No longer need tricks with setvbuf(). Instead, we just give permission

to call fstat() and fcntl().
ok nicm

diff --git a/usr.bin/file/file.c b/usr.bin/file/file.c
index 0c2707d..c6b3af7 100644 (file)
--- a/usr.bin/file/file.c
+++ b/usr.bin/file/file.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: file.c,v 1.37 2015/04/28 02:26:43 lteo Exp $ */
+/* $OpenBSD: file.c,v 1.38 2015/05/18 11:57:52 deraadt Exp $ */
 
 /*
  * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
@@ -186,7 +186,6 @@ main(int argc, char **argv)
        }
        if (magicfp == NULL)
                err(1, "%s", magicpath);
-       setvbuf(magicfp, NULL, _IOLBF, 0); /* stops stdio calling fstat */
 
        parent = getpid();
        if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, pair) != 0)

diff --git a/usr.bin/file/sandbox.c b/usr.bin/file/sandbox.c
index a4d42cf..5c6472d 100644 (file)
--- a/usr.bin/file/sandbox.c
+++ b/usr.bin/file/sandbox.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sandbox.c,v 1.4 2015/04/30 14:30:53 nicm Exp $ */
+/* $OpenBSD: sandbox.c,v 1.5 2015/05/18 11:57:52 deraadt Exp $ */
 
 /*
  * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
@@ -42,6 +42,8 @@ static const struct
 
        { SYS_close, SYSTR_POLICY_PERMIT },
        { SYS_exit, SYSTR_POLICY_PERMIT },
+       { SYS_fcntl, SYSTR_POLICY_PERMIT },
+       { SYS_fstat, SYSTR_POLICY_PERMIT },
        { SYS_getdtablecount, SYSTR_POLICY_PERMIT },
        { SYS_getentropy, SYSTR_POLICY_PERMIT },
        { SYS_getpid, SYSTR_POLICY_PERMIT },
@@ -78,13 +80,6 @@ sandbox_child(const char *user)
 {
        struct passwd   *pw;
 
-       /*
-        * If we don't set stream buffering explicitly, stdio calls isatty()
-        * which means ioctl() - too nasty to let through the systrace policy.
-        */
-       setvbuf(stdout, NULL, _IOLBF, 0);
-       setvbuf(stderr, NULL, _IONBF, 0);
-
        if (geteuid() == 0) {
                pw = getpwnam(user);
                if (pw == NULL)