| #
e24ff5c9 |
| 27-May-2024 |
Mariusz Zaborski <oshogbo@FreeBSD.org> |
libcapsicum: cache more time zone information
The functions like gmtime(3) expect to cache a GMT time zone. Some
sandboxed programs (like last(1)) use the gmtime(3) function.
In case of last(1), thi
libcapsicum: cache more time zone information
The functions like gmtime(3) expect to cache a GMT time zone. Some
sandboxed programs (like last(1)) use the gmtime(3) function.
In case of last(1), this function fails to load a proper time zone
because it is called after entering the capability mode.
_open () at _open.S:4
0x00000008011bc5a8 in tzloadbody (name=0x8018b9580 "/usr/share/zoneinfo/Etc/UTC", sp=0x801870140,
tzload (name=<optimized out>, sp=0x801870140, doextend=true)
0x00000008011bb8ba in gmtload (sp=0x801870140) at /usr/src/contrib/tzcode/localtime.c:1456
gmtcheck () at /usr/src/contrib/tzcode/localtime.c:1581
0x000000080111f85a in _libc_once (once_control=0x80127c550, init_routine=0x0)
_once (once_control=0x80127c550, init_routine=0x0) at /usr/src/lib/libc/gen/_once_stub.c:63
0x00000008011bb9d0 in gmtime_r (timep=0x7fffffffe3a8, tmp=0x80127c568)
gmtime (timep=timep@entry=0x7fffffffe3a8) at /usr/src/contrib/tzcode/localtime.c:1865
0x0000000001024cd4 in printentry (bp=bp@entry=0x8018b4800, tt=tt@entry=0x80186a0a0)
0x00000000010245ae in doentry (bp=0x8018b4800)
0x00000000010243a7 in main (argc=1, argv=<optimized out>)
This time zone is not loaded by the tzset(3) function. Because of
that, extend the caph_cache_tzdata(3) function to also include the
GMT time zone. There is no other way to cache this data than
calling gmtime(3) once.
MFC after: 5 days
Reviewed by: emaste, markj
Differential Revision: https://reviews.freebsd.org/D45297
show more ...
|
|
Revision tags: release/13.3.0, release/14.0.0 |
|
| #
b3e76948 |
| 16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
Remove $FreeBSD$: two-line .h pattern
Remove /^\s*\*\n \*\s+\$FreeBSD\$$\n/
|
|
Revision tags: release/13.2.0, release/12.4.0, release/13.1.0, release/12.3.0, release/13.0.0, release/12.2.0 |
|
| #
e2515283 |
| 27-Aug-2020 |
Glen Barber <gjb@FreeBSD.org> |
MFH
Sponsored by: Rubicon Communications, LLC (netgate.com)
|
| #
7ec1ec4f |
| 25-Aug-2020 |
Alex Richardson <arichardson@FreeBSD.org> |
Add missing FreeBSD functions to -legacy when building on macOS/Linux
In most cases this simply builds the file from lib/libc for missing
functions (e.g. strlcpy on Linux etc.). In cases where this
Add missing FreeBSD functions to -legacy when building on macOS/Linux
In most cases this simply builds the file from lib/libc for missing
functions (e.g. strlcpy on Linux etc.). In cases where this is not possible
I've added an implementation to tools/build/cross-build.
The fgetln.c/fgetwln.c/closefrom.c compatibility code was obtained from
https://gitlab.freedesktop.org/libbsd/libbsd, but I'm not sure it makes
sense to import it into to contrib just for these three bootstrap files.
Reviewed By: brooks
Differential Revision: https://reviews.freebsd.org/D25978
show more ...
|
|
Revision tags: release/11.4.0 |
|
| #
990beb03 |
| 03-Jan-2020 |
Kyle Evans <kevans@FreeBSD.org> |
capsicum_helpers: split stream cap bits out of caph_limit_stream()
The goal here is to make it so applications can take the rights one would
normally get by calling caph_limit_stream() on a descript
capsicum_helpers: split stream cap bits out of caph_limit_stream()
The goal here is to make it so applications can take the rights one would
normally get by calling caph_limit_stream() on a descriptor and build on
them as needed.
The tentatively planned use-case is an application that takes a socket and
hooks it up to std{err,out,in} for a fork()d child. It may be feasible to
apply limitations to such descriptors as long as it's a superset of those
normally applied to stdio.
Reviewed by: markj, oshobo (prior version; sans manpage addition)
Differential Revision: https://reviews.freebsd.org/D22993
show more ...
|
|
Revision tags: release/12.1.0, release/11.3.0, release/12.0.0 |
|
| #
c06e7b66 |
| 07-Nov-2018 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r340126 through r340212.
|
| #
9e549375 |
| 04-Nov-2018 |
Mariusz Zaborski <oshogbo@FreeBSD.org> |
Fix a recusive call introduce in the r340130.
|
| #
5a453d5f |
| 04-Nov-2018 |
Mariusz Zaborski <oshogbo@FreeBSD.org> |
libcapsicum: Introduce caph_{rights,ioctls,fcntls}_limit
The idea behind those functions is not to force consumers to remember that there
is a need to check errno on failure. We already have a caph_
libcapsicum: Introduce caph_{rights,ioctls,fcntls}_limit
The idea behind those functions is not to force consumers to remember that there
is a need to check errno on failure. We already have a caph_enter(3) function
which does the same for cap_enter(2).
MFC after: 2 weeks
show more ...
|
| #
2da0fcde |
| 01-Jul-2018 |
Mariusz Zaborski <oshogbo@FreeBSD.org> |
With r335636 C++ program use libcasper.h and capsicum_helpers.h.
