Page MenuHomeFreeBSD
Files F136065285

D8543.id22279.diff
No OneTemporary
Actions

D8543.id22279.diff
View Options

Index: bin/dd/dd.c
===================================================================
--- bin/dd/dd.c
+++ bin/dd/dd.c
@@ -48,10 +48,13 @@
#include <sys/param.h>
#include <sys/stat.h>
#include <sys/conf.h>
+#include <sys/capsicum.h>
#include <sys/disklabel.h>
#include <sys/filio.h>
+#include <sys/mtio.h>
#include <assert.h>
+#include <capsicum_helpers.h>
#include <ctype.h>
#include <err.h>
#include <errno.h>
@@ -92,6 +95,14 @@
jcl(argv);
setup();
+ caph_cache_tzdata();
+ caph_cache_catpages();
+ if (cap_enter() == -1) {
+ if (errno != ENOSYS)
+ err(1, "cap_enter() failed");
+ warn("Capsicum unavailable, running without a sandbox");
+ }
+
(void)signal(SIGINFO, siginfo_handler);
(void)signal(SIGINT, terminate);
@@ -125,6 +136,8 @@
setup(void)
{
u_int cnt;
+ cap_rights_t rights;
+ unsigned long cmds[] = {MTIOCTOP, FIODTYPE};
if (in.name == NULL) {
in.name = "stdin";
@@ -133,13 +146,20 @@
in.fd = open(in.name, O_RDONLY, 0);
if (in.fd == -1)
err(1, "%s", in.name);
+ if (caph_limit_stdin() == -1)
+ err(1, "Unable to limit capability rights");
}
getfdtype(&in);
+ cap_rights_init(&rights, CAP_READ, CAP_SEEK);
+ if (cap_rights_limit(in.fd, &rights) == -1 && errno != ENOSYS)
+ err(1, "Unable to limit capability rights");
+
if (files_cnt > 1 && !(in.flags & ISTAPE))
errx(1, "files is not supported for non-tape devices");
+ cap_rights_set(&rights, CAP_WRITE, CAP_FTRUNCATE, CAP_IOCTL);
if (out.name == NULL) {
/* No way to check for read access here. */
out.fd = STDOUT_FILENO;
@@ -156,13 +176,27 @@
if (out.fd == -1) {
out.fd = open(out.name, O_WRONLY | OFLAGS, DEFFILEMODE);
out.flags |= NOREAD;
+ cap_rights_clear(&rights, CAP_READ);
}
if (out.fd == -1)
err(1, "%s", out.name);
+ if (caph_limit_stdout() == -1 && errno != ENOSYS)
+ err(1, "Unable to limit capability rights");
}
getfdtype(&out);
+ if (cap_rights_limit(out.fd, &rights) == -1 && errno != ENOSYS)
+ err(1, "Unable to limit capability rights");
+ if (cap_ioctls_limit(out.fd, cmds, nitems(cmds)) == -1 &&
+ errno != ENOSYS)
+ err(1, "Unable to limit capability rights");
+
+ if (in.fd != STDERR_FILENO && out.fd != STDERR_FILENO) {
+ if (caph_limit_stderr() == -1 && errno != ENOSYS)
+ err(1, "Unable to limit capability rights");
+ }
+
/*
* Allocate space for the input and output buffers. If not doing
* record oriented I/O, only need a single buffer.

File Metadata

Mime Type
text/plain
Expires
Sun, Nov 16, 12:41 PM (3 h, 30 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
25369922
Default Alt Text
D8543.id22279.diff (2 KB)

Event Timeline