Date: Fri, 23 Mar 2018 16:15:07 +0000 (UTC) From: Ian Lepore <ian@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r331434 - in stable/11/lib: . libcapsicum Message-ID: <201803231615.w2NGF7n0091852@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ian Date: Fri Mar 23 16:15:07 2018 New Revision: 331434 URL: https://svnweb.freebsd.org/changeset/base/331434 Log: MFC r306657, r306673, r306726, r307737, r309366, r310135, r323990, r324414 r306657: libcapsicum: introduce Capsicum helpers Capsicum helpers are a set of inline functions which goal is to reduce duplicated patterns used to Capsicumize applications. Reviewed by: cem, AllanJude, bapt, ed, emaste Differential Revision: https://reviews.freebsd.org/D8013 r306673: libcapsicum: limit stderr Don't limit stdout twice, instead limit stderr. Pointed out by: rpokala@ r306726: Add man pages for Capsicum helpers. Reviewed by: cem Differential Revision: https://reviews.freebsd.org/D8154 r307737: Fix few sentence in the man page. Pointed out by: wblock r309366: capsicum_helpers: Squash errors from closed fds Squash EBADF from closed stdin, stdout, or stderr in caph_limit_stdio(). Any program used during special shell scripts may commonly be forked from a parent process with closed standard stream. Do the common sense thing for this common use. Reported by: Iblis Lin <iblis AT hs.ntnu.edu.tw> Reviewed by: oshogbo@ (earlier version) Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D8657 r310135: capsicum_helpers: Add LOOKUP flag Add a helper routine for opening a directory that is restricted to being used for opening relative files as stdio streams. I think this will really help basic adaptation of multi-file programs to Capsicum. Rather than having each program initialize a rights object and ioctl/fcntl arrays for their root fd for relative opens, consolidate in the logical place. Reviewed by: oshogbo@ Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D8743 r323990: capsicum_helpers: Add SEEK to default stdio rights set PR: 219173 Sponsored by: Dell EMC Isilon r324414: capsicum_helpers: Add EVENT to default stdio rights set Without it, calling caph_limit_stdio(3) breaks Irssi. Reviewed by: oshogbo Sponsored by: DARPA, AFRL Differential Revision: https://reviews.freebsd.org/D12622 Added: stable/11/lib/libcapsicum/ - copied from r306657, head/lib/libcapsicum/ stable/11/lib/libcapsicum/Makefile.depend - copied unchanged from r308605, head/lib/libcapsicum/Makefile.depend stable/11/lib/libcapsicum/capsicum_helpers.3 - copied, changed from r306726, head/lib/libcapsicum/capsicum_helpers.3 Modified: stable/11/lib/Makefile stable/11/lib/libcapsicum/Makefile stable/11/lib/libcapsicum/capsicum_helpers.h Directory Properties: stable/11/ (props changed) Modified: stable/11/lib/Makefile ============================================================================== --- stable/11/lib/Makefile Fri Mar 23 15:50:01 2018 (r331433) +++ stable/11/lib/Makefile Fri Mar 23 16:15:07 2018 (r331434) @@ -38,6 +38,7 @@ SUBDIR= ${SUBDIR_BOOTSTRAP} \ libbz2 \ libcalendar \ libcam \ + libcapsicum \ ${_libcasper} \ ${_libcom_err} \ libcompat \ Modified: stable/11/lib/libcapsicum/Makefile ============================================================================== --- head/lib/libcapsicum/Makefile Mon Oct 3 20:48:18 2016 (r306657) +++ stable/11/lib/libcapsicum/Makefile Fri Mar 23 16:15:07 2018 (r331434) @@ -4,4 +4,14 @@ PACKAGE=lib${LIB} INCS= capsicum_helpers.h +MAN+= capsicum_helpers.3 + +MLINKS+=capsicum_helpers.3 