aboutsummaryrefslogtreecommitdiff
path: root/usr.bin
diff options
context:
space:
mode:
Diffstat (limited to 'usr.bin')
-rw-r--r--usr.bin/cmp/cmp.c19
-rw-r--r--usr.bin/col/col.c14
-rw-r--r--usr.bin/elfdump/elfdump.c16
-rw-r--r--usr.bin/kdump/kdump.c42
-rw-r--r--usr.bin/tee/tee.c32
-rw-r--r--usr.bin/tr/tr.c24
6 files changed, 28 insertions, 119 deletions
diff --git a/usr.bin/cmp/cmp.c b/usr.bin/cmp/cmp.c
index b1e0c4cc9106..2aa5603e49ef 100644
--- a/usr.bin/cmp/cmp.c
+++ b/usr.bin/cmp/cmp.c
@@ -46,6 +46,7 @@ __FBSDID("$FreeBSD$");
#include <sys/capsicum.h>
#include <sys/stat.h>
+#include <capsicum_helpers.h>
#include <err.h>
#include <errno.h>
#include <fcntl.h>
@@ -53,7 +54,6 @@ __FBSDID("$FreeBSD$");
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-#include <termios.h>
#include <unistd.h>
#include "extern.h"
@@ -70,7 +70,6 @@ main(int argc, char *argv[])
int ch, fd1, fd2, oflag, special;
const char *file1, *file2;
cap_rights_t rights;
- unsigned long cmd;
uint32_t fcntls;
oflag = O_RDONLY;
@@ -165,20 +164,10 @@ main(int argc, char *argv[])
if (cap_fcntls_limit(fd2, fcntls) < 0 && errno != ENOSYS)
err(ERR_EXIT, "unable to limit fcntls for %s", file2);
- cap_rights_init(&rights, CAP_FSTAT, CAP_WRITE, CAP_IOCTL);
- if (cap_rights_limit(STDOUT_FILENO, &rights) < 0 && errno != ENOSYS)
- err(ERR_EXIT, "unable to limit rights for stdout");
+ if (caph_limit_stdout() == -1 || caph_limit_stderr() == -1)
+ err(ERR_EXIT, "unable to limit stdio");
- /* Required for printf(3) via isatty(3). */
- cmd = TIOCGETA;
- if (cap_ioctls_limit(STDOUT_FILENO, &cmd, 1) < 0 && errno != ENOSYS)
- err(ERR_EXIT, "unable to limit ioctls for stdout");
-
- /*
- * Cache NLS data, for strerror, for err(3), before entering capability
- * mode.
- */
- (void)catopen("libc", NL_CAT_LOCALE);
+ caph_cache_catpages();
if (cap_enter() < 0 && errno != ENOSYS)
err(ERR_EXIT, "unable to enter capability mode");
diff --git a/usr.bin/col/col.c b/usr.bin/col/col.c
index 13df126e00ba..793cf41167ae 100644
--- a/usr.bin/col/col.c
+++ b/usr.bin/col/col.c
@@ -47,6 +47,7 @@ __FBSDID("$FreeBSD$");
#include <sys/capsicum.h>
+#include <capsicum_helpers.h>
#include <err.h>
#include <errno.h>
#include <locale.h>
@@ -135,20 +136,11 @@ main(int argc, char **argv)
int nflushd_lines; /* number of lines that were flushed */
int adjust, opt, warned, width;
const char *errstr;
- cap_rights_t rights;
- unsigned long cmd;
(void)setlocale(LC_CTYPE, "");
- cap_rights_init(&rights, CAP_FSTAT, CAP_READ);
- if (cap_rights_limit(STDIN_FILENO, &rights) < 0 && errno != ENOSYS)
- err(1, "unable to limit rights for stdin");
- cap_rights_init(&rights, CAP_FSTAT, CAP_WRITE, CAP_IOCTL);
- if (cap_rights_limit(STDOUT_FILENO, &rights) < 0 && errno != ENOSYS)
