Date: Sat, 7 Sep 2013 20:44:42 GMT From: dpl@FreeBSD.org To: svn-soc-all@FreeBSD.org Subject: socsvn commit: r257100 - soc2013/dpl/head/contrib/xz/src/xz Message-ID: <201309072044.r87KigCB065996@socsvn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: dpl Date: Sat Sep 7 20:44:42 2013 New Revision: 257100 URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=257100 Log: Updated xz to cope with the new Capsicum interface. Modified: soc2013/dpl/head/contrib/xz/src/xz/file_io.c soc2013/dpl/head/contrib/xz/src/xz/file_io.h soc2013/dpl/head/contrib/xz/src/xz/main.c Modified: soc2013/dpl/head/contrib/xz/src/xz/file_io.c ============================================================================== --- soc2013/dpl/head/contrib/xz/src/xz/file_io.c Sat Sep 7 19:43:39 2013 (r257099) +++ soc2013/dpl/head/contrib/xz/src/xz/file_io.c Sat Sep 7 20:44:42 2013 (r257100) @@ -1013,42 +1013,27 @@ if( opt_mode != MODE_TEST ) io_open_dest(pairs[i]); #if defined(CAPSICUM) - limitfd(pairs[i]); + limitpair(pairs[i]); #endif } return pairs; } #if defined(CAPSICUM) +void limitfd(int, unsigned long long); + extern void -limitfd(file_pair *pair) +limitpair(file_pair *pair) { - cap_rights_t rights; + if(pair->dir_fd != -1 ) + limitfd(pair->dir_fd, CAP_FSTATAT|CAP_UNLINKAT|CAP_LOOKUP); - if(pair->dir_fd != -1 ){ - rights = CAP_FSTATAT|CAP_UNLINKAT|CAP_LOOKUP; - if (cap_rights_limit(pair->dir_fd, rights) < 0 && errno != ENOSYS){ - message_error("%s: %s", pair->dest_name, strerror(errno)); - exit(E_ERROR); - } - } + if(pair->src_fd != -1 ) + limitfd(pair->src_fd, CAP_READ|CAP_SEEK); - if(pair->src_fd != -1 ){ - rights = CAP_READ|CAP_SEEK; - if (cap_rights_limit(pair->src_fd, rights) < 0 && errno != ENOSYS){ - message_error("%s: %s", pair->src_name, strerror(errno)); - exit(E_ERROR); - } - } + if(pair->dest_fd != -1 ) + limitfd(pair->dest_fd, CAP_WRITE|CAP_FSTAT|CAP_FCHOWN|CAP_FCHMOD|CAP_FUTIMES); - if(pair->dest_fd != -1 ){ - rights = CAP_WRITE|CAP_FSTAT|CAP_FCHOWN - |CAP_FCHMOD|CAP_FUTIMES; - if (cap_rights_limit(pair->dest_fd, rights) < 0 && errno != ENOSYS){ - message_error("%s: %s", pair->dest_name, strerror(errno)); - exit(E_ERROR); - } - } return; } @@ -1057,36 +1042,35 @@ { cap_rights_t rights; - if( cap_rights_get(STDIN_FILENO, &rights) < 0 && errno != ENOSYS) { - message_error("%d: %s", STDIN_FILENO, strerror(errno)); - exit(E_ERROR); - } else if (rights == 0) { - if (cap_rights_limit(STDIN_FILENO, CAP_WRITE) < 0 && errno != ENOSYS){ - message_error("%d: %s", STDIN_FILENO, strerror(errno)); - exit(E_ERROR); - } - } + cap_rights_init(&rights); + limitfd( STDIN_FILENO, CAP_READ); + limitfd( STDOUT_FILENO, CAP_WRITE); + limitfd( STDERR_FILENO, CAP_WRITE); - if( cap_rights_get(STDOUT_FILENO, &rights) < 0 && errno != ENOSYS) { - message_error("%d: %s", STDOUT_FILENO, strerror(errno)); + if (cap_enter() < 0 && errno != ENOSYS) { + message_error("cap_enter: %s", strerror(errno)); exit(E_ERROR); - } else if (rights == 0) { - if (cap_rights_limit(STDOUT_FILENO, CAP_WRITE) < 0 && errno != ENOSYS){ - message_error("%d: %s", STDOUT_FILENO, strerror(errno)); - exit(E_ERROR); - } } - if (cap_rights_limit(STDERR_FILENO, CAP_WRITE) < 0 && errno != ENOSYS){ - message_error("%d: %s", STDERR_FILENO, strerror(errno)); - exit(E_ERROR); - } + return; +} - if (cap_enter() < 0 && errno != ENOSYS){ - message_error("cap_enter: %s", strerror(errno)); +void +limitfd(int fd, unsigned long long cap) +{ + cap_rights_t rights; + + cap_rights_init(&rights); + cap_rights_set(&rights, cap); + + if( cap_rights_get(fd, &rights) < 0 && errno != ENOSYS) { + message_error("%d: %s", fd, strerror(errno)); exit(E_ERROR); + } else { + if (cap_rights_limit(fd, &rights) < 0 && errno != ENOSYS){ + message_error("%d: %s", STDIN_FILENO, strerror(errno)); + exit(E_ERROR); + } } - - return; } -#endif +#endif /* CAPSICUM */ Modified: soc2013/dpl/head/contrib/xz/src/xz/file_io.h ============================================================================== --- soc2013/dpl/head/contrib/xz/src/xz/file_io.h Sat Sep 7 19:43:39 2013 (r257099) +++ soc2013/dpl/head/contrib/xz/src/xz/file_io.h Sat Sep 7 20:44:42 2013 (r257100) @@ -106,7 +106,7 @@ /// \brief Limits fd using FreeBSD's Capsicum framework. /// /// \param fd File descriptor to limit. -extern void limitfd(file_pair *pair); +extern void limitpair(file_pair *pair); /// \brief Enters Capability mode, and limit basic fds. extern void capsicum_enter(void); Modified: soc2013/dpl/head/contrib/xz/src/xz/main.c ============================================================================== --- soc2013/dpl/head/contrib/xz/src/xz/main.c Sat Sep 7 19:43:39 2013 (r257099) +++ soc2013/dpl/head/contrib/xz/src/xz/main.c Sat Sep 7 20:44:42 2013 (r257100) @@ -144,6 +144,7 @@ int forkpid, i, nfiles=0; //Filenames will be here, and get passed to io_open_files(). // If we get past of 8 elements, realloc 8 more. + // XXX check char **files = malloc( 8*sizeof(char*) ); #if defined(_WIN32) && !defined(__CYGWIN__)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201309072044.r87KigCB065996>