The functions like gmtime(3) expect to cache a GMT time zone. Some
sandboxed programs (like last(1)) use the gmtime(3) function.
In case of last(1), this function fails to load a proper time zone
because it is called after entering the capability mode.
_open () at _open.S:4
0x00000008011bc5a8 in tzloadbody (name=0x8018b9580 "/usr/share/zoneinfo/Etc/UTC", sp=0x801870140,
tzload (name=<optimized out>, sp=0x801870140, doextend=true)
0x00000008011bb8ba in gmtload (sp=0x801870140) at /usr/src/contrib/tzcode/localtime.c:1456
gmtcheck () at /usr/src/contrib/tzcode/localtime.c:1581
0x000000080111f85a in _libc_once (once_control=0x80127c550, init_routine=0x0)
_once (once_control=0x80127c550, init_routine=0x0) at /usr/src/lib/libc/gen/_once_stub.c:63
0x00000008011bb9d0 in gmtime_r (timep=0x7fffffffe3a8, tmp=0x80127c568)
gmtime (timep=timep@entry=0x7fffffffe3a8) at /usr/src/contrib/tzcode/localtime.c:1865
0x0000000001024cd4 in printentry (bp=bp@entry=0x8018b4800, tt=tt@entry=0x80186a0a0)
0x00000000010245ae in doentry (bp=0x8018b4800)
0x00000000010243a7 in main (argc=1, argv=<optimized out>)
This time zone is not loaded by the tzset(3) function. Because of
that, extend the caph_cache_tzdata(3) function to also include the
GMT time zone. There is no other way to cache this data than
calling gmtime(3) once.
MFC after: 5 days
Reviewed by: emaste, markj
Differential Revision: https://reviews.freebsd.org/D45297
In most cases this simply builds the file from lib/libc for missing
functions (e.g. strlcpy on Linux etc.). In cases where this is not possible
I've added an implementation to tools/build/cross-build.
The fgetln.c/fgetwln.c/closefrom.c compatibility code was obtained from
https://gitlab.freedesktop.org/libbsd/libbsd, but I'm not sure it makes
sense to import it into to contrib just for these three bootstrap files.
Reviewed By: brooks
Differential Revision: https://reviews.freebsd.org/D25978
The goal here is to make it so applications can take the rights one would
normally get by calling caph_limit_stream() on a descriptor and build on
them as needed.
The tentatively planned use-case is an application that takes a socket and
hooks it up to std{err,out,in} for a fork()d child. It may be feasible to
apply limitations to such descriptors as long as it's a superset of those
normally applied to stdio.
Reviewed by: markj, oshobo (prior version; sans manpage addition)
Differential Revision: https://reviews.freebsd.org/D22993
The idea behind those functions is not to force consumers to remember that there
is a need to check errno on failure. We already have a caph_enter(3) function
which does the same for cap_enter(2).
MFC after: 2 weeks
The caph_enter function should made it easier to sandbox application
and not force us to remember that we need to check errno on failure.
Another function is also checking if casper is present.
Reviewed by: emaste, cem (partially)
Differential Revision: https://reviews.freebsd.org/D14557
FIODTYPE will be needed by hexdump(1) to speed up the -s flag on devices
that should be able to support fseek(3); specifically, in an attempt to
correct for the fact that most tape drives don't support seeking yet don't
indicate as such when fseeko(3) is invoked. Related: D10939
Reviewed by: cem, emaste, oshogbo
Approved by: emaste (mentor)
Differential Revision: https://reviews.freebsd.org/D10937
Add a helper routine for opening a directory that is restricted to being
used for opening relative files as stdio streams.
I think this will really help basic adaptation of multi-file programs to
Capsicum. Rather than having each program initialize a rights object and
ioctl/fcntl arrays for their root fd for relative opens, consolidate in the
logical place.
Reviewed by: oshogbo@
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D8743
Squash EBADF from closed stdin, stdout, or stderr in caph_limit_stdio().
Any program used during special shell scripts may commonly be forked
from a parent process with closed standard stream. Do the common sense
thing for this common use.
Reported by: Iblis Lin <iblis AT hs.ntnu.edu.tw>
Reviewed by: oshogbo@ (earlier version)
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D8657
Capsicum helpers are a set of inline functions which goal is to reduce
duplicated patterns used to Capsicumize applications.
Reviewed by: cem, AllanJude, bapt, ed, emaste
Differential Revision: https://reviews.freebsd.org/D8013