Page MenuHomeFreeBSD
Differential D8271

md5: enter capability on last fd or when acting as a filter
ClosedPublic
Actions

Authored by emaste on Oct 17 2016, 9:58 PM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Oct 15, 10:25 PM
Unknown Object (File)
Sat, Oct 11, 10:46 AM
Unknown Object (File)
Sep 10 2025, 3:30 PM
Unknown Object (File)
Sep 10 2025, 5:29 AM
Unknown Object (File)
Sep 10 2025, 4:54 AM
Unknown Object (File)
Aug 18 2025, 10:00 PM
Unknown Object (File)
Aug 17 2025, 9:41 AM
Unknown Object (File)
Jul 13 2025, 7:32 AM
View All Files
Subscribers
None

Details

Reviewers
cem
allanjude
oshogbo
Commits
rS307658: md5: enter capability on last fd or when acting as a filter

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

emaste updated this revision to Diff 21459.Oct 17 2016, 9:58 PM
emaste retitled this revision from to md5: enter capability on last fd or when acting as a filter.
emaste updated this object.
emaste edited the test plan for this revision. (Show Details)
emaste added reviewers: allanjude, cem, oshogbo.
allanjude accepted this revision.Oct 17 2016, 10:35 PM
allanjude edited edge metadata.
This revision is now accepted and ready to land.Oct 17 2016, 10:35 PM
cem accepted this revision.Oct 17 2016, 10:36 PM
cem edited edge metadata.
cem added inline comments.
sbin/md5/md5.c
223 ↗(On Diff #21459)

Is READ really all we need?

oshogbo added inline comments.Oct 17 2016, 10:53 PM
sbin/md5/md5.c
226 ↗(On Diff #21459)

Do we want separate cap_enter? I would put only one place where we call that.

emaste added inline comments.Oct 18 2016, 1:47 PM
sbin/md5/md5.c
222 ↗(On Diff #21459)

I should add a comment here mentioning that we only enter capability mode on the last file.

223 ↗(On Diff #21459)

Yes, I believe so. MDXFdChunk which calls lseek if an offset is specified, but when the offset is zero (as is the case with MDXFd) it just calls read in a loop.

226 ↗(On Diff #21459)

It's slightly awkward right now because (in this initial approach) I want to do it on the last file or immediately for acting as a filter.

I think it is indeed easier to reason about if the program can be split up into some pre-sandbox code, cap_enter, then the sandboxed functionality, but it can't be done easily here yet.

Closed by commit rS307658: md5: enter capability on last fd or when acting as a filter (authored by emaste). · Explain WhyOct 19 2016, 9:07 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
head/
sbin/
md5/
57 lines

Diff 21511

View Options

head/sbin/md5/md5.c

Loading...