#
99402f41 |
| 16-Jan-2024 |
claudio <claudio@openbsd.org> |
Use imsg_get_fd() and adjust cleanup code accordingly. OK nicm@
|
#
083d4b5c |
| 30-Nov-2019 |
mestre <mestre@openbsd.org> |
After fork(2) the pledge(2) in the parent proc can be reduced to "stdio rpath sendfd" so that it can call {l,}stat/open and sendfd for imsg_* in order to send fds to the child proc which is already p
After fork(2) the pledge(2) in the parent proc can be reduced to "stdio rpath sendfd" so that it can call {l,}stat/open and sendfd for imsg_* in order to send fds to the child proc which is already pledged by recvfd to receive them
OK brynet@ deraadt@
show more ...
|
#
7aa9f692 |
| 05-Feb-2019 |
deraadt <deraadt@openbsd.org> |
dev_t is signed to permit passing -1 as an invalid condition, but the decomposition into major and minor is unsigned, so we should print them with %u instead of %d. ok guenther
|
#
3c08eeed |
| 06-Jan-2019 |
tedu <tedu@openbsd.org> |
the parent process doesn't do much but open files, but just the same there's no reason it can't use pledge to enforce that. ok brynet deraadt
|
#
256e2cc4 |
| 15-Jan-2018 |
brynet <brynet@openbsd.org> |
Revert my changes in r1.60 back to nicm@'s latest for now.
Fixes "file *|grep" breakage reported by espie@
ok nicm, deraadt
|
#
5f0569b5 |
| 30-Nov-2017 |
bentley <bentley@openbsd.org> |
Default unknowns to application/octet-stream instead of x-not-regular-file.
This makes more sense and matches what the latest "other" file(1) now does.
ok nicm@
|
#
ca8f4182 |
| 01-Jul-2017 |
brynet <brynet@openbsd.org> |
close open fd after testing files, ensuring that fd isn't stdin.
ok nicm@
|
#
86abb43a |
| 28-Jun-2017 |
brynet <brynet@openbsd.org> |
Fix stdin file read support, accidentally broken in my last commit.
|
#
8447a89f |
| 28-Jun-2017 |
deraadt <deraadt@openbsd.org> |
remove excess #include
|
#
a1ab1972 |
| 28-Jun-2017 |
deraadt <deraadt@openbsd.org> |
perform an initial pledge very early on, and drop tzset to later. ok nicm brynet
|
#
09f2f01e |
| 28-Jun-2017 |
brynet <brynet@openbsd.org> |
Simplify file(1) by removing the no longer necessary parent/child separation and just drop privileges in the main process.
Also allows for a tighter "stdio" pledge.
passing regress tests still pass
Simplify file(1) by removing the no longer necessary parent/child separation and just drop privileges in the main process.
Also allows for a tighter "stdio" pledge.
passing regress tests still pass
ok nicm@ with helpful feedback
show more ...
|
#
d8e84ae2 |
| 18-Apr-2017 |
nicm <nicm@openbsd.org> |
Style nits; no binary change.
|
#
1da77805 |
| 01-May-2016 |
nicm <nicm@openbsd.org> |
Tidy up some #include lines.
|
#
256dd039 |
| 24-Dec-2015 |
jca <jca@openbsd.org> |
Add --brief and --dereference, used by xdg-open/xdg-mime.
From Ralf Horstmann, ok tb@ deraadt@ nicm@ sthen@
|
#
7ee63df3 |
| 05-Dec-2015 |
claudio <claudio@openbsd.org> |
EAGAIN handling for imsg_read. OK henning@ benno@
|
#
f37ffad5 |
| 13-Nov-2015 |
nicm <nicm@openbsd.org> |
Break the message preparation bit of the main loop into its own function for less excessive level of indentation.
|
#
4d4ce5ea |
| 13-Nov-2015 |
nicm <nicm@openbsd.org> |
Call stat not lstat with -L, makes links actually be followed. Reported by and ok semarie@.
|
#
04faa3a6 |
| 17-Oct-2015 |
deraadt <deraadt@openbsd.org> |
The file(1) magic-parsing process was using pledge "stdio getpw proc recvfd" early on, then a set of getpwnam/setresuid/... before quickly dropping to "stdio recvfd". It receives fd's and runs the m
The file(1) magic-parsing process was using pledge "stdio getpw proc recvfd" early on, then a set of getpwnam/setresuid/... before quickly dropping to "stdio recvfd". It receives fd's and runs the magic code on them in a chroot'd "stdio" jail. We can do better than that.
Before the recent change, "proc" contained both the concepts of "forking" and "setuid". "id" is now split out as a seperate request, and it is exactly what this process needs momentarily. So this loses another window of opportunity, in case we have a major bug in .... hmm, it'd have to be in getpwnam....
ok tedu doug semarie gilles
show more ...
|
#
0bd1216c |
| 09-Oct-2015 |
deraadt <deraadt@openbsd.org> |
Change all tame callers to namechange to pledge(2).
|
#
350a56c6 |
| 06-Oct-2015 |
deraadt <deraadt@openbsd.org> |
Move from tame "cmsg" to tame "sendfd" or "recvfd", depending on which way the process moves fd's.
|
#
f14940cd |
| 05-Oct-2015 |
deraadt <deraadt@openbsd.org> |
use the normal -1 check for tame failure
|
#
80736d22 |
| 04-Oct-2015 |
nicm <nicm@openbsd.org> |
Add tame(2) to file(1) and drop the old systrace(4) sandbox. tame(2) is only applied to the child process, which requires the parent to not pass directory file descriptors (tame("cmsg") does not allo
Add tame(2) to file(1) and drop the old systrace(4) sandbox. tame(2) is only applied to the child process, which requires the parent to not pass directory file descriptors (tame("cmsg") does not allow it). Because file(1) is already privsep, the permissions in the child can be quickly restricted: first to "stdio cmsg getpw proc" then after the privdrop to "stdio cmsg".
show more ...
|
#
32360e76 |
| 02-Oct-2015 |
deraadt <deraadt@openbsd.org> |
use limits.h instead of sys/param.h to get PATH_MAX
|
#
e42cf191 |
| 12-Jul-2015 |
tobias <tobias@openbsd.org> |
Keep one byte for terminating '\0'.
ok nicm@
|
#
90600e8a |
| 08-Jul-2015 |
tobias <tobias@openbsd.org> |
Properly handle files >= 4 GB on 32 bit architectures.
with input by and ok nicm@
|