- err(1, "unable to limit rights for stdout");
- cmd = TIOCGETA; /* required by isatty(3) in printf(3) */
- if (cap_ioctls_limit(STDOUT_FILENO, &cmd, 1) < 0 && errno != ENOSYS)
- err(1, "unable to limit ioctls for stdout");
+ if (caph_limit_stdio() == -1)
+ err(1, "unable to limit stdio");
if (cap_enter() < 0 && errno != ENOSYS)
err(1, "unable to enter capability mode");
diff --git a/usr.bin/elfdump/elfdump.c b/usr.bin/elfdump/elfdump.c
index 3a70326270c8..3cffc9138743 100644
--- a/usr.bin/elfdump/elfdump.c
+++ b/usr.bin/elfdump/elfdump.c
@@ -36,6 +36,7 @@ __FBSDID("$FreeBSD$");
#include <sys/endian.h>
#include <sys/mman.h>
#include <sys/stat.h>
+#include <capsicum_helpers.h>
#include <err.h>
#include <errno.h>
#include <fcntl.h>
@@ -44,7 +45,6 @@ __FBSDID("$FreeBSD$");
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-#include <termios.h>
#include <unistd.h>
#define ED_DYN (1<<0)
@@ -505,7 +505,6 @@ main(int ac, char **av)
u_int64_t name;
u_int64_t type;
struct stat sb;
- unsigned long cmd;
u_int flags;
Elf32_Ehdr *e;
void *p;
@@ -573,14 +572,11 @@ main(int ac, char **av)
cap_rights_init(&rights, CAP_MMAP_R);
if (cap_rights_limit(fd, &rights) < 0 && errno != ENOSYS)
err(1, "unable to limit rights for %s", *av);
- cap_rights_limit(STDIN_FILENO, cap_rights_init(&rights));
- cap_rights_init(&rights, CAP_FSTAT, CAP_IOCTL, CAP_WRITE);
- cmd = TIOCGETA; /* required by isatty(3) in printf(3) */
- if ((cap_rights_limit(STDOUT_FILENO, &rights) < 0 && errno != ENOSYS) ||
- (cap_ioctls_limit(STDOUT_FILENO, &cmd, 1) < 0 && errno != ENOSYS) ||
- (cap_rights_limit(STDERR_FILENO, &rights) < 0 && errno != ENOSYS) ||
- (cap_ioctls_limit(STDERR_FILENO, &cmd, 1) < 0 && errno != ENOSYS))
- err(1, "unable to limit rights for stdout/stderr");
+ cap_rights_init(&rights);
+ if ((cap_rights_limit(STDIN_FILENO, &rights) < 0 && errno != ENOSYS) ||
+ caph_limit_stdout() < 0 || caph_limit_stderr() < 0) {
+ err(1, "unable to limit rights for stdio");
+ }
if (cap_enter() < 0 && errno != ENOSYS)
err(1, "unable to enter capability mode");
e = mmap(NULL, sb.st_size, PROT_READ, MAP_SHARED, fd, 0);
diff --git a/usr.bin/kdump/kdump.c b/usr.bin/kdump/kdump.c
index 35daf2804f61..9b5aad75db25 100644
--- a/usr.bin/kdump/kdump.c
+++ b/usr.bin/kdump/kdump.c
@@ -62,6 +62,7 @@ __FBSDID("$FreeBSD$");
#include <arpa/inet.h>
#include <netinet/in.h>
#include <ctype.h>
+#include <capsicum_helpers.h>
#include <err.h>
#include <grp.h>
#include <inttypes.h>
@@ -74,7 +75,6 @@ __FBSDID("$FreeBSD$");
#include <stdlib.h>
#include <string.h>
#include <sysdecode.h>
-#include <termios.h>
#include <time.h>
#include <unistd.h>
#include <vis.h>
@@ -110,7 +110,6 @@ void ktrstruct(char *, size_t);
void ktrcapfail(struct ktr_cap_fail *);
