D10121.id27957.diff
No OneTemporary
Actions

Size

5 KB

Referenced Files

None

Subscribers

None

D10121.id27957.diff
View Options

	Index: usr.bin/grep/file.c
	===================================================================
	--- usr.bin/grep/file.c
	+++ usr.bin/grep/file.c
	@@ -34,9 +34,11 @@
	__FBSDID("$FreeBSD$");

	#include <sys/param.h>
	+#ifndef WITHOUT_CAPSICUM
	+#include <sys/capsicum.h>
	+#endif
	#include <sys/mman.h>
	#include <sys/stat.h>
	-#include <sys/types.h>

	#include <err.h>
	#include <errno.h>
	@@ -252,6 +254,9 @@
	struct file *
	grep_open(const char *path)
	{
	+#ifndef WITHOUT_CAPSICUM
	+ cap_rights_t ro_rights;
	+#endif
	struct file *f;

	f = grep_malloc(sizeof *f);
	@@ -262,7 +267,14 @@
	f->fd = STDIN_FILENO;
	} else if ((f->fd = open(path, O_RDONLY)) == -1)
	goto error1;
	-
	+#ifndef WITHOUT_CAPSICUM
	+ if (f->fd != STDIN_FILENO && cap_rights_limit(f->fd,
	+ cap_rights_init(&ro_rights, CAP_FSTAT, CAP_READ)) < 0 &&
	+ errno != ENOSYS)
	+ err(2, "unable to limit rights on: %s", path);
	+ if (do_cap_enter && cap_enter() < 0 && errno != ENOSYS)
	+ err(2, "unable to enter capability mode");
	+#endif
	if (filebehave == FILE_MMAP) {
	struct stat st;

	Index: usr.bin/grep/grep.h
	===================================================================
	--- usr.bin/grep/grep.h
	+++ usr.bin/grep/grep.h
	@@ -123,6 +123,8 @@
	extern const char *color;
	extern int binbehave, devbehave, dirbehave, filebehave, grepbehave, linkbehave;

	+extern bool do_cap_enter;
	+
	extern bool file_err, matchall;
	extern unsigned int dpatterns, fpatterns, patterns;
	extern struct pat *pattern;
	Index: usr.bin/grep/grep.c
	===================================================================
	--- usr.bin/grep/grep.c
	+++ usr.bin/grep/grep.c
	@@ -32,9 +32,15 @@
	#include <sys/cdefs.h>
	__FBSDID("$FreeBSD$");

	-#include <sys/stat.h>
	#include <sys/types.h>
	+#ifndef WITHOUT_CAPSICUM
	+#include <sys/capsicum.h>
	+#endif
	+#include <sys/stat.h>

	+#ifndef WITHOUT_CAPSICUM
	+#include <capsicum_helpers.h>
	+#endif
	#include <ctype.h>
	#include <err.h>
	#include <errno.h>
	@@ -90,6 +96,9 @@
	*/
	bool matchall;

	+/* Capsicum */
	+bool do_cap_enter = false;
	+
	/* Searching patterns */
	unsigned int patterns;
	static unsigned int pattern_sz;
	@@ -157,6 +166,9 @@
	};

	static inline const char init_color(const char );
	+#ifndef WITHOUT_CAPSICUM
	+static int last_included_file(int, char *[]);
	+#endif

	/* Housekeeping */
	bool file_err; /* file reading error */
	@@ -311,6 +323,9 @@
	read_patterns(const char *fn)
	{
	struct stat st;
	+#ifndef WITHOUT_CAPSICUM
	+ cap_rights_t ro_rights;
	+#endif
	FILE *f;
	char *line;
	size_t len;
	@@ -318,6 +333,11 @@

	if ((f = fopen(fn, "r")) == NULL)
	err(2, "%s", fn);
	+#ifndef WITHOUT_CAPSICUM
	+ if (cap_rights_limit(fileno(f), cap_rights_init(&ro_rights, CAP_FSTAT,
	+ CAP_READ)) < 0 && errno != ENOSYS)
	+ err(2, "unable to limit rights on: %s", fn);
	+#endif
	if ((fstat(fileno(f), &st) == -1) \|\| (S_ISDIR(st.st_mode))) {
	fclose(f);
	return;
	@@ -345,6 +365,30 @@
	return (c != NULL && c[0] != '\0' ? c : d);
	}

