diff --git a/src/core/corelib.c b/src/core/corelib.c index 30f417bc..c89787b9 100644 --- a/src/core/corelib.c +++ b/src/core/corelib.c @@ -741,6 +741,7 @@ static const SandboxOption sandbox_options[] = { {"net-connect", JANET_SANDBOX_NET_CONNECT}, {"net-listen", JANET_SANDBOX_NET_LISTEN}, {"sandbox", JANET_SANDBOX_SANDBOX}, + {"signal", JANET_SANDBOX_SIGNAL}, {"subprocess", JANET_SANDBOX_SUBPROCESS}, {NULL, 0} }; @@ -765,6 +766,7 @@ JANET_CORE_FN(janet_core_sandbox, "* :net-connect - disallow making outbound network connections\n" "* :net-listen - disallow accepting inbound network connections\n" "* :sandbox - disallow calling this function\n" + "* :signal - disallow adding or removing signal handlers\n" "* :subprocess - disallow running subprocesses") { uint32_t flags = 0; for (int32_t i = 0; i < argc; i++) { diff --git a/src/core/os.c b/src/core/os.c index 67c2a12e..1f1cad35 100644 --- a/src/core/os.c +++ b/src/core/os.c @@ -854,6 +854,7 @@ static void janet_signal_trampoline(int sig) { JANET_CORE_FN(os_sigaction, "(os/sigaction which &opt handler interrupt-interpreter)", "Add a signal handler for a given action. Use nil for the `handler` argument to remove a signal handler.") { + janet_sandbox_assert(JANET_SANDBOX_SIGNAL); janet_arity(argc, 1, 3); #ifdef JANET_WINDOWS janet_panic("unsupported on this platform"); diff --git a/src/include/janet.h b/src/include/janet.h index 55ff974b..1ca534ce 100644 --- a/src/include/janet.h +++ b/src/include/janet.h @@ -1822,6 +1822,7 @@ JANET_API void janet_stacktrace_ext(JanetFiber *fiber, Janet err, const char *pr #define JANET_SANDBOX_FS_TEMP 1024 #define JANET_SANDBOX_FFI_USE 2048 #define JANET_SANDBOX_FFI_JIT 4096 +#define JANET_SANDBOX_SIGNAL 8192 #define JANET_SANDBOX_FFI (JANET_SANDBOX_FFI_DEFINE | JANET_SANDBOX_FFI_USE | JANET_SANDBOX_FFI_JIT) #define JANET_SANDBOX_FS (JANET_SANDBOX_FS_WRITE | JANET_SANDBOX_FS_READ | JANET_SANDBOX_FS_TEMP) #define JANET_SANDBOX_NET (JANET_SANDBOX_NET_CONNECT | JANET_SANDBOX_NET_LISTEN)