From owner-svn-src-all@freebsd.org  Thu Jan 17 17:36:19 2019
Return-Path: <owner-svn-src-all@freebsd.org>
Delivered-To: svn-src-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2CAC5149E6CE;
 Thu, 17 Jan 2019 17:36:19 +0000 (UTC)
 (envelope-from markj@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id C758372A02;
 Thu, 17 Jan 2019 17:36:18 +0000 (UTC)
 (envelope-from markj@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 906A51D7D9;
 Thu, 17 Jan 2019 17:36:18 +0000 (UTC)
 (envelope-from markj@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x0HHaImd052706;
 Thu, 17 Jan 2019 17:36:18 GMT (envelope-from markj@FreeBSD.org)
Received: (from markj@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id x0HHaIad052705;
 Thu, 17 Jan 2019 17:36:18 GMT (envelope-from markj@FreeBSD.org)
Message-Id: <201901171736.x0HHaIad052705@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: markj set sender to
 markj@FreeBSD.org using -f
From: Mark Johnston <markj@FreeBSD.org>
Date: Thu, 17 Jan 2019 17:36:18 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r343117 - head/usr.bin/cmp
X-SVN-Group: head
X-SVN-Commit-Author: markj
X-SVN-Commit-Paths: head/usr.bin/cmp
X-SVN-Commit-Revision: 343117
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Rspamd-Queue-Id: C758372A02
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org
X-Spamd-Result: default: False [-2.96 / 15.00];
 local_wl_from(0.00)[FreeBSD.org];
 NEURAL_HAM_MEDIUM(-1.00)[-0.999,0];
 NEURAL_HAM_SHORT(-0.96)[-0.964,0];
 NEURAL_HAM_LONG(-1.00)[-0.999,0];
 ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Jan 2019 17:36:19 -0000

Author: markj
Date: Thu Jan 17 17:36:18 2019
New Revision: 343117
URL: https://svnweb.freebsd.org/changeset/base/343117

Log:
  Fix handling of rights on stdio streams.
  
  - Limit rights on stdio before opening input files.  Otherwise, open()
    may return one of the standard descriptors and we end up limiting
    rights such that we cannot read from one of the input files.
  - Use caph_limit_stdio(), which suppresses EBADF, to ensure that
    we don't emit an error if one of the stdio streams is closed.
  - Don't bother further limiting rights on stdin when stdin isn't going
    to be used.  Doing so correctly requires checking for a number of
    edge cases, and it doesn't provide any significant benefit.
  
  PR:		234885
  Reviewed by:	oshogbo
  MFC after:	3 days
  Sponsored by:	The FreeBSD Foundation
  Differential Revision:	https://reviews.freebsd.org/D18860

Modified:
  head/usr.bin/cmp/cmp.c

Modified: head/usr.bin/cmp/cmp.c
==============================================================================
--- head/usr.bin/cmp/cmp.c	Thu Jan 17 16:50:50 2019	(r343116)
+++ head/usr.bin/cmp/cmp.c	Thu Jan 17 17:36:18 2019	(r343117)
@@ -116,14 +116,16 @@ main(int argc, char *argv[])
 	if (argc < 2 || argc > 4)
 		usage();
 
+	if (caph_limit_stdio() == -1)
+		err(ERR_EXIT, "failed to limit stdio");
+
 	/* Backward compatibility -- handle "-" meaning stdin. */
 	special = 0;
 	if (strcmp(file1 = argv[0], "-") == 0) {
 		special = 1;
-		fd1 = 0;
+		fd1 = STDIN_FILENO;
 		file1 = "stdin";
-	}
-	else if ((fd1 = open(file1, oflag, 0)) < 0 && errno != EMLINK) {
+	} else if ((fd1 = open(file1, oflag, 0)) < 0 && errno != EMLINK) {
 		if (!sflag)
 			err(ERR_EXIT, "%s", file1);
 		else
@@ -134,10 +136,9 @@ main(int argc, char *argv[])
 			errx(ERR_EXIT,
 				"standard input may only be specified once");
 		special = 1;
-		fd2 = 0;
+		fd2 = STDIN_FILENO;
 		file2 = "stdin";
-	}
-	else if ((fd2 = open(file2, oflag, 0)) < 0 && errno != EMLINK) {
+	} else if ((fd2 = open(file2, oflag, 0)) < 0 && errno != EMLINK) {
 		if (!sflag)
 			err(ERR_EXIT, "%s", file2);
 		else
@@ -174,16 +175,6 @@ main(int argc, char *argv[])
 		err(ERR_EXIT, "unable to limit fcntls for %s", file1);
 	if (caph_fcntls_limit(fd2, fcntls) < 0)
 		err(ERR_EXIT, "unable to limit fcntls for %s", file2);
-
-	if (!special) {
-		cap_rights_init(&rights);
-		if (caph_rights_limit(STDIN_FILENO, &rights) < 0) {
-			err(ERR_EXIT, "unable to limit stdio");
-		}
-	}
-
-	if (caph_limit_stdout() == -1 || caph_limit_stderr() == -1)
-		err(ERR_EXIT, "unable to limit stdio");
 
 	caph_cache_catpages();