md5: extend capabilites
In 4849767cb1
, we did a large refactor of the md5(1) source code.
One of them is that instead of reading data using read(2) syscall, we
are using binary stream input (fread(3)).
fread(3) requires additional Capsicum capabilities:
sha256 CAP operation requires CAP_FSTAT, descriptor holds CAP_READ
sha256 RET fstat -1 errno 93 Capabilities insufficient
Reviewed by: des
Differential Revision: https://reviews.freebsd.org/D41348
This commit is contained in:
parent
d7302cabc0
commit
2ea65afbd1
@ -621,7 +621,7 @@ main(int argc, char *argv[])
|
|||||||
*/
|
*/
|
||||||
if (*(argv + 1) == NULL) {
|
if (*(argv + 1) == NULL) {
|
||||||
#ifdef HAVE_CAPSICUM
|
#ifdef HAVE_CAPSICUM
|
||||||
cap_rights_init(&rights, CAP_READ);
|
cap_rights_init(&rights, CAP_READ, CAP_FSTAT);
|
||||||
if (caph_rights_limit(fileno(f), &rights) < 0 ||
|
if (caph_rights_limit(fileno(f), &rights) < 0 ||
|
||||||
caph_enter() < 0)
|
caph_enter() < 0)
|
||||||
err(1, "capsicum");
|
err(1, "capsicum");
|
||||||
|
Loading…
Reference in New Issue
Block a user