diff options
| author | kevans <kevans@FreeBSD.org> | 2018-04-13 03:30:10 +0000 |
|---|---|---|
| committer | kevans <kevans@FreeBSD.org> | 2018-04-13 03:30:10 +0000 |
| commit | 290514978463c1489e8a1914541f6babc3b49f8a (patch) | |
| tree | 99d1c3c9453b8b00045c910c7a3184579daf0852 /bin | |
| parent | c139d765d2c1d1d121192c32e26c11f193dcc304 (diff) | |
| download | FreeBSD-src-290514978463c1489e8a1914541f6babc3b49f8a.zip FreeBSD-src-290514978463c1489e8a1914541f6babc3b49f8a.tar.gz | |
MFC r308432, r308657: Capsicumize some trivial stdio programs
r308432: Capsicumize some trivial stdio programs
Trivially capsicumize some simple programs that just interact with
stdio. This list of programs uses 'pledge("stdio")' in OpenBSD.
r308657: fold(1): Revert incorrect r308432
As Jean-Sébastien notes, fold(1) requires handling argv-supplied files. That
will require a slightly more sophisticated approach.
Diffstat (limited to 'bin')
| -rw-r--r-- | bin/echo/echo.c | 5 | ||||
| -rw-r--r-- | bin/sleep/sleep.c | 4 |
2 files changed, 9 insertions, 0 deletions
diff --git a/bin/echo/echo.c b/bin/echo/echo.c index 68ff581..e40a2a3 100644 --- a/bin/echo/echo.c +++ b/bin/echo/echo.c @@ -45,6 +45,8 @@ __FBSDID("$FreeBSD$"); #include <sys/uio.h> #include <assert.h> +#include <capsicum_helpers.h> +#include <err.h> #include <errno.h> #include <limits.h> #include <stdlib.h> @@ -78,6 +80,9 @@ main(int argc, char *argv[]) char newline[] = "\n"; char *progname = argv[0]; + if (caph_limit_stdio() < 0 || (cap_enter() < 0 && errno != ENOSYS)) + err(1, "capsicum"); + /* This utility may NOT do getopt(3) option parsing. */ if (*++argv && !strcmp(*argv, "-n")) { ++argv; diff --git a/bin/sleep/sleep.c b/bin/sleep/sleep.c index ca08272..7a99125 100644 --- a/bin/sleep/sleep.c +++ b/bin/sleep/sleep.c @@ -41,6 +41,7 @@ static char sccsid[] = "@(#)sleep.c 8.3 (Berkeley) 4/2/94"; #include <sys/cdefs.h> __FBSDID("$FreeBSD$"); +#include <capsicum_helpers.h> #include <ctype.h> #include <err.h> #include <errno.h> @@ -69,6 +70,9 @@ main(int argc, char *argv[]) time_t original; char buf[2]; + if (caph_limit_stdio() < 0 || (cap_enter() < 0 && errno != ENOSYS)) + err(1, "capsicum"); + if (argc != 2) usage(); |
