Page MenuHomeFreeBSD
Differential D8271

md5: enter capability on last fd or when acting as a filter
ClosedPublic
Actions

Authored by emaste on Oct 17 2016, 9:58 PM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Apr 29, 7:00 AM
Unknown Object (File)
Fri, Apr 26, 7:03 AM
Unknown Object (File)
Sat, Apr 20, 3:58 AM
Unknown Object (File)
Sat, Apr 20, 3:55 AM
Unknown Object (File)
Mon, Apr 1, 1:48 AM
Unknown Object (File)
Mon, Apr 1, 1:48 AM
Unknown Object (File)
Mar 30 2024, 6:56 PM
Unknown Object (File)
Mar 15 2024, 1:37 PM
View All 66 Files
Subscribers
None

Details

Reviewers
cem
allanjude
oshogbo
Commits
rS307658: md5: enter capability on last fd or when acting as a filter

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

emaste updated this revision to Diff 21459.Oct 17 2016, 9:58 PM
emaste retitled this revision from to md5: enter capability on last fd or when acting as a filter.
emaste updated this object.
emaste edited the test plan for this revision. (Show Details)
emaste added reviewers: allanjude, cem, oshogbo.
allanjude accepted this revision.Oct 17 2016, 10:35 PM
allanjude edited edge metadata.
This revision is now accepted and ready to land.Oct 17 2016, 10:35 PM
cem accepted this revision.Oct 17 2016, 10:36 PM
cem edited edge metadata.
cem added inline comments.
sbin/md5/md5.c
223 ↗(On Diff #21459)

Is READ really all we need?

oshogbo added inline comments.Oct 17 2016, 10:53 PM
sbin/md5/md5.c
226 ↗(On Diff #21459)

Do we want separate cap_enter? I would put only one place where we call that.

emaste added inline comments.Oct 18 2016, 1:47 PM
sbin/md5/md5.c
222 ↗(On Diff #21459)

I should add a comment here mentioning that we only enter capability mode on the last file.

223 ↗(On Diff #21459)

Yes, I believe so. MDXFdChunk which calls lseek if an offset is specified, but when the offset is zero (as is the case with MDXFd) it just calls read in a loop.

226 ↗(On Diff #21459)

It's slightly awkward right now because (in this initial approach) I want to do it on the last file or immediately for acting as a filter.

I think it is indeed easier to reason about if the program can be split up into some pre-sandbox code, cap_enter, then the sandboxed functionality, but it can't be done easily here yet.

Closed by commit rS307658: md5: enter capability on last fd or when acting as a filter (authored by emaste). · Explain WhyOct 19 2016, 9:07 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
head/
sbin/
md5/
57 lines

Diff 21511

View Options

head/sbin/md5/md5.c

Loading...