1 /*- 2 * Copyright (c) 2014 Baptiste Daroussin <bapt@FreeBSD.org> 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer 10 * in this position and unchanged. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR 16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, 19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 */ 26 27 #include <sys/cdefs.h> 28 __FBSDID("$FreeBSD$"); 29 30 #include <sys/capsicum.h> 31 #include <sys/types.h> 32 33 #include <ctype.h> 34 #include <err.h> 35 #include <errno.h> 36 #include <fcntl.h> 37 #include <limits.h> 38 #include <stdio.h> 39 #include <stdlib.h> 40 #include <string.h> 41 #include <stringlist.h> 42 #include <termios.h> 43 #include <unistd.h> 44 45 #define C_OPTION 0x1 46 47 static StringList *includes; 48 49 static void 50 usage(void) 51 { 52 53 fprintf(stderr, "usage: soelim [-Crtv] [-I dir] [files]\n"); 54 55 exit(EXIT_FAILURE); 56 } 57 58 static const char * 59 relpath(const char *path) 60 { 61 62 while (*path == '/' && *path != '\0') 63 path++; 64 65 return (path); 66 } 67 68 static FILE * 69 soelim_fopen(int rootfd, const char *name) 70 { 71 char path[PATH_MAX]; 72 size_t i; 73 int fd; 74 75 if (strcmp(name, "-") == 0) 76 return (stdin); 77 78 if ((fd = openat(rootfd, relpath(name), O_RDONLY)) != -1) 79 return (fdopen(fd, "r")); 80 81 if (*name == '/') { 82 warn("can't open '%s'", name); 83 return (NULL); 84 } 85 86 for (i = 0; i < includes->sl_cur; i++) { 87 snprintf(path, sizeof(path), "%s/%s", includes->sl_str[i], 88 name); 89 if ((fd = openat(rootfd, relpath(path), O_RDONLY)) != -1) 90 return (fdopen(fd, "r")); 91 } 92 93 warn("can't open '%s'", name); 94 95 return (NULL); 96 } 97 98 static int 99 soelim_file(int rootfd, FILE *f, int flag) 100 { 101 char *line = NULL; 102 char *walk, *cp; 103 size_t linecap = 0; 104 ssize_t linelen; 105 106 if (f == NULL) 107 return (1); 108 109 while ((linelen = getline(&line, &linecap, f)) > 0) { 110 if (strncmp(line, ".so", 3) != 0) { 111 printf("%s", line); 112 continue; 113 } 114 115 walk = line + 3; 116 if (!isspace(*walk) && ((flag & C_OPTION) == 0)) { 117 printf("%s", line); 118 continue; 119 } 120 121 while (isspace(*walk)) 122 walk++; 123 124 cp = walk; 125 while (*cp != '\0' && !isspace(*cp)) 126 cp++; 127 *cp = 0; 128 if (cp < line + linelen) 129 cp++; 130 131 if (*walk == '\0') { 132 printf("%s", line); 133 continue; 134 } 135 if (soelim_file(rootfd, soelim_fopen(rootfd, walk), flag) == 1) { 136 free(line); 137 return (1); 138 } 139 if (*cp != '\0') 140 printf("%s", cp); 141 } 142 143 free(line); 144 fclose(f); 145 146 return (0); 147 } 148 149 int 150 main(int argc, char **argv) 151 { 152 int ch, i, rootfd; 153 int ret = 0; 154 int flags = 0; 155 unsigned long cmd; 156 char cwd[MAXPATHLEN]; 157 cap_rights_t rights; 158 159 includes = sl_init(); 160 sl_add(includes, getcwd(cwd, sizeof(cwd))); 161 if (includes == NULL) 162 err(EXIT_FAILURE, "sl_init()"); 163 164 while ((ch = getopt(argc, argv, "CrtvI:")) != -1) { 165 switch (ch) { 166 case 'C': 167 flags |= C_OPTION; 168 break; 169 case 'r': 170 case 'v': 171 case 't': 172 /* stub compatibility with groff's soelim */ 173 break; 174 case 'I': 175 sl_add(includes, optarg); 176 break; 177 default: 178 sl_free(includes, 0); 179 usage(); 180 } 181 } 182 183 argc -= optind; 184 argv += optind; 185 186 cap_rights_init(&rights, CAP_READ, CAP_FSTAT, CAP_IOCTL); 187 /* 188 * EBADF in case stdin is closed by the caller 189 */ 190 if (cap_rights_limit(STDIN_FILENO, &rights) < 0 && errno != ENOSYS 191 && errno != EBADF) 192 err(EXIT_FAILURE, "unable to limit rights for stdin"); 193 cap_rights_init(&rights, CAP_WRITE, CAP_FSTAT, CAP_IOCTL); 194 if (cap_rights_limit(STDOUT_FILENO, &rights) < 0 && errno != ENOSYS) 195 err(EXIT_FAILURE, "unable to limit rights for stdout"); 196 if (cap_rights_limit(STDERR_FILENO, &rights) < 0 && errno != ENOSYS) 197 err(EXIT_FAILURE, "unable to limit rights for stderr"); 198 rootfd = open("/", O_DIRECTORY | O_RDONLY); 199 cap_rights_init(&rights, CAP_READ, CAP_LOOKUP, CAP_FSTAT, CAP_FCNTL); 200 if (cap_rights_limit(rootfd, &rights) < 0 && errno != ENOSYS) 201 err(EXIT_FAILURE, "unable to limit rights"); 202 203 cmd = TIOCGETA; 204 if (cap_ioctls_limit(STDOUT_FILENO, &cmd, 1) < 0 && errno != ENOSYS) 205 err(EXIT_FAILURE, "unable to limit ioctls for stdout"); 206 if (cap_ioctls_limit(STDERR_FILENO, &cmd, 1) < 0 && errno != ENOSYS) 207 err(EXIT_FAILURE, "unable to limit ioctls for stderr"); 208 if (cap_ioctls_limit(STDIN_FILENO, &cmd, 1) < 0 && errno != ENOSYS) 209 err(EXIT_FAILURE, "unable to limit ioctls for stdin"); 210 211 if (cap_enter() < 0 && errno != ENOSYS) 212 err(EXIT_FAILURE, "unable to enter capability mode"); 213 214 if (argc == 0) 215 ret = soelim_file(rootfd, stdin, flags); 216 217 for (i = 0; i < argc; i++) 218 ret = soelim_file(rootfd, soelim_fopen(rootfd, argv[i]), flags); 219 220 sl_free(includes, 0); 221 close(rootfd); 222 223 return (ret); 224 } 225