#
c01bd743 |
| 26-Nov-2023 |
espie <espie@openbsd.org> |
mark functions as static when they're unused elsewhere, makes the code slightly easier to understand.
okay and tweak kn@
|
#
067bf70e |
| 09-Nov-2023 |
kn <kn@openbsd.org> |
Tighten pledge in List and Append mode:
Drop "wpath cpath fattr dpath" in read-only: - cpio -i -t < test.tar - pax < test.tar - tar -t -f test.tar
Drop "cpath fattr dpath" in read-write: - echo
Tighten pledge in List and Append mode:
Drop "wpath cpath fattr dpath" in read-only: - cpio -i -t < test.tar - pax < test.tar - tar -t -f test.tar
Drop "cpath fattr dpath" in read-write: - echo foo | cpio -o -A -H ustar -O test.tar - tar -r -f test.tar foo - pax -w -a -f test.tar foo
Other modes remain unchanged and thus can create or modify files.
Feedback OK millert
show more ...
|
#
942b9b29 |
| 15-Oct-2023 |
kn <kn@openbsd.org> |
Pledge once with or without "proc exec", not twice
Spotted while comparing ktraces between 'tar -z' and 'gzcat | tar -f-'.
Only the former runs, e.g. gzip(1), but the latter also pledges theses pro
Pledge once with or without "proc exec", not twice
Spotted while comparing ktraces between 'tar -z' and 'gzcat | tar -f-'.
Only the former runs, e.g. gzip(1), but the latter also pledges theses promises just to pledge again immediately afterwards without them.
Make the calls mutually exclusive so 'tar -f-' et al. skip the first pledge and thus never have "proc exec" to begin wth.
"looks good to me" mbuhl OK millert
show more ...
|
#
c0c90351 |
| 05-Jul-2023 |
guenther <guenther@openbsd.org> |
It isn't portable to use stderr (or std{in,out}) in file-scope initializers as they are not required to be compile-time constants. So, intialize these global variables at the top of main().
ok miod@
It isn't portable to use stderr (or std{in,out}) in file-scope initializers as they are not required to be compile-time constants. So, intialize these global variables at the top of main().
ok miod@ deraadt@ yasuoka@ millert@
show more ...
|
#
3aaa63eb |
| 28-Jun-2019 |
deraadt <deraadt@openbsd.org> |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
show more ...
|
#
f84583fe |
| 13-Sep-2018 |
millert <millert@openbsd.org> |
Use the new libc uid_from_user() and gid_from_group() instead of the pax-specific functions in cache.c. OK guenther@
|
#
753a1ada |
| 08-Dec-2017 |
deraadt <deraadt@openbsd.org> |
Convert snprintf+write into dprintf. It is simply easier to read, and provides retry on short-write file descriptors. ok florian, previous versions seen by millert
|
#
d277bec1 |
| 11-Mar-2017 |
tb <tb@openbsd.org> |
switch pax to using pledge tape instead of ioctl.
ok kettenis
|
#
483ec0db |
| 23-Jan-2017 |
deraadt <deraadt@openbsd.org> |
Slow down the churn and continue using old pledge name "ioctl" instead of "tape" for a week or so.
|
#
b90d0acd |
| 23-Jan-2017 |
deraadt <deraadt@openbsd.org> |
Split pledge "ioctl" into "tape" and "bpf", and allow SIOCGIFGROUP only upon "inet". Adjust the 4 programs that care about this.
|
#
4face9d9 |
| 26-Aug-2016 |
guenther <guenther@openbsd.org> |
Don't need <sys/time.h> or "options.h" here
|
#
3228b364 |
| 23-Aug-2016 |
guenther <guenther@openbsd.org> |
Instead of doing strcmp(argv0), track the invocation mode (pax/tar/cpio) in a separate variable
ok deraadt@
|
#
ad2e9a1b |
| 23-Jun-2016 |
semarie <semarie@openbsd.org> |
allow creation of devices or fifo without -p (as it is already allowed with -p)
diff from trondd at kagu-tsuchi com, enhanced by me for reordering promises
ok deraadt@
|
#
354c8af3 |
| 16-Dec-2015 |
tb <tb@openbsd.org> |
Replace "tame" by "pledge" in a comment.
