Changeset View
Changeset View
Standalone View
Standalone View
usr.bin/grep/file.c
Show All 28 Lines | |||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||||
* SUCH DAMAGE. | * SUCH DAMAGE. | ||||
*/ | */ | ||||
#include <sys/cdefs.h> | #include <sys/cdefs.h> | ||||
__FBSDID("$FreeBSD$"); | __FBSDID("$FreeBSD$"); | ||||
#include <sys/param.h> | #include <sys/param.h> | ||||
#ifndef WITHOUT_CAPSICUM | |||||
#include <sys/capsicum.h> | |||||
#endif | |||||
#include <sys/mman.h> | #include <sys/mman.h> | ||||
#include <sys/stat.h> | #include <sys/stat.h> | ||||
#include <sys/types.h> | |||||
#include <err.h> | #include <err.h> | ||||
#include <errno.h> | #include <errno.h> | ||||
#include <fcntl.h> | #include <fcntl.h> | ||||
#include <stddef.h> | #include <stddef.h> | ||||
#include <stdlib.h> | #include <stdlib.h> | ||||
#include <string.h> | #include <string.h> | ||||
#include <unistd.h> | #include <unistd.h> | ||||
▲ Show 20 Lines • Show All 199 Lines • ▼ Show 20 Lines | |||||
} | } | ||||
/* | /* | ||||
* Opens a file for processing. | * Opens a file for processing. | ||||
*/ | */ | ||||
struct file * | struct file * | ||||
grep_open(const char *path) | grep_open(const char *path) | ||||
{ | { | ||||
#ifndef WITHOUT_CAPSICUM | |||||
cap_rights_t ro_rights; | |||||
#endif | |||||
struct file *f; | struct file *f; | ||||
f = grep_malloc(sizeof *f); | f = grep_malloc(sizeof *f); | ||||
memset(f, 0, sizeof *f); | memset(f, 0, sizeof *f); | ||||
if (path == NULL) { | if (path == NULL) { | ||||
/* Processing stdin implies --line-buffered. */ | /* Processing stdin implies --line-buffered. */ | ||||
lbflag = true; | lbflag = true; | ||||
f->fd = STDIN_FILENO; | f->fd = STDIN_FILENO; | ||||
} else if ((f->fd = open(path, O_RDONLY)) == -1) | } else if ((f->fd = open(path, O_RDONLY)) == -1) | ||||
goto error1; | goto error1; | ||||
#ifndef WITHOUT_CAPSICUM | |||||
if (f->fd != STDIN_FILENO && cap_rights_limit(f->fd, | |||||
cem: Can we drop the stdin check? Theoretically any file can be opened as fd 0. | |||||
kevansAuthorUnsubmitted Not Done Inline ActionsUhhh, I suppose there's no harm in removing it. I originally added it since caph_limit_stdio() is invoked almost immediately in main(), but it doesn't seem to do any damage to limit it after that. kevans: Uhhh, I suppose there's no harm in removing it. I originally added it since `caph_limit_stdio… | |||||
cemUnsubmitted Not Done Inline ActionsRight — no harm in restricting a descriptor to same or fewer rights than it already has. cem: Right — no harm in restricting a descriptor to same or fewer rights than it already has. | |||||
cap_rights_init(&ro_rights, CAP_FSTAT, CAP_READ)) < 0 && | |||||
errno != ENOSYS) | |||||
err(2, "unable to limit rights on: %s", path); | |||||
if (do_cap_enter && cap_enter() < 0 && errno != ENOSYS) | |||||
Not Done Inline ActionsWe should probably wrap this with something like #ifndef WITHOUT_CAPSICUM ... #endif to keep this portable for other users (other BSDs, OS X, etc.), as was done in bhyve. emaste: We should probably wrap this with something like
```
#ifndef WITHOUT_CAPSICUM
...
#endif
```
to… | |||||
err(2, "unable to enter capability mode"); | |||||
#endif | |||||
if (filebehave == FILE_MMAP) { | if (filebehave == FILE_MMAP) { | ||||
struct stat st; | struct stat st; | ||||
if ((fstat(f->fd, &st) == -1) || (st.st_size > OFF_MAX) || | if ((fstat(f->fd, &st) == -1) || (st.st_size > OFF_MAX) || | ||||
(!S_ISREG(st.st_mode))) | (!S_ISREG(st.st_mode))) | ||||
filebehave = FILE_STDIO; | filebehave = FILE_STDIO; | ||||
else { | else { | ||||
int flags = MAP_PRIVATE | MAP_NOCORE | MAP_NOSYNC; | int flags = MAP_PRIVATE | MAP_NOCORE | MAP_NOSYNC; | ||||
▲ Show 20 Lines • Show All 85 Lines • Show Last 20 Lines |
Can we drop the stdin check? Theoretically any file can be opened as fd 0.