md5: extend capabilites

In 4849767cb1, we did a large refactor of the md5(1) source code. One of them is that instead of reading data using read(2) syscall, we are using binary stream input (fread(3)). fread(3) requires additional Capsicum capabilities: sha256 CAP operation requires CAP_FSTAT, descriptor holds CAP_READ sha256 RET fstat -1 errno 93 Capabilities insufficient Reviewed by: des Differential Revision: https://reviews.freebsd.org/D41348
2023-08-07 14:16:03 +02:00 · 2023-08-07 14:16:03 +02:00 · 2ea65afbd1
commit 2ea65afbd1
parent d7302cabc0
1 changed files with 1 additions and 1 deletions
--- a/sbin/md5/md5.c
+++ b/sbin/md5/md5.c
@ -621,7 +621,7 @@ main(int argc, char *argv[])
 			 */
 			if (*(argv + 1) == NULL) {
 #ifdef HAVE_CAPSICUM
-				cap_rights_init(&rights, CAP_READ);
+				cap_rights_init(&rights, CAP_READ, CAP_FSTAT);
 				if (caph_rights_limit(fileno(f), &rights) < 0 ||
 				    caph_enter() < 0)
 					err(1, "capsicum");