From owner-svn-src-all@FreeBSD.ORG Wed Jul 3 20:42:11 2013 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 14447FF8; Wed, 3 Jul 2013 20:42:11 +0000 (UTC) (envelope-from pjd@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id E0B4316C7; Wed, 3 Jul 2013 20:42:10 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id r63KgAi5009388; Wed, 3 Jul 2013 20:42:10 GMT (envelope-from pjd@svn.freebsd.org) Received: (from pjd@localhost) by svn.freebsd.org (8.14.7/8.14.5/Submit) id r63KgAru009387; Wed, 3 Jul 2013 20:42:10 GMT (envelope-from pjd@svn.freebsd.org) Message-Id: <201307032042.r63KgAru009387@svn.freebsd.org> From: Pawel Jakub Dawidek Date: Wed, 3 Jul 2013 20:42:10 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r252598 - head/usr.bin/rwho X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Jul 2013 20:42:11 -0000 Author: pjd Date: Wed Jul 3 20:42:10 2013 New Revision: 252598 URL: http://svnweb.freebsd.org/changeset/base/252598 Log: Sandbox rwho(1) using capability mode and Capsicum capabilities. rwho(1) gets only read-only access to /var/rwho/ directory. Submitted by: Mariusz Zaborski Sponsored by: Google Summer of Code 2013 Reviewed by: pjd MFC after: 1 month Modified: head/usr.bin/rwho/rwho.c Modified: head/usr.bin/rwho/rwho.c ============================================================================== --- head/usr.bin/rwho/rwho.c Wed Jul 3 20:29:15 2013 (r252597) +++ head/usr.bin/rwho/rwho.c Wed Jul 3 20:42:10 2013 (r252598) @@ -1,5 +1,6 @@ /*- * Copyright (c) 1983, 1993 The Regents of the University of California. + * Copyright (c) 2013 Mariusz Zaborski * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -42,6 +43,7 @@ static char sccsid[] = "@(#)rwho.c 8.1 ( #include __FBSDID("$FreeBSD$"); +#include #include #include @@ -49,6 +51,7 @@ __FBSDID("$FreeBSD$"); #include #include +#include #include #include #include @@ -92,6 +95,8 @@ main(int argc, char *argv[]) struct myutmp *mp; int f, n, i; int d_first; + int dfd; + time_t ct; w = &wd; (void) setlocale(LC_TIME, ""); @@ -113,16 +118,31 @@ main(int argc, char *argv[]) if (argc != 0) usage(); - if (chdir(_PATH_RWHODIR) || (dirp = opendir(".")) == NULL) - err(1, "%s", _PATH_RWHODIR); + if (chdir(_PATH_RWHODIR) < 0) + err(1, "chdir(%s)", _PATH_RWHODIR); + if ((dirp = opendir(".")) == NULL) + err(1, "opendir(%s)", _PATH_RWHODIR); + dfd = dirfd(dirp); mp = myutmp; + if (cap_rights_limit(dfd, CAP_READ | CAP_LOOKUP) < 0 && errno != ENOSYS) + err(1, "cap_rights_limit failed: %s", _PATH_RWHODIR); + /* + * Cache files required for time(3) and localtime(3) before entering + * capability mode. + */ + (void) time(&ct); + (void) localtime(&ct); + if (cap_enter() < 0 && errno != ENOSYS) + err(1, "cap_enter"); (void) time(&now); while ((dp = readdir(dirp)) != NULL) { if (dp->d_ino == 0 || strncmp(dp->d_name, "whod.", 5) != 0) continue; - f = open(dp->d_name, O_RDONLY); + f = openat(dfd, dp->d_name, O_RDONLY); if (f < 0) continue; + if (cap_rights_limit(f, CAP_READ) < 0 && errno != ENOSYS) + err(1, "cap_rights_limit failed: %s", dp->d_name); cc = read(f, (char *)&wd, sizeof (struct whod)); if (cc < WHDRSIZE) { (void) close(f);