Date: Tue, 2 Feb 2010 19:19:57 +0000 (UTC) From: Robert Watson <rwatson@FreeBSD.org> To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r203392 - projects/capabilities8/usr.bin/gzip Message-ID: <201002021919.o12JJw75053009@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rwatson Date: Tue Feb 2 19:19:57 2010 New Revision: 203392 URL: http://svn.freebsd.org/changeset/base/203392 Log: Merge c174178 from the p4 TrustedBSD Capabilities branch to capabilities8: When compressing in a sandbox, forward 'numflag' for zlib compression, as that controls the compression level. Reported by: kris Sponsored by: Google, Inc. Modified: projects/capabilities8/usr.bin/gzip/gzip.c projects/capabilities8/usr.bin/gzip/gzip.h projects/capabilities8/usr.bin/gzip/gzsandbox.c Modified: projects/capabilities8/usr.bin/gzip/gzip.c ============================================================================== --- projects/capabilities8/usr.bin/gzip/gzip.c Tue Feb 2 19:02:08 2010 (r203391) +++ projects/capabilities8/usr.bin/gzip/gzip.c Tue Feb 2 19:19:57 2010 (r203392) @@ -186,7 +186,7 @@ static const char gzip_copyright[] = \ static int cflag; /* stdout mode */ static int dflag; /* decompress mode */ static int lflag; /* list mode */ -static int numflag = 6; /* gzip -1..-9 value */ +int numflag = 6; /* gzip -1..-9 value */ #ifndef SMALL static int fflag; /* force mode */ Modified: projects/capabilities8/usr.bin/gzip/gzip.h ============================================================================== --- projects/capabilities8/usr.bin/gzip/gzip.h Tue Feb 2 19:02:08 2010 (r203391) +++ projects/capabilities8/usr.bin/gzip/gzip.h Tue Feb 2 19:19:57 2010 (r203392) @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2009 Robert N. M. Watson + * Copyright (c) 2009-2010 Robert N. M. Watson * All rights reserved. * * WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED @@ -34,6 +34,12 @@ #ifndef _GZIP_H_ #define _GZIP_H_ +/* + * We need to forward the global variable 'numflag' to the sandbox as well as + * function arguments. + */ +extern int numflag; + off_t gz_compress(int in, int out, off_t *gsizep, const char *origname, uint32_t mtime); off_t gz_compress_wrapper(int in, int out, off_t *gsizep, Modified: projects/capabilities8/usr.bin/gzip/gzsandbox.c ============================================================================== --- projects/capabilities8/usr.bin/gzip/gzsandbox.c Tue Feb 2 19:02:08 2010 (r203391) +++ projects/capabilities8/usr.bin/gzip/gzsandbox.c Tue Feb 2 19:19:57 2010 (r203392) @@ -110,6 +110,7 @@ gzsandbox_initialize(void) struct host_gz_compress_req { char hgc_req_origname[PATH_MAX]; + int hgc_req_numflag; uint32_t hgc_req_mtime; } __packed; @@ -131,6 +132,7 @@ gz_compress_insandbox(int in, int out, o bzero(&req, sizeof(req)); strlcpy(req.hgc_req_origname, origname, sizeof(req.hgc_req_origname)); + req.hgc_req_numflag = numflag; req.hgc_req_mtime = mtime; iov_req.iov_base = &req; iov_req.iov_len = sizeof(req); @@ -165,6 +167,7 @@ sandbox_gz_compress_buffer(struct lc_hos bcopy(buffer, &req, sizeof(req)); bzero(&rep, sizeof(rep)); + numflag = req.hgc_req_numflag; rep.hgc_rep_retval = gz_compress(fd_in, fd_out, &rep.hgc_rep_gsize, req.hgc_req_origname, req.hgc_req_mtime); iov.iov_base = &rep;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201002021919.o12JJw75053009>