From 452ee04d62e22fe923a0b616076715dad0166c98 Mon Sep 17 00:00:00 2001 From: Faraz Vahedi Date: Wed, 6 Aug 2025 17:01:06 +0330 Subject: [PATCH] paste(1): Capsicumise Signed-off-by: Faraz Vahedi Reviewed by: imp, oshogbo Pull Request: https://github.com/freebsd/freebsd-src/pull/1443 --- usr.bin/paste/Makefile | 8 ++++++++ usr.bin/paste/paste.c | 32 +++++++++++++++++++++++++------- 2 files changed, 33 insertions(+), 7 deletions(-) diff --git a/usr.bin/paste/Makefile b/usr.bin/paste/Makefile index e4f9e6d817b..33fcb91db84 100644 --- a/usr.bin/paste/Makefile +++ b/usr.bin/paste/Makefile @@ -1,3 +1,11 @@ +.include + PROG= paste +.if ${MK_CASPER} != "no" && !defined(RESCUE) +LIBADD+= casper +LIBADD+= cap_fileargs +CFLAGS+= -DWITH_CASPER +.endif + .include diff --git a/usr.bin/paste/paste.c b/usr.bin/paste/paste.c index 39e2577200b..cc029e20ea9 100644 --- a/usr.bin/paste/paste.c +++ b/usr.bin/paste/paste.c @@ -34,9 +34,12 @@ #include #include +#include +#include #include #include +#include #include #include #include @@ -45,11 +48,14 @@ #include #include +#include +#include + static wchar_t *delim; static int delimcnt; -static int parallel(char **); -static int sequential(char **); +static int parallel(char **, fileargs_t *); +static int sequential(char **, fileargs_t *); static int tr(wchar_t *); static void usage(void) __dead2; @@ -62,6 +68,8 @@ main(int argc, char *argv[]) wchar_t *warg; const char *arg; size_t len; + fileargs_t *fa; + cap_rights_t rights; setlocale(LC_CTYPE, ""); @@ -99,8 +107,18 @@ main(int argc, char *argv[]) delim = tab; } - rval = seq ? sequential(argv) : parallel(argv); + fa = fileargs_init(argc, argv, O_RDONLY, 0, + cap_rights_init(&rights, CAP_READ, CAP_FSTAT, CAP_FCNTL), FA_OPEN); + if (fa == NULL) + err(1, "unable to open system.fileargs service"); + caph_cache_catpages(); + if (caph_enter_casper() < 0) + err(1, "unable to enter capability mode"); + + rval = seq ? sequential(argv, fa) : parallel(argv, fa); + + fileargs_free(fa); exit(rval); } @@ -114,7 +132,7 @@ typedef struct _list { static STAILQ_HEAD(head, _list) lh; static int -parallel(char **argv) +parallel(char **argv, fileargs_t *fa) { LIST *lp; int cnt; @@ -130,7 +148,7 @@ parallel(char **argv) err(1, NULL); if (p[0] == '-' && !p[1]) lp->fp = stdin; - else if (!(lp->fp = fopen(p, "r"))) + else if (!(lp->fp = fileargs_fopen(fa, p, "r"))) err(1, "%s", p); lp->cnt = cnt; lp->name = p; @@ -181,7 +199,7 @@ parallel(char **argv) } static int -sequential(char **argv) +sequential(char **argv, fileargs_t *fa) { FILE *fp; int cnt, failed, needdelim; @@ -192,7 +210,7 @@ sequential(char **argv) for (; (p = *argv); ++argv) { if (p[0] == '-' && !p[1]) fp = stdin; - else if (!(fp = fopen(p, "r"))) { + else if (!(fp = fileargs_fopen(fa, p, "r"))) { warn("%s", p); failed = 1; continue;