From owner-svn-src-projects@FreeBSD.ORG Sun May 30 22:14:52 2010 Return-Path: Delivered-To: svn-src-projects@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E6D661065676; Sun, 30 May 2010 22:14:52 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from svn.freebsd.org (unknown [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id BC4598FC12; Sun, 30 May 2010 22:14:52 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o4UMEqRa071357; Sun, 30 May 2010 22:14:52 GMT (envelope-from rwatson@svn.freebsd.org) Received: (from rwatson@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id o4UMEqkp071354; Sun, 30 May 2010 22:14:52 GMT (envelope-from rwatson@svn.freebsd.org) Message-Id: <201005302214.o4UMEqkp071354@svn.freebsd.org> From: Robert Watson Date: Sun, 30 May 2010 22:14:52 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r208660 - in projects/capabilities8: contrib/tcpdump usr.sbin/tcpdump/tcpdump X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 30 May 2010 22:14:53 -0000 Author: rwatson Date: Sun May 30 22:14:52 2010 New Revision: 208660 URL: http://svn.freebsd.org/changeset/base/208660 Log: Merge c174240, c174244 from the p4 TrustedBSD Capabilities branch to capabilities8: Further constrain sandboxed tcpdump: don't allow excessive access to stdin, stdout, and stderr. Fix copy-and-paste mistake in error message. Submitted by: antoine Sponsored by: Google, Inc. Modified: projects/capabilities8/contrib/tcpdump/tcpdump.c projects/capabilities8/usr.sbin/tcpdump/tcpdump/Makefile Modified: projects/capabilities8/contrib/tcpdump/tcpdump.c ============================================================================== --- projects/capabilities8/contrib/tcpdump/tcpdump.c Sun May 30 20:31:12 2010 (r208659) +++ projects/capabilities8/contrib/tcpdump/tcpdump.c Sun May 30 22:14:52 2010 (r208660) @@ -77,6 +77,7 @@ extern int SIZE_BUF; #endif /* WIN32 */ #include +#include #include "netdissect.h" #include "interface.h" @@ -1198,6 +1199,12 @@ main(int argc, char **argv) (void)fflush(stderr); } #endif /* WIN32 */ + if (lc_limitfd(STDIN_FILENO, CAP_FSTAT) < 0) + error("lc_limitfd: unable to limit STDIN_FILENO"); + if (lc_limitfd(STDOUT_FILENO, CAP_FSTAT | CAP_SEEK | CAP_WRITE) < 0) + error("lc_limitfd: unable to limit STDIN_FILENO"); + if (lc_limitfd(STDERR_FILENO, CAP_FSTAT | CAP_SEEK | CAP_WRITE) < 0) + error("lc_limitfd: unable to limit STDERR_FILENO"); if (cap_enter() < 0) error("cap_enter: %s", pcap_strerror(errno)); status = pcap_loop(pd, cnt, callback, pcap_userdata); Modified: projects/capabilities8/usr.sbin/tcpdump/tcpdump/Makefile ============================================================================== --- projects/capabilities8/usr.sbin/tcpdump/tcpdump/Makefile Sun May 30 20:31:12 2010 (r208659) +++ projects/capabilities8/usr.sbin/tcpdump/tcpdump/Makefile Sun May 30 22:14:52 2010 (r208660) @@ -50,8 +50,8 @@ CFLAGS+= -DINET6 CFLAGS+= -DLBL_ALIGN .endif -DPADD= ${LIBL} ${LIBPCAP} -LDADD= -ll -lpcap +DPADD= ${LIBL} ${LIBPCAP} ${LIBCAPSICUM} +LDADD= -ll -lpcap -lcapsicum .if ${MK_OPENSSL} != "no" && !defined(RELEASE_CRUNCH) DPADD+= ${LIBCRYPTO} LDADD+= -lcrypto