Date: Sat, 4 Mar 2017 22:23:59 +0000 (UTC) From: Baptiste Daroussin <bapt@FreeBSD.org> To: src-committers@freebsd.org, svn-src-user@freebsd.org Subject: svn commit: r314684 - user/bapt/diff Message-ID: <201703042223.v24MNx71004831@repo.freebsd.org>
index | next in thread | raw e-mail
Author: bapt Date: Sat Mar 4 22:23:59 2017 New Revision: 314684 URL: https://svnweb.freebsd.org/changeset/base/314684 Log: Only capsicumize in case of direct call to direct files For now diffing directories is not capsicumized as it needs more work Modified: user/bapt/diff/diff.c user/bapt/diff/diffdir.c user/bapt/diff/diffreg.c Modified: user/bapt/diff/diff.c ============================================================================== --- user/bapt/diff/diff.c Sat Mar 4 22:15:32 2017 (r314683) +++ user/bapt/diff/diff.c Sat Mar 4 22:23:59 2017 (r314684) @@ -307,8 +307,8 @@ main(int argc, char **argv) if (stat(argv[1], &stb2) < 0) err(2, "%s", argv[1]); } - print_status(diffreg(argv[0], argv[1], dflags), argv[0], argv[1], - ""); + print_status(diffreg(argv[0], argv[1], dflags, 1), argv[0], + argv[1], ""); } exit(status); } Modified: user/bapt/diff/diffdir.c ============================================================================== --- user/bapt/diff/diffdir.c Sat Mar 4 22:15:32 2017 (r314683) +++ user/bapt/diff/diffdir.c Sat Mar 4 22:23:59 2017 (r314684) @@ -207,7 +207,7 @@ diffit(struct dirent *dp, char *path1, s else if (!S_ISREG(stb2.st_mode) && !S_ISDIR(stb2.st_mode)) dp->d_status = D_SKIPPED2; else - dp->d_status = diffreg(path1, path2, flags); + dp->d_status = diffreg(path1, path2, flags, 0); print_status(dp->d_status, path1, path2, ""); } Modified: user/bapt/diff/diffreg.c ============================================================================== --- user/bapt/diff/diffreg.c Sat Mar 4 22:15:32 2017 (r314683) +++ user/bapt/diff/diffreg.c Sat Mar 4 22:23:59 2017 (r314684) @@ -306,7 +306,7 @@ static u_char cup2low[256] = { }; int -diffreg(char *file1, char *file2, int flags) +diffreg(char *file1, char *file2, int flags, int capsicum) { FILE *f1, *f2; int i, rval; @@ -405,23 +405,25 @@ diffreg(char *file1, char *file2, int fl } } - cap_rights_init(&rights_ro, CAP_READ, CAP_FSTAT, CAP_SEEK); - if (cap_rights_limit(fileno(f1), &rights_ro) < 0) - err(2, "unable to limit rights on: %s", file1); - if (cap_rights_limit(fileno(f2), &rights_ro) < 0) - err(2, "unable to limit rights on: %s", file2); - if (fileno(f1) == STDIN_FILENO || fileno(f2) == STDIN_FILENO) { - /* stding has already been limited */ - if (caph_limit_stderr() == -1) - err(2, "unable to limit stderr"); - if (caph_limit_stdout() == -1) - err(2, "unable to limit stdout"); - } else if (caph_limit_stdio() == -1) - err(2, "unable to limit stdio"); - - caph_cache_catpages(); - if (cap_enter() < 0 && errno != ENOSYS) - err(2, "unable to enter capability mode"); + if (capsicum) { + cap_rights_init(&rights_ro, CAP_READ, CAP_FSTAT, CAP_SEEK); + if (cap_rights_limit(fileno(f1), &rights_ro) < 0) + err(2, "unable to limit rights on: %s", file1); + if (cap_rights_limit(fileno(f2), &rights_ro) < 0) + err(2, "unable to limit rights on: %s", file2); + if (fileno(f1) == STDIN_FILENO || fileno(f2) == STDIN_FILENO) { + /* stding has already been limited */ + if (caph_limit_stderr() == -1) + err(2, "unable to limit stderr"); + if (caph_limit_stdout() == -1) + err(2, "unable to limit stdout"); + } else if (caph_limit_stdio() == -1) + err(2, "unable to limit stdio"); + + caph_cache_catpages(); + if (cap_enter() < 0 && errno != ENOSYS) + err(2, "unable to enter capability mode"); + } switch (files_differ(f1, f2, flags)) { case 0:help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201703042223.v24MNx71004831>