Date: Mon, 30 Sep 2019 17:28:00 +0000 (UTC) From: Mark Johnston <markj@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r352909 - in head: contrib/elftoolchain/nm usr.bin/nm Message-ID: <201909301728.x8UHS0QF070658@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: markj Date: Mon Sep 30 17:27:59 2019 New Revision: 352909 URL: https://svnweb.freebsd.org/changeset/base/352909 Log: Capsicumize nm(1). Reviewed by: emaste Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D21107 Modified: head/contrib/elftoolchain/nm/nm.c head/usr.bin/nm/Makefile Modified: head/contrib/elftoolchain/nm/nm.c ============================================================================== --- head/contrib/elftoolchain/nm/nm.c Mon Sep 30 17:26:42 2019 (r352908) +++ head/contrib/elftoolchain/nm/nm.c Mon Sep 30 17:27:59 2019 (r352909) @@ -29,6 +29,7 @@ #include <sys/stat.h> #include <ar.h> #include <assert.h> +#include <capsicum_helpers.h> #include <ctype.h> #include <dwarf.h> #include <err.h> @@ -46,6 +47,9 @@ #include <strings.h> #include <unistd.h> +#include <libcasper.h> +#include <casper/cap_fileargs.h> + #include "_elftc.h" ELFTC_VCSID("$Id: nm.c 3504 2016-12-17 15:33:16Z kaiwang27 $"); @@ -165,6 +169,8 @@ struct nm_prog_options { fn_sym_print value_print_fn; fn_sym_print size_print_fn; + + fileargs_t *fileargs; }; #define CHECK_SYM_PRINT_DATA(p) (p->headp == NULL || p->sh_num == 0 || \ @@ -177,6 +183,7 @@ static int cmp_name(const void *, const void *); static int cmp_none(const void *, const void *); static int cmp_size(const void *, const void *); static int cmp_value(const void *, const void *); +static void enter_cap_mode(int, char **); static void filter_dest(void); static int filter_insert(fn_filter); static void get_opt(int *, char ***); @@ -393,6 +400,36 @@ cmp_value(const void *lp, const void *rp) } static void +enter_cap_mode(int argc, char **argv) +{ + cap_rights_t rights; + fileargs_t *fa; + char *defaultfn; + + cap_rights_init(&rights, CAP_FSTAT, CAP_MMAP_R); + + if (argc == 0) { + defaultfn = strdup(nm_info.def_filename); + if (defaultfn == NULL) + err(EXIT_FAILURE, "strdup"); + argc = 1; + argv = &defaultfn; + } + + fa = fileargs_init(argc, argv, O_RDONLY, 0, &rights, FA_OPEN); + if (fa == NULL) + err(EXIT_FAILURE, "failed to initialize fileargs"); + + caph_cache_catpages(); + if (caph_limit_stdio() < 0) + err(EXIT_FAILURE, "failed to limit stdio rights"); + if (caph_enter_casper() < 0) + err(EXIT_FAILURE, "failed to enter capability mode"); + + nm_opts.fileargs = fa; +} + +static void filter_dest(void) { struct filter_entry *e; @@ -766,6 +803,7 @@ global_init(void) nm_opts.elem_print_fn = &sym_elem_print_all; nm_opts.value_print_fn = &sym_value_dec_print; nm_opts.size_print_fn = &sym_size_dec_print; + nm_opts.fileargs = NULL; SLIST_INIT(&nm_out_filter); } @@ -1469,7 +1507,7 @@ read_object(const char *filename) assert(filename != NULL && "filename is null"); - if ((fd = open(filename, O_RDONLY)) == -1) { + if ((fd = fileargs_open(nm_opts.fileargs, filename)) == -1) { warn("'%s'", filename); return (1); } @@ -2118,6 +2156,7 @@ main(int argc, char **argv) global_init(); get_opt(&argc, &argv); + enter_cap_mode(argc, argv); rtn = read_files(argc, argv); global_dest(); Modified: head/usr.bin/nm/Makefile ============================================================================== --- head/usr.bin/nm/Makefile Mon Sep 30 17:26:42 2019 (r352908) +++ head/usr.bin/nm/Makefile Mon Sep 30 17:27:59 2019 (r352909) @@ -11,6 +11,12 @@ PROG= nm LIBADD= dwarf elftc elf +.if ${MK_CASPER} != "no" && !defined(BOOTSTRAPPING) && !defined(NXB_TARGET) +LIBADD+= casper +LIBADD+= cap_fileargs +CFLAGS+= -DWITH_CASPER +.endif + CFLAGS+=-I${ELFTCDIR}/libelftc -I${ELFTCDIR}/common .include <bsd.prog.mk>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201909301728.x8UHS0QF070658>