git: dfd52321b7be - main - nl(1): Capsicumise the utility
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 12 Dec 2024 08:27:05 UTC
The branch main has been updated by oshogbo:
URL: https://cgit.FreeBSD.org/src/commit/?id=dfd52321b7beba716fa2bdd4f54e57e9ac806e96
commit dfd52321b7beba716fa2bdd4f54e57e9ac806e96
Author: Faraz Vahedi <kfv@kfv.io>
AuthorDate: 2024-10-13 20:03:25 +0000
Commit: Mariusz Zaborski <oshogbo@FreeBSD.org>
CommitDate: 2024-12-12 08:24:31 +0000
nl(1): Capsicumise the utility
Signed-off-by: Faraz Vahedi <kfv@kfv.io>
Reviewed by: markj, oshogbo
MFC after: 1 week
Pull Request: https://github.com/freebsd/freebsd-src/pull/1465
---
usr.bin/nl/nl.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/usr.bin/nl/nl.c b/usr.bin/nl/nl.c
index a6a14239f582..573e03e4ad0d 100644
--- a/usr.bin/nl/nl.c
+++ b/usr.bin/nl/nl.c
@@ -42,6 +42,8 @@
#include <unistd.h>
#include <wchar.h>
+#include <capsicum_helpers.h>
+
typedef enum {
number_all, /* number all lines */
number_nonempty, /* number non-empty lines */
@@ -244,6 +246,11 @@ main(int argc, char *argv[])
/* NOTREACHED */
}
+ /* Limit standard descriptors and enter capability mode */
+ caph_cache_catpages();
+ if (caph_limit_stdio() < 0 || caph_enter() < 0)
+ err(EXIT_FAILURE, "capsicum");
+
/* Generate the delimiter sequence */
memcpy(delim, delim1, delim1len);
memcpy(delim + delim1len, delim2, delim2len);