FreeBSD Bugzilla – Attachment 201112 Details for
Bug 234885
cmp(1) Capsicum error if stdin closed
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
patch
diff (text/plain), 2.01 KB, created by
Mark Johnston
on 2019-01-14 04:13:22 UTC
(
hide
)
Description:
patch
Filename:
MIME Type:
Creator:
Mark Johnston
Created:
2019-01-14 04:13:22 UTC
Size:
2.01 KB
patch
obsolete
>diff --git a/usr.bin/cmp/cmp.c b/usr.bin/cmp/cmp.c >index b8d5dba14ec4..b183dff20d44 100644 >--- a/usr.bin/cmp/cmp.c >+++ b/usr.bin/cmp/cmp.c >@@ -116,14 +116,16 @@ main(int argc, char *argv[]) > if (argc < 2 || argc > 4) > usage(); > >+ if (caph_limit_stdio() == -1) >+ err(ERR_EXIT, "failed to limit stdio"); >+ > /* Backward compatibility -- handle "-" meaning stdin. */ > special = 0; > if (strcmp(file1 = argv[0], "-") == 0) { > special = 1; >- fd1 = 0; >+ fd1 = STDIN_FILENO; > file1 = "stdin"; >- } >- else if ((fd1 = open(file1, oflag, 0)) < 0 && errno != EMLINK) { >+ } else if ((fd1 = open(file1, oflag, 0)) < 0 && errno != EMLINK) { > if (!sflag) > err(ERR_EXIT, "%s", file1); > else >@@ -134,10 +136,9 @@ main(int argc, char *argv[]) > errx(ERR_EXIT, > "standard input may only be specified once"); > special = 1; >- fd2 = 0; >+ fd2 = STDIN_FILENO; > file2 = "stdin"; >- } >- else if ((fd2 = open(file2, oflag, 0)) < 0 && errno != EMLINK) { >+ } else if ((fd2 = open(file2, oflag, 0)) < 0 && errno != EMLINK) { > if (!sflag) > err(ERR_EXIT, "%s", file2); > else >@@ -162,6 +163,13 @@ main(int argc, char *argv[]) > exit(ERR_EXIT); > } > >+ /* We can further limit rights on stdin if we know it won't be used. */ >+ if (!special && fd1 != STDIN_FILENO && fd2 != STDIN_FILENO) { >+ cap_rights_init(&rights); >+ if (caph_rights_limit(STDIN_FILENO, &rights) < 0) >+ err(ERR_EXIT, "unable to limit stdio"); >+ } >+ > cap_rights_init(&rights, CAP_FCNTL, CAP_FSTAT, CAP_MMAP_R); > if (caph_rights_limit(fd1, &rights) < 0) > err(ERR_EXIT, "unable to limit rights for %s", file1); >@@ -175,16 +183,6 @@ main(int argc, char *argv[]) > if (caph_fcntls_limit(fd2, fcntls) < 0) > err(ERR_EXIT, "unable to limit fcntls for %s", file2); > >- if (!special) { >- cap_rights_init(&rights); >- if (caph_rights_limit(STDIN_FILENO, &rights) < 0) { >- err(ERR_EXIT, "unable to limit stdio"); >- } >- } >- >- if (caph_limit_stdout() == -1 || caph_limit_stderr() == -1) >- err(ERR_EXIT, "unable to limit stdio"); >- > caph_cache_catpages(); > > if (caph_enter() < 0)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=201112">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 234885
:
201110
| 201112