# This is a shell archive.  Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file".  Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
#	capsh/
#	capsh/capsh.c
#	capsh/Makefile
#	capsh/URL
#	capsh/capsh.h
#
echo c - capsh/
mkdir -p capsh/ > /dev/null 2>&1
echo x - capsh/capsh.c
sed 's/^X//' >capsh/capsh.c << '8692c6256790861f7e7008268e943fdd'
X/*-
X * Copyright (c) 2012 Sofian Brabez <sbz@FreeBSD.org>
X * All rights reserved.
X *
X * Redistribution and use in source and binary forms, with or without
X * modification, are permitted provided that the following conditions
X * are met:
X * 1. Redistributions of source code must retain the above copyright
X *    notice, this list of conditions and the following disclaimer.
X * 2. Redistributions in binary form must reproduce the above copyright
X *    notice, this list of conditions and the following disclaimer in the
X *    documentation and/or other materials provided with the distribution.
X *
X * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
X * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
X * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
X * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
X * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
X * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
X * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
X * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
X * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
X * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
X * SUCH DAMAGE.
X *
X * $FreeBSD$
X */
X#include <stdio.h>
X#include <stdlib.h>
X#include <string.h>
X#include <unistd.h>
X#include <sysexits.h>
X
X#include "capsh.h"
X
X/* cap_make allow to build ports in sane way*/
Xstatic int
Xcapsh_make_extract() {}
X
Xstatic int
Xcapsh_make() {}
X
Xstatic int
Xcapsh_make_install() {}
X
Xstatic int
Xcapsh_set_mode(struct capsh_mode_t *mode) {
X	/* XXX: set a cap mode {network, file} */
X	return 0;
X}
X
Xstatic int
Xcapsh_verify_mode(struct capsh_mode_t *mode) {
X	/* XXX: verify if mode is existing in modes */
X	return 0;
X}
X
Xint
Xcapsh(const char *prog, struct capsh_mode_t *mode) {
X	/* XXX: cap_new, cap_set, cap_enter, exec, cap_destroy */
X	return 0;
X}
X
Xint
Xusage(void) {
X	fprintf(stderr, "usage: %s [-d <dir>] [-n] [-f] [-F <whitelist>] [-v] [-t] <program>\n", __progname);
X	fprintf(stderr, "capsh is a userland program to sandbox with capsicum the execution of the program passed in argument\n");
X	fprintf(stderr, "-d\t only allow read and write access in this directory");
X	fprintf(stderr, "-n\t allow networking privilege\n");
X	fprintf(stderr, "-h\t this help\n");
X	fprintf(stderr, "-f\t allow file access privilege\n");
X	/* des: use LD_PRELOAD wrapper on open, access, stat syscalls and transfer back the file descriptor if path is in whitelist */
X	fprintf(stderr, "-F\t whitelist file access patch (implies -f)\n");
X	fprintf(stderr, "-t\t testing capscicum availability\n");
X	fprintf(stderr, "-v\t verbose mode\n");
X	/* sbz: implement profiles -p <profile> ? like in sandbox-exec of apple ? */
X	exit(EX_USAGE);
X}
X
Xint
Xmain(int argc, char *argv[]) {
X	int rc=0;
X	struct capsh_mode_t *mode;
X
X	/* XXX: getopt() */
X	if (argc < 2 || (!strncmp(argv[1], "-h", 2))) {
X		usage();
X	}
X
X	rc=capsh_verify_mode(mode);
X	if (rc < 0) {
X		fprintf(stderr, "capsh unknown mode: [%s]", mode->name);
X		exit(rc);
X	}
X
X	rc=capsh(argv, mode);
X	if (rc < 0) {
X		fprintf(stderr, "capsh failed: [%s]\n", argv[0]);
X		exit(rc);
X	}
X
X	exit(EXIT_SUCCESS);
X}
8692c6256790861f7e7008268e943fdd
echo x - capsh/Makefile
sed 's/^X//' >capsh/Makefile << '65d526faed2e613fe68bb88c1d6c19c3'
XPROG?=	capsh
XSRCS=	capsh.c
XMAN=	capsh.8
XLADD=	-lc
X
X.include <bsd.prog.mk>
65d526faed2e613fe68bb88c1d6c19c3
echo x - capsh/URL
sed 's/^X//' >capsh/URL << '7dd63a05db15cc4c81a12273878184e1'
Xhttp://code.google.com/p/capsicum-core/
Xhttps://github.com/trombonehero/capsh
Xhttps://github.com/trombonehero/capsicum
Xhttps://github.com/trombonehero/libcapsicum
Xhttps://github.com/kibab/freebsd-capsicum
Xhttp://p4db.freebsd.org/depotTreeBrowser.cgi?FSPC=//depot/projects/trustedbsd/capabilities&HIDEDEL=NO
Xhttp://p4db.freebsd.org/depotTreeBrowser.cgi?FSPC=//depot/user/pjd/capsicum&HIDEDEL=NO
Xhttp://p4db.freebsd.org/depotTreeBrowser.cgi?FSPC=//depot/projects/trustedbsd/capabilities/cap-support&HIDEDEL=NO
X
Xhttp://opensource.apple.com/source/Security/Security-55163.44/sec/
X
Xproject-like:
X
Xrsbac-jail http://books.rsbac.org/unstable/r3873.html
Xsandbox-exec 
X
Xref:
Xhttp://www.kernelthread.com/publications/security/sandboxing.html
7dd63a05db15cc4c81a12273878184e1
echo x - capsh/capsh.h
sed 's/^X//' >capsh/capsh.h << '3f3d80ba366c60edc7601d67a9e2c3dc'
X/*-
X * Copyright (c) 2012 Sofian Brabez <sbz@FreeBSD.org>
X * All rights reserved.
X *
X * Redistribution and use in source and binary forms, with or without
X * modification, are permitted provided that the following conditions
X * are met:
X * 1. Redistributions of source code must retain the above copyright
X *    notice, this list of conditions and the following disclaimer.
X * 2. Redistributions in binary form must reproduce the above copyright
X *    notice, this list of conditions and the following disclaimer in the
X *    documentation and/or other materials provided with the distribution.
X *
X * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
X * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
X * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
X * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
X * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
X * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
X * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
X * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
X * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
X * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
X * SUCH DAMAGE.
X *
X * $FreeBSD$
X */
X#ifndef _CAPSH_H
X#define _CAPSH_H
X
Xextern char* __progname;
X
Xstruct capsh_mode_t {
X	const char *name;
X};
X
X#endif
3f3d80ba366c60edc7601d67a9e2c3dc
exit