ministat(1): Capsicumify

Separate dataset opening from reading/parsing. The number of input files is already capped to a small number, so just open all input files before sandboxing. Feedback from: allanjude@ (earlier version), emaste@ (earlier version) Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D7925
2016-12-16 01:51:12 +00:00 · 2016-12-16 01:51:12 +00:00 · 2ba951f5d4
commit 2ba951f5d4
parent 648117d061
1 changed files with 40 additions and 25 deletions
--- a/usr.bin/ministat/ministat.c
+++ b/usr.bin/ministat/ministat.c
@ -11,17 +11,21 @@
 #include <sys/cdefs.h>
 __FBSDID("$FreeBSD$");

-#include <stdio.h>
-#include <math.h>
-#include <ctype.h>
-#include <err.h>
-#include <string.h>
-#include <stdlib.h>
-#include <unistd.h>
+#include <sys/capsicum.h>
 #include <sys/ioctl.h>
 #include <sys/queue.h>
 #include <sys/ttycom.h>

+#include <capsicum_helpers.h>
+#include <ctype.h>
+#include <err.h>
+#include <errno.h>
+#include <math.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
 #define NSTUDENT 100
 #define NCONF 6
 static double const studentpct[] = { 80, 90, 95, 98, 99, 99.5 };
@ -455,26 +459,14 @@ dbl_cmp(const void *a, const void *b)
 }

 static struct dataset *
-ReadSet(const char *n, int column, const char *delim)
+ReadSet(FILE *f, const char *n, int column, const char *delim)
 {
-	FILE *f;
 	char buf[BUFSIZ], *p, *t;
 	struct dataset *s;
 	double d;
 	int line;
 	int i;

-	if (n == NULL) {
-		f = stdin;
-		n = "<stdin>";
-	} else if (!strcmp(n, "-")) {
-		f = stdin;
-		n = "<stdin>";
-	} else {
-		f = fopen(n, "r");
-	}
-	if (f == NULL)
-		err(1, "Cannot open %s", n);
 	s = NewSet();
 	s->name = strdup(n);
 	line = 0;
@ -499,7 +491,6 @@ ReadSet(const char *n, int column, const char *delim)
 		if (*buf != '\0')
 			AddPoint(s, d);
 	}
-	fclose(f);
 	if (s->n < 3) {
 		fprintf(stderr,
 		    "Dataset %s must contain at least 3 data points\n", n);
@ -536,7 +527,9 @@ usage(char const *whine)
 int
 main(int argc, char **argv)
 {
-	struct dataset *ds[7];
+	const char *setfilenames[MAX_DS - 1];
+	struct dataset *ds[MAX_DS - 1];
+	FILE *setfiles[MAX_DS - 1];
 	int nds;
 	double a;
 	const char *delim = " \t";
@ -609,14 +602,36 @@ main(int argc, char **argv)
 	argv += optind;

 	if (argc == 0) {
-		ds[0] = ReadSet("-", column, delim);
+		setfilenames[0] = "<stdin>";
+		setfiles[0] = stdin;
 		nds = 1;
 	} else {
 		if (argc > (MAX_DS - 1))
 			usage("Too many datasets.");
 		nds = argc;
-		for (i = 0; i < nds; i++)
-			ds[i] = ReadSet(argv[i], column, delim);
+		for (i = 0; i < nds; i++) {
+			setfilenames[i] = argv[i];
+			setfiles[i] = fopen(argv[i], "r");
+			if (setfiles[i] == NULL)
+				err(2, "Cannot open %s", argv[i]);
+		}
+	}
+
+	if (caph_limit_stdio() < 0)
+		err(2, "capsicum");
+
+	for (i = 0; i < nds; i++)
+		if (caph_limit_stream(fileno(setfiles[i]), CAPH_READ) < 0)
+			err(2, "unable to limit rights for %s",
+			    setfilenames[i]);
+
+	/* Enter Capsicum sandbox. */
+	if (cap_enter() < 0 && errno != ENOSYS)
+		err(2, "unable to enter capability mode");
+
+	for (i = 0; i < nds; i++) {
+		ds[i] = ReadSet(setfiles[i], setfilenames[i], column, delim);
+		fclose(setfiles[i]);
 	}

 	for (i = 0; i < nds; i++)