Use imsg_get_fd() and adjust cleanup code accordingly.
OK nicm@

After fork(2) the pledge(2) in the parent proc can be reduced to
"stdio rpath sendfd" so that it can call {l,}stat/open and sendfd for imsg_*
in order to send fds to the child proc which is already p

After fork(2) the pledge(2) in the parent proc can be reduced to
"stdio rpath sendfd" so that it can call {l,}stat/open and sendfd for imsg_*
in order to send fds to the child proc which is already pledged by recvfd to
receive them

OK brynet@ deraadt@

show more ...

dev_t is signed to permit passing -1 as an invalid condition, but the
decomposition into major and minor is unsigned, so we should print them
with %u instead of %d.
ok guenther

the parent process doesn't do much but open files, but just the same
there's no reason it can't use pledge to enforce that.
ok brynet deraadt

Revert my changes in r1.60 back to nicm@'s latest for now.

Fixes "file *|grep" breakage reported by espie@

ok nicm, deraadt

Default unknowns to application/octet-stream instead of x-not-regular-file.

This makes more sense and matches what the latest "other" file(1) now does.

ok nicm@

close open fd after testing files, ensuring that fd isn't stdin.

ok nicm@

Fix stdin file read support, accidentally broken in my last commit.

remove excess #include

perform an initial pledge very early on, and drop tzset to later.
ok nicm brynet

Simplify file(1) by removing the no longer necessary parent/child separation
and just drop privileges in the main process.

Also allows for a tighter "stdio" pledge.

passing regress tests still pass

Simplify file(1) by removing the no longer necessary parent/child separation
and just drop privileges in the main process.

Also allows for a tighter "stdio" pledge.

passing regress tests still pass

ok nicm@ with helpful feedback

show more ...

Style nits; no binary change.

Tidy up some #include lines.

Add --brief and --dereference, used by xdg-open/xdg-mime.

From Ralf Horstmann, ok tb@ deraadt@ nicm@ sthen@

EAGAIN handling for imsg_read. OK henning@ benno@

Break the message preparation bit of the main loop into its own function
for less excessive level of indentation.

Call stat not lstat with -L, makes links actually be followed. Reported
by and ok semarie@.

The file(1) magic-parsing process was using pledge "stdio getpw proc recvfd"
early on, then a set of getpwnam/setresuid/... before quickly dropping to
"stdio recvfd". It receives fd's and runs the m

The file(1) magic-parsing process was using pledge "stdio getpw proc recvfd"
early on, then a set of getpwnam/setresuid/... before quickly dropping to
"stdio recvfd". It receives fd's and runs the magic code on them in a
chroot'd "stdio" jail. We can do better than that.

Before the recent change, "proc" contained both the concepts of "forking"
and "setuid". "id" is now split out as a seperate request, and it is
exactly what this process needs momentarily. So this loses another window
of opportunity, in case we have a major bug in .... hmm, it'd have to be
in getpwnam....

ok tedu doug semarie gilles

show more ...

Change all tame callers to namechange to pledge(2).

Move from tame "cmsg" to tame "sendfd" or "recvfd", depending on which
way the process moves fd's.

use the normal -1 check for tame failure

Add tame(2) to file(1) and drop the old systrace(4) sandbox. tame(2) is
only applied to the child process, which requires the parent to not pass
directory file descriptors (tame("cmsg") does not allo

Add tame(2) to file(1) and drop the old systrace(4) sandbox. tame(2) is
only applied to the child process, which requires the parent to not pass
directory file descriptors (tame("cmsg") does not allow it). Because
file(1) is already privsep, the permissions in the child can be quickly
restricted: first to "stdio cmsg getpw proc" then after the privdrop to
"stdio cmsg".

show more ...

use limits.h instead of sys/param.h to get PATH_MAX

Keep one byte for terminating '\0'.

ok nicm@

Properly handle files >= 4 GB on 32 bit architectures.

with input by and ok nicm@