ref: 48f53e57be61f7cee021fdb21849d4759770f722
parent: c3474e39d6613d5000dcd7bb08de81e96904db53
author: cinap_lenrek <cinap_lenrek@felloff.net>
date: Mon Dec 5 09:58:11 EST 2022
page: revert sandbox, breaks postscript fonts for man -P, wrong place The intention is good, but page is the wrong place for this. If ghostscript wants to sandbox, we should do that with a wrapper script so any invocation of ghostscript can be sandboxed.
--- a/sys/src/cmd/page.c
+++ b/sys/src/cmd/page.c
@@ -513,7 +513,7 @@
popengs(Page *p)
{int n, i, pdf, ifd, ofd, pin[2], pout[2], pdat[2];
- char buf[NBUF], nam[32], *argv[32];
+ char buf[NBUF], nam[32], *argv[16];
pdf = 0;
ifd = p->fd;
@@ -544,7 +544,7 @@
}
argv[0] = (char*)p->data;
- switch(rfork(RFENVG|RFPROC|RFMEM|RFFDG|RFREND|RFNOWAIT)){+ switch(rfork(RFPROC|RFMEM|RFFDG|RFREND|RFNOWAIT)){case -1:
goto Err2;
case 0:
@@ -554,31 +554,21 @@
dupfds(nullfd, nullfd, 2, pdat[1], ifd, -1);
if(argv[0])
pipeline(4, "%s", argv[0]);
-
- i = 0;
- argv[i++] = "auth/box";
- argv[i++] = "-r";
- argv[i++] = "/fd";
- argv[i++] = "-r";
- argv[i++] = "/sys/lib/ghostscript";
- argv[i++] = "-c";
- argv[i++] = "/env";
-
- argv[i++] = "/bin/gs";
- argv[i++] = "-q";
- argv[i++] = "-sDEVICE=plan9";
- argv[i++] = "-sOutputFile=/fd/3";
- argv[i++] = "-dBATCH";
- argv[i++] = pdf ? "-dDELAYSAFER" : "-dSAFER";
- argv[i++] = "-dQUIET";
- argv[i++] = "-dTextAlphaBits=4";
- argv[i++] = "-dGraphicsAlphaBits=4";
+ argv[0] = "gs";
+ argv[1] = "-q";
+ argv[2] = "-sDEVICE=plan9";
+ argv[3] = "-sOutputFile=/fd/3";
+ argv[4] = "-dBATCH";
+ argv[5] = pdf ? "-dDELAYSAFER" : "-dSAFER";
+ argv[6] = "-dQUIET";
+ argv[7] = "-dTextAlphaBits=4";
+ argv[8] = "-dGraphicsAlphaBits=4";
snprint(buf, sizeof buf, "-r%d", ppi);
- argv[i++] = buf;
- argv[i++] = "-dDOINTERPOLATE";
- argv[i++] = pdf ? "-" : "/fd/4";
- argv[i] = nil;
- exec("/bin/auth/box", argv);+ argv[9] = buf;
+ argv[10] = "-dDOINTERPOLATE";
+ argv[11] = pdf ? "-" : "/fd/4";
+ argv[12] = nil;
+ exec("/bin/gs", argv); sysfatal("exec: %r");}