From owner-svn-src-head@freebsd.org Fri Nov 18 23:03:18 2016 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 25284C48251; Fri, 18 Nov 2016 23:03:18 +0000 (UTC) (envelope-from adrian.chadd@gmail.com) Received: from mail-it0-x241.google.com (mail-it0-x241.google.com [IPv6:2607:f8b0:4001:c0b::241]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E411F1288; Fri, 18 Nov 2016 23:03:17 +0000 (UTC) (envelope-from adrian.chadd@gmail.com) Received: by mail-it0-x241.google.com with SMTP id n68so7501662itn.3; Fri, 18 Nov 2016 15:03:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=tmhxjjseXx0lV/F5Dsf17GgHW3nrIOdVwyjuGH4O/dk=; b=bGVwiU+EbNBkcBelBb3Kc02kfqX2jrDBy2E5+Qp9TlNtQ/2maEZb6LKjUVfKzt7nWq /JJ2TLjUSzw758swLBL2ghs0oZEHba8HmKyR9XbLUKPh+ik3urbwYFs61/T5rVfY4exs c98s8LFJzzChcGw+oIdYt5Asm9lhyv/SjXBNojS/VhW+g1N0QMw985Ky3i3rYTB/tTyH 2xflQ+5bEWdonI6ZogLFT9VAK2+KEegsEQdUxrg86yzfdldkyewBuUBIyA29XqY/Kz5O 2BTALhTAM5IObAEsp4ZbDVzYQpEKT9l0mXIJP5laDNOMBgM5RJQhsiSMNbLb/iPgCr3S 3kFA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=tmhxjjseXx0lV/F5Dsf17GgHW3nrIOdVwyjuGH4O/dk=; b=miXTwc5xQiENpFtEirQTvXyGAx/2RLTyJaWHnrepa73iYX99+qdQDnF+DfnWyHKCey n9MqwJTS2GuDCizmfwfxwrIQCij5mLX0FTMCpL2CeZgC89XuVbAq1VIE2on2Sdn6Vk1H GpwLW6FivziD0tgRoKJjx0ywirKw1Ak66Cpr4BbjJEMHES1J8zI8iCGnSGmOeVqrGZBb i7e9jaemll7+DGAdM3M2KezTN0bclJQ7Cxt5pApPR4P7Pf3aAsXjETUjAd6rJ7NO/TM1 Xl+eszB2ND5X0GW7qY3dISmh/U0SvWBrBX1eo3vikkbUoDIulOEASGSWq2f7jZ3azdqa tvVA== X-Gm-Message-State: AKaTC00nTZKeJD9TzHD52OFcXSFpNRbhYNDBIMWu7pKUgsW/uLY6FAEW4DBI1pCxS7gIm96MWtdVDQ/O1UG4ew== X-Received: by 10.36.220.130 with SMTP id q124mr851783itg.78.1479510197059; Fri, 18 Nov 2016 15:03:17 -0800 (PST) MIME-Version: 1.0 Received: by 10.36.39.134 with HTTP; Fri, 18 Nov 2016 15:03:16 -0800 (PST) In-Reply-To: <201611182109.uAIL9vBY084531@repo.freebsd.org> References: <201611182109.uAIL9vBY084531@repo.freebsd.org> From: Adrian Chadd Date: Fri, 18 Nov 2016 15:03:16 -0800 Message-ID: Subject: Re: svn commit: r308810 - head/bin/dd To: Bartek Rutkowski Cc: "src-committers@freebsd.org" , "svn-src-all@freebsd.org" , "svn-src-head@freebsd.org" Content-Type: text/plain; charset=UTF-8 X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Nov 2016 23:03:18 -0000 fwiw, this breaks -head compilation. -a On 18 November 2016 at 13:09, Bartek Rutkowski wrote: > Author: robak (ports committer) > Date: Fri Nov 18 21:09:57 2016 > New Revision: 308810 > URL: https://svnweb.freebsd.org/changeset/base/308810 > > Log: > Capsicum support for dd(1) > > Adds Capsicum sandboxing to dd utility. > > Submitted by: Pawel Biernacki > Reviewed by: allanjude, emaste, oshogbo > Approved by: oshogbo > Sponsored by: Mysterious Code Ltd. > Differential Revision: https://reviews.freebsd.org/D8543 > > Modified: > head/bin/dd/dd.c > > Modified: head/bin/dd/dd.c > ============================================================================== > --- head/bin/dd/dd.c Fri Nov 18 17:18:05 2016 (r308809) > +++ head/bin/dd/dd.c Fri Nov 18 21:09:57 2016 (r308810) > @@ -48,10 +48,13 @@ __FBSDID("$FreeBSD$"); > #include > #include > #include > +#include > #include > #include > +#include > > #include > +#include > #include > #include > #include > @@ -92,6 +95,10 @@ main(int argc __unused, char *argv[]) > jcl(argv); > setup(); > > + caph_cache_catpages(); > + if (cap_enter() == -1 && errno != ENOSYS) > + err(1, "unable to enter capability mode"); > + > (void)signal(SIGINFO, siginfo_handler); > (void)signal(SIGINT, terminate); > > @@ -125,6 +132,8 @@ static void > setup(void) > { > u_int cnt; > + cap_rights_t rights; > + unsigned long cmds[] = { FIODTYPE, MTIOCTOP }; > > if (in.name == NULL) { > in.name = "stdin"; > @@ -133,13 +142,20 @@ setup(void) > in.fd = open(in.name, O_RDONLY, 0); > if (in.fd == -1) > err(1, "%s", in.name); > + if (caph_limit_stdin() == -1) > + err(1, "unable to limit capability rights"); > } > > getfdtype(&in); > > + cap_rights_init(&rights, CAP_READ, CAP_SEEK); > + if (cap_rights_limit(in.fd, &rights) == -1 && errno != ENOSYS) > + err(1, "unable to limit capability rights"); > + > if (files_cnt > 1 && !(in.flags & ISTAPE)) > errx(1, "files is not supported for non-tape devices"); > > + cap_rights_set(&rights, CAP_WRITE, CAP_FTRUNCATE, CAP_IOCTL); > if (out.name == NULL) { > /* No way to check for read access here. */ > out.fd = STDOUT_FILENO; > @@ -156,13 +172,27 @@ setup(void) > if (out.fd == -1) { > out.fd = open(out.name, O_WRONLY | OFLAGS, DEFFILEMODE); > out.flags |= NOREAD; > + cap_rights_clear(&rights, CAP_READ); > } > if (out.fd == -1) > err(1, "%s", out.name); > + if (caph_limit_stdout() == -1) > + err(1, "unable to limit capability rights"); > } > > getfdtype(&out); > > + if (cap_rights_limit(out.fd, &rights) == -1 && errno != ENOSYS) > + err(1, "unable to limit capability rights"); > + if (cap_ioctls_limit(out.fd, cmds, nitems(cmds)) == -1 && > + errno != ENOSYS) > + err(1, "unable to limit capability rights"); > + > + if (in.fd != STDERR_FILENO && out.fd != STDERR_FILENO) { > + if (caph_limit_stderr() == -1) > + err(1, "unable to limit capability rights"); > + } > + > /* > * Allocate space for the input and output buffers. If not doing > * record oriented I/O, only need a single buffer. >