Date: Tue, 16 Jun 2009 16:37:21 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 164515 for review Message-ID: <200906161637.n5GGbLjv099844@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=164515 Change 164515 by rwatson@rwatson_freebsd_capabilities on 2009/06/16 16:36:55 When gzip(1) gzips and gunzips files (or streams), run that in a sandbox. Affected files ... .. //depot/projects/trustedbsd/capabilities/src/usr.bin/gzip/Makefile#2 edit .. //depot/projects/trustedbsd/capabilities/src/usr.bin/gzip/gzip.c#4 edit .. //depot/projects/trustedbsd/capabilities/src/usr.bin/gzip/gzsandbox.c#1 add Differences ... ==== //depot/projects/trustedbsd/capabilities/src/usr.bin/gzip/Makefile#2 (text+ko) ==== @@ -5,9 +5,10 @@ PROG= gzip MAN= gzip.1 gzexe.1 zdiff.1 zforce.1 zmore.1 znew.1 +SRCS= gzip.c gzsandbox.c -DPADD= ${LIBZ} -LDADD= -lz +DPADD= ${LIBZ} ${LIBCAPABILITY} +LDADD= -lz -lcapability WARNS?= 6 .if ${MK_BZIP2_SUPPORT} != "no" @@ -27,6 +28,7 @@ LINKS+= ${BINDIR}/gzip ${BINDIR}/gunzip \ ${BINDIR}/gzip ${BINDIR}/gzcat \ ${BINDIR}/gzip ${BINDIR}/zcat \ - ${BINDIR}/zdiff ${BINDIR}/zcmp + ${BINDIR}/zdiff ${BINDIR}/zcmp \ + ${BINDIR}/gzip ${BINDIR}/gzip_sandbox .include <bsd.prog.mk> ==== //depot/projects/trustedbsd/capabilities/src/usr.bin/gzip/gzip.c#4 (text+ko) ==== @@ -66,6 +66,8 @@ #include <getopt.h> #include <time.h> +#include "gzip.h" + #ifndef PRIdOFF #define PRIdOFF PRId64 #endif @@ -209,8 +211,6 @@ #ifdef SMALL #define gz_compress(if, of, sz, fn, tm) gz_compress(if, of, sz) #endif -static off_t gz_compress(int, int, off_t *, const char *, uint32_t); -static off_t gz_uncompress(int, int, char *, size_t, off_t *, const char *); static off_t file_compress(char *, char *, size_t); static off_t file_uncompress(char *, char *, size_t); static void handle_pathname(char *); @@ -304,6 +304,8 @@ else if (strcmp(progname, "zcat") == 0 || strcmp(progname, "gzcat") == 0) dflag = cflag = 1; + else if (strcmp(progname, "gzip_sandbox") == 0) + sandbox_workloop(); #ifdef SMALL #define OPT_LIST "123456789cdhltV" @@ -529,7 +531,7 @@ #endif /* compress input to output. Return bytes read, -1 on error */ -static off_t +off_t gz_compress(int in, int out, off_t *gsizep, const char *origname, uint32_t mtime) { z_stream z; @@ -696,7 +698,7 @@ * uncompressed size written, and put the compressed sized read * into `*gsizep'. */ -static off_t +off_t gz_uncompress(int in, int out, char *pre, size_t prelen, off_t *gsizep, const char *filename) { @@ -1241,7 +1243,8 @@ } else out = STDOUT_FILENO; - insize = gz_compress(in, out, &size, basename(file), (uint32_t)isb.st_mtime); + insize = gz_compress_wrapper(in, out, &size, basename(file), + (uint32_t)isb.st_mtime); (void)close(in); @@ -1473,7 +1476,7 @@ return -1; /* XXX */ } - size = gz_uncompress(fd, zfd, NULL, 0, NULL, file); + size = gz_uncompress_wrapper(fd, zfd, NULL, 0, NULL, file); } if (close(fd) != 0) @@ -1630,8 +1633,8 @@ break; #endif case FT_GZIP: - usize = gz_uncompress(STDIN_FILENO, STDOUT_FILENO, - (char *)header1, sizeof header1, &gsize, "(stdin)"); + usize = gz_uncompress_wrapper(STDIN_FILENO, STDOUT_FILENO, + (char *)header1, sizeof header1, &gsize, "(stdin)"); break; #ifndef NO_BZIP2_SUPPORT case FT_BZIP2: @@ -1698,8 +1701,9 @@ #endif mtime = (uint32_t)systime; } - - usize = gz_compress(STDIN_FILENO, STDOUT_FILENO, &gsize, "", mtime); + + usize = gz_compress_wrapper(STDIN_FILENO, STDOUT_FILENO, &gsize, "", + mtime); #ifndef SMALL if (vflag && !tflag && usize != -1 && gsize != -1) print_verbage(NULL, NULL, usize, gsize);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200906161637.n5GGbLjv099844>