Changeset View
Changeset View
Standalone View
Standalone View
usr.bin/grep/file.c
Show All 30 Lines | |||||
*/ | */ | ||||
#include <sys/cdefs.h> | #include <sys/cdefs.h> | ||||
__FBSDID("$FreeBSD$"); | __FBSDID("$FreeBSD$"); | ||||
#include <sys/param.h> | #include <sys/param.h> | ||||
#include <sys/mman.h> | #include <sys/mman.h> | ||||
#include <sys/stat.h> | #include <sys/stat.h> | ||||
#include <sys/types.h> | |||||
#include <err.h> | #include <err.h> | ||||
#include <errno.h> | #include <errno.h> | ||||
#include <fcntl.h> | #include <fcntl.h> | ||||
#include <stddef.h> | #include <stddef.h> | ||||
#include <stdlib.h> | #include <stdlib.h> | ||||
#include <string.h> | #include <string.h> | ||||
#include <unistd.h> | #include <unistd.h> | ||||
▲ Show 20 Lines • Show All 209 Lines • ▼ Show 20 Lines | grep_open(const char *path) | ||||
f = grep_malloc(sizeof *f); | f = grep_malloc(sizeof *f); | ||||
memset(f, 0, sizeof *f); | memset(f, 0, sizeof *f); | ||||
if (path == NULL) { | if (path == NULL) { | ||||
/* Processing stdin implies --line-buffered. */ | /* Processing stdin implies --line-buffered. */ | ||||
lbflag = true; | lbflag = true; | ||||
f->fd = STDIN_FILENO; | f->fd = STDIN_FILENO; | ||||
} else if ((f->fd = open(path, O_RDONLY)) == -1) | } else if ((f->fd = open(path, O_RDONLY)) == -1) | ||||
goto error1; | goto error1; | ||||
if (f->fd != STDIN_FILENO && cap_rights_limit(f->fd, &ro_rights) < 0 && | |||||
cem: Can we drop the stdin check? Theoretically any file can be opened as fd 0. | |||||
Not Done Inline ActionsUhhh, I suppose there's no harm in removing it. I originally added it since caph_limit_stdio() is invoked almost immediately in main(), but it doesn't seem to do any damage to limit it after that. kevans: Uhhh, I suppose there's no harm in removing it. I originally added it since `caph_limit_stdio… | |||||
Not Done Inline ActionsRight — no harm in restricting a descriptor to same or fewer rights than it already has. cem: Right — no harm in restricting a descriptor to same or fewer rights than it already has. | |||||
errno != ENOSYS) | |||||
err(2, "unable to limit rights on: %s", path); | |||||
if (do_cap_enter && cap_enter() < 0 && errno != ENOSYS) | |||||
err(2, "unable to enter capability mode"); | |||||
emasteUnsubmitted Not Done Inline ActionsWe should probably wrap this with something like #ifndef WITHOUT_CAPSICUM ... #endif to keep this portable for other users (other BSDs, OS X, etc.), as was done in bhyve. emaste: We should probably wrap this with something like
```
#ifndef WITHOUT_CAPSICUM
...
#endif
```
to… | |||||
if (filebehave == FILE_MMAP) { | if (filebehave == FILE_MMAP) { | ||||
struct stat st; | struct stat st; | ||||
if ((fstat(f->fd, &st) == -1) || (st.st_size > OFF_MAX) || | if ((fstat(f->fd, &st) == -1) || (st.st_size > OFF_MAX) || | ||||
(!S_ISREG(st.st_mode))) | (!S_ISREG(st.st_mode))) | ||||
filebehave = FILE_STDIO; | filebehave = FILE_STDIO; | ||||
else { | else { | ||||
▲ Show 20 Lines • Show All 86 Lines • Show Last 20 Lines |
Can we drop the stdin check? Theoretically any file can be opened as fd 0.