git: 2ea65afbd11d - main - md5: extend capabilites
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 07 Aug 2023 12:19:13 UTC
The branch main has been updated by oshogbo: URL: https://cgit.FreeBSD.org/src/commit/?id=2ea65afbd11d40df9ada460d6503cf5fc5fbbf9d commit 2ea65afbd11d40df9ada460d6503cf5fc5fbbf9d Author: Mariusz Zaborski <oshogbo@FreeBSD.org> AuthorDate: 2023-08-07 12:16:03 +0000 Commit: Mariusz Zaborski <oshogbo@FreeBSD.org> CommitDate: 2023-08-07 12:19:26 +0000 md5: extend capabilites In 4849767cb16a4, we did a large refactor of the md5(1) source code. One of them is that instead of reading data using read(2) syscall, we are using binary stream input (fread(3)). fread(3) requires additional Capsicum capabilities: sha256 CAP operation requires CAP_FSTAT, descriptor holds CAP_READ sha256 RET fstat -1 errno 93 Capabilities insufficient Reviewed by: des Differential Revision: https://reviews.freebsd.org/D41348 --- sbin/md5/md5.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sbin/md5/md5.c b/sbin/md5/md5.c index 459d364f8ca7..abc542ced82c 100644 --- a/sbin/md5/md5.c +++ b/sbin/md5/md5.c @@ -621,7 +621,7 @@ main(int argc, char *argv[]) */ if (*(argv + 1) == NULL) { #ifdef HAVE_CAPSICUM - cap_rights_init(&rights, CAP_READ); + cap_rights_init(&rights, CAP_READ, CAP_FSTAT); if (caph_rights_limit(fileno(f), &rights) < 0 || caph_enter() < 0) err(1, "capsicum");