Add __BEGIN_DECLS and __END_DECLS to those headers.
|
|
Revision tags: release/11.2.0 |
|
| #
cfb13e0a |
| 07-May-2018 |
Mariusz Zaborski <oshogbo@FreeBSD.org> |
Introduce caph_enter and caph_enter_casper.
The caph_enter function should made it easier to sandbox application
and not force us to remember that we need to check errno on failure.
Another function
Introduce caph_enter and caph_enter_casper.
The caph_enter function should made it easier to sandbox application
and not force us to remember that we need to check errno on failure.
Another function is also checking if casper is present.
Reviewed by: emaste, cem (partially)
Differential Revision: https://reviews.freebsd.org/D14557
show more ...
|
| #
c2c014f2 |
| 07-Nov-2017 |
Hans Petter Selasky <hselasky@FreeBSD.org> |
Merge ^/head r323559 through r325504.
|
| #
50896984 |
| 10-Oct-2017 |
Enji Cooper <ngie@FreeBSD.org> |
MFhead@r324482
|
| #
131e8e02 |
| 08-Oct-2017 |
Edward Tomasz Napierala <trasz@FreeBSD.org> |
capsicum_helpers: Add EVENT to default stdio rights set
Without it, calling caph_limit_stdio(3) breaks Irssi.
Reviewed by: oshogbo
MFC after: 2 weeks
Sponsored by: DARPA, AFRL
Differential Revision
capsicum_helpers: Add EVENT to default stdio rights set
Without it, calling caph_limit_stdio(3) breaks Irssi.
Reviewed by: oshogbo
MFC after: 2 weeks
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D12622
show more ...
|
|
Revision tags: release/10.4.0 |
|
| #
d2549a44 |
| 28-Sep-2017 |
Enji Cooper <ngie@FreeBSD.org> |
MFhead@r324075
|
| #
35362d66 |
| 25-Sep-2017 |
Conrad Meyer <cem@FreeBSD.org> |
capsicum_helpers: Add SEEK to default stdio rights set
PR: 219173
Sponsored by: Dell EMC Isilon
|
| #
083c8ded |
| 13-Aug-2017 |
Enji Cooper <ngie@FreeBSD.org> |
MFhead@r322451
|
| #
0275f9db |
| 11-Aug-2017 |
Hans Petter Selasky <hselasky@FreeBSD.org> |
Merge ^/head r321383 through r322397.
|
| #
3e13c1fa |
| 09-Aug-2017 |
Kyle Evans <kevans@FreeBSD.org> |
capsicum_helpers: Add FIODTYPE to default ioctls allowed
FIODTYPE will be needed by hexdump(1) to speed up the -s flag on devices
that should be able to support fseek(3); specifically, in an attempt
capsicum_helpers: Add FIODTYPE to default ioctls allowed
FIODTYPE will be needed by hexdump(1) to speed up the -s flag on devices
that should be able to support fseek(3); specifically, in an attempt to
correct for the fact that most tape drives don't support seeking yet don't
indicate as such when fseeko(3) is invoked. Related: D10939
Reviewed by: cem, emaste, oshogbo
Approved by: emaste (mentor)
Differential Revision: https://reviews.freebsd.org/D10937
show more ...
|
|
Revision tags: release/11.1.0 |
|
| #
3ffd3530 |
| 16-Dec-2016 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r309817 through r310168.
|
| #
6a1c4d1e |
| 16-Dec-2016 |
Conrad Meyer <cem@FreeBSD.org> |
capsicum_helpers: Add LOOKUP flag
Add a helper routine for opening a directory that is restricted to being
used for opening relative files as stdio streams.
I think this will really help basic adap
capsicum_helpers: Add LOOKUP flag
Add a helper routine for opening a directory that is restricted to being
used for opening relative files as stdio streams.
I think this will really help basic adaptation of multi-file programs to
Capsicum. Rather than having each program initialize a rights object and
ioctl/fcntl arrays for their root fd for relative opens, consolidate in the
logical place.
Reviewed by: oshogbo@
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D8743
show more ...
|
| #
4f9d94bf |
| 04-Dec-2016 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r309263 through r309518.
|
| #
103701b1 |
| 01-Dec-2016 |
Conrad Meyer <cem@FreeBSD.org> |
capsicum_helpers: Squash errors from closed fds
Squash EBADF from closed stdin, stdout, or stderr in caph_limit_stdio().
Any program used during special shell scripts may commonly be forked
from a p
capsicum_helpers: Squash errors from closed fds
Squash EBADF from closed stdin, stdout, or stderr in caph_limit_stdio().
Any program used during special shell scripts may commonly be forked
from a parent process with closed standard stream. Do the common sense
thing for this common use.
Reported by: Iblis Lin <iblis AT hs.ntnu.edu.tw>
Reviewed by: oshogbo@ (earlier version)
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D8657
show more ...
|
| #
242b2482 |
| 09-Oct-2016 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r306412 through r306905.
|
| #
059cc323 |
| 04-Oct-2016 |
Mariusz Zaborski <oshogbo@FreeBSD.org> |
libcapsicum: limit stderr
Don't limit stdout twice, instead limit stderr.
Pointed out by: rpokala@
|
| #
7a6e3cf8 |
| 03-Oct-2016 |
Mariusz Zaborski <oshogbo@FreeBSD.org> |
libcapsicum: introduce Capsicum helpers
Capsicum helpers are a set of inline functions which goal is to reduce
duplicated patterns used to Capsicumize applications.
Reviewed by: cem, AllanJude, bap
libcapsicum: introduce Capsicum helpers
Capsicum helpers are a set of inline functions which goal is to reduce
duplicated patterns used to Capsicumize applications.
Reviewed by: cem, AllanJude, bapt, ed, emaste
Differential Revision: https://reviews.freebsd.org/D8013
show more ...
|