Page MenuHomeFreeBSD

primes: trivially capsicumize
ClosedPublic

Authored by emaste on Sep 20 2016, 5:30 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Jan 3, 1:07 PM
Unknown Object (File)
Mon, Dec 16, 3:51 PM
Unknown Object (File)
Nov 29 2024, 11:53 AM
Unknown Object (File)
Nov 21 2024, 10:59 AM
Unknown Object (File)
Nov 19 2024, 9:38 AM
Unknown Object (File)
Nov 19 2024, 9:38 AM
Unknown Object (File)
Nov 19 2024, 9:38 AM
Unknown Object (File)
Nov 19 2024, 9:38 AM

Details

Summary

Posting as an example of capsicumizing a trivial application that has little attack surface. As demonstrated with elfdump in D7944 some implementation-specific rights are required by stdio.

For applications like primes (and elfdump) the I think benefit in the simplicity of just entering capability mode (and dropping ambient authority) outweighs the few additional lines of code and possible maintainability cost of manipulating stdio rights.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

emaste retitled this revision from to primes: trivially capsicumize.
emaste updated this object.
emaste edited the test plan for this revision. (Show Details)
emaste added subscribers: cem, bapt, allanjude and 2 others.
usr.bin/primes/primes.c
103 ↗(On Diff #20546)

This breaks open, which may be used below for localizing err*().

cache NLS before cap_enter as pointed out by @cem

cem added a reviewer: cem.
This revision is now accepted and ready to land.Sep 20 2016, 7:43 PM
This revision was automatically updated to reflect the committed changes.