Date: Thu, 1 Dec 2016 17:28:45 +0000 (UTC) From: "Conrad E. Meyer" <cem@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r309366 - head/lib/libcapsicum Message-ID: <201612011728.uB1HSjBZ035693@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: cem Date: Thu Dec 1 17:28:45 2016 New Revision: 309366 URL: https://svnweb.freebsd.org/changeset/base/309366 Log: capsicum_helpers: Squash errors from closed fds Squash EBADF from closed stdin, stdout, or stderr in caph_limit_stdio(). Any program used during special shell scripts may commonly be forked from a parent process with closed standard stream. Do the common sense thing for this common use. Reported by: Iblis Lin <iblis AT hs.ntnu.edu.tw> Reviewed by: oshogbo@ (earlier version) Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D8657 Modified: head/lib/libcapsicum/capsicum_helpers.h Modified: head/lib/libcapsicum/capsicum_helpers.h ============================================================================== --- head/lib/libcapsicum/capsicum_helpers.h Thu Dec 1 17:26:37 2016 (r309365) +++ head/lib/libcapsicum/capsicum_helpers.h Thu Dec 1 17:28:45 2016 (r309366) @@ -94,12 +94,12 @@ caph_limit_stdout(void) static __inline int caph_limit_stdio(void) { + const int iebadf = CAPH_IGNORE_EBADF; - if (caph_limit_stdin() == -1 || caph_limit_stdout() == -1 || - caph_limit_stderr() == -1) { + if (caph_limit_stream(STDIN_FILENO, CAPH_READ | iebadf) == -1 || + caph_limit_stream(STDOUT_FILENO, CAPH_WRITE | iebadf) == -1 || + caph_limit_stream(STDERR_FILENO, CAPH_WRITE | iebadf) == -1) return (-1); - } - return (0); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201612011728.uB1HSjBZ035693>