Page MenuHomeFreeBSD

uuencode(1): Capsicumify
Needs ReviewPublic

Authored by bkidney_briankidney.ca on Jun 9 2018, 2:18 AM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Feb 1, 5:37 PM
Unknown Object (File)
Fri, Jan 13, 5:12 PM
Unknown Object (File)
Dec 26 2022, 8:28 AM
Unknown Object (File)
Dec 20 2022, 2:07 AM
Subscribers
None

Details

Summary

Adds Capsicum to uuencode(1).

Test Plan

uuencode stdin -> stdout
uuencode file -> stdout
uuencode stdin -> file
uuencode file -> file
uuencode pipe -> stdout

Diff Detail

Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 17684
Build 17489: arc lint + arc unit

Event Timeline

usr.bin/uuencode/uuencode.c
134

style(9) asks for variable declarations to be placed at least top of scope, if not at the top of the function.

135

Is this really all that is needed on output, or do we also need the usual stream rights? I'd suggest using caph_limit_stream(fileno(output), CAP_WRITE).

136

style(9) nit: excess spaces between parens

Use fileno(3) to access output's fd; do not access FILE members directly.

style(9) nit: Do not use non-boolean values directly in conditionals (i.e., compare cap_rights_limit(...) to zero).

142

This could be replaced with caph_enter() :-).

Are we sure this program does not need to cache catpages before entering the sandbox? (I.e., it does not attempt to access any localization after this point, if lang is not en_US?)

bkidney_briankidney.ca marked an inline comment as not done.

Fixes errors inadvertently committed.

  • Removes unused variable.
  • Fixes error using CAP_WRITE instead of CAPH_WRITE
usr.bin/uuencode/uuencode.c
142

I ran the modifier uuencode through ktrace(1) and found no reference to anything like localization after caph_enter(). The only system call observed wrt file descriptors were the read and write call for the input and output files.