PERFORCE change 164008 for review

Robert Watson rwatson at FreeBSD.org
Wed Jun 10 15:27:39 UTC 2009 

http://perforce.freebsd.org/chv.cgi?CH=164008

Change 164008 by rwatson at rwatson_freebsd_capabilities on 2009/06/10 15:27:00

	Pass in libz properly.
	
	Don't use original file descriptor numbers after doing
	lch_installfds.

Affected files ...

.. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host.c#4 edit

Differences ...

==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host.c#4 (text+ko) ====

@@ -30,7 +30,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host.c#3 $
+ * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability_host.c#4 $
  */
 
 #include <sys/types.h>
@@ -110,7 +110,7 @@
 		if (fds[i] > highestfd)
 			highestfd = fds[i];
 	}
-	highestfd++;
+	highestfd++;	/* Don't tread on the highest */
 
 	/*
 	 * First, move all our descriptors up the range.
@@ -156,7 +156,7 @@
 		return;
 	if (lc_limitfd(fd_ldso, LIBCAPABILITY_CAPMASK_LDSO) < 0)
 		return;
-	if (lc_limitfd(fd_ldso, LIBCAPABILITY_CAPMASK_LIBC) < 0)
+	if (lc_limitfd(fd_libc, LIBCAPABILITY_CAPMASK_LIBC) < 0)
 		return;
 
 	fd_array[0] = fd_devnull;
@@ -166,15 +166,16 @@
 	fd_array[4] = fd_sock;
 	fd_array[5] = fd_ldso;
 	fd_array[6] = fd_libc;
+	fd_array[7] = fd_libz;
 
-	if (lch_installfds(7, fd_array) < 0)
+	if (lch_installfds(8, fd_array) < 0)
 		return;
 
 	/*
 	 * Pass library list into rtld-elf-cap.
 	 */
-	if (asprintf(&env_caplibindex, "%d:%s,%d:%s", fd_libc, LIBC_SO,
-	    fd_libz, LIBZ_SO) == -1)
+	if (asprintf(&env_caplibindex, "%d:%s,%d:%s", 6, LIBC_SO, 7,
+	    LIBZ_SO) == -1)
 		return;
 	if (setenv("LD_CAPLIBINDEX", env_caplibindex, 1) == -1)
 		return;
@@ -185,7 +186,7 @@
 	 * assumptions hold.
 	 */
 	if (asprintf(&env_libcapability_agent_api, "%s:%d",
-	    LIBCAPABILITY_AGENT_API_SOCK, fd_sock) == -1)
+	    LIBCAPABILITY_AGENT_API_SOCK, 4) == -1)
 		return;
 	if (setenv(LIBCAPABILITY_AGENT_API_ENV, env_libcapability_agent_api,
 	    1) == -1)
@@ -195,7 +196,7 @@
 	if (cap_enter() < 0)
 		return;
 
-	(void)fexecve(fd_ldso, ldso_argv, environ);
+	(void)fexecve(5, ldso_argv, environ);
 }
 
 int

More information about the p4-projects mailing list