Author: cem Date: Wed Oct 19 21:50:57 2016 New Revision: 307660 URL: https://svnweb.freebsd.org/changeset/base/307660
Log: Capsicum support for jot(1) Limit descriptors and enter capability mode in jot(1). Submitted by: brueffer (earlier version) Reviewed by: emaste, jonathan (earlier version) Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D1345 Modified: head/usr.bin/jot/jot.c Modified: head/usr.bin/jot/jot.c ============================================================================== --- head/usr.bin/jot/jot.c Wed Oct 19 21:25:59 2016 (r307659) +++ head/usr.bin/jot/jot.c Wed Oct 19 21:50:57 2016 (r307660) @@ -47,8 +47,11 @@ __FBSDID("$FreeBSD$"); * Author: John Kunze, Office of Comp. Affairs, UCB */ +#include <sys/capsicum.h> +#include <capsicum_helpers.h> #include <ctype.h> #include <err.h> +#include <errno.h> #include <limits.h> #include <stdio.h> #include <stdint.h> @@ -89,6 +92,7 @@ static void usage(void); int main(int argc, char **argv) { + cap_rights_t rights; bool have_format = false; bool infinity = false; bool nofinalnl = false; @@ -105,6 +109,21 @@ main(int argc, char **argv) long i; long reps = REPS_DEF; + if (caph_limit_stdio() < 0) + err(1, "unable to limit rights for stdio"); + cap_rights_init(&rights); + if (cap_rights_limit(STDIN_FILENO, &rights) < 0 && errno != ENOSYS) + err(1, "unable to limit rights for stdin"); + + /* + * Cache NLS data, for strerror, for err(3), before entering capability + * mode. + */ + caph_cache_catpages(); + + if (cap_enter() < 0 && errno != ENOSYS) + err(1, "unable to enter capability mode"); + while ((ch = getopt(argc, argv, "b:cnp:rs:w:")) != -1) switch (ch) { case 'b': _______________________________________________ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
