Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 5 Jun 2019 22:40:50 +0000 (UTC)
From:      Mariusz Zaborski <oshogbo@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r348708 - head/usr.bin/tail
Message-ID:  <201906052240.x55MeosV013552@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: oshogbo
Date: Wed Jun  5 22:40:49 2019
New Revision: 348708
URL: https://svnweb.freebsd.org/changeset/base/348708

Log:
  tail: capsicumize
  
  Submitted by:	Nik Sultana <sultana@seas.upenn.edu>
  Differential Revision:	https://reviews.freebsd.org/D20393

Modified:
  head/usr.bin/tail/Makefile
  head/usr.bin/tail/tail.c

Modified: head/usr.bin/tail/Makefile
==============================================================================
--- head/usr.bin/tail/Makefile	Wed Jun  5 22:36:19 2019	(r348707)
+++ head/usr.bin/tail/Makefile	Wed Jun  5 22:40:49 2019	(r348708)
@@ -6,6 +6,12 @@
 PROG=	tail
 SRCS=	forward.c misc.c read.c reverse.c tail.c
 
+.if ${MK_CASPER} != "no"
+LIBADD+= casper
+LIBADD+= cap_fileargs
+CFLAGS+= -DWITH_CASPER
+.endif
+
 HAS_TESTS=
 SUBDIR.${MK_TESTS}+= tests
 

Modified: head/usr.bin/tail/tail.c
==============================================================================
--- head/usr.bin/tail/tail.c	Wed Jun  5 22:36:19 2019	(r348707)
+++ head/usr.bin/tail/tail.c	Wed Jun  5 22:40:49 2019	(r348708)
@@ -46,9 +46,11 @@ static const char copyright[] =
 static const char sccsid[] = "@(#)tail.c	8.1 (Berkeley) 6/6/93";
 #endif
 
+#include <sys/capsicum.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 
+#include <capsicum_helpers.h>
 #include <err.h>
 #include <errno.h>
 #include <getopt.h>
@@ -57,6 +59,9 @@ static const char sccsid[] = "@(#)tail.c	8.1 (Berkeley
 #include <string.h>
 #include <unistd.h>
 
+#include <libcasper.h>
+#include <casper/cap_fileargs.h>
+
 #include "extern.h"
 
 int Fflag, fflag, qflag, rflag, rval, no_files;
@@ -85,7 +90,14 @@ main(int argc, char *argv[])
 	int i, ch, first;
 	file_info_t *file;
 	char *p;
+	fileargs_t *fa;
+	cap_rights_t rights;
 
+	cap_rights_init(&rights, CAP_FSTAT, CAP_FCNTL, CAP_MMAP_RW);
+	if (caph_rights_limit(STDIN_FILENO, &rights) < 0 ||
+	    caph_limit_stderr() < 0 || caph_limit_stdout() < 0)
+		err(1, "can't limit stdio rights");
+
 	/*
 	 * Tail's options are weird.  First, -n10 is the same as -n-10, not
 	 * -n+10.  Second, the number options are 1 based and not offsets,
@@ -155,6 +167,15 @@ main(int argc, char *argv[])
 
 	no_files = argc ? argc : 1;
 
+	fa = fileargs_init(argc, argv, O_RDONLY, 0, &rights, FA_OPEN);
+	if (fa == NULL)
+		errx(1, "unable to init casper");
+
+	caph_cache_catpages();
+	if (caph_enter_casper() < 0)
+		err(1, "unable to enter capability mode");
+
+	
 	/*
 	 * If displaying in reverse, don't permit follow option, and convert
 	 * style values.
@@ -192,7 +213,7 @@ main(int argc, char *argv[])
 			file->file_name = strdup(fn);
 			if (! file->file_name)
 				errx(1, "Couldn't malloc space for file name.");
-			if ((file->fp = fopen(file->file_name, "r")) == NULL ||
+			if ((file->fp = fileargs_fopen(fa, file->file_name, "r")) == NULL ||
 			    fstat(fileno(file->fp), &file->st)) {
 				if (file->fp != NULL) {
 					fclose(file->fp);
@@ -209,7 +230,7 @@ main(int argc, char *argv[])
 		free(files);
 	} else if (*argv) {
 		for (first = 1; (fn = *argv++);) {
-			if ((fp = fopen(fn, "r")) == NULL ||
+			if ((fp = fileargs_fopen(fa, fn, "r")) == NULL ||
 			    fstat(fileno(fp), &sb)) {
 				ierr(fn);
 				continue;
@@ -247,6 +268,7 @@ main(int argc, char *argv[])
 		else
 			forward(stdin, fn, style, off, &sb);
 	}
+	fileargs_free(fa);
 	exit(rval);
 }

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201906052240.x55MeosV013552>