diff options
author | Allan Jude <allanjude@FreeBSD.org> | 2017-02-19 06:02:41 +0000 |
---|---|---|
committer | Allan Jude <allanjude@FreeBSD.org> | 2017-02-19 06:02:41 +0000 |
commit | ba0320553cf1a31ad62df9abef2daa41754f5a4e (patch) | |
tree | f12f25e1400e79c6fb9a951c3b4e50ec6b4e547d | |
parent | 0d965629892e2d046c35fb9e73f23cbc4584323f (diff) | |
download | src-ba0320553cf1a31ad62df9abef2daa41754f5a4e.tar.gz src-ba0320553cf1a31ad62df9abef2daa41754f5a4e.zip |
Capsicum-ize lam(1)
lam(1) is used in portsnap(8), so lock it down
Reviewed by: emaste, cem, jonathan
Sponsored by: ScaleEngine Inc.
Differential Revision: https://reviews.freebsd.org/D8076
Notes
Notes:
svn path=/head/; revision=313938
-rw-r--r-- | usr.bin/lam/lam.c | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/usr.bin/lam/lam.c b/usr.bin/lam/lam.c index 60d1c52e2805..7cb2ccece72a 100644 --- a/usr.bin/lam/lam.c +++ b/usr.bin/lam/lam.c @@ -46,11 +46,16 @@ __FBSDID("$FreeBSD$"); * Author: John Kunze, UCB */ +#include <sys/capsicum.h> + +#include <capsicum_helpers.h> #include <ctype.h> #include <err.h> +#include <errno.h> #include <stdio.h> #include <stdlib.h> #include <string.h> +#include <unistd.h> #define MAXOFILES 20 #define BIGBUFSIZ 5 * BUFSIZ @@ -84,6 +89,17 @@ main(int argc, char *argv[]) getargs(argv); if (!morefiles) usage(); + + /* + * Cache NLS data, for strerror, for err(3), before entering capability + * mode. + */ + caph_cache_catpages(); + if (caph_limit_stdio() == -1) + err(1, "unable to limit stdio"); + if (cap_enter() < 0 && errno != ENOSYS) + err(1, "unable to enter capability mode"); + for (;;) { linep = line; for (ip = input; ip->fp != NULL; ip++) @@ -105,7 +121,9 @@ getargs(char *av[]) static char fmtbuf[BUFSIZ]; char *fmtp = fmtbuf; int P, S, F, T; + cap_rights_t rights_ro; + cap_rights_init(&rights_ro, CAP_READ, CAP_FSTAT); P = S = F = T = 0; /* capitalized options */ while ((p = *++av) != NULL) { if (*p != '-' || !p[1]) { @@ -116,6 +134,8 @@ getargs(char *av[]) else if ((ip->fp = fopen(p, "r")) == NULL) { err(1, "%s", p); } + if (cap_rights_limit(fileno(ip->fp), &rights_ro) < 0) + err(1, "unable to limit rights on: %s", p); ip->pad = P; if (!ip->sepstring) ip->sepstring = (S ? (ip-1)->sepstring : ""); |