diff options
| author | Kubilay Kocak <koobs@FreeBSD.org> | 2014-12-22 12:08:12 +0000 |
|---|---|---|
| committer | Kubilay Kocak <koobs@FreeBSD.org> | 2014-12-22 12:08:12 +0000 |
| commit | bbd34195944b064b0dbd6b17bc3facf52781dec5 (patch) | |
| tree | 79010b095eebcfd33c0348a7847e270929267c53 /net/ngrep/files/patch-ngrep.c | |
| parent | Update texinfo.tex and texi2dvi to latest release (diff) | |
net/ngrep: Add Capcisum sandboxing support
- Add OPTION and patches for Capsicum support
- Update MAINTAINER
- Add LICENSE (BSD4CLAUSE) and LICENSE_FILE
- Use OPTIONS helpers
- Sort USES/USE section
- Sort OPTIONS_DEFAULT
PR: 195910 (with changes)
Submitted by: logan at elandsys com
Submitted by: feld
Approved by: maintainer (edwin)
Diffstat (limited to 'net/ngrep/files/patch-ngrep.c')
| -rw-r--r-- | net/ngrep/files/patch-ngrep.c | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/net/ngrep/files/patch-ngrep.c b/net/ngrep/files/patch-ngrep.c new file mode 100644 index 000000000000..a3873b51280a --- /dev/null +++ b/net/ngrep/files/patch-ngrep.c @@ -0,0 +1,69 @@ +--- ngrep.c.orig 2006-11-28 17:38:43.000000000 +0400 ++++ ngrep.c 2014-12-12 11:14:13.000000000 +0400 +@@ -97,6 +97,10 @@ + #include "regex-0.12/regex.h" + #endif + ++#ifdef HAVE_CAPSICUM ++#include <sys/capability.h> ++#endif /* HAVE CAPSICUM */ ++ + #include "ngrep.h" + + +@@ -186,6 +190,10 @@ uint32_t ws_row, ws_col = 80, ws_col_for + int main(int argc, char **argv) { + int32_t c; + ++#ifdef HAVE_CAPSICUM ++ cap_rights_t rights; ++#endif /* HAVE_CAPSICUM */ ++ + signal(SIGINT, clean_exit); + signal(SIGABRT, clean_exit); + +@@ -416,6 +424,23 @@ int main(int argc, char **argv) { + clean_exit(-1); + } + ++#ifdef HAVE_CAPSICUM ++ cap_rights_init(&rights, CAP_IOCTL, CAP_READ); ++ if (cap_rights_limit(pcap_fileno(pd), &rights) < 0 && ++ errno != ENOSYS) { ++ fprintf(stderr, "unable to limit pcap descriptor"); ++ clean_exit(-1); ++ } ++ ++ static const unsigned long cmds[] = { BIOCGSTATS }; ++ if (cap_ioctls_limit(pcap_fileno(pd), cmds, ++ sizeof(cmds) / sizeof(cmds[0])) < 0 && errno != ENOSYS) { ++ fprintf(stderr, "unable to limit ioctls on pcap descriptor"); ++ clean_exit(-1); ++ } ++ ++#endif /* HAVE CAPSICUM */ ++ + if (match_data) { + if (bin_match) { + uint32_t i = 0, n; +@@ -603,6 +628,20 @@ int main(int argc, char **argv) { + drop_privs(); + #endif + ++#ifdef HAVE_CAPSICUM ++ cap_rights_init(&rights); ++ ++ if (cap_rights_limit(STDIN_FILENO, &rights) < 0 && errno != ENOSYS) { ++ fprintf(stderr, "can't limit stdin"); ++ clean_exit(-1); ++ } ++ ++ if (cap_enter() < 0 && errno != ENOSYS) { ++ fprintf(stderr, "Can't enter capability mode"); ++ clean_exit(-1); ++ } ++#endif /* HAVE_CAPSICUM */ ++ + while (pcap_loop(pd, 0, (pcap_handler)process, 0)); + + clean_exit(0); |