void ktrfault(struct ktr_fault *);
void ktrfaultend(struct ktr_faultend *);
-void limitfd(int fd);
void usage(void);
#define TIMESTAMP_NONE 0x0
@@ -337,9 +336,8 @@ main(int argc, char *argv[])
err(1, "unable to enter capability mode");
}
#endif
- limitfd(STDIN_FILENO);
- limitfd(STDOUT_FILENO);
- limitfd(STDERR_FILENO);
+ if (caph_limit_stdio() == -1)
+ err(1, "unable to limit stdio");
TAILQ_INIT(&trace_procs);
drop_logged = 0;
@@ -432,40 +430,6 @@ main(int argc, char *argv[])
return 0;
}
-void
-limitfd(int fd)
-{
- cap_rights_t rights;
- unsigned long cmd;
-
- cap_rights_init(&rights, CAP_FSTAT);
- cmd = 0;
-
- switch (fd) {
- case STDIN_FILENO:
- cap_rights_set(&rights, CAP_READ);
- break;
- case STDOUT_FILENO:
- cap_rights_set(&rights, CAP_IOCTL, CAP_WRITE);
- cmd = TIOCGETA; /* required by isatty(3) in printf(3) */
- break;
- case STDERR_FILENO:
- cap_rights_set(&rights, CAP_WRITE);
- if (!suppressdata) {
- cap_rights_set(&rights, CAP_IOCTL);
- cmd = TIOCGWINSZ;
- }
- break;
- default:
- abort();
- }
-
- if (cap_rights_limit(fd, &rights) < 0 && errno != ENOSYS)
- err(1, "unable to limit rights for descriptor %d", fd);
- if (cmd != 0 && cap_ioctls_limit(fd, &cmd, 1) < 0 && errno != ENOSYS)
- err(1, "unable to limit ioctls for descriptor %d", fd);
-}
-
int
fread_tail(void *buf, int size, int num)
{
diff --git a/usr.bin/tee/tee.c b/usr.bin/tee/tee.c
index 302bb97e32ca..dafbac118447 100644
--- a/usr.bin/tee/tee.c
+++ b/usr.bin/tee/tee.c
@@ -45,6 +45,7 @@ static const char rcsid[] =
#include <sys/stat.h>
#include <sys/types.h>
+#include <capsicum_helpers.h>
#include <err.h>
#include <errno.h>
#include <fcntl.h>
@@ -52,7 +53,6 @@ static const char rcsid[] =
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-#include <termios.h>
#include <unistd.h>
typedef struct _list {
@@ -73,8 +73,6 @@ main(int argc, char *argv[])
char *bp;
int append, ch, exitval;
char *buf;
- cap_rights_t rights;
- unsigned long cmd;
#define BSIZE (8 * 1024)
append = 0;
@@ -96,15 +94,8 @@ main(int argc, char *argv[])
if ((buf = malloc(BSIZE)) == NULL)
err(1, "malloc");
- cap_rights_init(&rights, CAP_READ, CAP_FSTAT);
- if (cap_rights_limit(STDIN_FILENO, &rights) < 0 && errno != ENOSYS)
- err(EXIT_FAILURE, "unable to limit rights for stdin");
- cap_rights_init(&rights, CAP_WRITE, CAP_FSTAT, CAP_IOCTL);
- if (cap_rights_limit(STDERR_FILENO, &rights) < 0 && errno != ENOSYS)
- err(EXIT_FAILURE, "unable to limit rights for stderr");
- cmd = TIOCGETA;
- if (cap_ioctls_limit(STDERR_FILENO, &cmd, 1) < 0 && errno != ENOSYS)
- err(EXIT_FAILURE, "unable to limit ioctls for stderr");
+ if (caph_limit_stdin() == -1 || caph_limit_stderr() == -1)
+ err(EXIT_FAILURE, "unable to limit stdio");
