From 8dd812e1ff7686a1e30c43dbcf1f0ba85388519f Mon Sep 17 00:00:00 2001 From: deraadt Date: Mon, 18 May 2015 11:57:52 +0000 Subject: [PATCH] No longer need tricks with setvbuf(). Instead, we just give permission to call fstat() and fcntl(). ok nicm --- usr.bin/file/file.c | 3 +-- usr.bin/file/sandbox.c | 11 +++-------- 2 files changed, 4 insertions(+), 10 deletions(-) diff --git a/usr.bin/file/file.c b/usr.bin/file/file.c index 0c2707d9d8e..c6b3af73ea8 100644 --- a/usr.bin/file/file.c +++ b/usr.bin/file/file.c @@ -1,4 +1,4 @@ -/* $OpenBSD: file.c,v 1.37 2015/04/28 02:26:43 lteo Exp $ */ +/* $OpenBSD: file.c,v 1.38 2015/05/18 11:57:52 deraadt Exp $ */ /* * Copyright (c) 2015 Nicholas Marriott @@ -186,7 +186,6 @@ main(int argc, char **argv) } if (magicfp == NULL) err(1, "%s", magicpath); - setvbuf(magicfp, NULL, _IOLBF, 0); /* stops stdio calling fstat */ parent = getpid(); if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, pair) != 0) diff --git a/usr.bin/file/sandbox.c b/usr.bin/file/sandbox.c index a4d42cf077f..5c6472d3622 100644 --- a/usr.bin/file/sandbox.c +++ b/usr.bin/file/sandbox.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sandbox.c,v 1.4 2015/04/30 14:30:53 nicm Exp $ */ +/* $OpenBSD: sandbox.c,v 1.5 2015/05/18 11:57:52 deraadt Exp $ */ /* * Copyright (c) 2015 Nicholas Marriott @@ -42,6 +42,8 @@ static const struct { SYS_close, SYSTR_POLICY_PERMIT }, { SYS_exit, SYSTR_POLICY_PERMIT }, + { SYS_fcntl, SYSTR_POLICY_PERMIT }, + { SYS_fstat, SYSTR_POLICY_PERMIT }, { SYS_getdtablecount, SYSTR_POLICY_PERMIT }, { SYS_getentropy, SYSTR_POLICY_PERMIT }, { SYS_getpid, SYSTR_POLICY_PERMIT }, @@ -78,13 +80,6 @@ sandbox_child(const char *user) { struct passwd *pw; - /* - * If we don't set stream buffering explicitly, stdio calls isatty() - * which means ioctl() - too nasty to let through the systrace policy. - */ - setvbuf(stdout, NULL, _IOLBF, 0); - setvbuf(stderr, NULL, _IONBF, 0); - if (geteuid() == 0) { pw = getpwnam(user); if (pw == NULL) -- 2.20.1