svn commit: r253457 - head/usr.bin/uniq

Pawel Jakub Dawidek pjd at FreeBSD.org
Wed Jul 24 19:08:45 UTC 2013 

On Wed, Jul 24, 2013 at 02:53:32PM +0200, Ulrich Spörlein wrote:
> On Thu, 2013-07-18 at 22:11:27 +0000, Pawel Jakub Dawidek wrote:
> > Author: pjd
> > Date: Thu Jul 18 22:11:27 2013
> > New Revision: 253457
> > URL: http://svnweb.freebsd.org/changeset/base/253457
> > 
> > Log:
> >   Close uniq(1) in the capability mode sandbox and limit descriptors using
> >   capability rights.
> > 
> > Modified:
> >   head/usr.bin/uniq/uniq.c
> > 
> > Modified: head/usr.bin/uniq/uniq.c
> > ==============================================================================
> > --- head/usr.bin/uniq/uniq.c	Thu Jul 18 21:56:10 2013	(r253456)
> > +++ head/usr.bin/uniq/uniq.c	Thu Jul 18 22:11:27 2013	(r253457)
> > @@ -128,8 +145,34 @@ main (int argc, char *argv[])
> >  	ofp = stdout;
> >  	if (argc > 0 && strcmp(argv[0], "-") != 0)
> >  		ifp = file(ifn = argv[0], "r");
> > +	if (cap_rights_limit(fileno(ifp), CAP_FSTAT | CAP_READ) < 0 &&
> > +	    errno != ENOSYS) {
> > +		err(1, "unable to limit rights for %s", ifn);
> > +	}
> > +	rights = CAP_FSTAT | CAP_WRITE;
> >  	if (argc > 1)
> >  		ofp = file(argv[1], "w");
> > +	else
> > +		rights |= CAP_IOCTL;
> > +	if (cap_rights_limit(fileno(ofp), rights) < 0 && errno != ENOSYS) {
> > +		err(1, "unable to limit rights for %s",
> > +		    argc > 1 ? argv[1] : "stdout");
> > +	}
> > +	if ((rights & CAP_IOCTL) != 0) {
> > +		unsigned long cmd;
> > +
> > +		cmd = TIOCGETA; /* required by isatty(3) in printf(3) */
> > +
> > +		if (cap_ioctls_limit(fileno(ofp), &cmd, 1) < 0 &&
> > +		    errno != ENOSYS) {
> > +			err(1, "unable to limit ioctls for %s",
> > +			    argc > 1 ? argv[1] : "stdout");
> > +		}
> > +	}
> 
> Deadcode, found by Coverity Scan, CID 1054780 (please mention in your
> fix-commit). You check for argc > 1 at line 153, only if that is false
> (meaning argc==1) do you set CAP_IOCTL. So on line 169 argc cannot be >1
> and the result is always "stdout".

Interesting. I was aware of this, but left this err() call for
consistency in case the condition changes in the future.

-- 
Pawel Jakub Dawidek                       http://www.wheelsystems.com
FreeBSD committer                         http://www.FreeBSD.org
Am I Evil? Yes, I Am!                     http://mobter.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/svn-src-head/attachments/20130724/0cfdaa81/attachment.sig>

More information about the svn-src-head mailing list