d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove the duplicated code using Capsicum helpers.

Browse Source 
Reviewed by:	cem, ed, bapt, emaste
Differential Revision	https://reviews.freebsd.org/D8140
This commit is contained in:
Mariusz Zaborski 2016-10-07 17:56:57 +00:00
parent f2af6f7bf1
commit a4e3fc54a0
6 changed files with 28 additions and 119 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
usr.bin/cmp/cmp.c
View File

@ -46,6 +46,7 @@ __FBSDID("$FreeBSD$");
#include <sys/capsicum.h>
#include <sys/stat.h>
#include <capsicum_helpers.h>
#include <err.h>
#include <errno.h>
#include <fcntl.h>
@ -53,7 +54,6 @@ __FBSDID("$FreeBSD$");
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <termios.h>
#include <unistd.h>
#include "extern.h"
@ -70,7 +70,6 @@ main(int argc, char *argv[])
int ch, fd1, fd2, oflag, special;
const char *file1, *file2;
cap_rights_t rights;
unsigned long cmd;
uint32_t fcntls;
oflag = O_RDONLY;
@ -165,20 +164,10 @@ main(int argc, char *argv[])
if (cap_fcntls_limit(fd2, fcntls) < 0 && errno != ENOSYS)
err(ERR_EXIT, "unable to limit fcntls for %s", file2);
cap_rights_init(&rights, CAP_FSTAT, CAP_WRITE, CAP_IOCTL);
if (cap_rights_limit(STDOUT_FILENO, &rights) < 0 && errno != ENOSYS)
err(ERR_EXIT, "unable to limit rights for stdout");
if (caph_limit_stdout() == -1 || caph_limit_stderr() == -1)
err(ERR_EXIT, "unable to limit stdio");
/* Required for printf(3) via isatty(3). */
cmd = TIOCGETA;
if (cap_ioctls_limit(STDOUT_FILENO, &cmd, 1) < 0 && errno != ENOSYS)
err(ERR_EXIT, "unable to limit ioctls for stdout");
/*
* Cache NLS data, for strerror, for err(3), before entering capability
* mode.
*/
(void)catopen("libc", NL_CAT_LOCALE);
caph_cache_catpages();
if (cap_enter() < 0 && errno != ENOSYS)
err(ERR_EXIT, "unable to enter capability mode");

14
usr.bin/col/col.c
View File

@ -47,6 +47,7 @@ __FBSDID("$FreeBSD$");
#include <sys/capsicum.h>
#include <capsicum_helpers.h>
#include <err.h>
#include <errno.h>
#include <locale.h>
@ -135,20 +136,11 @@ main(int argc, char **argv)
int nflushd_lines; /* number of lines that were flushed */
int adjust, opt, warned, width;
const char *errstr;
cap_rights_t rights;
unsigned long cmd;
(void)setlocale(LC_CTYPE, "");
cap_rights_init(&rights, CAP_FSTAT, CAP_READ);
if (cap_rights_limit(STDIN_FILENO, &rights) < 0 && errno != ENOSYS)
err(1, "unable to limit rights for stdin");
cap_rights_init(&rights, CAP_FSTAT, CAP_WRITE, CAP_IOCTL);
if (cap_rights_limit(STDOUT_FILENO, &rights) < 0 && errno != ENOSYS)
err(1, "unable to limit rights for stdout");
cmd = TIOCGETA; /* required by isatty(3) in printf(3) */
if (cap_ioctls_limit(STDOUT_FILENO, &cmd, 1) < 0 && errno != ENOSYS)
err(1, "unable to limit ioctls for stdout");
if (caph_limit_stdio() == -1)
err(1, "unable to limit stdio");
if (cap_enter() < 0 && errno != ENOSYS)
err(1, "unable to enter capability mode");

