Changeset View
Standalone View
usr.bin/uuencode/uuencode.c
| Show First 20 Lines • Show All 75 Lines • ▼ Show 20 Lines | |||||
| int | int | ||||
| main(int argc, char *argv[]) | main(int argc, char *argv[]) | ||||
| { | { | ||||
| struct stat sb; | struct stat sb; | ||||
| int base64; | int base64; | ||||
| int ch; | int ch; | ||||
| char *outfile; | char *outfile; | ||||
| cap_rights_t out_rights; | |||||
| base64 = 0; | base64 = 0; | ||||
| outfile = NULL; | outfile = NULL; | ||||
| if (strcmp(basename(argv[0]), "b64encode") == 0) | if (strcmp(basename(argv[0]), "b64encode") == 0) | ||||
| base64 = 1; | base64 = 1; | ||||
| while ((ch = getopt(argc, argv, "mo:r")) != -1) { | while ((ch = getopt(argc, argv, "mo:r")) != -1) { | ||||
| Show All 34 Lines | #define RW (S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH) | ||||
| av = argv; | av = argv; | ||||
| if (outfile != NULL) { | if (outfile != NULL) { | ||||
| output = fopen(outfile, "w+"); | output = fopen(outfile, "w+"); | ||||
| if (output == NULL) | if (output == NULL) | ||||
| err(1, "unable to open %s for output", outfile); | err(1, "unable to open %s for output", outfile); | ||||
| if (caph_limit_stream(fileno(output), CAP_WRITE) != 0) | if (caph_limit_stream(fileno(output), CAPH_WRITE) != 0) | ||||
cem: style(9) asks for variable declarations to be placed at least top of scope, if not at the top… | |||||
| err(1, "unable to limit rights for %s", outfile); | err(1, "unable to limit rights for %s", outfile); | ||||
Done Inline ActionsIs this really all that is needed on output, or do we also need the usual stream rights? I'd suggest using caph_limit_stream(fileno(output), CAP_WRITE). cem: Is this really all that is needed on `output`, or do we also need the usual stream rights? I'd… | |||||
| } else | } else | ||||
Done Inline Actionsstyle(9) nit: excess spaces between parens Use fileno(3) to access output's fd; do not access FILE members directly. style(9) nit: Do not use non-boolean values directly in conditionals (i.e., compare cap_rights_limit(...) to zero). cem: style(9) nit: excess spaces between parens
Use `fileno(3)` to access `output`'s fd; do not… | |||||
| output = stdout; | output = stdout; | ||||
| if (caph_limit_stdio() != 0) | if (caph_limit_stdio() != 0) | ||||
| errx(1, "Failed to limit stdio"); | errx(1, "Failed to limit stdio"); | ||||
| if (caph_enter() < 0 && errno != ENOSYS) | if (caph_enter() < 0 && errno != ENOSYS) | ||||
Not Done Inline ActionsThis could be replaced with caph_enter() :-). Are we sure this program does not need to cache catpages before entering the sandbox? (I.e., it does not attempt to access any localization after this point, if lang is not en_US?) cem: This could be replaced with `caph_enter()` :-).
Are we sure this program does not need to… | |||||
Not Done Inline ActionsI ran the modifier uuencode through ktrace(1) and found no reference to anything like localization after caph_enter(). The only system call observed wrt file descriptors were the read and write call for the input and output files. bkidney_briankidney.ca: I ran the modifier uuencode through `ktrace(1)` and found no reference to anything like… | |||||
| err(1, "unable to enter capability mode"); | err(1, "unable to enter capability mode"); | ||||
| if (base64) | if (base64) | ||||
| base64_encode(); | base64_encode(); | ||||
| else | else | ||||
| encode(); | encode(); | ||||
| if (ferror(output)) | if (ferror(output)) | ||||
| errx(1, "write error"); | errx(1, "write error"); | ||||
| ▲ Show 20 Lines • Show All 95 Lines • Show Last 20 Lines | |||||
style(9) asks for variable declarations to be placed at least top of scope, if not at the top of the function.