git: dfd52321b7be - main - nl(1): Capsicumise the utility
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 12 Dec 2024 08:27:05 UTC
The branch main has been updated by oshogbo: URL: https://cgit.FreeBSD.org/src/commit/?id=dfd52321b7beba716fa2bdd4f54e57e9ac806e96 commit dfd52321b7beba716fa2bdd4f54e57e9ac806e96 Author: Faraz Vahedi <kfv@kfv.io> AuthorDate: 2024-10-13 20:03:25 +0000 Commit: Mariusz Zaborski <oshogbo@FreeBSD.org> CommitDate: 2024-12-12 08:24:31 +0000 nl(1): Capsicumise the utility Signed-off-by: Faraz Vahedi <kfv@kfv.io> Reviewed by: markj, oshogbo MFC after: 1 week Pull Request: https://github.com/freebsd/freebsd-src/pull/1465 --- usr.bin/nl/nl.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/usr.bin/nl/nl.c b/usr.bin/nl/nl.c index a6a14239f582..573e03e4ad0d 100644 --- a/usr.bin/nl/nl.c +++ b/usr.bin/nl/nl.c @@ -42,6 +42,8 @@ #include <unistd.h> #include <wchar.h> +#include <capsicum_helpers.h> + typedef enum { number_all, /* number all lines */ number_nonempty, /* number non-empty lines */ @@ -244,6 +246,11 @@ main(int argc, char *argv[]) /* NOTREACHED */ } + /* Limit standard descriptors and enter capability mode */ + caph_cache_catpages(); + if (caph_limit_stdio() < 0 || caph_enter() < 0) + err(EXIT_FAILURE, "capsicum"); + /* Generate the delimiter sequence */ memcpy(delim, delim1, delim1len); memcpy(delim + delim1len, delim2, delim2len);