From owner-dev-commits-src-main@freebsd.org  Sat Jun  5 12:37:11 2021
Return-Path: <owner-dev-commits-src-main@freebsd.org>
Delivered-To: dev-commits-src-main@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2CF1B6427FD;
 Sat,  5 Jun 2021 12:37:11 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4Fxzfb0psbz4tlv;
 Sat,  5 Jun 2021 12:37:11 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:5])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 0289A10B24;
 Sat,  5 Jun 2021 12:37:11 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
 by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 155CbAkM089530;
 Sat, 5 Jun 2021 12:37:10 GMT (envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
 by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 155CbAbw089529;
 Sat, 5 Jun 2021 12:37:10 GMT (envelope-from git)
Date: Sat, 5 Jun 2021 12:37:10 GMT
Message-Id: <202106051237.155CbAbw089529@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
 dev-commits-src-main@FreeBSD.org
From: Ryan Moeller <freqlabs@FreeBSD.org>
Subject: git: c5a2d8c5f517 - main - sockstat: Use libcasper to capsicumize
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: freqlabs
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: c5a2d8c5f517b056bed2af64e6134481367773d4
Auto-Submitted: auto-generated
X-BeenThere: dev-commits-src-main@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Commit messages for the main branch of the src repository
 <dev-commits-src-main.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/dev-commits-src-main>, 
 <mailto:dev-commits-src-main-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/dev-commits-src-main/>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Help: <mailto:dev-commits-src-main-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/dev-commits-src-main>, 
 <mailto:dev-commits-src-main-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Jun 2021 12:37:11 -0000

The branch main has been updated by freqlabs:

URL: https://cgit.FreeBSD.org/src/commit/?id=c5a2d8c5f517b056bed2af64e6134481367773d4

commit c5a2d8c5f517b056bed2af64e6134481367773d4
Author:     Ryan Moeller <freqlabs@FreeBSD.org>
AuthorDate: 2021-03-26 19:42:19 +0000
Commit:     Ryan Moeller <freqlabs@FreeBSD.org>
CommitDate: 2021-06-05 12:36:55 +0000

    sockstat: Use libcasper to capsicumize
    
    Drop rights we do not need. This has to be done after jail_attach.
    
    Reviewed by:    oshogbo
    Relnotes:       yes
    Differential Revision:  https://reviews.freebsd.org/D26958
---
 usr.bin/sockstat/Makefile   | 10 ++++++
 usr.bin/sockstat/sockstat.c | 80 +++++++++++++++++++++++++++++++++------------
 2 files changed, 69 insertions(+), 21 deletions(-)

diff --git a/usr.bin/sockstat/Makefile b/usr.bin/sockstat/Makefile
index 2f8f9655e8db..6d0de7dc22d0 100644
--- a/usr.bin/sockstat/Makefile
+++ b/usr.bin/sockstat/Makefile
@@ -1,7 +1,17 @@
 # $FreeBSD$
 
+.include <src.opts.mk>
+
 PROG=		sockstat
 
 LIBADD=		jail
 
+.if ${MK_CASPER} != "no"
+LIBADD+=	casper
+LIBADD+=	cap_net
+LIBADD+=	cap_netdb
+LIBADD+=	cap_sysctl
+CFLAGS+=	-DWITH_CASPER
+.endif
+
 .include <bsd.prog.mk>
diff --git a/usr.bin/sockstat/sockstat.c b/usr.bin/sockstat/sockstat.c
index 109b254b7438..7dc5e4904deb 100644
--- a/usr.bin/sockstat/sockstat.c
+++ b/usr.bin/sockstat/sockstat.c
@@ -55,6 +55,7 @@ __FBSDID("$FreeBSD$");
 #include <netinet/tcp_var.h>
 #include <arpa/inet.h>
 
+#include <capsicum_helpers.h>
 #include <ctype.h>
 #include <err.h>
 #include <errno.h>
@@ -67,6 +68,11 @@ __FBSDID("$FreeBSD$");
 #include <string.h>
 #include <unistd.h>
 
