head(1): Capsicumify
AbandonedPublic
Actions

Authored by cem on Sep 18 2016, 1:03 AM.

Details

Reviewers

emaste
allanjude
oshogbo

Summary

Capsicumify head(1) by restricting it to a readonly view of the
filesystem. This is both easy to do and impacts performance minimally.

Access to the filesystem could be restricted further, but requires more
elaborate implementation and may suffer from performance trade-off.
This is left as future work.

Test Plan

Tested 'head foobar.txt'
Tested 'head < foobar.txt'
Tested 'head -c10 < foobar.txt'

Diff Detail

Lint

Lint Passed

Unit

No Test Coverage

Build Status

Buildable 6174
Build 6428: arc lint + arc unit

Event Timeline

cem updated this revision to Diff 20409.Sep 18 2016, 1:03 AM

cem retitled this revision from to head(1): Capsicumify last input file.

cem updated this object.

cem edited the test plan for this revision. (Show Details)

cem added reviewers: emaste, allanjude, oshogbo.

Herald added a subscriber: imp. · View Herald TranscriptSep 18 2016, 1:03 AM

I think the approach is fine - we'll revisit all of these "capsicumify on last file" cases once a file service is available. Can you update with capsicum_helpers though?

Update to use helpers.

Use https://reviews.freebsd.org/D8743 to enter sandbox over all inputs.

It feels like something like 'abspath' should be available in a library for
similarly-sandboxed applications.

cem retitled this revision from head(1): Capsicumify last input file to head(1): Capsicumify.Dec 9 2016, 9:24 PM

cem updated this object.

cem abandoned this revision.Dec 23 2016, 12:00 AM

Revision Contents
Changeset List

Path

Size

usr.bin/

head/

head.c

51 lines

Diff 22788

View Options

head(1): CapsicumifyAbandonedPublicActions