Page MenuHomeFreeBSD
Differential D8271

md5: enter capability on last fd or when acting as a filter
ClosedPublic
Actions

Authored by emaste on Oct 17 2016, 9:58 PM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Nov 14, 5:25 PM
Unknown Object (File)
Thu, Oct 24, 1:36 AM
Unknown Object (File)
Oct 19 2024, 10:41 PM
Unknown Object (File)
Oct 16 2024, 9:39 AM
Unknown Object (File)
Oct 2 2024, 7:08 AM
Unknown Object (File)
Sep 23 2024, 12:51 AM
Unknown Object (File)
Sep 23 2024, 12:51 AM
Unknown Object (File)
Sep 23 2024, 12:51 AM
View All 95 Files
Subscribers
None

Details

Reviewers
cem
allanjude
oshogbo
Commits
rS307658: md5: enter capability on last fd or when acting as a filter

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

emaste updated this revision to Diff 21459.Oct 17 2016, 9:58 PM
emaste retitled this revision from to md5: enter capability on last fd or when acting as a filter.
emaste updated this object.
emaste edited the test plan for this revision. (Show Details)
emaste added reviewers: allanjude, cem, oshogbo.
allanjude accepted this revision.Oct 17 2016, 10:35 PM
allanjude edited edge metadata.
This revision is now accepted and ready to land.Oct 17 2016, 10:35 PM
cem accepted this revision.Oct 17 2016, 10:36 PM
cem edited edge metadata.
cem added inline comments.
sbin/md5/md5.c
223 ↗(On Diff #21459)

Is READ really all we need?

oshogbo added inline comments.Oct 17 2016, 10:53 PM
sbin/md5/md5.c
226 ↗(On Diff #21459)

Do we want separate cap_enter? I would put only one place where we call that.

emaste added inline comments.Oct 18 2016, 1:47 PM
sbin/md5/md5.c
222 ↗(On Diff #21459)

I should add a comment here mentioning that we only enter capability mode on the last file.

223 ↗(On Diff #21459)

Yes, I believe so. MDXFdChunk which calls lseek if an offset is specified, but when the offset is zero (as is the case with MDXFd) it just calls read in a loop.

226 ↗(On Diff #21459)

It's slightly awkward right now because (in this initial approach) I want to do it on the last file or immediately for acting as a filter.

I think it is indeed easier to reason about if the program can be split up into some pre-sandbox code, cap_enter, then the sandboxed functionality, but it can't be done easily here yet.

Closed by commit rS307658: md5: enter capability on last fd or when acting as a filter (authored by emaste). · Explain WhyOct 19 2016, 9:07 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
head/
sbin/
md5/
57 lines

Diff 21511

View Options

head/sbin/md5/md5.c

Loading...