+#include <libcasper.h>
+#include <casper/cap_net.h>
+#include <casper/cap_netdb.h>
+#include <casper/cap_sysctl.h>
+
 #define	sstosin(ss)	((struct sockaddr_in *)(ss))
 #define	sstosin6(ss)	((struct sockaddr_in6 *)(ss))
 #define	sstosun(ss)	((struct sockaddr_un *)(ss))
@@ -132,6 +138,10 @@ static struct sock *sockhash[HASHSIZE];
 static struct xfile *xfiles;
 static int nxfiles;
 
+static cap_channel_t *capnet;
+static cap_channel_t *capnetdb;
+static cap_channel_t *capsysctl;
+
 static int
 xprintf(const char *fmt, ...)
 {
@@ -153,9 +163,9 @@ get_proto_type(const char *proto)
 
 	if (strlen(proto) == 0)
 		return (0);
-	pent = getprotobyname(proto);
+	pent = cap_getprotobyname(capnetdb, proto);
 	if (pent == NULL) {
-		warn("getprotobyname");
+		warn("cap_getprotobyname");
 		return (-1);
 	}
 	return (pent->p_proto);
@@ -321,17 +331,17 @@ gather_sctp(void)
 		vflag |= INP_IPV6;
 
 	varname = "net.inet.sctp.assoclist";
-	if (sysctlbyname(varname, 0, &len, 0, 0) < 0) {
+	if (cap_sysctlbyname(capsysctl, varname, 0, &len, 0, 0) < 0) {
 		if (errno != ENOENT)
-			err(1, "sysctlbyname()");
+			err(1, "cap_sysctlbyname()");
 		return;
 	}
 	if ((buf = (char *)malloc(len)) == NULL) {
 		err(1, "malloc()");
 		return;
 	}
-	if (sysctlbyname(varname, buf, &len, 0, 0) < 0) {
-		err(1, "sysctlbyname()");
+	if (cap_sysctlbyname(capsysctl, varname, buf, &len, 0, 0) < 0) {
+		err(1, "cap_sysctlbyname()");
 		free(buf);
 		return;
 	}
@@ -618,12 +628,13 @@ gather_inet(int proto)
 			if ((buf = realloc(buf, bufsize)) == NULL)
 				err(1, "realloc()");
 			len = bufsize;
-			if (sysctlbyname(varname, buf, &len, NULL, 0) == 0)
+			if (cap_sysctlbyname(capsysctl, varname, buf, &len,
+			    NULL, 0) == 0)
 				break;
 			if (errno == ENOENT)
 				goto out;
 			if (errno != ENOMEM || len != bufsize)
-				err(1, "sysctlbyname()");
+				err(1, "cap_sysctlbyname()");
 			bufsize *= 2;
 		}
 		xig = (struct xinpgen *)buf;
@@ -768,10 +779,11 @@ gather_unix(int proto)
 			if ((buf = realloc(buf, bufsize)) == NULL)
 				err(1, "realloc()");
 			len = bufsize;
-			if (sysctlbyname(varname, buf, &len, NULL, 0) == 0)
+			if (cap_sysctlbyname(capsysctl, varname, buf, &len,
+			    NULL, 0) == 0)
 				break;
 			if (errno != ENOMEM || len != bufsize)
-				err(1, "sysctlbyname()");
+				err(1, "cap_sysctlbyname()");
 			bufsize *= 2;
 		}
 		xug = (struct xunpgen *)buf;
@@ -835,9 +847,10 @@ getfiles(void)
 	olen = len = sizeof(*xfiles);
 	if ((xfiles = malloc(len)) == NULL)
 		err(1, "malloc()");
-	while (sysctlbyname("kern.file", xfiles, &len, 0, 0) == -1) {
+	while (cap_sysctlbyname(capsysctl, "kern.file", xfiles, &len, 0, 0)
+	    == -1) {
 		if (errno != ENOMEM || len != olen)
-			err(1, "sysctlbyname()");
+			err(1, "cap_sysctlbyname()");
 		olen = len *= 2;
 		if ((xfiles = realloc(xfiles, len)) == NULL)
 			err(1, "realloc()");
@@ -871,10 +884,10 @@ printaddr(struct sockaddr_storage *ss)
 		return (xprintf("%.*s", sun->sun_len - off, sun->sun_path));
 	}
 	if (addrstr[0] == '\0') {
-		error = getnameinfo(sstosa(ss), ss->ss_len, addrstr,
-		    sizeof(addrstr), NULL, 0, NI_NUMERICHOST);
+		error = cap_getnameinfo(capnet, sstosa(ss), ss->ss_len,
+		    addrstr, sizeof(addrstr), NULL, 0, NI_NUMERICHOST);
 		if (error)
-			errx(1, "getnameinfo()");
+			errx(1, "cap_getnameinfo()");
 	}
 	if (port == 0)
 		return xprintf("%s:*", addrstr);
@@ -894,10 +907,11 @@ getprocname(pid_t pid)
 	mib[2] = KERN_PROC_PID;
 	mib[3] = (int)pid;
 	len = sizeof(proc);
-	if (sysctl(mib, nitems(mib), &proc, &len, NULL, 0) == -1) {
+	if (cap_sysctl(capsysctl, mib, nitems(mib), &proc, &len, NULL, 0)
+	    == -1) {
 		/* Do not warn if the process exits before we get its name. */
 		if (errno != ESRCH)
-			warn("sysctl()");
+			warn("cap_sysctl()");
 		return ("??");
 	}
 	return (proc.ki_comm);
@@ -915,10 +929,11 @@ getprocjid(pid_t pid)
 	mib[2] = KERN_PROC_PID;
 	mib[3] = (int)pid;
 	len = sizeof(proc);
-	if (sysctl(mib, nitems(mib), &proc, &len, NULL, 0) == -1) {
+	if (cap_sysctl(capsysctl, mib, nitems(mib), &proc, &len, NULL, 0)
+	    == -1) {
 		/* Do not warn if the process exits before we get its jid. */
 		if (errno != ESRCH)
-			warn("sysctl()");
+			warn("cap_sysctl()");
 		return (-1);
 	}
 	return (proc.ki_jid);
@@ -1254,9 +1269,9 @@ set_default_protos(void)
 
