md5: enter capability on last fd or when acting as a filter
ClosedPublic
Actions

Authored by emaste on Oct 17 2016, 9:58 PM.

Details

Reviewers

Commits

Lint

Lint Skipped

Unit

Tests Skipped

emaste retitled this revision from to md5: enter capability on last fd or when acting as a filter.

emaste updated this object.

emaste edited the test plan for this revision. (Show Details)

allanjude edited edge metadata.

This revision is now accepted and ready to land.Oct 17 2016, 10:35 PM

cem edited edge metadata.

cem added inline comments.

sbin/md5/md5.c
223	Is READ really all we need?

sbin/md5/md5.c
226	Do we want separate cap_enter? I would put only one place where we call that.

sbin/md5/md5.c
222	I should add a comment here mentioning that we only enter capability mode on the last file.
223	Yes, I believe so. `MDXFdChunk` which calls `lseek` if an offset is specified, but when the offset is zero (as is the case with `MDXFd`) it just calls `read` in a loop.
226	It's slightly awkward right now because (in this initial approach) I want to do it on the last file or immediately for acting as a filter. I think it is indeed easier to reason about if the program can be split up into some pre-sandbox code, cap_enter, then the sandboxed functionality, but it can't be done easily here yet.