From owner-svn-src-head@FreeBSD.ORG Thu Jul 18 22:11:28 2013 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 3F6D35A1; Thu, 18 Jul 2013 22:11:28 +0000 (UTC) (envelope-from pjd@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id 19681C00; Thu, 18 Jul 2013 22:11:28 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id r6IMBRcw091292; Thu, 18 Jul 2013 22:11:27 GMT (envelope-from pjd@svn.freebsd.org) Received: (from pjd@localhost) by svn.freebsd.org (8.14.7/8.14.5/Submit) id r6IMBRYC091291; Thu, 18 Jul 2013 22:11:27 GMT (envelope-from pjd@svn.freebsd.org) Message-Id: <201307182211.r6IMBRYC091291@svn.freebsd.org> From: Pawel Jakub Dawidek Date: Thu, 18 Jul 2013 22:11:27 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r253457 - head/usr.bin/uniq X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Jul 2013 22:11:28 -0000 Author: pjd Date: Thu Jul 18 22:11:27 2013 New Revision: 253457 URL: http://svnweb.freebsd.org/changeset/base/253457 Log: Close uniq(1) in the capability mode sandbox and limit descriptors using capability rights. Modified: head/usr.bin/uniq/uniq.c Modified: head/usr.bin/uniq/uniq.c ============================================================================== --- head/usr.bin/uniq/uniq.c Thu Jul 18 21:56:10 2013 (r253456) +++ head/usr.bin/uniq/uniq.c Thu Jul 18 22:11:27 2013 (r253457) @@ -44,15 +44,20 @@ static const char rcsid[] = "$FreeBSD$"; #endif /* not lint */ +#include + #include #include +#include #include #include +#include #include #define _WITH_GETLINE #include #include #include +#include #include #include #include @@ -68,6 +73,17 @@ static wchar_t *skip(wchar_t *); static void obsolete(char *[]); static void usage(void); +static void +strerror_init(void) +{ + + /* + * Cache NLS data before entering capability mode. + * XXXPJD: There should be strerror_init() and strsignal_init() in libc. + */ + (void)catopen("libc", NL_CAT_LOCALE); +} + int main (int argc, char *argv[]) { @@ -77,6 +93,7 @@ main (int argc, char *argv[]) size_t prevbuflen, thisbuflen, b1; char *prevline, *thisline, *p; const char *ifn; + cap_rights_t rights; (void) setlocale(LC_ALL, ""); @@ -128,8 +145,34 @@ main (int argc, char *argv[]) ofp = stdout; if (argc > 0 && strcmp(argv[0], "-") != 0) ifp = file(ifn = argv[0], "r"); + if (cap_rights_limit(fileno(ifp), CAP_FSTAT | CAP_READ) < 0 && + errno != ENOSYS) { + err(1, "unable to limit rights for %s", ifn); + } + rights = CAP_FSTAT | CAP_WRITE; if (argc > 1) ofp = file(argv[1], "w"); + else + rights |= CAP_IOCTL; + if (cap_rights_limit(fileno(ofp), rights) < 0 && errno != ENOSYS) { + err(1, "unable to limit rights for %s", + argc > 1 ? argv[1] : "stdout"); + } + if ((rights & CAP_IOCTL) != 0) { + unsigned long cmd; + + cmd = TIOCGETA; /* required by isatty(3) in printf(3) */ + + if (cap_ioctls_limit(fileno(ofp), &cmd, 1) < 0 && + errno != ENOSYS) { + err(1, "unable to limit ioctls for %s", + argc > 1 ? argv[1] : "stdout"); + } + } + + strerror_init(); + if (cap_enter() < 0 && errno != ENOSYS) + err(1, "unable to enter capability mode"); prevbuflen = thisbuflen = 0; prevline = thisline = NULL;