From owner-svn-soc-all@FreeBSD.ORG Thu Sep 12 21:28:09 2013 Return-Path: Delivered-To: svn-soc-all@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id B603B10C for ; Thu, 12 Sep 2013 21:28:09 +0000 (UTC) (envelope-from dpl@FreeBSD.org) Received: from socsvn.freebsd.org (socsvn.freebsd.org [IPv6:2001:1900:2254:206a::50:2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 88B0428A9 for ; Thu, 12 Sep 2013 21:28:09 +0000 (UTC) Received: from socsvn.freebsd.org ([127.0.1.124]) by socsvn.freebsd.org (8.14.7/8.14.7) with ESMTP id r8CLS9jh089722 for ; Thu, 12 Sep 2013 21:28:09 GMT (envelope-from dpl@FreeBSD.org) Received: (from www@localhost) by socsvn.freebsd.org (8.14.7/8.14.6/Submit) id r8CLS9CM089716 for svn-soc-all@FreeBSD.org; Thu, 12 Sep 2013 21:28:09 GMT (envelope-from dpl@FreeBSD.org) Date: Thu, 12 Sep 2013 21:28:09 GMT Message-Id: <201309122128.r8CLS9CM089716@socsvn.freebsd.org> X-Authentication-Warning: socsvn.freebsd.org: www set sender to dpl@FreeBSD.org using -f From: dpl@FreeBSD.org To: svn-soc-all@FreeBSD.org Subject: socsvn commit: r257249 - soc2013/dpl/head/lib/libzcap MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-soc-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the entire Summer of Code repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Sep 2013 21:28:09 -0000 Author: dpl Date: Thu Sep 12 21:28:09 2013 New Revision: 257249 URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=257249 Log: Limited fd of gzopen() depending on the mode. Modified: soc2013/dpl/head/lib/libzcap/gzlib.c Modified: soc2013/dpl/head/lib/libzcap/gzlib.c ============================================================================== --- soc2013/dpl/head/lib/libzcap/gzlib.c Thu Sep 12 20:51:48 2013 (r257248) +++ soc2013/dpl/head/lib/libzcap/gzlib.c Thu Sep 12 21:28:09 2013 (r257249) @@ -15,6 +15,7 @@ #include "commands.h" #include "zconf.h" +static void limitgzip(int fd, const char *mode); /* -- see zlib.h -- */ gzFile ZEXPORT gzopen(path, mode) const char *path; @@ -23,7 +24,6 @@ int oflag = 0; int fd; const char *loopmode; - cap_rights_t rights; mode_t mode2; loopmode = mode; @@ -64,15 +64,51 @@ if ((fd = open(path, oflag, mode2)) < 0) err(1, "zcaplib: Couldn't create gzip file"); - //limitgzip(fd, mode); - cap_rights_init(&rights, CAP_READ, CAP_SEEK, CAP_WRITE, CAP_FSTAT, CAP_FCNTL); + limitgzip(fd, mode); + + return gzdopen(fd, mode); +} + +static void limitgzip(fd, mode) + int fd; + const char *mode; +{ + cap_rights_t rights; + const char *loopmode; + int capread, capwrite; + + capread = capwrite = 0; + + loopmode = mode; + while(*loopmode) { + switch (*loopmode){ +#ifndef NO_GZCOMPRESS + case('w'): + case('a'): + capwrite = 1; + break; +#endif + case('r'): + capread = 1; + break; + default: + ; + } + ++loopmode; + } + + if (capread == 1) + cap_rights_init(&rights, CAP_READ, CAP_SEEK, CAP_FSTAT, CAP_FCNTL); + + if (capwrite == 1) + cap_rights_init(&rights, CAP_WRITE, CAP_SEEK, CAP_FSTAT, CAP_FCNTL); + if (cap_rights_limit(fd, &rights) < 0) err(1, "zcaplib: Couldn't limit fd: %d", fd); if (cap_fcntls_limit(fd, CAP_FCNTL_GETFL) < 0) err(1, "zcaplib: Couldn't limit fcntls of fd: %d", fd); - return gzdopen(fd, mode); } /* -- see zlib.h -- */