Date: Wed, 24 Jul 2013 21:01:01 +0200 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: Ulrich =?iso-8859-1?Q?Sp=F6rlein?= <uqs@FreeBSD.org>, src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r253457 - head/usr.bin/uniq Message-ID: <20130724190101.GA1400@garage.freebsd.pl> In-Reply-To: <20130724125332.GC9092@acme.spoerlein.net> References: <201307182211.r6IMBRYC091291@svn.freebsd.org> <20130724125332.GC9092@acme.spoerlein.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--J/dobhs11T7y2rNN Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jul 24, 2013 at 02:53:32PM +0200, Ulrich Sp=F6rlein wrote: > On Thu, 2013-07-18 at 22:11:27 +0000, Pawel Jakub Dawidek wrote: > > Author: pjd > > Date: Thu Jul 18 22:11:27 2013 > > New Revision: 253457 > > URL: http://svnweb.freebsd.org/changeset/base/253457 > >=20 > > Log: > > Close uniq(1) in the capability mode sandbox and limit descriptors us= ing > > capability rights. > >=20 > > Modified: > > head/usr.bin/uniq/uniq.c > >=20 > > Modified: head/usr.bin/uniq/uniq.c > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D > > --- head/usr.bin/uniq/uniq.c Thu Jul 18 21:56:10 2013 (r253456) > > +++ head/usr.bin/uniq/uniq.c Thu Jul 18 22:11:27 2013 (r253457) > > @@ -128,8 +145,34 @@ main (int argc, char *argv[]) > > ofp =3D stdout; > > if (argc > 0 && strcmp(argv[0], "-") !=3D 0) > > ifp =3D file(ifn =3D argv[0], "r"); > > + if (cap_rights_limit(fileno(ifp), CAP_FSTAT | CAP_READ) < 0 && > > + errno !=3D ENOSYS) { > > + err(1, "unable to limit rights for %s", ifn); > > + } > > + rights =3D CAP_FSTAT | CAP_WRITE; > > if (argc > 1) > > ofp =3D file(argv[1], "w"); > > + else > > + rights |=3D CAP_IOCTL; > > + if (cap_rights_limit(fileno(ofp), rights) < 0 && errno !=3D ENOSYS) { > > + err(1, "unable to limit rights for %s", > > + argc > 1 ? argv[1] : "stdout"); > > + } > > + if ((rights & CAP_IOCTL) !=3D 0) { > > + unsigned long cmd; > > + > > + cmd =3D TIOCGETA; /* required by isatty(3) in printf(3) */ > > + > > + if (cap_ioctls_limit(fileno(ofp), &cmd, 1) < 0 && > > + errno !=3D ENOSYS) { > > + err(1, "unable to limit ioctls for %s", > > + argc > 1 ? argv[1] : "stdout"); > > + } > > + } >=20 > Deadcode, found by Coverity Scan, CID 1054780 (please mention in your > fix-commit). You check for argc > 1 at line 153, only if that is false > (meaning argc=3D=3D1) do you set CAP_IOCTL. So on line 169 argc cannot be= >1 > and the result is always "stdout". Interesting. I was aware of this, but left this err() call for consistency in case the condition changes in the future. --=20 Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://mobter.com --J/dobhs11T7y2rNN Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (FreeBSD) iEYEARECAAYFAlHwJG0ACgkQForvXbEpPzQk2wCg8RdABUGsLeO5sChcbppoOC73 deoAn3pTLpgpHsDGkpRq6fBnldn8Naua =2EPc -----END PGP SIGNATURE----- --J/dobhs11T7y2rNN--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130724190101.GA1400>