Date: Wed, 22 Feb 2017 16:37:45 +0000 (UTC) From: Baptiste Daroussin <bapt@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r314099 - head/usr.bin/lam Message-ID: <201702221637.v1MGbj0D056506@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: bapt Date: Wed Feb 22 16:37:45 2017 New Revision: 314099 URL: https://svnweb.freebsd.org/changeset/base/314099 Log: Better fix for r314098 The actual issue was the fact that if - was used then some restriction were already set to stdin when we were applying caph_limit_stdio which was failing due to the fact the fd was the fd was already restricted to lower rights. Restricting stdio before actually opening the files prevent trying to raise the right and fixes the issue. And this allows to keep failing the program if restriction failed Approved by: allanjude Differential Revision: https://reviews.freebsd.org/D9723 Modified: head/usr.bin/lam/lam.c Modified: head/usr.bin/lam/lam.c ============================================================================== --- head/usr.bin/lam/lam.c Wed Feb 22 15:30:57 2017 (r314098) +++ head/usr.bin/lam/lam.c Wed Feb 22 16:37:45 2017 (r314099) @@ -86,6 +86,8 @@ main(int argc, char *argv[]) if (argc == 1) usage(); + if (caph_limit_stdio() == -1) + err(1, "unable to limit stdio"); getargs(argv); if (!morefiles) usage(); @@ -95,7 +97,6 @@ main(int argc, char *argv[]) * mode. */ caph_cache_catpages(); - caph_limit_stdio(); if (cap_enter() < 0 && errno != ENOSYS) err(1, "unable to enter capability mode");
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201702221637.v1MGbj0D056506>