gzip can use tame "stdio wpath cpath fattr". this blocks a lot of - wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

diff options

author	deraadt <deraadt@openbsd.org>	2015-10-03 04:19:14 +0000
committer	deraadt <deraadt@openbsd.org>	2015-10-03 04:19:14 +0000
commit	106315206e7186f08922633d3715ee496f143376 (patch)
tree	9d3c668a0ac4c124de609e4e740a6211e5229fed /lib/libssl/ssl_lib.c
parent	BIO_get_fd() could return fd 0; fix error condition. Found at (diff)
download	wireguard-openbsd-106315206e7186f08922633d3715ee496f143376.tar.xz wireguard-openbsd-106315206e7186f08922633d3715ee496f143376.zip

gzip can use tame "stdio wpath cpath fattr". this blocks a lot of

system behaviours such as forking, execve, sockets, etc. in theory this extended by parsing the arguments first, and creating the whitepathlist. the pathlist probably needs to be directory-oriented, rather than exact path of files, because a gzip file may specify the filename it wants (and that won't be available until it is opened, and partially parsed). anyone want to give this a try? gzip was an early goal for capsicum. who is running a capsicum gzip?

Diffstat (limited to 'lib/libssl/ssl_lib.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: