svn commit: r307660 - head/usr.bin/jot
Conrad E. Meyer
cem at FreeBSD.org
Wed Oct 19 21:50:58 UTC 2016
Author: cem
Date: Wed Oct 19 21:50:57 2016
New Revision: 307660
URL: https://svnweb.freebsd.org/changeset/base/307660
Log:
Capsicum support for jot(1)
Limit descriptors and enter capability mode in jot(1).
Submitted by: brueffer (earlier version)
Reviewed by: emaste, jonathan (earlier version)
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D1345
Modified:
head/usr.bin/jot/jot.c
Modified: head/usr.bin/jot/jot.c
==============================================================================
--- head/usr.bin/jot/jot.c Wed Oct 19 21:25:59 2016 (r307659)
+++ head/usr.bin/jot/jot.c Wed Oct 19 21:50:57 2016 (r307660)
@@ -47,8 +47,11 @@ __FBSDID("$FreeBSD$");
* Author: John Kunze, Office of Comp. Affairs, UCB
*/
+#include <sys/capsicum.h>
+#include <capsicum_helpers.h>
#include <ctype.h>
#include <err.h>
+#include <errno.h>
#include <limits.h>
#include <stdio.h>
#include <stdint.h>
@@ -89,6 +92,7 @@ static void usage(void);
int
main(int argc, char **argv)
{
+ cap_rights_t rights;
bool have_format = false;
bool infinity = false;
bool nofinalnl = false;
@@ -105,6 +109,21 @@ main(int argc, char **argv)
long i;
long reps = REPS_DEF;
+ if (caph_limit_stdio() < 0)
+ err(1, "unable to limit rights for stdio");
+ cap_rights_init(&rights);
+ if (cap_rights_limit(STDIN_FILENO, &rights) < 0 && errno != ENOSYS)
+ err(1, "unable to limit rights for stdin");
+
+ /*
+ * Cache NLS data, for strerror, for err(3), before entering capability
+ * mode.
+ */
+ caph_cache_catpages();
+
+ if (cap_enter() < 0 && errno != ENOSYS)
+ err(1, "unable to enter capability mode");
+
while ((ch = getopt(argc, argv, "b:cnp:rs:w:")) != -1)
switch (ch) {
case 'b':
More information about the svn-src-all
mailing list