Page MenuHomeFreeBSD
Files F142675221

D31266.id.diff
No OneTemporary
Actions

D31266.id.diff
View Options

diff --git a/sbin/dumpon/dumpon.c b/sbin/dumpon/dumpon.c
--- a/sbin/dumpon/dumpon.c
+++ b/sbin/dumpon/dumpon.c
@@ -48,6 +48,7 @@
#include <sys/disk.h>
#include <sys/socket.h>
#include <sys/sysctl.h>
+#include <sys/wait.h>
#include <assert.h>
#include <capsicum_helpers.h>
@@ -210,7 +211,7 @@
#ifdef HAVE_CRYPTO
static void
-genkey(const char *pubkeyfile, struct diocskerneldump_arg *kdap)
+_genkey(const char *pubkeyfile, struct diocskerneldump_arg *kdap)
{
FILE *fp;
RSA *pubkey;
@@ -305,6 +306,50 @@
}
RSA_free(pubkey);
}
+
+/*
+ * Run genkey() in a child so it can use capability mode without affecting
+ * the rest of the runtime.
+ */
+static void
+genkey(const char *pubkeyfile, struct diocskerneldump_arg *kdap)
+{
+ pid_t pid;
+ int error, filedes[2], status;
+ ssize_t bytes;
+
+ if (pipe2(filedes, O_CLOEXEC) != 0)
+ err(1, "pipe");
+ pid = fork();
+ switch (pid) {
+ case -1:
+ err(1, "fork");
+ break;
+ case 0:
+ close(filedes[0]);
+ _genkey(pubkeyfile, kdap);
+ /* Write the new kdap back to the parent. */
+ bytes = write(filedes[1], kdap, sizeof(*kdap));
+ if (bytes != sizeof(*kdap))
+ err(1, "genkey pipe write");
+ _exit(0);
+ }
+ close(filedes[1]);
+ /* Read in the child's genkey() result into kdap. */
+ bytes = read(filedes[0], kdap, sizeof(*kdap));
+ if (bytes != sizeof(*kdap))
+ errx(1, "genkey pipe read");
+ error = waitpid(pid, &status, WEXITED);
+ if (error == -1)
+ err(1, "waitpid");
+ if (WIFEXITED(status) && WEXITSTATUS(status) != 0)
+ errx(1, "genkey child exited with status %d",
+ WEXITSTATUS(status));
+ else if (WIFSIGNALED(status))
+ errx(1, "genkey child exited with signal %d",
+ WTERMSIG(status));
+ close(filedes[0]);
+}
#endif
static void

File Metadata

Mime Type
text/plain
Expires
Fri, Jan 23, 3:18 AM (11 h, 32 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
27873249
Default Alt Text
D31266.id.diff (1 KB)

Event Timeline