Differential D7734
First pass at capsicumizing file(1) Authored by allanjude on Sep 1 2016, 2:30 AM. Tags None Referenced Files
Subscribers
Details This opens all of the fd's before entering the sandbox This takes some extra care because the -f flag specifies a file full of filenames, which we also need to pre-open While here, also fixed two other bugs:
Diff Detail
Event TimelineComment Actions Note that OpenBSD has modified file(1) to introduce privsep, and it's a trivial port to Capsicum: % git show | diffstat file.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) Comment Actions I think I'd be more comfortable if the bug fixes were committed separately from the Capsicum changes (making everything easier to upstream?) and if the Capsicum-specific stuff could be refactored out as much as possible to reduce the in-line #ifdef content. In particular, it would be nice if there could be struct sandbox or the like to capture all of the additional state required by Capsicum, and the contents of that structure could be different on FreeBSD, OpenBSD, etc. If there were a function called start_sandbox(struct sandbox *sbp) or the like, possibly together with a set_flags(int fd, struct sandbox *) or something, it would allow a nice, fair comparison between the Capsicum and Pledge LoC. Comment Actions So... should this revision be abandoned in favour of an approach that uses the new enable_sandbox_{basic,full}() functions? Comment Actions Probably. I am not familiar with the new approach. I am happy to let someone else take over this project, I have lots of other stuff going on. |