Page MenuHomeFreeBSD
Files F154972936

D7988.id20584.diff
No OneTemporary
Actions

D7988.id20584.diff
View Options

Index: contrib/dma/dma-mbox-create.c
===================================================================
--- contrib/dma/dma-mbox-create.c
+++ contrib/dma/dma-mbox-create.c
@@ -38,16 +38,26 @@
* user-supplied information. Keep the root window as small as possible.
*/
+#ifdef __FreeBSD__
+#define USE_CAPSICUM 1
+#endif
+
#include <sys/param.h>
+#if USE_CAPSICUM
+#include <sys/capsicum.h>
+#endif
#include <sys/stat.h>
+#include <err.h>
#include <errno.h>
#include <fcntl.h>
#include <grp.h>
+#include <nl_types.h>
#include <paths.h>
#include <pwd.h>
#include <stdio.h>
#include <syslog.h>
+#include <time.h>
#include <unistd.h>
#include "dma.h"
@@ -84,6 +94,9 @@
int
main(int argc, char **argv)
{
+#if USE_CAPSICUM
+ cap_rights_t rights;
+#endif
const char *user;
struct passwd *pw;
struct group *gr;
@@ -91,9 +104,12 @@
gid_t mail_gid;
int error;
char fn[PATH_MAX+1];
- int f;
+ int f, maildirfd;
- openlog("dma-mbox-create", 0, LOG_MAIL);
+ /*
+ * Open log fd now for capability sandbox.
+ */
+ openlog("dma-mbox-create", LOG_NDELAY, LOG_MAIL);
errno = 0;
gr = getgrnam(DMA_GROUP);
@@ -131,6 +147,32 @@
if (!pw)
logfail(EX_NOUSER, "cannot find user `%s'", user);
+ maildirfd = open(_PATH_MAILDIR, O_RDONLY);
+ if (maildirfd < 0)
+ logfail(EX_NOINPUT, "cannot open maildir %s", _PATH_MAILDIR);
+
+ /*
+ * Cache NLS data, for strerror, for err(3), before entering capability
+ * mode.
+ */
+ (void)catopen("libc", NL_CAT_LOCALE);
+
+ /*
+ * Cache local time before entering Capsicum capability sandbox.
+ */
+ tzset();
+
+#if USE_CAPSICUM
+ cap_rights_init(&rights, CAP_CREATE, CAP_FCHMOD, CAP_FCHOWN,
+ CAP_LOOKUP, CAP_READ);
+ if (cap_rights_limit(maildirfd, &rights) < 0 && errno != ENOSYS)
+ err(EX_OSERR, "can't limit maildirfd rights");
+
+ /* Enter Capsicum capability sandbox */
+ if (cap_enter() < 0 && errno != ENOSYS)
+ err(EX_OSERR, "cap_enter");
+#endif
+
user_uid = pw->pw_uid;
error = snprintf(fn, sizeof(fn), "%s/%s", _PATH_MAILDIR, user);
@@ -142,7 +184,7 @@
logfail(EX_CANTCREAT, "cannot build mbox path for `%s/%s'", _PATH_MAILDIR, user);
}
- f = open(fn, O_RDONLY|O_CREAT|O_NOFOLLOW, 0600);
+ f = openat(maildirfd, user, O_RDONLY|O_CREAT|O_NOFOLLOW, 0600);
if (f < 0)
logfail(EX_NOINPUT, "cannt open mbox `%s'", fn);

File Metadata

Mime Type
text/plain
Expires
Fri, May 1, 9:44 AM (13 h, 2 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
32570475
Default Alt Text
D7988.id20584.diff (2 KB)

Event Timeline