add(STDOUT_FILENO, "stdout");
@@ -148,19 +139,14 @@ add(int fd, const char *name)
{
LIST *p;
cap_rights_t rights;
- unsigned long cmd;
-
- if (fd == STDOUT_FILENO)
- cap_rights_init(&rights, CAP_WRITE, CAP_FSTAT, CAP_IOCTL);
- else
- cap_rights_init(&rights, CAP_WRITE, CAP_FSTAT);
- if (cap_rights_limit(fd, &rights) < 0 && errno != ENOSYS)
- err(EXIT_FAILURE, "unable to limit rights");
if (fd == STDOUT_FILENO) {
- cmd = TIOCGETA;
- if (cap_ioctls_limit(fd, &cmd, 1) < 0 && errno != ENOSYS)
- err(EXIT_FAILURE, "unable to limit ioctls for stdout");
+ if (caph_limit_stdout() == -1)
+ err(EXIT_FAILURE, "unable to limit stdout");
+ } else {
+ cap_rights_init(&rights, CAP_WRITE, CAP_FSTAT);
+ if (cap_rights_limit(fd, &rights) < 0 && errno != ENOSYS)
+ err(EXIT_FAILURE, "unable to limit rights");
}
if ((p = malloc(sizeof(LIST))) == NULL)
diff --git a/usr.bin/tr/tr.c b/usr.bin/tr/tr.c
index b22ae7d3e248..a6490db720dd 100644
--- a/usr.bin/tr/tr.c
+++ b/usr.bin/tr/tr.c
@@ -44,16 +44,15 @@ static const char sccsid[] = "@(#)tr.c 8.2 (Berkeley) 5/4/95";
#include <sys/types.h>
#include <sys/capsicum.h>
+#include <capsicum_helpers.h>
#include <ctype.h>
#include <err.h>
-#include <errno.h>
#include <limits.h>
#include <locale.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-#include <termios.h>
#include <unistd.h>
#include <wchar.h>
#include <wctype.h>
@@ -72,8 +71,6 @@ int
main(int argc, char **argv)
{
static int carray[NCHARS_SB];
- cap_rights_t rights;
- unsigned long cmd;
struct cmap *map;
struct cset *delete, *squeeze;
int n, *p;
@@ -82,23 +79,8 @@ main(int argc, char **argv)
(void)setlocale(LC_ALL, "");
- cap_rights_init(&rights, CAP_FSTAT, CAP_IOCTL, CAP_READ);
- if (cap_rights_limit(STDIN_FILENO, &rights) < 0 && errno != ENOSYS)
- err(1, "unable to limit rights for stdin");
- cap_rights_init(&rights, CAP_FSTAT, CAP_IOCTL, CAP_WRITE);
- if (cap_rights_limit(STDOUT_FILENO, &rights) < 0 && errno != ENOSYS)
- err(1, "unable to limit rights for stdout");
- if (cap_rights_limit(STDERR_FILENO, &rights) < 0 && errno != ENOSYS)
- err(1, "unable to limit rights for stderr");
-
- /* Required for isatty(3). */
- cmd = TIOCGETA;
- if (cap_ioctls_limit(STDIN_FILENO, &cmd, 1) < 0 && errno != ENOSYS)
- err(1, "unable to limit ioctls for stdin");
- if (cap_ioctls_limit(STDOUT_FILENO, &cmd, 1) < 0 && errno != ENOSYS)
- err(1, "unable to limit ioctls for stdout");
- if (cap_ioctls_limit(STDERR_FILENO, &cmd, 1) < 0 && errno != ENOSYS)
- err(1, "unable to limit ioctls for stderr");
+ if (caph_limit_stdio() == -1)
+ err(1, "unable to limit stdio");
if (cap_enter() < 0 && errno != ENOSYS)
err(1, "unable to enter capability mode");
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-07 10:23:09 +0000