From owner-svn-src-all@freebsd.org Sat Nov 19 16:39:16 2016 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 26861C4ADCE; Sat, 19 Nov 2016 16:39:16 +0000 (UTC) (envelope-from sbruno@freebsd.org) Received: from mail.ignoranthack.me (ignoranthack.me [199.102.79.106]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id EA5E8DF5; Sat, 19 Nov 2016 16:39:15 +0000 (UTC) (envelope-from sbruno@freebsd.org) Received: from [172.20.2.29] (70-90-206-28-Albuquerque.hfc.comcastbusiness.net [70.90.206.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: sbruno@ignoranthack.me) by mail.ignoranthack.me (Postfix) with ESMTPSA id 71FF61928BA; Sat, 19 Nov 2016 16:39:06 +0000 (UTC) Subject: Re: svn commit: r308810 - head/bin/dd To: Adrian Chadd , Bartek Rutkowski References: <201611182109.uAIL9vBY084531@repo.freebsd.org> Cc: "src-committers@freebsd.org" , "svn-src-all@freebsd.org" , "svn-src-head@freebsd.org" From: Sean Bruno Message-ID: <55bcfaee-7045-ad50-b0a9-002055321809@freebsd.org> Date: Sat, 19 Nov 2016 09:39:04 -0700 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="O1RinnVjcAIOEwUIocVLFdxpXgLMi9OKk" X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Nov 2016 16:39:16 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --O1RinnVjcAIOEwUIocVLFdxpXgLMi9OKk Content-Type: multipart/mixed; boundary="ridDgVcf0ToJntjnJCVf08rp0MQssGkfM"; protected-headers="v1" From: Sean Bruno To: Adrian Chadd , Bartek Rutkowski Cc: "src-committers@freebsd.org" , "svn-src-all@freebsd.org" , "svn-src-head@freebsd.org" Message-ID: <55bcfaee-7045-ad50-b0a9-002055321809@freebsd.org> Subject: Re: svn commit: r308810 - head/bin/dd References: <201611182109.uAIL9vBY084531@repo.freebsd.org> In-Reply-To: --ridDgVcf0ToJntjnJCVf08rp0MQssGkfM Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 11/18/16 16:03, Adrian Chadd wrote: > fwiw, this breaks -head compilation. >=20 >=20 >=20 > -a >=20 This seems to not allow head to be built on stable/10 (not strictly supported, but worked until this commit) ... I haven't tried building head on stable/11 as of yet, but I assume it will break there too? sean >=20 > On 18 November 2016 at 13:09, Bartek Rutkowski wrot= e: >> Author: robak (ports committer) >> Date: Fri Nov 18 21:09:57 2016 >> New Revision: 308810 >> URL: https://svnweb.freebsd.org/changeset/base/308810 >> >> Log: >> Capsicum support for dd(1) >> >> Adds Capsicum sandboxing to dd utility. >> >> Submitted by: Pawel Biernacki >> Reviewed by: allanjude, emaste, oshogbo >> Approved by: oshogbo >> Sponsored by: Mysterious Code Ltd. >> Differential Revision: https://reviews.freebsd.org/D8543 >> >> Modified: >> head/bin/dd/dd.c >> >> Modified: head/bin/dd/dd.c >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D >> --- head/bin/dd/dd.c Fri Nov 18 17:18:05 2016 (r308809) >> +++ head/bin/dd/dd.c Fri Nov 18 21:09:57 2016 (r308810) >> @@ -48,10 +48,13 @@ __FBSDID("$FreeBSD$"); >> #include >> #include >> #include >> +#include >> #include >> #include >> +#include >> >> #include >> +#include >> #include >> #include >> #include >> @@ -92,6 +95,10 @@ main(int argc __unused, char *argv[]) >> jcl(argv); >> setup(); >> >> + caph_cache_catpages(); >> + if (cap_enter() =3D=3D -1 && errno !