Author: cem Date: Thu Dec 1 17:28:45 2016 New Revision: 309366 URL: https://svnweb.freebsd.org/changeset/base/309366
Log: capsicum_helpers: Squash errors from closed fds Squash EBADF from closed stdin, stdout, or stderr in caph_limit_stdio(). Any program used during special shell scripts may commonly be forked from a parent process with closed standard stream. Do the common sense thing for this common use. Reported by: Iblis Lin <iblis AT hs.ntnu.edu.tw> Reviewed by: oshogbo@ (earlier version) Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D8657 Modified: head/lib/libcapsicum/capsicum_helpers.h Modified: head/lib/libcapsicum/capsicum_helpers.h ============================================================================== --- head/lib/libcapsicum/capsicum_helpers.h Thu Dec 1 17:26:37 2016 (r309365) +++ head/lib/libcapsicum/capsicum_helpers.h Thu Dec 1 17:28:45 2016 (r309366) @@ -94,12 +94,12 @@ caph_limit_stdout(void) static __inline int caph_limit_stdio(void) { + const int iebadf = CAPH_IGNORE_EBADF; - if (caph_limit_stdin() == -1 || caph_limit_stdout() == -1 || - caph_limit_stderr() == -1) { + if (caph_limit_stream(STDIN_FILENO, CAPH_READ | iebadf) == -1 || + caph_limit_stream(STDOUT_FILENO, CAPH_WRITE | iebadf) == -1 || + caph_limit_stream(STDERR_FILENO, CAPH_WRITE | iebadf) == -1) return (-1); - } - return (0); } _______________________________________________ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
