Capsicumize readelf(1).

Reviewed by:	oshogbo
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D21108
This commit is contained in:
Mark Johnston 2019-08-01 18:57:08 +00:00
parent 1d954fed61
commit 802c2095b5
2 changed files with 37 additions and 10 deletions

View File

@ -26,8 +26,10 @@
#include <sys/param.h>
#include <sys/queue.h>
#include <ar.h>
#include <assert.h>
#include <capsicum_helpers.h>
#include <ctype.h>
#include <dwarf.h>
#include <err.h>
@ -45,6 +47,9 @@
#include <time.h>
#include <unistd.h>
#include <libcasper.h>
#include <casper/cap_fileargs.h>
#include "_elftc.h"
ELFTC_VCSID("$Id: readelf.c 3649 2018-11-24 03:26:23Z emaste $");
@ -7214,15 +7219,8 @@ dump_ar(struct readelf *re, int fd)
}
static void
dump_object(struct readelf *re)
dump_object(struct readelf *re, int fd)
{
int fd;
if ((fd = open(re->filename, O_RDONLY)) == -1) {
warn("open %s failed", re->filename);
return;
}
if ((re->flags & DISPLAY_FILENAME) != 0)
printf("\nFile: %s\n", re->filename);
@ -7589,9 +7587,11 @@ readelf_usage(int status)
int
main(int argc, char **argv)
{
cap_rights_t rights;
fileargs_t *fa;
struct readelf *re, re_storage;
unsigned long si;
int opt, i;
int fd, opt, i;
char *ep;
re = &re_storage;
@ -7714,9 +7714,28 @@ main(int argc, char **argv)
errx(EXIT_FAILURE, "ELF library initialization failed: %s",
elf_errmsg(-1));
cap_rights_init(&rights, CAP_FCNTL, CAP_FSTAT, CAP_MMAP_R, CAP_SEEK);
fa = fileargs_init(argc, argv, O_RDONLY, 0, &rights, FA_OPEN);
if (fa == NULL)
err(1, "Unable to initialize casper fileargs");
caph_cache_catpages();
if (caph_limit_stdio() < 0) {
fileargs_free(fa);
err(1, "Unable to limit stdio rights");
}
if (caph_enter_casper() < 0) {
fileargs_free(fa);
err(1, "Unable to enter capability mode");
}
for (i = 0; i < argc; i++) {
re->filename = argv[i];
dump_object(re);
fd = fileargs_open(fa, re->filename);
if (fd < 0)
warn("open %s failed", re->filename);
else
dump_object(re, fd);
}
exit(EXIT_SUCCESS);

View File

@ -1,5 +1,7 @@
# $FreeBSD$
.include <src.opts.mk>
ELFTCDIR= ${SRCTOP}/contrib/elftoolchain
READELFDIR= ${ELFTCDIR}/readelf
@ -10,6 +12,12 @@ SRCS= readelf.c
LIBADD= dwarf elftc elf
.if ${MK_CASPER} != "no"
LIBADD+= casper
LIBADD+= cap_fileargs
CFLAGS+= -DWITH_CASPER
.endif
CFLAGS+=-I${ELFTCDIR}/libelftc -I${ELFTCDIR}/common
# This same hack is in lib/libelf/Makefile and lib/libdwarf/Makefile