|
Lines 116-129
main(int argc, char *argv[])
Link Here
|
| 116 |
if (argc < 2 || argc > 4) |
116 |
if (argc < 2 || argc > 4) |
| 117 |
usage(); |
117 |
usage(); |
| 118 |
|
118 |
|
|
|
119 |
if (caph_limit_stdio() == -1) |
| 120 |
err(ERR_EXIT, "failed to limit stdio"); |
| 121 |
|
| 119 |
/* Backward compatibility -- handle "-" meaning stdin. */ |
122 |
/* Backward compatibility -- handle "-" meaning stdin. */ |
| 120 |
special = 0; |
123 |
special = 0; |
| 121 |
if (strcmp(file1 = argv[0], "-") == 0) { |
124 |
if (strcmp(file1 = argv[0], "-") == 0) { |
| 122 |
special = 1; |
125 |
special = 1; |
| 123 |
fd1 = 0; |
126 |
fd1 = STDIN_FILENO; |
| 124 |
file1 = "stdin"; |
127 |
file1 = "stdin"; |
| 125 |
} |
128 |
} else if ((fd1 = open(file1, oflag, 0)) < 0 && errno != EMLINK) { |
| 126 |
else if ((fd1 = open(file1, oflag, 0)) < 0 && errno != EMLINK) { |
|
|
| 127 |
if (!sflag) |
129 |
if (!sflag) |
| 128 |
err(ERR_EXIT, "%s", file1); |
130 |
err(ERR_EXIT, "%s", file1); |
| 129 |
else |
131 |
else |
|
Lines 134-143
main(int argc, char *argv[])
Link Here
|
| 134 |
errx(ERR_EXIT, |
136 |
errx(ERR_EXIT, |
| 135 |
"standard input may only be specified once"); |
137 |
"standard input may only be specified once"); |
| 136 |
special = 1; |
138 |
special = 1; |
| 137 |
fd2 = 0; |
139 |
fd2 = STDIN_FILENO; |
| 138 |
file2 = "stdin"; |
140 |
file2 = "stdin"; |
| 139 |
} |
141 |
} else if ((fd2 = open(file2, oflag, 0)) < 0 && errno != EMLINK) { |
| 140 |
else if ((fd2 = open(file2, oflag, 0)) < 0 && errno != EMLINK) { |
|
|
| 141 |
if (!sflag) |
142 |
if (!sflag) |
| 142 |
err(ERR_EXIT, "%s", file2); |
143 |
err(ERR_EXIT, "%s", file2); |
| 143 |
else |
144 |
else |
|
Lines 162-167
main(int argc, char *argv[])
Link Here
|
| 162 |
exit(ERR_EXIT); |
163 |
exit(ERR_EXIT); |
| 163 |
} |
164 |
} |
| 164 |
|
165 |
|
|
|
166 |
/* We can further limit rights on stdin if we know it won't be used. */ |
| 167 |
if (!special && fd1 != STDIN_FILENO && fd2 != STDIN_FILENO) { |
| 168 |
cap_rights_init(&rights); |
| 169 |
if (caph_rights_limit(STDIN_FILENO, &rights) < 0) |
| 170 |
err(ERR_EXIT, "unable to limit stdio"); |
| 171 |
} |
| 172 |
|
| 165 |
cap_rights_init(&rights, CAP_FCNTL, CAP_FSTAT, CAP_MMAP_R); |
173 |
cap_rights_init(&rights, CAP_FCNTL, CAP_FSTAT, CAP_MMAP_R); |
| 166 |
if (caph_rights_limit(fd1, &rights) < 0) |
174 |
if (caph_rights_limit(fd1, &rights) < 0) |
| 167 |
err(ERR_EXIT, "unable to limit rights for %s", file1); |
175 |
err(ERR_EXIT, "unable to limit rights for %s", file1); |
|
Lines 175-190
main(int argc, char *argv[])
Link Here
|
| 175 |
if (caph_fcntls_limit(fd2, fcntls) < 0) |
183 |
if (caph_fcntls_limit(fd2, fcntls) < 0) |
| 176 |
err(ERR_EXIT, "unable to limit fcntls for %s", file2); |
184 |
err(ERR_EXIT, "unable to limit fcntls for %s", file2); |
| 177 |
|
185 |
|
| 178 |
if (!special) { |
|
|
| 179 |
cap_rights_init(&rights); |
| 180 |
if (caph_rights_limit(STDIN_FILENO, &rights) < 0) { |
| 181 |
err(ERR_EXIT, "unable to limit stdio"); |
| 182 |
} |
| 183 |
} |
| 184 |
|
| 185 |
if (caph_limit_stdout() == -1 || caph_limit_stderr() == -1) |
| 186 |
err(ERR_EXIT, "unable to limit stdio"); |
| 187 |
|
| 188 |
caph_cache_catpages(); |
186 |
caph_cache_catpages(); |
| 189 |
|
187 |
|
| 190 |
if (caph_enter() < 0) |
188 |
if (caph_enter() < 0) |