diff options
| author | cinap_lenrek <cinap_lenrek@felloff.net> | 2022-12-05 14:58:11 +0000 |
|---|---|---|
| committer | cinap_lenrek <cinap_lenrek@felloff.net> | 2022-12-05 14:58:11 +0000 |
| commit | 48f53e57be61f7cee021fdb21849d4759770f722 (patch) | |
| tree | 212f0fb5796732652dacc4215f34b7c46bb05b8a /sys/src | |
| parent | c3474e39d6613d5000dcd7bb08de81e96904db53 (diff) | |
page: revert sandbox, breaks postscript fonts for man -P, wrong place
The intention is good, but page is the wrong
place for this.
If ghostscript wants to sandbox, we should do
that with a wrapper script so any invocation
of ghostscript can be sandboxed.
Diffstat (limited to 'sys/src')
| -rw-r--r-- | sys/src/cmd/page.c | 42 |
1 files changed, 16 insertions, 26 deletions
diff --git a/sys/src/cmd/page.c b/sys/src/cmd/page.c index fdc17611a..2c260cc9a 100644 --- a/sys/src/cmd/page.c +++ b/sys/src/cmd/page.c @@ -513,7 +513,7 @@ int popengs(Page *p) { int n, i, pdf, ifd, ofd, pin[2], pout[2], pdat[2]; - char buf[NBUF], nam[32], *argv[32]; + char buf[NBUF], nam[32], *argv[16]; pdf = 0; ifd = p->fd; @@ -544,7 +544,7 @@ popengs(Page *p) } argv[0] = (char*)p->data; - switch(rfork(RFENVG|RFPROC|RFMEM|RFFDG|RFREND|RFNOWAIT)){ + switch(rfork(RFPROC|RFMEM|RFFDG|RFREND|RFNOWAIT)){ case -1: goto Err2; case 0: @@ -554,31 +554,21 @@ popengs(Page *p) dupfds(nullfd, nullfd, 2, pdat[1], ifd, -1); if(argv[0]) pipeline(4, "%s", argv[0]); - - i = 0; - argv[i++] = "auth/box"; - argv[i++] = "-r"; - argv[i++] = "/fd"; - argv[i++] = "-r"; - argv[i++] = "/sys/lib/ghostscript"; - argv[i++] = "-c"; - argv[i++] = "/env"; - - argv[i++] = "/bin/gs"; - argv[i++] = "-q"; - argv[i++] = "-sDEVICE=plan9"; - argv[i++] = "-sOutputFile=/fd/3"; - argv[i++] = "-dBATCH"; - argv[i++] = pdf ? "-dDELAYSAFER" : "-dSAFER"; - argv[i++] = "-dQUIET"; - argv[i++] = "-dTextAlphaBits=4"; - argv[i++] = "-dGraphicsAlphaBits=4"; + argv[0] = "gs"; + argv[1] = "-q"; + argv[2] = "-sDEVICE=plan9"; + argv[3] = "-sOutputFile=/fd/3"; + argv[4] = "-dBATCH"; + argv[5] = pdf ? "-dDELAYSAFER" : "-dSAFER"; + argv[6] = "-dQUIET"; + argv[7] = "-dTextAlphaBits=4"; + argv[8] = "-dGraphicsAlphaBits=4"; snprint(buf, sizeof buf, "-r%d", ppi); - argv[i++] = buf; - argv[i++] = "-dDOINTERPOLATE"; - argv[i++] = pdf ? "-" : "/fd/4"; - argv[i] = nil; - exec("/bin/auth/box", argv); + argv[9] = buf; + argv[10] = "-dDOINTERPOLATE"; + argv[11] = pdf ? "-" : "/fd/4"; + argv[12] = nil; + exec("/bin/gs", argv); sysfatal("exec: %r"); } |