 	for (pindex = 0; pindex < default_numprotos; pindex++) {
 		pname = default_protos[pindex];
-		prot = getprotobyname(pname);
+		prot = cap_getprotobyname(capnetdb, pname);
 		if (prot == NULL)
-			err(1, "getprotobyname: %s", pname);
+			err(1, "cap_getprotobyname: %s", pname);
 		protos[pindex] = prot->p_proto;
 	}
 	numprotos = pindex;
@@ -1306,6 +1321,8 @@ usage(void)
 int
 main(int argc, char *argv[])
 {
+	cap_channel_t *capcas;
+	cap_net_limit_t *limit;
 	int protos_defined = -1;
 	int o, i;
 
@@ -1390,6 +1407,27 @@ main(int argc, char *argv[])
 		}
 	}
 
+	capcas = cap_init();
+	if (capcas == NULL)
+		err(1, "Unable to contact Casper");
+	if (caph_enter_casper() < 0)
+		err(1, "Unable to enter capability mode");
+	capnet = cap_service_open(capcas, "system.net");
+	if (capnet == NULL)
+		err(1, "Unable to open system.net service");
+	capnetdb = cap_service_open(capcas, "system.netdb");
+	if (capnetdb == NULL)
+		err(1, "Unable to open system.netdb service");
+	capsysctl = cap_service_open(capcas, "system.sysctl");
+	if (capsysctl == NULL)
+		err(1, "Unable to open system.sysctl service");
+	cap_close(capcas);
+	limit = cap_net_limit_init(capnet, CAPNET_ADDR2NAME);
+	if (limit == NULL)
+		err(1, "Unable to init cap_net limits");
+	if (cap_net_limit(limit) < 0)
+		err(1, "Unable to apply limits");
+
 	if ((!opt_4 && !opt_6) && protos_defined != -1)
 		opt_4 = opt_6 = 1;
 	if (!opt_4 && !opt_6 && !opt_u)