Page MenuHomeFreeBSD
Differential D18860

Fix cmp(1) to handle the case where standard streams are closed.
ClosedPublic
Actions

Authored by markj on Jan 16 2019, 8:39 PM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Apr 11, 12:25 PM
Unknown Object (File)
Thu, Apr 11, 12:24 PM
Unknown Object (File)
Thu, Apr 11, 1:11 AM
Unknown Object (File)
Thu, Apr 11, 1:10 AM
Unknown Object (File)
Thu, Apr 11, 1:10 AM
Unknown Object (File)
Thu, Apr 11, 1:08 AM
Unknown Object (File)
Wed, Apr 10, 6:10 PM
Unknown Object (File)
Sun, Mar 31, 6:10 PM
View All 36 Files
Subscribers
imp

Details

Reviewers
oshogbo
Group Reviewers
capsicum
Commits
rS343117: Fix handling of rights on stdio streams.
Summary

Use caph_limit_stdio() before opening input files. This function
suppresses EBADF. When further limiting stdin, make sure STDIN_FILENO
isn't being used for one of the input files.

Fix some style bugs while here.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

markj created this revision.Jan 16 2019, 8:39 PM
Harbormaster completed remote builds in B21986: Diff 52898.Jan 16 2019, 8:39 PM
markj added reviewers: oshogbo, capsicum.Jan 16 2019, 8:40 PM
oshogbo added inline comments.Jan 16 2019, 9:26 PM
usr.bin/cmp/cmp.c
119 ↗(On Diff #52898)

stderr?

119 ↗(On Diff #52898)

I miss read sorry.

oshogbo added inline comments.Jan 16 2019, 9:39 PM
usr.bin/cmp/cmp.c
167 ↗(On Diff #52898)

Hym not sure if I get this.
special is set if fd1 or fd2 is set to the STDIN right? So we don't need to check those.

169 ↗(On Diff #52898)

I'm not sure if I'm understand that correctly.
If we have a problem with closed STDIN dosent this return EBADF as well?
The special will not be set but STDIN will be closed, so this should fail I think.

markj added inline comments.Jan 16 2019, 9:45 PM
usr.bin/cmp/cmp.c
167 ↗(On Diff #52898)

Yes, but if !special and the shell doesn't provide stdin, then STDIN_FILENO will be used for one of the input files.

169 ↗(On Diff #52898)

If stdin is closed, then file descriptor 0 is available and will be claimed by fd1 or fd2. You are right though, this is making the assumption that open() will return the smallest available descriptor.

markj updated this revision to Diff 52900.Jan 16 2019, 9:57 PM
  • Verify that STDIN_FILENO is in use before limiting rights on it. In practice, it will always be in use: if STDIN_FILENO is not provided by the shell, then it will be claimed for fd1. But, we should not make assumptions about the kernel's fd allocation policy.
Harbormaster completed remote builds in B21987: Diff 52900.Jan 16 2019, 9:57 PM
oshogbo added inline comments.Jan 17 2019, 11:08 AM
usr.bin/cmp/cmp.c
170 ↗(On Diff #52900)

Let's just remove this whole block.
If the stdin is used lets limit it using caph_limit_stdio.
If it is but not used do we care to limit it further? In my opinion this is a minimal value if not even none and complicate code a lot.

markj added inline comments.Jan 17 2019, 4:00 PM
usr.bin/cmp/cmp.c
170 ↗(On Diff #52900)

Fair enough. I agree that it doesn't accomplish much: we're just removing read caps from the descriptor.

markj updated this revision to Diff 52928.Jan 17 2019, 4:02 PM

Don't bother limiting rights on stdin beyond what caph_limit_stdio()
does.

Harbormaster completed remote builds in B22002: Diff 52928.Jan 17 2019, 4:02 PM
oshogbo accepted this revision.Jan 17 2019, 5:09 PM
This revision is now accepted and ready to land.Jan 17 2019, 5:09 PM
Closed by commit rS343117: Fix handling of rights on stdio streams. (authored by markj). · Explain WhyJan 17 2019, 5:36 PM
This revision was automatically updated to reflect the committed changes.
Herald added a subscriber: imp. · View Herald TranscriptJan 17 2019, 5:36 PM

Revision Contents
Changeset List

PathSize
head/
usr.bin/
cmp/
23 lines

Diff 52934

View Options

head/usr.bin/cmp/cmp.c

Loading...