16
usr.bin/elfdump/elfdump.c
View File

@ -36,6 +36,7 @@ __FBSDID("$FreeBSD$");
#include <sys/endian.h>
#include <sys/mman.h>
#include <sys/stat.h>
#include <capsicum_helpers.h>
#include <err.h>
#include <errno.h>
#include <fcntl.h>
@ -44,7 +45,6 @@ __FBSDID("$FreeBSD$");
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <termios.h>
#include <unistd.h>
#define ED_DYN (1<<0)
@ -505,7 +505,6 @@ main(int ac, char **av)
u_int64_t name;
u_int64_t type;
struct stat sb;
unsigned long cmd;
u_int flags;
Elf32_Ehdr *e;
void *p;
@ -573,14 +572,11 @@ main(int ac, char **av)
cap_rights_init(&rights, CAP_MMAP_R);
if (cap_rights_limit(fd, &rights) < 0 && errno != ENOSYS)
err(1, "unable to limit rights for %s", *av);
cap_rights_limit(STDIN_FILENO, cap_rights_init(&rights));
cap_rights_init(&rights, CAP_FSTAT, CAP_IOCTL, CAP_WRITE);
cmd = TIOCGETA; /* required by isatty(3) in printf(3) */
if ((cap_rights_limit(STDOUT_FILENO, &rights) < 0 && errno != ENOSYS) ||
(cap_ioctls_limit(STDOUT_FILENO, &cmd, 1) < 0 && errno != ENOSYS) ||
(cap_rights_limit(STDERR_FILENO, &rights) < 0 && errno != ENOSYS) ||
(cap_ioctls_limit(STDERR_FILENO, &cmd, 1) < 0 && errno != ENOSYS))
err(1, "unable to limit rights for stdout/stderr");
cap_rights_init(&rights);
if ((cap_rights_limit(STDIN_FILENO, &rights) < 0 && errno != ENOSYS) ||
caph_limit_stdout() < 0 || caph_limit_stderr() < 0) {
err(1, "unable to limit rights for stdio");
}
if (cap_enter() < 0 && errno != ENOSYS)
err(1, "unable to enter capability mode");
e = mmap(NULL, sb.st_size, PROT_READ, MAP_SHARED, fd, 0);

42
usr.bin/kdump/kdump.c
View File

@ -62,6 +62,7 @@ __FBSDID("$FreeBSD$");
#include <arpa/inet.h>
#include <netinet/in.h>
#include <ctype.h>
#include <capsicum_helpers.h>
#include <err.h>
#include <grp.h>
#include <inttypes.h>
@ -74,7 +75,6 @@ __FBSDID("$FreeBSD$");
#include <stdlib.h>
#include <string.h>
#include <sysdecode.h>
#include <termios.h>
#include <time.h>
#include <unistd.h>
#include <vis.h>
@ -110,7 +110,6 @@ void ktrstruct(char *, size_t);
void ktrcapfail(struct ktr_cap_fail *);
void ktrfault(struct ktr_fault *);
void ktrfaultend(struct ktr_faultend *);
void limitfd(int fd);
void usage(void);
#define TIMESTAMP_NONE 0x0
@ -337,9 +336,8 @@ main(int argc, char *argv[])
err(1, "unable to enter capability mode");
}
#endif
limitfd(STDIN_FILENO);
limitfd(STDOUT_FILENO);
limitfd(STDERR_FILENO);
if (caph_limit_stdio() == -1)
err(1, "unable to limit stdio");
TAILQ_INIT(&trace_procs);
drop_logged = 0;
@ -432,40 +430,6 @@ main(int argc, char *argv[])
return 0;
}
void
limitfd(int fd)
{
cap_rights_t rights;
unsigned long cmd;
cap_rights_init(&rights, CAP_FSTAT);
cmd = 0;
switch (fd) {
case STDIN_FILENO:
cap_rights_set(&rights, CAP_READ);
break;
case STDOUT_FILENO:
cap_rights_set(&rights, CAP_IOCTL, CAP_WRITE);
cmd = TIOCGETA; /* required by isatty(3) in printf(3) */
break;
case STDERR_FILENO:
cap_rights_set(&rights, CAP_WRITE);
if (!suppressdata) {
cap_rights_set(&rights, CAP_IOCTL);
cmd = TIOCGWINSZ;
}
break;
default:
abort();
}
if (cap_rights_limit(fd, &rights) < 0 && errno != ENOSYS)
err(1, "unable to limit rights for descriptor %d", fd);
if (cmd != 0 && cap_ioctls_limit(fd, &cmd, 1) < 0 && errno != ENOSYS)
err(1, "unable to limit ioctls for descriptor %d", fd);
}
int
fread_tail(void *buf, int size, int num)
{

