d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Capsicum support for jot(1)

Browse Source 
Limit descriptors and enter capability mode in jot(1).

Submitted by:	brueffer (earlier version)
Reviewed by:	emaste, jonathan (earlier version)
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D1345
This commit is contained in:
cem 2016-10-19 21:50:57 +00:00
parent cc8c49749a
commit b7bcba44c9
1 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
usr.bin/jot/jot.c
View File

@ -47,8 +47,11 @@ __FBSDID("$FreeBSD$");
* Author: John Kunze, Office of Comp. Affairs, UCB * Author: John Kunze, Office of Comp. Affairs, UCB
*/ */
#include <sys/capsicum.h>
#include <capsicum_helpers.h>
#include <ctype.h> #include <ctype.h>
#include <err.h> #include <err.h>
#include <errno.h>
#include <limits.h> #include <limits.h>
#include <stdio.h> #include <stdio.h>
#include <stdint.h> #include <stdint.h>
@ -89,6 +92,7 @@ static void usage(void);
int int
main(int argc, char **argv) main(int argc, char **argv)
{ {
cap_rights_t rights;
bool have_format = false; bool have_format = false;
bool infinity = false; bool infinity = false;
bool nofinalnl = false; bool nofinalnl = false;
@ -105,6 +109,21 @@ main(int argc, char **argv)
long i; long i;
long reps = REPS_DEF; long reps = REPS_DEF;
if (caph_limit_stdio() < 0)
err(1, "unable to limit rights for stdio");
cap_rights_init(&rights);
if (cap_rights_limit(STDIN_FILENO, &rights) < 0 && errno != ENOSYS)
err(1, "unable to limit rights for stdin");
/*
* Cache NLS data, for strerror, for err(3), before entering capability
* mode.
*/
caph_cache_catpages();
if (cap_enter() < 0 && errno != ENOSYS)
err(1, "unable to enter capability mode");
while ((ch = getopt(argc, argv, "b:cnp:rs:w:")) != -1) while ((ch = getopt(argc, argv, "b:cnp:rs:w:")) != -1)
switch (ch) { switch (ch) {
case 'b': case 'b':