svn commit: r310139 - head/usr.bin/last

[Conrad E. Meyer]

Author: cem
Date: Fri Dec 16 01:47:08 2016
New Revision: 310139
URL: https://svnweb.freebsd.org/changeset/base/310139

Log:
  Capsicumify last(1)
  
  Reviewed by:	ed (earlier version), emaste (earlier version)
  Sponsored by:	Dell EMC Isilon
  Differential Revision:	https://reviews.freebsd.org/D8001

Modified:
  head/usr.bin/last/last.c

Modified: head/usr.bin/last/last.c
==============================================================================
--- head/usr.bin/last/last.c	Fri Dec 16 01:44:50 2016	(r310138)
+++ head/usr.bin/last/last.c	Fri Dec 16 01:47:08 2016	(r310139)
@@ -40,8 +40,11 @@ static const char sccsid[] = "@(#)last.c
 __FBSDID("$FreeBSD$");
 
 #include <sys/param.h>
+#include <sys/capsicum.h>
+#include <sys/queue.h>
 #include <sys/stat.h>
 
+#include <capsicum_helpers.h>
 #include <err.h>
 #include <errno.h>
 #include <fcntl.h>
@@ -56,7 +59,6 @@ __FBSDID("$FreeBSD$");
 #include <timeconv.h>
 #include <unistd.h>
 #include <utmpx.h>
-#include <sys/queue.h>
 
 #define	NO	0				/* false/no */
 #define	YES	1				/* true/yes */
@@ -176,6 +178,19 @@ main(int argc, char *argv[])
 			usage();
 		}
 
+	if (caph_limit_stdio() < 0)
+		err(1, "can't limit stdio rights");
+
+	caph_cache_catpages();
+	caph_cache_tzdata();
+
+	/* Cache UTX database. */
+	if (setutxdb(UTXDB_LOG, file) != 0)
+		err(1, "%s", file != NULL ? file : "(default utx db)");
+
+	if (cap_enter() < 0 && errno != ENOSYS)
+		err(1, "cap_enter");
+
 	if (sflag && width == 8) usage();
 
 	if (argc) {
@@ -213,8 +228,6 @@ wtmp(void)
 	(void)time(&t);
 
 	/* Load the last entries from the file. */
-	if (setutxdb(UTXDB_LOG, file) != 0)
-		err(1, "%s", file);
 	while ((ut = getutxent()) != NULL) {
 		if (amount % 128 == 0) {
 			buf = realloc(buf, (amount + 128) * sizeof *ut);