version 1.48, 2015/10/02 18:06:27 |
version 1.49, 2015/10/04 07:25:59 |
|
|
int |
int |
main(int argc, char **argv) |
main(int argc, char **argv) |
{ |
{ |
int opt, pair[2], fd, idx; |
int opt, pair[2], fd, idx, mode; |
char *home; |
char *home; |
struct passwd *pw; |
struct passwd *pw; |
struct imsgbuf ibuf; |
struct imsgbuf ibuf; |
|
|
parent = getpid(); |
parent = getpid(); |
if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, pair) != 0) |
if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, pair) != 0) |
err(1, "socketpair"); |
err(1, "socketpair"); |
pid = sandbox_fork(FILE_USER); |
switch (pid = fork()) { |
if (pid == 0) { |
case -1: |
|
err(1, "fork"); |
|
case 0: |
close(pair[0]); |
close(pair[0]); |
child(pair[1], parent, argc, argv); |
child(pair[1], parent, argc, argv); |
} |
} |
|
|
fd = -1; |
fd = -1; |
msg.error = errno; |
msg.error = errno; |
} else { |
} else { |
fd = open(argv[idx], O_RDONLY|O_NONBLOCK); |
/* |
if (fd == -1 && (errno == ENFILE || errno == EMFILE)) |
* tame(2) doesn't let us pass directory file |
err(1, "open"); |
* descriptors around - but in fact we don't need them, |
if (S_ISLNK(msg.sb.st_mode)) |
* so just don't open directories or symlinks (which |
|
* could be to directories). |
|
*/ |
|
mode = msg.sb.st_mode; |
|
if (!S_ISDIR(mode) && !S_ISLNK(mode)) { |
|
fd = open(argv[idx], O_RDONLY|O_NONBLOCK); |
|
if (fd == -1 && |
|
(errno == ENFILE || errno == EMFILE)) |
|
err(1, "open"); |
|
} else |
|
fd = -1; |
|
if (S_ISLNK(mode)) |
read_link(&msg, argv[idx]); |
read_link(&msg, argv[idx]); |
} |
} |
send_message(&ibuf, &msg, sizeof msg, fd); |
send_message(&ibuf, &msg, sizeof msg, fd); |
|
|
static __dead void |
static __dead void |
child(int fd, pid_t parent, int argc, char **argv) |
child(int fd, pid_t parent, int argc, char **argv) |
{ |
{ |
|
struct passwd *pw; |
struct magic *m; |
struct magic *m; |
struct imsgbuf ibuf; |
struct imsgbuf ibuf; |
struct imsg imsg; |
struct imsg imsg; |
|
|
int i, idx; |
int i, idx; |
size_t len, width = 0; |
size_t len, width = 0; |
|
|
|
if (tame("stdio cmsg getpw proc", NULL) != 0) |
|
err(1, "tame"); |
|
|
|
if (geteuid() == 0) { |
|
pw = getpwnam(FILE_USER); |
|
if (pw == NULL) |
|
errx(1, "unknown user %s", FILE_USER); |
|
if (setgroups(1, &pw->pw_gid) != 0) |
|
err(1, "setgroups"); |
|
if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0) |
|
err(1, "setresgid"); |
|
if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) != 0) |
|
err(1, "setresuid"); |
|
} |
|
|
|
if (tame("stdio cmsg", NULL) != 0) |
|
err(1, "tame"); |
|
|
m = magic_load(magicfp, magicpath, cflag || Wflag); |
m = magic_load(magicfp, magicpath, cflag || Wflag); |
if (cflag) { |
if (cflag) { |
magic_dump(m); |
magic_dump(m); |
|
|
{ |
{ |
char tmp[256] = ""; |
char tmp[256] = ""; |
|
|
|
if (inf->msg->sb.st_size == 0 && S_ISREG(inf->msg->sb.st_mode)) |
|
return (0); /* empty file */ |
if (inf->fd != -1) |
if (inf->fd != -1) |
return (0); |
return (0); |
|
|