Sandboxed majority of the program(enter cap mode after getopt and socket setup). 
Logger now uses cap_openlog, cap_syslog instead of openlog, syslog.
Details
- Reviewers
- markj - emaste - oshogbo 
- Commits
- rS358919: logger: capsicumize
$ ./log.sh rm -f .depend echo logger.full: /usr/lib/libc.a /usr/lib/libm.a >> .depend cc -O2 -pipe -DINET6 -DWITH_CASPER -g -MD -MF.depend.logger.o -MTlogger.o -std=gnu99 -Wno-format-zero-length -fstack-protector-strong -Wsystem-headers -Werror -Wall -Wno-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch -Wshadow -Wunused-parameter -Wcast-align -Wchar-subscripts -Winline -Wnested-externs -Wredundant-decls -Wold-style-definition -Wno-pointer-sign -Wmissing-variable-declarations -Wthread-safety -Wno-empty-body -Wno-string-plus-int -Wno-unused-const-variable -Qunused-arguments -c /usr/home/tig/freebsd-1/usr.bin/logger/logger.c -o logger.o cc -O2 -pipe -DINET6 -DWITH_CASPER -g -std=gnu99 -Wno-format-zero-length -fstack-protector-strong -Wsystem-headers -Werror -Wall -Wno-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch -Wshadow -Wunused-parameter -Wcast-align -Wchar-subscripts -Winline -Wnested-externs -Wredundant-decls -Wold-style-definition -Wno-pointer-sign -Wmissing-variable-declarations -Wthread-safety -Wno-empty-body -Wno-string-plus-int -Wno-unused-const-variable -Qunused-arguments -o logger.full logger.o -L/usr/obj/usr/home/tig/freebsd-1/amd64.amd64/lib/msun -lm -L/usr/obj/usr/home/tig/freebsd-1/amd64.amd64/lib/libcasper/libcasper -lcasper -L/usr/obj/usr/home/tig/freebsd-1/amd64.amd64/lib/libcasper/services/cap_syslog -lcap_syslog objcopy --only-keep-debug logger.full logger.debug objcopy --strip-debug --add-gnu-debuglink=logger.debug logger.full logger Password: install -s -o root -g wheel -m 555 logger /usr/bin/logger install -o root -g wheel -m 444 logger.debug /usr/lib/debug/usr/bin/logger.debug install -o root -g wheel -m 444 logger.1.gz /usr/share/man/man1/ $ logger asdfa $ tail -n 5 /var/log/messages Feb 18 12:54:55 tiger_1 root[3389]: xd Feb 18 12:55:30 tiger_1 root[3483]: xd Feb 18 12:57:57 tiger_1 root[3568]: xd Feb 18 13:12:13 tiger_1 root[3756]: asdf Feb 18 13:18:45 tiger_1 root[3897]: asdfa
Diff Detail
- Lint
- Lint Skipped 
- Unit
- Tests Skipped 
Event Timeline
| usr.bin/logger/logger.c | ||
|---|---|---|
| 188 | optarg may not point at the argument any longer - for example a command line of -p foo -S bar will have optarg pointing to bar at this point. | |
| usr.bin/logger/logger.c | ||
|---|---|---|
| 188 | Oops - ch will also not still be 'p'. | |
| usr.bin/logger/logger.c | ||
|---|---|---|
| 188 | oops. Fixed | |
| usr.bin/logger/logger.c | ||
|---|---|---|
| 83 | Fixed. | |
If you want I can commit this for you.
| usr.bin/logger/logger.c | ||
|---|---|---|
| 180 | Yes. The difference is that cap_enter syscall may not be build in the system and then you have to check for errno != ENOSYS, otherwise tool will not work on the systems without CAPSICUM. caph_* hides it from you. | |
| 182 | Now you don't have to check for errno. | |
This breaks usages like: echo foo | logger with:
connect(3,{ AF_UNIX "/var/run/log" },106) ERR#94 'Not permitted in capability mode'
close(3) = 0 (0x0)
sendto(-1,"<13>1 2022-10-19T08:28:33.995711"...,84,0,NULL,0) ERR#9 'Bad file descriptor'