Author: ian
Date: Fri Mar 23 16:15:07 2018
New Revision: 331434
URL: https://svnweb.freebsd.org/changeset/base/331434

Log:
  MFC r306657, r306673, r306726, r307737, r309366, r310135, r323990, r324414
  
  r306657:
  libcapsicum: introduce Capsicum helpers
  
  Capsicum helpers are a set of inline functions which goal is to reduce
  duplicated patterns used to Capsicumize applications.
  
  Reviewed by:  cem, AllanJude, bapt, ed, emaste
  Differential Revision:        https://reviews.freebsd.org/D8013
  
  r306673:
  libcapsicum: limit stderr
  
  Don't limit stdout twice, instead limit stderr.
  
  Pointed out by:       rpokala@
  
  r306726:
  Add man pages for Capsicum helpers.
  
  Reviewed by:  cem
  Differential Revision:        https://reviews.freebsd.org/D8154
  
  r307737:
  Fix few sentence in the man page.
  
  Pointed out by:       wblock
  
  r309366:
  capsicum_helpers: Squash errors from closed fds
  
  Squash EBADF from closed stdin, stdout, or stderr in caph_limit_stdio().
  Any program used during special shell scripts may commonly be forked
  from a parent process with closed standard stream.  Do the common sense
  thing for this common use.
  
  Reported by:  Iblis Lin <iblis AT hs.ntnu.edu.tw>
  Reviewed by:  oshogbo@ (earlier version)
  Sponsored by: Dell EMC Isilon
  Differential Revision:        https://reviews.freebsd.org/D8657
  
  r310135:
  capsicum_helpers: Add LOOKUP flag
  
  Add a helper routine for opening a directory that is restricted to being
  used for opening relative files as stdio streams.
  
  I think this will really help basic adaptation of multi-file programs to
  Capsicum. Rather than having each program initialize a rights object and
  ioctl/fcntl arrays for their root fd for relative opens, consolidate in the
  logical place.
  
  Reviewed by:  oshogbo@
  Sponsored by: Dell EMC Isilon
  Differential Revision:        https://reviews.freebsd.org/D8743
  
  r323990:
  capsicum_helpers: Add SEEK to default stdio rights set
  
  PR:           219173
  Sponsored by: Dell EMC Isilon
  
  r324414:
  capsicum_helpers: Add EVENT to default stdio rights set
  
  Without it, calling caph_limit_stdio(3) breaks Irssi.
  
  Reviewed by:  oshogbo
  Sponsored by: DARPA, AFRL
  Differential Revision:        https://reviews.freebsd.org/D12622

Added:
  stable/11/lib/libcapsicum/
     - copied from r306657, head/lib/libcapsicum/
  stable/11/lib/libcapsicum/Makefile.depend
     - copied unchanged from r308605, head/lib/libcapsicum/Makefile.depend
  stable/11/lib/libcapsicum/capsicum_helpers.3
     - copied, changed from r306726, head/lib/libcapsicum/capsicum_helpers.3
Modified:
  stable/11/lib/Makefile
  stable/11/lib/libcapsicum/Makefile
  stable/11/lib/libcapsicum/capsicum_helpers.h
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/lib/Makefile
==============================================================================
--- stable/11/lib/Makefile      Fri Mar 23 15:50:01 2018        (r331433)
+++ stable/11/lib/Makefile      Fri Mar 23 16:15:07 2018        (r331434)
@@ -38,6 +38,7 @@ SUBDIR=       ${SUBDIR_BOOTSTRAP} \
        libbz2 \
        libcalendar \
        libcam \
+       libcapsicum \
        ${_libcasper} \
        ${_libcom_err} \
        libcompat \

Modified: stable/11/lib/libcapsicum/Makefile
==============================================================================
--- head/lib/libcapsicum/Makefile       Mon Oct  3 20:48:18 2016        
(r306657)
+++ stable/11/lib/libcapsicum/Makefile  Fri Mar 23 16:15:07 2018        
(r331434)
@@ -4,4 +4,14 @@ PACKAGE=lib${LIB}
 
 INCS=  capsicum_helpers.h
 
+MAN+=  capsicum_helpers.3
+
+MLINKS+=capsicum_helpers.3 caph_limit_stream.3
+MLINKS+=capsicum_helpers.3 caph_limit_stdin.3
+MLINKS+=capsicum_helpers.3 caph_limit_stderr.3
+MLINKS+=capsicum_helpers.3 caph_limit_stdout.3
+MLINKS+=capsicum_helpers.3 caph_limit_stdio.3
+MLINKS+=capsicum_helpers.3 caph_cache_tzdata.3
+MLINKS+=capsicum_helpers.3 caph_cache_catpages.3
+
 .include <bsd.lib.mk>

