git: 2c88494a3364 - stable/14 - libcapsicum: cache more time zone information

From: Mariusz Zaborski <oshogbo_at_FreeBSD.org>
Date: Fri, 28 Jun 2024 10:18:52 UTC
The branch stable/14 has been updated by oshogbo:

URL: https://cgit.FreeBSD.org/src/commit/?id=2c88494a336488caa3eec75a126d8b9bc23c20b0

commit 2c88494a336488caa3eec75a126d8b9bc23c20b0
Author:     Mariusz Zaborski <oshogbo@FreeBSD.org>
AuthorDate: 2024-05-27 11:17:03 +0000
Commit:     Mariusz Zaborski <oshogbo@FreeBSD.org>
CommitDate: 2024-06-28 10:20:15 +0000

    libcapsicum: cache more time zone information
    
    The functions like gmtime(3) expect to cache a GMT time zone. Some
    sandboxed programs (like last(1)) use the gmtime(3) function.
    In case of last(1), this function fails to load a proper time zone
    because it is called after entering the capability mode.
    
    _open () at _open.S:4
    0x00000008011bc5a8 in tzloadbody (name=0x8018b9580 "/usr/share/zoneinfo/Etc/UTC", sp=0x801870140,
    tzload (name=<optimized out>, sp=0x801870140, doextend=true)
    0x00000008011bb8ba in gmtload (sp=0x801870140) at /usr/src/contrib/tzcode/localtime.c:1456
    gmtcheck () at /usr/src/contrib/tzcode/localtime.c:1581
    0x000000080111f85a in _libc_once (once_control=0x80127c550, init_routine=0x0)
    _once (once_control=0x80127c550, init_routine=0x0) at /usr/src/lib/libc/gen/_once_stub.c:63
    0x00000008011bb9d0 in gmtime_r (timep=0x7fffffffe3a8, tmp=0x80127c568)
    gmtime (timep=timep@entry=0x7fffffffe3a8) at /usr/src/contrib/tzcode/localtime.c:1865
    0x0000000001024cd4 in printentry (bp=bp@entry=0x8018b4800, tt=tt@entry=0x80186a0a0)
    0x00000000010245ae in doentry (bp=0x8018b4800)
    0x00000000010243a7 in main (argc=1, argv=<optimized out>)
    
    This time zone is not loaded by the tzset(3) function. Because of
    that, extend the caph_cache_tzdata(3) function to also include the
    GMT time zone. There is no other way to cache this data than
    calling gmtime(3) once.
    
    MFC after:      5 days
    Reviewed by:    emaste, markj
    Differential Revision:  https://reviews.freebsd.org/D45297
    
    (cherry picked from commit e24ff5c99be080007ff9086398fbe3ef56cd94dc)
---
 lib/libcapsicum/capsicum_helpers.h | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/lib/libcapsicum/capsicum_helpers.h b/lib/libcapsicum/capsicum_helpers.h
index f137ec1806f9..a6c696aa9a8e 100644
--- a/lib/libcapsicum/capsicum_helpers.h
+++ b/lib/libcapsicum/capsicum_helpers.h
@@ -133,8 +133,17 @@ caph_limit_stdio(void)
 static __inline void
 caph_cache_tzdata(void)
 {
+	time_t delta;
 
 	tzset();
+
+	/*
+	 * The tzset() function does not cache all time zones.
+	 * Some functions, such as gmtime(), require a GMT time zone.
+	 * The only way to cache them is to call the function directly.
+	 */
+	delta = 0;
+	(void)gmtime(&delta);
 }
 
 static __inline void