Date: Sat, 19 Nov 2016 10:45:37 -0700 From: Warner Losh <imp@bsdimp.com> To: Sean Bruno <sbruno@freebsd.org> Cc: Adrian Chadd <adrian.chadd@gmail.com>, Bartek Rutkowski <robak@freebsd.org>, "src-committers@freebsd.org" <src-committers@freebsd.org>, "svn-src-all@freebsd.org" <svn-src-all@freebsd.org>, "svn-src-head@freebsd.org" <svn-src-head@freebsd.org> Subject: Re: svn commit: r308810 - head/bin/dd Message-ID: <CANCZdfp=U7=hFeOYZZussOCsn9xSFKx0fCwyvYAm3gX-zNbLFg@mail.gmail.com> In-Reply-To: <55bcfaee-7045-ad50-b0a9-002055321809@freebsd.org> References: <201611182109.uAIL9vBY084531@repo.freebsd.org> <CAJ-VmonNNucDd_3vSmUDFHaDe5pn=X1uxBD18EVCRWaeWbtrXA@mail.gmail.com> <55bcfaee-7045-ad50-b0a9-002055321809@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Nov 19, 2016 at 9:39 AM, Sean Bruno <sbruno@freebsd.org> wrote: > > > On 11/18/16 16:03, Adrian Chadd wrote: >> fwiw, this breaks -head compilation. >> >> >> >> -a >> > > This seems to not allow head to be built on stable/10 (not strictly > supported, but worked until this commit) ... I haven't tried building > head on stable/11 as of yet, but I assume it will break there too? Actually, strictly speaking, it is supported. Check the revisions in Makefile.inc1 for the latest supported versions. If you can't build head on stable/10, somebody has done something wrong. dd is a bootstrap tool, and may need special treatment. Warner >> On 18 November 2016 at 13:09, Bartek Rutkowski <robak@freebsd.org> wrote: >>> Author: robak (ports committer) >>> Date: Fri Nov 18 21:09:57 2016 >>> New Revision: 308810 >>> URL: https://svnweb.freebsd.org/changeset/base/308810 >>> >>> Log: >>> Capsicum support for dd(1) >>> >>> Adds Capsicum sandboxing to dd utility. >>> >>> Submitted by: Pawel Biernacki <pawel.biernacki@gmail.com> >>> Reviewed by: allanjude, emaste, oshogbo >>> Approved by: oshogbo >>> Sponsored by: Mysterious Code Ltd. >>> Differential Revision: https://reviews.freebsd.org/D8543 >>> >>> Modified: >>> head/bin/dd/dd.c >>> >>> Modified: head/bin/dd/dd.c >>> ============================================================================== >>> --- head/bin/dd/dd.c Fri Nov 18 17:18:05 2016 (r308809) >>> +++ head/bin/dd/dd.c Fri Nov 18 21:09:57 2016 (r308810) >>> @@ -48,10 +48,13 @@ __FBSDID("$FreeBSD$"); >>> #include <sys/param.h> >>> #include <sys/stat.h> >>> #include <sys/conf.h> >>> +#include <sys/capsicum.h> >>> #include <sys/disklabel.h> >>> #include <sys/filio.h> >>> +#include <sys/mtio.h> >>> >>> #include <assert.h> >>> +#include <capsicum_helpers.h> >>> #include <ctype.h> >>> #include <err.h> >>> #include <errno.h> >>> @@ -92,6 +95,10 @@ main(int argc __unused, char *argv[]) >>> jcl(argv); >>> setup(); >>> >>> + caph_cache_catpages(); >>> + if (cap_enter() == -1 && errno != ENOSYS) >>> + err(1, "unable to enter capability mode"); >>> + >>> (void)signal(SIGINFO, siginfo_handler); >>> (void)signal(SIGINT, terminate); >>> >>> @@ -125,6 +132,8 @@ static void >>> setup(void) >>> { >>> u_int cnt; >>> + cap_rights_t rights; >>> + unsigned long cmds[] = { FIODTYPE, MTIOCTOP }; >>> >>> if (in.name == NULL) { >>> in.name = "stdin"; >>> @@ -133,13 +142,20 @@ setup(void) >>> in.fd = open(in.name, O_RDONLY, 0); >>> if (in.fd == -1) >>> err(1, "%s", in.name); >>> + if (caph_limit_stdin() == -1) >>> + err(1, "unable to limit capability rights"); >>> } >>> >>> getfdtype(&in); >>> >>> + cap_rights_init(&rights, CAP_READ, CAP_SEEK); >>> + if (cap_rights_limit(in.fd, &rights) == -1 && errno != ENOSYS) >>> + err(1, "unable to limit capability rights"); >>> + >>> if (files_cnt > 1 && !(in.flags & ISTAPE)) >>> errx(1, "files is not supported for non-tape devices"); >>> >>> + cap_rights_set(&rights, CAP_WRITE, CAP_FTRUNCATE, CAP_IOCTL); >>> if (out.name == NULL) { >>> /* No way to check for read access here. */ >>> out.fd = STDOUT_FILENO; >>> @@ -156,13 +172,27 @@ setup(void) >>> if (out.fd == -1) { >>> out.fd = open(out.name, O_WRONLY | OFLAGS, DEFFILEMODE); >>> out.flags |= NOREAD; >>> + cap_rights_clear(&rights, CAP_READ); >>> } >>> if (out.fd == -1) >>> err(1, "%s", out.name); >>> + if (caph_limit_stdout() == -1) >>> + err(1, "unable to limit capability rights"); >>> } >>> >>> getfdtype(&out); >>> >>> + if (cap_rights_limit(out.fd, &rights) == -1 && errno != ENOSYS) >>> + err(1, "unable to limit capability rights"); >>> + if (cap_ioctls_limit(out.fd, cmds, nitems(cmds)) == -1 && >>> + errno != ENOSYS) >>> + err(1, "unable to limit capability rights"); >>> + >>> + if (in.fd != STDERR_FILENO && out.fd != STDERR_FILENO) { >>> + if (caph_limit_stderr() == -1) >>> + err(1, "unable to limit capability rights"); >>> + } >>> + >>> /* >>> * Allocate space for the input and output buffers. If not doing >>> * record oriented I/O, only need a single buffer. >>> >> >> >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CANCZdfp=U7=hFeOYZZussOCsn9xSFKx0fCwyvYAm3gX-zNbLFg>