artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b4aeb38) | patch
Use a systrace(4) sandbox with a short whitelist of allowed syscalls for
authornicm <nicm@openbsd.org>
Mon, 27 Apr 2015 13:52:17 +0000 (13:52 +0000)
committernicm <nicm@openbsd.org>
Mon, 27 Apr 2015 13:52:17 +0000 (13:52 +0000)
commit03ed85e124d59134107086d60805466cbd0321f3
treee823c92c45b94f0731fe5ecbcc3d212bae8884b6tree | snapshot
parentb4aeb3879d2032f2c8767b179e85dd5648918d31commit | diff
Use a systrace(4) sandbox with a short whitelist of allowed syscalls for
the file(1) child process. Based on similar code in ssh sandbox-systrace.c.
Idea and help from deraadt@.
usr.bin/file/Makefile diff | blob | history
usr.bin/file/file.c diff | blob | history
usr.bin/file/file.h diff | blob | history
usr.bin/file/sandbox.c [new file with mode: 0644] blob
OpenBSD src
by Ahmet Artu Yildirim