git: c7bb7a23336a - stable/13 - libcapsicum: cache more time zone information
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 28 Jun 2024 10:18:36 UTC
The branch stable/13 has been updated by oshogbo:
URL: https://cgit.FreeBSD.org/src/commit/?id=c7bb7a23336ad1c526b7fb910092a828455094ee
commit c7bb7a23336ad1c526b7fb910092a828455094ee
Author: Mariusz Zaborski <oshogbo@FreeBSD.org>
AuthorDate: 2024-05-27 11:17:03 +0000
Commit: Mariusz Zaborski <oshogbo@FreeBSD.org>
CommitDate: 2024-06-28 10:19:56 +0000
libcapsicum: cache more time zone information
The functions like gmtime(3) expect to cache a GMT time zone. Some
sandboxed programs (like last(1)) use the gmtime(3) function.
In case of last(1), this function fails to load a proper time zone
because it is called after entering the capability mode.
_open () at _open.S:4
0x00000008011bc5a8 in tzloadbody (name=0x8018b9580 "/usr/share/zoneinfo/Etc/UTC", sp=0x801870140,
tzload (name=<optimized out>, sp=0x801870140, doextend=true)
0x00000008011bb8ba in gmtload (sp=0x801870140) at /usr/src/contrib/tzcode/localtime.c:1456
gmtcheck () at /usr/src/contrib/tzcode/localtime.c:1581
0x000000080111f85a in _libc_once (once_control=0x80127c550, init_routine=0x0)
_once (once_control=0x80127c550, init_routine=0x0) at /usr/src/lib/libc/gen/_once_stub.c:63
0x00000008011bb9d0 in gmtime_r (timep=0x7fffffffe3a8, tmp=0x80127c568)
gmtime (timep=timep@entry=0x7fffffffe3a8) at /usr/src/contrib/tzcode/localtime.c:1865
0x0000000001024cd4 in printentry (bp=bp@entry=0x8018b4800, tt=tt@entry=0x80186a0a0)
0x00000000010245ae in doentry (bp=0x8018b4800)
0x00000000010243a7 in main (argc=1, argv=<optimized out>)
This time zone is not loaded by the tzset(3) function. Because of
that, extend the caph_cache_tzdata(3) function to also include the
GMT time zone. There is no other way to cache this data than
calling gmtime(3) once.
MFC after: 5 days
Reviewed by: emaste, markj
Differential Revision: https://reviews.freebsd.org/D45297
(cherry picked from commit e24ff5c99be080007ff9086398fbe3ef56cd94dc)
---
lib/libcapsicum/capsicum_helpers.h | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/lib/libcapsicum/capsicum_helpers.h b/lib/libcapsicum/capsicum_helpers.h
index f137ec1806f9..a6c696aa9a8e 100644
--- a/lib/libcapsicum/capsicum_helpers.h
+++ b/lib/libcapsicum/capsicum_helpers.h
@@ -133,8 +133,17 @@ caph_limit_stdio(void)
static __inline void
caph_cache_tzdata(void)
{
+ time_t delta;
tzset();
+
+ /*
+ * The tzset() function does not cache all time zones.
+ * Some functions, such as gmtime(), require a GMT time zone.
+ * The only way to cache them is to call the function directly.
+ */
+ delta = 0;
+ (void)gmtime(&delta);
}
static __inline void