File: [local] / src / usr.bin / file / file.h (download)
Revision 1.29, Mon Apr 27 13:52:17 2015 UTC (9 years, 1 month ago) by nicm
Branch: MAIN
CVS Tags: OPENBSD_5_9_BASE, OPENBSD_5_9, OPENBSD_5_8_BASE, OPENBSD_5_8 Changes since 1.28: +4 -1 lines
Use a systrace(4) sandbox with a short whitelist of allowed syscalls for
the file(1) child process. Based on similar code in ssh sandbox-systrace.c.
Idea and help from deraadt@.
|
/* $OpenBSD: file.h,v 1.29 2015/04/27 13:52:17 nicm Exp $ */
/*
* Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER
* IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#ifndef FILE_H
#define FILE_H
/* Bytes to read if can't use the whole file. */
#define FILE_READ_SIZE (256 * 1024)
/* User to drop privileges to in child process. */
#define FILE_USER "_file"
/* sandbox.c */
int sandbox_fork(const char *);
/* text.c */
const char *text_get_type(const void *, size_t);
const char *text_try_words(const void *, size_t, int);
#endif /* FILE_H */