Date: Wed, 19 Apr 2017 20:27:49 +0000 (UTC) From: Emmanuel Vadot <manu@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r317165 - head/usr.bin/pom Message-ID: <201704192027.v3JKRnOa087041@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: manu Date: Wed Apr 19 20:27:48 2017 New Revision: 317165 URL: https://svnweb.freebsd.org/changeset/base/317165 Log: Capsicumize pom Since pom is the only binary that can save lives, capsicumize it to be sure that it's safe to run it. Reviewed by: bapt Modified: head/usr.bin/pom/pom.c Modified: head/usr.bin/pom/pom.c ============================================================================== --- head/usr.bin/pom/pom.c Wed Apr 19 20:27:13 2017 (r317164) +++ head/usr.bin/pom/pom.c Wed Apr 19 20:27:48 2017 (r317165) @@ -53,6 +53,11 @@ __FBSDID("$FreeBSD$"); * */ +#include <sys/capsicum.h> +#include <capsicum_helpers.h> + +#include <err.h> +#include <errno.h> #include <stdio.h> #include <stdlib.h> #include <math.h> @@ -81,6 +86,7 @@ static void usage(char *progname); int main(int argc, char **argv) { + cap_rights_t rights; time_t tt; struct tm GMT, tmd; double days, today, tomorrow; @@ -88,6 +94,14 @@ main(int argc, char **argv) char *odate = NULL, *otime = NULL; char *progname = argv[0]; + if (caph_limit_stdio() < 0) + err(1, "unable to limit capabitilities for stdio"); + cap_rights_init(&rights, CAP_WRITE); + + caph_cache_catpages(); + if (cap_enter() < 0 && errno != ENOSYS) + err(1, "unable to enter capability mode"); + while ((ch = getopt(argc, argv, "d:pt:")) != -1) switch (ch) { case 'd':
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201704192027.v3JKRnOa087041>