Up to [local] / src / usr.bin / file
Request diff between arbitrary revisions
Default branch: MAIN
Current tag: OPENBSD_6_0_BASE
Revision 1.16 / (download) - annotate - [select for diffs], Sun Oct 4 07:25:59 2015 UTC (8 years, 8 months ago) by nicm
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1,
OPENBSD_6_0_BASE,
OPENBSD_6_0,
OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.15: +2 -2 lines
Diff to previous 1.15 (colored)
Add tame(2) to file(1) and drop the old systrace(4) sandbox. tame(2) is only applied to the child process, which requires the parent to not pass directory file descriptors (tame("cmsg") does not allow it). Because file(1) is already privsep, the permissions in the child can be quickly restricted: first to "stdio cmsg getpw proc" then after the privdrop to "stdio cmsg".