wc: sandbox wc using capsicum
Reviewed by: AllanJude, emaste Differential Revision: https://reviews.freebsd.org/D14409
This commit is contained in:
parent
cdd6ea94b0
commit
9e4c5144e6
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=340374
@ -1,7 +1,15 @@
|
|||||||
# @(#)Makefile 8.1 (Berkeley) 6/6/93
|
# @(#)Makefile 8.1 (Berkeley) 6/6/93
|
||||||
# $FreeBSD$
|
# $FreeBSD$
|
||||||
|
|
||||||
|
.include <src.opts.mk>
|
||||||
|
|
||||||
PROG= wc
|
PROG= wc
|
||||||
LIBADD= xo
|
LIBADD= xo
|
||||||
|
|
||||||
|
.if ${MK_CASPER} != "no"
|
||||||
|
LIBADD+= casper
|
||||||
|
LIBADD+= cap_fileargs
|
||||||
|
CFLAGS+=-DWITH_CASPER
|
||||||
|
.endif
|
||||||
|
|
||||||
.include <bsd.prog.mk>
|
.include <bsd.prog.mk>
|
||||||
|
@ -44,9 +44,11 @@ static char sccsid[] = "@(#)wc.c 8.1 (Berkeley) 6/6/93";
|
|||||||
#include <sys/cdefs.h>
|
#include <sys/cdefs.h>
|
||||||
__FBSDID("$FreeBSD$");
|
__FBSDID("$FreeBSD$");
|
||||||
|
|
||||||
|
#include <sys/capsicum.h>
|
||||||
#include <sys/param.h>
|
#include <sys/param.h>
|
||||||
#include <sys/stat.h>
|
#include <sys/stat.h>
|
||||||
|
|
||||||
|
#include <capsicum_helpers.h>
|
||||||
#include <ctype.h>
|
#include <ctype.h>
|
||||||
#include <err.h>
|
#include <err.h>
|
||||||
#include <errno.h>
|
#include <errno.h>
|
||||||
@ -61,6 +63,10 @@ __FBSDID("$FreeBSD$");
|
|||||||
#include <wctype.h>
|
#include <wctype.h>
|
||||||
#include <libxo/xo.h>
|
#include <libxo/xo.h>
|
||||||
|
|
||||||
|
#include <libcasper.h>
|
||||||
|
#include <casper/cap_fileargs.h>
|
||||||
|
|
||||||
|
static fileargs_t *fa;
|
||||||
static uintmax_t tlinect, twordct, tcharct, tlongline;
|
static uintmax_t tlinect, twordct, tcharct, tlongline;
|
||||||
static int doline, doword, dochar, domulti, dolongline;
|
static int doline, doword, dochar, domulti, dolongline;
|
||||||
static volatile sig_atomic_t siginfo;
|
static volatile sig_atomic_t siginfo;
|
||||||
@ -90,6 +96,7 @@ int
|
|||||||
main(int argc, char *argv[])
|
main(int argc, char *argv[])
|
||||||
{
|
{
|
||||||
int ch, errors, total;
|
int ch, errors, total;
|
||||||
|
cap_rights_t rights;
|
||||||
|
|
||||||
(void) setlocale(LC_CTYPE, "");
|
(void) setlocale(LC_CTYPE, "");
|
||||||
|
|
||||||
@ -125,6 +132,26 @@ main(int argc, char *argv[])
|
|||||||
|
|
||||||
(void)signal(SIGINFO, siginfo_handler);
|
(void)signal(SIGINFO, siginfo_handler);
|
||||||
|
|
||||||
|
fa = fileargs_init(argc, argv, O_RDONLY, 0,
|
||||||
|
cap_rights_init(&rights, CAP_READ, CAP_FSTAT));
|
||||||
|
if (fa == NULL) {
|
||||||
|
xo_warn("Unable to init casper");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
|
||||||
|
caph_cache_catpages();
|
||||||
|
if (caph_limit_stdio() < 0) {
|
||||||
|
xo_warn("Unable to limit stdio");
|
||||||
|
fileargs_free(fa);
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (caph_enter() < 0) {
|
||||||
|
xo_warn("Unable to enter capability mode");
|
||||||
|
fileargs_free(fa);
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
|
||||||
/* Wc's flags are on by default. */
|
/* Wc's flags are on by default. */
|
||||||
if (doline + doword + dochar + domulti + dolongline == 0)
|
if (doline + doword + dochar + domulti + dolongline == 0)
|
||||||
doline = doword = dochar = 1;
|
doline = doword = dochar = 1;
|
||||||
@ -158,6 +185,7 @@ main(int argc, char *argv[])
|
|||||||
xo_close_container("total");
|
xo_close_container("total");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
fileargs_free(fa);
|
||||||
xo_close_container("wc");
|
xo_close_container("wc");
|
||||||
xo_finish();
|
xo_finish();
|
||||||
exit(errors == 0 ? 0 : 1);
|
exit(errors == 0 ? 0 : 1);
|
||||||
@ -206,7 +234,7 @@ cnt(const char *file)
|
|||||||
linect = wordct = charct = llct = tmpll = 0;
|
linect = wordct = charct = llct = tmpll = 0;
|
||||||
if (file == NULL)
|
if (file == NULL)
|
||||||
fd = STDIN_FILENO;
|
fd = STDIN_FILENO;
|
||||||
else if ((fd = open(file, O_RDONLY, 0)) < 0) {
|
else if ((fd = fileargs_open(fa, file)) < 0) {
|
||||||
xo_warn("%s: open", file);
|
xo_warn("%s: open", file);
|
||||||
return (1);
|
return (1);
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user