tail: capsicumize

Submitted by: Nik Sultana <sultana@seas.upenn.edu> Differential Revision: https://reviews.freebsd.org/D20393
2019-06-05 22:40:49 +00:00 · 2019-06-05 22:40:49 +00:00 · b4d2c3385c
commit b4d2c3385c
parent 5c816e43b4
2 changed files with 30 additions and 2 deletions
--- a/usr.bin/tail/Makefile
+++ b/usr.bin/tail/Makefile
@ -6,6 +6,12 @@
 PROG=	tail
 SRCS=	forward.c misc.c read.c reverse.c tail.c

+.if ${MK_CASPER} != "no"
+LIBADD+= casper
+LIBADD+= cap_fileargs
+CFLAGS+= -DWITH_CASPER
+.endif
+
 HAS_TESTS=
 SUBDIR.${MK_TESTS}+= tests

--- a/usr.bin/tail/tail.c
+++ b/usr.bin/tail/tail.c
@ -46,9 +46,11 @@ static const char copyright[] =
 static const char sccsid[] = "@(#)tail.c	8.1 (Berkeley) 6/6/93";
 #endif

+#include <sys/capsicum.h>
 #include <sys/types.h>
 #include <sys/stat.h>

+#include <capsicum_helpers.h>
 #include <err.h>
 #include <errno.h>
 #include <getopt.h>
@ -57,6 +59,9 @@ static const char sccsid[] = "@(#)tail.c	8.1 (Berkeley) 6/6/93";
 #include <string.h>
 #include <unistd.h>

+#include <libcasper.h>
+#include <casper/cap_fileargs.h>
+
 #include "extern.h"

 int Fflag, fflag, qflag, rflag, rval, no_files;
@ -85,6 +90,13 @@ main(int argc, char *argv[])
 	int i, ch, first;
 	file_info_t *file;
 	char *p;
+	fileargs_t *fa;
+	cap_rights_t rights;
+
+	cap_rights_init(&rights, CAP_FSTAT, CAP_FCNTL, CAP_MMAP_RW);
+	if (caph_rights_limit(STDIN_FILENO, &rights) < 0 ||
+	    caph_limit_stderr() < 0 || caph_limit_stdout() < 0)
+		err(1, "can't limit stdio rights");

 	/*
 	 * Tail's options are weird.  First, -n10 is the same as -n-10, not
@ -155,6 +167,15 @@ main(int argc, char *argv[])

 	no_files = argc ? argc : 1;

+	fa = fileargs_init(argc, argv, O_RDONLY, 0, &rights, FA_OPEN);
+	if (fa == NULL)
+		errx(1, "unable to init casper");
+
+	caph_cache_catpages();
+	if (caph_enter_casper() < 0)
+		err(1, "unable to enter capability mode");
+
+	
 	/*
 	 * If displaying in reverse, don't permit follow option, and convert
 	 * style values.
@ -192,7 +213,7 @@ main(int argc, char *argv[])
 			file->file_name = strdup(fn);
 			if (! file->file_name)
 				errx(1, "Couldn't malloc space for file name.");
-			if ((file->fp = fopen(file->file_name, "r")) == NULL ||
+			if ((file->fp = fileargs_fopen(fa, file->file_name, "r")) == NULL ||
 			    fstat(fileno(file->fp), &file->st)) {
 				if (file->fp != NULL) {
 					fclose(file->fp);
@ -209,7 +230,7 @@ main(int argc, char *argv[])
 		free(files);
 	} else if (*argv) {
 		for (first = 1; (fn = *argv++);) {
-			if ((fp = fopen(fn, "r")) == NULL ||
+			if ((fp = fileargs_fopen(fa, fn, "r")) == NULL ||
 			    fstat(fileno(fp), &sb)) {
 				ierr(fn);
 				continue;
@ -247,6 +268,7 @@ main(int argc, char *argv[])
 		else
 			forward(stdin, fn, style, off, &sb);
 	}
+	fileargs_free(fa);
 	exit(rval);
 }