Reviewed by: emaste, markj, allanjude
Differential Revision: https://reviews.freebsd.org/D17967
On Sun, 18 Nov 2018 at 13:23, Mariusz Zaborski <osho...@freebsd.org> wrote:
>
> Author: oshogbo
> Date: Sun Nov 18 12:23:03 2018
> New Revision: 340572
> URL: https://svnweb.freebsd.org/changeset/base/340572
>
> Log:
> brandelf: capsicumize it
>
> Modified:
> head/usr.bin/brandelf/Makefile
> head/usr.bin/brandelf/brandelf.c
>
> Modified: head/usr.bin/brandelf/Makefile
> ==============================================================================
> --- head/usr.bin/brandelf/Makefile Sun Nov 18 12:09:27 2018
> (r340571)
> +++ head/usr.bin/brandelf/Makefile Sun Nov 18 12:23:03 2018
> (r340572)
> @@ -1,5 +1,13 @@
> # $FreeBSD$
>
> +.include <src.opts.mk>
> +
> PROG= brandelf
> +
> +.if ${MK_CASPER} != "no"
> +LIBADD+= casper
> +LIBADD+= cap_fileargs
> +CFLAGS+= -DWITH_CASPER
> +.endif
>
> .include <bsd.prog.mk>
>
> Modified: head/usr.bin/brandelf/brandelf.c
> ==============================================================================
> --- head/usr.bin/brandelf/brandelf.c Sun Nov 18 12:09:27 2018
> (r340571)
> +++ head/usr.bin/brandelf/brandelf.c Sun Nov 18 12:23:03 2018
> (r340572)
> @@ -33,9 +33,11 @@
> __FBSDID("$FreeBSD$");
>
> #include <sys/param.h>
> +#include <sys/capsicum.h>
> #include <sys/elf_common.h>
> #include <sys/errno.h>
>
> +#include <capsicum_helpers.h>
> #include <err.h>
> #include <fcntl.h>
> #include <stdbool.h>
> @@ -44,6 +46,9 @@ __FBSDID("$FreeBSD$");
> #include <string.h>
> #include <unistd.h>
>
> +#include <libcasper.h>
> +#include <casper/cap_fileargs.h>
> +
> static int elftype(const char *);
> static const char *iselftype(int);
> static void printelftypes(void);
> @@ -66,8 +71,10 @@ main(int argc, char **argv)
> {
>
> const char *strtype = "FreeBSD";
> - int ch, retval, type;
> + int ch, flags, retval, type;
> bool change, force, listed;
> + fileargs_t *fa;
> + cap_rights_t rights;
>
> type = ELFOSABI_FREEBSD;
> retval = 0;
> @@ -121,11 +128,24 @@ main(int argc, char **argv)
> usage();
> }
>
> + flags = change || force ? O_RDWR : O_RDONLY;
> + cap_rights_init(&rights, CAP_READ, CAP_SEEK);
> + if (flags == O_RDWR)
> + cap_rights_set(&rights, CAP_WRITE);
> +
> + fa = fileargs_init(argc, argv, flags, 0, &rights);
> + if (fa == NULL)
> + errx(1, "unable to init casper");
> +
> + caph_cache_catpages();
> + if (caph_limit_stdio() < 0 || caph_enter_casper() < 0)
> + err(1, "unable to enter capability mode");
> +
> while (argc != 0) {
> int fd;
> char buffer[EI_NIDENT];
>
> - if ((fd = open(argv[0], change || force ? O_RDWR : O_RDONLY,
> 0)) < 0) {
> + if ((fd = fileargs_open(fa, argv[0])) < 0) {
> warn("error opening file %s", argv[0]);
> retval = 1;
> goto fail;
> @@ -167,6 +187,7 @@ fail:
> argv++;
> }
>
> + fileargs_free(fa);
> return (retval);
> }
>
> _______________________________________________
> svn-src-head@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/svn-src-head
> To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
