svn commit: r313938 - head/usr.bin/lam

Sat, 18 Feb 2017 22:03:13 -0800 

Author: allanjude
Date: Sun Feb 19 06:02:41 2017
New Revision: 313938
URL: https://svnweb.freebsd.org/changeset/base/313938

Log:
  Capsicum-ize lam(1)
  
  lam(1) is used in portsnap(8), so lock it down
  
  Reviewed by:  emaste, cem, jonathan
  Sponsored by: ScaleEngine Inc.
  Differential Revision:        https://reviews.freebsd.org/D8076

Modified:
  head/usr.bin/lam/lam.c

Modified: head/usr.bin/lam/lam.c
==============================================================================
--- head/usr.bin/lam/lam.c      Sun Feb 19 05:29:06 2017        (r313937)
+++ head/usr.bin/lam/lam.c      Sun Feb 19 06:02:41 2017        (r313938)
@@ -46,11 +46,16 @@ __FBSDID("$FreeBSD$");
  *     Author:  John Kunze, UCB
  */
 
+#include <sys/capsicum.h>
+
+#include <capsicum_helpers.h>
 #include <ctype.h>
 #include <err.h>
+#include <errno.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <unistd.h>
 
 #define        MAXOFILES       20
 #define        BIGBUFSIZ       5 * BUFSIZ
@@ -84,6 +89,17 @@ main(int argc, char *argv[])
        getargs(argv);
        if (!morefiles)
                usage();
+
+       /*
+        * Cache NLS data, for strerror, for err(3), before entering capability
+        * mode.
+        */
+       caph_cache_catpages();
+       if (caph_limit_stdio() == -1)
+               err(1, "unable to limit stdio");
+       if (cap_enter() < 0 && errno != ENOSYS)
+               err(1, "unable to enter capability mode");
+
        for (;;) {
                linep = line;
                for (ip = input; ip->fp != NULL; ip++)
@@ -105,7 +121,9 @@ getargs(char *av[])
        static char fmtbuf[BUFSIZ];
        char *fmtp = fmtbuf;
        int P, S, F, T;
+       cap_rights_t rights_ro;
 
+       cap_rights_init(&rights_ro, CAP_READ, CAP_FSTAT);
        P = S = F = T = 0;              /* capitalized options */
        while ((p = *++av) != NULL) {
                if (*p != '-' || !p[1]) {
@@ -116,6 +134,8 @@ getargs(char *av[])
                        else if ((ip->fp = fopen(p, "r")) == NULL) {
                                err(1, "%s", p);
                        }
+                       if (cap_rights_limit(fileno(ip->fp), &rights_ro) < 0)
+                               err(1, "unable to limit rights on: %s", p);
                        ip->pad = P;
                        if (!ip->sepstring)
                                ip->sepstring = (S ? (ip-1)->sepstring : "");
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"

Reply via email to