D7915.id20559.diff
No OneTemporary
Actions

Size

2 KB

Referenced Files

None

Subscribers

None

D7915.id20559.diff
View Options

	Index: usr.bin/hexdump/display.c
	===================================================================
	--- usr.bin/hexdump/display.c
	+++ usr.bin/hexdump/display.c
	@@ -36,13 +36,16 @@
	__FBSDID("$FreeBSD$");

	#include <sys/param.h>
	+#include <sys/capsicum.h>
	#include <sys/stat.h>

	#include <ctype.h>
	#include <err.h>
	+#include <errno.h>
	#include <stdio.h>
	#include <stdlib.h>
	#include <string.h>
	+#include <termios.h>
	#include <unistd.h>
	#include "hexdump.h"

	@@ -334,6 +337,9 @@
	next(char **argv)
	{
	static int done;
	+
	+ cap_rights_t rights;
	+ unsigned long cmd;
	int statok;

	if (argv) {
	@@ -355,6 +361,25 @@
	return(0);
	statok = 0;
	}
	+
	+ /* Required for isatty(3). */
	+ cmd = TIOCGETA;
	+ cap_rights_init(&rights, CAP_FSTAT, CAP_IOCTL, CAP_READ);
	+ if ((cap_rights_limit(fileno(stdin), &rights) < 0 &&
	+ errno != ENOSYS) \|\|
	+ (cap_ioctls_limit(fileno(stdin), &cmd, 1) < 0 &&
	+ errno != ENOSYS))
	+ err(1, "unable to limit ioctls/rights for %s",
	+ statok ? _argv[-1] : "stdin");
	+
	+ /*
	+ * We've opened our last input file; enter capsicum sandbox.
	+ */
	+ if (*_argv == NULL) {
	+ if (cap_enter() < 0 && errno != ENOSYS)
	+ err(1, "unable to enter capability mode");
	+ }
	+
	if (skip)
	doskip(statok ? *_argv : "stdin", statok);
	if (*_argv)
	Index: usr.bin/hexdump/hexdump.c
	===================================================================
	--- usr.bin/hexdump/hexdump.c
	+++ usr.bin/hexdump/hexdump.c
	@@ -42,10 +42,16 @@
	__FBSDID("$FreeBSD$");

	#include <sys/types.h>
	+#include <sys/capsicum.h>
	+#include <err.h>
	+#include <errno.h>
	#include <locale.h>
	+#include <nl_types.h>
	#include <stdlib.h>
	#include <stdio.h>
	#include <string.h>
	+#include <termios.h>
	+#include <unistd.h>
	#include "hexdump.h"

	FS fshead; / head of format strings */
	@@ -56,6 +62,8 @@
	int
	main(int argc, char *argv[])
	{
	+ cap_rights_t rights;
	+ unsigned long cmd;
	FS *tfs;
	char *p;

	@@ -76,6 +84,19 @@
	for (tfs = fshead; tfs; tfs = tfs->nextfs)
	rewrite(tfs);

	+ /*
	+ * Cache NLS data, for strerror, for err(3), before entering capability
	+ * mode.
	+ */
	+ (void)catopen("libc", NL_CAT_LOCALE);
	+
	+ /* Required for printf(3) via isatty(3). */
	+ cmd = TIOCGETA;
	+ cap_rights_init(&rights, CAP_FSTAT, CAP_IOCTL, CAP_WRITE);
	+ if ((cap_rights_limit(STDOUT_FILENO, &rights) < 0 && errno != ENOSYS) \|\|
	+ (cap_ioctls_limit(STDOUT_FILENO, &cmd, 1) < 0 && errno != ENOSYS))
	+ err(1, "unable to limit ioctls/rights for stdout");
	+
	(void)next(argv);
	display();
	exit(exitval);

File Metadata

Mime Type: text/plain
Expires: Tue, Mar 31, 6:11 AM (9 h, 5 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 30623582
Default Alt Text: D7915.id20559.diff (2 KB)

D7915.id20559.diffNo OneTemporaryActions

D7915.id20559.diffView Options

File Metadata

Event Timeline

D7915.id20559.diff
No OneTemporary
Actions

D7915.id20559.diff
View Options