D7999.id21097.diff
No OneTemporary
Actions

Size

4 KB

Referenced Files

None

Subscribers

None

D7999.id21097.diff
View Options

	Index: usr.bin/write/write.c
	===================================================================
	--- usr.bin/write/write.c
	+++ usr.bin/write/write.c
	@@ -46,12 +46,15 @@
	__FBSDID("$FreeBSD$");

	#include <sys/param.h>
	+#include <sys/capsicum.h>
	+#include <sys/filio.h>
	#include <sys/signal.h>
	#include <sys/stat.h>
	-#include <sys/file.h>
	#include <sys/time.h>
	+
	#include <ctype.h>
	#include <err.h>
	+#include <errno.h>
	#include <locale.h>
	#include <paths.h>
	#include <pwd.h>
	@@ -63,17 +66,25 @@
	#include <wchar.h>
	#include <wctype.h>

	+#include <capsicum_helpers.h>
	+
	void done(int);
	-void do_write(char , char , uid_t);
	+void do_write(char , char );
	static void usage(void);
	int term_chk(char , int , time_t *, int);
	void wr_fputs(wchar_t *s);
	void search_utmp(char , char , char *, uid_t);
	int utmp_chk(char , char );

	+static const char *login;
	+static int devfd;
	+
	int
	main(int argc, char **argv)
	{
	+ unsigned long cmds[] = { TIOCGETA, TIOCGWINSZ, FIODGNAME };
	+ cap_rights_t rights;
	+ struct passwd *pwd;
	time_t atime;
	uid_t myuid;
	int msgsok, myttyfd;
	@@ -81,6 +92,54 @@

	(void)setlocale(LC_CTYPE, "");

	+ devfd = open(_PATH_DEV, O_RDONLY);
	+ if (devfd < 0)
	+ err(1, "open(/dev)");
	+ cap_rights_init(&rights, CAP_FCNTL, CAP_FSTAT, CAP_IOCTL, CAP_LOOKUP,
	+ CAP_PWRITE);
	+ if (cap_rights_limit(devfd, &rights) < 0 && errno != ENOSYS)
	+ err(1, "can't limit devfd rights");
	+
	+ /*
	+ * Can't use capsicum helpers here because we need the additional
	+ * FIODGNAME ioctl.
	+ */
	+ cap_rights_init(&rights, CAP_FCNTL, CAP_FSTAT, CAP_IOCTL, CAP_READ,
	+ CAP_WRITE);
	+ if ((cap_rights_limit(STDIN_FILENO, &rights) < 0 && errno != ENOSYS) \|\|
	+ (cap_rights_limit(STDOUT_FILENO, &rights) < 0 && errno != ENOSYS) \|\|
	+ (cap_rights_limit(STDERR_FILENO, &rights) < 0 && errno != ENOSYS) \|\|
	+ (cap_ioctls_limit(STDIN_FILENO, cmds, nitems(cmds)) < 0 && errno != ENOSYS) \|\|
	+ (cap_ioctls_limit(STDOUT_FILENO, cmds, nitems(cmds)) < 0 && errno != ENOSYS) \|\|
	+ (cap_ioctls_limit(STDERR_FILENO, cmds, nitems(cmds)) < 0 && errno != ENOSYS) \|\|
	+ (cap_fcntls_limit(STDIN_FILENO, CAP_FCNTL_GETFL) < 0 && errno != ENOSYS) \|\|
	+ (cap_fcntls_limit(STDOUT_FILENO, CAP_FCNTL_GETFL) < 0 && errno != ENOSYS) \|\|
	+ (cap_fcntls_limit(STDERR_FILENO, CAP_FCNTL_GETFL) < 0 && errno != ENOSYS))
	+ err(1, "can't limit stdio rights");
	+
	+ caph_cache_catpages();
	+ caph_cache_tzdata();
	+
	+ /*
	+ * Cache UTX database fds.
	+ */
	+ setutxent();
	+
	+ /*
	+ * Determine our login name before we reopen() stdout
	+ * and before entering capability sandbox.
	+ */
	+ myuid = getuid();
	+ if ((login = getlogin()) == NULL) {
	+ if ((pwd = getpwuid(myuid)))
	+ login = pwd->pw_name;
	+ else
	+ login = "???";
	+ }
	+
	+ if (cap_enter() < 0 && errno != ENOSYS)
	+ err(1, "cap_enter");
	+
	while (getopt(argc, argv, "") != -1)
	usage();
	argc -= optind;
	@@ -104,13 +163,11 @@
	if (!msgsok)
	errx(1, "you have write permission turned off");

	- myuid = getuid();
	-
	/* check args */
	switch (argc) {
	case 1:
	search_utmp(argv[0], tty, mytty, myuid);
	- do_write(tty, mytty, myuid);
	+ do_write(tty, mytty);
	break;
	case 2:
	if (!strncmp(argv[1], _PATH_DEV, strlen(_PATH_DEV)))
	@@ -121,7 +178,7 @@
	exit(1);
	if (myuid && !msgsok)
	errx(1, "%s has messages disabled on %s", argv[0], argv[1]);
	- do_write(argv[1], mytty, myuid);
	+ do_write(argv[1], mytty);
	break;
	default:
	usage();
	@@ -222,12 +279,10 @@
	term_chk(char tty, int msgsokP, time_t *atimeP, int showerror)
	{
	struct stat s;
	- char path[MAXPATHLEN];

	- (void)snprintf(path, sizeof(path), "%s%s", _PATH_DEV, tty);
	- if (stat(path, &s) < 0) {
	+ if (fstatat(devfd, tty, &s, 0) < 0) {
	if (showerror)
	- warn("%s", path);
	+ warn("%s%s", _PATH_DEV, tty);
	return(1);
	}
	msgsokP = (s.st_mode & (S_IWRITE >> 3)) != 0; / group write bit */
	@@ -239,26 +294,21 @@
	* do_write - actually make the connection
	*/
	void
	-do_write(char tty, char mytty, uid_t myuid)
	+do_write(char tty, char mytty)
	{
	- const char *login;
	char *nows;
	- struct passwd *pwd;
	time_t now;
	- char path[MAXPATHLEN], host[MAXHOSTNAMELEN];
	+ char host[MAXHOSTNAMELEN];
	wchar_t line[512];
	+ int fd;

	- /* Determine our login name before we reopen() stdout */
	- if ((login = getlogin()) == NULL) {
	- if ((pwd = getpwuid(myuid)))
	- login = pwd->pw_name;
	- else
	- login = "???";
	- }
	-
	- (void)snprintf(path, sizeof(path), "%s%s", _PATH_DEV, tty);
	- if ((freopen(path, "w", stdout)) == NULL)
	- err(1, "%s", path);
	+ fd = openat(devfd, tty, O_WRONLY);
	+ if (fd < 0)
	+ err(1, "openat(%s%s)", _PATH_DEV, tty);
	+ fclose(stdout);
	+ stdout = fdopen(fd, "w");
	+ if (stdout == NULL)
	+ err(1, "%s%s", _PATH_DEV, tty);

	(void)signal(SIGINT, done);
	(void)signal(SIGHUP, done);

File Metadata

Mime Type: text/plain
Expires: Mon, Jan 26, 12:19 PM (2 h, 49 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 28029014
Default Alt Text: D7999.id21097.diff (4 KB)

D7999.id21097.diffNo OneTemporaryActions

D7999.id21097.diffView Options

File Metadata

Event Timeline

D7999.id21097.diff
No OneTemporary
Actions

D7999.id21097.diff
View Options