From owner-svn-src-all@freebsd.org Sat Nov 19 17:45:38 2016 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C7AC8C4B48A for ; Sat, 19 Nov 2016 17:45:38 +0000 (UTC) (envelope-from wlosh@bsdimp.com) Received: from mail-it0-x241.google.com (mail-it0-x241.google.com [IPv6:2607:f8b0:4001:c0b::241]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 8F08286D for ; Sat, 19 Nov 2016 17:45:38 +0000 (UTC) (envelope-from wlosh@bsdimp.com) Received: by mail-it0-x241.google.com with SMTP id b123so10071244itb.2 for ; Sat, 19 Nov 2016 09:45:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bsdimp-com.20150623.gappssmtp.com; s=20150623; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=u5flJTi3wqMJixpArpx9oxQnNko0wT3P1Fm9oZjEt/g=; b=b6397foTQUzPhuQSJ3IiOx9ljjkD4No1GwNniTxvKX6INy9waP1qcM6OlMmfvrK3cf r43qewTSA0dX7gUG7PXW5/KGUQoK7hTTlrbfqBanawukPeTbqUK0tqGNMBY/+1ji4pN9 LZlc5WNBUOc9mWwASZB3vvdzg1GlfQ6Fxxkb6kxQsoRzBms75YUV8Ss58IS9bih0uB+8 duwM4WM9CeGp1VIq1FlMhEw4TeZbcmstmIFWsy4WvUxNXRo/KWWEPx2ZTMx9Wf5K1WR0 JsbfDLNk3HrDvu31X1n5IKhCKrQd85cDZ/hRzOxxf/P/hfUOotpYbLu3cY0kXWd/yBMk XfHg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=u5flJTi3wqMJixpArpx9oxQnNko0wT3P1Fm9oZjEt/g=; b=nJz2NUwL9gTYDMLmyw6dKd4yy4kO2CetKtTigknJVAlbpNLlcBJOeFExHWbBbQrK6s 8xF4qQhCMPLbcz15+Ukiq/C8sensInbcLZM8vtU1Wbt11lIxMNTfbMmN0i6rSPYxJw27 KaHQAUWd22dxZdq6XkqoqcI+SHkNjRphjJObIW2vww+NvTH9Yrba2aYkwIxF9v50kzu7 DFtvLJakJ+/b49j7hWo863pwGc7SbgDl7lS7To7ImlQhQIpTUdmUyMzHGQU+YP99Z9xA 8wK5uoSq1G/1wviIX6oYWMS58WVJ9GyEEuseF1IgQJbh3VMSLe8uqLd/sAb5mn+dXalk sDog== X-Gm-Message-State: AKaTC01UPjSGJJdHBFS1zrhEQ/LHL8u07Kubn1BxTIL2b9TWsH/YOxLufWNdmevr7ZCPQ9SvFXwW7ox3Aj2cgw== X-Received: by 10.36.41.81 with SMTP id p78mr3662875itp.60.1479577537867; Sat, 19 Nov 2016 09:45:37 -0800 (PST) MIME-Version: 1.0 Sender: wlosh@bsdimp.com Received: by 10.79.134.66 with HTTP; Sat, 19 Nov 2016 09:45:37 -0800 (PST) X-Originating-IP: [50.253.99.174] In-Reply-To: <55bcfaee-7045-ad50-b0a9-002055321809@freebsd.org> References: <201611182109.uAIL9vBY084531@repo.freebsd.org> <55bcfaee-7045-ad50-b0a9-002055321809@freebsd.org> From: Warner Losh Date: Sat, 19 Nov 2016 10:45:37 -0700 X-Google-Sender-Auth: HxPdhx_h_V2JnjcZCWO_JmDoc7c Message-ID: Subject: Re: svn commit: r308810 - head/bin/dd To: Sean Bruno Cc: Adrian Chadd , Bartek Rutkowski , "src-committers@freebsd.org" , "svn-src-all@freebsd.org" , "svn-src-head@freebsd.org" Content-Type: text/plain; charset=UTF-8 X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Nov 2016 17:45:38 -0000 On Sat, Nov 19, 2016 at 9:39 AM, Sean Bruno wrote: > > > On 11/18/16 16:03, Adrian Chadd wrote: >> fwiw, this breaks -head compilation. >> >> >> >> -a >> > > This seems to not allow head to be built on stable/10 (not strictly > supported, but worked until this commit) ... I haven't tried building > head on stable/11 as of yet, but I assume it will break there too? Actually, strictly speaking, it is supported. Check the revisions in Makefile.inc1 for the latest supported versions. If you can't build head on stable/10, somebody has done something wrong. dd is a bootstrap tool, and may need special treatment. Warner >> On 18 November 