Revert my changes in r1.60 back to nicm@'s latest for now.

Fixes "file *|grep" breakage reported by espie@

ok nicm, deraadt

Simplify file(1) by removing the no longer necessary parent/child separation
and just drop privileges in the main process.

Also allows for a tighter "stdio" pledge.

passing regress tests still pass

Simplify file(1) by removing the no longer necessary parent/child separation
and just drop privileges in the main process.

Also allows for a tighter "stdio" pledge.

passing regress tests still pass

ok nicm@ with helpful feedback

show more ...

Add tame(2) to file(1) and drop the old systrace(4) sandbox. tame(2) is
only applied to the child process, which requires the parent to not pass
directory file descriptors (tame("cmsg") does not allo

Add tame(2) to file(1) and drop the old systrace(4) sandbox. tame(2) is
only applied to the child process, which requires the parent to not pass
directory file descriptors (tame("cmsg") does not allow it). Because
file(1) is already privsep, the permissions in the child can be quickly
restricted: first to "stdio cmsg getpw proc" then after the privdrop to
"stdio cmsg".

show more ...

Use a systrace(4) sandbox with a short whitelist of allowed syscalls for
the file(1) child process. Based on similar code in ssh sandbox-systrace.c.
Idea and help from deraadt@.

Add simple privilege separation to file(1). Two processes, file
descriptors and a few other bits are opened in parent and passed to
child using imsg. Child currently drops to "nobody" but this will c

Add simple privilege separation to file(1). Two processes, file
descriptors and a few other bits are opened in parent and passed to
child using imsg. Child currently drops to "nobody" but this will change.

show more ...

New implementation of the file(1) utility. This is a simplified,
modernised version with a nearly complete magic(5) parser but omits some
of the complex builtin tests (notably ELF) and has a reduced

New implementation of the file(1) utility. This is a simplified,
modernised version with a nearly complete magic(5) parser but omits some
of the complex builtin tests (notably ELF) and has a reduced set of
options.

ok deraadt

show more ...

force magic file to include all magdir files in alphabetical order,
preparing the way for upcoming update to file 4.24

almost entirely written by espie@

"Go ahead, commit it." espie@

protect against .orig files resulting from a patch.

big update to file 4.09. ok ian@

Bring in readelf.c from Christos' version 3.41 to head off a local
stack attack noted by iDefense, and for more complete 64-bit ELF support.
Add hand-made config.h to avoid running configure but stil

Bring in readelf.c from Christos' version 3.41 to head off a local
stack attack noted by iDefense, and for more complete 64-bit ELF support.
Add hand-made config.h to avoid running configure but still be able
to use Christos' code. In print.c add error(...)-->err(1,...) wrapper.
Tested on i386, sparc64, macppc.

show more ...

include files that start with numbers

COPY -> INSTALL_COPY and STRIP -> INSTALL_STRIP
This fixes namespace problems where STRIP is sometimes used as
the name of the strip(1) to use and other times used as
the flag to send install(1) when

COPY -> INSTALL_COPY and STRIP -> INSTALL_STRIP
This fixes namespace problems where STRIP is sometimes used as
the name of the strip(1) to use and other times used as
the flag to send install(1) when stripping (or not).
COPY doesn't have this problem (yet) but was poorly named.

show more ...

Updates file(1) to version 3.22 by way to NetBSD.

install -> ${INSTALL}, -c -> ${COPY}

MAGICOWN = root

rcsid

netbsd -> openbsd

initial import of NetBSD tree