Up to [local] / src / usr.bin / file
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.10, Sun Oct 4 07:25:59 2015 UTC (8 years, 8 months ago) by nicm
Branch: MAIN
CVS Tags: HEAD
Changes since 1.9: +1 -1 lines
FILE REMOVED
Add tame(2) to file(1) and drop the old systrace(4) sandbox. tame(2) is only applied to the child process, which requires the parent to not pass directory file descriptors (tame("cmsg") does not allow it). Because file(1) is already privsep, the permissions in the child can be quickly restricted: first to "stdio cmsg getpw proc" then after the privdrop to "stdio cmsg".
Revision 1.9 / (download) - annotate - [select for diffs], Sun Aug 23 18:31:41 2015 UTC (8 years, 9 months ago) by guenther
Branch: MAIN
Changes since 1.8: +2 -1 lines
Diff to previous 1.8 (colored) to selected 1.7 (colored)
Need to permit kbind in this sandbox too
Revision 1.8 / (download) - annotate - [select for diffs], Thu Jun 4 22:56:33 2015 UTC (9 years ago) by nicm
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8
Changes since 1.7: +3 -2 lines
Diff to previous 1.7 (colored)
systrace(4) STRIOCATTACH can only fail for file(1) if it is already systraced. If so, silently ignore the error and do not attempt to apply our own systrace policy. From Patrick Keshishian.
Revision 1.7 / (download) - annotate - [selected], Fri May 29 15:58:34 2015 UTC (9 years ago) by nicm
Branch: MAIN
Changes since 1.6: +1 -2 lines
Diff to previous 1.6 (colored)
millert points out I can just call tzset() early to avoid having to permit access() in the child.
Revision 1.6 / (download) - annotate - [select for diffs], Fri May 29 12:38:28 2015 UTC (9 years ago) by nicm
Branch: MAIN
Changes since 1.5: +2 -1 lines
Diff to previous 1.5 (colored) to selected 1.7 (colored)
file(1) needs access(/etc/localtime) for localtime().
Revision 1.5 / (download) - annotate - [select for diffs], Mon May 18 11:57:52 2015 UTC (9 years ago) by deraadt
Branch: MAIN
Changes since 1.4: +3 -8 lines
Diff to previous 1.4 (colored) to selected 1.7 (colored)
No longer need tricks with setvbuf(). Instead, we just give permission to call fstat() and fcntl(). ok nicm
Revision 1.4 / (download) - annotate - [select for diffs], Thu Apr 30 14:30:53 2015 UTC (9 years, 1 month ago) by nicm
Branch: MAIN
Changes since 1.3: +6 -1 lines
Diff to previous 1.3 (colored) to selected 1.7 (colored)
Add a comment about waitpid, suggested by espie@.
Revision 1.3 / (download) - annotate - [select for diffs], Thu Apr 30 14:16:49 2015 UTC (9 years, 1 month ago) by nicm
Branch: MAIN
Changes since 1.2: +4 -5 lines
Diff to previous 1.2 (colored) to selected 1.7 (colored)
Tweak comment so it doesn't imply line buffering is needed (any will do so long as it is explicit), and set stderr to NBF not LBF. Pointed out by espie@.
Revision 1.2 / (download) - annotate - [select for diffs], Wed Apr 29 06:37:14 2015 UTC (9 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.1: +3 -3 lines
Diff to previous 1.1 (colored) to selected 1.7 (colored)
the non braced do while made my teeth hurt
Revision 1.1 / (download) - annotate - [select for diffs], Mon Apr 27 13:52:17 2015 UTC (9 years, 1 month ago) by nicm
Branch: MAIN
Diff to selected 1.7 (colored)
Use a systrace(4) sandbox with a short whitelist of allowed syscalls for the file(1) child process. Based on similar code in ssh sandbox-systrace.c. Idea and help from deraadt@.