Add separate sandbox flag for file/temp

Doesn't really impart (much) file systtem information when used, and can be used for a lot of things where file functions are used to process in a stream.
2025-01-24 14:16:52 +00:00 · 2023-02-09 08:57:53 -06:00 · 2023-02-09 08:57:53 -06:00 · d1eba60ba8
commit d1eba60ba8
parent 057dccad8f
3 changed files with 9 additions and 6 deletions
--- a/src/core/corelib.c
+++ b/src/core/corelib.c
@ -679,6 +679,7 @@ static const SandboxOption sandbox_options[] = {
    {"ffi", JANET_SANDBOX_FFI},
    {"fs", JANET_SANDBOX_FS},
    {"fs-read", JANET_SANDBOX_FS_READ},
+    {"fs-temp", JANET_SANDBOX_FS_TEMP},
    {"fs-write", JANET_SANDBOX_FS_WRITE},
    {"hrtime", JANET_SANDBOX_HRTIME},
    {"modules", JANET_SANDBOX_DYNAMIC_MODULES},
@ -696,15 +697,16 @@ JANET_CORE_FN(janet_core_sandbox,
              "Once a feature is disabled, there is no way to re-enable it. Capabilities can be:\n\n"
              "* :all - disallow all (except IO to stdout, stderr, and stdin)\n"
              "* :env - disallow reading and write env variables\n"
-              "* :ffi - disallow FFI (recommended if disabling anythin else)\n"
+              "* :ffi - disallow FFI (recommended if disabling anything else)\n"
              "* :fs - disallow access to the file system\n"
              "* :fs-read - disallow read access to the file system\n"
+              "* :fs-temp - disallow creating temporary files\n"
              "* :fs-write - disallow write access to the file system\n"
              "* :hrtime - disallow high-resolution timers\n"
              "* :modules - disallow load dynamic modules (natives)\n"
              "* :net - disallow network access\n"
-              "* :net-connect - disallow making outbound network connctions\n"
-              "* :net-listen - disallow accepting inbound network connctions\n"
+              "* :net-connect - disallow making outbound network connections\n"
+              "* :net-listen - disallow accepting inbound network connections\n"
              "* :sandbox - disallow calling this function\n"
              "* :subprocess - disallow running subprocesses") {
    uint32_t flags = 0;
--- a/src/core/io.c
+++ b/src/core/io.c
@ -120,7 +120,7 @@ JANET_CORE_FN(cfun_io_temp,
              "(file/temp)",
              "Open an anonymous temporary file that is removed on close. "
              "Raises an error on failure.") {
-    janet_sandbox_assert(JANET_SANDBOX_FS_WRITE);
+    janet_sandbox_assert(JANET_SANDBOX_FS_TEMP);
    (void)argv;
    janet_fixarity(argc, 0);
    // XXX use mkostemp when we can to avoid CLOEXEC race.
--- a/src/include/janet.h
+++ b/src/include/janet.h
@ -1804,14 +1804,15 @@ JANET_API void janet_stacktrace_ext(JanetFiber *fiber, Janet err, const char *pr
 #define JANET_SANDBOX_SUBPROCESS 2
 #define JANET_SANDBOX_NET_CONNECT 4
 #define JANET_SANDBOX_NET_LISTEN 8
-#define JANET_SANDBOX_NET (JANET_SANDBOX_NET_CONNECT | JANET_SANDBOX_NET_LISTEN)
 #define JANET_SANDBOX_FFI 16
 #define JANET_SANDBOX_FS_WRITE 32
 #define JANET_SANDBOX_FS_READ 64
-#define JANET_SANDBOX_FS (JANET_SANDBOX_FS_WRITE | JANET_SANDBOX_FS_READ)
 #define JANET_SANDBOX_HRTIME 128
 #define JANET_SANDBOX_ENV 256
 #define JANET_SANDBOX_DYNAMIC_MODULES 512
+#define JANET_SANDBOX_FS_TEMP 1024
+#define JANET_SANDBOX_FS (JANET_SANDBOX_FS_WRITE | JANET_SANDBOX_FS_READ | JANET_SANDBOX_FS_TEMP)
+#define JANET_SANDBOX_NET (JANET_SANDBOX_NET_CONNECT | JANET_SANDBOX_NET_LISTEN)
 #define JANET_SANDBOX_ALL (UINT32_MAX)
 JANET_API void janet_sandbox(uint32_t flags);
 JANET_API void janet_sandbox_assert(uint32_t forbidden_flags);