head: sandbox using capsicum

Reviewed by:	emaste
Differential Revision:	https://reviews.freebsd.org/D14409

usr.bin/head/Makefile

@@ -8,4 +8,10 @@ PROG=	head
 HAS_TESTS=
 SUBDIR.${MK_TESTS}+= tests
 
+.if ${MK_CASPER} != "no" && !defined(RESCUE)
+LIBADD+=        casper
+LIBADD+=        cap_fileargs
+CFLAGS+=-DWITH_CASPER
+.endif
+
 .include <bsd.prog.mk>

usr.bin/head/head.c

@@ -43,10 +43,13 @@ static char sccsid[] = "@(#)head.c	8.2 (Berkeley) 5/4/95";
 #include <sys/cdefs.h>
 __FBSDID("$FreeBSD$");
 
+#include <sys/capsicum.h>
 #include <sys/types.h>
 
+#include <capsicum_helpers.h>
 #include <ctype.h>
 #include <err.h>
+#include <errno.h>
 #include <getopt.h>
 #include <inttypes.h>
 #include <stdio.h>
@@ -54,6 +57,9 @@ __FBSDID("$FreeBSD$");
 #include <string.h>
 #include <unistd.h>
 
+#include <libcasper.h>
+#include <casper/cap_fileargs.h>
+
 /*
  * head - give the first few lines of a stream or of each of a set of files
  *
@@ -79,6 +85,8 @@ main(int argc, char *argv[])
 	char *ep;
 	off_t bytecnt;
 	int ch, first, linecnt, eval;
+	fileargs_t *fa;
+	cap_rights_t rights;
 
 	linecnt = -1;
 	eval = 0;
@@ -106,13 +114,22 @@ main(int argc, char *argv[])
 	argc -= optind;
 	argv += optind;
 
+	fa = fileargs_init(argc, argv, O_RDONLY, 0,
+	    cap_rights_init(&rights, CAP_READ, CAP_FSTAT, CAP_FCNTL));
+	if (fa == NULL)
+		errx(1, "unable to init casper");
+
+	caph_cache_catpages();
+	if (caph_limit_stdio() < 0 || caph_enter_casper() < 0)
+		err(1, "unable to enter capability mode");
+
 	if (linecnt != -1 && bytecnt != -1)
 		errx(1, "can't combine line and byte counts");
 	if (linecnt == -1)
 		linecnt = 10;
 	if (*argv != NULL) {
 		for (first = 1; *argv != NULL; ++argv) {
-			if ((fp = fopen(*argv, "r")) == NULL) {
+			if ((fp = fileargs_fopen(fa, *argv, "r")) == NULL) {
 				warn("%s", *argv);
 				eval = 1;
 				continue;
@@ -133,6 +150,7 @@ main(int argc, char *argv[])
 	else
 		head_bytes(stdin, bytecnt);
 
+	fileargs_free(fa);
 	exit(eval);
 }