Page MenuHomeFreeBSD

Adapting tail(1) to use Capsicum
ClosedPublic

Authored by nsultana_seas.upenn.edu on May 24 2019, 1:15 AM.
Referenced Files
Unknown Object (File)
Sun, Mar 10, 1:01 PM
Unknown Object (File)
Sun, Mar 10, 12:57 PM
Unknown Object (File)
Feb 4 2024, 6:01 AM
Unknown Object (File)
Jan 11 2024, 9:14 PM
Unknown Object (File)
Jan 2 2024, 12:01 AM
Unknown Object (File)
Dec 20 2023, 2:45 AM
Unknown Object (File)
Nov 26 2023, 9:21 PM
Unknown Object (File)
Nov 8 2023, 11:12 AM
Subscribers

Details

Test Plan

~ % kyua test -k /usr/tests/usr.bin/tail/Kyuafile
tail_test:broken_pipe -> passed [2.139s]
tail_test:empty_r -> passed [0.068s]
tail_test:file_r -> passed [0.080s]
tail_test:file_rc28 -> passed [0.082s]
tail_test:file_rn2 -> passed [0.080s]
tail_test:longfile_r -> passed [0.107s]
tail_test:longfile_r_enomem -> passed [0.368s]
tail_test:longfile_r_longlines -> passed [0.130s]
tail_test:longfile_rc135782 -> passed [0.100s]
tail_test:longfile_rc145782_longlines -> passed [0.109s]
tail_test:longfile_rn2500 -> passed [0.104s]
tail_test:pipe_leading_newline_r -> passed [0.066s]

Results file id is usr_tests_usr.bin_tail.20190523-004618-431682
Results saved to /home/vagrant/.kyua/store/results.usr_tests_usr.bin_tail.20190523-004618-431682.db

12/12 passed (0 failed)

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

oshogbo requested changes to this revision.May 24 2019, 6:47 PM
oshogbo added inline comments.
tail.c
99

Hym those it works?
You don't have a write premsion on stderr so all the errs probably are not printed.
The MMAP_RW is not needed only for stdin?

This revision now requires changes to proceed.May 24 2019, 6:47 PM

STDOUT_FILENO and STDERR_FILENO are given CAP_WRITE, and not given the extra capabilities needed by STDIN_FILENO and file arguments to tail(1).

tail.c
99

In the updated patch the capabilities are more carefully chosen for each fd.

tail.c
99

Can we just use caph_limit_stderr and caph_limit_stdout?

Using more idiomatic caph_limit_stderr(3) and caph_limit_stdout(3) in this instance instead of calls to caph_rights_limit(3).

tail.c
99

Yes and ends up being cleaner, thanks for the advice. I've updated and retested the patch.

This revision is now accepted and ready to land.Jun 5 2019, 10:37 PM
This revision was automatically updated to reflect the committed changes.