Date: Mon, 12 Nov 2018 17:59:15 +0000 (UTC) From: Mariusz Zaborski <oshogbo@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r340376 - head/usr.bin/head Message-ID: <201811121759.wACHxFEn065659@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: oshogbo Date: Mon Nov 12 17:59:15 2018 New Revision: 340376 URL: https://svnweb.freebsd.org/changeset/base/340376 Log: head: sandbox using capsicum Reviewed by: emaste Differential Revision: https://reviews.freebsd.org/D14409 Modified: head/usr.bin/head/Makefile head/usr.bin/head/head.c Modified: head/usr.bin/head/Makefile ============================================================================== --- head/usr.bin/head/Makefile Mon Nov 12 17:57:12 2018 (r340375) +++ head/usr.bin/head/Makefile Mon Nov 12 17:59:15 2018 (r340376) @@ -8,4 +8,10 @@ PROG= head HAS_TESTS= SUBDIR.${MK_TESTS}+= tests +.if ${MK_CASPER} != "no" && !defined(RESCUE) +LIBADD+= casper +LIBADD+= cap_fileargs +CFLAGS+=-DWITH_CASPER +.endif + .include <bsd.prog.mk> Modified: head/usr.bin/head/head.c ============================================================================== --- head/usr.bin/head/head.c Mon Nov 12 17:57:12 2018 (r340375) +++ head/usr.bin/head/head.c Mon Nov 12 17:59:15 2018 (r340376) @@ -43,10 +43,13 @@ static char sccsid[] = "@(#)head.c 8.2 (Berkeley) 5/4/ #include <sys/cdefs.h> __FBSDID("$FreeBSD$"); +#include <sys/capsicum.h> #include <sys/types.h> +#include <capsicum_helpers.h> #include <ctype.h> #include <err.h> +#include <errno.h> #include <getopt.h> #include <inttypes.h> #include <stdio.h> @@ -54,6 +57,9 @@ __FBSDID("$FreeBSD$"); #include <string.h> #include <unistd.h> +#include <libcasper.h> +#include <casper/cap_fileargs.h> + /* * head - give the first few lines of a stream or of each of a set of files * @@ -79,6 +85,8 @@ main(int argc, char *argv[]) char *ep; off_t bytecnt; int ch, first, linecnt, eval; + fileargs_t *fa; + cap_rights_t rights; linecnt = -1; eval = 0; @@ -106,13 +114,22 @@ main(int argc, char *argv[]) argc -= optind; argv += optind; + fa = fileargs_init(argc, argv, O_RDONLY, 0, + cap_rights_init(&rights, CAP_READ, CAP_FSTAT, CAP_FCNTL)); + if (fa == NULL) + errx(1, "unable to init casper"); + + caph_cache_catpages(); + if (caph_limit_stdio() < 0 || caph_enter_casper() < 0) + err(1, "unable to enter capability mode"); + if (linecnt != -1 && bytecnt != -1) errx(1, "can't combine line and byte counts"); if (linecnt == -1) linecnt = 10; if (*argv != NULL) { for (first = 1; *argv != NULL; ++argv) { - if ((fp = fopen(*argv, "r")) == NULL) { + if ((fp = fileargs_fopen(fa, *argv, "r")) == NULL) { warn("%s", *argv); eval = 1; continue; @@ -133,6 +150,7 @@ main(int argc, char *argv[]) else head_bytes(stdin, bytecnt); + fileargs_free(fa); exit(eval); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201811121759.wACHxFEn065659>