From nobody Mon Aug 07 12:19:13 2023 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RKFjs5mtWz4mW3r; Mon, 7 Aug 2023 12:19:13 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RKFjs5HB5z3Y6r; Mon, 7 Aug 2023 12:19:13 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1691410753; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=sLsxvwzxq2Lmub+/jyMdLQx7QEllZKMOXxkhVn2k8Ws=; b=TT7DZVRkhBevslDGvRQyPAFHSeiPqo31PmiRfvR+nKdRa5lF0L5D6x/i24aVtVdUOSnbsb S1n/gp8C9Tm+uQpwedrI1QEkx8eXwse7rpIY9VVOGSba+Y105+pNnesG1a05wdROxBd5i/ Pg3KZRev0wo+KWsD0p9YsW/X4U8UfLLHB0zPn7bv8CyzpWGUu6IwrtAfv6J8VV8QSndKrB x4LdE/VcMTAdpksr33jDBcnmPcKBaPMB5tL7gb5UA2ctxnw1PhBigop14m8iMCEWdOrTr3 v6vYA9HCRbYfCwQD3n0FrBdUvX6hZxLTTiHG6mtaM3VBouPLIYaT3zPnD1Ondw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1691410753; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=sLsxvwzxq2Lmub+/jyMdLQx7QEllZKMOXxkhVn2k8Ws=; b=tjO7/1WMkK5Sc6ywANcMop4cGjQXmoY/UN8AHy7PLGu8Z2/TdR6jolSEXSGGrxCY2oZAAg WAdI0oAZE5pkKebNDv40zgnmOyC15s3+1l+MqvYAZh6ddeB90I9H+g8It4C0hR/nKYa/bS kAzeEAfkmvVppvuCX3MmXyjwASk/IWFvVY2viY1BxHjGD4gSPKfc6uMJ4In2NKAD50wdqX aoM6OeTulXdiMOcRbP8GTG+5um2ymTCBqEqx1MtXQWK5uqA45+ec2hGgDNpKhj42Wnrvto xOGjzCwiy6UK8I25fkBx2NUYpr6GB3xt1MagiN+YV74sN9iK/i98As2xB+r2vg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1691410753; a=rsa-sha256; cv=none; b=luVKRYj24yMqO99J0LKluIarGa1+AbPBH9FAohgUpXGlPeWOa/JQSIWfn7RCVM17Ko4baw nx0DgnnTOTAxafQWYq0TGSWj55LJXpeIwNZ4gqgrdgA6TCo8v51GvsxHs4krIQyPrt48LN /STXY9dviNSPkHfejMCMgSq/fCUp7Ny+ouoTA9zgXgilWV2wl9ibPn9K5KBLQ32M3B2ePu k4+8azOyDTfYURzVV+C//hD8c+it4U5fov/hpDZPOaXjXqHzXIJkPpc03VugAkesApcX7y YvoedBrve3jWaXci9HK0XekWb3ePqL5Ahs/DoyHHDee4ICEJBZAUolXnu8vLfQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4RKFjs4Nknzs7D; Mon, 7 Aug 2023 12:19:13 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 377CJDSM010447; Mon, 7 Aug 2023 12:19:13 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 377CJDp5010446; Mon, 7 Aug 2023 12:19:13 GMT (envelope-from git) Date: Mon, 7 Aug 2023 12:19:13 GMT Message-Id: <202308071219.377CJDp5010446@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Mariusz Zaborski Subject: git: 2ea65afbd11d - main - md5: extend capabilites List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: oshogbo X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 2ea65afbd11d40df9ada460d6503cf5fc5fbbf9d Auto-Submitted: auto-generated The branch main has been updated by oshogbo: URL: https://cgit.FreeBSD.org/src/commit/?id=2ea65afbd11d40df9ada460d6503cf5fc5fbbf9d commit 2ea65afbd11d40df9ada460d6503cf5fc5fbbf9d Author: Mariusz Zaborski AuthorDate: 2023-08-07 12:16:03 +0000 Commit: Mariusz Zaborski CommitDate: 2023-08-07 12:19:26 +0000 md5: extend capabilites In 4849767cb16a4, we did a large refactor of the md5(1) source code. One of them is that instead of reading data using read(2) syscall, we are using binary stream input (fread(3)). fread(3) requires additional Capsicum capabilities: sha256 CAP operation requires CAP_FSTAT, descriptor holds CAP_READ sha256 RET fstat -1 errno 93 Capabilities insufficient Reviewed by: des Differential Revision: https://reviews.freebsd.org/D41348 --- sbin/md5/md5.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sbin/md5/md5.c b/sbin/md5/md5.c index 459d364f8ca7..abc542ced82c 100644 --- a/sbin/md5/md5.c +++ b/sbin/md5/md5.c @@ -621,7 +621,7 @@ main(int argc, char *argv[]) */ if (*(argv + 1) == NULL) { #ifdef HAVE_CAPSICUM - cap_rights_init(&rights, CAP_READ); + cap_rights_init(&rights, CAP_READ, CAP_FSTAT); if (caph_rights_limit(fileno(f), &rights) < 0 || caph_enter() < 0) err(1, "capsicum");