Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 22 Feb 2017 15:30:57 +0000 (UTC)
From:      Allan Jude <allanjude@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r314098 - head/usr.bin/lam
Message-ID:  <201702221530.v1MFUvaT028505@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: allanjude
Date: Wed Feb 22 15:30:57 2017
New Revision: 314098
URL: https://svnweb.freebsd.org/changeset/base/314098

Log:
  lam(1): Failing to restrict stdin/stdout/stderr should not be fatal
  
  When fed from a pipe, lam(1) would sometimes fail:
  lam: unable to limit stdio: Capabilities insufficient
  
  fixed regression in portsnap(8) introduced in r313938
  
  This broke portsnap(8), the app that the capsicumization of lam(1) was
  meant to secure.
  
  # portsnap fetch update
  Looking up portsnap.FreeBSD.org mirrors... 6 mirrors found.
  Fetching snapshot tag from ec2-eu-west-1.portsnap.freebsd.org... done.
  Fetching snapshot metadata... done.
  Updating from Tue Feb 21 16:05:39 MSK 2017 to Tue Feb 21 16:59:30 MSK 2017.
  Fetching 5 metadata patches.lam: unable to limit stdio: Capabilities insufficient
   done.
  Applying metadata patches... done.
  Fetching 5 metadata files... lam: unable to limit stdio: Capabilities insufficient
  /usr/sbin/portsnap: cannot open 8c94d2c3f8fcea20eb1fd82021566c99c63a010e6b3702ee11e7a491795bcfb8.gz: No such file or directory
  metadata is corrupt.
  
  Reported by:	Vladimir Zakharov <zakharov.vv@gmail.com>, Ben Woods <woodsb02@gmail.com>

Modified:
  head/usr.bin/lam/lam.c

Modified: head/usr.bin/lam/lam.c
==============================================================================
--- head/usr.bin/lam/lam.c	Wed Feb 22 10:21:39 2017	(r314097)
+++ head/usr.bin/lam/lam.c	Wed Feb 22 15:30:57 2017	(r314098)
@@ -95,8 +95,7 @@ main(int argc, char *argv[])
 	 * mode.
 	 */
 	caph_cache_catpages();
-	if (caph_limit_stdio() == -1)
-		err(1, "unable to limit stdio");
+	caph_limit_stdio();
 	if (cap_enter() < 0 && errno != ENOSYS)
 		err(1, "unable to enter capability mode");

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201702221530.v1MFUvaT028505>