From owner-svn-src-all@freebsd.org Sun Feb 19 06:02:42 2017 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BEBFFCDBFC5; Sun, 19 Feb 2017 06:02:42 +0000 (UTC) (envelope-from allanjude@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6D3A821C; Sun, 19 Feb 2017 06:02:42 +0000 (UTC) (envelope-from allanjude@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v1J62f0Y027654; Sun, 19 Feb 2017 06:02:41 GMT (envelope-from allanjude@FreeBSD.org) Received: (from allanjude@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v1J62fPd027653; Sun, 19 Feb 2017 06:02:41 GMT (envelope-from allanjude@FreeBSD.org) Message-Id: <201702190602.v1J62fPd027653@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: allanjude set sender to allanjude@FreeBSD.org using -f From: Allan Jude Date: Sun, 19 Feb 2017 06:02:41 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r313938 - head/usr.bin/lam X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Feb 2017 06:02:42 -0000 Author: allanjude Date: Sun Feb 19 06:02:41 2017 New Revision: 313938 URL: https://svnweb.freebsd.org/changeset/base/313938 Log: Capsicum-ize lam(1) lam(1) is used in portsnap(8), so lock it down Reviewed by: emaste, cem, jonathan Sponsored by: ScaleEngine Inc. Differential Revision: https://reviews.freebsd.org/D8076 Modified: head/usr.bin/lam/lam.c Modified: head/usr.bin/lam/lam.c ============================================================================== --- head/usr.bin/lam/lam.c Sun Feb 19 05:29:06 2017 (r313937) +++ head/usr.bin/lam/lam.c Sun Feb 19 06:02:41 2017 (r313938) @@ -46,11 +46,16 @@ __FBSDID("$FreeBSD$"); * Author: John Kunze, UCB */ +#include + +#include #include #include +#include #include #include #include +#include #define MAXOFILES 20 #define BIGBUFSIZ 5 * BUFSIZ @@ -84,6 +89,17 @@ main(int argc, char *argv[]) getargs(argv); if (!morefiles) usage(); + + /* + * Cache NLS data, for strerror, for err(3), before entering capability + * mode. + */ + caph_cache_catpages(); + if (caph_limit_stdio() == -1) + err(1, "unable to limit stdio"); + if (cap_enter() < 0 && errno != ENOSYS) + err(1, "unable to enter capability mode"); + for (;;) { linep = line; for (ip = input; ip->fp != NULL; ip++) @@ -105,7 +121,9 @@ getargs(char *av[]) static char fmtbuf[BUFSIZ]; char *fmtp = fmtbuf; int P, S, F, T; + cap_rights_t rights_ro; + cap_rights_init(&rights_ro, CAP_READ, CAP_FSTAT); P = S = F = T = 0; /* capitalized options */ while ((p = *++av) != NULL) { if (*p != '-' || !p[1]) { @@ -116,6 +134,8 @@ getargs(char *av[]) else if ((ip->fp = fopen(p, "r")) == NULL) { err(1, "%s", p); } + if (cap_rights_limit(fileno(ip->fp), &rights_ro) < 0) + err(1, "unable to limit rights on: %s", p); ip->pad = P; if (!ip->sepstring) ip->sepstring = (S ? (ip-1)->sepstring : "");