caph_limit_stream.3 +MLINKS+=capsicum_helpers.3 caph_limit_stdin.3 +MLINKS+=capsicum_helpers.3 caph_limit_stderr.3 +MLINKS+=capsicum_helpers.3 caph_limit_stdout.3 +MLINKS+=capsicum_helpers.3 caph_limit_stdio.3 +MLINKS+=capsicum_helpers.3 caph_cache_tzdata.3 +MLINKS+=capsicum_helpers.3 caph_cache_catpages.3 + .include <bsd.lib.mk> Copied: stable/11/lib/libcapsicum/Makefile.depend (from r308605, head/lib/libcapsicum/Makefile.depend) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ stable/11/lib/libcapsicum/Makefile.depend Fri Mar 23 16:15:07 2018 (r331434, copy of r308605, head/lib/libcapsicum/Makefile.depend) @@ -0,0 +1,11 @@ +# $FreeBSD$ +# Autogenerated - do NOT edit! + +DIRDEPS = \ + + +.include <dirdeps.mk> + +.if ${DEP_RELDIR} == ${_DEP_RELDIR} +# local dependencies - needed for -jN in clean tree +.endif Copied and modified: stable/11/lib/libcapsicum/capsicum_helpers.3 (from r306726, head/lib/libcapsicum/capsicum_helpers.3) ============================================================================== --- head/lib/libcapsicum/capsicum_helpers.3 Wed Oct 5 20:02:34 2016 (r306726, copy source) +++ stable/11/lib/libcapsicum/capsicum_helpers.3 Fri Mar 23 16:15:07 2018 (r331434) @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd October 5, 2016 +.Dd October 21, 2016 .Dt CAPSICUM_HELPERS 3 .Os .Sh NAME @@ -57,7 +57,8 @@ .Sh DESCRIPTION The .Nm capsicum helpers -are a set of a inline functions which simplify Capsicumizing programs. +are a set of a inline functions which simplify modifying programs to use +Capsicum. The goal is to reduce duplicated code patterns. The .Nm capsicum helpers @@ -70,7 +71,7 @@ restricts capabilities on .Fa fd to only those needed by POSIX stream objects (that is, FILEs). .Pp -The following flags can be provided: +These flags can be provided: .Pp .Bl -tag -width "CAPH_IGNORE_EBADF" -compact -offset indent .It Dv CAPH_IGNORE_EBADF Modified: stable/11/lib/libcapsicum/capsicum_helpers.h ============================================================================== --- head/lib/libcapsicum/capsicum_helpers.h Mon Oct 3 20:48:18 2016 (r306657) +++ stable/11/lib/libcapsicum/capsicum_helpers.h Fri Mar 23 16:15:07 2018 (r331434) @@ -41,6 +41,7 @@ #define CAPH_IGNORE_EBADF 0x0001 #define CAPH_READ 0x0002 #define CAPH_WRITE 0x0004 +#define CAPH_LOOKUP 0x0008 static __inline int caph_limit_stream(int fd, int flags) @@ -48,12 +49,15 @@ caph_limit_stream(int fd, int flags) cap_rights_t rights; unsigned long cmds[] = { TIOCGETA, TIOCGWINSZ }; - cap_rights_init(&rights, CAP_FCNTL, CAP_FSTAT, CAP_IOCTL); + cap_rights_init(&rights, CAP_EVENT, CAP_FCNTL, CAP_FSTAT, + CAP_IOCTL, CAP_SEEK); if ((flags & CAPH_READ) != 0) cap_rights_set(&rights, CAP_READ); if ((flags & CAPH_WRITE) != 0) cap_rights_set(&rights, CAP_WRITE); + if ((flags & CAPH_LOOKUP) != 0) + cap_rights_set(&rights, CAP_LOOKUP); if (cap_rights_limit(fd, &rights) < 0 && errno != ENOSYS) { if (errno == EBADF && (flags & CAPH_IGNORE_EBADF) != 0) @@ -94,12 +98,12 @@ caph_limit_stdout(void) static __inline int caph_limit_stdio(void) { + const int iebadf = CAPH_IGNORE_EBADF; - if (caph_limit_stdin() == -1 || caph_limit_stdout() == -1 || - caph_limit_stdout() == -1) { + if (caph_limit_stream(STDIN_FILENO, CAPH_READ | iebadf) == -1 || + caph_limit_stream(STDOUT_FILENO, CAPH_WRITE | iebadf) == -1 || + caph_limit_stream(STDERR_FILENO, CAPH_WRITE | iebadf) == -1) return (-1); - } - return (0); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201803231615.w2NGF7n0091852>