32
usr.bin/tee/tee.c
View File

@ -45,6 +45,7 @@ static const char rcsid[] =
#include <sys/stat.h>
#include <sys/types.h>
#include <capsicum_helpers.h>
#include <err.h>
#include <errno.h>
#include <fcntl.h>
@ -52,7 +53,6 @@ static const char rcsid[] =
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <termios.h>
#include <unistd.h>
typedef struct _list {
@ -73,8 +73,6 @@ main(int argc, char *argv[])
char *bp;
int append, ch, exitval;
char *buf;
cap_rights_t rights;
unsigned long cmd;
#define BSIZE (8 * 1024)
append = 0;
@ -96,15 +94,8 @@ main(int argc, char *argv[])
if ((buf = malloc(BSIZE)) == NULL)
err(1, "malloc");
cap_rights_init(&rights, CAP_READ, CAP_FSTAT);
if (cap_rights_limit(STDIN_FILENO, &rights) < 0 && errno != ENOSYS)
err(EXIT_FAILURE, "unable to limit rights for stdin");
cap_rights_init(&rights, CAP_WRITE, CAP_FSTAT, CAP_IOCTL);
if (cap_rights_limit(STDERR_FILENO, &rights) < 0 && errno != ENOSYS)
err(EXIT_FAILURE, "unable to limit rights for stderr");
cmd = TIOCGETA;
if (cap_ioctls_limit(STDERR_FILENO, &cmd, 1) < 0 && errno != ENOSYS)
err(EXIT_FAILURE, "unable to limit ioctls for stderr");
if (caph_limit_stdin() == -1 || caph_limit_stderr() == -1)
err(EXIT_FAILURE, "unable to limit stdio");
add(STDOUT_FILENO, "stdout");
@ -148,19 +139,14 @@ add(int fd, const char *name)
{
LIST *p;
cap_rights_t rights;
unsigned long cmd;
if (fd == STDOUT_FILENO)
cap_rights_init(&rights, CAP_WRITE, CAP_FSTAT, CAP_IOCTL);
else
cap_rights_init(&rights, CAP_WRITE, CAP_FSTAT);
if (cap_rights_limit(fd, &rights) < 0 && errno != ENOSYS)
err(EXIT_FAILURE, "unable to limit rights");
if (fd == STDOUT_FILENO) {
cmd = TIOCGETA;
if (cap_ioctls_limit(fd, &cmd, 1) < 0 && errno != ENOSYS)
err(EXIT_FAILURE, "unable to limit ioctls for stdout");
if (caph_limit_stdout() == -1)
err(EXIT_FAILURE, "unable to limit stdout");
} else {
cap_rights_init(&rights, CAP_WRITE, CAP_FSTAT);
if (cap_rights_limit(fd, &rights) < 0 && errno != ENOSYS)
err(EXIT_FAILURE, "unable to limit rights");
}
if ((p = malloc(sizeof(LIST))) == NULL)

24
usr.bin/tr/tr.c
View File

@ -44,16 +44,15 @@ static const char sccsid[] = "@(#)tr.c 8.2 (Berkeley) 5/4/95";
#include <sys/types.h>
#include <sys/capsicum.h>
#include <capsicum_helpers.h>
#include <ctype.h>
#include <err.h>
#include <errno.h>
#include <limits.h>
#include <locale.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <termios.h>
#include <unistd.h>
#include <wchar.h>
#include <wctype.h>
@ -72,8 +71,6 @@ int
main(int argc, char **argv)
{
static int carray[NCHARS_SB];
cap_rights_t rights;
unsigned long cmd;
struct cmap *map;
struct cset *delete, *squeeze;
int n, *p;
@ -82,23 +79,8 @@ main(int argc, char **argv)
(void)setlocale(LC_ALL, "");
cap_rights_init(&rights, CAP_FSTAT, CAP_IOCTL, CAP_READ);
if (cap_rights_limit(STDIN_FILENO, &rights) < 0 && errno != ENOSYS)
err(1, "unable to limit rights for stdin");
cap_rights_init(&rights, CAP_FSTAT, CAP_IOCTL, CAP_WRITE);
if (cap_rights_limit(STDOUT_FILENO, &rights) < 0 && errno != ENOSYS)
err(1, "unable to limit rights for stdout");
if (cap_rights_limit(STDERR_FILENO, &rights) < 0 && errno != ENOSYS)
err(1, "unable to limit rights for stderr");
/* Required for isatty(3). */
cmd = TIOCGETA;
if (cap_ioctls_limit(STDIN_FILENO, &cmd, 1) < 0 && errno != ENOSYS)
err(1, "unable to limit ioctls for stdin");
if (cap_ioctls_limit(STDOUT_FILENO, &cmd, 1) < 0 && errno != ENOSYS)
err(1, "unable to limit ioctls for stdout");
if (cap_ioctls_limit(STDERR_FILENO, &cmd, 1) < 0 && errno != ENOSYS)
err(1, "unable to limit ioctls for stderr");
if (caph_limit_stdio() == -1)
err(1, "unable to limit stdio");
if (cap_enter() < 0 && errno != ENOSYS)
err(1, "unable to enter capability mode");