As usual for a first cut, punt on sandboxing multiple files and just
sandbox the last input file.
Details
Details
- Reviewers
emaste allanjude bapt oshogbo - Commits
- rS310145: ident(1): Capsicumify
- kyua test passed (1/1)
- ident tests/test.in tests/test.in tests/test.in /dev/stdin (multiple files)
- ident (tty input)
- ident < tests/test.in (non-tty stdin)
Diff Detail
Diff Detail
- Repository
- rS FreeBSD src repository - subversion
- Lint
Lint Not Applicable - Unit
Tests Not Applicable
Event Timeline
Comment Actions
It would be nicer to fork and cap_enter for each arguments but the last one if there are more than 1 arguments, what do you think?
Comment Actions
what about an open(/) then replace fopen with openat/fdopen that would avoid a fork and will make it work properly
usr.bin/ident/ident.c | ||
---|---|---|
266 ↗ | (On Diff #20415) | Since this application already has the processing split out, you could do an array of fp's (malloc fp * argc - 1) then cap_enter and do a second for loop for the scan() or do the fork() thing |
usr.bin/ident/ident.c | ||
---|---|---|
266 ↗ | (On Diff #20415) | I still find my open("/", O_DIRECTORY) approach nicer than what you propose :) |
Comment Actions
This requires resolving all paths into absolute paths, right? Why not open the current working directory and openat on that? Or does openat in the sandbox actually restrict to paths below dirfd?
Comment Actions
- Group multiple related capability restrictions into a single if clause.
- Preopen input files; enter capability mode for all processing.