svn commit: r350516 - in head: contrib/elftoolchain/readelf usr.bin/readelf
Mark Johnston
markj at FreeBSD.org
Thu Aug 1 18:57:09 UTC 2019
Author: markj
Date: Thu Aug 1 18:57:08 2019
New Revision: 350516
URL: https://svnweb.freebsd.org/changeset/base/350516
Log:
Capsicumize readelf(1).
Reviewed by: oshogbo
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D21108
Modified:
head/contrib/elftoolchain/readelf/readelf.c
head/usr.bin/readelf/Makefile
Modified: head/contrib/elftoolchain/readelf/readelf.c
==============================================================================
--- head/contrib/elftoolchain/readelf/readelf.c Thu Aug 1 18:56:32 2019 (r350515)
+++ head/contrib/elftoolchain/readelf/readelf.c Thu Aug 1 18:57:08 2019 (r350516)
@@ -26,8 +26,10 @@
#include <sys/param.h>
#include <sys/queue.h>
+
#include <ar.h>
#include <assert.h>
+#include <capsicum_helpers.h>
#include <ctype.h>
#include <dwarf.h>
#include <err.h>
@@ -45,6 +47,9 @@
#include <time.h>
#include <unistd.h>
+#include <libcasper.h>
+#include <casper/cap_fileargs.h>
+
#include "_elftc.h"
ELFTC_VCSID("$Id: readelf.c 3649 2018-11-24 03:26:23Z emaste $");
@@ -7214,15 +7219,8 @@ process_members:
}
static void
-dump_object(struct readelf *re)
+dump_object(struct readelf *re, int fd)
{
- int fd;
-
- if ((fd = open(re->filename, O_RDONLY)) == -1) {
- warn("open %s failed", re->filename);
- return;
- }
-
if ((re->flags & DISPLAY_FILENAME) != 0)
printf("\nFile: %s\n", re->filename);
@@ -7589,9 +7587,11 @@ readelf_usage(int status)
int
main(int argc, char **argv)
{
+ cap_rights_t rights;
+ fileargs_t *fa;
struct readelf *re, re_storage;
unsigned long si;
- int opt, i;
+ int fd, opt, i;
char *ep;
re = &re_storage;
@@ -7714,9 +7714,28 @@ main(int argc, char **argv)
errx(EXIT_FAILURE, "ELF library initialization failed: %s",
elf_errmsg(-1));
+ cap_rights_init(&rights, CAP_FCNTL, CAP_FSTAT, CAP_MMAP_R, CAP_SEEK);
+ fa = fileargs_init(argc, argv, O_RDONLY, 0, &rights, FA_OPEN);
+ if (fa == NULL)
+ err(1, "Unable to initialize casper fileargs");
+
+ caph_cache_catpages();
+ if (caph_limit_stdio() < 0) {
+ fileargs_free(fa);
+ err(1, "Unable to limit stdio rights");
+ }
+ if (caph_enter_casper() < 0) {
+ fileargs_free(fa);
+ err(1, "Unable to enter capability mode");
+ }
+
for (i = 0; i < argc; i++) {
re->filename = argv[i];
- dump_object(re);
+ fd = fileargs_open(fa, re->filename);
+ if (fd < 0)
+ warn("open %s failed", re->filename);
+ else
+ dump_object(re, fd);
}
exit(EXIT_SUCCESS);
Modified: head/usr.bin/readelf/Makefile
==============================================================================
--- head/usr.bin/readelf/Makefile Thu Aug 1 18:56:32 2019 (r350515)
+++ head/usr.bin/readelf/Makefile Thu Aug 1 18:57:08 2019 (r350516)
@@ -1,5 +1,7 @@
# $FreeBSD$
+.include <src.opts.mk>
+
ELFTCDIR= ${SRCTOP}/contrib/elftoolchain
READELFDIR= ${ELFTCDIR}/readelf
@@ -9,6 +11,12 @@ PROG= readelf
SRCS= readelf.c
LIBADD= dwarf elftc elf
+
+.if ${MK_CASPER} != "no"
+LIBADD+= casper
+LIBADD+= cap_fileargs
+CFLAGS+= -DWITH_CASPER
+.endif
CFLAGS+=-I${ELFTCDIR}/libelftc -I${ELFTCDIR}/common
More information about the svn-src-head
mailing list