From owner-p4-projects@FreeBSD.ORG  Tue Jun 16 16:37:22 2009
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 6C4111065673; Tue, 16 Jun 2009 16:37:22 +0000 (UTC)
Delivered-To: perforce@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 111F11065670
	for <perforce@freebsd.org>; Tue, 16 Jun 2009 16:37:22 +0000 (UTC)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id F10B28FC19
	for <perforce@freebsd.org>; Tue, 16 Jun 2009 16:37:21 +0000 (UTC)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id n5GGbL1a099846
	for <perforce@freebsd.org>; Tue, 16 Jun 2009 16:37:21 GMT
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.14.3/8.14.3/Submit) id n5GGbLjv099844
	for perforce@freebsd.org; Tue, 16 Jun 2009 16:37:21 GMT
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Date: Tue, 16 Jun 2009 16:37:21 GMT
Message-Id: <200906161637.n5GGbLjv099844@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	bb+lists.freebsd.perforce@cyrus.watson.org using -f
From: Robert Watson <rwatson@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Cc: 
Subject: PERFORCE change 164515 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Jun 2009 16:37:23 -0000

http://perforce.freebsd.org/chv.cgi?CH=164515

Change 164515 by rwatson@rwatson_freebsd_capabilities on 2009/06/16 16:36:55

	When gzip(1) gzips and gunzips files (or streams), run that in a
	sandbox.

Affected files ...

.. //depot/projects/trustedbsd/capabilities/src/usr.bin/gzip/Makefile#2 edit
.. //depot/projects/trustedbsd/capabilities/src/usr.bin/gzip/gzip.c#4 edit
.. //depot/projects/trustedbsd/capabilities/src/usr.bin/gzip/gzsandbox.c#1 add

Differences ...

==== //depot/projects/trustedbsd/capabilities/src/usr.bin/gzip/Makefile#2 (text+ko) ====

@@ -5,9 +5,10 @@
 
 PROG=		gzip
 MAN=		gzip.1 gzexe.1 zdiff.1 zforce.1 zmore.1 znew.1
+SRCS=		gzip.c gzsandbox.c
 
-DPADD=		${LIBZ}
-LDADD=		-lz
+DPADD=		${LIBZ} ${LIBCAPABILITY}
+LDADD=		-lz -lcapability
 WARNS?=		6
 
 .if ${MK_BZIP2_SUPPORT} != "no"
@@ -27,6 +28,7 @@
 LINKS+=		${BINDIR}/gzip ${BINDIR}/gunzip \
 		${BINDIR}/gzip ${BINDIR}/gzcat \
 		${BINDIR}/gzip ${BINDIR}/zcat \
-		${BINDIR}/zdiff ${BINDIR}/zcmp
+		${BINDIR}/zdiff ${BINDIR}/zcmp \
+		${BINDIR}/gzip ${BINDIR}/gzip_sandbox
 
 .include <bsd.prog.mk>

==== //depot/projects/trustedbsd/capabilities/src/usr.bin/gzip/gzip.c#4 (text+ko) ====

@@ -66,6 +66,8 @@
 #include <getopt.h>
 #include <time.h>
 
+#include "gzip.h"
+
 #ifndef PRIdOFF
 #define PRIdOFF PRId64
 #endif
@@ -209,8 +211,6 @@
 #ifdef SMALL
 #define gz_compress(if, of, sz, fn, tm) gz_compress(if, of, sz)
 #endif
-static	off_t	gz_compress(int, int, off_t *, const char *, uint32_t);
-static	off_t	gz_uncompress(int, int, char *, size_t, off_t *, const char *);
 static	off_t	file_compress(char *, char *, size_t);
 static	off_t	file_uncompress(char *, char *, size_t);
 static	void	handle_pathname(char *);
@@ -304,6 +304,8 @@
 	else if (strcmp(progname, "zcat") == 0 ||
 		 strcmp(progname, "gzcat") == 0)
 		dflag = cflag = 1;
+	else if (strcmp(progname, "gzip_sandbox") == 0)
+		sandbox_workloop();
 
 #ifdef SMALL
 #define OPT_LIST "123456789cdhltV"
@@ -529,7 +531,7 @@
 #endif
 
 /* compress input to output. Return bytes read, -1 on error */
-static off_t
+off_t
 gz_compress(int in, int out, off_t *gsizep, const char *origname, uint32_t mtime)
 {
 	z_stream z;
@@ -696,7 +698,7 @@
  * uncompressed size written, and put the compressed sized read
  * into `*gsizep'.
  */
-static off_t
+off_t
 gz_uncompress(int in, int out, char *pre, size_t prelen, off_t *gsizep,
 	      const char *filename)
 {
@@ -1241,7 +1243,8 @@
 	} else
 		out = STDOUT_FILENO;
 
-	insize = gz_compress(in, out, &size, basename(file), (uint32_t)isb.st_mtime);
+	insize = gz_compress_wrapper(in, out, &size, basename(file),
+		    (uint32_t)isb.st_mtime);
 
 	(void)close(in);
 
@@ -1473,7 +1476,7 @@
 			return -1;	/* XXX */
 		}
 
-		size = gz_uncompress(fd, zfd, NULL, 0, NULL, file);
+		size = gz_uncompress_wrapper(fd, zfd, NULL, 0, NULL, file);
 	}
 
 	if (close(fd) != 0)
@@ -1630,8 +1633,8 @@
 		break;
 #endif
 	case FT_GZIP:
-		usize = gz_uncompress(STDIN_FILENO, STDOUT_FILENO, 
-			      (char *)header1, sizeof header1, &gsize, "(stdin)");
+		usize = gz_uncompress_wrapper(STDIN_FILENO, STDOUT_FILENO,
+		    (char *)header1, sizeof header1, &gsize, "(stdin)");
 		break;
 #ifndef NO_BZIP2_SUPPORT
 	case FT_BZIP2:
@@ -1698,8 +1701,9 @@
 #endif
 		mtime = (uint32_t)systime;
 	}
-	 		
-	usize = gz_compress(STDIN_FILENO, STDOUT_FILENO, &gsize, "", mtime);
+
+	usize = gz_compress_wrapper(STDIN_FILENO, STDOUT_FILENO, &gsize, "",
+	    mtime);
 #ifndef SMALL
         if (vflag && !tflag && usize != -1 && gsize != -1)
 		print_verbage(NULL, NULL, usize, gsize);