=3D ENOSYS) >> + err(1, "unable to enter capability mode"); >> + >> (void)signal(SIGINFO, siginfo_handler); >> (void)signal(SIGINT, terminate); >> >> @@ -125,6 +132,8 @@ static void >> setup(void) >> { >> u_int cnt; >> + cap_rights_t rights; >> + unsigned long cmds[] =3D { FIODTYPE, MTIOCTOP }; >> >> if (in.name =3D=3D NULL) { >> in.name =3D "stdin"; >> @@ -133,13 +142,20 @@ setup(void) >> in.fd =3D open(in.name, O_RDONLY, 0); >> if (in.fd =3D=3D -1) >> err(1, "%s", in.name); >> + if (caph_limit_stdin() =3D=3D -1) >> + err(1, "unable to limit capability rights"); >> } >> >> getfdtype(&in); >> >> + cap_rights_init(&rights, CAP_READ, CAP_SEEK); >> + if (cap_rights_limit(in.fd, &rights) =3D=3D -1 && errno !=3D E= NOSYS) >> + err(1, "unable to limit capability rights"); >> + >> if (files_cnt > 1 && !(in.flags & ISTAPE)) >> errx(1, "files is not supported for non-tape devices")= ; >> >> + cap_rights_set(&rights, CAP_WRITE, CAP_FTRUNCATE, CAP_IOCTL); >> if (out.name =3D=3D NULL) { >> /* No way to check for read access here. */ >> out.fd =3D STDOUT_FILENO; >> @@ -156,13 +172,27 @@ setup(void) >> if (out.fd =3D=3D -1) { >> out.fd =3D open(out.name, O_WRONLY | OFLAGS, D= EFFILEMODE); >> out.flags |=3D NOREAD; >> + cap_rights_clear(&rights, CAP_READ); >> } >> if (out.fd =3D=3D -1) >> err(1, "%s", out.name); >> + if (caph_limit_stdout() =3D=3D -1) >> + err(1, "unable to limit capability rights"); >> } >> >> getfdtype(&out); >> >> + if (cap_rights_limit(out.fd, &rights) =3D=3D -1 && errno !=3D = ENOSYS) >> + err(1, "unable to limit capability rights"); >> + if (cap_ioctls_limit(out.fd, cmds, nitems(cmds)) =3D=3D -1 && >> + errno !=3D ENOSYS) >> + err(1, "unable to limit capability rights"); >> + >> + if (in.fd !=3D STDERR_FILENO && out.fd !=3D STDERR_FILENO) { >> + if (caph_limit_stderr() =3D=3D -1) >> + err(1, "unable to limit capability rights"); >> + } >> + >> /* >> * Allocate space for the input and output buffers. If not do= ing >> * record oriented I/O, only need a single buffer. >> >=20 >=20 --ridDgVcf0ToJntjnJCVf08rp0MQssGkfM-- --O1RinnVjcAIOEwUIocVLFdxpXgLMi9OKk Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQF8BAEBCgBmBQJYMIAoXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCQUFENDYzMkU3MTIxREU4RDIwOTk3REQx MjAxRUZDQTFFNzI3RTY0AAoJEBIB78oecn5kjiMH/3CNGPjeu0UV+ozgupB3dMN5 Dq1lhklworSKDKH6qDP+NLf6q3QvB8gDDoeJ4GDjzhrqna49YhUFr9PuY4QJL66d OG7wKrZSXW4Uoc7TO2xfWP+RFOLgfTg3SlvjG3bY5Le7KXVYwQnWqilZBIJuWVee r4uI90ildNryBpHUaycE0qQ8zaeGB+9YwmqAg+Ihwob39lguMVr8SUyuPQ4CiSdT N56I4n36fYyR8Ijdhcx5m1UcZqk5opxBp1D5vF4LGKEvXpJgZZ8FgLyImPisBXMY +0ZPUz6BgwoqGRauvaAsD7EuMrHXHtRJGfb8NpCukVabw0aHOEHdAkw3hEUWAgM= =94MX -----END PGP SIGNATURE----- --O1RinnVjcAIOEwUIocVLFdxpXgLMi9OKk--