2016 at 13:09, Bartek Rutkowski wrote: >>> Author: robak (ports committer) >>> Date: Fri Nov 18 21:09:57 2016 >>> New Revision: 308810 >>> URL: https://svnweb.freebsd.org/changeset/base/308810 >>> >>> Log: >>> Capsicum support for dd(1) >>> >>> Adds Capsicum sandboxing to dd utility. >>> >>> Submitted by: Pawel Biernacki >>> Reviewed by: allanjude, emaste, oshogbo >>> Approved by: oshogbo >>> Sponsored by: Mysterious Code Ltd. >>> Differential Revision: https://reviews.freebsd.org/D8543 >>> >>> Modified: >>> head/bin/dd/dd.c >>> >>> Modified: head/bin/dd/dd.c >>> ============================================================================== >>> --- head/bin/dd/dd.c Fri Nov 18 17:18:05 2016 (r308809) >>> +++ head/bin/dd/dd.c Fri Nov 18 21:09:57 2016 (r308810) >>> @@ -48,10 +48,13 @@ __FBSDID("$FreeBSD$"); >>> #include >>> #include >>> #include >>> +#include >>> #include >>> #include >>> +#include >>> >>> #include >>> +#include >>> #include >>> #include >>> #include >>> @@ -92,6 +95,10 @@ main(int argc __unused, char *argv[]) >>> jcl(argv); >>> setup(); >>> >>> + caph_cache_catpages(); >>> + if (cap_enter() == -1 && errno != ENOSYS) >>> + err(1, "unable to enter capability mode"); >>> + >>> (void)signal(SIGINFO, siginfo_handler); >>> (void)signal(SIGINT, terminate); >>> >>> @@ -125,6 +132,8 @@ static void >>> setup(void) >>> { >>> u_int cnt; >>> + cap_rights_t rights; >>> + unsigned long cmds[] = { FIODTYPE, MTIOCTOP }; >>> >>> if (in.name == NULL) { >>> in.name = "stdin"; >>> @@ -133,13 +142,20 @@ setup(void) >>> in.fd = open(in.name, O_RDONLY, 0); >>> if (in.fd == -1) >>> err(1, "%s", in.name); >>> + if (caph_limit_stdin() == -1) >>> + err(1, "unable to limit capability rights"); >>> } >>> >>> getfdtype(&in); >>> >>> + cap_rights_init(&rights, CAP_READ, CAP_SEEK); >>> + if (cap_rights_limit(in.fd, &rights) == -1 && errno != ENOSYS) >>> + err(1, "unable to limit capability rights"); >>> + >>> if (files_cnt > 1 && !(in.flags & ISTAPE)) >>> errx(1, "files is not supported for non-tape devices"); >>> >>> + cap_rights_set(&rights, CAP_WRITE, CAP_FTRUNCATE, CAP_IOCTL); >>> if (out.name == NULL) { >>> /* No way to check for read access here. */ >>> out.fd = STDOUT_FILENO; >>> @@ -156,13 +172,27 @@ setup(void) >>> if (out.fd == -1) { >>> out.fd = open(out.name, O_WRONLY | OFLAGS, DEFFILEMODE); >>> out.flags |= NOREAD; >>> + cap_rights_clear(&rights, CAP_READ); >>> } >>> if (out.fd == -1) >>> err(1, "%s", out.name); >>> + if (caph_limit_stdout() == -1) >>> + err(1, "unable to limit capability rights"); >>> } >>> >>> getfdtype(&out); >>> >>> + if (cap_rights_limit(out.fd, &rights) == -1 && errno != ENOSYS) >>> + err(1, "unable to limit capability rights"); >>> + if (cap_ioctls_limit(out.fd, cmds, nitems(cmds)) == -1 && >>> + errno != ENOSYS) >>> + err(1, "unable to limit capability rights"); >>> + >>> + if (in.fd != STDERR_FILENO && out.fd != STDERR_FILENO) { >>> + if (caph_limit_stderr() == -1) >>> + err(1, "unable to limit capability rights"); >>> + } >>> + >>> /* >>> * Allocate space for the input and output buffers. If not doing >>> * record oriented I/O, only need a single buffer. >>> >> >> >