BuildXL icon indicating copy to clipboard operation
BuildXL copied to clipboard
verified publisher icon microsoft

File opening/creating with Nt/Zw APIs are ignored by sandbox

Open rongjiecomputer opened this issue 6 years ago • 1 comments

Detoured Win32 APIs handle file opening/creating, but detoured Nt/Zw APIs seem to not handle it. Msys2/Cygwin C runtime implementation use Nt APIs instead of Win32 APIs to implement POSIX functions, which means programs linked to Msys2/Cygwin runtime are not constrained by the sandbox at all.

Any timeline that this can be fixed? I wonder if the change will look similar to how Detoured Win32 implementation? If the change is not too complicated, will the team accept external PR?

https://github.com/microsoft/BuildXL/blob/8621d3e745fb966e4958054da6800230cde8aa38/Public/Src/Sandbox/Windows/DetoursServices/DetouredFunctions.cpp#L5690

rongjiecomputer avatar Jul 31 '19 14:07 rongjiecomputer

Yes, the team accepts external PR. Please include unit tests as well.

narasamdya avatar Jul 31 '19 20:07 narasamdya