Copied: stable/11/lib/libcapsicum/Makefile.depend (from r308605, 
head/lib/libcapsicum/Makefile.depend)
==============================================================================
--- /dev/null   00:00:00 1970   (empty, because file is newly added)
+++ stable/11/lib/libcapsicum/Makefile.depend   Fri Mar 23 16:15:07 2018        
(r331434, copy of r308605, head/lib/libcapsicum/Makefile.depend)
@@ -0,0 +1,11 @@
+# $FreeBSD$
+# Autogenerated - do NOT edit!
+
+DIRDEPS = \
+
+
+.include <dirdeps.mk>
+
+.if ${DEP_RELDIR} == ${_DEP_RELDIR}
+# local dependencies - needed for -jN in clean tree
+.endif

Copied and modified: stable/11/lib/libcapsicum/capsicum_helpers.3 (from 
r306726, head/lib/libcapsicum/capsicum_helpers.3)
==============================================================================
--- head/lib/libcapsicum/capsicum_helpers.3     Wed Oct  5 20:02:34 2016        
(r306726, copy source)
+++ stable/11/lib/libcapsicum/capsicum_helpers.3        Fri Mar 23 16:15:07 
2018        (r331434)
@@ -24,7 +24,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd October 5, 2016
+.Dd October 21, 2016
 .Dt CAPSICUM_HELPERS 3
 .Os
 .Sh NAME
@@ -57,7 +57,8 @@
 .Sh DESCRIPTION
 The
 .Nm capsicum helpers
-are a set of a inline functions which simplify Capsicumizing programs.
+are a set of a inline functions which simplify modifying programs to use
+Capsicum.
 The goal is to reduce duplicated code patterns.
 The
 .Nm capsicum helpers
@@ -70,7 +71,7 @@ restricts capabilities on
 .Fa fd
 to only those needed by POSIX stream objects (that is, FILEs).
 .Pp
-The following flags can be provided:
+These flags can be provided:
 .Pp
 .Bl -tag -width "CAPH_IGNORE_EBADF" -compact -offset indent
 .It Dv CAPH_IGNORE_EBADF

Modified: stable/11/lib/libcapsicum/capsicum_helpers.h
==============================================================================
--- head/lib/libcapsicum/capsicum_helpers.h     Mon Oct  3 20:48:18 2016        
(r306657)
+++ stable/11/lib/libcapsicum/capsicum_helpers.h        Fri Mar 23 16:15:07 
2018        (r331434)
@@ -41,6 +41,7 @@
 #define        CAPH_IGNORE_EBADF       0x0001
 #define        CAPH_READ               0x0002
 #define        CAPH_WRITE              0x0004
+#define        CAPH_LOOKUP             0x0008
 
 static __inline int
 caph_limit_stream(int fd, int flags)
@@ -48,12 +49,15 @@ caph_limit_stream(int fd, int flags)
        cap_rights_t rights;
        unsigned long cmds[] = { TIOCGETA, TIOCGWINSZ };
 
-       cap_rights_init(&rights, CAP_FCNTL, CAP_FSTAT, CAP_IOCTL);
+       cap_rights_init(&rights, CAP_EVENT, CAP_FCNTL, CAP_FSTAT,
+           CAP_IOCTL, CAP_SEEK);
 
        if ((flags & CAPH_READ) != 0)
                cap_rights_set(&rights, CAP_READ);
        if ((flags & CAPH_WRITE) != 0)
                cap_rights_set(&rights, CAP_WRITE);
+       if ((flags & CAPH_LOOKUP) != 0)
+               cap_rights_set(&rights, CAP_LOOKUP);
 
        if (cap_rights_limit(fd, &rights) < 0 && errno != ENOSYS) {
                if (errno == EBADF && (flags & CAPH_IGNORE_EBADF) != 0)
@@ -94,12 +98,12 @@ caph_limit_stdout(void)
 static __inline int
 caph_limit_stdio(void)
 {
+       const int iebadf = CAPH_IGNORE_EBADF;
 
-       if (caph_limit_stdin() == -1 || caph_limit_stdout() == -1 ||
-           caph_limit_stdout() == -1) {
+       if (caph_limit_stream(STDIN_FILENO, CAPH_READ | iebadf) == -1 ||
+           caph_limit_stream(STDOUT_FILENO, CAPH_WRITE | iebadf) == -1 ||
+           caph_limit_stream(STDERR_FILENO, CAPH_WRITE | iebadf) == -1)
                return (-1);
-       }
-
        return (0);
 }
 
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to