otherwise format_resize(), which is called right after, isn't
getting the current/actual image size. Rather than rounding up,
format_resize() could end up truncating the size and we don't
allow that by design.
MFC after: 1 week
Closing stdin/stdout/stderr is often a bad idea as a future open()
can end up with its fd. Leave it open and limit it to no rights
instead.
Reviewed by: cem
Differential Revision: https://reviews.freebsd.org/D7984
bspatch previously included sys/capability.h or sys/capsicum.h based
on __FreeBSD_version, as FreeBSD is the upstream for bsdiff and we may
see this file incorporated into other third-party software.
The Capsicum header is now installed as sys/capsicum.h in stable/10 and
FreeBSD 10.3, so we can just use sys/capsicum.h and simplify the logic.
Reviewed by: allanjude
Differential Revision: https://reviews.freebsd.org/D7954
This is not actually documented or even implied in style(9). Make the change
to match convention. Someone should document this convention in style(9).
Reported by: jhb
Sponsored by: EMC Dell Isilon
This is a nice and trivial program for sandboxing. One input file, one
output file.
Reviewed by: pfg
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D7920
This is a straightforward single input, single output program for
capsicum.
Reviewed by: bapt
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D7928
stdio uses fstat and the TIOCGETA ioctl. Also collapse the
cap_rights_limit and new cap_ioctls_limit calls into one if statement.
Errors here are not actionable by the user and distinguishing stdout
from stderr doesn't really have value.
Reported by: kib
Reviewed by: allanjude, bapt
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D7944
if getcwd fails: just ignore it and do not try to adding to the list of possible
path where to find the files.
if fdopen fails, warn and return NULL the rest of the code knows how to deal
with it
Reported by: oshogbo
As a trick to be able to access all files passed in arguments (readonly) within
the sandbox we first open the root directory, then consider all files as
relative to this file descriptor.
This might be improved once casper add supports for filesystem.
MFC after: 1 month
Reviewed by: allanjude
Differential Revision: https://reviews.freebsd.org/D7936
errx() prefixes the error string with argv[0] so including "login: "
in the string is redundant. Also remove a superfluous newline.
Sponsored by: The FreeBSD Foundation
The first argument of calloc(3) should be an ordinal type, and the
second a size: split a multiplication to make better use of calloc(3)
and detect overflows.
Do some other re-ordering and style fixes while here.
MFC after: 3 weeks
Note that this introduces an explicit 2GB limit, but this was already
implicit in variable and function argument types.
This is based on the "non-cryptanalytic attacks against freebsd
update components" anonymous gist. Further refinement is planned.
Reviewed by: allanjude, cem, kib
Obtained from: anonymous gist
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D7619
process. We don't *quite* pull that number out of our backside, as
the actual number is difficult to determine without modifying the VM
system to report it, but it's still useful to get an idea of what's
going on when a machine unexpectedly starts swapping.
MFC after: 1 week
