From 32bcbd73e0988d2d2237690ffae33b4f5cc5ff81 Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Sun, 22 Oct 2017 23:34:03 +0200 Subject: Sandbox methods with seccomp-BPF; except cdrom, gpgv, rsh This reduces the number of syscalls to about 140 from about 350 or so, significantly reducing security risks. Also change prepare-release to ignore the architecture lists in the build dependencies when generating the build-depends package for travis. We might want to clean up things a bit more and/or move it somewhere else. --- methods/CMakeLists.txt | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) (limited to 'methods/CMakeLists.txt') diff --git a/methods/CMakeLists.txt b/methods/CMakeLists.txt index 72f07e87e..60c636c7b 100644 --- a/methods/CMakeLists.txt +++ b/methods/CMakeLists.txt @@ -1,4 +1,6 @@ # Create the executable targets +include_directories($<$:${SECCOMP_INCLUDE_DIR}>) + add_executable(file file.cc) add_executable(copy copy.cc) add_executable(store store.cc) @@ -14,16 +16,16 @@ target_compile_definitions(http PRIVATE ${GNUTLS_DEFINITIONS}) target_include_directories(http PRIVATE ${GNUTLS_INCLUDE_DIR}) # Link the executables against the libraries -target_link_libraries(file apt-pkg) -target_link_libraries(copy apt-pkg) -target_link_libraries(store apt-pkg) -target_link_libraries(gpgv apt-pkg) -target_link_libraries(cdrom apt-pkg) -target_link_libraries(http apt-pkg ${GNUTLS_LIBRARIES}) -target_link_libraries(mirror apt-pkg ${RESOLV_LIBRARIES} ${GNUTLS_LIBRARIES}) -target_link_libraries(ftp apt-pkg ${GNUTLS_LIBRARIES}) -target_link_libraries(rred apt-pkg) -target_link_libraries(rsh apt-pkg) +target_link_libraries(file apt-pkg $<$:${SECCOMP_LIBRARIES}>) +target_link_libraries(copy apt-pkg $<$:${SECCOMP_LIBRARIES}>) +target_link_libraries(store apt-pkg $<$:${SECCOMP_LIBRARIES}>) +target_link_libraries(gpgv apt-pkg $<$:${SECCOMP_LIBRARIES}>) +target_link_libraries(cdrom apt-pkg $<$:${SECCOMP_LIBRARIES}>) +target_link_libraries(http apt-pkg ${GNUTLS_LIBRARIES} $<$:${SECCOMP_LIBRARIES}>) +target_link_libraries(mirror apt-pkg ${RESOLV_LIBRARIES} ${GNUTLS_LIBRARIES} $<$:${SECCOMP_LIBRARIES}>) +target_link_libraries(ftp apt-pkg ${GNUTLS_LIBRARIES} $<$:${SECCOMP_LIBRARIES}>) +target_link_libraries(rred apt-pkg $<$:${SECCOMP_LIBRARIES}>) +target_link_libraries(rsh apt-pkg $<$:${SECCOMP_LIBRARIES}>) # Install the library install(TARGETS file copy store gpgv cdrom http ftp rred rsh mirror -- cgit v1.2.3-70-g09d2