|
#
1fbbb972 |
| 06-Dec-2015 |
deraadt <deraadt@openbsd.org> |
pledge "dpath" to allow creation of nodes via mkfifo(2) and mknod(2) NOTE: dpath requires a fairly new kernel ok semarie
|
#
284f68db |
| 12-Oct-2015 |
deraadt <deraadt@openbsd.org> |
preservation modes can adjust setugid bits, so no pledge is possible. Otherwise, lay the groundwork for whether a gzip program may be run or not. After such a gzip program is started, pledge the prog
preservation modes can adjust setugid bits, so no pledge is possible. Otherwise, lay the groundwork for whether a gzip program may be run or not. After such a gzip program is started, pledge the program will not exec again. Took a few iterations to get this going... it is looking good. with guenther.
show more ...
|
#
2dbd6dc5 |
| 09-Mar-2015 |
guenther <guenther@openbsd.org> |
Unrevert post-unlock: * Prevent an archive from esacaping the current directory by itself: when extracting a symlink whose value is absolute or contains ".." components, just create a zero-length
Unrevert post-unlock: * Prevent an archive from esacaping the current directory by itself: when extracting a symlink whose value is absolute or contains ".." components, just create a zero-length normal file (with additional tracking of the mode and hardlinks to the symlink) until everything else is extracted, then go back and replace it with the requested link (if it's still that zero-length placeholder).
* For tar without -P, if a path in the archive has any ".." components then strip everything up to and including the last of them (if it ends in ".." then it becomes ".") This mostly follows GNU tar's behavior, except for 'tar tf' and 'tar xvf' we report the modified path that would be/was actually created instead of the raw path from the archive
Above two fixes prompted by a report from Daniel Cegielka (daniel.cegielka (at) gmail.com)
* For directories whose times or mode will be fixed up in the clean-up pass, record their dev+ino and then use open(O_DIRECTORY)+fstat() to verify that we're updating the correct directory before using futimens() and fchmod().
* Correct buffer overflow in handling of pax extension headers, caught by the memcpy() overlap check.
previously ok millert@ deraadt@
show more ...
|
#
ba265607 |
| 21-Feb-2015 |
guenther <guenther@openbsd.org> |
Recent changes haven't been completely stable, so revert for the 5.7 release
requested by deraadt@
|
#
6b45b470 |
| 12-Feb-2015 |
guenther <guenther@openbsd.org> |
Prevent an archive from esacaping the current directory by itself: when extracting a symlink whose value is absolute or contains ".." components, just create a zero-length normal file (with additiona
Prevent an archive from esacaping the current directory by itself: when extracting a symlink whose value is absolute or contains ".." components, just create a zero-length normal file (with additional tracking of the mode and hardlinks to the symlink) until everything else is extracted, then go back and replace it with the requested link (if its still that zero-length placeholder).
This and previous symlink and ".." path fixes prompted by a report from Daniel Cegielka (daniel.cegielka (at) gmail.com)
ok millert@
show more ...
|
#
35cf0294 |
| 23-Nov-2014 |
guenther <guenther@openbsd.org> |
Don't leak the fds for "." and the tty to the compression process
|
#
b415273c |
| 24-May-2014 |
guenther <guenther@openbsd.org> |
Make signal setup clearer via helper function, eliminating a gap in ignoring signals when they were already ignored
ok millert@
|
#
0a8bc8ff |
| 23-May-2014 |
guenther <guenther@openbsd.org> |
Make the signal handler safe: block signals when updating data-structures that are walked by routines called from the signal handler and use dprintf() instead fprintf() in ar_close().
ok millert@
|
#
9c38e9f3 |
| 09-Jan-2014 |
guenther <guenther@openbsd.org> |
Update pax -v format to match "ls -l": display the year for dates in the future and include a space between the major and minor numbers for devices. Eliminate bogus handling of LC_TIME environment v
Update pax -v format to match "ls -l": display the year for dates in the future and include a space between the major and minor numbers for devices. Eliminate bogus handling of LC_TIME environment variable. Make strftime() format selection understandable by gcc -Wformat=2.
ok millert@
show more ...
|
#
f4faee91 |
| 04-Dec-2012 |
deraadt <deraadt@openbsd.org> |
remove some unnecessary sys/param.h inclusions
|
#
af5c3d1b |
| 19-Apr-2012 |
deraadt <deraadt@openbsd.org> |
add newline to signal error messages; Thomas Pfaff
|