svn commit: r310141 - head/usr.bin/ministat

Fri Dec 16 01:51:14 UTC 2016

Author: cem
Date: Fri Dec 16 01:51:12 2016
New Revision: 310141
URL: https://svnweb.freebsd.org/changeset/base/310141

Log:
  ministat(1): Capsicumify
  
  Separate dataset opening from reading/parsing. The number of input
  files is already capped to a small number, so just open all input files
  before sandboxing.
  
  Feedback from:	allanjude@ (earlier version), emaste@ (earlier version)
  Sponsored by:	Dell EMC Isilon
  Differential Revision:	https://reviews.freebsd.org/D7925

Modified:
  head/usr.bin/ministat/ministat.c

Modified: head/usr.bin/ministat/ministat.c
==============================================================================

--- head/usr.bin/ministat/ministat.c	Fri Dec 16 01:48:55 2016	(r310140)
+++ head/usr.bin/ministat/ministat.c	Fri Dec 16 01:51:12 2016	(r310141)
@@ -11,16 +11,20 @@
 #include <sys/cdefs.h>
 __FBSDID("$FreeBSD$");
 
-#include <stdio.h>
-#include <math.h>
+#include <sys/capsicum.h>
+#include <sys/ioctl.h>
+#include <sys/queue.h>
+#include <sys/ttycom.h>
+
+#include <capsicum_helpers.h>
 #include <ctype.h>
 #include <err.h>
-#include <string.h>
+#include <errno.h>
+#include <math.h>
+#include <stdio.h>
 #include <stdlib.h>
+#include <string.h>
 #include <unistd.h>
-#include <sys/ioctl.h>
-#include <sys/queue.h>
-#include <sys/ttycom.h>
 
 #define NSTUDENT 100
 #define NCONF 6
@@ -455,26 +459,14 @@ dbl_cmp(const void *a, const void *b)
 }
 
 static struct dataset *
-ReadSet(const char *n, int column, const char *delim)
+ReadSet(FILE *f, const char *n, int column, const char *delim)
 {
-	FILE *f;
 	char buf[BUFSIZ], *p, *t;
 	struct dataset *s;
 	double d;
 	int line;
 	int i;
 
-	if (n == NULL) {
-		f = stdin;
-		n = "<stdin>";
-	} else if (!strcmp(n, "-")) {
-		f = stdin;
-		n = "<stdin>";
-	} else {
-		f = fopen(n, "r");
-	}
-	if (f == NULL)
-		err(1, "Cannot open %s", n);
 	s = NewSet();
 	s->name = strdup(n);
 	line = 0;
@@ -499,7 +491,6 @@ ReadSet(const char *n, int column, const
 		if (*buf != '\0')
 			AddPoint(s, d);
 	}
-	fclose(f);
 	if (s->n < 3) {
 		fprintf(stderr,
 		    "Dataset %s must contain at least 3 data points\n", n);
@@ -536,7 +527,9 @@ usage(char const *whine)
 int
 main(int argc, char **argv)
 {
-	struct dataset *ds[7];
+	const char *setfilenames[MAX_DS - 1];
+	struct dataset *ds[MAX_DS - 1];
+	FILE *setfiles[MAX_DS - 1];
 	int nds;
 	double a;
 	const char *delim = " \t";
@@ -609,14 +602,36 @@ main(int argc, char **argv)
 	argv += optind;
 
 	if (argc == 0) {
-		ds[0] = ReadSet("-", column, delim);
+		setfilenames[0] = "<stdin>";
+		setfiles[0] = stdin;
 		nds = 1;
 	} else {
 		if (argc > (MAX_DS - 1))
 			usage("Too many datasets.");
 		nds = argc;
-		for (i = 0; i < nds; i++)
-			ds[i] = ReadSet(argv[i], column, delim);
+		for (i = 0; i < nds; i++) {
+			setfilenames[i] = argv[i];
+			setfiles[i] = fopen(argv[i], "r");
+			if (setfiles[i] == NULL)
+				err(2, "Cannot open %s", argv[i]);
+		}
+	}
+
+	if (caph_limit_stdio() < 0)
+		err(2, "capsicum");
+
+	for (i = 0; i < nds; i++)
+		if (caph_limit_stream(fileno(setfiles[i]), CAPH_READ) < 0)
+			err(2, "unable to limit rights for %s",
+			    setfilenames[i]);
+
+	/* Enter Capsicum sandbox. */
+	if (cap_enter() < 0 && errno != ENOSYS)
+		err(2, "unable to enter capability mode");
+
+	for (i = 0; i < nds; i++) {
+		ds[i] = ReadSet(setfiles[i], setfilenames[i], column, delim);
+		fclose(setfiles[i]);
 	}
 
 	for (i = 0; i < nds; i++) 
