elfdump: adjust stdout/stderr capabilities

stdio uses fstat and the TIOCGETA ioctl. Also collapse the
cap_rights_limit and new cap_ioctls_limit calls into one if statement.
Errors here are not actionable by the user and distinguishing stdout
from stderr doesn't really have value.

Reported by:	kib
Reviewed by:	allanjude, bapt
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D7944
This commit is contained in:
emaste 2016-09-18 20:23:26 +00:00
parent 89ef19f657
commit f408c9567d

View File

@ -44,6 +44,7 @@ __FBSDID("$FreeBSD$");
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <termios.h>
#include <unistd.h>
#define ED_DYN (1<<0)
@ -504,6 +505,7 @@ main(int ac, char **av)
u_int64_t name;
u_int64_t type;
struct stat sb;
unsigned long cmd;
u_int flags;
Elf32_Ehdr *e;
void *p;
@ -572,11 +574,13 @@ main(int ac, char **av)
if (cap_rights_limit(fd, &rights) < 0 && errno != ENOSYS)
err(1, "unable to limit rights for %s", *av);
close(STDIN_FILENO);
cap_rights_init(&rights, CAP_WRITE);
if (cap_rights_limit(STDOUT_FILENO, &rights) < 0 && errno != ENOSYS)
err(1, "unable to limit rights for stdout");
if (cap_rights_limit(STDERR_FILENO, &rights) < 0 && errno != ENOSYS)
err(1, "unable to limit rights for stderr");
cap_rights_init(&rights, CAP_FSTAT, CAP_IOCTL, CAP_WRITE);
cmd = TIOCGETA; /* required by isatty(3) in printf(3) */
if ((cap_rights_limit(STDOUT_FILENO, &rights) < 0 && errno != ENOSYS) ||
(cap_ioctls_limit(STDOUT_FILENO, &cmd, 1) < 0 && errno != ENOSYS) ||
(cap_rights_limit(STDERR_FILENO, &rights) < 0 && errno != ENOSYS) ||
(cap_ioctls_limit(STDERR_FILENO, &cmd, 1) < 0 && errno != ENOSYS))
err(1, "unable to limit rights for stdout/stderr");
if (cap_enter() < 0 && errno != ENOSYS)
err(1, "unable to enter capability mode");
e = mmap(NULL, sb.st_size, PROT_READ, MAP_SHARED, fd, 0);