Capsicumize pom
Since pom is the only binary that can save lives, capsicumize it to be sure that it's safe to run it. Reviewed by: bapt
This commit is contained in:
parent
2e36bffb79
commit
d2b8cbe201
@ -53,6 +53,11 @@ __FBSDID("$FreeBSD$");
|
||||
*
|
||||
*/
|
||||
|
||||
#include <sys/capsicum.h>
|
||||
#include <capsicum_helpers.h>
|
||||
|
||||
#include <err.h>
|
||||
#include <errno.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <math.h>
|
||||
@ -81,6 +86,7 @@ static void usage(char *progname);
|
||||
int
|
||||
main(int argc, char **argv)
|
||||
{
|
||||
cap_rights_t rights;
|
||||
time_t tt;
|
||||
struct tm GMT, tmd;
|
||||
double days, today, tomorrow;
|
||||
@ -88,6 +94,14 @@ main(int argc, char **argv)
|
||||
char *odate = NULL, *otime = NULL;
|
||||
char *progname = argv[0];
|
||||
|
||||
if (caph_limit_stdio() < 0)
|
||||
err(1, "unable to limit capabitilities for stdio");
|
||||
cap_rights_init(&rights, CAP_WRITE);
|
||||
|
||||
caph_cache_catpages();
|
||||
if (cap_enter() < 0 && errno != ENOSYS)
|
||||
err(1, "unable to enter capability mode");
|
||||
|
||||
while ((ch = getopt(argc, argv, "d:pt:")) != -1)
|
||||
switch (ch) {
|
||||
case 'd':
|
||||
|
Loading…
Reference in New Issue
Block a user