svn commit: r305951 - head/usr.bin/elfdump
Ed Maste
emaste at FreeBSD.org
Sun Sep 18 20:23:27 UTC 2016
Author: emaste
Date: Sun Sep 18 20:23:26 2016
New Revision: 305951
URL: https://svnweb.freebsd.org/changeset/base/305951
Log:
elfdump: adjust stdout/stderr capabilities
stdio uses fstat and the TIOCGETA ioctl. Also collapse the
cap_rights_limit and new cap_ioctls_limit calls into one if statement.
Errors here are not actionable by the user and distinguishing stdout
from stderr doesn't really have value.
Reported by: kib
Reviewed by: allanjude, bapt
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D7944
Modified:
head/usr.bin/elfdump/elfdump.c
Modified: head/usr.bin/elfdump/elfdump.c
==============================================================================
--- head/usr.bin/elfdump/elfdump.c Sun Sep 18 20:00:17 2016 (r305950)
+++ head/usr.bin/elfdump/elfdump.c Sun Sep 18 20:23:26 2016 (r305951)
@@ -44,6 +44,7 @@ __FBSDID("$FreeBSD$");
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <termios.h>
#include <unistd.h>
#define ED_DYN (1<<0)
@@ -504,6 +505,7 @@ main(int ac, char **av)
u_int64_t name;
u_int64_t type;
struct stat sb;
+ unsigned long cmd;
u_int flags;
Elf32_Ehdr *e;
void *p;
@@ -572,11 +574,13 @@ main(int ac, char **av)
if (cap_rights_limit(fd, &rights) < 0 && errno != ENOSYS)
err(1, "unable to limit rights for %s", *av);
close(STDIN_FILENO);
- cap_rights_init(&rights, CAP_WRITE);
- if (cap_rights_limit(STDOUT_FILENO, &rights) < 0 && errno != ENOSYS)
- err(1, "unable to limit rights for stdout");
- if (cap_rights_limit(STDERR_FILENO, &rights) < 0 && errno != ENOSYS)
- err(1, "unable to limit rights for stderr");
+ cap_rights_init(&rights, CAP_FSTAT, CAP_IOCTL, CAP_WRITE);
+ cmd = TIOCGETA; /* required by isatty(3) in printf(3) */
+ if ((cap_rights_limit(STDOUT_FILENO, &rights) < 0 && errno != ENOSYS) ||
+ (cap_ioctls_limit(STDOUT_FILENO, &cmd, 1) < 0 && errno != ENOSYS) ||
+ (cap_rights_limit(STDERR_FILENO, &rights) < 0 && errno != ENOSYS) ||
+ (cap_ioctls_limit(STDERR_FILENO, &cmd, 1) < 0 && errno != ENOSYS))
+ err(1, "unable to limit rights for stdout/stderr");
if (cap_enter() < 0 && errno != ENOSYS)
err(1, "unable to enter capability mode");
e = mmap(NULL, sb.st_size, PROT_READ, MAP_SHARED, fd, 0);
More information about the svn-src-all
mailing list