	+#ifndef WITHOUT_CAPSICUM
	+/*
	+ * Returns the last argv index used as an input file, or just past the end if
	+ * none are used as an input file.
	+ */
	+static int
	+last_included_file(int argc, char *argv[])
	+{
	+ int lastidx = argc, c;
	+
	+ if (!finclude && !fexclude)
	+ return (argc - 1);
	+
	+ for (c = 0; argc--; ++argv) {
	+ if (!file_matching(*argv))
	+ continue;
	+
	+ lastidx = c;
	+ }
	+
	+ return (lastidx);
	+}
	+#endif
	+
	int
	main(int argc, char *argv[])
	{
	@@ -353,6 +397,9 @@
	const char *pn;
	unsigned long long l;
	unsigned int aargc, eargc, i;
	+#ifndef WITHOUT_CAPSICUM
	+ unsigned int largc;
	+#endif
	int c, lastc, needpattern, newarg, prevoptind;

	setlocale(LC_ALL, "");
	@@ -360,7 +407,10 @@
	#ifndef WITHOUT_NLS
	catalog = catopen("grep", NL_CAT_LOCALE);
	#endif
	-
	+#ifndef WITHOUT_CAPSICUM
	+ if (caph_limit_stdio() == -1)
	+ err(2, "unable to limit stdio");
	+#endif
	/* Check what is the program name of the binary. In this
	way we can have all the funcionalities in one binary
	without the need of scripting and using ugly hacks. */
	@@ -760,17 +810,41 @@
	if ((aargc == 0 \|\| aargc == 1) && !Hflag)
	hflag = true;

	- if (aargc == 0 && dirbehave != DIR_RECURSE)
	+ if (aargc == 0 && dirbehave != DIR_RECURSE) {
	+#ifndef WITHOUT_CAPSICUM
	+ if (cap_enter() < 0 && errno != ENOSYS)
	+ err(2, "unable to enter capability mode");
	+#endif
	exit(!procfile("-"));
	+ }

	+ /*
	+ * The recursive case does not currently enter capabilities mode
	+ * at all due to the lack of casper file service. We should revise
	+ * this to encompas all recursive and non-recursive cases later
	+ * when a casper file service or similar approach becomes available.
	+ */
	if (dirbehave == DIR_RECURSE)
	c = grep_tree(aargv);
	- else
	+ else {
	+#ifndef WITHOUT_CAPSICUM
	+ largc = last_included_file(aargc, aargv);
	+#endif
	for (c = 0; aargc--; ++aargv) {
	if ((finclude \|\| fexclude) && !file_matching(*aargv))
	continue;
	+#ifndef WITHOUT_CAPSICUM
	+ /*
	+ * Upon the last usable file argument, we enter
	+ * capabilities mode.
	+ */
	+ if (largc == 0)
	+ do_cap_enter = true;
	+ --largc;
	+#endif
	c+= procfile(*aargv);
	}
	+ }

	#ifndef WITHOUT_NLS
	catclose(catalog);

File Metadata

Mime Type: text/plain
Expires: Tue, Mar 31, 9:23 PM (19 h, 21 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 30650303
Default Alt Text: D10121.id27957.diff (5 KB)

D10121.id27957.diffNo OneTemporaryActions

D10121.id27957.diffView Options

File Metadata

Event Timeline

D10121.id27957.diff
No OneTemporary
Actions

D10121.id27957.diff
View Options