Capsicumize some trivial stdio programs

Trivially capsicumize some simple programs that just interact with stdio. This list of programs uses 'pledge("stdio")' in OpenBSD. No objection from: allanjude, emaste, oshogbo Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D8307
wangyuliu · Nov 8, 2016 · cd1693d · cd1693d
1 parent a965389
commit cd1693d
Show file tree

Hide file tree

Showing 11 changed files with 68 additions and 5 deletions.
diff --git a/bin/echo/echo.c b/bin/echo/echo.c
@@ -45,6 +45,8 @@ __FBSDID("$FreeBSD$");
 #include <sys/uio.h>
 
 #include <assert.h>
+#include <capsicum_helpers.h>
+#include <err.h>
 #include <errno.h>
 #include <limits.h>
 #include <stdlib.h>
@@ -78,6 +80,9 @@ main(int argc, char *argv[])
 	char newline[] = "\n";
 	char *progname = argv[0];
 
+	if (caph_limit_stdio() < 0 || (cap_enter() < 0 && errno != ENOSYS))
+		err(1, "capsicum");
+
 	/* This utility may NOT do getopt(3) option parsing. */
 	if (*++argv && !strcmp(*argv, "-n")) {
 		++argv;

diff --git a/bin/sleep/sleep.c b/bin/sleep/sleep.c
@@ -41,6 +41,7 @@ static char sccsid[] = "@(#)sleep.c	8.3 (Berkeley) 4/2/94";
 #include <sys/cdefs.h>
 __FBSDID("$FreeBSD$");
 
+#include <capsicum_helpers.h>
 #include <ctype.h>
 #include <err.h>
 #include <errno.h>
@@ -69,6 +70,9 @@ main(int argc, char *argv[])
 	time_t original;
 	char buf[2];
 
+	if (caph_limit_stdio() < 0 || (cap_enter() < 0 && errno != ENOSYS))
+		err(1, "capsicum");
+
 	if (argc != 2)
 		usage();
 

diff --git a/usr.bin/basename/basename.c b/usr.bin/basename/basename.c
@@ -42,6 +42,7 @@ static char sccsid[] = "@(#)basename.c	8.4 (Berkeley) 5/4/95";
 #include <sys/cdefs.h>
 __FBSDID("$FreeBSD$");
 
+#include <capsicum_helpers.h>
 #include <err.h>
 #include <libgen.h>
 #include <limits.h>
@@ -64,6 +65,9 @@ main(int argc, char **argv)
 
 	setlocale(LC_ALL, "");
 
+	if (caph_limit_stdio() < 0 || (cap_enter() < 0 && errno != ENOSYS))
+		err(1, "capsicum");
+
 	aflag = 0;
 	suffix = NULL;
 	suffixlen = 0;

diff --git a/usr.bin/dc/dc.c b/usr.bin/dc/dc.c
@@ -22,9 +22,11 @@ __FBSDID("$FreeBSD$");
 
 #include <sys/stat.h>
 
+#include <capsicum_helpers.h>
 #include <ctype.h>
 #include <err.h>
 #include <errno.h>
+#include <fcntl.h>
 #include <getopt.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -58,11 +60,11 @@ usage(void)
 }
 
 static void
-procfile(char *fname) {
+procfd(int fd, char *fname) {
 	struct stat st;
 	FILE *file;
 
-	file = fopen(fname, "r");
+	file = fdopen(fd, "r");
 	if (file == NULL)
 		err(1, "cannot open file %s", fname);
 	if (fstat(fileno(file), &st) == -1)
@@ -80,7 +82,7 @@ procfile(char *fname) {
 int
 main(int argc, char *argv[])
 {
-	int ch;
+	int ch, fd;
 	bool extended_regs = false, preproc_done = false;
 
 	/* accept and ignore a single dash to be 4.4BSD dc(1) compatible */
@@ -97,7 +99,10 @@ main(int argc, char *argv[])
 		case 'f':
 			if (!preproc_done)
 				init_bmachine(extended_regs);
-			procfile(optarg);
+			fd = open(optarg, O_RDONLY);
+			if (fd < 0)
+				err(1, "cannot open file %s", optarg);
+			procfd(fd, optarg);
 			preproc_done = true;
 			break;
 		case 'x':
@@ -126,12 +131,23 @@ main(int argc, char *argv[])
 	if (argc > 1)
 		usage();
 	if (argc == 1) {
-		procfile(argv[0]);
+		fd = open(argv[0], O_RDONLY);
+		if (fd < 0)
+			err(1, "cannot open file %s", argv[0]);
+
+		if (caph_limit_stream(fd, CAPH_READ) < 0 ||
+		    caph_limit_stdio() < 0 ||
+		    (cap_enter() < 0 && errno != ENOSYS))
+			err(1, "capsicum");
+
+		procfd(fd, argv[0]);
 		preproc_done = true;
 	}
 	if (preproc_done)
 		return (0);
 
+	if (caph_limit_stdio() < 0 || (cap_enter() < 0 && errno != ENOSYS))
+		err(1, "capsicum");
 	src_setstream(&src, stdin);
 	reset_bmachine(&src);
 	eval();

diff --git a/usr.bin/dirname/dirname.c b/usr.bin/dirname/dirname.c
@@ -39,6 +39,7 @@ static const char sccsid[] = "@(#)dirname.c	8.4 (Berkeley) 5/4/95";
 #include <sys/cdefs.h>
 __FBSDID("$FreeBSD$");
 
