Date: Tue, 18 Jun 2013 17:08:08 GMT From: dpl@FreeBSD.org To: svn-soc-all@FreeBSD.org Subject: socsvn commit: r253197 - in soc2013/dpl/head: contrib/bzip2 usr.bin/bzip2 Message-ID: <201306181708.r5IH88F3031951@socsvn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: dpl Date: Tue Jun 18 17:08:08 2013 New Revision: 253197 URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=253197 Log: Now we work in capability mode, with the theoretical minimum rights. Modified: soc2013/dpl/head/contrib/bzip2/bzip2.c soc2013/dpl/head/usr.bin/bzip2/Makefile Modified: soc2013/dpl/head/contrib/bzip2/bzip2.c ============================================================================== --- soc2013/dpl/head/contrib/bzip2/bzip2.c Tue Jun 18 16:36:21 2013 (r253196) +++ soc2013/dpl/head/contrib/bzip2/bzip2.c Tue Jun 18 17:08:08 2013 (r253197) @@ -88,7 +88,6 @@ # define SET_BINARY_MODE(fd) /**/ -/* Capsicum Support */ # ifdef __FreeBSD__ # include <osreldate.h> # if __FreeBSD_version >= 900041 @@ -972,6 +971,9 @@ FILE* fp; IntNative fh; fh = open(name, O_WRONLY|O_CREAT|O_EXCL, S_IWUSR|S_IRUSR); +# ifdef CAPSICUM + cap_rights_limit(fh, CAP_WRITE); +# endif if (fh == -1) return NULL; fp = fdopen(fh, mode); if (fp == NULL) close(fh); @@ -1143,7 +1145,7 @@ { FILE *inStr; FILE *outStr; - Int32 n, i; + Int32 n, i, infd; struct MY_STAT statBuf; deleteOutputOnInterrupt = False; @@ -1248,7 +1250,14 @@ break; case SM_F2O: +# ifdef CAPSICUM + infd = open( inName, O_RDONLY ); + cap_rights_limit(infd, CAP_READ); + inStr = fdopen ( infd, "rb" ); +# else + infd = NULL; inStr = fopen ( inName, "rb" ); +# endif outStr = stdout; if ( isatty ( fileno ( stdout ) ) ) { fprintf ( stderr, @@ -1269,7 +1278,14 @@ break; case SM_F2F: +# ifdef CAPSICUM + infd = open( inName, O_RDONLY ); + cap_rights_limit(infd, CAP_READ); + inStr = fdopen ( infd, "rb" ); +# else + infd = NULL; inStr = fopen ( inName, "rb" ); +# endif outStr = fopen_output_safely ( outName, "wb" ); if ( outStr == NULL) { fprintf ( stderr, "%s: Can't create output file %s: %s.\n", @@ -1298,6 +1314,13 @@ fflush ( stderr ); } +# ifdef CAPSICUM + if (cap_enter() < 0) { + fprintf ( stderr, "%s: Couldn't enter capability mode.\n", progName ); + exit(1); + } +# endif + /*--- Now the input and output handles are sane. Do the Biz. ---*/ outputHandleJustInCase = outStr; deleteOutputOnInterrupt = True; @@ -1324,7 +1347,7 @@ { FILE *inStr; FILE *outStr; - Int32 n, i; + Int32 n, i, infd; Bool magicNumberOK; Bool cantGuess; struct MY_STAT statBuf; @@ -1434,7 +1457,14 @@ break; case SM_F2O: +# ifdef CAPSICUM + infd = open( inName, O_RDONLY ); + cap_rights_limit(infd, CAP_READ); + inStr = fdopen ( infd, "rb" ); +# else + infd = NULL; inStr = fopen ( inName, "rb" ); +# endif outStr = stdout; if ( inStr == NULL ) { fprintf ( stderr, "%s: Can't open input file %s:%s.\n", @@ -1446,7 +1476,14 @@ break; case SM_F2F: +# ifdef CAPSICUM + infd = open( inName, O_RDONLY ); + cap_rights_limit(infd, CAP_READ); + inStr = fdopen ( infd, "rb" ); +# else + infd = NULL; inStr = fopen ( inName, "rb" ); +# endif outStr = fopen_output_safely ( outName, "wb" ); if ( outStr == NULL) { fprintf ( stderr, "%s: Can't create output file %s: %s.\n", @@ -1475,6 +1512,13 @@ fflush ( stderr ); } +# ifdef CAPSICUM + if (cap_enter() < 0) { + fprintf ( stderr, "%s: Couldn't enter capability mode.\n", progName ); + exit(1); + } +# endif + /*--- Now the input and output handles are sane. Do the Biz. ---*/ outputHandleJustInCase = outStr; deleteOutputOnInterrupt = True; @@ -1821,13 +1865,6 @@ # endif # endif -# ifdef CAPSICUM - if (cap_enter() < 0) { - fprintf ( stderr, "%s: Couldn't enter capability mode.\n", progName ); - exit(1); - } -# endif - copyFileName ( inName, (Char*)"(none)" ); copyFileName ( outName, (Char*)"(none)" ); Modified: soc2013/dpl/head/usr.bin/bzip2/Makefile ============================================================================== --- soc2013/dpl/head/usr.bin/bzip2/Makefile Tue Jun 18 16:36:21 2013 (r253196) +++ soc2013/dpl/head/usr.bin/bzip2/Makefile Tue Jun 18 17:08:08 2013 (r253197) @@ -22,7 +22,8 @@ CLEANFILES+= ${TESTFILES} \ sample1.rb2 sample2.rb2 sample3.rb2 \ sample1.tst sample2.tst sample3.tst \ - total total.tst samples.rb2 + total total.tst samples.rb2 \ + total.bz2 total.tst.bz2 .for f in ${REFFILES} ${f}: ${f}.gz.uu
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201306181708.r5IH88F3031951>