include "socket.h" +luasocket/inet.h:#include "timeout.h" +luasocket/io.c:#include "luasocket.h" +luasocket/io.c:#include "io.h" +luasocket/io.h:#include "luasocket.h" +luasocket/io.h:#include "timeout.h" +luasocket/luasocket.c:#include "luasocket.h" +luasocket/luasocket.c:#include "auxiliar.h" +luasocket/luasocket.c:#include "except.h" +luasocket/luasocket.c:#include "timeout.h" +luasocket/luasocket.c:#include "buffer.h" +luasocket/luasocket.c:#include "inet.h" +luasocket/luasocket.c:#include "tcp.h" +luasocket/luasocket.c:#include "udp.h" +luasocket/luasocket.c:#include "select.h" +luasocket/luasocket.h:#include "../lua.h" +luasocket/luasocket.h:#include "../lauxlib.h" +luasocket/luasocket.h:#include "compat.h" +luasocket/mime.c:#include "luasocket.h" +luasocket/mime.c:#include "mime.h" +luasocket/mime.c:#include +luasocket/mime.c:#include +luasocket/mime.h:#include "luasocket.h" +luasocket/options.c:#include "luasocket.h" +luasocket/options.c:#include "auxiliar.h" +luasocket/options.c:#include "options.h" +luasocket/options.c:#include "inet.h" +luasocket/options.c:#include +luasocket/options.h:#include "luasocket.h" +luasocket/options.h:#include "socket.h" +luasocket/select.c:#include "luasocket.h" +luasocket/select.c:#include "socket.h" +luasocket/select.c:#include "timeout.h" +luasocket/select.c:#include "select.h" +luasocket/select.c:#include +luasocket/serial.c:#include "luasocket.h" +luasocket/serial.c:#include "auxiliar.h" +luasocket/serial.c:#include "socket.h" +luasocket/serial.c:#include "options.h" +luasocket/serial.c:#include "unix.h" +luasocket/serial.c:#include +luasocket/serial.c:#include +luasocket/socket.h:#include "io.h" +luasocket/socket.h:#include "wsocket.h" +luasocket/socket.h:#include "usocket.h" +luasocket/socket.h:#include "timeout.h" +luasocket/tcp.c:#include "luasocket.h" +luasocket/tcp.c:#include "auxiliar.h" +luasocket/tcp.c:#include "socket.h" +luasocket/tcp.c:#include "inet.h" +luasocket/tcp.c:#include "options.h" +luasocket/tcp.c:#include "tcp.h" +luasocket/tcp.c:#include +luasocket/tcp.h:#include "luasocket.h" +luasocket/tcp.h:#include "buffer.h" +luasocket/tcp.h:#include "timeout.h" +luasocket/tcp.h:#include "socket.h" +luasocket/timeout.c:#include "luasocket.h" +luasocket/timeout.c:#include "auxiliar.h" +luasocket/timeout.c:#include "timeout.h" +luasocket/timeout.c:#include +luasocket/timeout.c:#include +luasocket/timeout.c:#include +luasocket/timeout.c:#include +luasocket/timeout.c:#include +luasocket/timeout.c:#include +luasocket/timeout.h:#include "luasocket.h" +luasocket/udp.c:#include "luasocket.h" +luasocket/udp.c:#include "auxiliar.h" +luasocket/udp.c:#include "socket.h" +luasocket/udp.c:#include "inet.h" +luasocket/udp.c:#include "options.h" +luasocket/udp.c:#include "udp.h" +luasocket/udp.c:#include +luasocket/udp.c:#include +luasocket/udp.h:#include "luasocket.h" +luasocket/udp.h:#include "timeout.h" +luasocket/udp.h:#include "socket.h" +luasocket/unix.c:#include "luasocket.h" +luasocket/unix.c:#include "unixstream.h" +luasocket/unix.c:#include "unixdgram.h" +luasocket/unix.h:#include "luasocket.h" +luasocket/unix.h:#include "buffer.h" +luasocket/unix.h:#include "timeout.h" +luasocket/unix.h:#include "socket.h" +luasocket/unixdgram.c:#include "luasocket.h" +luasocket/unixdgram.c:#include "auxiliar.h" +luasocket/unixdgram.c:#include "socket.h" +luasocket/unixdgram.c:#include "options.h" +luasocket/unixdgram.c:#include "unix.h" +luasocket/unixdgram.c:#include +luasocket/unixdgram.c:#include +luasocket/unixdgram.c:#include +luasocket/unixdgram.h:#include "unix.h" +luasocket/unixstream.c:#include "luasocket.h" +luasocket/unixstream.c:#include "auxiliar.h" +luasocket/unixstream.c:#include "socket.h" +luasocket/unixstream.c:#include "options.h" +luasocket/unixstream.c:#include "unixstream.h" +luasocket/unixstream.c:#include +luasocket/unixstream.c:#include +luasocket/unixstream.h:#include "unix.h" +luasocket/usocket.c:#include "luasocket.h" +luasocket/usocket.c:#include "socket.h" +luasocket/usocket.c:#include "pierror.h" +luasocket/usocket.c:#include +luasocket/usocket.c:#include +luasocket/usocket.c:#include +luasocket/usocket.h:#include +luasocket/usocket.h:#include +luasocket/usocket.h:#include +luasocket/usocket.h:#include +luasocket/usocket.h:#include +luasocket/usocket.h:#include +luasocket/usocket.h:#include +luasocket/usocket.h:#include +luasocket/usocket.h:#include +luasocket/usocket.h:#include +luasocket/usocket.h:#include +luasocket/usocket.h:#include +luasocket/usocket.h:#include +luasocket/wsocket.c:#include "luasocket.h" +luasocket/wsocket.c:#include +luasocket/wsocket.c:#include "socket.h" +luasocket/wsocket.c:#include "pierror.h" +luasocket/wsocket.h:#include +luasocket/wsocket.h:#include diff --git a/sandboxing/system_includes b/sandboxing/system_includes new file mode 100644 index 0000000..c9ecf40 --- /dev/null +++ b/sandboxing/system_includes @@ -0,0 +1,220 @@ +kilo.c:#include +kilo.c:#include +kilo.c:#include +kilo.c:#include +kilo.c:#include +kilo.c:#include +kilo.c:#include +kilo.c:#include +kilo.c:#include +kilo.c:#include +kilo.c:#include +kilo.c:#include +kilo.c:#include +lapi.c:#include +lapi.c:#include +lapi.c:#include +lapi.c:#include +lauxlib.c:#include +lauxlib.c:#include +lauxlib.c:#include +lauxlib.c:#include +lauxlib.c:#include +lauxlib.c:#include +lauxlib.h:#include +lauxlib.h:#include +lbaselib.c:#include +lbaselib.c:#include +lbaselib.c:#include +lbaselib.c:#include +lbaselib.c:#include +lcode.c:#include +ldblib.c:#include +ldblib.c:#include +ldblib.c:#include +ldebug.c:#include +ldebug.c:#include +ldebug.c:#include +ldo.c:#include +ldo.c:#include +ldo.c:#include +ldo.c:#include +ldump.c:#include +lfunc.c:#include +lgc.c:#include +liolib.c:#include +liolib.c:#include +liolib.c:#include +liolib.c:#include +llex.c:#include +llex.c:#include +llex.c:#include +llimits.h:#include +llimits.h:#include +lmathlib.c:#include +lmathlib.c:#include +lmem.c:#include +lmem.h:#include +loadlib.c:#include +loadlib.c:#include +loadlib.c:#include +loadlib.c:#include +loadlib.c:#include +lobject.c:#include +lobject.c:#include +lobject.c:#include +lobject.c:#include +lobject.c:#include +lobject.h:#include +loslib.c:#include +loslib.c:#include +loslib.c:#include +loslib.c:#include +loslib.c:#include +lparser.c:#include +lstate.c:#include +lstring.c:#include +lstrlib.c:#include +lstrlib.c:#include +lstrlib.c:#include +lstrlib.c:#include +lstrlib.c:#include +ltable.c:#include +ltable.c:#include +ltablib.c:#include +ltm.c:#include +lua.c:#include +lua.c:#include +lua.c:#include +lua.c:#include +lua.c:#include +lua.c:#include +lua.c:#include +lua.c:#include +lua.c:#include +lua.c:#include +lua.c:#include +lua.h:#include +lua.h:#include +luaconf.h:#include +luaconf.h:#include +luaconf.h:#include +luaconf.h:#include +luaconf.h:#include +luaconf.h:#include +lundump.c:#include +lvm.c:#include +lvm.c:#include +lvm.c:#include +lzio.c:#include +menu.c:#include +menu.c:#include +tlv.c:#include +tlv.c:#include +tlv.c:#include +tlv.c:#include +tlv.c:#include +tlv.c:#include +lcurses/_helpers.c:#include +lcurses/_helpers.c:#include +lcurses/_helpers.c:#include +lcurses/_helpers.c:#include +lcurses/_helpers.c:#include +lcurses/_helpers.c:#include +lcurses/_helpers.c:#include +lcurses/_helpers.c:#include +lcurses/_helpers.c:#include +lcurses/compat-5.2.c:#include +lcurses/compat-5.2.c:#include +lcurses/compat-5.2.c:#include +lcurses/compat-5.2.c:#include +lcurses/compat-5.2.h:#include +lcurses/compat-5.2.h:#include +lcurses/compat-5.2.h:#include +lcurses/compat-5.2.h:#include +lcurses/strlcpy.c:#include +lcurses/strlcpy.c:#include +luasec/compat.h:#include +luasec/context.c:#include +luasec/context.c:#include +luasec/context.c:#include +luasec/context.c:#include +luasec/context.c:#include +luasec/context.c:#include +luasec/context.c:#include +luasec/context.c:#include +luasec/context.h:#include +luasec/ec.c:#include +luasec/ec.h:#include +luasec/options.c:#include +luasec/options.lua:#include +luasec/ssl.c:#include +luasec/ssl.c:#include +luasec/ssl.c:#include +luasec/ssl.c:#include +luasec/ssl.c:#include +luasec/ssl.c:#include +luasec/ssl.c:#include +luasec/ssl.c:#include +luasec/ssl.h:#include +luasec/x509.c:#include +luasec/x509.c:#include +luasec/x509.c:#include +luasec/x509.c:#include +luasec/x509.c:#include +luasec/x509.c:#include +luasec/x509.c:#include +luasec/x509.c:#include +luasec/x509.c:#include +luasec/x509.c:#include +luasec/x509.c:#include +luasec/x509.c:#include +luasec/x509.c:#include +luasec/x509.c:#include +luasec/x509.c:#include +luasec/x509.h:#include +luasocket/auxiliar.c:#include +luasocket/auxiliar.c:#include +luasocket/except.c:#include +luasocket/inet.c:#include +luasocket/inet.c:#include +luasocket/inet.c:#include +luasocket/mime.c:#include +luasocket/mime.c:#include +luasocket/options.c:#include +luasocket/select.c:#include +luasocket/serial.c:#include +luasocket/serial.c:#include +luasocket/tcp.c:#include +luasocket/timeout.c:#include +luasocket/timeout.c:#include +luasocket/timeout.c:#include +luasocket/timeout.c:#include +luasocket/timeout.c:#include +luasocket/timeout.c:#include +luasocket/udp.c:#include +luasocket/udp.c:#include +luasocket/unixdgram.c:#include +luasocket/unixdgram.c:#include +luasocket/unixdgram.c:#include +luasocket/unixstream.c:#include +luasocket/unixstream.c:#include +luasocket/usocket.c:#include +luasocket/usocket.c:#include +luasocket/usocket.c:#include +luasocket/usocket.h:#include +luasocket/usocket.h:#include +luasocket/usocket.h:#include +luasocket/usocket.h:#include +luasocket/usocket.h:#include +luasocket/usocket.h:#include +luasocket/usocket.h:#include +luasocket/usocket.h:#include +luasocket/usocket.h:#include +luasocket/usocket.h:#include +luasocket/usocket.h:#include +luasocket/usocket.h:#include +luasocket/usocket.h:#include +luasocket/wsocket.c:#include +luasocket/wsocket.h:#include +luasocket/wsocket.h:#include diff --git a/sandboxing/unique_system_includes b/sandboxing/unique_system_includes new file mode 100644 index 0000000..1266fb8 --- /dev/null +++ b/sandboxing/unique_system_includes @@ -0,0 +1,51 @@ +arpa/inet.h +assert.h +ctype.h +dlfcn.h +errno.h +fcntl.h +float.h +grp.h +limits.h +locale.h +mach-o/dyld.h +math.h +ncurses.h +net/if.h +netdb.h +netinet/in.h +netinet/tcp.h +openssl/asn1.h +openssl/bio.h +openssl/bn.h +openssl/dh.h +openssl/ec.h +openssl/err.h +openssl/evp.h +openssl/objects.h +openssl/ssl.h +openssl/x509.h +openssl/x509_vfy.h +openssl/x509v3.h +pwd.h +setjmp.h +signal.h +stdarg.h +stddef.h +stdint.h +stdio.h +stdlib.h +string.h +strings.h +sys/poll.h +sys/socket.h +sys/stat.h +sys/time.h +sys/types.h +sys/un.h +term.h +time.h +unistd.h +windows.h +winsock2.h +ws2tcpip.h -- cgit 1.4.1-2-gfad0