+#include <capsicum_helpers.h>
 #include <err.h>
 #include <libgen.h>
 #include <stdio.h>
@@ -53,6 +54,9 @@ main(int argc, char **argv)
 	char *p;
 	int ch;
 
+	if (caph_limit_stdio() < 0 || (cap_enter() < 0 && errno != ENOSYS))
+		err(1, "capsicum");
+
 	while ((ch = getopt(argc, argv, "")) != -1)
 		switch(ch) {
 		case '?':

diff --git a/usr.bin/fold/fold.c b/usr.bin/fold/fold.c
@@ -45,6 +45,7 @@ static char sccsid[] = "@(#)fold.c	8.1 (Berkeley) 6/6/93";
 #include <sys/cdefs.h>
 __FBSDID("$FreeBSD$");
 
+#include <capsicum_helpers.h>
 #include <err.h>
 #include <limits.h>
 #include <locale.h>
@@ -72,6 +73,9 @@ main(int argc, char **argv)
 
 	(void) setlocale(LC_CTYPE, "");
 
+	if (caph_limit_stdio() < 0 || (cap_enter() < 0 && errno != ENOSYS))
+		err(1, "capsicum");
+
 	width = -1;
 	previous_ch = 0;
 	while ((ch = getopt(argc, argv, "0123456789bsw:")) != -1) {

diff --git a/usr.bin/getopt/getopt.c b/usr.bin/getopt/getopt.c
@@ -6,6 +6,9 @@ __FBSDID("$FreeBSD$");
  * into the public domain and is thus not subject to any copyright.
  */
 
+#include <capsicum_helpers.h>
+#include <err.h>
+#include <errno.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <unistd.h>
@@ -16,6 +19,9 @@ main(int argc, char *argv[])
 	int c;
 	int status = 0;
 
+	if (caph_limit_stdio() < 0 || (cap_enter() < 0 && errno != ENOSYS))
+		err(1, "capsicum");
+
 	optind = 2;	/* Past the program name and the option letters. */
 	while ((c = getopt(argc, argv, argv[1])) != -1)
 		switch (c) {

diff --git a/usr.bin/locate/bigram/locate.bigram.c b/usr.bin/locate/bigram/locate.bigram.c
@@ -57,6 +57,9 @@ static char sccsid[] = "@(#)locate.bigram.c	8.1 (Berkeley) 6/6/93";
  * Use 'code' to encode a file using this output.
  */
 
+#include <capsicum_helpers.h>
+#include <err.h>
+#include <errno.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <sys/param.h>			/* for MAXPATHLEN */
@@ -73,6 +76,9 @@ main(void)
 	u_char *oldpath = buf1, *path = buf2;
 	u_int i, j;
 
+	if (caph_limit_stdio() < 0 || (cap_enter() < 0 && errno != ENOSYS))
+		err(1, "capsicum");
+
      	while (fgets(path, sizeof(buf2), stdin) != NULL) {
 
 		/* 

diff --git a/usr.bin/logname/logname.c b/usr.bin/logname/logname.c
@@ -39,6 +39,7 @@ static const char sccsid[] = "@(#)logname.c	8.2 (Berkeley) 4/3/94";
 #include <sys/cdefs.h>
 __FBSDID("$FreeBSD$");
 
+#include <capsicum_helpers.h>
 #include <err.h>
 #include <unistd.h>
 #include <stdio.h>
@@ -51,6 +52,9 @@ main(int argc, char *argv[] __unused)
 {
 	char *p;
 
+	if (caph_limit_stdio() < 0 || (cap_enter() < 0 && errno != ENOSYS))
+		err(1, "capsicum");
+
 	if (argc != 1)
 		usage();
 	if ((p = getlogin()) == NULL)

diff --git a/usr.bin/printenv/printenv.c b/usr.bin/printenv/printenv.c
@@ -44,6 +44,8 @@ __FBSDID("$FreeBSD$");
 
 #include <sys/types.h>
 
+#include <capsicum_helpers.h>
+#include <err.h>
 #include <stdlib.h>
 #include <stdio.h>
 #include <string.h>
@@ -65,6 +67,9 @@ main(int argc, char *argv[])
 	size_t len;
 	int ch;
 
+	if (caph_limit_stdio() < 0 || (cap_enter() < 0 && errno != ENOSYS))
+		err(1, "capsicum");
+
 	while ((ch = getopt(argc, argv, "")) != -1)
 		switch(ch) {
 		case '?':

diff --git a/usr.bin/yes/yes.c b/usr.bin/yes/yes.c
@@ -41,12 +41,17 @@ static const char rcsid[] = "$FreeBSD$";
 #endif
 #endif /* not lint */
 
+#include <capsicum_helpers.h>
 #include <err.h>
 #include <stdio.h>
 
 int
 main(int argc, char **argv)
 {
+
+	if (caph_limit_stdio() < 0 || (cap_enter() < 0 && errno != ENOSYS))
+		err(1, "capsicum");
+
 	if (argc > 1)
 		while (puts(argv[1]) != EOF)
 			;