svn commit: r309366 - head/lib/libcapsicum
Conrad E. Meyer
cem at FreeBSD.org
Thu Dec 1 17:28:46 UTC 2016
Author: cem
Date: Thu Dec 1 17:28:45 2016
New Revision: 309366
URL: https://svnweb.freebsd.org/changeset/base/309366
Log:
capsicum_helpers: Squash errors from closed fds
Squash EBADF from closed stdin, stdout, or stderr in caph_limit_stdio().
Any program used during special shell scripts may commonly be forked
from a parent process with closed standard stream. Do the common sense
thing for this common use.
Reported by: Iblis Lin <iblis AT hs.ntnu.edu.tw>
Reviewed by: oshogbo@ (earlier version)
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D8657
Modified:
head/lib/libcapsicum/capsicum_helpers.h
Modified: head/lib/libcapsicum/capsicum_helpers.h
==============================================================================
--- head/lib/libcapsicum/capsicum_helpers.h Thu Dec 1 17:26:37 2016 (r309365)
+++ head/lib/libcapsicum/capsicum_helpers.h Thu Dec 1 17:28:45 2016 (r309366)
@@ -94,12 +94,12 @@ caph_limit_stdout(void)
static __inline int
caph_limit_stdio(void)
{
+ const int iebadf = CAPH_IGNORE_EBADF;
- if (caph_limit_stdin() == -1 || caph_limit_stdout() == -1 ||
- caph_limit_stderr() == -1) {
+ if (caph_limit_stream(STDIN_FILENO, CAPH_READ | iebadf) == -1 ||
+ caph_limit_stream(STDOUT_FILENO, CAPH_WRITE | iebadf) == -1 ||
+ caph_limit_stream(STDERR_FILENO, CAPH_WRITE | iebadf) == -1)
return (-1);
- }
-
return (0);
}
More information about the svn-src-head
mailing list